Bug 1479425 - Add cipher-list argument to nss_bogo_shim, r=franziskus

This adds nss-cipher as argument to the nss_bogo_shim to support tls-interop ciphersuite tests. Note that this is different from the cipher argument that bogo uses to avoid test failures (NSS doesn't understand the OpenSSL cipher strings that bogo uses). Differential Revision: https://phabricator.services.mozilla.com/D2510
author: Jonas Allmann <jallmann@mozilla.com> 2018-08-21 15:42:44 +0200
committer: Jonas Allmann <jallmann@mozilla.com> 2018-08-21 15:42:44 +0200
commit: ddd3416cbc803d46d088c1ba9ee39b20d1ea6fa5 (patch)
tree: 917f6ef89aea0704b25e56d64a5093b8c215c67a
parent: 0c41c2536afdb4c5224f3607d7fc498ca1848aec (diff)
download: nss-hg-ddd3416cbc803d46d088c1ba9ee39b20d1ea6fa5.tar.gz
1 files changed, 35 insertions, 1 deletions
diff --git a/gtests/nss_bogo_shim/nss_bogo_shim.cc b/gtests/nss_bogo_shim/nss_bogo_shim.cc
index 51bfab1d4..b2b59c2f0 100644
--- a/gtests/nss_bogo_shim/nss_bogo_shim.cc
+++ b/gtests/nss_bogo_shim/nss_bogo_shim.cc
@@ -346,11 +346,44 @@ class TestAgent {
                        PR_TRUE);
     if (rv != SECSuccess) return false;
 
-    if (!EnableNonExportCiphers()) return false;
+    if (!ConfigureCiphers()) return false;
 
     return true;
   }
 
+  bool ConfigureCiphers() {
+    auto cipherList = cfg_.get<std::string>("nss-cipher");
+
+    if (cipherList.empty()) {
+      return EnableNonExportCiphers();
+    }
+
+    for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+      SSLCipherSuiteInfo csinfo;
+      std::string::size_type n;
+      SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo,
+                                            sizeof(csinfo));
+      if (rv != SECSuccess) {
+        return false;
+      }
+
+      // Check if cipherList contains the name of the Cipher Suite and
+      // enable/disable accordingly.
+      n = cipherList.find(csinfo.cipherSuiteName, 0);
+      if (std::string::npos == n) {
+        rv = SSL_CipherPrefSet(ssl_fd_.get(), SSL_ImplementedCiphers[i],
+                               PR_FALSE);
+      } else {
+        rv = SSL_CipherPrefSet(ssl_fd_.get(), SSL_ImplementedCiphers[i],
+                               PR_TRUE);
+      }
+      if (rv != SECSuccess) {
+        return false;
+      }
+    }
+    return true;
+  }
+
   bool EnableNonExportCiphers() {
     for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
       SSLCipherSuiteInfo csinfo;
@@ -556,6 +589,7 @@ std::unique_ptr<const Config> ReadConfig(int argc, char** argv) {
   cfg->AddEntry<std::vector<int>>("signing-prefs", std::vector<int>());
   cfg->AddEntry<std::vector<int>>("verify-prefs", std::vector<int>());
   cfg->AddEntry<int>("expect-peer-signature-algorithm", 0);
+  cfg->AddEntry<std::string>("nss-cipher", "");
 
   auto rv = cfg->ParseArgs(argc, argv);
   switch (rv) {
author	Jonas Allmann <jallmann@mozilla.com>	2018-08-21 15:42:44 +0200
committer	Jonas Allmann <jallmann@mozilla.com>	2018-08-21 15:42:44 +0200
commit	ddd3416cbc803d46d088c1ba9ee39b20d1ea6fa5 (patch)
tree	917f6ef89aea0704b25e56d64a5093b8c215c67a
parent	0c41c2536afdb4c5224f3607d7fc498ca1848aec (diff)
download	nss-hg-ddd3416cbc803d46d088c1ba9ee39b20d1ea6fa5.tar.gz