rpms / nss

Clone
Source Code
GIT

Blame SOURCES/nss-disable-chacha20-gtests.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   d47c419d8cf4e25de8655262e0b919c3ff6db9cb
  2.   SOURCES
  3.   nss-disable-chacha20-gtests.patch
Blob History Raw
5f1c2b 
diff -up nss/gtests/pk11_gtest/manifest.mn.disable-chacha20 nss/gtests/pk11_gtest/manifest.mn
5f1c2b 
--- nss/gtests/pk11_gtest/manifest.mn.disable-chacha20	2017-01-30 02:06:08.000000000 +0100
5f1c2b 
+++ nss/gtests/pk11_gtest/manifest.mn	2017-02-17 11:40:26.749019359 +0100
5f1c2b 
@@ -8,7 +8,6 @@ MODULE = nss
5f1c2b
5f1c2b 
 CPPSRCS = \
5f1c2b 
       pk11_aeskeywrap_unittest.cc \
5f1c2b 
-      pk11_chacha20poly1305_unittest.cc \
5f1c2b 
       pk11_export_unittest.cc \
5f1c2b 
       pk11_pbkdf2_unittest.cc \
5f1c2b 
       pk11_prf_unittest.cc \
5f1c2b 
diff -up nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc.disable-chacha20 nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
5f1c2b 
--- nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc.disable-chacha20	2017-01-30 02:06:08.000000000 +0100
5f1c2b 
+++ nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc	2017-02-17 11:40:26.749019359 +0100
5f1c2b 
@@ -326,10 +326,7 @@ INSTANTIATE_CIPHER_TEST_P(AEAD, All, V12
5f1c2b 
                           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
5f1c2b 
                           TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
5f1c2b 
                           TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
5f1c2b 
-                          TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
5f1c2b 
-                          TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
5f1c2b 
-                          TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
5f1c2b 
-                          TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
5f1c2b 
+                          TLS_DHE_RSA_WITH_AES_256_GCM_SHA384);
5f1c2b 
 INSTANTIATE_CIPHER_TEST_P(
5f1c2b 
     CBC12, All, V12, kDummyNamedGroupParams, kDummySignatureSchemesParams,
5f1c2b 
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,
5f1c2b 
@@ -361,7 +358,7 @@ INSTANTIATE_CIPHER_TEST_P(
5f1c2b 
 INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
5f1c2b 
                           ::testing::ValuesIn(kFasterDHEGroups),
5f1c2b 
                           ::testing::ValuesIn(kSignatureSchemesParamsArr),
5f1c2b 
-                          TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
5f1c2b 
+                          TLS_AES_128_GCM_SHA256,
5f1c2b 
                           TLS_AES_256_GCM_SHA384);
5f1c2b 
 INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
5f1c2b 
                           ::testing::ValuesIn(kAllDHEGroups),
5f1c2b 
@@ -446,9 +443,7 @@ static const SecStatusParams kSecStatusT
5f1c2b 
     {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_128_GCM_SHA256,
5f1c2b 
      "AES-128-GCM", 128},
5f1c2b 
     {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_256_GCM_SHA384,
5f1c2b 
-     "AES-256-GCM", 256},
5f1c2b 
-    {SSL_LIBRARY_VERSION_TLS_1_2, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
5f1c2b 
-     "ChaCha20-Poly1305", 256}};
5f1c2b 
+     "AES-256-GCM", 256}};
5f1c2b 
 INSTANTIATE_TEST_CASE_P(TestSecurityStatus, SecurityStatusTest,
5f1c2b 
                         ::testing::ValuesIn(kSecStatusTestValuesArr));
5f1c2b
5f1c2b 
diff -up nss/gtests/ssl_gtest/ssl_drop_unittest.cc.disable-chacha20 nss/gtests/ssl_gtest/ssl_drop_unittest.cc
5f1c2b 
--- nss/gtests/ssl_gtest/ssl_drop_unittest.cc.disable-chacha20	2017-01-30 02:06:08.000000000 +0100
5f1c2b 
+++ nss/gtests/ssl_gtest/ssl_drop_unittest.cc	2017-02-17 11:41:03.656247032 +0100
5f1c2b 
@@ -65,69 +65,4 @@ TEST_P(TlsConnectDatagram, DropServerSec
5f1c2b 
   Connect();
5f1c2b 
 }
