[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Nov 4 10:45:31 UTC 2016
The branch master has been updated
via a1ca39c02c5507536ee586e787f12f9ea3ea908b (commit)
via e8585479a1541a722c5399ed53749cf3b0915e64 (commit)
via 92ab7db6f8dabd9f071a8c70c65f85e4fbbfd375 (commit)
via bc708af4b0148c23f5f76b549ccb3c996bfd11aa (commit)
via b289bff830b081ce38437036766cea9a0d92d093 (commit)
via 1669b7b58724c800971b817cd7c7400ce6eae547 (commit)
via 1c8235c9b3e328d4c8637fd51b1f45adfa6ee446 (commit)
via fc237de7ff4886c0d58300051ea4325e10b6943f (commit)
via 0abcaddfcbe643e4f57c873e3b890d785bcb7357 (commit)
via aedf33aed53a414a0935d578da1817d8cbaa11ad (commit)
via 06e452fbc166339aa28280f4f6f2ba3e958cfbd6 (commit)
via 8beda2c12dc58389dd3c036b0858e15b010567da (commit)
via 5b2d35c34407c6f40c8e544f86ab4f50c779518c (commit)
via 2fd0dfd9f69468b8276b0cd3a292a9b1aa24fef9 (commit)
via da88e88a79b4e283328bb09f60b6e0099ae939e9 (commit)
via d664ff498cad7b40fe330ce91f211b327e2e3090 (commit)
via 5227337a7c340eeeebaced1230e8dfaa7a8ec7db (commit)
via a60150e9abe3bf67a889d9b0e1fe90f3d2b91123 (commit)
via 4d040e283e3ed611a0a7864ed3198fc01fb340a6 (commit)
via 9e663b13714f36a2069cfddf493a5d27985e26a0 (commit)
via d5df08afb43d66c26a512093c22a70d3a079dc3f (commit)
via ce2596d404c16266b6bd5614b2d5159b67054d58 (commit)
via cfa76979867a2401d435cafe66e05c4234785480 (commit)
via 50b014e4c62cb9315de949e0e84b1628142d1401 (commit)
via 694cfa1f49797ffdaf55817caefa2dc31043511a (commit)
via 7b73b7beda88501b9d6e062a5dbf9a72f791dfda (commit)
via 8c6c5077b211ea73223c950edff98f0891853dc8 (commit)
via eef977aa0e6c6614bc99bd8357bc4afba91737f7 (commit)
from 62dd3351a16089aedb0f1e62e3b6df371c93389c (commit)
- Log -----------------------------------------------------------------
commit a1ca39c02c5507536ee586e787f12f9ea3ea908b
Author: Matt Caswell <matt at openssl.org>
Date: Fri Oct 28 10:09:29 2016 +0100
Remove an unused field in ossl_shim
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit e8585479a1541a722c5399ed53749cf3b0915e64
Author: Matt Caswell <matt at openssl.org>
Date: Fri Oct 28 10:07:44 2016 +0100
Add a wildcard exception for TLS13 tests
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 92ab7db6f8dabd9f071a8c70c65f85e4fbbfd375
Author: Matt Caswell <matt at openssl.org>
Date: Fri Oct 28 09:57:16 2016 +0100
Swap header copyrights to standard OpenSSL
As per permission from Google (Emilia).
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit bc708af4b0148c23f5f76b549ccb3c996bfd11aa
Author: Matt Caswell <matt at openssl.org>
Date: Tue Oct 25 22:13:17 2016 +0100
Add missing bn.h include
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit b289bff830b081ce38437036766cea9a0d92d093
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 19 12:59:26 2016 +0100
Update the BoringSSL suppressions file based on the latest shim
The updated shim has the ability to skip tests using unimplemented flags.
This should reduce the number of test failures.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 1669b7b58724c800971b817cd7c7400ce6eae547
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 19 11:37:17 2016 +0100
Rename BoringSSL style OPENSSL_WINDOWS to OPENSSL_SYS_WINDOWS
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 1c8235c9b3e328d4c8637fd51b1f45adfa6ee446
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 19 11:35:55 2016 +0100
Fix a code inconsistency
Move from two ifs to a single one with an &&
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit fc237de7ff4886c0d58300051ea4325e10b6943f
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 19 11:33:59 2016 +0100
Remove some #if 0'd out code
It was only a sanity check anyway, so isn't needed
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 0abcaddfcbe643e4f57c873e3b890d785bcb7357
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 19 11:33:06 2016 +0100
Removed scoped_types.h
It is no longer used (replaced with bssl:UniquePtr)
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit aedf33aed53a414a0935d578da1817d8cbaa11ad
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 19 11:22:07 2016 +0100
Remove some flags that are unused in the shim
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 06e452fbc166339aa28280f4f6f2ba3e958cfbd6
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 19 11:21:25 2016 +0100
Use the -allow-unimplemented feature of the BoringSSL runner
That way we can remove flags that we don't support
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 8beda2c12dc58389dd3c036b0858e15b010567da
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 19 11:03:38 2016 +0100
Remove unused BoringSSL specific flags
We will rely on the -allow-unimplemented feature instead.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 5b2d35c34407c6f40c8e544f86ab4f50c779518c
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 19 10:53:25 2016 +0100
Remove some unreferenced fields from TestState
They were there for BoringSSL only features which are not relevant to us.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 2fd0dfd9f69468b8276b0cd3a292a9b1aa24fef9
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 19 10:52:47 2016 +0100
Remove some #if 0'd out code
It was just a sanity check and isn't needed
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit da88e88a79b4e283328bb09f60b6e0099ae939e9
Author: Matt Caswell <matt at openssl.org>
Date: Sat Oct 15 11:24:13 2016 +0100
Fix argument order in documentation
git clone has the directory name last
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit d664ff498cad7b40fe330ce91f211b327e2e3090
Author: Matt Caswell <matt at openssl.org>
Date: Sat Oct 15 11:11:23 2016 +0100
Remove test/ossl_shim/Makefile
This Makefile was temporary. Building ossl_shim has now been integrated into
to the build system.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 5227337a7c340eeeebaced1230e8dfaa7a8ec7db
Author: Matt Caswell <matt at openssl.org>
Date: Sat Oct 15 11:09:20 2016 +0100
Add documentation on the BoringSSL test suite integration
Added the file README.external which describes how to build and run OpenSSL
to use the BoringSSL test suite. Also updated INSTALL to point to it.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit a60150e9abe3bf67a889d9b0e1fe90f3d2b91123
Author: Matt Caswell <matt at openssl.org>
Date: Fri Oct 14 20:32:18 2016 +0100
Add -std=c++11 to CXXFLAGS
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 4d040e283e3ed611a0a7864ed3198fc01fb340a6
Author: Matt Caswell <matt at openssl.org>
Date: Fri Oct 14 16:18:47 2016 +0100
Fix some unused variable warnings in ossl_shim
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 9e663b13714f36a2069cfddf493a5d27985e26a0
Author: Matt Caswell <matt at openssl.org>
Date: Fri Oct 14 15:55:49 2016 +0100
Add a comment to 90-test_external.t to explain why we need filter_run
Also rename executable to cmd...otherwise it breaks!
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit d5df08afb43d66c26a512093c22a70d3a079dc3f
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Oct 14 15:52:50 2016 +0100
Convert 90-test_external.t to using "executable" rather than "system"
Use the newly added "executable" function rather than "system". Also filter
the output to add a prefix to every line so that the "ok" doesn't confuse
Test::More
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
commit ce2596d404c16266b6bd5614b2d5159b67054d58
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 12 16:21:13 2016 +0100
Control building of ossl_shim through Configure
Don't build ossl_shim by default. Switch it on through
enable-external-tests.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit cfa76979867a2401d435cafe66e05c4234785480
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Oct 12 16:05:06 2016 +0100
Integrate ossl_shim into the build
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 50b014e4c62cb9315de949e0e84b1628142d1401
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 12 15:43:46 2016 +0100
Add a shim config file
This just disables all tests that fail at the moment. Over time we will
want to go over these and figure out why they are failing (and fix them if
appropriate)
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 694cfa1f49797ffdaf55817caefa2dc31043511a
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 12 12:07:33 2016 +0100
Add ossl_shim to .gitignore
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 7b73b7beda88501b9d6e062a5dbf9a72f791dfda
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 12 10:56:29 2016 +0100
Rebase shim against latest boringssl code
Numerous conflicts resolved. rebase was against commit 490469f850.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 8c6c5077b211ea73223c950edff98f0891853dc8
Author: Matt Caswell <matt at openssl.org>
Date: Mon Oct 10 12:24:00 2016 +0100
Add a test to call the BoringSSL test suite
This adds a test to the OpenSSL test suite to invoke the BoringSSL test
suite.
It assumes you have already compiled the ossl_shim (see previous commit).
It also assumes that you have an environment variable BORING_RUNNER_DIR
set up to point to the ssl/test/runner directory of a checkout of BoringSSL.
This has only been tested with a very old version of BoringSSL (from commit
f277add6c) - since that was the last known checkout where the shim compiles
successfully. Even with that version of BoringSSL this test will fail. There
are lots of Boring tests that are failing for various reasons. Some might
be due to bugs in OpenSSL, some might be due to features that BoringSSL has
that OpenSSL doesn't, some are due to assumptions about the way BoringSSL
behaves that are not true for OpenSSL etc.
To get the verbose BoringSSL test output, run like this:
VERBOSE=1 BORING_RUNNER_DIR=/path/to/boring/ssl/test/runner make \
TESTS="test_external" test
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit eef977aa0e6c6614bc99bd8357bc4afba91737f7
Author: Matt Caswell <matt at openssl.org>
Date: Mon Oct 10 12:17:21 2016 +0100
Integrate BoringSSL shim
The BoringSSL test suite contains numerous tests which OpenSSL does not.
The BoringSSL test runner uses a shim to launch the library and execute the
tests. This is a version of the BoringSSL shim converted to compile against
OpenSSL instead.
This is primarily based on the work of David Benjamin from the BoringSSL
project who did most of the necessary conversion. It also includes a few
other tweaks for opacity changes etc.
This is based on a *very* old version of BoringSSL from commit f277add6c.
That was the last commit known to work with this patched shim. Later
versions may also work but lots of merge conflicts occur when trying to
bring it up to date.
At the moment this has not been integrated into the build system. There is
a very simple standalone makefile in the ossl_shim directory which should
be executed directly before tyring to use the shim.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 +
Configurations/unix-Makefile.tmpl | 2 +-
Configure | 8 +
INSTALL | 7 +
test/README.external | 65 ++
test/ossl_shim/async_bio.cc | 183 +++++
test/ossl_shim/async_bio.h | 39 +
test/ossl_shim/build.info | 6 +
test/ossl_shim/include/openssl/base.h | 158 ++++
test/ossl_shim/ossl_config.json | 1185 ++++++++++++++++++++++++++++++
test/ossl_shim/ossl_shim.cc | 1265 +++++++++++++++++++++++++++++++++
test/ossl_shim/packeted_bio.cc | 299 ++++++++
test/ossl_shim/packeted_bio.h | 44 ++
test/ossl_shim/test_config.cc | 181 +++++
test/ossl_shim/test_config.h | 88 +++
test/recipes/90-test_external.t | 41 ++
16 files changed, 3571 insertions(+), 1 deletion(-)
create mode 100644 test/README.external
create mode 100644 test/ossl_shim/async_bio.cc
create mode 100644 test/ossl_shim/async_bio.h
create mode 100644 test/ossl_shim/build.info
create mode 100644 test/ossl_shim/include/openssl/base.h
create mode 100644 test/ossl_shim/ossl_config.json
create mode 100644 test/ossl_shim/ossl_shim.cc
create mode 100644 test/ossl_shim/packeted_bio.cc
create mode 100644 test/ossl_shim/packeted_bio.h
create mode 100644 test/ossl_shim/test_config.cc
create mode 100644 test/ossl_shim/test_config.h
create mode 100644 test/recipes/90-test_external.t
diff --git a/.gitignore b/.gitignore
index 23c48be..0a7edfc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,6 +50,7 @@ Makefile
/test/ssltest_old
/test/x509aux
/test/v3ext
+/test/ossl_shim/ossl_shim
# Certain files that get created by tests on the fly
/test/*.ss
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index eb47630..28ec045 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -174,7 +174,7 @@ CC= $(CROSS_COMPILE){- $target{cc} -}
CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -}
CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -}
CXX= $(CROSS_COMPILE){- $target{cxx} -}
-CXXFLAGS={- our $cxxflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cxxflags} -} {- $config{cxxflags} -}
+CXXFLAGS={- our $cxxflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cxxflags} -} {- $config{cxxflags} -} -std=c++11
LDFLAGS= {- $target{lflags} -}
PLIB_LDFLAGS= {- $target{plib_lflags} -}
EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -}
diff --git a/Configure b/Configure
index 884f7bd..3289e9f 100755
--- a/Configure
+++ b/Configure
@@ -316,6 +316,8 @@ $config{sdirs} = [
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf"
];
+# test/ subdirectories to build
+$config{tdirs} = [ "ossl_shim" ];
# Known TLS and DTLS protocols
my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
@@ -360,6 +362,7 @@ my @disablables = (
"egd",
"engine",
"err",
+ "external-tests",
"filenames",
"fuzz-libfuzzer",
"fuzz-afl",
@@ -429,6 +432,7 @@ our %disabled = ( # "what" => "comment"
"crypto-mdebug-backtrace" => "default",
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
+ "external-tests" => "default",
"fuzz-libfuzzer" => "default",
"fuzz-afl" => "default",
"heartbeats" => "default",
@@ -1426,6 +1430,10 @@ if ($builder eq "unified") {
push @build_infos, [ catdir("engines", $_), "build.info" ]
if (-f catfile($srcdir, "engines", $_, "build.info"));
}
+ foreach (@{$config{tdirs}}) {
+ push @build_infos, [ catdir("test", $_), "build.info" ]
+ if (-f catfile($srcdir, "test", $_, "build.info"));
+ }
$config{build_infos} = [ ];
diff --git a/INSTALL b/INSTALL
index a393225..36cb090 100644
--- a/INSTALL
+++ b/INSTALL
@@ -310,6 +310,13 @@
no-err
Don't compile in any error strings.
+ enable-external-tests
+ Enable building of integration with external test suites.
+ This is a developer option and may not work on all platforms.
+ The only supported external test suite at the current time is
+ the BoringSSL test suite. See the file test/README.external
+ for further details.
+
no-filenames
Don't compile in filename and line number information (e.g.
for errors and memory allocation).
diff --git a/test/README.external b/test/README.external
new file mode 100644
index 0000000..3cd0541
--- /dev/null
+++ b/test/README.external
@@ -0,0 +1,65 @@
+Running the BoringSSL test suite with OpenSSL
+=============================================
+
+It is possible to integrate external test suites into OpenSSL's "make test". At
+the current time the only supported external suite is the one used by
+BoringSSL.
+
+This capability is considered a developer option and may not work on all
+platforms.
+
+In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL
+source code into an appropriate directory:
+
+$ git clone https://boringssl.googlesource.com/boringssl boringssl
+
+The BoringSSL tests are only confirmed to work at a specific commit in the
+BoringSSL repository. Later commits may or may not pass the test suite:
+
+$ cd boringssl
+$ git checkout 490469f850e
+
+From the OpenSSL source code configure to use the external tests:
+
+$ cd ../openssl
+$ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \
+ enable-external-tests
+
+Note that using other config option than those given above may cause the tests
+to fail.
+
+Run the OpenSSL tests by providing the path to the BoringSSL test runner in the
+BORING_RUNNER_DIR environment variable:
+
+$ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test
+
+Note that the test suite may change directory while running so the path provided
+should be absolute and not relative to the current working directory.
+
+To see more detailed output you can run just the BoringSSL tests with the
+verbose option:
+
+$ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \
+ TESTS="test_external" test
+
+
+Test failures and suppressions
+==============================
+
+A large number of the BoringSSL tests are known to fail. A test could fail
+because of many possible reasons. For example:
+
+- A bug in OpenSSL
+- Different interpretations of standards
+- Assumptions about the way BoringSSL works that do not apply to OpenSSL
+- The test uses APIs added to BoringSSL that are not present in OpenSSL
+- etc
+
+In order to provide a "clean" baseline run with all the tests passing a config
+file has been provided that suppresses the running of tests that are known to
+fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json"
+within the OpenSSL source code.
+
+The community is encouraged to contribute patches which reduce the number of
+suppressions that are currently present.
