diff options
Diffstat (limited to 'src/ssl/test/test_config.cc')
-rw-r--r-- | src/ssl/test/test_config.cc | 449 |
1 files changed, 219 insertions, 230 deletions
diff --git a/src/ssl/test/test_config.cc b/src/ssl/test/test_config.cc index 70e061b0..bd32ce9d 100644 --- a/src/ssl/test/test_config.cc +++ b/src/ssl/test/test_config.cc @@ -51,181 +51,181 @@ T *FindField(TestConfig *config, const Flag<T> (&flags)[N], const char *flag) { } const Flag<bool> kBoolFlags[] = { - { "-server", &TestConfig::is_server }, - { "-dtls", &TestConfig::is_dtls }, - { "-fallback-scsv", &TestConfig::fallback_scsv }, - { "-require-any-client-certificate", - &TestConfig::require_any_client_certificate }, - { "-false-start", &TestConfig::false_start }, - { "-async", &TestConfig::async }, - { "-write-different-record-sizes", - &TestConfig::write_different_record_sizes }, - { "-cbc-record-splitting", &TestConfig::cbc_record_splitting }, - { "-partial-write", &TestConfig::partial_write }, - { "-no-tls13", &TestConfig::no_tls13 }, - { "-no-tls12", &TestConfig::no_tls12 }, - { "-no-tls11", &TestConfig::no_tls11 }, - { "-no-tls1", &TestConfig::no_tls1 }, - { "-no-ticket", &TestConfig::no_ticket }, - { "-enable-channel-id", &TestConfig::enable_channel_id }, - { "-shim-writes-first", &TestConfig::shim_writes_first }, - { "-expect-session-miss", &TestConfig::expect_session_miss }, - { "-decline-alpn", &TestConfig::decline_alpn }, - { "-select-empty-alpn", &TestConfig::select_empty_alpn }, - { "-expect-extended-master-secret", - &TestConfig::expect_extended_master_secret }, - { "-enable-ocsp-stapling", &TestConfig::enable_ocsp_stapling }, - { "-enable-signed-cert-timestamps", - &TestConfig::enable_signed_cert_timestamps }, - { "-implicit-handshake", &TestConfig::implicit_handshake }, - { "-use-early-callback", &TestConfig::use_early_callback }, - { "-fail-early-callback", &TestConfig::fail_early_callback }, - { "-install-ddos-callback", &TestConfig::install_ddos_callback }, - { "-fail-ddos-callback", &TestConfig::fail_ddos_callback }, - { "-fail-cert-callback", &TestConfig::fail_cert_callback }, - { "-handshake-never-done", &TestConfig::handshake_never_done }, - { "-use-export-context", &TestConfig::use_export_context }, - { "-tls-unique", &TestConfig::tls_unique }, - { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal }, - { "-expect-no-session", &TestConfig::expect_no_session }, - { "-expect-ticket-supports-early-data", - &TestConfig::expect_ticket_supports_early_data }, - { "-use-ticket-callback", &TestConfig::use_ticket_callback }, - { "-renew-ticket", &TestConfig::renew_ticket }, - { "-enable-early-data", &TestConfig::enable_early_data }, - { "-check-close-notify", &TestConfig::check_close_notify }, - { "-shim-shuts-down", &TestConfig::shim_shuts_down }, - { "-verify-fail", &TestConfig::verify_fail }, - { "-verify-peer", &TestConfig::verify_peer }, - { "-verify-peer-if-no-obc", &TestConfig::verify_peer_if_no_obc }, - { "-expect-verify-result", &TestConfig::expect_verify_result }, - { "-renegotiate-once", &TestConfig::renegotiate_once }, - { "-renegotiate-freely", &TestConfig::renegotiate_freely }, - { "-renegotiate-ignore", &TestConfig::renegotiate_ignore }, - { "-forbid-renegotiation-after-handshake", - &TestConfig::forbid_renegotiation_after_handshake }, - { "-enable-all-curves", &TestConfig::enable_all_curves }, - { "-use-old-client-cert-callback", - &TestConfig::use_old_client_cert_callback }, - { "-send-alert", &TestConfig::send_alert }, - { "-peek-then-read", &TestConfig::peek_then_read }, - { "-enable-grease", &TestConfig::enable_grease }, - { "-use-exporter-between-reads", &TestConfig::use_exporter_between_reads }, - { "-retain-only-sha256-client-cert", - &TestConfig::retain_only_sha256_client_cert }, - { "-expect-sha256-client-cert", - &TestConfig::expect_sha256_client_cert }, - { "-read-with-unfinished-write", &TestConfig::read_with_unfinished_write }, - { "-expect-secure-renegotiation", - &TestConfig::expect_secure_renegotiation }, - { "-expect-no-secure-renegotiation", - &TestConfig::expect_no_secure_renegotiation }, - { "-expect-session-id", &TestConfig::expect_session_id }, - { "-expect-no-session-id", &TestConfig::expect_no_session_id }, - { "-expect-accept-early-data", &TestConfig::expect_accept_early_data }, - { "-expect-reject-early-data", &TestConfig::expect_reject_early_data }, - { "-expect-no-offer-early-data", &TestConfig::expect_no_offer_early_data }, - { "-no-op-extra-handshake", &TestConfig::no_op_extra_handshake }, - { "-handshake-twice", &TestConfig::handshake_twice }, - { "-allow-unknown-alpn-protos", &TestConfig::allow_unknown_alpn_protos }, - { "-enable-ed25519", &TestConfig::enable_ed25519 }, - { "-use-custom-verify-callback", &TestConfig::use_custom_verify_callback }, - { "-allow-false-start-without-alpn", - &TestConfig::allow_false_start_without_alpn }, - { "-ignore-tls13-downgrade", &TestConfig::ignore_tls13_downgrade }, - { "-expect-tls13-downgrade", &TestConfig::expect_tls13_downgrade }, - { "-handoff", &TestConfig::handoff }, - { "-no-rsa-pss-rsae-certs", &TestConfig::no_rsa_pss_rsae_certs }, - { "-use-ocsp-callback", &TestConfig::use_ocsp_callback }, - { "-set-ocsp-in-callback", &TestConfig::set_ocsp_in_callback }, - { "-decline-ocsp-callback", &TestConfig::decline_ocsp_callback }, - { "-fail-ocsp-callback", &TestConfig::fail_ocsp_callback }, - { "-install-cert-compression-algs", - &TestConfig::install_cert_compression_algs }, - { "-is-handshaker-supported", &TestConfig::is_handshaker_supported }, - { "-handshaker-resume", &TestConfig::handshaker_resume }, - { "-reverify-on-resume", &TestConfig::reverify_on_resume }, - { "-enforce-rsa-key-usage", &TestConfig::enforce_rsa_key_usage }, - { "-jdk11-workaround", &TestConfig::jdk11_workaround }, - { "-server-preference", &TestConfig::server_preference }, - { "-export-traffic-secrets", &TestConfig::export_traffic_secrets }, - { "-key-update", &TestConfig::key_update }, + {"-server", &TestConfig::is_server}, + {"-dtls", &TestConfig::is_dtls}, + {"-fallback-scsv", &TestConfig::fallback_scsv}, + {"-require-any-client-certificate", + &TestConfig::require_any_client_certificate}, + {"-false-start", &TestConfig::false_start}, + {"-async", &TestConfig::async}, + {"-write-different-record-sizes", + &TestConfig::write_different_record_sizes}, + {"-cbc-record-splitting", &TestConfig::cbc_record_splitting}, + {"-partial-write", &TestConfig::partial_write}, + {"-no-tls13", &TestConfig::no_tls13}, + {"-no-tls12", &TestConfig::no_tls12}, + {"-no-tls11", &TestConfig::no_tls11}, + {"-no-tls1", &TestConfig::no_tls1}, + {"-no-ticket", &TestConfig::no_ticket}, + {"-enable-channel-id", &TestConfig::enable_channel_id}, + {"-shim-writes-first", &TestConfig::shim_writes_first}, + {"-expect-session-miss", &TestConfig::expect_session_miss}, + {"-decline-alpn", &TestConfig::decline_alpn}, + {"-select-empty-alpn", &TestConfig::select_empty_alpn}, + {"-expect-extended-master-secret", + &TestConfig::expect_extended_master_secret}, + {"-enable-ocsp-stapling", &TestConfig::enable_ocsp_stapling}, + {"-enable-signed-cert-timestamps", + &TestConfig::enable_signed_cert_timestamps}, + {"-implicit-handshake", &TestConfig::implicit_handshake}, + {"-use-early-callback", &TestConfig::use_early_callback}, + {"-fail-early-callback", &TestConfig::fail_early_callback}, + {"-install-ddos-callback", &TestConfig::install_ddos_callback}, + {"-fail-ddos-callback", &TestConfig::fail_ddos_callback}, + {"-fail-cert-callback", &TestConfig::fail_cert_callback}, + {"-handshake-never-done", &TestConfig::handshake_never_done}, + {"-use-export-context", &TestConfig::use_export_context}, + {"-tls-unique", &TestConfig::tls_unique}, + {"-expect-ticket-renewal", &TestConfig::expect_ticket_renewal}, + {"-expect-no-session", &TestConfig::expect_no_session}, + {"-expect-ticket-supports-early-data", + &TestConfig::expect_ticket_supports_early_data}, + {"-use-ticket-callback", &TestConfig::use_ticket_callback}, + {"-renew-ticket", &TestConfig::renew_ticket}, + {"-enable-early-data", &TestConfig::enable_early_data}, + {"-check-close-notify", &TestConfig::check_close_notify}, + {"-shim-shuts-down", &TestConfig::shim_shuts_down}, + {"-verify-fail", &TestConfig::verify_fail}, + {"-verify-peer", &TestConfig::verify_peer}, + {"-verify-peer-if-no-obc", &TestConfig::verify_peer_if_no_obc}, + {"-expect-verify-result", &TestConfig::expect_verify_result}, + {"-renegotiate-once", &TestConfig::renegotiate_once}, + {"-renegotiate-freely", &TestConfig::renegotiate_freely}, + {"-renegotiate-ignore", &TestConfig::renegotiate_ignore}, + {"-forbid-renegotiation-after-handshake", + &TestConfig::forbid_renegotiation_after_handshake}, + {"-enable-all-curves", &TestConfig::enable_all_curves}, + {"-use-old-client-cert-callback", + &TestConfig::use_old_client_cert_callback}, + {"-send-alert", &TestConfig::send_alert}, + {"-peek-then-read", &TestConfig::peek_then_read}, + {"-enable-grease", &TestConfig::enable_grease}, + {"-use-exporter-between-reads", &TestConfig::use_exporter_between_reads}, + {"-retain-only-sha256-client-cert", + &TestConfig::retain_only_sha256_client_cert}, + {"-expect-sha256-client-cert", &TestConfig::expect_sha256_client_cert}, + {"-read-with-unfinished-write", &TestConfig::read_with_unfinished_write}, + {"-expect-secure-renegotiation", &TestConfig::expect_secure_renegotiation}, + {"-expect-no-secure-renegotiation", + &TestConfig::expect_no_secure_renegotiation}, + {"-expect-session-id", &TestConfig::expect_session_id}, + {"-expect-no-session-id", &TestConfig::expect_no_session_id}, + {"-expect-accept-early-data", &TestConfig::expect_accept_early_data}, + {"-expect-reject-early-data", &TestConfig::expect_reject_early_data}, + {"-expect-no-offer-early-data", &TestConfig::expect_no_offer_early_data}, + {"-no-op-extra-handshake", &TestConfig::no_op_extra_handshake}, + {"-handshake-twice", &TestConfig::handshake_twice}, + {"-allow-unknown-alpn-protos", &TestConfig::allow_unknown_alpn_protos}, + {"-enable-ed25519", &TestConfig::enable_ed25519}, + {"-use-custom-verify-callback", &TestConfig::use_custom_verify_callback}, + {"-allow-false-start-without-alpn", + &TestConfig::allow_false_start_without_alpn}, + {"-ignore-tls13-downgrade", &TestConfig::ignore_tls13_downgrade}, + {"-expect-tls13-downgrade", &TestConfig::expect_tls13_downgrade}, + {"-handoff", &TestConfig::handoff}, + {"-no-rsa-pss-rsae-certs", &TestConfig::no_rsa_pss_rsae_certs}, + {"-use-ocsp-callback", &TestConfig::use_ocsp_callback}, + {"-set-ocsp-in-callback", &TestConfig::set_ocsp_in_callback}, + {"-decline-ocsp-callback", &TestConfig::decline_ocsp_callback}, + {"-fail-ocsp-callback", &TestConfig::fail_ocsp_callback}, + {"-install-cert-compression-algs", + &TestConfig::install_cert_compression_algs}, + {"-is-handshaker-supported", &TestConfig::is_handshaker_supported}, + {"-handshaker-resume", &TestConfig::handshaker_resume}, + {"-reverify-on-resume", &TestConfig::reverify_on_resume}, + {"-enforce-rsa-key-usage", &TestConfig::enforce_rsa_key_usage}, + {"-jdk11-workaround", &TestConfig::jdk11_workaround}, + {"-server-preference", &TestConfig::server_preference}, + {"-export-traffic-secrets", &TestConfig::export_traffic_secrets}, + {"-key-update", &TestConfig::key_update}, + {"-expect-delegated-credential-used", + &TestConfig::expect_delegated_credential_used}, + {"-enable-pq-experiment-signal", &TestConfig::enable_pq_experiment_signal}, + {"-expect-pq-experiment-signal", &TestConfig::expect_pq_experiment_signal}, }; const Flag<std::string> kStringFlags[] = { - { "-write-settings", &TestConfig::write_settings }, - { "-key-file", &TestConfig::key_file }, - { "-cert-file", &TestConfig::cert_file }, - { "-expect-server-name", &TestConfig::expected_server_name }, - { "-advertise-npn", &TestConfig::advertise_npn }, - { "-expect-next-proto", &TestConfig::expected_next_proto }, - { "-select-next-proto", &TestConfig::select_next_proto }, - { "-send-channel-id", &TestConfig::send_channel_id }, - { "-host-name", &TestConfig::host_name }, - { "-advertise-alpn", &TestConfig::advertise_alpn }, - { "-expect-alpn", &TestConfig::expected_alpn }, - { "-expect-late-alpn", &TestConfig::expected_late_alpn }, - { "-expect-advertised-alpn", &TestConfig::expected_advertised_alpn }, - { "-select-alpn", &TestConfig::select_alpn }, - { "-psk", &TestConfig::psk }, - { "-psk-identity", &TestConfig::psk_identity }, - { "-srtp-profiles", &TestConfig::srtp_profiles }, - { "-cipher", &TestConfig::cipher }, - { "-export-label", &TestConfig::export_label }, - { "-export-context", &TestConfig::export_context }, - { "-expect-peer-cert-file", &TestConfig::expect_peer_cert_file }, - { "-use-client-ca-list", &TestConfig::use_client_ca_list }, - { "-expect-client-ca-list", &TestConfig::expected_client_ca_list }, - { "-expect-msg-callback", &TestConfig::expect_msg_callback }, - { "-handshaker-path", &TestConfig::handshaker_path }, - { "-delegated-credential", &TestConfig::delegated_credential }, + {"-write-settings", &TestConfig::write_settings}, + {"-key-file", &TestConfig::key_file}, + {"-cert-file", &TestConfig::cert_file}, + {"-expect-server-name", &TestConfig::expect_server_name}, + {"-advertise-npn", &TestConfig::advertise_npn}, + {"-expect-next-proto", &TestConfig::expect_next_proto}, + {"-select-next-proto", &TestConfig::select_next_proto}, + {"-send-channel-id", &TestConfig::send_channel_id}, + {"-host-name", &TestConfig::host_name}, + {"-advertise-alpn", &TestConfig::advertise_alpn}, + {"-expect-alpn", &TestConfig::expect_alpn}, + {"-expect-late-alpn", &TestConfig::expect_late_alpn}, + {"-expect-advertised-alpn", &TestConfig::expect_advertised_alpn}, + {"-select-alpn", &TestConfig::select_alpn}, + {"-psk", &TestConfig::psk}, + {"-psk-identity", &TestConfig::psk_identity}, + {"-srtp-profiles", &TestConfig::srtp_profiles}, + {"-cipher", &TestConfig::cipher}, + {"-export-label", &TestConfig::export_label}, + {"-export-context", &TestConfig::export_context}, + {"-expect-peer-cert-file", &TestConfig::expect_peer_cert_file}, + {"-use-client-ca-list", &TestConfig::use_client_ca_list}, + {"-expect-client-ca-list", &TestConfig::expect_client_ca_list}, + {"-expect-msg-callback", &TestConfig::expect_msg_callback}, + {"-handshaker-path", &TestConfig::handshaker_path}, + {"-delegated-credential", &TestConfig::delegated_credential}, + {"-expect-early-data-reason", &TestConfig::expect_early_data_reason}, }; const Flag<std::string> kBase64Flags[] = { - { "-expect-certificate-types", &TestConfig::expected_certificate_types }, - { "-expect-channel-id", &TestConfig::expected_channel_id }, - { "-token-binding-params", &TestConfig::send_token_binding_params }, - { "-expect-ocsp-response", &TestConfig::expected_ocsp_response }, - { "-expect-signed-cert-timestamps", - &TestConfig::expected_signed_cert_timestamps }, - { "-ocsp-response", &TestConfig::ocsp_response }, - { "-signed-cert-timestamps", &TestConfig::signed_cert_timestamps }, - { "-ticket-key", &TestConfig::ticket_key }, - { "-quic-transport-params", &TestConfig::quic_transport_params }, - { "-expected-quic-transport-params", - &TestConfig::expected_quic_transport_params }, + {"-expect-certificate-types", &TestConfig::expect_certificate_types}, + {"-expect-channel-id", &TestConfig::expect_channel_id}, + {"-token-binding-params", &TestConfig::send_token_binding_params}, + {"-expect-ocsp-response", &TestConfig::expect_ocsp_response}, + {"-expect-signed-cert-timestamps", + &TestConfig::expect_signed_cert_timestamps}, + {"-ocsp-response", &TestConfig::ocsp_response}, + {"-signed-cert-timestamps", &TestConfig::signed_cert_timestamps}, + {"-ticket-key", &TestConfig::ticket_key}, + {"-quic-transport-params", &TestConfig::quic_transport_params}, + {"-expect-quic-transport-params", + &TestConfig::expect_quic_transport_params}, }; const