Test all supported curves (including those off by default).
Change-Id: I54b2b354ab3d227305f829839e82e7ae7292fd7d
Reviewed-on: https://boringssl-review.googlesource.com/6774
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index ee76aea..13edeed 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -1237,6 +1237,15 @@
return false;
}
}
+ if (config->enable_all_curves) {
+ static const int kAllCurves[] = {
+ NID_secp224r1, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1,
+ };
+ if (!SSL_set1_curves(ssl.get(), kAllCurves,
+ sizeof(kAllCurves) / sizeof(kAllCurves[0]))) {
+ return false;
+ }
+ }
int sock = Connect(config->port);
if (sock == -1) {
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 59c04fb..6f2bb4e 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -4618,6 +4618,38 @@
}
}
+var testCurves = []struct {
+ name string
+ id CurveID
+}{
+ {"P-224", CurveP224},
+ {"P-256", CurveP256},
+ {"P-384", CurveP384},
+ {"P-521", CurveP521},
+}
+
+func addCurveTests() {
+ for _, curve := range testCurves {
+ testCases = append(testCases, testCase{
+ name: "CurveTest-Client-" + curve.name,
+ config: Config{
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ CurvePreferences: []CurveID{curve.id},
+ },
+ flags: []string{"-enable-all-curves"},
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "CurveTest-Server-" + curve.name,
+ config: Config{
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ CurvePreferences: []CurveID{curve.id},
+ },
+ flags: []string{"-enable-all-curves"},
+ })
+ }
+}
+
func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
defer wg.Done()
@@ -4715,6 +4747,7 @@
addTLSUniqueTests()
addCustomExtensionTests()
addRSAClientKeyExchangeTests()
+ addCurveTests()
for _, async := range []bool{false, true} {
for _, splitHandshake := range []bool{false, true} {
for _, protocol := range []protocol{tls, dtls} {
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index d2c66f2..46991fa 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -96,6 +96,7 @@
{ "-renegotiate-ignore", &TestConfig::renegotiate_ignore },
{ "-disable-npn", &TestConfig::disable_npn },
{ "-p384-only", &TestConfig::p384_only },
+ { "-enable-all-curves", &TestConfig::enable_all_curves },
{ "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime },
};
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index 76ac375..685f92d 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -99,6 +99,7 @@
bool disable_npn = false;
int expect_server_key_exchange_hash = 0;
bool p384_only = false;
+ bool enable_all_curves = false;
bool use_sparse_dh_prime = false;
};