+
diff --git a/test/ossl_shim/async_bio.cc b/test/ossl_shim/async_bio.cc
new file mode 100644
index 0000000..f0f6a38
--- /dev/null
+++ b/test/ossl_shim/async_bio.cc
@@ -0,0 +1,183 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "async_bio.h"
+
+#include <errno.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+
+
+namespace {
+
+struct AsyncBio {
+ bool datagram;
+ bool enforce_write_quota;
+ size_t read_quota;
+ size_t write_quota;
+};
+
+AsyncBio *GetData(BIO *bio) {
+ return (AsyncBio *)BIO_get_data(bio);
+}
+
+static int AsyncWrite(BIO *bio, const char *in, int inl) {
+ AsyncBio *a = GetData(bio);
+ if (a == NULL || BIO_next(bio) == NULL) {
+ return 0;
+ }
+
+ if (!a->enforce_write_quota) {
+ return BIO_write(BIO_next(bio), in, inl);
+ }
+
+ BIO_clear_retry_flags(bio);
+
+ if (a->write_quota == 0) {
+ BIO_set_retry_write(bio);
+ errno = EAGAIN;
+ return -1;
+ }
+
+ if (!a->datagram && (size_t)inl > a->write_quota) {
+ inl = a->write_quota;
+ }
+ int ret = BIO_write(BIO_next(bio), in, inl);
+ if (ret <= 0) {
+ BIO_copy_next_retry(bio);
+ } else {
+ a->write_quota -= (a->datagram ? 1 : ret);
+ }
+ return ret;
+}
+
+static int AsyncRead(BIO *bio, char *out, int outl) {
+ AsyncBio *a = GetData(bio);
+ if (a == NULL || BIO_next(bio) == NULL) {
+ return 0;
+ }
+
+ BIO_clear_retry_flags(bio);
+
+ if (a->read_quota == 0) {
+ BIO_set_retry_read(bio);
+ errno = EAGAIN;
+ return -1;
+ }
+
+ if (!a->datagram && (size_t)outl > a->read_quota) {
+ outl = a->read_quota;
+ }
+ int ret = BIO_read(BIO_next(bio), out, outl);
+ if (ret <= 0) {
+ BIO_copy_next_retry(bio);
+ } else {
+ a->read_quota -= (a->datagram ? 1 : ret);
+ }
+ return ret;
+}
+
+static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) {
+ if (BIO_next(bio) == NULL) {
+ return 0;
+ }
+ BIO_clear_retry_flags(bio);
+ int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
+ BIO_copy_next_retry(bio);
+ return ret;
+}
+
+static int AsyncNew(BIO *bio) {
+ AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a));
+ if (a == NULL) {
+ return 0;
+ }
+ memset(a, 0, sizeof(*a));
+ a->enforce_write_quota = true;
+ BIO_set_init(bio, 1);
+ BIO_set_data(bio, a);
+ return 1;
+}
+
+static int AsyncFree(BIO *bio) {
+ if (bio == NULL) {
+ return 0;
+ }
+
+ OPENSSL_free(BIO_get_data(bio));
+ BIO_set_data(bio, NULL);
+ BIO_set_init(bio, 0);
+ return 1;
+}
+
+static long AsyncCallbackCtrl(BIO *bio, int cmd, bio_info_cb fp) {
+ if (BIO_next(bio) == NULL) {
+ return 0;
+ }
+ return BIO_callback_ctrl(BIO_next(bio), cmd, fp);
+}
+
+static BIO_METHOD *g_async_bio_method = NULL;
+
+static const BIO_METHOD *AsyncMethod(void)
+{
+ if (g_async_bio_method == NULL) {
+ g_async_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "async bio");
+ if ( g_async_bio_method == NULL
+ || !BIO_meth_set_write(g_async_bio_method, AsyncWrite)
+ || !BIO_meth_set_read(g_async_bio_method, AsyncRead)
+ || !BIO_meth_set_ctrl(g_async_bio_method, AsyncCtrl)
+ || !BIO_meth_set_create(g_async_bio_method, AsyncNew)
+ || !BIO_meth_set_destroy(g_async_bio_method, AsyncFree)
+ || !BIO_meth_set_callback_ctrl(g_async_bio_method, AsyncCallbackCtrl))
+ return NULL;
+ }
+ return g_async_bio_method;
+}
+
+} // namespace
+
+bssl::UniquePtr<BIO> AsyncBioCreate() {
+ return bssl::UniquePtr<BIO>(BIO_new(AsyncMethod()));
+}
+
+bssl::UniquePtr<BIO> AsyncBioCreateDatagram() {
+ bssl::UniquePtr<BIO> ret(BIO_new(AsyncMethod()));
+ if (!ret) {
+ return nullptr;
+ }
+ GetData(ret.get())->datagram = true;
+ return ret;
+}
+
+void AsyncBioAllowRead(BIO *bio, size_t count) {
+ AsyncBio *a = GetData(bio);
+ if (a == NULL) {
+ return;
+ }
+ a->read_quota += count;
+}
+
+void AsyncBioAllowWrite(BIO *bio, size_t count) {
+ AsyncBio *a = GetData(bio);
+ if (a == NULL) {
+ return;
+ }
+ a->write_quota += count;
+}
+
+void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce) {
+ AsyncBio *a = GetData(bio);
+ if (a == NULL) {
+ return;
+ }
+ a->enforce_write_quota = enforce;
+}
diff --git a/test/ossl_shim/async_bio.h b/test/ossl_shim/async_bio.h
new file mode 100644
index 0000000..bb24ead
--- /dev/null
+++ b/test/ossl_shim/async_bio.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASYNC_BIO
+#define HEADER_ASYNC_BIO
+
+#include <openssl/base.h>
+#include <openssl/bio.h>
+
+
+// AsyncBioCreate creates a filter BIO for testing asynchronous state
+// machines which consume a stream socket. Reads and writes will fail
+// and return EAGAIN unless explicitly allowed. Each async BIO has a
+// read quota and a write quota. Initially both are zero. As each is
+// incremented, bytes are allowed to flow through the BIO.
+bssl::UniquePtr<BIO> AsyncBioCreate();
+
+// AsyncBioCreateDatagram creates a filter BIO for testing for
+// asynchronous state machines which consume datagram sockets. The read
+// and write quota count in packets rather than bytes.
+bssl::UniquePtr<BIO> AsyncBioCreateDatagram();
+
+// AsyncBioAllowRead increments |bio|'s read quota by |count|.
+void AsyncBioAllowRead(BIO *bio, size_t count);
+
+// AsyncBioAllowWrite increments |bio|'s write quota by |count|.
+void AsyncBioAllowWrite(BIO *bio, size_t count);
+
+// AsyncBioEnforceWriteQuota configures where |bio| enforces its write quota.
+void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce);
+
+
+#endif // HEADER_ASYNC_BIO
diff --git a/test/ossl_shim/build.info b/test/ossl_shim/build.info
new file mode 100644
index 0000000..aa5f062
--- /dev/null
+++ b/test/ossl_shim/build.info
@@ -0,0 +1,6 @@
+IF[{- defined $target{cxx} && !$disabled{"external-tests"}-}]
+ PROGRAMS_NO_INST=ossl_shim
+ SOURCE[ossl_shim]=ossl_shim.cc async_bio.cc packeted_bio.cc test_config.cc
+ INCLUDE[ossl_shim]=. include ../../include
+ DEPEND[ossl_shim]=../../libssl ../../libcrypto
+ENDIF
diff --git a/test/ossl_shim/include/openssl/base.h b/test/ossl_shim/include/openssl/base.h
new file mode 100644
index 0000000..755d520
--- /dev/null
+++ b/test/ossl_shim/include/openssl/base.h
@@ -0,0 +1,158 @@
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com). */
+
+#ifndef OPENSSL_HEADER_BASE_H
+#define OPENSSL_HEADER_BASE_H
+
+/* Needed for BORINGSSL_MAKE_DELETER */
+# include <openssl/bio.h>
+# include <openssl/evp.h>
+# include <openssl/dh.h>
+# include <openssl/x509.h>
+# include <openssl/ssl.h>
+
+# define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
+
+/* Temporary TLS1.3 defines until OpenSSL supports these */
+# define TLS1_3_VERSION 0x0304
+# define SSL_OP_NO_TLSv1_3 0
+
+extern "C++" {
+
+#include <memory>
+
+namespace bssl {
+
+namespace internal {
+
+template <typename T>
+struct DeleterImpl {};
+
+template <typename T>
+struct Deleter {
+ void operator()(T *ptr) {
+ // Rather than specialize Deleter for each type, we specialize
+ // DeleterImpl. This allows bssl::UniquePtr<T> to be used while only
+ // including base.h as long as the destructor is not emitted. This matches
+ // std::unique_ptr's behavior on forward-declared types.
+ //
+ // DeleterImpl itself is specialized in the corresponding module's header
+ // and must be included to release an object. If not included, the compiler
+ // will error that DeleterImpl<T> does not have a method Free.
+ DeleterImpl<T>::Free(ptr);
+ }
+};
+
+template <typename T, typename CleanupRet, void (*init)(T *),
+ CleanupRet (*cleanup)(T *)>
+class StackAllocated {
+ public:
+ StackAllocated() { init(&ctx_); }
+ ~StackAllocated() { cleanup(&ctx_); }
+
+ StackAllocated(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
+ T& operator=(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
+
+ T *get() { return &ctx_; }
+ const T *get() const { return &ctx_; }
+
+ void Reset() {
+ cleanup(&ctx_);
+ init(&ctx_);
+ }
+
+ private:
+ T ctx_;
+};
+
+} // namespace internal
+
+#define BORINGSSL_MAKE_DELETER(type, deleter) \
+ namespace internal { \
+ template <> \
+ struct DeleterImpl<type> { \
+ static void Free(type *ptr) { deleter(ptr); } \
+ }; \
+ }
+
+// This makes a unique_ptr to STACK_OF(type) that owns all elements on the
+// stack, i.e. it uses sk_pop_free() to clean up.
+#define BORINGSSL_MAKE_STACK_DELETER(type, deleter) \
+ namespace internal { \
+ template <> \
+ struct DeleterImpl<STACK_OF(type)> { \
+ static void Free(STACK_OF(type) *ptr) { \
+ sk_##type##_pop_free(ptr, deleter); \
+ } \
+ }; \
+ }
+
+// Holds ownership of heap-allocated BoringSSL structures. Sample usage:
+// bssl::UniquePtr<BIO> rsa(RSA_new());
+// bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
+template <typename T>
+using UniquePtr = std::unique_ptr<T, internal::Deleter<T>>;
+
+BORINGSSL_MAKE_DELETER(BIO, BIO_free)
+BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free)
+BORINGSSL_MAKE_DELETER(DH, DH_free)
+BORINGSSL_MAKE_DELETER(X509, X509_free)
+BORINGSSL_MAKE_DELETER(SSL, SSL_free)
+BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
+BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
+
+} // namespace bssl
+
+} /* extern C++ */
+
+
+#endif /* OPENSSL_HEADER_BASE_H */
diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json
new file mode 100644
index 0000000..690dc66
--- /dev/null
+++ b/test/ossl_shim/ossl_config.json
@@ -0,0 +1,1185 @@
+
+{
+ "DisabledTests" : {
+ "*TLS13*":"No TLS1.3 support yet",
+ "UnauthenticatedECDH":"Test failure - reason unknown",
+ "SkipServerKeyExchange":"Test failure - reason unknown",
+ "FragmentAlert-DTLS":"Test failure - reason unknown",
+ "FallbackSCSV":"Test failure - reason unknown",
+ "Alert-DTLS":"Test failure - reason unknown",
+ "DoubleAlert-DTLS":"Test failure - reason unknown",
+ "SkipNewSessionTicket":"Test failure - reason unknown",
+ "Alert":"Test failure - reason unknown",
+ "FragmentAlert":"Test failure - reason unknown",
+ "DoubleAlert":"Test failure - reason unknown",
+ "FragmentedClientVersion":"Test failure - reason unknown",
+ "HttpPOST":"Test failure - reason unknown",
+ "DisableEverything":"Test failure - reason unknown",
+ "HttpHEAD":"Test failure - reason unknown",
+ "HttpGET":"Test failure - reason unknown",
+ "DisableEverything-DTLS":"Test failure - reason unknown",
+ "HttpPUT":"Test failure - reason unknown",
+ "CertMismatchRSA":"Test failure - reason unknown",
+ "MTU":"Test failure - reason unknown",
+ "HttpCONNECT":"Test failure - reason unknown",
+ "RSAEphemeralKey":"Test failure - reason unknown",
+ "CertMismatchECDSA":"Test failure - reason unknown",
+ "EmptyCertificateList-TLS13":"Test failure - reason unknown",
+ "EmptyCertificateList":"Test failure - reason unknown",
+ "AppDataBeforeHandshake-Empty":"Test failure - reason unknown",
+ "AppDataBeforeHandshake-DTLS":"Test failure - reason unknown",
+ "AppDataBeforeHandshake":"Test failure - reason unknown",
+ "TLSFatalBadPackets":"Test failure - reason unknown",
+ "Garbage":"Test failure - reason unknown",
+ "AppDataAfterChangeCipherSpec-DTLS":"Test failure - reason unknown",
+ "AppDataAfterChangeCipherSpec-Empty":"Test failure - reason unknown",
+ "AppDataBeforeHandshake-DTLS-Empty":"Test failure - reason unknown",
+ "AlertAfterChangeCipherSpec":"Test failure - reason unknown",
+ "AppDataAfterChangeCipherSpec":"Test failure - reason unknown",
+ "AlertAfterChangeCipherSpec-DTLS":"Test failure - reason unknown",
+ "FragmentMessageLengthMismatch-DTLS":"Test failure - reason unknown",
+ "SendInvalidRecordType-DTLS":"Test failure - reason unknown",
+ "SplitFragments-Header-DTLS":"Test failure - reason unknown",
+ "SendInvalidRecordType":"Test failure - reason unknown",
+ "SplitFragments-Boundary-DTLS":"Test failure - reason unknown",
+ "SplitFragments-Body-DTLS":"Test failure - reason unknown",
+ "SendEmptyFragments-DTLS":"Test failure - reason unknown",
+ "FragmentMessageTypeMismatch-DTLS":"Test failure - reason unknown",
+ "BadFinished-Client-TLS13":"Test failure - reason unknown",
+ "BadFinished-Server":"Test failure - reason unknown",
+ "BadFinished-Client":"Test failure - reason unknown",
+ "SendEmptyRecords":"Test failure - reason unknown",
+ "SendEmptyRecords-Async":"Test failure - reason unknown",
+ "SendWarningAlerts-TLS13":"Test failure - reason unknown",
+ "SendWarningAlerts":"Test failure - reason unknown",
+ "SendWarningAlerts-DTLS-Pass":"Test failure - reason unknown",
+ "SendWarningAlerts-Pass":"Test failure - reason unknown",
+ "SendKeyUpdates":"Test failure - reason unknown",
+ "SendWarningAlerts-Async":"Test failure - reason unknown",
+ "Unclean-Shutdown-Alert":"Test failure - reason unknown",
+ "LargePlaintext":"Test failure - reason unknown",
+ "LargeCiphertext":"Test failure - reason unknown",
+ "BadHelloRequest-1":"Test failure - reason unknown",
+ "LargePlaintext-DTLS":"Test failure - reason unknown",
+ "BadFinished-Server-TLS13":"Test failure - reason unknown",
+ "V2ClientHello-WarningAlertPrefix":"Test failure - reason unknown",
+ "V2ClientHello-EmptyRecordPrefix":"Test failure - reason unknown",
+ "BadHelloRequest-2":"Test failure - reason unknown",
+ "DTLS-SendExtraFinished":"Test failure - reason unknown",
+ "NoNullCompression-TLS12":"Test failure - reason unknown",
+ "LargeMessage-Reject":"Test failure - reason unknown",
+ "LargeMessage-Reject-DTLS":"Test failure - reason unknown",
+ "DTLS-SendExtraFinished-Reordered":"Test failure - reason unknown",
+ "NoNullCompression-TLS13":"Test failure - reason unknown",
+ "ExtraCompressionMethods-TLS13":"Test failure - reason unknown",
+ "SSL3-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS13-3DES-SHA-client":"Test failure - reason unknown",
+ "TLS1-AES128-GCM-server":"Test failure - reason unknown",
+ "SSL3-AES128-GCM-client":"Test failure - reason unknown",
+ "DTLS1-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS11-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS1-AES128-GCM-client":"Test failure - reason unknown",
+ "DTLS1-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS11-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS13-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS13-3DES-SHA-server":"Test failure - reason unknown",
+ "TLS13-AES128-SHA-client":"Test failure - reason unknown",
+ "TLS13-AES128-GCM-server":"Test failure - reason unknown",
+ "SSL3-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS1-AES128-SHA256-server":"Test failure - reason unknown",
+ "SSL3-AES128-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS11-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS1-AES128-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS11-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS13-AES128-SHA256-client":"Test failure - reason unknown",
+ "SSL3-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS1-AES256-GCM-server":"Test failure - reason unknown",
+ "SSL3-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS13-AES128-SHA-server":"Test failure - reason unknown",
+ "DTLS1-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS11-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS1-AES256-GCM-client":"Test failure - reason unknown",
+ "DTLS1-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS11-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS13-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS13-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS13-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS13-AES256-SHA-client":"Test failure - reason unknown",
+ "TLS1-AES256-SHA256-server":"Test failure - reason unknown",
+ "SSL3-AES256-SHA256-client":"Test failure - reason unknown",
+ "SSL3-AES256-SHA256-server":"Test failure - reason unknown",
+ "DTLS1-AES256-SHA256-server":"Test failure - reason unknown",
+ "TLS11-AES256-SHA256-server":"Test failure - reason unknown",
+ "TLS1-AES256-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-AES256-SHA256-client":"Test failure - reason unknown",
+ "TLS11-AES256-SHA256-client":"Test failure - reason unknown",
+ "TLS13-AES256-SHA256-client":"Test failure - reason unknown",
+ "TLS13-AES256-SHA-server":"Test failure - reason unknown",
+ "SSL3-DHE-RSA-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS1-DHE-RSA-AES128-GCM-server":"Test failure - reason unknown",
+ "SSL3-DHE-RSA-AES128-GCM-client":"Test failure - reason unknown",
+ "DTLS1-DHE-RSA-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS1-DHE-RSA-AES128-GCM-client":"Test failure - reason unknown",
+ "DTLS1-DHE-RSA-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS11-DHE-RSA-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS11-DHE-RSA-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS13-AES256-SHA256-server":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES128-SHA-client":"Test failure - reason unknown",
+ "SSL3-DHE-RSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS1-DHE-RSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "DTLS1-DHE-RSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "SSL3-DHE-RSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS1-DHE-RSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS11-DHE-RSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "DTLS1-DHE-RSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS11-DHE-RSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES128-SHA-server":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "SSL3-DHE-RSA-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS1-DHE-RSA-AES256-GCM-server":"Test failure - reason unknown",
+ "SSL3-DHE-RSA-AES256-GCM-client":"Test failure - reason unknown",
+ "DTLS1-DHE-RSA-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS11-DHE-RSA-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS1-DHE-RSA-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS11-DHE-RSA-AES256-GCM-client":"Test failure - reason unknown",
+ "DTLS1-DHE-RSA-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES256-SHA-client":"Test failure - reason unknown",
+ "TLS1-DHE-RSA-AES256-SHA256-server":"Test failure - reason unknown",
+ "SSL3-DHE-RSA-AES256-SHA256-server":"Test failure - reason unknown",
+ "SSL3-DHE-RSA-AES256-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-DHE-RSA-AES256-SHA256-server":"Test failure - reason unknown",
+ "TLS11-DHE-RSA-AES256-SHA256-server":"Test failure - reason unknown",
+ "TLS11-DHE-RSA-AES256-SHA256-client":"Test failure - reason unknown",
+ "TLS1-DHE-RSA-AES256-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-DHE-RSA-AES256-SHA256-client":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES256-SHA-server":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES256-SHA256-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-AES128-GCM-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-AES128-GCM-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-AES128-GCM-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES128-GCM-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-AES128-SHA-server":"Test failure - reason unknown",
+ "TLS13-DHE-RSA-AES256-SHA256-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES128-SHA-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES128-GCM-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES128-SHA-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-AES256-GCM-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-AES256-GCM-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-AES256-GCM-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-AES256-GCM-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES256-GCM-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-AES256-SHA-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES256-SHA-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-AES256-SHA384-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-AES256-SHA384-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-AES256-SHA384-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-AES256-SHA384-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-AES256-SHA384-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-AES256-SHA384-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-AES256-SHA384-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-AES256-SHA384-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES256-SHA384-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES256-SHA-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "TLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-LargeRecord":"Test failure - reason unknown",
+ "TLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "TLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "DTLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-LargeRecord":"Test failure - reason unknown",
