diff --git a/external_tests/ssl_gtest/ssl_loopback_unittest.cc b/external_tests/ssl_gtest/ssl_loopback_unittest.cc
--- a/external_tests/ssl_gtest/ssl_loopback_unittest.cc
+++ b/external_tests/ssl_gtest/ssl_loopback_unittest.cc
@@ -516,134 +516,16 @@ TEST_P(TlsConnectStream, ShortRead) {
// Read the first tranche.
WAIT_(client_->received_bytes() == 1024, 2000);
ASSERT_EQ(1024U, client_->received_bytes());
// The second tranche should now immediately be available.
client_->ReadBytes();
ASSERT_EQ(1200U, client_->received_bytes());
}
-TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecret) {
- EnableExtendedMasterSecret();
- Connect();
- ResetRsa();
- ExpectResumption(RESUME_SESSIONID);
- EnableExtendedMasterSecret();
- Connect();
-}
-
-
-TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretStaticRSA) {
- DisableDheAndEcdheCiphers();
- EnableExtendedMasterSecret();
- Connect();
-}
-
-// This test is stream so we can catch the bad_record_mac alert.
-TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusCKE) {
- DisableDheAndEcdheCiphers();
- EnableExtendedMasterSecret();
- TlsInspectorReplaceHandshakeMessage* inspect =
- new TlsInspectorReplaceHandshakeMessage(kTlsHandshakeClientKeyExchange,
- DataBuffer(
- kBogusClientKeyExchange,
- sizeof(kBogusClientKeyExchange)));
- client_->SetPacketFilter(inspect);
- auto alert_recorder = new TlsAlertRecorder();
- server_->SetPacketFilter(alert_recorder);
- ConnectExpectFail();
- EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
- EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
-}
-
-// This test is stream so we can catch the bad_record_mac alert.
-TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusPMSVersionDetect) {
- DisableDheAndEcdheCiphers();
- EnableExtendedMasterSecret();
- client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger(
- server_));
- auto alert_recorder = new TlsAlertRecorder();
- server_->SetPacketFilter(alert_recorder);
- ConnectExpectFail();
- EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
- EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
-}
-
-TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusPMSVersionIgnore) {
- DisableDheAndEcdheCiphers();
- EnableExtendedMasterSecret();
- client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger(
- server_));
- server_->DisableRollbackDetection();
- Connect();
-}
-
-TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretECDHE) {
- EnableExtendedMasterSecret();
- Connect();
-
- ResetRsa();
- EnableExtendedMasterSecret();
- ExpectResumption(RESUME_SESSIONID);
- Connect();
-}
-
-TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretTicket) {
- ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
- EnableExtendedMasterSecret();
- Connect();
-
- ResetRsa();
- ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-
- EnableExtendedMasterSecret();
- ExpectResumption(RESUME_TICKET);
- Connect();
-}
-
-TEST_P(TlsConnectGeneric,
- ConnectExtendedMasterSecretClientOnly) {
- client_->EnableExtendedMasterSecret();
- ExpectExtendedMasterSecret(false);
- Connect();
-}
-
-TEST_P(TlsConnectGeneric,
- ConnectExtendedMasterSecretServerOnly) {
- server_->EnableExtendedMasterSecret();
- ExpectExtendedMasterSecret(false);
- Connect();
-}
-
-TEST_P(TlsConnectGeneric,
- ConnectExtendedMasterSecretResumeWithout) {
- EnableExtendedMasterSecret();
- Connect();
-
- ResetRsa();
- server_->EnableExtendedMasterSecret();
- auto alert_recorder = new TlsAlertRecorder();
- server_->SetPacketFilter(alert_recorder);
- ConnectExpectFail();
- EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
- EXPECT_EQ(kTlsAlertHandshakeFailure, alert_recorder->description());
-}
-
-TEST_P(TlsConnectGeneric,
- ConnectNormalResumeWithExtendedMasterSecret) {
- ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
- ExpectExtendedMasterSecret(false);
- Connect();
-
- ResetRsa();
- EnableExtendedMasterSecret();
- ExpectResumption(RESUME_NONE);
- Connect();
-}
-
INSTANTIATE_TEST_CASE_P(VariantsStream10, TlsConnectGeneric,
::testing::Combine(
TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsV10));
INSTANTIATE_TEST_CASE_P(VariantsAll, TlsConnectGeneric,
::testing::Combine(
TlsConnectTestBase::kTlsModesAll,
TlsConnectTestBase::kTlsV11V12));
diff --git a/external_tests/ssl_gtest/ssl_prf_unittest.cc b/external_tests/ssl_gtest/ssl_prf_unittest.cc
--- a/external_tests/ssl_gtest/ssl_prf_unittest.cc
+++ b/external_tests/ssl_gtest/ssl_prf_unittest.cc
@@ -201,53 +201,9 @@ TEST_F(TlsPrfTest, ExtendedMsParamErr) {
CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0);
// CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH
CheckForError(CKM_TLS_PRF, kIncorrectSize, kPmsSize, 0);
// !CKM_TLS_PRF && seed length != hash output length
CheckForError(CKM_SHA256, kIncorrectSize, kPmsSize, 0);
}
-
-// Test matrix:
-//
-// DH RSA
-// TLS_PRF 1 2
-// SHA256 3 4
-TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) {
- Init();
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
- CKM_TLS_PRF,
- nullptr,
- kExpectedOutputEmsTlsPrf);
-}
-
-TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) {
- Init();
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
- CKM_TLS_PRF,
- &pms_version_,
- kExpectedOutputEmsTlsPrf);
- EXPECT_EQ(0, pms_version_.major);
- EXPECT_EQ(1, pms_version_.minor);
-}
-
-
-TEST_F(TlsPrfTest, ExtendedMsDhSha256) {
- Init();
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
- CKM_SHA256,
- nullptr,
- kExpectedOutputEmsSha256);
-}
-
-TEST_F(TlsPrfTest, ExtendedMsRsaSha256) {
- Init();
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
- CKM_SHA256,
- &pms_version_,
- kExpectedOutputEmsSha256);
- EXPECT_EQ(0, pms_version_.major);
- EXPECT_EQ(1, pms_version_.minor);
-}
-
} // namespace nss_test
-