Flag<int> kIntFlags[] = { - { "-port", &TestConfig::port }, - { "-resume-count", &TestConfig::resume_count }, - { "-expected-token-binding-param", - &TestConfig::expected_token_binding_param }, - { "-min-version", &TestConfig::min_version }, - { "-max-version", &TestConfig::max_version }, - { "-expect-version", &TestConfig::expect_version }, - { "-mtu", &TestConfig::mtu }, - { "-export-early-keying-material", - &TestConfig::export_early_keying_material }, - { "-export-keying-material", &TestConfig::export_keying_material }, - { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations }, - { "-expect-peer-signature-algorithm", - &TestConfig::expect_peer_signature_algorithm }, - { "-expect-curve-id", &TestConfig::expect_curve_id }, - { "-initial-timeout-duration-ms", &TestConfig::initial_timeout_duration_ms }, - { "-max-cert-list", &TestConfig::max_cert_list }, - { "-expect-cipher-aes", &TestConfig::expect_cipher_aes }, - { "-expect-cipher-no-aes", &TestConfig::expect_cipher_no_aes }, - { "-resumption-delay", &TestConfig::resumption_delay }, - { "-max-send-fragment", &TestConfig::max_send_fragment }, - { "-read-size", &TestConfig::read_size }, - { "-expect-ticket-age-skew", &TestConfig::expect_ticket_age_skew }, + {"-port", &TestConfig::port}, + {"-resume-count", &TestConfig::resume_count}, + {"-expect-token-binding-param", &TestConfig::expect_token_binding_param}, + {"-min-version", &TestConfig::min_version}, + {"-max-version", &TestConfig::max_version}, + {"-expect-version", &TestConfig::expect_version}, + {"-mtu", &TestConfig::mtu}, + {"-export-keying-material", &TestConfig::export_keying_material}, + {"-expect-total-renegotiations", &TestConfig::expect_total_renegotiations}, + {"-expect-peer-signature-algorithm", + &TestConfig::expect_peer_signature_algorithm}, + {"-expect-curve-id", &TestConfig::expect_curve_id}, + {"-initial-timeout-duration-ms", &TestConfig::initial_timeout_duration_ms}, + {"-max-cert-list", &TestConfig::max_cert_list}, + {"-expect-cipher-aes", &TestConfig::expect_cipher_aes}, + {"-expect-cipher-no-aes", &TestConfig::expect_cipher_no_aes}, + {"-resumption-delay", &TestConfig::resumption_delay}, + {"-max-send-fragment", &TestConfig::max_send_fragment}, + {"-read-size", &TestConfig::read_size}, + {"-expect-ticket-age-skew", &TestConfig::expect_ticket_age_skew}, }; const Flag<std::vector<int>> kIntVectorFlags[] = { {"-signing-prefs", &TestConfig::signing_prefs}, {"-verify-prefs", &TestConfig::verify_prefs}, - {"-expect-peer-verify-pref", &TestConfig::expected_peer_verify_prefs}, + {"-expect-peer-verify-pref", &TestConfig::expect_peer_verify_prefs}, {"-curves", &TestConfig::curves}, }; @@ -243,7 +243,7 @@ bool ParseFlag(char *flag, int argc, char **argv, int *i, if (string_field != NULL) { *i = *i + 1; if (*i >= argc) { - fprintf(stderr, "Missing parameter\n"); + fprintf(stderr, "Missing parameter.\n"); return false; } if (!skip) { @@ -256,19 +256,19 @@ bool ParseFlag(char *flag, int argc, char **argv, int *i, if (base64_field != NULL) { *i = *i + 1; if (*i >= argc) { - fprintf(stderr, "Missing parameter\n"); + fprintf(stderr, "Missing parameter.\n"); return false; } size_t len; if (!EVP_DecodedLength(&len, strlen(argv[*i]))) { - fprintf(stderr, "Invalid base64: %s\n", argv[*i]); + fprintf(stderr, "Invalid base64: %s.\n", argv[*i]); return false; } std::unique_ptr<uint8_t[]> decoded(new uint8_t[len]); if (!EVP_DecodeBase64(decoded.get(), &len, len, reinterpret_cast<const uint8_t *>(argv[*i]), strlen(argv[*i]))) { - fprintf(stderr, "Invalid base64: %s\n", argv[*i]); + fprintf(stderr, "Invalid base64: %s.