+ "DTLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "DTLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-AES256-SHA384-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-AES128-GCM-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-AES128-GCM-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES128-GCM-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-AES128-SHA-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES128-GCM-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES128-SHA-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES128-SHA256-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES128-SHA-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-AES256-GCM-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-AES256-GCM-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-AES256-GCM-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-AES256-GCM-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES256-GCM-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-AES256-SHA-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES128-SHA256-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES256-GCM-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES256-SHA-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-AES256-SHA384-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-AES256-SHA384-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-AES256-SHA384-client":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-AES256-SHA384-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-AES256-SHA384-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-AES256-SHA384-server":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-AES256-SHA384-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-AES256-SHA384-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES256-SHA384-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES256-SHA-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-AES256-SHA384-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "TLS1-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "TLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "TLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "DTLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "TLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-LargeRecord":"Test failure - reason unknown",
+ "TLS11-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "DTLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "DTLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-LargeRecord":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown",
+ "TLS1-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "SSL3-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "SSL3-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "TLS11-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "TLS1-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "TLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "TLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-LargeRecord":"Test failure - reason unknown",
+ "TLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "TLS11-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "SSL3-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-LargeRecord":"Test failure - reason unknown",
+ "TLS1-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "SSL3-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "TLS13-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "TLS1-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "TLS11-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "TLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "DTLS1-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "TLS11-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown",
+ "TLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-LargeRecord":"Test failure - reason unknown",
+ "TLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-LargeRecord":"Test failure - reason unknown",
+ "SSL3-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS13-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS1-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS1-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS11-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "SSL3-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS12-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS13-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "DTLS1-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS12-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS12-CECPQ1-RSA-AES256-GCM-SHA384-LargeRecord":"Test failure - reason unknown",
+ "TLS11-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-RSA-AES256-GCM-SHA384-LargeRecord":"Test failure - reason unknown",
+ "TLS13-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "SSL3-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS1-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "SSL3-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS1-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "DTLS1-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "DTLS1-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS11-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS11-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-LargeRecord":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-LargeRecord":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "DTLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS13-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS13-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown",
+ "TLS13-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS13-PSK-AES128-CBC-SHA-client":"Test failure - reason unknown",
+ "TLS13-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS13-PSK-AES256-CBC-SHA-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown",
+ "TLS13-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-PSK-AES128-CBC-SHA-client":"Test failure - reason unknown",
+ "SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown",
+ "TLS13-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown",
+ "TLS13-ECDHE-PSK-AES256-CBC-SHA-client":"Test failure - reason unknown",
+ "TLS1-ECDHE-PSK-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-PSK-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "DTLS1-ECDHE-PSK-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "SSL3-ECDHE-PSK-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-PSK-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS1-ECDHE-PSK-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS11-ECDHE-PSK-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "DTLS1-ECDHE-PSK-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-PSK-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS13-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown",
+ "SSL3-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "SSL3-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS11-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS1-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS1-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "DTLS1-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS12-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "DTLS1-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "DTLS12-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS13-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS11-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS12-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "TLS13-AEAD-CHACHA20-POLY1305-LargeRecord":"Test failure - reason unknown",
+ "DTLS12-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown",
+ "SSL3-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown",
+ "TLS1-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown",
+ "DTLS1-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown",
+ "SSL3-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown",
+ "TLS11-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown",
+ "TLS1-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown",
+ "DTLS1-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown",
+ "TLS12-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown",
+ "TLS11-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown",
+ "DTLS12-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown",
+ "TLS12-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown",
+ "DTLS12-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown",
+ "TLS13-AEAD-AES128-GCM-SHA256-LargeRecord":"Test failure - reason unknown",
+ "TLS13-ECDHE-PSK-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS13-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown",
+ "SSL3-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS1-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "DTLS1-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "SSL3-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS11-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS13-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown",
+ "TLS12-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS1-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "DTLS1-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "DTLS12-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS11-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS13-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS12-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "TLS13-AEAD-AES256-GCM-SHA384-LargeRecord":"Test failure - reason unknown",
+ "DTLS12-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown",
+ "SSL3-NULL-SHA-client":"Test failure - reason unknown",
+ "SSL3-NULL-SHA-server":"Test failure - reason unknown",
+ "SSL3-NULL-SHA-LargeRecord":"Test failure - reason unknown",
+ "TLS1-NULL-SHA-client":"Test failure - reason unknown",
+ "TLS1-NULL-SHA-server":"Test failure - reason unknown",
+ "TLS1-NULL-SHA-LargeRecord":"Test failure - reason unknown",
+ "TLS11-NULL-SHA-client":"Test failure - reason unknown",
+ "DTLS1-NULL-SHA-server":"Test failure - reason unknown",
+ "TLS11-NULL-SHA-server":"Test failure - reason unknown",
+ "TLS11-NULL-SHA-LargeRecord":"Test failure - reason unknown",
+ "TLS12-NULL-SHA-client":"Test failure - reason unknown",
+ "TLS12-NULL-SHA-server":"Test failure - reason unknown",
+ "DTLS1-NULL-SHA-client":"Test failure - reason unknown",
+ "TLS12-NULL-SHA-LargeRecord":"Test failure - reason unknown",
+ "TLS13-NULL-SHA-client":"Test failure - reason unknown",
+ "DTLS12-NULL-SHA-server":"Test failure - reason unknown",
+ "DTLS12-NULL-SHA-client":"Test failure - reason unknown",
+ "TLS13-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown",
+ "NoSharedCipher":"Test failure - reason unknown",
+ "UnsupportedCipherSuite":"Test failure - reason unknown",
+ "NoSharedCipher-TLS13":"Test failure - reason unknown",
+ "WeakDH":"Test failure - reason unknown",
+ "ServerHelloBogusCipher-TLS13":"Test failure - reason unknown",
+ "ServerHelloBogusCipher":"Test failure - reason unknown",
+ "TLS13-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown",
+ "TLS13-NULL-SHA-server":"Test failure - reason unknown",
+ "BadECDSA-1-1":"Test failure - reason unknown",
+ "BadECDSA-1-1-TLS13":"Test failure - reason unknown",
+ "BadECDSA-1-2-TLS13":"Test failure - reason unknown",
+ "BadECDSA-1-2":"Test failure - reason unknown",
+ "UnknownCipher-TLS13":"Test failure - reason unknown",
+ "BadECDSA-1-4":"Test failure - reason unknown",
+ "BadECDSA-1-3":"Test failure - reason unknown",
+ "BadECDSA-1-3-TLS13":"Test failure - reason unknown",
+ "BadECDSA-1-4-TLS13":"Test failure - reason unknown",
+ "BadECDSA-2-1-TLS13":"Test failure - reason unknown",
+ "BadECDSA-2-3":"Test failure - reason unknown",
+ "BadECDSA-2-2":"Test failure - reason unknown",
+ "BadECDSA-2-1":"Test failure - reason unknown",
+ "BadECDSA-2-2-TLS13":"Test failure - reason unknown",
+ "BadECDSA-2-4":"Test failure - reason unknown",
+ "BadECDSA-2-3-TLS13":"Test failure - reason unknown",
+ "BadECDSA-3-2":"Test failure - reason unknown",
+ "BadECDSA-3-1":"Test failure - reason unknown",
+ "BadECDSA-2-4-TLS13":"Test failure - reason unknown",
+ "BadECDSA-3-3-TLS13":"Test failure - reason unknown",
+ "BadECDSA-3-3":"Test failure - reason unknown",
+ "BadECDSA-3-1-TLS13":"Test failure - reason unknown",
+ "BadECDSA-3-2-TLS13":"Test failure - reason unknown",
+ "BadECDSA-3-4-TLS13":"Test failure - reason unknown",
+ "BadECDSA-3-4":"Test failure - reason unknown",
+ "BadECDSA-4-1":"Test failure - reason unknown",
+ "BadECDSA-4-1-TLS13":"Test failure - reason unknown",
+ "BadECDSA-4-2":"Test failure - reason unknown",
+ "BadECDSA-4-2-TLS13":"Test failure - reason unknown",
+ "BadECDSA-4-3-TLS13":"Test failure - reason unknown",
+ "BadECDSA-4-3":"Test failure - reason unknown",
+ "BadECDSA-4-4":"Test failure - reason unknown",
+ "BadECDSA-4-4-TLS13":"Test failure - reason unknown",
+ "BadCBCPadding255":"Test failure - reason unknown",
+ "BadCBCPadding":"Test failure - reason unknown",
+ "RequireAnyClientCertificate-SSL3":"Test failure - reason unknown",
+ "NoClientCertificate-Server-SSL3":"Test failure - reason unknown",
+ "RequireAnyClientCertificate-TLS1":"Test failure - reason unknown",
+ "SkipClientCertificate-TLS1":"Test failure - reason unknown",
+ "NoClientCertificate-Server-TLS1":"Test failure - reason unknown",
+ "SkipClientCertificate-TLS11":"Test failure - reason unknown",
+ "RequireAnyClientCertificate-TLS11":"Test failure - reason unknown",
+ "NoClientCertificate-Server-TLS11":"Test failure - reason unknown",
+ "NoClientCertificate-Server-TLS12":"Test failure - reason unknown",
+ "TLS13-Client-ClientAuth-RSA":"Test failure - reason unknown",
+ "RequireAnyClientCertificate-TLS12":"Test failure - reason unknown",
+ "NoClientCertificate-TLS13":"Test failure - reason unknown",
+ "TLS13-Client-ClientAuth-ECDSA":"Test failure - reason unknown",
+ "SkipClientCertificate-TLS12":"Test failure - reason unknown",
+ "TLS13-Server-ClientAuth-RSA":"Test failure - reason unknown",
+ "RequireAnyClientCertificate-TLS13":"Test failure - reason unknown",
+ "TLS13-Server-ClientAuth-ECDSA":"Test failure - reason unknown",
+ "NoClientCertificate-Server-TLS13":"Test failure - reason unknown",
+ "NoClientCertificateRequested-Server-TLS13":"Test failure - reason unknown",
+ "ClientAuth-PSK":"Test failure - reason unknown",
+ "SillyDH":"Test failure - reason unknown",
+ "ClientAuth-ECDHE_PSK":"Test failure - reason unknown",
+ "SkipClientCertificate-TLS13":"Test failure - reason unknown",
+ "VersionNegotiation-Client2-TLS13-SSL3":"Test failure - reason unknown",
+ "VersionNegotiation-Server2-TLS13-SSL3":"Test failure - reason unknown",
+ "VersionNegotiation-Client2-TLS13-TLS1":"Test failure - reason unknown",
+ "VersionNegotiation-Server2-TLS13-TLS1":"Test failure - reason unknown",
+ "VersionNegotiation-Client2-TLS13-TLS11":"Test failure - reason unknown",
+ "VersionNegotiation-Server2-TLS13-TLS11":"Test failure - reason unknown",
+ "VersionNegotiation-Client2-TLS13-TLS12":"Test failure - reason unknown",
+ "VersionNegotiation-Server2-TLS13-TLS12":"Test failure - reason unknown",
+ "VersionNegotiation-Client2-TLS13-TLS13":"Test failure - reason unknown",
+ "VersionNegotiation-Client-TLS13-TLS13":"Test failure - reason unknown",
+ "VersionNegotiation-Server2-TLS13-TLS13":"Test failure - reason unknown",
+ "VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown",
+ "VersionNegotiation-Server-TLS13-TLS13":"Test failure - reason unknown",
+ "VersionNegotiationExtension-SSL3":"Test failure - reason unknown",
+ "NoSupportedVersions-DTLS":"Test failure - reason unknown",
+ "VersionNegotiationExtension-TLS1":"Test failure - reason unknown",
+ "VersionNegotiationExtension-TLS11":"Test failure - reason unknown",
+ "NoSupportedVersions":"Test failure - reason unknown",
+ "VersionNegotiationExtension-TLS13":"Test failure - reason unknown",
+ "ConflictingVersionNegotiation-2":"Test failure - reason unknown",
+ "ConflictingVersionNegotiation":"Test failure - reason unknown",
+ "VersionTooLow-DTLS":"Test failure - reason unknown",
+ "ServerBogusVersion":"Test failure - reason unknown",
+ "VersionTolerance-TLS13":"Test failure - reason unknown",
+ "VersionTooLow":"Test failure - reason unknown",
+ "MinimumVersion-Client-SSL3-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Client2-SSL3-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS1-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS1-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS1-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS1-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Server2-SSL3-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Server-SSL3-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS1-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS1-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS11-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS11-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS11-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS11-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS11-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS11-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS11-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS11-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS1-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS11-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS11-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS12-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS1-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS12-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS12-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS12-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS12-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS12-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS12-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS12-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS12-TLS1-DTLS":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS12-TLS1-DTLS":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS12-TLS1-DTLS":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS12-TLS11":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS12-TLS11":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS12-TLS11":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS12-TLS1-DTLS":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS12-TLS11":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS11-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS11-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS12-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS12-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS13-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS13-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS13-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS13-SSL3":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS13-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS13-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS13-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS13-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS13-TLS11":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS13-TLS11":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS13-TLS11":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS13-TLS12":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS13-TLS11":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS13-TLS12":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS13-TLS12":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS13-TLS12":"Test failure - reason unknown",
+ "MinimumVersion-Client2-TLS13-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS13-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Client-TLS13-TLS13":"Test failure - reason unknown",
+ "ALPNClient-Mismatch-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Server2-TLS12-TLS13":"Test failure - reason unknown",
+ "ALPNServer-Decline-TLS1":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS13-TLS13":"Test failure - reason unknown",
+ "MinimumVersion-Server-TLS12-TLS13":"Test failure - reason unknown",
+ "ALPNServer-EmptyProtocolName-TLS1":"Test failure - reason unknown",
+ "ALPNClient-EmptyProtocolName-TLS1":"Test failure - reason unknown",
+ "NegotiateALPNAndNPN-Swapped-TLS1":"Test failure - reason unknown",
+ "NegotiateALPNAndNPN-TLS1":"Test failure - reason unknown",
+ "OversizedSessionId-TLS1":"Test failure - reason unknown",
+ "SRTP-Client-NoMatch-TLS1":"Test failure - reason unknown",
+ "ALPNServer-Decline-TLS11":"Test failure - reason unknown",
+ "ALPNServer-EmptyProtocolName-TLS11":"Test failure - reason unknown",
+ "ALPNClient-Mismatch-TLS11":"Test failure - reason unknown",
+ "ALPNClient-EmptyProtocolName-TLS11":"Test failure - reason unknown",
+ "NegotiateALPNAndNPN-TLS11":"Test failure - reason unknown",
+ "NegotiateALPNAndNPN-Swapped-TLS11":"Test failure - reason unknown",
+ "OversizedSessionId-TLS11":"Test failure - reason unknown",
+ "ALPNServer-Decline-TLS12":"Test failure - reason unknown",
+ "ALPNClient-Mismatch-TLS12":"Test failure - reason unknown",
+ "ALPNServer-EmptyProtocolName-TLS12":"Test failure - reason unknown",
+ "ALPNClient-EmptyProtocolName-TLS12":"Test failure - reason unknown",
+ "NegotiateALPNAndNPN-TLS12":"Test failure - reason unknown",
+ "NegotiateALPNAndNPN-Swapped-TLS12":"Test failure - reason unknown",
+ "OversizedSessionId-TLS12":"Test failure - reason unknown",
+ "SRTP-Client-NoMatch-TLS12":"Test failure - reason unknown",
+ "ALPNClient-Mismatch-TLS13":"Test failure - reason unknown",
+ "ALPNClient-EmptyProtocolName-TLS13":"Test failure - reason unknown",
+ "ALPNServer-Decline-TLS13":"Test failure - reason unknown",
+ "ALPNServer-EmptyProtocolName-TLS13":"Test failure - reason unknown",
+ "ClientHelloPadding":"Test failure - reason unknown",
+ "NPN-Forbidden-TLS13":"Test failure - reason unknown",
+ "RenegotiationInfo-Forbidden-TLS13":"Test failure - reason unknown",
+ "EMS-Forbidden-TLS13":"Test failure - reason unknown",
