Test the exporter at all versions + ciphers + side.
The Go side (thankfully not the C side) was not fully updated for the
exporter secret derivation being earlier at some point. Also TLS 1.2
upgrades the PRF hash for pre-1.2 ciphers to SHA-256, so make sure we
cover that.
Change-Id: Ibdf50ef500e7e48a52799ac75577822bc304a613
Reviewed-on: https://boringssl-review.googlesource.com/13663
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 74a5a43..dd18ce8 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2553,6 +2553,13 @@
sendCipherSuite = suite.id
}
+ // For cipher suites and versions where exporters are defined, verify
+ // that they interoperate.
+ var exportKeyingMaterial int
+ if ver.version > VersionSSL30 {
+ exportKeyingMaterial = 1024
+ }
+
testCases = append(testCases, testCase{
testType: serverTest,
protocol: protocol,
@@ -2568,12 +2575,13 @@
AdvertiseAllConfiguredCiphers: true,
},
},
- certFile: certFile,
- keyFile: keyFile,
- flags: flags,
- resumeSession: true,
- shouldFail: shouldServerFail,
- expectedError: expectedServerError,
+ certFile: certFile,
+ keyFile: keyFile,
+ flags: flags,
+ resumeSession: true,
+ shouldFail: shouldServerFail,
+ expectedError: expectedServerError,
+ exportKeyingMaterial: exportKeyingMaterial,
})
testCases = append(testCases, testCase{
@@ -2592,10 +2600,11 @@
SendCipherSuite: sendCipherSuite,
},
},
- flags: flags,
- resumeSession: true,
- shouldFail: shouldClientFail,
- expectedError: expectedClientError,
+ flags: flags,
+ resumeSession: true,
+ shouldFail: shouldClientFail,
+ expectedError: expectedClientError,
+ exportKeyingMaterial: exportKeyingMaterial,
})
if shouldClientFail {