\n", argv[*i]); return false; } if (!skip) { @@ -282,7 +282,7 @@ bool ParseFlag(char *flag, int argc, char **argv, int *i, if (int_field) { *i = *i + 1; if (*i >= argc) { - fprintf(stderr, "Missing parameter\n"); + fprintf(stderr, "Missing parameter.\n"); return false; } if (!skip) { @@ -296,7 +296,7 @@ bool ParseFlag(char *flag, int argc, char **argv, int *i, if (int_vector_field) { *i = *i + 1; if (*i >= argc) { - fprintf(stderr, "Missing parameter\n"); + fprintf(stderr, "Missing parameter.\n"); return false; } @@ -307,7 +307,7 @@ bool ParseFlag(char *flag, int argc, char **argv, int *i, return true; } - fprintf(stderr, "Unknown argument: %s\n", flag); + fprintf(stderr, "Unknown argument: %s.\n", flag); return false; } @@ -403,9 +403,9 @@ static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) { const TestConfig *config = GetTestConfig(ssl); const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); if (server_name == nullptr || - std::string(server_name) != config->expected_server_name) { - fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name, - config->expected_server_name.c_str()); + std::string(server_name) != config->expect_server_name) { + fprintf(stderr, "servername mismatch (got %s; want %s).\n", server_name, + config->expect_server_name.c_str()); return SSL_TLSEXT_ERR_ALERT_FATAL; } @@ -449,7 +449,7 @@ static void MessageCallback(int is_write, int version, int content_type, if (content_type == SSL3_RT_HEADER) { if (len != (config->is_dtls ? DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { - fprintf(stderr, "Incorrect length for record header: %zu\n", len); + fprintf(stderr, "Incorrect length for record header: %zu.\n", len); state->msg_callback_ok = false; } return; @@ -459,7 +459,7 @@ static void MessageCallback(int is_write, int version, int content_type, switch (content_type) { case 0: if (version != SSL2_VERSION) { - fprintf(stderr, "Incorrect version for V2ClientHello: %x\n", version); + fprintf(stderr, "Incorrect version for V2ClientHello: %x.\n", version); state->msg_callback_ok = false; return; } @@ -509,7 +509,7 @@ static void MessageCallback(int is_write, int version, int content_type, return; default: - fprintf(stderr, "Invalid content_type: %d\n", content_type); + fprintf(stderr, "Invalid content_type: %d.\n", content_type); state->msg_callback_ok = false; } } @@ -618,11 +618,11 @@ static int AlpnSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *outlen, return SSL_TLSEXT_ERR_NOACK; } - if (!config->expected_advertised_alpn.empty() && - (config->expected_advertised_alpn.size() != inlen || - OPENSSL_memcmp(config->expected_advertised_alpn.data(), in, inlen) != + if (!config->expect_advertised_alpn.empty() && + (config->expect_advertised_alpn.size() != inlen || + OPENSSL_memcmp(config->expect_advertised_alpn.data(), in, inlen) != 0)) { - fprintf(stderr, "bad ALPN select callback inputs\n"); + fprintf(stderr, "bad ALPN select callback inputs.\n"); exit(1); } @@ -634,12 +634,12 @@ static int AlpnSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *outlen, static bool CheckVerifyCallback(SSL *ssl) { const TestConfig *config = GetTestConfig(ssl); - if (!config->expected_ocsp_response.empty()) { + if (!config->expect_ocsp_response.empty()) { const uint8_t *data; size_t len; SSL_get0_ocsp_response(ssl, &data, &len); if (len == 0) { - fprintf(stderr, "OCSP response not available in verify callback\n"); + fprintf(stderr, "OCSP response not available in verify callback.\n"); return false; } } @@ -808,7 +808,7 @@ static std::vector<std::string> DecodeHexStrings( for (const auto &part : parts) { std::string binary; if (!HexDecode(&binary, part)) { - fprintf(stderr, "Bad hex string: %s\n", part.c_str()); + fprintf(stderr, "Bad hex string: %s.