external/boringssl: Sync to 58e449904e248f34bdfc2be7a609c58bcb0257b7. This includes the following changes: https://boringssl.googlesource.com/boringssl/+log/2c1523733a71166943e52da11ac2eae82b0227b8..58e449904e248f34bdfc2be7a609c58bcb0257b7 Test: BoringSSL CTS Presubmits Change-Id: I1a825139c8c7076d09b8a3acc5f09a547a7cbe0d

commit: 2424d84dd6dbdc0d32a4c80e6810d168f722ce0b [log] [tgz]
author: Robert Sloan <varomodt@google.com> Mon May 01 07:46:28 2017 -0700
committer: Robert Sloan <varomodt@google.com> Mon May 01 07:46:37 2017 -0700
tree: 8727f96cb5c16125aa208b34cea46fe26473dcb1
parent: 9254e681d446a8105bd66f08bae1252d4d89a139 [diff]
diff --git a/src/ssl/handshake_client.c b/src/ssl/handshake_client.c
index 0629078..f204286 100644
--- a/src/ssl/handshake_client.c
+++ b/src/ssl/handshake_client.c

@@ -1255,11 +1255,8 @@
         goto f_err;
       }
       hs->new_session->peer_signature_algorithm = signature_algorithm;
-    } else if (hs->peer_pubkey->type == EVP_PKEY_RSA) {
-      signature_algorithm = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
-    } else if (hs->peer_pubkey->type == EVP_PKEY_EC) {
-      signature_algorithm = SSL_SIGN_ECDSA_SHA1;
-    } else {
+    } else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
+                                                    hs->peer_pubkey)) {
       al = SSL_AD_UNSUPPORTED_CERTIFICATE;
       OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
       goto f_err;

diff --git a/src/ssl/handshake_server.c b/src/ssl/handshake_server.c
index 63027d6..4eaf3cb 100644
--- a/src/ssl/handshake_server.c
+++ b/src/ssl/handshake_server.c

@@ -1722,11 +1722,8 @@
       goto f_err;
     }
     hs->new_session->peer_signature_algorithm = signature_algorithm;
-  } else if (hs->peer_pubkey->type == EVP_PKEY_RSA) {
-    signature_algorithm = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
-  } else if (hs->peer_pubkey->type == EVP_PKEY_EC) {
-    signature_algorithm = SSL_SIGN_ECDSA_SHA1;
-  } else {
+  } else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
+                                                  hs->peer_pubkey)) {
     al = SSL_AD_UNSUPPORTED_CERTIFICATE;
     OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
     goto f_err;

diff --git a/src/ssl/internal.h b/src/ssl/internal.h
index 1ed7e15..e7a3f7a 100644
--- a/src/ssl/internal.h
+++ b/src/ssl/internal.h

@@ -1272,6 +1272,11 @@
  * error. */
 int tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *sigalgs);
 
+/* tls1_get_legacy_signature_algorithm sets |*out| to the signature algorithm
+ * that should be used with |pkey| in TLS 1.1 and earlier. It returns one on
+ * success and zero if |pkey| may not be used at those versions. */
+int tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey);
+
 /* tls1_choose_signature_algorithm sets |*out| to a signature algorithm for use
  * with |hs|'s private key based on the peer's preferences and the algorithms
  * supported. It returns one on success and zero on error. */

diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc
index 3296c17..80465ce 100644
--- a/src/ssl/ssl_test.cc
+++ b/src/ssl/ssl_test.cc

@@ -306,57 +306,39 @@
   ":X25519:P-256",
 };
 
-static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) {
+static std::string CipherListToString(ssl_cipher_preference_list_st *list) {
   bool in_group = false;
+  std::string ret;
   for (size_t i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
     const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
     if (!in_group && list->in_group_flags[i]) {
-      fprintf(stderr, "\t[\n");
+      ret += "\t[\n";
       in_group = true;
     }
-    fprintf(stderr, "\t");
+    ret += "\t";
     if (in_group) {
-      fprintf(stderr, "  ");
+      ret += "  ";
     }
-    fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
+    ret += SSL_CIPHER_get_name(cipher);
+    ret += "\n";
     if (in_group && !list->in_group_flags[i]) {
-      fprintf(stderr, "\t]\n");
+      ret += "\t]\n";
       in_group = false;
     }
   }
+  return ret;
 }
 