+ "Ticket-Forbidden-TLS13":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-SSL3-TLS1":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-SSL3-TLS11":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-SSL3-TLS12":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS1-SSL3":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS1-TLS11":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS1-TLS12":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS1-TLS13":"Test failure - reason unknown",
+ "Resume-Client-NoResume-TLS1-TLS13":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS1-TLS12-DTLS":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS11-SSL3":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS11-TLS1":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS11-TLS12":"Test failure - reason unknown",
+ "Resume-Server-TLS1-TLS13":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS11-TLS13":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS12-SSL3":"Test failure - reason unknown",
+ "Resume-Client-NoResume-TLS11-TLS13":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS12-TLS1":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS12-TLS1-DTLS":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS12-TLS11":"Test failure - reason unknown",
+ "Resume-Server-TLS11-TLS13":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS12-TLS13":"Test failure - reason unknown",
+ "Resume-Client-NoResume-TLS12-TLS13":"Test failure - reason unknown",
+ "Resume-Client-NoResume-TLS13-TLS1":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS13-TLS1":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS13-TLS11":"Test failure - reason unknown",
+ "Resume-Client-NoResume-TLS13-TLS12":"Test failure - reason unknown",
+ "Resume-Client-Mismatch-TLS13-TLS12":"Test failure - reason unknown",
+ "Resume-Client-NoResume-TLS13-TLS11":"Test failure - reason unknown",
+ "Resume-Client-TLS13-TLS13":"Test failure - reason unknown",
+ "Resume-Client-NoResume-TLS13-TLS13":"Test failure - reason unknown",
+ "Resume-Client-CipherMismatch-TLS13":"Test failure - reason unknown",
+ "Resume-Client-CipherMismatch":"Test failure - reason unknown",
+ "Resume-Server-TLS12-TLS13":"Test failure - reason unknown",
+ "Resume-Server-TLS13-TLS1":"Test failure - reason unknown",
+ "Resume-Server-TLS13-TLS11":"Test failure - reason unknown",
+ "Resume-Server-TLS13-TLS12":"Test failure - reason unknown",
+ "Resume-Server-TLS13-TLS13":"Test failure - reason unknown",
+ "NoExtendedMasterSecret-TLS13-Client":"Test failure - reason unknown",
+ "ExtendedMasterSecret-TLS13-Client":"Test failure - reason unknown",
+ "ExtendedMasterSecret-YesToNo-Server":"Test failure - reason unknown",
+ "NoExtendedMasterSecret-TLS13-Server":"Test failure - reason unknown",
+ "ExtendedMasterSecret-YesToNo-Client":"Test failure - reason unknown",
+ "ExtendedMasterSecret-TLS13-Server":"Test failure - reason unknown",
+ "ExtendedMasterSecret-NoToYes-Client":"Test failure - reason unknown",
+ "ExtendedMasterSecret-Renego-NoEMS":"Test failure - reason unknown",
+ "ExtendedMasterSecret-Renego-Downgrade":"Test failure - reason unknown",
+ "Renegotiate-Server-Forbidden":"Test failure - reason unknown",
+ "ExtendedMasterSecret-Renego-Upgrade":"Test failure - reason unknown",
+ "Renegotiate-Client":"Test failure - reason unknown",
+ "Renegotiate-Client-Downgrade":"Test failure - reason unknown",
+ "Renegotiate-Client-BadExt":"Test failure - reason unknown",
+ "Renegotiate-Client-EmptyExt":"Test failure - reason unknown",
+ "Renegotiate-Client-Upgrade":"Test failure - reason unknown",
+ "Renegotiate-Client-NoExt-Allowed":"Test failure - reason unknown",
+ "Renegotiate-Client-SwitchVersion":"Test failure - reason unknown",
+ "Renegotiate-Client-SwitchCiphers2":"Test failure - reason unknown",
+ "Renegotiate-Client-Forbidden-1":"Test failure - reason unknown",
+ "Renegotiate-SameClientVersion":"Test failure - reason unknown",
+ "Renegotiate-Client-SwitchCiphers":"Test failure - reason unknown",
+ "Renegotiate-Client-NoIgnore":"Test failure - reason unknown",
+ "Renegotiate-Client-Freely-2":"Test failure - reason unknown",
+ "Renegotiate-Client-Freely-1":"Test failure - reason unknown",
+ "Renegotiate-Client-TLS13":"Test failure - reason unknown",
+ "StrayHelloRequest-TLS13":"Test failure - reason unknown",
+ "Renegotiate-Client-SSL3":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12":"Test failure - reason unknown",
+ "ClientAuth-Sign-RSA-PKCS1-SHA1-TLS13":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-PKCS1-SHA256-TLS12":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-PKCS1-SHA256-TLS12":"Test failure - reason unknown",
+ "ClientAuth-Sign-RSA-PKCS1-SHA256-TLS13":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-PKCS1-SHA384-TLS12":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-PKCS1-SHA384-TLS12":"Test failure - reason unknown",
+ "ClientAuth-Sign-RSA-PKCS1-SHA384-TLS13":"Test failure - reason unknown",
+ "ServerAuth-Sign-RSA-PKCS1-SHA1-TLS13":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-PKCS1-SHA512-TLS12":"Test failure - reason unknown",
+ "ServerAuth-Sign-RSA-PKCS1-SHA256-TLS13":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-PKCS1-SHA512-TLS12":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-ECDSA-SHA1-TLS12":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-ECDSA-SHA1-TLS12":"Test failure - reason unknown",
+ "ClientAuth-Sign-RSA-PKCS1-SHA512-TLS13":"Test failure - reason unknown",
+ "ServerAuth-Sign-RSA-PKCS1-SHA384-TLS13":"Test failure - reason unknown",
+ "ClientAuth-Sign-ECDSA-SHA1-TLS13":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-ECDSA-P256-SHA256-TLS12":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-ECDSA-P256-SHA256-TLS12":"Test failure - reason unknown",
+ "ServerAuth-Sign-RSA-PKCS1-SHA512-TLS13":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-ECDSA-P256-SHA256-TLS13":"Test failure - reason unknown",
+ "ServerAuth-Sign-ECDSA-SHA1-TLS13":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-ECDSA-P384-SHA384-TLS12":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-ECDSA-P384-SHA384-TLS12":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-ECDSA-P256-SHA256-TLS13":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-ECDSA-P384-SHA384-TLS13":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-ECDSA-P384-SHA384-TLS13":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-ECDSA-P521-SHA512-TLS12":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-ECDSA-P521-SHA512-TLS12":"Test failure - reason unknown",
+ "ServerAuth-Sign-RSA-PSS-SHA256-TLS12":"Test failure - reason unknown",
+ "ClientAuth-Sign-RSA-PSS-SHA256-TLS12":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-PSS-SHA256-TLS12":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-PSS-SHA256-TLS12":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-ECDSA-P521-SHA512-TLS13":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-PSS-SHA256-TLS13":"Test failure - reason unknown",
+ "ClientAuth-Sign-RSA-PSS-SHA256-TLS13":"Test failure - reason unknown",
+ "ServerAuth-Sign-RSA-PSS-SHA384-TLS12":"Test failure - reason unknown",
+ "ClientAuth-Sign-RSA-PSS-SHA384-TLS12":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-PSS-SHA384-TLS12":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-ECDSA-P521-SHA512-TLS13":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-PSS-SHA384-TLS12":"Test failure - reason unknown",
+ "ServerAuth-Sign-RSA-PSS-SHA256-TLS13":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-PSS-SHA256-TLS13":"Test failure - reason unknown",
+ "ClientAuth-Sign-RSA-PSS-SHA384-TLS13":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-PSS-SHA384-TLS13":"Test failure - reason unknown",
+ "ServerAuth-Sign-RSA-PSS-SHA512-TLS12":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-PSS-SHA512-TLS12":"Test failure - reason unknown",
+ "ClientAuth-Sign-RSA-PSS-SHA512-TLS12":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-PSS-SHA512-TLS12":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-PSS-SHA512-TLS13":"Test failure - reason unknown",
+ "ServerAuth-Sign-RSA-PSS-SHA384-TLS13":"Test failure - reason unknown",
+ "ClientAuth-Sign-RSA-PSS-SHA512-TLS13":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-PSS-SHA384-TLS13":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-SSL3":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-SSL3":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-TLS1":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-PSS-SHA512-TLS13":"Test failure - reason unknown",
+ "ServerAuth-Sign-RSA-PSS-SHA512-TLS13":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-TLS1":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-RSA-TLS11":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-ECDSA-TLS1":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-RSA-TLS11":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-ECDSA-TLS1":"Test failure - reason unknown",
+ "ServerAuth-InvalidSignature-ECDSA-TLS11":"Test failure - reason unknown",
+ "ClientAuth-InvalidSignature-ECDSA-TLS11":"Test failure - reason unknown",
+ "ClientAuth-SignatureType-TLS13":"Test failure - reason unknown",
+ "Verify-ClientAuth-SignatureType":"Test failure - reason unknown",
+ "Verify-ServerAuth-SignatureType":"Test failure - reason unknown",
+ "Verify-ServerAuth-SignatureType-TLS13":"Test failure - reason unknown",
+ "ClientAuth-SHA1-Fallback-RSA":"Test failure - reason unknown",
+ "ClientAuth-SHA1-Fallback-ECDSA":"Test failure - reason unknown",
+ "ServerAuth-Enforced":"Test failure - reason unknown",
+ "ServerAuth-SignatureType-TLS13":"Test failure - reason unknown",
+ "ClientAuth-NoFallback-TLS13":"Test failure - reason unknown",
+ "Verify-ClientAuth-SignatureType-TLS13":"Test failure - reason unknown",
+ "ClientAuth-Enforced":"Test failure - reason unknown",
+ "ServerAuth-Enforced-TLS13":"Test failure - reason unknown",
+ "ECDSACurveMismatch-Verify-TLS13":"Test failure - reason unknown",
+ "CheckLeafCurve-TLS13":"Test failure - reason unknown",
+ "CheckLeafCurve":"Test failure - reason unknown",
+ "RSA-PSS-Default-Verify":"Test failure - reason unknown",
+ "ServerAuth-NoFallback-TLS13":"Test failure - reason unknown",
+ "RSA-PSS-Default-Sign":"Test failure - reason unknown",
+ "ClientAuth-Enforced-TLS13":"Test failure - reason unknown",
+ "ECDSACurveMismatch-Sign-TLS13":"Test failure - reason unknown",
+ "RSA-PSS-Large":"Test failure - reason unknown",
+ "KeyUpdate":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-1-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-1-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-2-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-3-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-2-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-3-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-4-Async":"Test failure - reason unknown",
+ "Renegotiate-Client-Packed":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-4-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-5-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-5-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-6-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-7-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-6-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-7-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-8-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-9-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-8-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-9-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-10-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-11-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-10-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-11-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-12-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-12-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Timeout-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Fudge-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Fragmented-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-1":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-1":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-2":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-2":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-3":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-4":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-3":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-4":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-5":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-5":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-6":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-6":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-7":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-7":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-8":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-9":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-8":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-9":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-10":"Test failure - reason unknown",
+ "CustomExtensions-ParseError-Server":"Test failure - reason unknown",
+ "CustomExtensions-ParseError-Server-TLS13":"Test failure - reason unknown",
+ "CustomExtensions-FailAdd-Server":"Test failure - reason unknown",
+ "CustomExtensions-FailAdd-Server-TLS13":"Test failure - reason unknown",
+ "CustomExtensions-ParseError-Client":"Test failure - reason unknown",
+ "CustomExtensions-ParseError-Client-TLS13":"Test failure - reason unknown",
+ "CustomExtensions-FailAdd-Client":"Test failure - reason unknown",
+ "CustomExtensions-FailAdd-Client-TLS13":"Test failure - reason unknown",
+ "UnknownExtension-Client":"Test failure - reason unknown",
+ "UnknownExtension-Client-TLS13":"Test failure - reason unknown",
+ "UnknownUnencryptedExtension-Client-TLS13":"Test failure - reason unknown",
+ "UnexpectedUnencryptedExtension-Client-TLS13":"Test failure - reason unknown",
+ "UnofferedExtension-Client":"Test failure - reason unknown",
+ "UnofferedExtension-Client-TLS13":"Test failure - reason unknown",
+ "BadRSAClientKeyExchange-1":"Test failure - reason unknown",
+ "BadRSAClientKeyExchange-2":"Test failure - reason unknown",
+ "BadRSAClientKeyExchange-3":"Test failure - reason unknown",
+ "BadRSAClientKeyExchange-4":"Test failure - reason unknown",
+ "NoSupportedCurves":"Test failure - reason unknown",
+ "NoSupportedCurves-TLS13":"Test failure - reason unknown",
+ "BadECDHECurve":"Test failure - reason unknown",
+ "BadECDHECurve-TLS13":"Test failure - reason unknown",
+ "UnsupportedCurve":"Test failure - reason unknown",
+ "UnsupportedCurve-ServerHello-TLS13":"Test failure - reason unknown",
+ "InvalidECDHPoint-Client":"Test failure - reason unknown",
+ "InvalidECDHPoint-Client-TLS13":"Test failure - reason unknown",
+ "InvalidECDHPoint-Server":"Test failure - reason unknown",
+ "InvalidECDHPoint-Server-TLS13":"Test failure - reason unknown",
+ "CECPQ1-Client-BadX25519Part":"Test failure - reason unknown",
+ "CECPQ1-Client-BadNewhopePart":"Test failure - reason unknown",
+ "CECPQ1-Server-BadX25519Part":"Test failure - reason unknown",
+ "CECPQ1-Server-BadNewhopePart":"Test failure - reason unknown",
+ "TLS13-SendUnknownModeSessionTicket-Server":"Test failure - reason unknown",
+ "TLS13-SendBadKEModeSessionTicket-Server":"Test failure - reason unknown",
+ "TLS13-SendBadAuthModeSessionTicket-Server":"Test failure - reason unknown",
+ "TLS13-SendUnknownModeSessionTicket-Client":"Test failure - reason unknown",
+ "TLS13-SendBadKEModeSessionTicket-Client":"Test failure - reason unknown",
+ "TLS13-SendBadAuthModeSessionTicket-Client":"Test failure - reason unknown",
+ "TLS13-RecordPadding":"Test failure - reason unknown",
+ "TLS13-EmptyRecords":"Test failure - reason unknown",
+ "TLS13-OnlyPadding":"Test failure - reason unknown",
+ "TLS13-WrongOuterRecord":"Test failure - reason unknown",
+ "Basic-Client-RenewTicket-Sync":"Test failure - reason unknown",
+ "TLS13-1RTT-Client-Sync":"Test failure - reason unknown",
+ "TLS13-1RTT-Server-Sync":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Client-Sync":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Server-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-SSL3-Sync":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-SSL3-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-SSL3-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS1-Sync":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS1-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS1-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS11-Sync":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS11-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS11-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS12-Sync":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS12-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS12-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS13-Sync":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS13-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS13-Sync":"Test failure - reason unknown",
+ "Renegotiate-Client-Sync":"Test failure - reason unknown",
+ "Shutdown-Shim-Sync":"Test failure - reason unknown",
+ "Basic-Client-RenewTicket-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "TLS13-1RTT-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "TLS13-1RTT-Server-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Server-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-SSL3-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-SSL3-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-SSL3-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS1-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS1-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS1-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS11-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS11-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS11-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS12-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS12-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS12-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS13-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS13-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS13-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Renegotiate-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Shutdown-Shim-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Client-RenewTicket-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "TLS13-1RTT-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "TLS13-1RTT-Server-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Server-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-SSL3-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-SSL3-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-SSL3-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS1-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS1-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS1-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS11-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS11-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS11-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS12-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS12-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS12-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS13-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS13-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS13-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "Renegotiate-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "Shutdown-Shim-Sync-PackHandshakeFlight":"Test failure - reason unknown",
+ "Basic-Client-RenewTicket-DTLS-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS1-DTLS-Sync":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS1-DTLS-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS1-DTLS-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS12-DTLS-Sync":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS12-DTLS-Sync":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS12-DTLS-Sync":"Test failure - reason unknown",
+ "Basic-Client-RenewTicket-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Server-Implicit-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "ClientAuth-NoCertificate-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "ClientAuth-ECDSA-Client-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "ClientAuth-ECDSA-Client-TLS13-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Server-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Server-ECDHE-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Server-ECDHE-ECDSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS1-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS1-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS1-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS12-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS12-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS12-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Client-RenewTicket-Async":"Test failure - reason unknown",
+ "TLS13-1RTT-Client-Async":"Test failure - reason unknown",