\n", part.c_str()); return ret; } @@ -847,22 +847,22 @@ static bssl::UniquePtr<STACK_OF(X509_NAME)> DecodeHexX509Names( static bool CheckPeerVerifyPrefs(SSL *ssl) { const TestConfig *config = GetTestConfig(ssl); - if (!config->expected_peer_verify_prefs.empty()) { + if (!config->expect_peer_verify_prefs.empty()) { const uint16_t *peer_sigalgs; size_t num_peer_sigalgs = SSL_get0_peer_verify_algorithms(ssl, &peer_sigalgs); - if (config->expected_peer_verify_prefs.size() != num_peer_sigalgs) { + if (config->expect_peer_verify_prefs.size() != num_peer_sigalgs) { fprintf(stderr, "peer verify preferences length mismatch (got %zu, wanted %zu)\n", - num_peer_sigalgs, config->expected_peer_verify_prefs.size()); + num_peer_sigalgs, config->expect_peer_verify_prefs.size()); return false; } for (size_t i = 0; i < num_peer_sigalgs; i++) { if (static_cast<int>(peer_sigalgs[i]) != - config->expected_peer_verify_prefs[i]) { + config->expect_peer_verify_prefs[i]) { fprintf(stderr, "peer verify preference %zu mismatch (got %04x, wanted %04x\n", - i, peer_sigalgs[i], config->expected_peer_verify_prefs[i]); + i, peer_sigalgs[i], config->expect_peer_verify_prefs[i]); return false; } } @@ -877,29 +877,29 @@ static bool CheckCertificateRequest(SSL *ssl) { return false; } - if (!config->expected_certificate_types.empty()) { + if (!config->expect_certificate_types.empty()) { const uint8_t *certificate_types; size_t certificate_types_len = SSL_get0_certificate_types(ssl, &certificate_types); - if (certificate_types_len != config->expected_certificate_types.size() || + if (certificate_types_len != config->expect_certificate_types.size() || OPENSSL_memcmp(certificate_types, - config->expected_certificate_types.data(), + config->expect_certificate_types.data(), certificate_types_len) != 0) { - fprintf(stderr, "certificate types mismatch\n"); + fprintf(stderr, "certificate types mismatch.\n"); return false; } } - if (!config->expected_client_ca_list.empty()) { + if (!config->expect_client_ca_list.empty()) { bssl::UniquePtr<STACK_OF(X509_NAME)> expected = - DecodeHexX509Names(config->expected_client_ca_list); + DecodeHexX509Names(config->expect_client_ca_list); const size_t num_expected = sk_X509_NAME_num(expected.get()); const STACK_OF(X509_NAME) *received = SSL_get_client_CA_list(ssl); const size_t num_received = sk_X509_NAME_num(received); if (num_received != num_expected) { - fprintf(stderr, "expected %u names in CertificateRequest but got %u\n", + fprintf(stderr, "expected %u names in CertificateRequest but got %u.\n", static_cast<unsigned>(num_expected), static_cast<unsigned>(num_received)); return false; @@ -908,7 +908,7 @@ static bool CheckCertificateRequest(SSL *ssl) { for (size_t i = 0; i < num_received; i++) { if (X509_NAME_cmp(sk_X509_NAME_value(received, i), sk_X509_NAME_value(expected.get(), i)) != 0) { - fprintf(stderr, "names in CertificateRequest differ at index #%d\n", + fprintf(stderr, "names in CertificateRequest differ at index #%d.\n", static_cast<unsigned>(i)); return false; } @@ -1099,35 +1099,16 @@ static enum ssl_select_cert_result_t SelectCertificateCallback( const TestConfig *config = GetTestConfig(client_hello->ssl); GetTestState(client_hello->ssl)->early_callback_called = true; - if (!config->expected_server_name.empty()) { - const uint8_t *extension_data; - size_t extension_len; - CBS extension, server_name_list, host_name; - uint8_t name_type; - - if (!SSL_early_callback_ctx_extension_get( - client_hello, TLSEXT_TYPE_server_name, &extension_data, - &extension_len)) { - fprintf(stderr, "Could not find server_name extension.\n"); - return ssl_select_cert_error; - } - - CBS_init(&extension, extension_data, extension_len); - if (!CBS_get_u16_length_prefixed(&extension, &server_name_list) || - CBS_len(&extension) != 0 || - !CBS_get_u8(&server_name_list, &name_type) || - name_type != TLSEXT_NAMETYPE_host_name || - !CBS_get_u16_length_prefixed(&server_name_list, &host_name) || - CBS_len(&server_name_list) != 0) { - fprintf(stderr, "Could not decode server_name extension.