diff options
author | Jonas Allmann <jallmann@mozilla.com> | 2018-08-21 15:42:44 +0200 |
---|---|---|
committer | Jonas Allmann <jallmann@mozilla.com> | 2018-08-21 15:42:44 +0200 |
commit | ddd3416cbc803d46d088c1ba9ee39b20d1ea6fa5 (patch) | |
tree | 917f6ef89aea0704b25e56d64a5093b8c215c67a | |
parent | 0c41c2536afdb4c5224f3607d7fc498ca1848aec (diff) | |
download | nss-hg-ddd3416cbc803d46d088c1ba9ee39b20d1ea6fa5.tar.gz |
Bug 1479425 - Add cipher-list argument to nss_bogo_shim, r=franziskus
This adds nss-cipher as argument to the nss_bogo_shim to support tls-interop ciphersuite tests.
Note that this is different from the cipher argument that bogo uses to avoid test failures (NSS doesn't understand the OpenSSL cipher strings that bogo uses).
Differential Revision: https://phabricator.services.mozilla.com/D2510
-rw-r--r-- | gtests/nss_bogo_shim/nss_bogo_shim.cc | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/gtests/nss_bogo_shim/nss_bogo_shim.cc b/gtests/nss_bogo_shim/nss_bogo_shim.cc index 51bfab1d4..b2b59c2f0 100644 --- a/gtests/nss_bogo_shim/nss_bogo_shim.cc +++ b/gtests/nss_bogo_shim/nss_bogo_shim.cc @@ -346,11 +346,44 @@ class TestAgent { PR_TRUE); if (rv != SECSuccess) return false; - if (!EnableNonExportCiphers()) return false; + if (!ConfigureCiphers()) return false; return true; } + bool ConfigureCiphers() { + auto cipherList = cfg_.get<std::string>("nss-cipher"); + + if (cipherList.empty()) { + return EnableNonExportCiphers(); + } + + for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) { + SSLCipherSuiteInfo csinfo; + std::string::size_type n; + SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo, + sizeof(csinfo)); + if (rv != SECSuccess) { + return false; + } + + // Check if cipherList contains the name of the Cipher Suite and + // enable/disable accordingly. + n = cipherList.find(csinfo.cipherSuiteName, 0); + if (std::string::npos == n) { + rv = SSL_CipherPrefSet(ssl_fd_.get(), SSL_ImplementedCiphers[i], + PR_FALSE); + } else { + rv = SSL_CipherPrefSet(ssl_fd_.get(), SSL_ImplementedCiphers[i], + PR_TRUE); + } + if (rv != SECSuccess) { + return false; + } + } + return true; + } + bool EnableNonExportCiphers() { for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) { SSLCipherSuiteInfo csinfo; @@ -556,6 +589,7 @@ std::unique_ptr<const Config> ReadConfig(int argc, char** argv) { cfg->AddEntry<std::vector<int>>("signing-prefs", std::vector<int>()); cfg->AddEntry<std::vector<int>>("verify-prefs", std::vector<int>()); cfg->AddEntry<int>("expect-peer-signature-algorithm", 0); + cfg->AddEntry<std::string>("nss-cipher", ""); auto rv = cfg->ParseArgs(argc, argv); switch (rv) { |