5f1c2b
5f1c2b 
-static void GetCipherAndLimit(uint16_t version, uint16_t* cipher,
5f1c2b 
-                              uint64_t* limit = nullptr) {
5f1c2b 
-  uint64_t l;
5f1c2b 
-  if (!limit) limit = &l;
5f1c2b 
-
5f1c2b 
-  if (version < SSL_LIBRARY_VERSION_TLS_1_2) {
5f1c2b 
-    *cipher = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
5f1c2b 
-    *limit = 0x5aULL << 28;
5f1c2b 
-  } else if (version == SSL_LIBRARY_VERSION_TLS_1_2) {
5f1c2b 
-    *cipher = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
5f1c2b 
-    *limit = (1ULL << 48) - 1;
5f1c2b 
-  } else {
5f1c2b 
-    *cipher = TLS_CHACHA20_POLY1305_SHA256;
5f1c2b 
-    *limit = (1ULL << 48) - 1;
5f1c2b 
-  }
5f1c2b 
-}
5f1c2b 
-
5f1c2b 
-// This simulates a huge number of drops on one side.
5f1c2b 
-TEST_P(TlsConnectDatagram, MissLotsOfPackets) {
5f1c2b 
-  uint16_t cipher;
5f1c2b 
-  uint64_t limit;
5f1c2b 
-
5f1c2b 
-  GetCipherAndLimit(version_, &cipher, &limit);
5f1c2b 
-
5f1c2b 
-  EnsureTlsSetup();
5f1c2b 
-  server_->EnableSingleCipher(cipher);
5f1c2b 
-  Connect();
5f1c2b 
-
5f1c2b 
-  // Note that the limit for ChaCha is 2^48-1.
5f1c2b 
-  EXPECT_EQ(SECSuccess,
5f1c2b 
-            SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), limit - 10));
5f1c2b 
-  SendReceive();
5f1c2b 
-}
5f1c2b 
-
5f1c2b 
-class TlsConnectDatagram12Plus : public TlsConnectDatagram {
5f1c2b 
- public:
5f1c2b 
-  TlsConnectDatagram12Plus() : TlsConnectDatagram() {}
5f1c2b 
-};
5f1c2b 
-
5f1c2b 
-// This simulates missing a window's worth of packets.
5f1c2b 
-TEST_P(TlsConnectDatagram12Plus, MissAWindow) {
5f1c2b 
-  EnsureTlsSetup();
5f1c2b 
-  uint16_t cipher;
5f1c2b 
-  GetCipherAndLimit(version_, &cipher);
5f1c2b 
-  server_->EnableSingleCipher(cipher);
5f1c2b 
-  Connect();
5f1c2b 
-
5f1c2b 
-  EXPECT_EQ(SECSuccess, SSLInt_AdvanceWriteSeqByAWindow(client_->ssl_fd(), 0));
5f1c2b 
-  SendReceive();
5f1c2b 
-}
5f1c2b 
-
5f1c2b 
-TEST_P(TlsConnectDatagram12Plus, MissAWindowAndOne) {
5f1c2b 
-  EnsureTlsSetup();
5f1c2b 
-  uint16_t cipher;
5f1c2b 
-  GetCipherAndLimit(version_, &cipher);
5f1c2b 
-  server_->EnableSingleCipher(cipher);
5f1c2b 
-  Connect();
5f1c2b 
-
5f1c2b 
-  EXPECT_EQ(SECSuccess, SSLInt_AdvanceWriteSeqByAWindow(client_->ssl_fd(), 1));
5f1c2b 
-  SendReceive();
5f1c2b 
-}
5f1c2b 
-
5f1c2b 
-INSTANTIATE_TEST_CASE_P(Datagram12Plus, TlsConnectDatagram12Plus,
5f1c2b 
-                        TlsConnectTestBase::kTlsV12Plus);
5f1c2b 
-
5f1c2b 
 }  // namespace nss_test
5f1c2b 
diff -up nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc.disable-chacha20 nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
5f1c2b 
--- nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc.disable-chacha20	2017-02-17 11:40:26.747019401 +0100
5f1c2b 
+++ nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc	2017-02-17 11:40:26.749019359 +0100
5f1c2b 
@@ -50,17 +50,6 @@ TEST_P(TlsConnectGeneric, ConnectEcdhe)
5f1c2b 
   CheckKeys();
5f1c2b 
 }
5f1c2b
5f1c2b 
-// If we pick a 256-bit cipher suite and use a P-384 certificate, the server
5f1c2b 
-// should choose P-384 for key exchange too.  Only valid for TLS == 1.2 because
5f1c2b 
-// we don't have 256-bit ciphers before then and 1.3 doesn't try to couple
5f1c2b 
-// DHE size to symmetric size.
5f1c2b 
-TEST_P(TlsConnectTls12, ConnectEcdheP384) {
5f1c2b 
-  Reset(TlsAgent::kServerEcdsa384);
5f1c2b 
-  ConnectWithCipherSuite(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
5f1c2b 
-  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_ecdsa,
5f1c2b 
-            ssl_sig_ecdsa_secp256r1_sha256);
5f1c2b 
-}
5f1c2b 
-
5f1c2b 
 TEST_P(TlsConnectGeneric, ConnectEcdheP384Client) {
5f1c2b 
   EnsureTlsSetup();
5f1c2b 
   const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1,

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation