google / openssl-tests Goto Github PK
View Code? Open in Web Editor NEWRunning BoringSSL tests against OpenSSL
License: Apache License 2.0
Running BoringSSL tests against OpenSSL
License: Apache License 2.0
Right now we have a large diff on bssl_shim
and a small diff on runner.go
. It'd be nice to avoid rebasing being a hassle. Filing this so we have a place to figure out ideas.
I think ideally we'd get rid of the runner.go
diff. For the shim, I think we want to move to this repo containing a fork of bssl_shim
rather than patches. It seems the diff is large enough that patches aren't quite reasonable? However, the churn might make that unrealistic. Not sure. There are probably changes to be made to cut down on churn in the shim.
Some ideas:
CheckHandshakeProperties
logic out of the shim. The shim perhaps has an extra channel to the runner and spits out some kind of (key, value) list. Then the Go code can assert on all that.expectedError
checks. We could either have a config file mapping to OpenSSL strings or perhaps we add the right expectedLocalError
(runner-side) and explore what value expectedError
(shim-side) gives us that expectedLocalError
can't.-write-different-record-sizes
, -shim-writes-first
, -shim-shuts-down
. Those have always bugged me a little. It would be good if ossl_shim
needn't update every time we need a new read/write pattern. Maybe there should be some "control" channel to the shim so we can just tell the shim "please read 5 bytes now and tell me what you think you got", "please write this data now", "please shutdown now", etc. That could be the same channel as the (key, value) results list, perhaps.@ekasper @mattcaswell, what are your thoughts? Most of this would involve changes in BoringSSL, but I'm open to changing the BoringSSL copy where helpful. (Assuming, of course, they don't get in the way of satisfying our own testing needs. But most of these changes seem like general cleanliness improvements anyway. Test suppressions and stuff aren't as useful for us, but shouldn't be too burdensome.)
There are a bunch of DTLS retransmit tests that currently don't work. They depend on SSL_CTX_set_current_time_cb
which is a BoringSSL-only API to mock out the clock used in retransmit.
Might be worth getting those working since 1.1.0 rewrote a lot of stuff around the handshake, to make sure that's all still working as expected.
https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_CTX_set_current_time_cb
https://boringssl.googlesource.com/boringssl/+/master/ssl/test/runner/runner.go#4765
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.