diff options
| author |  Ruslan Nigmatullin <elessar@dropbox.com> | 2018-04-23 16:20:30 -0700 |
|---|---|---|
| committer | Ruslan Nigmatullin <elessar@dropbox.com> | 2018-04-23 16:24:58 -0700 |
| commit | 6bdcc6f7cf641503697dcc3d29cb8b43c98bd451 (patch) | |
| tree | b0551ff58de9db1a7ff6c0d7221c3fb80763a368 /test/core/tsi | |
| parent | b9e88b8d17cb703a1a11807819d74c1595a75d59 (diff) | |
[openssl] Use 80-bytes STEK for OpenSSL-1.1
Diffstat (limited to 'test/core/tsi')
| -rw-r--r-- | test/core/tsi/ssl_transport_security_test.cc | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/test/core/tsi/ssl_transport_security_test.cc b/test/core/tsi/ssl_transport_security_test.cc index 88f1abc18c..cf1ac82413 100644 --- a/test/core/tsi/ssl_transport_security_test.cc +++ b/test/core/tsi/ssl_transport_security_test.cc @@ -34,6 +34,10 @@ #include <grpc/support/log.h> #include <grpc/support/string_util.h> +extern "C" { +#include <openssl/crypto.h> +} + #define SSL_TSI_TEST_ALPN1 "foo" #define SSL_TSI_TEST_ALPN2 "toto" #define SSL_TSI_TEST_ALPN3 "baz" @@ -42,6 +46,14 @@ #define SSL_TSI_TEST_BAD_SERVER_KEY_CERT_PAIRS_NUM 1 #define SSL_TSI_TEST_CREDENTIALS_DIR "src/core/tsi/test_creds/" +// OpenSSL 1.1 uses AES256 for encryption session ticket by default so specify +// different STEK size. +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(OPENSSL_IS_BORINGSSL) +const size_t kSessionTicketEncryptionKeySize = 80; +#else +const size_t kSessionTicketEncryptionKeySize = 48; +#endif + typedef enum AlpnMode { NO_ALPN, ALPN_CLIENT_NO_SERVER, @@ -624,7 +636,7 @@ void ssl_tsi_test_do_round_trip_odd_buffer_size() { void ssl_tsi_test_do_handshake_session_cache() { tsi_ssl_session_cache* session_cache = tsi_ssl_session_cache_create_lru(16); - char session_ticket_key[48]; + char session_ticket_key[kSessionTicketEncryptionKeySize]; auto do_handshake = [&session_ticket_key, &session_cache](bool session_reused) { tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); @@ -633,22 +645,22 @@ void ssl_tsi_test_do_handshake_session_cache() { ssl_fixture->server_name_indication = const_cast<char*>("waterzooi.test.google.be"); ssl_fixture->session_ticket_key = session_ticket_key; - ssl_fixture->session_ticket_key_size = 48; + ssl_fixture->session_ticket_key_size = sizeof(session_ticket_key); tsi_ssl_session_cache_ref(session_cache); ssl_fixture->session_cache = session_cache; ssl_fixture->session_reused = session_reused; tsi_test_do_round_trip(&ssl_fixture->base); tsi_test_fixture_destroy(fixture); }; - memset(session_ticket_key, 'a', 48); + memset(session_ticket_key, 'a', sizeof(session_ticket_key)); do_handshake(false); do_handshake(true); do_handshake(true); // Changing session_ticket_key on server invalidates ticket. - memset(session_ticket_key, 'b', 48); + memset(session_ticket_key, 'b', sizeof(session_ticket_key)); do_handshake(false); do_handshake(true); - memset(session_ticket_key, 'c', 48); + memset(session_ticket_key, 'c', sizeof(session_ticket_key)); do_handshake(false); do_handshake(true); tsi_ssl_session_cache_unref(session_cache); |