+ "TLS13-1RTT-Server-Async":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Client-Async":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Server-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-SSL3-Async":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-SSL3-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-SSL3-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS1-Async":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS1-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS1-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS11-Async":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS11-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS11-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS12-Async":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS12-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS12-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS13-Async":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS13-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS13-Async":"Test failure - reason unknown",
+ "Shutdown-Shim-Async":"Test failure - reason unknown",
+ "Basic-Client-RenewTicket-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "TLS13-1RTT-Client-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "TLS13-1RTT-Server-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Client-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Server-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-SSL3-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-10":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-SSL3-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-SSL3-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS1-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS1-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS1-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS11-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS11-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS11-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS12-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS12-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS12-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS13-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS13-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS13-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Shutdown-Shim-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Client-RenewTicket-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "TLS13-1RTT-Client-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Client-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "TLS13-HelloRetryRequest-Server-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "TLS13-1RTT-Server-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-SSL3-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-SSL3-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-SSL3-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS1-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS1-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS1-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS11-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS11-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS11-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS12-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS12-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS12-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS13-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS13-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS13-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "Shutdown-Shim-Async-PackHandshakeFlight":"Test failure - reason unknown",
+ "Basic-Client-RenewTicket-DTLS-Async":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-11":"Test failure - reason unknown",
+ "DTLS-Retransmit-Client-12":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-11":"Test failure - reason unknown",
+ "DTLS-Retransmit-Timeout":"Test failure - reason unknown",
+ "DTLS-Retransmit-Server-12":"Test failure - reason unknown",
+ "DTLS-Retransmit-Fragmented":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS1-DTLS-Async":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS1-DTLS-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS12-DTLS-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS1-DTLS-Async":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS12-DTLS-Async":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS12-DTLS-Async":"Test failure - reason unknown",
+ "Basic-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Server-Implicit-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "ClientAuth-NoCertificate-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Client-RenewTicket-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "ClientAuth-ECDSA-Client-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "ClientAuth-ECDSA-Client-TLS13-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Server-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Server-ECDHE-ECDSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "Basic-Server-ECDHE-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS1-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS1-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationFail-Client-TLS12-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS12-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "CertificateVerificationSucceed-Server-TLS1-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "SkipChangeCipherSpec-Server-NPN":"Test failure - reason unknown",
+ "SkipChangeCipherSpec-Server":"Test failure - reason unknown",
+ "FragmentAcrossChangeCipherSpec-Client-Resume":"Test failure - reason unknown",
+ "CertificateVerificationFail-Server-TLS12-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
+ "SkipChangeCipherSpec-Client":"Test failure - reason unknown",
+ "FragmentAcrossChangeCipherSpec-Server":"Test failure - reason unknown",
+ "FragmentAcrossChangeCipherSpec-Client":"Test failure - reason unknown",
+ "FragmentAcrossChangeCipherSpec-Server-NPN":"Test failure - reason unknown",
+ "FragmentAcrossChangeCipherSpec-Server-Resume":"Test failure - reason unknown",
+ "FragmentAcrossChangeCipherSpec-Client-Resume-Packed":"Test failure - reason unknown",
+ "FragmentAcrossChangeCipherSpec-Server-Resume-Packed":"Test failure - reason unknown",
+ "FragmentAcrossChangeCipherSpec-Client-Packed":"Test failure - reason unknown",
+ "FragmentAcrossChangeCipherSpec-Server-Packed":"Test failure - reason unknown",
+ "SendUnencryptedFinished-DTLS":"Test failure - reason unknown",
+ "FragmentAcrossChangeCipherSpec-Server-NPN-Packed":"Test failure - reason unknown",
+ "StrayChangeCipherSpec":"Test failure - reason unknown",
+ "EarlyChangeCipherSpec-server-2":"Test failure - reason unknown",
+ "EarlyChangeCipherSpec-server-1":"Test failure - reason unknown",
+ "PartialEncryptedExtensionsWithServerHello":"Test failure - reason unknown",
+ "WrongMessageType-ClientHello":"Test failure - reason unknown",
+ "BadChangeCipherSpec-2":"Test failure - reason unknown",
+ "BadChangeCipherSpec-DTLS-2":"Test failure - reason unknown",
+ "BadChangeCipherSpec-DTLS-1":"Test failure - reason unknown",
+ "BadChangeCipherSpec-1":"Test failure - reason unknown",
+ "WrongMessageType-ServerHello":"Test failure - reason unknown",
+ "WrongMessageType-ServerCertificate":"Test failure - reason unknown",
+ "WrongMessageType-CertificateRequest":"Test failure - reason unknown",
+ "WrongMessageType-ServerKeyExchange":"Test failure - reason unknown",
+ "WrongMessageType-ServerHelloDone":"Test failure - reason unknown",
+ "WrongMessageType-ClientCertificate":"Test failure - reason unknown",
+ "WrongMessageType-ClientKeyExchange":"Test failure - reason unknown",
+ "WrongMessageType-ClientFinished":"Test failure - reason unknown",
+ "WrongMessageType-NewSessionTicket":"Test failure - reason unknown",
+ "WrongMessageType-ServerFinished":"Test failure - reason unknown",
+ "WrongMessageType-NextProtocol":"Test failure - reason unknown",
+ "WrongMessageType-CertificateVerify":"Test failure - reason unknown",
+ "WrongMessageType-ClientHello-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-HelloVerifyRequest-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-ServerHello-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-CertificateRequest-DTLS":"Test failure - reason unknown",
+ "PartialClientFinishedWithClientHello":"Test failure - reason unknown",
+ "WrongMessageType-ServerKeyExchange-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-ServerCertificate-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-ClientKeyExchange-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-ServerHelloDone-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-CertificateVerify-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-ClientCertificate-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-ClientFinished-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-ServerFinished-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-TLS13-ServerHello":"Test failure - reason unknown",
+ "WrongMessageType-NewSessionTicket-DTLS":"Test failure - reason unknown",
+ "WrongMessageType-TLS13-ServerCertificate":"Test failure - reason unknown",
+ "WrongMessageType-TLS13-CertificateRequest":"Test failure - reason unknown",
+ "WrongMessageType-TLS13-EncryptedExtensions":"Test failure - reason unknown",
+ "TrailingMessageData-ClientHello":"Test failure - reason unknown",
+ "WrongMessageType-TLS13-ServerCertificateVerify":"Test failure - reason unknown",
+ "WrongMessageType-TLS13-ServerFinished":"Test failure - reason unknown",
+ "TrailingMessageData-ServerHello":"Test failure - reason unknown",
+ "TrailingMessageData-ServerCertificate":"Test failure - reason unknown",
+ "TrailingMessageData-ServerKeyExchange":"Test failure - reason unknown",
+ "TrailingMessageData-CertificateRequest":"Test failure - reason unknown",
+ "TrailingMessageData-ServerHelloDone":"Test failure - reason unknown",
+ "TrailingMessageData-ClientKeyExchange":"Test failure - reason unknown",
+ "WrongMessageType-TLS13-ClientHello":"Test failure - reason unknown",
+ "TrailingMessageData-ClientCertificate":"Test failure - reason unknown",
+ "TrailingMessageData-CertificateVerify":"Test failure - reason unknown",
+ "TrailingMessageData-NextProtocol":"Test failure - reason unknown",
+ "TrailingMessageData-ClientFinished":"Test failure - reason unknown",
+ "TrailingMessageData-ClientHello-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-NewSessionTicket":"Test failure - reason unknown",
+ "TrailingMessageData-ServerFinished":"Test failure - reason unknown",
+ "WrongMessageType-TLS13-ClientFinished":"Test failure - reason unknown",
+ "WrongMessageType-TLS13-ClientCertificateVerify":"Test failure - reason unknown",
+ "WrongMessageType-TLS13-ClientCertificate":"Test failure - reason unknown",
+ "TrailingMessageData-ServerHello-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-HelloVerifyRequest-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-CertificateRequest-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-ServerHelloDone-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-ServerCertificate-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-ServerKeyExchange-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-ClientKeyExchange-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-ClientCertificate-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-ClientFinished-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-NewSessionTicket-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-ServerFinished-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-CertificateVerify-DTLS":"Test failure - reason unknown",
+ "TrailingMessageData-TLS13-EncryptedExtensions":"Test failure - reason unknown",
+ "TrailingMessageData-TLS13-ServerHello":"Test failure - reason unknown",
+ "TrailingMessageData-TLS13-ServerCertificate":"Test failure - reason unknown",
+ "TrailingMessageData-TLS13-ServerCertificateVerify":"Test failure - reason unknown",
+ "TrailingMessageData-TLS13-CertificateRequest":"Test failure - reason unknown",
+ "TrailingMessageData-TLS13-ServerFinished":"Test failure - reason unknown",
+ "OmitServerHelloSignatureAlgorithms":"Test failure - reason unknown",
+ "IncludeServerHelloSignatureAlgorithms":"Test failure - reason unknown",
+ "NegotiatePSKResumption-TLS13":"Test failure - reason unknown",
+ "MissingKeyShare-Client":"Test failure - reason unknown",
+ "TrailingMessageData-TLS13-ClientHello":"Test failure - reason unknown",
+ "EmptyEncryptedExtensions":"Test failure - reason unknown",
+ "EncryptedExtensionsWithKeyShare":"Test failure - reason unknown",
+ "TrailingMessageData-TLS13-ClientFinished":"Test failure - reason unknown",
+ "TrailingMessageData-TLS13-ClientCertificateVerify":"Test failure - reason unknown",
+ "TrailingMessageData-TLS13-ClientCertificate":"Test failure - reason unknown",
+ "DisabledCurve-HelloRetryRequest":"Test failure - reason unknown",
+ "UnnecessaryHelloRetryRequest":"Test failure - reason unknown",
+ "SecondClientHelloMissingKeyShare":"Test failure - reason unknown",
+ "DuplicateKeyShares":"Test failure - reason unknown",
+ "MissingKeyShare-Server":"Test failure - reason unknown",
+ "SecondClientHelloWrongCurve":"Test failure - reason unknown",
+ "TLS13-RequestContextInHandshake":"Test failure - reason unknown",
+ "UnknownCurve-HelloRetryRequest":"Test failure - reason unknown",
+ "TLS13-AlwaysSelectPSKIdentity":"Test failure - reason unknown",
+ "HelloRetryRequestVersionMismatch":"Test failure - reason unknown",
+ "TLS13-InvalidPSKIdentity":"Test failure - reason unknown",
+ "HelloRetryRequestCurveMismatch":"Test failure - reason unknown",
+ "SecondHelloRetryRequest":"Test failure - reason unknown",
+ "Peek-Renegotiate":"Test failure - reason unknown",
+ "SkipHelloRetryRequest":"Test failure - reason unknown",
+ "Peek-Alert":"Test failure - reason unknown",
+ "TLS13-TrailingKeyShareData":"Test failure - reason unknown",
+ "Peek-KeyUpdate":"Test failure - reason unknown"
+ },
+ "ErrorMap" : {
+ }
+}
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
new file mode 100644
index 0000000..4da340b
--- /dev/null
+++ b/test/ossl_shim/ossl_shim.cc
@@ -0,0 +1,1265 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if !defined(__STDC_FORMAT_MACROS)
+#define __STDC_FORMAT_MACROS
+#endif
+
+#include <openssl/e_os2.h>
+
+#if !defined(OPENSSL_SYS_WINDOWS)
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <signal.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <unistd.h>
+#else
+#include <io.h>
+OPENSSL_MSVC_PRAGMA(warning(push, 3))
+#include <winsock2.h>
+#include <ws2tcpip.h>
+OPENSSL_MSVC_PRAGMA(warning(pop))
+
+OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib"))
+#endif
+
+#include <assert.h>
+#include <inttypes.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+
+#include <memory>
+#include <string>
+#include <vector>
+
+#include "async_bio.h"
+#include "packeted_bio.h"
+#include "test_config.h"
+
+namespace bssl {
+
+#if !defined(OPENSSL_SYS_WINDOWS)
+static int closesocket(int sock) {
+ return close(sock);
+}
+
+static void PrintSocketError(const char *func) {
+ perror(func);
+}
+#else
+static void PrintSocketError(const char *func) {
+ fprintf(stderr, "%s: %d\n", func, WSAGetLastError());
+}
+#endif
+
+static int Usage(const char *program) {
+ fprintf(stderr, "Usage: %s [flags...]\n", program);
+ return 1;
+}
+
+struct TestState {
+ // async_bio is async BIO which pauses reads and writes.
+ BIO *async_bio = nullptr;
+ // packeted_bio is the packeted BIO which simulates read timeouts.
+ BIO *packeted_bio = nullptr;
+ bool cert_ready = false;
+ bool handshake_done = false;
+ // private_key is the underlying private key used when testing custom keys.
+ bssl::UniquePtr<EVP_PKEY> private_key;
+ bool got_new_session = false;
+ bssl::UniquePtr<SSL_SESSION> new_session;
+ bool ticket_decrypt_done = false;
+ bool alpn_select_done = false;
+};
+
+static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int index, long argl, void *argp) {
+ delete ((TestState *)ptr);
+}
+
+static int g_config_index = 0;
+static int g_state_index = 0;
+
+static bool SetTestConfig(SSL *ssl, const TestConfig *config) {
+ return SSL_set_ex_data(ssl, g_config_index, (void *)config) == 1;
+}
+
+static const TestConfig *GetTestConfig(const SSL *ssl) {
+ return (const TestConfig *)SSL_get_ex_data(ssl, g_config_index);
+}
+
+static bool SetTestState(SSL *ssl, std::unique_ptr<TestState> state) {
+ // |SSL_set_ex_data| takes ownership of |state| only on success.
+ if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) {
+ state.release();
+ return true;
+ }
+ return false;
+}
+
+static TestState *GetTestState(const SSL *ssl) {
+ return (TestState *)SSL_get_ex_data(ssl, g_state_index);
+}
+
+static bssl::UniquePtr<X509> LoadCertificate(const std::string &file) {
+ bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
+ if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
+ return nullptr;
+ }
+ return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), NULL, NULL, NULL));
+}
+
+static bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file) {
+ bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
+ if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
+ return nullptr;
+ }
+ return bssl::UniquePtr<EVP_PKEY>(
+ PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL));
+}
+
+template<typename T>
+struct Free {
+ void operator()(T *buf) {
+ free(buf);
+ }
+};
+
+static bool GetCertificate(SSL *ssl, bssl::UniquePtr<X509> *out_x509,
+ bssl::UniquePtr<EVP_PKEY> *out_pkey) {
+ const TestConfig *config = GetTestConfig(ssl);
+
+ if (!config->key_file.empty()) {
+ *out_pkey = LoadPrivateKey(config->key_file.c_str());
+ if (!*out_pkey) {
+ return false;
+ }
+ }
+ if (!config->cert_file.empty()) {
+ *out_x509 = LoadCertificate(config->cert_file.c_str());
+ if (!*out_x509) {
+ return false;
+ }
+ }
+ return true;
+}
+
+static bool InstallCertificate(SSL *ssl) {
+ bssl::UniquePtr<X509> x509;
+ bssl::UniquePtr<EVP_PKEY> pkey;
+ if (!GetCertificate(ssl, &x509, &pkey)) {
+ return false;
+ }
+
+ if (pkey && !SSL_use_PrivateKey(ssl, pkey.get())) {
+ return false;
+ }
+
+ if (x509 && !SSL_use_certificate(ssl, x509.get())) {
+ return false;
+ }
+
+ return true;
+}
+
+static int ClientCertCallback(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey) {
+ if (GetTestConfig(ssl)->async && !GetTestState(ssl)->cert_ready) {
+ return -1;
+ }
+
+ bssl::UniquePtr<X509> x509;
+ bssl::UniquePtr<EVP_PKEY> pkey;
+ if (!GetCertificate(ssl, &x509, &pkey)) {
+ return -1;
+ }
+
+ // Return zero for no certificate.
+ if (!x509) {
+ return 0;
+ }
+
+ // Asynchronous private keys are not supported with client_cert_cb.
+ *out_x509 = x509.release();
+ *out_pkey = pkey.release();
+ return 1;
+}
+
+static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) {
+ return 1;
+}
+
+static int VerifyFail(X509_STORE_CTX *store_ctx, void *arg) {
+ X509_STORE_CTX_set_error(store_ctx, X509_V_ERR_APPLICATION_VERIFICATION);
+ return 0;
+}
+
+static int NextProtosAdvertisedCallback(SSL *ssl, const uint8_t **out,
+ unsigned int *out_len, void *arg) {
+ const TestConfig *config = GetTestConfig(ssl);
+ if (config->advertise_npn.empty()) {
+ return SSL_TLSEXT_ERR_NOACK;
+ }
+
+ *out = (const uint8_t*)config->advertise_npn.data();
+ *out_len = config->advertise_npn.size();
+ return SSL_TLSEXT_ERR_OK;
+}
+
+static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen,
+ const uint8_t* in, unsigned inlen, void* arg) {
+ const TestConfig *config = GetTestConfig(ssl);
+ if (config->select_next_proto.empty()) {
+ return SSL_TLSEXT_ERR_NOACK;
+ }
+
+ *out = (uint8_t*)config->select_next_proto.data();
+ *outlen = config->select_next_proto.size();
+ return SSL_TLSEXT_ERR_OK;
+}
+
+static int AlpnSelectCallback(SSL* ssl, const uint8_t** out, uint8_t* outlen,
+ const uint8_t* in, unsigned inlen, void* arg) {
+ if (GetTestState(ssl)->alpn_select_done) {
+ fprintf(stderr, "AlpnSelectCallback called after completion.\n");
+ exit(1);
+ }
+
+ GetTestState(ssl)->alpn_select_done = true;
+
+ const TestConfig *config = GetTestConfig(ssl);
+ if (config->decline_alpn) {
+ return SSL_TLSEXT_ERR_NOACK;
+ }
+
+ if (!config->expected_advertised_alpn.empty() &&
+ (config->expected_advertised_alpn.size() != inlen ||
+ memcmp(config->expected_advertised_alpn.data(),
+ in, inlen) != 0)) {
+ fprintf(stderr, "bad ALPN select callback inputs\n");
+ exit(1);
+ }
+
+ *out = (const uint8_t*)config->select_alpn.data();
+ *outlen = config->select_alpn.size();
+ return SSL_TLSEXT_ERR_OK;
+}
+
+static unsigned PskClientCallback(SSL *ssl, const char *hint,
+ char *out_identity,
+ unsigned max_identity_len,
+ uint8_t *out_psk, unsigned max_psk_len) {
+ const TestConfig *config = GetTestConfig(ssl);
+
+ if (config->psk_identity.empty()) {
+ if (hint != nullptr) {
+ fprintf(stderr, "Server PSK hint was non-null.\n");
+ return 0;
+ }
+ } else if (hint == nullptr ||
+ strcmp(hint, config->psk_identity.c_str()) != 0) {
+ fprintf(stderr, "Server PSK hint did not match.\n");
+ return 0;
+ }
+
+ // Account for the trailing '\0' for the identity.
+ if (config->psk_identity.size() >= max_identity_len ||
+ config->psk.size() > max_psk_len) {
+ fprintf(stderr, "PSK buffers too small\n");
+ return 0;
+ }
+
+ BUF_strlcpy(out_identity, config->psk_identity.c_str(),
+ max_identity_len);
+ memcpy(out_psk, config->psk.data(), config->psk.size());
+ return config->psk.size();
+}
+
+static unsigned PskServerCallback(SSL *ssl, const char *identity,
+ uint8_t *out_psk, unsigned max_psk_len) {
+ const TestConfig *config = GetTestConfig(ssl);
+
+ if (strcmp(identity, config->psk_identity.c_str()) != 0) {
+ fprintf(stderr, "Client PSK identity did not match.\n");
+ return 0;
+ }
+
+ if (config->psk.size() > max_psk_len) {
+ fprintf(stderr, "PSK buffers too small\n");
+ return 0;
+ }
+
+ memcpy(out_psk, config->psk.data(), config->psk.size());
+ return config->psk.size();
+}
+
+static int CertCallback(SSL *ssl, void *arg) {
+ const TestConfig *config = GetTestConfig(ssl);
+
+ // Check the CertificateRequest metadata is as expected.
+ //
+ // TODO(davidben): Test |SSL_get_client_CA_list|.
+ if (!SSL_is_server(ssl) &&
+ !config->expected_certificate_types.empty()) {
+ const uint8_t *certificate_types;
+ size_t certificate_types_len =
+ SSL_get0_certificate_types(ssl, &certificate_types);
+ if (certificate_types_len != config->expected_certificate_types.size() ||
+ memcmp(certificate_types,
+ config->expected_certificate_types.data(),
+ certificate_types_len) != 0) {
+ fprintf(stderr, "certificate types mismatch\n");
+ return 0;
+ }
+ }
+
+ // The certificate will be installed via other means.
+ if (!config->async ||
+ config->use_old_client_cert_callback) {
+ return 1;
+ }
+
+ if (!GetTestState(ssl)->cert_ready) {
+ return -1;
+ }
+ if (!InstallCertificate(ssl)) {
+ return 0;
+ }
+ return 1;
+}
+
+static void InfoCallback(const SSL *ssl, int type, int val) {
+ if (type == SSL_CB_HANDSHAKE_DONE) {
+ if (GetTestConfig(ssl)->handshake_never_done) {
+ fprintf(stderr, "Handshake unexpectedly completed.\n");
+ // Abort before any expected error code is printed, to ensure the overall
+ // test fails.
+ abort();
+ }
+ GetTestState(ssl)->handshake_done = true;
+
+ // Callbacks may be called again on a new handshake.
+ GetTestState(ssl)->ticket_decrypt_done = false;
+ GetTestState(ssl)->alpn_select_done = false;
+ }
+}
+
+static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) {
+ GetTestState(ssl)->got_new_session = true;
+ GetTestState(ssl)->new_session.reset(session);
+ return 1;
+}
+
+static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
+ int encrypt) {
+ if (!encrypt) {
+ if (GetTestState(ssl)->ticket_decrypt_done) {
+ fprintf(stderr, "TicketKeyCallback called after completion.\n");
+ return -1;
+ }
+
+ GetTestState(ssl)->ticket_decrypt_done = true;
+ }
+
+ // This is just test code, so use the all-zeros key.
+ static const uint8_t kZeros[16] = {0};
+
+ if (encrypt) {
+ memcpy(key_name, kZeros, sizeof(kZeros));
+ RAND_bytes(iv, 16);
+ } else if (memcmp(key_name, kZeros, 16) != 0) {
+ return 0;
+ }
+
+ if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
+ !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
+ return -1;
+ }
+
+ if (!encrypt) {
+ return GetTestConfig(ssl)->renew_ticket ? 2 : 1;
+ }
+ return 1;
+}
+
+// kCustomExtensionValue is the extension value that the custom extension
+// callbacks will add.
+static const uint16_t kCustomExtensionValue = 1234;
+static void *const kCustomExtensionAddArg =
+ reinterpret_cast<void *>(kCustomExtensionValue);
+static void *const kCustomExtensionParseArg =
+ reinterpret_cast<void *>(kCustomExtensionValue + 1);
+static const char kCustomExtensionContents[] = "custom extension";
+
+static int CustomExtensionAddCallback(SSL *ssl, unsigned extension_value,
+ const uint8_t **out, size_t *out_len,
+ int *out_alert_value, void *add_arg) {
+ if (extension_value != kCustomExtensionValue ||
+ add_arg != kCustomExtensionAddArg) {
+ abort();
+ }
+
+ if (GetTestConfig(ssl)->custom_extension_skip) {
+ return 0;
+ }
+ if (GetTestConfig(ssl)->custom_extension_fail_add) {
+ return -1;
+ }
+
+ *out = reinterpret_cast<const uint8_t*>(kCustomExtensionContents);
+ *out_len = sizeof(kCustomExtensionContents) - 1;
+
+ return 1;
+}
+
+static void CustomExtensionFreeCallback(SSL *ssl, unsigned extension_value,
+ const uint8_t *out, void *add_arg) {
+ if (extension_value != kCustomExtensionValue ||
+ add_arg != kCustomExtensionAddArg ||
+ out != reinterpret_cast<const uint8_t *>(kCustomExtensionContents)) {
+ abort();
+ }
+}
+
+static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value,
+ const uint8_t *contents,
+ size_t contents_len,
+ int *out_alert_value, void *parse_arg) {
+ if (extension_value != kCustomExtensionValue ||
+ parse_arg != kCustomExtensionParseArg) {
+ abort();
+ }
+
+ if (contents_len != sizeof(kCustomExtensionContents) - 1 ||
+ memcmp(contents, kCustomExtensionContents, contents_len) != 0) {
+ *out_alert_value = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ return 1;
+}
+
+// Connect returns a new socket connected to localhost on |port| or -1 on
+// error.
+static int Connect(uint16_t port) {
+ int sock = socket(AF_INET, SOCK_STREAM, 0);
+ if (sock == -1) {
+ PrintSocketError("socket");
+ return -1;
+ }
+ int nodelay = 1;
+ if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
+ reinterpret_cast<const char*>(&nodelay), sizeof(nodelay)) != 0) {
+ PrintSocketError("setsockopt");
+ closesocket(sock);
+ return -1;
+ }
+ sockaddr_in sin;
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_family = AF_INET;
+ sin.sin_port = htons(port);
+ if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) {
+ PrintSocketError("inet_pton");
+ closesocket(sock);
+ return -1;
+ }
+ if (connect(sock, reinterpret_cast<const sockaddr*>(&sin),
+ sizeof(sin)) != 0) {
+ PrintSocketError("connect");
+ closesocket(sock);
+ return -1;
+ }
+ return sock;
+}
+
+class SocketCloser {
+ public:
+ explicit SocketCloser(int sock) : sock_(sock) {}
+ ~SocketCloser() {
+ // Half-close and drain the socket before releasing it. This seems to be
+ // necessary for graceful shutdown on Windows. It will also avoid write
+ // failures in the test runner.
+#if defined(OPENSSL_SYS_WINDOWS)
+ shutdown(sock_, SD_SEND);
+#else
+ shutdown(sock_, SHUT_WR);
+#endif
+ while (true) {
+ char buf[1024];
+ if (recv(sock_, buf, sizeof(buf), 0) <= 0) {
+ break;
+ }
+ }
+ closesocket(sock_);
+ }
+
+ private:
+ const int sock_;
+};
+
+static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
+ bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(
+ config->is_dtls ? DTLS_method() : TLS_method()));
+ if (!ssl_ctx) {
+ return nullptr;
+ }
+
+ SSL_CTX_set_security_level(ssl_ctx.get(), 0);
+#if 0
+ /* Disabled for now until we have some TLS1.3 support */
+ // Enable TLS 1.3 for tests.
+ if (!config->is_dtls &&
+ !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {
+ return nullptr;
+ }
+#endif
+
+ std::string cipher_list = "ALL";
+ if (!config->cipher.empty()) {
+ cipher_list = config->cipher;
+ SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE);
+ }
+ if (!SSL_CTX_set_cipher_list(ssl_ctx.get(), cipher_list.c_str())) {
+ return nullptr;
+ }
+
+ DH *tmpdh;
+
+ if (config->use_sparse_dh_prime) {
+ BIGNUM *p, *g;
+ p = BN_new();
+ g = BN_new();
+ tmpdh = DH_new();
+ if (p == NULL || g == NULL || tmpdh == NULL) {
+ BN_free(p);
+ BN_free(g);
+ DH_free(tmpdh);
+ return nullptr;
+ }
+ // This prime number is 2^1024 + 643 – a value just above a power of two.
+ // Because of its form, values modulo it are essentially certain to be one
+ // byte shorter. This is used to test padding of these values.
+ if (BN_hex2bn(
+ &p,
+ "1000000000000000000000000000000000000000000000000000000000000000"
+ "0000000000000000000000000000000000000000000000000000000000000000"
+ "0000000000000000000000000000000000000000000000000000000000000000"
+ "0000000000000000000000000000000000000000000000000000000000000028"
+ "3") == 0 ||
+ !BN_set_word(g, 2)) {
+ BN_free(p);
+ BN_free(g);
+ DH_free(tmpdh);
+ return nullptr;
+ }
+ DH_set0_pqg(tmpdh, p, NULL, g);
+ } else {
+ tmpdh = DH_get_2048_256();
+ }
+
+ bssl::UniquePtr<DH> dh(tmpdh);
+
+ if (!dh || !SSL_CTX_set_tmp_dh(ssl_ctx.get(), dh.get())) {
+ return nullptr;
+ }
+
+ SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH);
+
+ if (config->use_old_client_cert_callback) {
+ SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback);
+ }
+
+ SSL_CTX_set_next_protos_advertised_cb(
+ ssl_ctx.get(), NextProtosAdvertisedCallback, NULL);
+ if (!config->select_next_proto.empty()) {
+ SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback,
+ NULL);
+ }
+
+ if (!config->select_alpn.empty() || config->decline_alpn) {
+ SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL);
+ }
+
+ SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback);
+ SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);
+
+ if (config->use_ticket_callback) {
+ SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback);
+ }
+
+ if (config->enable_client_custom_extension &&
+ !SSL_CTX_add_client_custom_ext(
+ ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback,
+ CustomExtensionFreeCallback, kCustomExtensionAddArg,
+ CustomExtensionParseCallback, kCustomExtensionParseArg)) {
+ return nullptr;
+ }
+
+ if (config->enable_server_custom_extension &&
+ !SSL_CTX_add_server_custom_ext(
+ ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback,
+ CustomExtensionFreeCallback, kCustomExtensionAddArg,
+ CustomExtensionParseCallback, kCustomExtensionParseArg)) {
+ return nullptr;
+ }
+
+ if (config->verify_fail) {
+ SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifyFail, NULL);
+ } else {
+ SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifySucceed, NULL);
+ }
+
+ if (config->use_null_client_ca_list) {
+ SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
+ }
+
+ return ssl_ctx;
+}
+
+// RetryAsync is called after a failed operation on |ssl| with return code
+// |ret|. If the operation should be retried, it simulates one asynchronous
+// event and returns true. Otherwise it returns false.
+static bool RetryAsync(SSL *ssl, int ret) {
+ // No error; don't retry.
+ if (ret >= 0) {
+ return false;
+ }
+
+ TestState *test_state = GetTestState(ssl);
+ assert(GetTestConfig(ssl)->async);
+
+ if (test_state->packeted_bio != nullptr &&
+ PacketedBioAdvanceClock(test_state->packeted_bio)) {
+ // The DTLS retransmit logic silently ignores write failures. So the test
+ // may progress, allow writes through synchronously.
+ AsyncBioEnforceWriteQuota(test_state->async_bio, false);
+ int timeout_ret = DTLSv1_handle_timeout(ssl);
+ AsyncBioEnforceWriteQuota(test_state->async_bio, true);
+
+ if (timeout_ret < 0) {
+ fprintf(stderr, "Error retransmitting.\n");
+ return false;
+ }
+ return true;
+ }
+
+ // See if we needed to read or write more. If so, allow one byte through on
+ // the appropriate end to maximally stress the state machine.
+ switch (SSL_get_error(ssl, ret)) {
+ case SSL_ERROR_WANT_READ:
+ AsyncBioAllowRead(test_state->async_bio, 1);
+ return true;
+ case SSL_ERROR_WANT_WRITE:
+ AsyncBioAllowWrite(test_state->async_bio, 1);
+ return true;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ test_state->cert_ready = true;
+ return true;
+ default:
+ return false;
+ }
+}
+
+// DoRead reads from |ssl|, resolving any asynchronous operations. It returns
+// the result value of the final |SSL_read| call.
+static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) {
+ const TestConfig *config = GetTestConfig(ssl);
+ TestState *test_state = GetTestState(ssl);
+ int ret;
+ do {
+ if (config->async) {
+ // The DTLS retransmit logic silently ignores write failures. So the test
+ // may progress, allow writes through synchronously. |SSL_read| may
+ // trigger a retransmit, so disconnect the write quota.
+ AsyncBioEnforceWriteQuota(test_state->async_bio, false);
+ }
+ ret = config->peek_then_read ? SSL_peek(ssl, out, max_out)
+ : SSL_read(ssl, out, max_out);
+ if (config->async) {
+ AsyncBioEnforceWriteQuota(test_state->async_bio, true);
+ }
+ } while (config->async && RetryAsync(ssl, ret));
+
+ if (config->peek_then_read && ret > 0) {
+ std::unique_ptr<uint8_t[]> buf(new uint8_t[static_cast<size_t>(ret)]);
+
+ // SSL_peek should synchronously return the same data.
+ int ret2 = SSL_peek(ssl, buf.get(), ret);
+ if (ret2 != ret ||
+ memcmp(buf.get(), out, ret) != 0) {
+ fprintf(stderr, "First and second SSL_peek did not match.\n");
+ return -1;
+ }
+
+ // SSL_read should synchronously return the same data and consume it.
+ ret2 = SSL_read(ssl, buf.get(), ret);
+ if (ret2 != ret ||
+ memcmp(buf.get(), out, ret) != 0) {
+ fprintf(stderr, "SSL_peek and SSL_read did not match.\n");
+ return -1;
+ }
+ }
+
+ return ret;
+}
+
+// WriteAll writes |in_len| bytes from |in| to |ssl|, resolving any asynchronous
+// operations. It returns the result of the final |SSL_write| call.
+static int WriteAll(SSL *ssl, const uint8_t *in, size_t in_len) {
+ const TestConfig *config = GetTestConfig(ssl);
+ int ret;
+ do {
+ ret = SSL_write(ssl, in, in_len);
+ if (ret > 0) {
+ in += ret;
+ in_len -= ret;
+ }
+ } while ((config->async && RetryAsync(ssl, ret)) || (ret > 0 && in_len > 0));
+ return ret;
+}
+
+// DoShutdown calls |SSL_shutdown|, resolving any asynchronous operations. It
+// returns the result of the final |SSL_shutdown| call.
+static int DoShutdown(SSL *ssl) {
+ const TestConfig *config = GetTestConfig(ssl);
+ int ret;
+ do {
+ ret = SSL_shutdown(ssl);
+ } while (config->async && RetryAsync(ssl, ret));
+ return ret;
+}
+
+static uint16_t GetProtocolVersion(const SSL *ssl) {
+ uint16_t version = SSL_version(ssl);
+ if (!SSL_is_dtls(ssl)) {
+ return version;
+ }
+ return 0x0201 + ~version;
+}
+
+// CheckHandshakeProperties checks, immediately after |ssl| completes its
+// initial handshake (or False Starts), whether all the properties are
+// consistent with the test configuration and invariants.
+static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) {
+ const TestConfig *config = GetTestConfig(ssl);
+
+ if (SSL_get_current_cipher(ssl) == nullptr) {
+ fprintf(stderr, "null cipher after handshake\n");
+ return false;
+ }
+
+ if (is_resume &&
+ (!!SSL_session_reused(ssl) == config->expect_session_miss)) {
+ fprintf(stderr, "session was%s reused\n",
+ SSL_session_reused(ssl) ? "" : " not");
+ return false;
+ }
+
+ if (!GetTestState(ssl)->handshake_done) {
+ fprintf(stderr, "handshake was not completed\n");
+ return false;
+ }
+
+ if (!config->is_server) {
+ bool expect_new_session =
+ !config->expect_no_session &&
+ (!SSL_session_reused(ssl) || config->expect_ticket_renewal) &&
+ // Session tickets are sent post-handshake in TLS 1.3.
+ GetProtocolVersion(ssl) < TLS1_3_VERSION;
+ if (expect_new_session != GetTestState(ssl)->got_new_session) {
+ fprintf(stderr,
+ "new session was%s cached, but we expected the opposite\n",
+ GetTestState(ssl)->got_new_session ? "" : " not");
+ return false;
+ }
+ }
+
+ if (!config->expected_server_name.empty()) {
+ const char *server_name =
+ SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+ if (server_name != config->expected_server_name) {
+ fprintf(stderr, "servername mismatch (got %s; want %s)\n",
+ server_name, config->expected_server_name.c_str());
+ return false;
+ }
+ }
+
+ if (!config->expected_next_proto.empty()) {
+ const uint8_t *next_proto;
+ unsigned next_proto_len;
+ SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
+ if (next_proto_len != config->expected_next_proto.size() ||
+ memcmp(next_proto, config->expected_next_proto.data(),
+ next_proto_len) != 0) {
+ fprintf(stderr, "negotiated next proto mismatch\n");
+ return false;
+ }
+ }
+
+ if (!config->expected_alpn.empty()) {
+ const uint8_t *alpn_proto;
+ unsigned alpn_proto_len;
+ SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len);
+ if (alpn_proto_len != config->expected_alpn.size() ||
+ memcmp(alpn_proto, config->expected_alpn.data(),
+ alpn_proto_len) != 0) {
+ fprintf(stderr, "negotiated alpn proto mismatch\n");
+ return false;
+ }
+ }
+
+ if (config->expect_extended_master_secret) {
+ if (!SSL_get_extms_support(ssl)) {
+ fprintf(stderr, "No EMS for connection when expected");
+ return false;
+ }
+ }
+
+ if (config->expect_verify_result) {
+ int expected_verify_result = config->verify_fail ?