-static bool TestCipherRule(const CipherTest &t) {
-  bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
-  if (!ctx) {
+static bool CipherListsEqual(ssl_cipher_preference_list_st *list,
+                             const std::vector<ExpectedCipher> &expected) {
+  if (sk_SSL_CIPHER_num(list->ciphers) != expected.size()) {
     return false;
   }
 
-  if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) {
-    fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule);
-    return false;
-  }
-
-  if (!SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule) != t.strict_fail) {
-    fprintf(stderr, "Unexpected strict failure result testing cipher rule '%s':"
-            " expected %d\n", t.rule, t.strict_fail);
-    return false;
-  }
-
-  // Compare the two lists.
-  if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) {
-    fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
-    PrintCipherPreferenceList(ctx->cipher_list);
-    return false;
-  }
-
-  for (size_t i = 0; i < t.expected.size(); i++) {
-    const SSL_CIPHER *cipher =
-        sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
-    if (t.expected[i].id != SSL_CIPHER_get_id(cipher) ||
-        t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
-      fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule);
-      PrintCipherPreferenceList(ctx->cipher_list);
+  for (size_t i = 0; i < expected.size(); i++) {
+    const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
+    if (expected[i].id != SSL_CIPHER_get_id(cipher) ||
+        expected[i].in_group_flag != list->in_group_flags[i]) {
       return false;
     }
   }
@@ -364,99 +346,72 @@
   return true;
 }
 
-static bool TestRuleDoesNotIncludeNull(const char *rule) {
-  bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
-  if (!ctx) {
-    return false;
-  }
-  if (!SSL_CTX_set_strict_cipher_list(ctx.get(), rule)) {
-    fprintf(stderr, "Error: cipher rule '%s' failed\n", rule);
-    return false;
-  }
-  for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
-    if (SSL_CIPHER_is_NULL(sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i))) {
-      fprintf(stderr, "Error: cipher rule '%s' includes NULL\n",rule);
-      return false;
-    }
-  }
-  return true;
-}
+TEST(SSLTest, CipherRules) {
+  for (const CipherTest &t : kCipherTests) {
+    SCOPED_TRACE(t.rule);
+    bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
+    ASSERT_TRUE(ctx);
 
-static bool TestCipherRules() {
-  for (const CipherTest &test : kCipherTests) {
-    if (!TestCipherRule(test)) {
-      return false;
+    // Test lax mode.
+    ASSERT_TRUE(SSL_CTX_set_cipher_list(ctx.get(), t.rule));
+    EXPECT_TRUE(CipherListsEqual(ctx->cipher_list, t.expected))
+        << "Cipher rule evaluated to:\n"
+        << CipherListToString(ctx->cipher_list);
+
+    // Test strict mode.
+    if (t.strict_fail) {
+      EXPECT_FALSE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
+    } else {
+      ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), t.rule));
+      EXPECT_TRUE(CipherListsEqual(ctx->cipher_list, t.expected))
+          << "Cipher rule evaluated to:\n"
+          << CipherListToString(ctx->cipher_list);
     }
   }
 
   for (const char *rule : kBadRules) {
-    bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
-    if (!ctx) {
-      return false;
-    }
-    if (SSL_CTX_set_cipher_list(ctx.get(), rule)) {
-      fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule);
-      return false;
-    }
+    SCOPED_TRACE(rule);
+    bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
+    ASSERT_TRUE(ctx);
+
+    EXPECT_FALSE(SSL_CTX_set_cipher_list(ctx.get(), rule));
     ERR_clear_error();
   }
 
   for (const char *rule : kMustNotIncludeNull) {
-    if (!TestRuleDoesNotIncludeNull(rule)) {
-      return false;
+    SCOPED_TRACE(rule);
+    bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
+    ASSERT_TRUE(ctx);
+
+    ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(ctx.get(), rule));
+    for (size_t i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
+      EXPECT_FALSE(SSL_CIPHER_is_NULL(
+          sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i)));
     }
   }
-
-  return true;
 }
 
-static bool TestCurveRule(const CurveTest &t) {
-  bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
-  if (!ctx) {
-    return false;
-  }
+TEST(SSLTest, CurveRules) {
+  for (const CurveTest &t : kCurveTests) {
+    SCOPED_TRACE(t.rule);
+    bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
+    ASSERT_TRUE(ctx);
 