\n"); + if (!config->expect_server_name.empty()) { + const char *server_name = + SSL_get_servername(client_hello->ssl, TLSEXT_NAMETYPE_host_name); + if (server_name == nullptr || + std::string(server_name) != config->expect_server_name) { + fprintf(stderr, + "Server name mismatch in early callback (got %s; want %s).\n", + server_name, config->expect_server_name.c_str()); return ssl_select_cert_error; } - - if (!CBS_mem_equal(&host_name, - (const uint8_t *)config->expected_server_name.data(), - config->expected_server_name.size())) { - fprintf(stderr, "Server name mismatch.\n"); - } } if (config->fail_early_callback) { @@ -1240,7 +1221,7 @@ bssl::UniquePtr<SSL_CTX> TestConfig::SetupCtx(SSL_CTX *old_ctx) const { SSL_CTX_set_grease_enabled(ssl_ctx.get(), 1); } - if (!expected_server_name.empty()) { + if (!expect_server_name.empty()) { SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback); } @@ -1344,6 +1325,10 @@ bssl::UniquePtr<SSL_CTX> TestConfig::SetupCtx(SSL_CTX *old_ctx) const { SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE); } + if (enable_pq_experiment_signal) { + SSL_CTX_enable_pq_experiment_signal(ssl_ctx.get()); + } + return ssl_ctx; } @@ -1371,7 +1356,7 @@ static unsigned PskClientCallback(SSL *ssl, const char *hint, // Account for the trailing '\0' for the identity. if (config->psk_identity.size() >= max_identity_len || config->psk.size() > max_psk_len) { - fprintf(stderr, "PSK buffers too small\n"); + fprintf(stderr, "PSK buffers too small.\n"); return 0; } @@ -1390,7 +1375,7 @@ static unsigned PskServerCallback(SSL *ssl, const char *identity, } if (config->psk.size() > max_psk_len) { - fprintf(stderr, "PSK buffers too small\n"); + fprintf(stderr, "PSK buffers too small.\n"); return 0; } @@ -1520,7 +1505,7 @@ bssl::UniquePtr<SSL> TestConfig::NewSSL( if (no_ticket) { SSL_set_options(ssl.get(), SSL_OP_NO_TICKET); } - if (!expected_channel_id.empty() || enable_channel_id) { + if (!expect_channel_id.empty() || enable_channel_id) { SSL_set_tls_channel_id_enabled(ssl.get(), 1); } if (!send_channel_id.empty()) { @@ -1622,6 +1607,9 @@ bssl::UniquePtr<SSL> TestConfig::NewSSL( case SSL_CURVE_CECPQ2: nids.push_back(NID_CECPQ2); break; + case SSL_CURVE_CECPQ2b: + nids.push_back(NID_CECPQ2b); + break; } if (!SSL_set1_curves(ssl.get(), &nids[0], nids.size())) { return nullptr; @@ -1630,8 +1618,8 @@ bssl::UniquePtr<SSL> TestConfig::NewSSL( } if (enable_all_curves) { static const int kAllCurves[] = { - NID_secp224r1, NID_X9_62_prime256v1, NID_secp384r1, - NID_secp521r1, NID_X25519, NID_CECPQ2, + NID_secp224r1, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, + NID_X25519, NID_CECPQ2, NID_CECPQ2b, }; if (!SSL_set1_curves(ssl.get(), kAllCurves, OPENSSL_ARRAY_SIZE(kAllCurves))) { @@ -1678,7 +1666,8 @@ bssl::UniquePtr<SSL> TestConfig::NewSSL( if (!delegated_credential.empty()) { std::string::size_type comma = delegated_credential.find(','); if (comma == std::string::npos) { - fprintf(stderr, "failed to find comma in delegated credential argument"); + fprintf(stderr, + "failed to find comma in delegated credential argument.\n"); return nullptr; } @@ -1686,7 +1675,7 @@ bssl::UniquePtr<SSL> TestConfig::NewSSL( const std::string pkcs8_hex = delegated_credential.substr(comma + 1); std::string dc, pkcs8; if (!HexDecode(&dc, dc_hex) || !HexDecode(&pkcs8, pkcs8_hex)) { - fprintf(stderr, "failed to hex decode delegated credential argument"); + fprintf(stderr, "failed to hex decode delegated credential argument.\n"); return nullptr; } @@ -1697,7 +1686,7 @@ bssl::UniquePtr<SSL> TestConfig::NewSSL( bssl::UniquePtr<EVP_PKEY> priv(EVP_parse_private_key(&pkcs8_cbs)); if (!priv) { - fprintf(stderr, "failed to parse delegated credential private key"); + fprintf(stderr, "failed to parse delegated credential private key.\n"); return nullptr; } |