+ X509_V_ERR_APPLICATION_VERIFICATION :
+ X509_V_OK;
+
+ if (SSL_get_verify_result(ssl) != expected_verify_result) {
+ fprintf(stderr, "Wrong certificate verification result\n");
+ return false;
+ }
+ }
+
+ if (!config->psk.empty()) {
+ if (SSL_get_peer_cert_chain(ssl) != nullptr) {
+ fprintf(stderr, "Received peer certificate on a PSK cipher.\n");
+ return false;
+ }
+ } else if (!config->is_server || config->require_any_client_certificate) {
+ if (SSL_get_peer_cert_chain(ssl) == nullptr) {
+ fprintf(stderr, "Received no peer certificate but expected one.\n");
+ return false;
+ }
+ }
+
+ return true;
+}
+
+// DoExchange runs a test SSL exchange against the peer. On success, it returns
+// true and sets |*out_session| to the negotiated SSL session. If the test is a
+// resumption attempt, |is_resume| is true and |session| is the session from the
+// previous exchange.
+static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
+ SSL_CTX *ssl_ctx, const TestConfig *config,
+ bool is_resume, SSL_SESSION *session) {
+ bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx));
+ if (!ssl) {
+ return false;
+ }
+
+ if (!SetTestConfig(ssl.get(), config) ||
+ !SetTestState(ssl.get(), std::unique_ptr<TestState>(new TestState))) {
+ return false;
+ }
+
+ if (config->fallback_scsv &&
+ !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) {
+ return false;
+ }
+ // Install the certificate synchronously if nothing else will handle it.
+ if (!config->use_old_client_cert_callback &&
+ !config->async &&
+ !InstallCertificate(ssl.get())) {
+ return false;
+ }
+ SSL_set_cert_cb(ssl.get(), CertCallback, nullptr);
+ if (config->require_any_client_certificate) {
+ SSL_set_verify(ssl.get(), SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ NULL);
+ }
+ if (config->verify_peer) {
+ SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, NULL);
+ }
+ if (config->partial_write) {
+ SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
+ }
+ if (config->no_tls13) {
+ SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_3);
+ }
+ if (config->no_tls12) {
+ SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_2);
+ }
+ if (config->no_tls11) {
+ SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_1);
+ }
+ if (config->no_tls1) {
+ SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1);
+ }
+ if (config->no_ssl3) {
+ SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3);
+ }
+ if (!config->host_name.empty() &&
+ !SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) {
+ return false;
+ }
+ if (!config->advertise_alpn.empty() &&
+ SSL_set_alpn_protos(ssl.get(),
+ (const uint8_t *)config->advertise_alpn.data(),
+ config->advertise_alpn.size()) != 0) {
+ return false;
+ }
+ if (!config->psk.empty()) {
+ SSL_set_psk_client_callback(ssl.get(), PskClientCallback);
+ SSL_set_psk_server_callback(ssl.get(), PskServerCallback);
+ }
+ if (!config->psk_identity.empty() &&
+ !SSL_use_psk_identity_hint(ssl.get(), config->psk_identity.c_str())) {
+ return false;
+ }
+ if (!config->srtp_profiles.empty() &&
+ SSL_set_tlsext_use_srtp(ssl.get(), config->srtp_profiles.c_str())) {
+ return false;
+ }
+ if (config->min_version != 0 &&
+ !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) {
+ return false;
+ }
+ if (config->max_version != 0 &&
+ !SSL_set_max_proto_version(ssl.get(), (uint16_t)config->max_version)) {
+ return false;
+ }
+ if (config->mtu != 0) {
+ SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU);
+ SSL_set_mtu(ssl.get(), config->mtu);
+ }
+ if (config->renegotiate_freely) {
+ // This is always on for OpenSSL.
+ }
+ if (!config->check_close_notify) {
+ SSL_set_quiet_shutdown(ssl.get(), 1);
+ }
+ if (config->p384_only) {
+ int nid = NID_secp384r1;
+ if (!SSL_set1_curves(ssl.get(), &nid, 1)) {
+ return false;
+ }
+ }
+ if (config->enable_all_curves) {
+ static const int kAllCurves[] = {
+ NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, NID_X25519,
+ };
+ if (!SSL_set1_curves(ssl.get(), kAllCurves,
+ OPENSSL_ARRAY_SIZE(kAllCurves))) {
+ return false;
+ }
+ }
+ if (config->max_cert_list > 0) {
+ SSL_set_max_cert_list(ssl.get(), config->max_cert_list);
+ }
+
+ int sock = Connect(config->port);
+ if (sock == -1) {
+ return false;
+ }
+ SocketCloser closer(sock);
+
+ bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_NOCLOSE));
+ if (!bio) {
+ return false;
+ }
+ if (config->is_dtls) {
+ bssl::UniquePtr<BIO> packeted = PacketedBioCreate(!config->async);
+ if (!packeted) {
+ return false;
+ }
+ GetTestState(ssl.get())->packeted_bio = packeted.get();
+ BIO_push(packeted.get(), bio.release());
+ bio = std::move(packeted);
+ }
+ if (config->async) {
+ bssl::UniquePtr<BIO> async_scoped =
+ config->is_dtls ? AsyncBioCreateDatagram() : AsyncBioCreate();
+ if (!async_scoped) {
+ return false;
+ }
+ BIO_push(async_scoped.get(), bio.release());
+ GetTestState(ssl.get())->async_bio = async_scoped.get();
+ bio = std::move(async_scoped);
+ }
+ SSL_set_bio(ssl.get(), bio.get(), bio.get());
+ bio.release(); // SSL_set_bio takes ownership.
+
+ if (session != NULL) {
+ if (!config->is_server) {
+ if (SSL_set_session(ssl.get(), session) != 1) {
+ return false;
+ }
+ }
+ }
+
+#if 0
+ // KNOWN BUG: OpenSSL's SSL_get_current_cipher behaves incorrectly when
+ // offering resumption.
+ if (SSL_get_current_cipher(ssl.get()) != nullptr) {
+ fprintf(stderr, "non-null cipher before handshake\n");
+ return false;
+ }
+#endif
+
+ int ret;
+ if (config->implicit_handshake) {
+ if (config->is_server) {
+ SSL_set_accept_state(ssl.get());
+ } else {
+ SSL_set_connect_state(ssl.get());
+ }
+ } else {
+ do {
+ if (config->is_server) {
+ ret = SSL_accept(ssl.get());
+ } else {
+ ret = SSL_connect(ssl.get());
+ }
+ } while (config->async && RetryAsync(ssl.get(), ret));
+ if (ret != 1 ||
+ !CheckHandshakeProperties(ssl.get(), is_resume)) {
+ return false;
+ }
+
+ // Reset the state to assert later that the callback isn't called in
+ // renegotations.
+ GetTestState(ssl.get())->got_new_session = false;
+ }
+
+ if (config->export_keying_material > 0) {
+ std::vector<uint8_t> result(
+ static_cast<size_t>(config->export_keying_material));
+ if (SSL_export_keying_material(
+ ssl.get(), result.data(), result.size(),
+ config->export_label.data(), config->export_label.size(),
+ reinterpret_cast<const uint8_t*>(config->export_context.data()),
+ config->export_context.size(), config->use_export_context) != 1) {
+ fprintf(stderr, "failed to export keying material\n");
+ return false;
+ }
+ if (WriteAll(ssl.get(), result.data(), result.size()) < 0) {
+ return false;
+ }
+ }
+
+ if (config->write_different_record_sizes) {
+ if (config->is_dtls) {
+ fprintf(stderr, "write_different_record_sizes not supported for DTLS\n");
+ return false;
+ }
+ // This mode writes a number of different record sizes in an attempt to
+ // trip up the CBC record splitting code.
+ static const size_t kBufLen = 32769;
+ std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]);
+ memset(buf.get(), 0x42, kBufLen);
+ static const size_t kRecordSizes[] = {
+ 0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769};
+ for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kRecordSizes); i++) {
+ const size_t len = kRecordSizes[i];
+ if (len > kBufLen) {
+ fprintf(stderr, "Bad kRecordSizes value.\n");
+ return false;
+ }
+ if (WriteAll(ssl.get(), buf.get(), len) < 0) {
+ return false;
+ }
+ }
+ } else {
+ if (config->shim_writes_first) {
+ if (WriteAll(ssl.get(), reinterpret_cast<const uint8_t *>("hello"),
+ 5) < 0) {
+ return false;
+ }
+ }
+ if (!config->shim_shuts_down) {
+ for (;;) {
+ static const size_t kBufLen = 16384;
+ std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]);
+
+ // Read only 512 bytes at a time in TLS to ensure records may be
+ // returned in multiple reads.
+ int n = DoRead(ssl.get(), buf.get(), config->is_dtls ? kBufLen : 512);
+ int err = SSL_get_error(ssl.get(), n);
+ if (err == SSL_ERROR_ZERO_RETURN ||
+ (n == 0 && err == SSL_ERROR_SYSCALL)) {
+ if (n != 0) {
+ fprintf(stderr, "Invalid SSL_get_error output\n");
+ return false;
+ }
+ // Stop on either clean or unclean shutdown.
+ break;
+ } else if (err != SSL_ERROR_NONE) {
+ if (n > 0) {
+ fprintf(stderr, "Invalid SSL_get_error output\n");
+ return false;
+ }
+ return false;
+ }
+ // Successfully read data.
+ if (n <= 0) {
+ fprintf(stderr, "Invalid SSL_get_error output\n");
+ return false;
+ }
+
+ // After a successful read, with or without False Start, the handshake
+ // must be complete.
+ if (!GetTestState(ssl.get())->handshake_done) {
+ fprintf(stderr, "handshake was not completed after SSL_read\n");
+ return false;
+ }
+
+ for (int i = 0; i < n; i++) {
+ buf[i] ^= 0xff;
+ }
+ if (WriteAll(ssl.get(), buf.get(), n) < 0) {
+ return false;
+ }
+ }
+ }
+ }
+
+ if (!config->is_server &&
+ !config->implicit_handshake &&
+ // Session tickets are sent post-handshake in TLS 1.3.
+ GetProtocolVersion(ssl.get()) < TLS1_3_VERSION &&
+ GetTestState(ssl.get())->got_new_session) {
+ fprintf(stderr, "new session was established after the handshake\n");
+ return false;
+ }
+
+ if (GetProtocolVersion(ssl.get()) >= TLS1_3_VERSION && !config->is_server) {
+ bool expect_new_session =
+ !config->expect_no_session && !config->shim_shuts_down;
+ if (expect_new_session != GetTestState(ssl.get())->got_new_session) {
+ fprintf(stderr,
+ "new session was%s cached, but we expected the opposite\n",
+ GetTestState(ssl.get())->got_new_session ? "" : " not");
+ return false;
+ }
+ }
+
+ if (out_session) {
+ *out_session = std::move(GetTestState(ssl.get())->new_session);
+ }
+
+ ret = DoShutdown(ssl.get());
+
+ if (config->shim_shuts_down && config->check_close_notify) {
+ // We initiate shutdown, so |SSL_shutdown| will return in two stages. First
+ // it returns zero when our close_notify is sent, then one when the peer's
+ // is received.
+ if (ret != 0) {
+ fprintf(stderr, "Unexpected SSL_shutdown result: %d != 0\n", ret);
+ return false;
+ }
+ ret = DoShutdown(ssl.get());
+ }
+
+ if (ret != 1) {
+ fprintf(stderr, "Unexpected SSL_shutdown result: %d != 1\n", ret);
+ return false;
+ }
+
+ if (SSL_total_renegotiations(ssl.get()) !=
+ config->expect_total_renegotiations) {
+ fprintf(stderr, "Expected %d renegotiations, got %ld\n",
+ config->expect_total_renegotiations,
+ SSL_total_renegotiations(ssl.get()));
+ return false;
+ }
+
+ return true;
+}
+
+class StderrDelimiter {
+ public:
+ ~StderrDelimiter() { fprintf(stderr, "--- DONE ---\n"); }
+};
+
+static int Main(int argc, char **argv) {
+ // To distinguish ASan's output from ours, add a trailing message to stderr.
+ // Anything following this line will be considered an error.
+ StderrDelimiter delimiter;
+
+#if defined(OPENSSL_SYS_WINDOWS)
+ /* Initialize Winsock. */
+ WORD wsa_version = MAKEWORD(2, 2);
+ WSADATA wsa_data;
+ int wsa_err = WSAStartup(wsa_version, &wsa_data);
+ if (wsa_err != 0) {
+ fprintf(stderr, "WSAStartup failed: %d\n", wsa_err);
+ return 1;
+ }
+ if (wsa_data.wVersion != wsa_version) {
+ fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion);
+ return 1;
+ }
+#else
+ signal(SIGPIPE, SIG_IGN);
+#endif
+
+ OPENSSL_init_crypto(0, NULL);
+ OPENSSL_init_ssl(0, NULL);
+ g_config_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
+ g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree);
+ if (g_config_index < 0 || g_state_index < 0) {
+ return 1;
+ }
+
+ TestConfig config;
+ if (!ParseConfig(argc - 1, argv + 1, &config)) {
+ return Usage(argv[0]);
+ }
+
+ bssl::UniquePtr<SSL_CTX> ssl_ctx = SetupCtx(&config);
+ if (!ssl_ctx) {
+ ERR_print_errors_fp(stderr);
+ return 1;
+ }
+
+ bssl::UniquePtr<SSL_SESSION> session;
+ for (int i = 0; i < config.resume_count + 1; i++) {
+ bool is_resume = i > 0;
+ if (is_resume && !config.is_server && !session) {
+ fprintf(stderr, "No session to offer.\n");
+ return 1;
+ }
+
+ bssl::UniquePtr<SSL_SESSION> offer_session = std::move(session);
+ if (!DoExchange(&session, ssl_ctx.get(), &config, is_resume,
+ offer_session.get())) {
+ fprintf(stderr, "Connection %d failed.\n", i + 1);
+ ERR_print_errors_fp(stderr);
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+} // namespace bssl
+
+int main(int argc, char **argv) {
+ return bssl::Main(argc, argv);
+}
diff --git a/test/ossl_shim/packeted_bio.cc b/test/ossl_shim/packeted_bio.cc
new file mode 100644
index 0000000..e1b3c6c
--- /dev/null
+++ b/test/ossl_shim/packeted_bio.cc
@@ -0,0 +1,299 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "packeted_bio.h"
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+
+
+namespace {
+
+const uint8_t kOpcodePacket = 'P';
+const uint8_t kOpcodeTimeout = 'T';
+const uint8_t kOpcodeTimeoutAck = 't';
+
+struct PacketedBio {
+ explicit PacketedBio(bool advance_clock_arg)
+ : advance_clock(advance_clock_arg) {
+ memset(&timeout, 0, sizeof(timeout));
+ memset(&clock, 0, sizeof(clock));
+ memset(&read_deadline, 0, sizeof(read_deadline));
+ }
+
+ bool HasTimeout() const {
+ return timeout.tv_sec != 0 || timeout.tv_usec != 0;
+ }
+
+ bool CanRead() const {
+ if (read_deadline.tv_sec == 0 && read_deadline.tv_usec == 0) {
+ return true;
+ }
+
+ if (clock.tv_sec == read_deadline.tv_sec) {
+ return clock.tv_usec < read_deadline.tv_usec;
+ }
+ return clock.tv_sec < read_deadline.tv_sec;
+ }
+
+ timeval timeout;
+ timeval clock;
+ timeval read_deadline;
+ bool advance_clock;
+};
+
+PacketedBio *GetData(BIO *bio) {
+ return (PacketedBio *)BIO_get_data(bio);
+}
+
+const PacketedBio *GetData(const BIO *bio) {
+ return GetData(const_cast<BIO*>(bio));
+}
+
+// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and
+// 0 or -1 on error.
+static int ReadAll(BIO *bio, uint8_t *out, size_t len) {
+ while (len > 0) {
+ int chunk_len = INT_MAX;
+ if (len <= INT_MAX) {
+ chunk_len = (int)len;
+ }
+ int ret = BIO_read(bio, out, chunk_len);
+ if (ret <= 0) {
+ return ret;
+ }
+ out += ret;
+ len -= ret;
+ }
+ return 1;
+}
+
+static int PacketedWrite(BIO *bio, const char *in, int inl) {
+ if (BIO_next(bio) == NULL) {
+ return 0;
+ }
+
+ BIO_clear_retry_flags(bio);
+
+ // Write the header.
+ uint8_t header[5];
+ header[0] = kOpcodePacket;
+ header[1] = (inl >> 24) & 0xff;
+ header[2] = (inl >> 16) & 0xff;
+ header[3] = (inl >> 8) & 0xff;
+ header[4] = inl & 0xff;
+ int ret = BIO_write(BIO_next(bio), header, sizeof(header));
+ if (ret <= 0) {
+ BIO_copy_next_retry(bio);
+ return ret;
+ }
+
+ // Write the buffer.
+ ret = BIO_write(BIO_next(bio), in, inl);
+ if (ret < 0 || (inl > 0 && ret == 0)) {
+ BIO_copy_next_retry(bio);
+ return ret;
+ }
+ assert(ret == inl);
+ return ret;
+}
+
+static int PacketedRead(BIO *bio, char *out, int outl) {
+ PacketedBio *data = GetData(bio);
+ if (BIO_next(bio) == NULL) {
+ return 0;
+ }
+
+ BIO_clear_retry_flags(bio);
+
+ for (;;) {
+ // Check if the read deadline has passed.
+ if (!data->CanRead()) {
+ BIO_set_retry_read(bio);
+ return -1;
+ }
+
+ // Read the opcode.
+ uint8_t opcode;
+ int ret = ReadAll(BIO_next(bio), &opcode, sizeof(opcode));
+ if (ret <= 0) {
+ BIO_copy_next_retry(bio);
+ return ret;
+ }
+
+ if (opcode == kOpcodeTimeout) {
+ // The caller is required to advance any pending timeouts before
+ // continuing.