-  if (!SSL_CTX_set1_curves_list(ctx.get(), t.rule)) {
-    fprintf(stderr, "Error testing curves list '%s'\n", t.rule);
-    return false;
-  }
-
-  // Compare the two lists.
-  if (ctx->supported_group_list_len != t.expected.size()) {
-    fprintf(stderr, "Error testing curves list '%s': length\n", t.rule);
-    return false;
-  }
-
-  for (size_t i = 0; i < t.expected.size(); i++) {
-    if (t.expected[i] != ctx->supported_group_list[i]) {
-      fprintf(stderr, "Error testing curves list '%s': mismatch\n", t.rule);
-      return false;
-    }
-  }
-
-  return true;
-}
-
-static bool TestCurveRules() {
-  for (const CurveTest &test : kCurveTests) {
-    if (!TestCurveRule(test)) {
-      return false;
+    ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
+    ASSERT_EQ(t.expected.size(), ctx->supported_group_list_len);
+    for (size_t i = 0; i < t.expected.size(); i++) {
+      EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
     }
   }
 
   for (const char *rule : kBadCurvesLists) {
-    bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_server_method()));
-    if (!ctx) {
-      return false;
-    }
-    if (SSL_CTX_set1_curves_list(ctx.get(), rule)) {
-      fprintf(stderr, "Curves list '%s' unexpectedly succeeded\n", rule);
-      return false;
-    }
+    SCOPED_TRACE(rule);
+    bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
+    ASSERT_TRUE(ctx);
+
+    EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
     ERR_clear_error();
   }
-
-  return true;
 }
 
 // kOpenSSLSession is a serialized SSL_SESSION.
@@ -756,31 +711,23 @@
   return true;
 }
 
-static bool TestDefaultVersion(uint16_t min_version, uint16_t max_version,
-                               const SSL_METHOD *(*method)(void)) {
+static void ExpectDefaultVersion(uint16_t min_version, uint16_t max_version,
+                                 const SSL_METHOD *(*method)(void)) {
   bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method()));
-  if (!ctx) {
-    return false;
-  }
-  if (ctx->min_version != min_version || ctx->max_version != max_version) {
-    fprintf(stderr, "Got min %04x, max %04x; wanted min %04x, max %04x\n",
-            ctx->min_version, ctx->max_version, min_version, max_version);
-    return false;
-  }
-  return true;
+  ASSERT_TRUE(ctx);
+  EXPECT_EQ(min_version, ctx->min_version);
+  EXPECT_EQ(max_version, ctx->max_version);
 }
 
-static bool CipherGetRFCName(std::string *out, uint16_t value) {
-  const SSL_CIPHER *cipher = SSL_get_cipher_by_value(value);
-  if (cipher == NULL) {
-    return false;
-  }
-  bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
-  if (!rfc_name) {
-    return false;
-  }
-  out->assign(rfc_name.get());
-  return true;
+TEST(SSLTest, DefaultVersion) {
+  // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
+  ExpectDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method);
+  ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method);
+  ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method);
+  ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method);
+  ExpectDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method);
+  ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method);
+  ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
 }
 
 typedef struct {
@@ -810,22 +757,17 @@
     {TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
 };
 
-static bool TestCipherGetRFCName(void) {
-  for (size_t i = 0;
-       i < OPENSSL_ARRAY_SIZE(kCipherRFCNameTests); i++) {
-    const CIPHER_RFC_NAME_TEST *test = &kCipherRFCNameTests[i];
-    std::string rfc_name;
-    if (!CipherGetRFCName(&rfc_name, test->id & 0xffff)) {
-      fprintf(stderr, "SSL_CIPHER_get_rfc_name failed\n");
-      return false;
-    }
-    if (rfc_name != test->rfc_name) {
-      fprintf(stderr, "SSL_CIPHER_get_rfc_name: got '%s', wanted '%s'\n",
-              rfc_name.c_str(), test->rfc_name);
-      return false;
-    }
+TEST(SSLTest, CipherGetRFCName) {
+  for (const CIPHER_RFC_NAME_TEST &t : kCipherRFCNameTests) {
+    SCOPED_TRACE(t.rfc_name);
+
+    const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
+    ASSERT_TRUE(cipher);
+    bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
+    ASSERT_TRUE(rfc_name);
+
+    EXPECT_STREQ(t.rfc_name, rfc_name.get());
   }
-  return true;
 }
 
 // CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified
@@ -1014,9 +956,9 @@
   out->push_back(session);
 }
 