+ if (data->HasTimeout()) {
+ fprintf(stderr, "Unprocessed timeout!\n");
+ return -1;
+ }
+
+ // Process the timeout.
+ uint8_t buf[8];
+ ret = ReadAll(BIO_next(bio), buf, sizeof(buf));
+ if (ret <= 0) {
+ BIO_copy_next_retry(bio);
+ return ret;
+ }
+ uint64_t timeout = (static_cast<uint64_t>(buf[0]) << 56) |
+ (static_cast<uint64_t>(buf[1]) << 48) |
+ (static_cast<uint64_t>(buf[2]) << 40) |
+ (static_cast<uint64_t>(buf[3]) << 32) |
+ (static_cast<uint64_t>(buf[4]) << 24) |
+ (static_cast<uint64_t>(buf[5]) << 16) |
+ (static_cast<uint64_t>(buf[6]) << 8) |
+ static_cast<uint64_t>(buf[7]);
+ timeout /= 1000; // Convert nanoseconds to microseconds.
+
+ data->timeout.tv_usec = timeout % 1000000;
+ data->timeout.tv_sec = timeout / 1000000;
+
+ // Send an ACK to the peer.
+ ret = BIO_write(BIO_next(bio), &kOpcodeTimeoutAck, 1);
+ if (ret <= 0) {
+ return ret;
+ }
+ assert(ret == 1);
+
+ if (!data->advance_clock) {
+ // Signal to the caller to retry the read, after advancing the clock.
+ BIO_set_retry_read(bio);
+ return -1;
+ }
+
+ PacketedBioAdvanceClock(bio);
+ continue;
+ }
+
+ if (opcode != kOpcodePacket) {
+ fprintf(stderr, "Unknown opcode, %u\n", opcode);
+ return -1;
+ }
+
+ // Read the length prefix.
+ uint8_t len_bytes[4];
+ ret = ReadAll(BIO_next(bio), len_bytes, sizeof(len_bytes));
+ if (ret <= 0) {
+ BIO_copy_next_retry(bio);
+ return ret;
+ }
+
+ uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) |
+ (len_bytes[2] << 8) | len_bytes[3];
+ uint8_t *buf = (uint8_t *)OPENSSL_malloc(len);
+ if (buf == NULL) {
+ return -1;
+ }
+ ret = ReadAll(BIO_next(bio), buf, len);
+ if (ret <= 0) {
+ fprintf(stderr, "Packeted BIO was truncated\n");
+ return -1;
+ }
+
+ if (outl > (int)len) {
+ outl = len;
+ }
+ memcpy(out, buf, outl);
+ OPENSSL_free(buf);
+ return outl;
+ }
+}
+
+static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) {
+ if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) {
+ memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval));
+ return 1;
+ }
+
+ if (BIO_next(bio) == NULL) {
+ return 0;
+ }
+ BIO_clear_retry_flags(bio);
+ int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
+ BIO_copy_next_retry(bio);
+ return ret;
+}
+
+static int PacketedNew(BIO *bio) {
+ BIO_set_init(bio, 1);
+ return 1;
+}
+
+static int PacketedFree(BIO *bio) {
+ if (bio == NULL) {
+ return 0;
+ }
+
+ delete GetData(bio);
+ BIO_set_init(bio, 0);
+ return 1;
+}
+
+static long PacketedCallbackCtrl(BIO *bio, int cmd, bio_info_cb fp) {
+ if (BIO_next(bio) == NULL) {
+ return 0;
+ }
+ return BIO_callback_ctrl(BIO_next(bio), cmd, fp);
+}
+
+static BIO_METHOD *g_packeted_bio_method = NULL;
+
+static const BIO_METHOD *PacketedMethod(void)
+{
+ if (g_packeted_bio_method == NULL) {
+ g_packeted_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "packeted bio");
+ if ( g_packeted_bio_method == NULL
+ || !BIO_meth_set_write(g_packeted_bio_method, PacketedWrite)
+ || !BIO_meth_set_read(g_packeted_bio_method, PacketedRead)
+ || !BIO_meth_set_ctrl(g_packeted_bio_method, PacketedCtrl)
+ || !BIO_meth_set_create(g_packeted_bio_method, PacketedNew)
+ || !BIO_meth_set_destroy(g_packeted_bio_method, PacketedFree)
+ || !BIO_meth_set_callback_ctrl(g_packeted_bio_method,
+ PacketedCallbackCtrl))
+ return NULL;
+ }
+ return g_packeted_bio_method;
+}
+} // namespace
+
+bssl::UniquePtr<BIO> PacketedBioCreate(bool advance_clock) {
+ bssl::UniquePtr<BIO> bio(BIO_new(PacketedMethod()));
+ if (!bio) {
+ return nullptr;
+ }
+ BIO_set_data(bio.get(), new PacketedBio(advance_clock));
+ return bio;
+}
+
+timeval PacketedBioGetClock(const BIO *bio) {
+ return GetData(bio)->clock;
+}
+
+bool PacketedBioAdvanceClock(BIO *bio) {
+ PacketedBio *data = GetData(bio);
+ if (data == nullptr) {
+ return false;
+ }
+
+ if (!data->HasTimeout()) {
+ return false;
+ }
+
+ data->clock.tv_usec += data->timeout.tv_usec;
+ data->clock.tv_sec += data->clock.tv_usec / 1000000;
+ data->clock.tv_usec %= 1000000;
+ data->clock.tv_sec += data->timeout.tv_sec;
+ memset(&data->timeout, 0, sizeof(data->timeout));
+ return true;
+}
diff --git a/test/ossl_shim/packeted_bio.h b/test/ossl_shim/packeted_bio.h
new file mode 100644
index 0000000..afdba13
--- /dev/null
+++ b/test/ossl_shim/packeted_bio.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PACKETED_BIO
+#define HEADER_PACKETED_BIO
+
+#include <openssl/base.h>
+#include <openssl/bio.h>
+
+#if defined(OPENSSL_SYS_WINDOWS)
+OPENSSL_MSVC_PRAGMA(warning(push, 3))
+#include <winsock2.h>
+OPENSSL_MSVC_PRAGMA(warning(pop))
+#else
+#include <sys/time.h>
+#endif
+
+
+// PacketedBioCreate creates a filter BIO which implements a reliable in-order
+// blocking datagram socket. It internally maintains a clock and honors
+// |BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT| based on it.
+//
+// During a |BIO_read|, the peer may signal the filter BIO to simulate a
+// timeout. If |advance_clock| is true, it automatically advances the clock and
+// continues reading, subject to the read deadline. Otherwise, it fails
+// immediately. The caller must then call |PacketedBioAdvanceClock| before
+// retrying |BIO_read|.
+bssl::UniquePtr<BIO> PacketedBioCreate(bool advance_clock);
+
+// PacketedBioGetClock returns the current time for |bio|.
+timeval PacketedBioGetClock(const BIO *bio);
+
+// PacketedBioAdvanceClock advances |bio|'s internal clock and returns true if
+// there is a pending timeout. Otherwise, it returns false.
+bool PacketedBioAdvanceClock(BIO *bio);
+
+
+#endif // HEADER_PACKETED_BIO
diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc
new file mode 100644
index 0000000..0fe7ba8
--- /dev/null
+++ b/test/ossl_shim/test_config.cc
@@ -0,0 +1,181 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "test_config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <memory>
+
+#include <openssl/evp.h>
+
+namespace {
+
+template <typename T>
+struct Flag {
+ const char *flag;
+ T TestConfig::*member;
+};
+
+// FindField looks for the flag in |flags| that matches |flag|. If one is found,
+// it returns a pointer to the corresponding field in |config|. Otherwise, it
+// returns NULL.
+template<typename T, size_t N>
+T *FindField(TestConfig *config, const Flag<T> (&flags)[N], const char *flag) {
+ for (size_t i = 0; i < N; i++) {
+ if (strcmp(flag, flags[i].flag) == 0) {
+ return &(config->*(flags[i].member));
+ }
+ }
+ return NULL;
+}
+
+const Flag<bool> kBoolFlags[] = {
+ { "-server", &TestConfig::is_server },
+ { "-dtls", &TestConfig::is_dtls },
+ { "-fallback-scsv", &TestConfig::fallback_scsv },
+ { "-require-any-client-certificate",
+ &TestConfig::require_any_client_certificate },
+ { "-async", &TestConfig::async },
+ { "-write-different-record-sizes",
+ &TestConfig::write_different_record_sizes },
+ { "-partial-write", &TestConfig::partial_write },
+ { "-no-tls13", &TestConfig::no_tls13 },
+ { "-no-tls12", &TestConfig::no_tls12 },
+ { "-no-tls11", &TestConfig::no_tls11 },
+ { "-no-tls1", &TestConfig::no_tls1 },
+ { "-no-ssl3", &TestConfig::no_ssl3 },
+ { "-shim-writes-first", &TestConfig::shim_writes_first },
+ { "-expect-session-miss", &TestConfig::expect_session_miss },
+ { "-decline-alpn", &TestConfig::decline_alpn },
+ { "-expect-extended-master-secret",
+ &TestConfig::expect_extended_master_secret },
+ { "-implicit-handshake", &TestConfig::implicit_handshake },
+ { "-handshake-never-done", &TestConfig::handshake_never_done },
+ { "-use-export-context", &TestConfig::use_export_context },
+ { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal },
+ { "-expect-no-session", &TestConfig::expect_no_session },
+ { "-use-ticket-callback", &TestConfig::use_ticket_callback },
+ { "-renew-ticket", &TestConfig::renew_ticket },
+ { "-enable-client-custom-extension",
+ &TestConfig::enable_client_custom_extension },
+ { "-enable-server-custom-extension",
+ &TestConfig::enable_server_custom_extension },
+ { "-custom-extension-skip", &TestConfig::custom_extension_skip },
+ { "-custom-extension-fail-add", &TestConfig::custom_extension_fail_add },
+ { "-check-close-notify", &TestConfig::check_close_notify },
+ { "-shim-shuts-down", &TestConfig::shim_shuts_down },
+ { "-verify-fail", &TestConfig::verify_fail },
+ { "-verify-peer", &TestConfig::verify_peer },
+ { "-expect-verify-result", &TestConfig::expect_verify_result },
+ { "-renegotiate-freely", &TestConfig::renegotiate_freely },
+ { "-p384-only", &TestConfig::p384_only },
+ { "-enable-all-curves", &TestConfig::enable_all_curves },
+ { "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime },
+ { "-use-old-client-cert-callback",
+ &TestConfig::use_old_client_cert_callback },
+ { "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list },
+ { "-peek-then-read", &TestConfig::peek_then_read },
+};
+
+const Flag<std::string> kStringFlags[] = {
+ { "-key-file", &TestConfig::key_file },
+ { "-cert-file", &TestConfig::cert_file },
+ { "-expect-server-name", &TestConfig::expected_server_name },
+ { "-advertise-npn", &TestConfig::advertise_npn },
+ { "-expect-next-proto", &TestConfig::expected_next_proto },
+ { "-select-next-proto", &TestConfig::select_next_proto },
+ { "-host-name", &TestConfig::host_name },
+ { "-advertise-alpn", &TestConfig::advertise_alpn },
+ { "-expect-alpn", &TestConfig::expected_alpn },
+ { "-expect-advertised-alpn", &TestConfig::expected_advertised_alpn },
+ { "-select-alpn", &TestConfig::select_alpn },
+ { "-psk", &TestConfig::psk },
+ { "-psk-identity", &TestConfig::psk_identity },
+ { "-srtp-profiles", &TestConfig::srtp_profiles },
+ { "-cipher", &TestConfig::cipher },
+ { "-export-label", &TestConfig::export_label },
+ { "-export-context", &TestConfig::export_context },
+};
+
+const Flag<std::string> kBase64Flags[] = {
+ { "-expect-certificate-types", &TestConfig::expected_certificate_types },
+};
+
+const Flag<int> kIntFlags[] = {
+ { "-port", &TestConfig::port },
+ { "-resume-count", &TestConfig::resume_count },
+ { "-min-version", &TestConfig::min_version },
+ { "-max-version", &TestConfig::max_version },
+ { "-mtu", &TestConfig::mtu },
+ { "-export-keying-material", &TestConfig::export_keying_material },
+ { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations },
+ { "-max-cert-list", &TestConfig::max_cert_list },
+};
+
+} // namespace
+
+bool ParseConfig(int argc, char **argv, TestConfig *out_config) {
+ for (int i = 0; i < argc; i++) {
+ bool *bool_field = FindField(out_config, kBoolFlags, argv[i]);
+ if (bool_field != NULL) {
+ *bool_field = true;
+ continue;
+ }
+
+ std::string *string_field = FindField(out_config, kStringFlags, argv[i]);
+ if (string_field != NULL) {
+ i++;
+ if (i >= argc) {
+ fprintf(stderr, "Missing parameter\n");
+ return false;
+ }
+ string_field->assign(argv[i]);
+ continue;
+ }
+
+ std::string *base64_field = FindField(out_config, kBase64Flags, argv[i]);
+ if (base64_field != NULL) {
+ i++;
+ if (i >= argc) {
+ fprintf(stderr, "Missing parameter\n");
+ return false;
+ }
+ std::unique_ptr<uint8_t[]> decoded(new uint8_t[strlen(argv[i])]);
+ int len = EVP_DecodeBlock(decoded.get(),
+ reinterpret_cast<const uint8_t *>(argv[i]),
+ strlen(argv[i]));
+ if (len < 0) {
+ fprintf(stderr, "Invalid base64: %s\n", argv[i]);
+ return false;
+ }
+ base64_field->assign(reinterpret_cast<const char *>(decoded.get()), len);
+ continue;
+ }
+
+ int *int_field = FindField(out_config, kIntFlags, argv[i]);
+ if (int_field) {
+ i++;
+ if (i >= argc) {
+ fprintf(stderr, "Missing parameter\n");
+ return false;
+ }
+ *int_field = atoi(argv[i]);
+ continue;
+ }
+
+ fprintf(stderr, "Unknown argument: %s\n", argv[i]);
+ exit(89);
+ return false;
+ }
+
+ return true;
+}
diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h
new file mode 100644
index 0000000..b4efa45
--- /dev/null
+++ b/test/ossl_shim/test_config.h
@@ -0,0 +1,88 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TEST_CONFIG
+#define HEADER_TEST_CONFIG
+
+#include <string>
+#include <vector>
+
+
+struct TestConfig {
+ int port = 0;
+ bool is_server = false;
+ bool is_dtls = false;
+ int resume_count = 0;
+ bool fallback_scsv = false;
+ std::string key_file;
+ std::string cert_file;
+ std::string expected_server_name;
+ std::string expected_certificate_types;
+ bool require_any_client_certificate = false;
+ std::string advertise_npn;
+ std::string expected_next_proto;
+ std::string select_next_proto;
+ bool async = false;
+ bool write_different_record_sizes = false;
+ bool partial_write = false;
+ bool no_tls13 = false;
+ bool no_tls12 = false;
+ bool no_tls11 = false;
+ bool no_tls1 = false;
+ bool no_ssl3 = false;
+ bool shim_writes_first = false;
+ std::string host_name;
+ std::string advertise_alpn;
+ std::string expected_alpn;
+ std::string expected_advertised_alpn;
+ std::string select_alpn;
+ bool decline_alpn = false;
+ bool expect_session_miss = false;
+ bool expect_extended_master_secret = false;
+ std::string psk;
+ std::string psk_identity;
+ std::string srtp_profiles;
+ int min_version = 0;
+ int max_version = 0;
+ int mtu = 0;
+ bool implicit_handshake = false;
+ std::string cipher;
+ bool handshake_never_done = false;
+ int export_keying_material = 0;
+ std::string export_label;
+ std::string export_context;
+ bool use_export_context = false;
+ bool expect_ticket_renewal = false;
+ bool expect_no_session = false;
+ bool use_ticket_callback = false;
+ bool renew_ticket = false;
+ bool enable_client_custom_extension = false;
+ bool enable_server_custom_extension = false;
+ bool custom_extension_skip = false;
+ bool custom_extension_fail_add = false;
+ bool check_close_notify = false;
+ bool shim_shuts_down = false;
+ bool verify_fail = false;
+ bool verify_peer = false;
+ bool expect_verify_result = false;
+ int expect_total_renegotiations = 0;
+ bool renegotiate_freely = false;
+ bool p384_only = false;
+ bool enable_all_curves = false;
+ bool use_sparse_dh_prime = false;
+ bool use_old_client_cert_callback = false;
+ bool use_null_client_ca_list = false;
+ bool peek_then_read = false;
+ int max_cert_list = 0;
+};
+
+bool ParseConfig(int argc, char **argv, TestConfig *out_config);
+
+
+#endif // HEADER_TEST_CONFIG
diff --git a/test/recipes/90-test_external.t b/test/recipes/90-test_external.t
new file mode 100644
index 0000000..a3da76c
--- /dev/null
+++ b/test/recipes/90-test_external.t
@@ -0,0 +1,41 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file cmdstr/;
+
+setup("test_external");
+
+if (!$ENV{BORING_RUNNER_DIR}) {
+ plan skip_all => "No external tests have been detected";
+}
+
+plan tests => 1;
+
+indir $ENV{BORING_RUNNER_DIR} => sub {
+ ok(filter_run(cmd(["go", "test", "-shim-path",
+ srctop_file("test", "ossl_shim", "ossl_shim"),
+ "-shim-config",
+ srctop_file("test", "ossl_shim", "ossl_config.json"),
+ "-pipe", "-allow-unimplemented"])),
+ "running external tests");
+}, create => 0, cleanup => 0;
+
+# Filter the output so that the "ok" printed by go test doesn't confuse
+# Test::More. Without that it thinks there has been one more test run than was
+# planned
+sub filter_run {
+ my $cmd = cmdstr(shift);
+ open(PIPE, "-|", $cmd);
+ while(<PIPE>) {
+ print STDOUT "go test: ", $_;
+ }
+ close PIPE;
+}
More information about the openssl-commits
mailing list