-// ExpectCache returns true if |ctx|'s session cache consists of |expected|, in
+// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in
 // order.
-static bool ExpectCache(SSL_CTX *ctx,
+static bool CacheEquals(SSL_CTX *ctx,
                         const std::vector<SSL_SESSION*> &expected) {
   // Check the linked list.
   SSL_SESSION *ptr = ctx->session_cache_head;
@@ -1064,19 +1006,15 @@
 }
 
 // Test that the internal session cache behaves as expected.
-static bool TestInternalSessionCache() {
+TEST(SSLTest, InternalSessionCache) {
   bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
-  if (!ctx) {
-    return false;
-  }
+  ASSERT_TRUE(ctx);
 
   // Prepare 10 test sessions.
   std::vector<bssl::UniquePtr<SSL_SESSION>> sessions;
   for (int i = 0; i < 10; i++) {
     bssl::UniquePtr<SSL_SESSION> session = CreateTestSession(i);
-    if (!session) {
-      return false;
-    }
+    ASSERT_TRUE(session);
     sessions.push_back(std::move(session));
   }
 
@@ -1084,68 +1022,42 @@
 
   // Insert all the test sessions.
   for (const auto &session : sessions) {
-    if (!SSL_CTX_add_session(ctx.get(), session.get())) {
-      return false;
-    }
+    ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), session.get()));
   }
 
   // Only the last five should be in the list.
-  std::vector<SSL_SESSION*> expected = {
-      sessions[9].get(),
-      sessions[8].get(),
-      sessions[7].get(),
-      sessions[6].get(),
-      sessions[5].get(),
-  };
-  if (!ExpectCache(ctx.get(), expected)) {
-    return false;
-  }
+  ASSERT_TRUE(CacheEquals(
+      ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
+                  sessions[6].get(), sessions[5].get()}));
 
-  // Inserting an element already in the cache should fail.
-  if (SSL_CTX_add_session(ctx.get(), sessions[7].get()) ||
-      !ExpectCache(ctx.get(), expected)) {
-    return false;
-  }
+  // Inserting an element already in the cache should fail and leave the cache
+  // unchanged.
+  ASSERT_FALSE(SSL_CTX_add_session(ctx.get(), sessions[7].get()));
+  ASSERT_TRUE(CacheEquals(
+      ctx.get(), {sessions[9].get(), sessions[8].get(), sessions[7].get(),
+                  sessions[6].get(), sessions[5].get()}));
 
   // Although collisions should be impossible (256-bit session IDs), the cache
   // must handle them gracefully.
   bssl::UniquePtr<SSL_SESSION> collision(CreateTestSession(7));
-  if (!collision || !SSL_CTX_add_session(ctx.get(), collision.get())) {
-    return false;
-  }
-  expected = {
-      collision.get(),
-      sessions[9].get(),
-      sessions[8].get(),
-      sessions[6].get(),
-      sessions[5].get(),
-  };
-  if (!ExpectCache(ctx.get(), expected)) {
-    return false;
-  }
+  ASSERT_TRUE(collision);
+  ASSERT_TRUE(SSL_CTX_add_session(ctx.get(), collision.get()));
+  ASSERT_TRUE(CacheEquals(
+      ctx.get(), {collision.get(), sessions[9].get(), sessions[8].get(),
+                  sessions[6].get(), sessions[5].get()}));
 
   // Removing sessions behaves correctly.
-  if (!SSL_CTX_remove_session(ctx.get(), sessions[6].get())) {
-    return false;
-  }
-  expected = {
-      collision.get(),
-      sessions[9].get(),
-      sessions[8].get(),
-      sessions[5].get(),
-  };
-  if (!ExpectCache(ctx.get(), expected)) {
-    return false;
-  }
+  ASSERT_TRUE(SSL_CTX_remove_session(ctx.get(), sessions[6].get()));
+  ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
+                                      sessions[8].get(), sessions[5].get()}));
 
   // Removing sessions requires an exact match.
-  if (SSL_CTX_remove_session(ctx.get(), sessions[0].get()) ||
-      SSL_CTX_remove_session(ctx.get(), sessions[7].get()) ||
-      !ExpectCache(ctx.get(), expected)) {
-    return false;
-  }
+  ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[0].get()));
+  ASSERT_FALSE(SSL_CTX_remove_session(ctx.get(), sessions[7].get()));
 
-  return true;
+  // The cache remains unchanged.
+  ASSERT_TRUE(CacheEquals(ctx.get(), {collision.get(), sessions[9].get(),
+                                      sessions[8].get(), sessions[5].get()}));
 }
 
 static uint16_t EpochFromSequence(uint64_t seq) {
@@ -3544,23 +3456,12 @@
 
 // TODO(davidben): Convert this file to GTest properly.
 TEST(SSLTest, AllTests) {
-  if (!TestCipherRules() ||
-      !TestCurveRules() ||
-      !TestSSL_SESSIONEncoding(kOpenSSLSession) ||
+  if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
       !TestSSL_SESSIONEncoding(kCustomSession) ||
       !TestSSL_SESSIONEncoding(kBoringSSLSession) ||
       !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
       !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
       !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
-      // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
-      !TestDefaultVersion(TLS1_VERSION, TLS1_2_VERSION, &TLS_method) ||
-      !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
-      !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
-      !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method) ||
-      !TestDefaultVersion(TLS1_1_VERSION, TLS1_2_VERSION, &DTLS_method) ||
-      !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &DTLSv1_method) ||
-      !TestDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method) ||
-      !TestCipherGetRFCName() ||
       // Test the padding extension at TLS 1.2.
       !TestPaddingExtension(TLS1_2_VERSION, TLS1_2_VERSION) ||
       // Test the padding extension at TLS 1.3 with a TLS 1.2 session, so there
@@ -3569,7 +3470,6 @@
       // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
       // will be a PSK binder after the padding extension.
       !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION) ||
-      !TestInternalSessionCache() ||
       !ForEachVersion(TestSequenceNumber) ||
       !ForEachVersion(TestOneSidedShutdown) ||
       !ForEachVersion(TestGetPeerCertificate) ||

diff --git a/src/ssl/t1_lib.c b/src/ssl/t1_lib.c
index c2a5dde..000a8cd 100644
--- a/src/ssl/t1_lib.c
+++ b/src/ssl/t1_lib.c

@@ -3328,24 +3328,31 @@
   return 1;
 }
 
+int tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey) {
+  switch (EVP_PKEY_id(pkey)) {
+    case EVP_PKEY_RSA:
+      *out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
+      return 1;
+    case EVP_PKEY_EC:
+      *out = SSL_SIGN_ECDSA_SHA1;
+      return 1;
+    default:
+      return 0;
+  }
+}
+
 int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
   SSL *const ssl = hs->ssl;
   CERT *cert = ssl->cert;
 
   /* Before TLS 1.2, the signature algorithm isn't negotiated as part of the
-   * handshake. It is fixed at MD5-SHA1 for RSA and SHA1 for ECDSA. */
+   * handshake. */
   if (ssl3_protocol_version(ssl) < TLS1_2_VERSION) {
-    switch (EVP_PKEY_id(hs->local_pubkey)) {
-      case EVP_PKEY_RSA:
-        *out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
-        return 1;
-      case EVP_PKEY_EC:
-        *out = SSL_SIGN_ECDSA_SHA1;
-        return 1;
-      default:
-        OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
-        return 0;
+    if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey)) {
+      OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
+      return 0;
     }
+    return 1;
   }
 
   const uint16_t *sigalgs = cert->sigalgs;

diff --git a/src/ssl/test/runner/cipher_suites.go b/src/ssl/test/runner/cipher_suites.go
index 3b2298e..2490bee 100644
--- a/src/ssl/test/runner/cipher_suites.go
+++ b/src/ssl/test/runner/cipher_suites.go

@@ -122,12 +122,6 @@
 	{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 32, 48, ivLenAES, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, cipherAES, macSHA384, nil},
 	{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, ivLenAES, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
 	{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, ivLenAES, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil},
-	{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, ivLenAESGCM, dheRSAKA, suiteTLS12 | suiteDHE, nil, nil, aeadAESGCM},
-	{TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, ivLenAESGCM, dheRSAKA, suiteTLS12 | suiteSHA384 | suiteDHE, nil, nil, aeadAESGCM},
-	{TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, ivLenAES, dheRSAKA, suiteTLS12 | suiteDHE, cipherAES, macSHA256, nil},
-	{TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 32, 32, ivLenAES, dheRSAKA, suiteTLS12 | suiteDHE, cipherAES, macSHA256, nil},
-	{TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, ivLenAES, dheRSAKA, suiteDHE, cipherAES, macSHA1, nil},
-	{TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, ivLenAES, dheRSAKA, suiteDHE, cipherAES, macSHA1, nil},
 	{TLS_RSA_WITH_AES_128_GCM_SHA256, 16, 0, ivLenAESGCM, rsaKA, suiteTLS12, nil, nil, aeadAESGCM},
 	{TLS_RSA_WITH_AES_256_GCM_SHA384, 32, 0, ivLenAESGCM, rsaKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
 	{TLS_RSA_WITH_RC4_128_SHA, 16, 20, noIV, rsaKA, suiteNoDTLS, cipherRC4, macSHA1, nil},
@@ -137,7 +131,6 @@
 	{TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, ivLenAES, rsaKA, 0, cipherAES, macSHA1, nil},
 	{TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, ivLenAES, rsaKA, 0, cipherAES, macSHA1, nil},
 	{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, ivLen3DES, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil},
-	{TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, ivLen3DES, dheRSAKA, suiteDHE, cipher3DES, macSHA1, nil},
 	{TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, ivLen3DES, rsaKA, 0, cipher3DES, macSHA1, nil},
 	{TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 32, 0, ivLenChaCha20Poly1305, ecdhePSKKA, suiteECDHE | suitePSK | suiteTLS12, nil, nil, aeadCHACHA20POLY1305},
 	{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 16, 20, ivLenAES, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil},
@@ -419,15 +412,6 @@
 	}
 }
 
-func dheRSAKA(version uint16) keyAgreement {
-	return &dheKeyAgreement{
-		auth: &signedKeyAgreement{
-			keyType: keyTypeRSA,
-			version: version,
-		},
-	}
-}
-
 func pskKA(version uint16) keyAgreement {
 	return &pskKeyAgreement{
 		base: &nilKeyAgreement{},
@@ -469,22 +453,15 @@
 	TLS_RSA_WITH_RC4_128_MD5                      uint16 = 0x0004
 	TLS_RSA_WITH_RC4_128_SHA                      uint16 = 0x0005
 	TLS_RSA_WITH_3DES_EDE_CBC_SHA                 uint16 = 0x000a
-	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA             uint16 = 0x0016
 	TLS_RSA_WITH_AES_128_CBC_SHA                  uint16 = 0x002f
-	TLS_DHE_RSA_WITH_AES_128_CBC_SHA              uint16 = 0x0033
 	TLS_RSA_WITH_AES_256_CBC_SHA                  uint16 = 0x0035
-	TLS_DHE_RSA_WITH_AES_256_CBC_SHA              uint16 = 0x0039
 	TLS_RSA_WITH_AES_128_CBC_SHA256               uint16 = 0x003c
 	TLS_RSA_WITH_AES_256_CBC_SHA256               uint16 = 0x003d
-	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256           uint16 = 0x0067
-	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256           uint16 = 0x006b
 	TLS_PSK_WITH_RC4_128_SHA                      uint16 = 0x008a
 	TLS_PSK_WITH_AES_128_CBC_SHA                  uint16 = 0x008c
 	TLS_PSK_WITH_AES_256_CBC_SHA                  uint16 = 0x008d
 	TLS_RSA_WITH_AES_128_GCM_SHA256               uint16 = 0x009c
 	TLS_RSA_WITH_AES_256_GCM_SHA384               uint16 = 0x009d
-	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256           uint16 = 0x009e
-	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384           uint16 = 0x009f
 	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA              uint16 = 0xc007
 	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA          uint16 = 0xc009
 	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA          uint16 = 0xc00a

diff --git a/src/ssl/test/runner/common.go b/src/ssl/test/runner/common.go
index 0f54800..052f879 100644
--- a/src/ssl/test/runner/common.go
+++ b/src/ssl/test/runner/common.go

@@ -879,10 +879,6 @@
 	// BadFinished, if true, causes the Finished hash to be broken.
 	BadFinished bool
 
-	// DHGroupPrime, if not nil, is used to define the (finite field)
-	// Diffie-Hellman group. The generator used is always two.
-	DHGroupPrime *big.Int
-
 	// PackHandshakeFragments, if true, causes handshake fragments in DTLS
 	// to be packed into individual handshake records, up to the specified
 	// record size.
@@ -1005,11 +1001,6 @@
 	// message. This only makes sense for a server.
 	SendHelloRequestBeforeEveryHandshakeMessage bool
 
-	// RequireDHPublicValueLen causes a fatal error if the length (in
-	// bytes) of the server's Diffie-Hellman public value is not equal to
-	// this.
-	RequireDHPublicValueLen int
-
 	// BadChangeCipherSpec, if not nil, is the body to be sent in
 	// ChangeCipherSpec records instead of {1}.
 	BadChangeCipherSpec []byte

diff --git a/src/ssl/test/runner/key_agreement.go b/src/ssl/test/runner/key_agreement.go
index 3936d88..e33557b 100644
--- a/src/ssl/test/runner/key_agreement.go
+++ b/src/ssl/test/runner/key_agreement.go

@@ -7,7 +7,6 @@
 import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
-	"crypto/rand"
 	"crypto/rsa"
 	"crypto/subtle"
 	"crypto/x509"
@@ -545,147 +544,6 @@
 	return 0
 }
 
-// dheRSAKeyAgreement implements a TLS key agreement where the server generates
-// an ephemeral Diffie-Hellman public/private key pair and signs it. The
-// pre-master secret is then calculated using Diffie-Hellman.
-type dheKeyAgreement struct {
-	auth    keyAgreementAuthentication
-	p, g    *big.Int
-	yTheirs *big.Int
-	xOurs   *big.Int
-}
-
-func (ka *dheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
-	var q *big.Int
-	if p := config.Bugs.DHGroupPrime; p != nil {
-		ka.p = p
-		ka.g = big.NewInt(2)
-		q = p
-	} else {
-		// 2048-bit MODP Group with 256-bit Prime Order Subgroup (RFC
-		// 5114, Section 2.3)
-		ka.p, _ = new(big.Int).SetString("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597", 16)
-		ka.g, _ = new(big.Int).SetString("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659", 16)
-		q, _ = new(big.Int).SetString("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3", 16)
-	}
-
-	var err error
-	ka.xOurs, err = rand.Int(config.rand(), q)
-	if err != nil {
-		return nil, err
-	}
-	yOurs := new(big.Int).Exp(ka.g, ka.xOurs, ka.p)
-
-	// http://tools.ietf.org/html/rfc5246#section-7.4.3
-	pBytes := ka.p.Bytes()
-	gBytes := ka.g.Bytes()
-	yBytes := yOurs.Bytes()
-	serverDHParams := make([]byte, 0, 2+len(pBytes)+2+len(gBytes)+2+len(yBytes))
-	serverDHParams = append(serverDHParams, byte(len(pBytes)>>8), byte(len(pBytes)))
-	serverDHParams = append(serverDHParams, pBytes...)
-	serverDHParams = append(serverDHParams, byte(len(gBytes)>>8), byte(len(gBytes)))
-	serverDHParams = append(serverDHParams, gBytes...)
-	serverDHParams = append(serverDHParams, byte(len(yBytes)>>8), byte(len(yBytes)))
-	serverDHParams = append(serverDHParams, yBytes...)
-
-	return ka.auth.signParameters(config, cert, clientHello, hello, serverDHParams)
-}
-
-func (ka *dheKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) {
-	if len(ckx.ciphertext) < 2 {
-		return nil, errClientKeyExchange
-	}
-	yLen := (int(ckx.ciphertext[0]) << 8) | int(ckx.ciphertext[1])
-	if yLen != len(ckx.ciphertext)-2 {
-		return nil, errClientKeyExchange
-	}
-	yTheirs := new(big.Int).SetBytes(ckx.ciphertext[2:])
-	if yTheirs.Sign() <= 0 || yTheirs.Cmp(ka.p) >= 0 {
-		return nil, errClientKeyExchange
-	}
-	return new(big.Int).Exp(yTheirs, ka.xOurs, ka.p).Bytes(), nil
-}
-
-func (ka *dheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error {
-	// Read dh_p
-	k := skx.key
-	if len(k) < 2 {
-		return errServerKeyExchange
-	}
-	pLen := (int(k[0]) << 8) | int(k[1])
-	k = k[2:]
-	if len(k) < pLen {
-		return errServerKeyExchange
-	}
-	ka.p = new(big.Int).SetBytes(k[:pLen])
-	k = k[pLen:]
-
-	// Read dh_g
-	if len(k) < 2 {
-		return errServerKeyExchange
-	}
-	gLen := (int(k[0]) << 8) | int(k[1])
-	k = k[2:]
-	if len(k) < gLen {
-		return errServerKeyExchange
-	}
-	ka.g = new(big.Int).SetBytes(k[:gLen])
-	k = k[gLen:]
-
-	// Read dh_Ys
-	if len(k) < 2 {
-		return errServerKeyExchange
-	}
-	yLen := (int(k[0]) << 8) | int(k[1])
-	k = k[2:]
-	if len(k) < yLen {
-		return errServerKeyExchange
-	}
-	ka.yTheirs = new(big.Int).SetBytes(k[:yLen])
-	k = k[yLen:]
-	if ka.yTheirs.Sign() <= 0 || ka.yTheirs.Cmp(ka.p) >= 0 {
-		return errServerKeyExchange
-	}
-
-	if l := config.Bugs.RequireDHPublicValueLen; l != 0 && l != yLen {
-		return fmt.Errorf("RequireDHPublicValueLen set to %d, but server's public value was %d bytes on the wire and %d bytes if minimal", l, yLen, (ka.yTheirs.BitLen()+7)/8)
-	}
-
-	sig := k
-	serverDHParams := skx.key[:len(skx.key)-len(sig)]
-
-	return ka.auth.verifyParameters(config, clientHello, serverHello, cert, serverDHParams, sig)
-}
-
-func (ka *dheKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) {
-	if ka.p == nil || ka.g == nil || ka.yTheirs == nil {
-		return nil, nil, errors.New("missing ServerKeyExchange message")
-	}
-
-	xOurs, err := rand.Int(config.rand(), ka.p)
-	if err != nil {
-		return nil, nil, err
-	}
-	preMasterSecret := new(big.Int).Exp(ka.yTheirs, xOurs, ka.p).Bytes()
-
-	yOurs := new(big.Int).Exp(ka.g, xOurs, ka.p)
-	yBytes := yOurs.Bytes()
-	ckx := new(clientKeyExchangeMsg)
-	ckx.ciphertext = make([]byte, 2+len(yBytes))
-	ckx.ciphertext[0] = byte(len(yBytes) >> 8)
-	ckx.ciphertext[1] = byte(len(yBytes))
-	copy(ckx.ciphertext[2:], yBytes)
-
-	return preMasterSecret, ckx, nil
-}
-
-func (ka *dheKeyAgreement) peerSignatureAlgorithm() signatureAlgorithm {
-	if auth, ok := ka.auth.(*signedKeyAgreement); ok {
-		return auth.peerSignatureAlgorithm
-	}
-	return 0
-}
-
 // nilKeyAgreement is a fake key agreement used to implement the plain PSK key
 // exchange.
 type nilKeyAgreement struct{}

diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go
index 378ac57..55e22b6 100644
--- a/src/ssl/test/runner/runner.go
+++ b/src/ssl/test/runner/runner.go

@@ -1106,10 +1106,7 @@
 	}
 
 	if len(extraStderr) > 0 || (!failed && len(stderr) > 0) {
-		lines := strings.Split(stderr, "\n")
-		if len(lines) != 2 || lines[1] != "" || !strings.Contains(lines[0], "The kernel entropy pool contains too few bits") {
-			return fmt.Errorf("unexpected error output:\n%s\n%s", stderr, extraStderr)
-		}
+		return fmt.Errorf("unexpected error output:\n%s\n%s", stderr, extraStderr)
 	}
 
 	if *useValgrind && isValgrindError {
@@ -3644,8 +3641,7 @@
 				MaxVersion: VersionTLS13,
 				MinVersion: VersionTLS13,
 				Bugs: ProtocolBugs{
-					SendEarlyData:           [][]byte{bytes.Repeat([]byte{1},
-					                                               14336 + 1)},
+					SendEarlyData:           [][]byte{bytes.Repeat([]byte{1}, 14336+1)},
 					ExpectEarlyDataAccepted: true,
 				},
 			},
commit	2424d84dd6dbdc0d32a4c80e6810d168f722ce0b	[log] [tgz]
author	Robert Sloan <varomodt@google.com>	Mon May 01 07:46:28 2017 -0700
committer	Robert Sloan <varomodt@google.com>	Mon May 01 07:46:37 2017 -0700
tree	8727f96cb5c16125aa208b34cea46fe26473dcb1
parent	9254e681d446a8105bd66f08bae1252d4d89a139 [diff]