Adding BoringSSL runner.

.github/workflows/interop.yml

@@ -146,11 +146,11 @@ jobs:
         run: make runner && make util
         working-directory: go/src/github.com/${{ github.repository }}
       - name: Run tests
+        run: ./bin/runner --client=${{ matrix.client }} --server=${{ matrix.server }} --alltestcases || true
+        working-directory: go/src/github.com/${{ github.repository }}
+      - name: Upload test results if running on main branch
+        if: ${{ github.ref == 'refs/heads/main' }}
         env:
           TOKEN: ${{ secrets.RESULTSAPITOKEN }}
-        run: |
-          (./bin/runner --client=${{ matrix.client }} --server=${{ matrix.server }} --alltestcases || true)
-          (BEARER_TOKEN=$TOKEN ./bin/util -process-results -path=generated || true)
-          mkdir -p logs/${{ matrix.client }}/${{ matrix.server }}
-          mv generated/*-out logs/${{ matrix.client }}/${{ matrix.client }}/
+        run: env BEARER_TOKEN=$TOKEN ./bin/util -process-results -path=generated
         working-directory: go/src/github.com/${{ github.repository }}

LICENSE

@@ -1,7 +1,7 @@
 The MIT license applies to tls-interop-runner in general. tls-interop-runner
-also includes third-party code with varied licenses; each file contains SPDX
-annotations stating the license(s) and copyrights that apply to the contents of
-the file as well as comments marking specific code as being third-party or as
+also includes third-party code with varied licenses, and each file contains SPDX
+annotations stating the license(s) and copyright(s) that apply to the contents
+of the file as well as comments marking specific code as being third-party or as
 having third-party origin.
 
-A copy of each license is provided in the "LICENSES" directory.
+A copy of each license used is provided in the "LICENSES" directory.

LICENSES/ISC.txt

@@ -0,0 +1,7 @@
+ISC License:
+
+Copyright <YEAR> <OWNER>
+
+Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

impl-endpoints/boringssl/Dockerfile

@@ -8,18 +8,23 @@ RUN apt-get update && \
     git clone --branch dc-spec-update https://github.com/xvzcf/boringssl /boringssl
 
 WORKDIR /boringssl
-RUN git checkout 66929b751f97b3ce2868523bcdde549ea8324b56
+RUN git checkout aac1a2d0fb616cab6a331c2534f4b1b7b8aebfa6
 
 RUN mkdir /boringssl/build
 WORKDIR /boringssl/build
 RUN cmake .. -G"Ninja" && ninja
 
+COPY runner-src /runner-src
+WORKDIR /runner-src
+RUN make
+
 FROM ubuntu:20.04
 
 RUN apt-get update && \
     apt-get install -y net-tools tcpdump ethtool iproute2
 
 COPY --from=builder /boringssl/build/tool/bssl /usr/bin/
+COPY --from=builder /runner-src/runner /usr/bin/
 
 COPY run_endpoint.sh /run_endpoint.sh
 RUN chmod +x /run_endpoint.sh

impl-endpoints/boringssl/run_endpoint.sh

@@ -8,11 +8,7 @@ set -e
 sh /setup-routes.sh
 
 if [ "$ROLE" = "client" ]; then
-    # TODO
-    exit 64
+    runner -as-client -testcase "${TESTCASE}"
 else
-    echo "Running BoringSSL server."
-    echo "Server params: $SERVER_PARAMS"
-    echo "Test case: $TESTCASE"
-    bssl server -loop -accept 4433 -cert /test-inputs/example.crt -key /test-inputs/example.key -subcert /test-inputs/dc.txt
+    runner -testcase "${TESTCASE}"
 fi

impl-endpoints/boringssl/runner-src/.clang-format

@@ -0,0 +1,71 @@
+# SPDX-FileCopyrightText: 2014 Google Inc.
+# SPDX-License-Identifier: ISC
+
+BasedOnStyle: Google
+MaxEmptyLinesToKeep: 3
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+DerivePointerAlignment: false
+PointerAlignment: Right
+# TODO(davidben): The default for Google style is now Regroup, but the default
+# IncludeCategories does not recognize <openssl/header.h>. We should
+# reconfigure IncludeCategories to match. For now, keep it at Preserve.
+IncludeBlocks: Preserve
+TypenameMacros: ['LHASH_OF', 'STACK_OF']
+StatementMacros:
+  - "DECLARE_ASN1_ALLOC_FUNCTIONS"
+  - "DECLARE_ASN1_ALLOC_FUNCTIONS_name"
+  - "DECLARE_ASN1_ENCODE_FUNCTIONS"
+  - "DECLARE_ASN1_ENCODE_FUNCTIONS_const"
+  - "DECLARE_ASN1_FUNCTIONS"
+  - "DECLARE_ASN1_FUNCTIONS_const"
+  - "DECLARE_ASN1_FUNCTIONS_fname"
+  - "DECLARE_ASN1_FUNCTIONS_name"
+  - "DECLARE_ASN1_PRINT_FUNCTION"
+  - "DECLARE_ASN1_PRINT_FUNCTION_fname"
+  - "DECLARE_PEM_read"
+  - "DECLARE_PEM_read_bio"
+  - "DECLARE_PEM_read_fp"
+  - "DECLARE_PEM_rw"
+  - "DECLARE_PEM_rw_cb"
+  - "DECLARE_PEM_rw_const"
+  - "DECLARE_PEM_write"
+  - "DECLARE_PEM_write_bio"
+  - "DECLARE_PEM_write_bio_const"
+  - "DECLARE_PEM_write_cb"
+  - "DECLARE_PEM_write_cb_bio"
+  - "DECLARE_PEM_write_cb_fp"
+  - "DECLARE_PEM_write_const"
+  - "DECLARE_PEM_write_fp"
+  - "DECLARE_PEM_write_fp_const"
+  - "IMPLEMENT_ASN1_ALLOC_FUNCTIONS"
+  - "IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname"
+  - "IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname"
+  - "IMPLEMENT_ASN1_DUP_FUNCTION"
+  - "IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname"
+  - "IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname"
+  - "IMPLEMENT_ASN1_FUNCTIONS"
+  - "IMPLEMENT_ASN1_FUNCTIONS_const"
+  - "IMPLEMENT_ASN1_FUNCTIONS_const_fname"
+  - "IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name"
+  - "IMPLEMENT_ASN1_FUNCTIONS_fname"
+  - "IMPLEMENT_ASN1_FUNCTIONS_name"
+  - "IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS"
+  - "IMPLEMENT_PEM_read"
+  - "IMPLEMENT_PEM_read_bio"
+  - "IMPLEMENT_PEM_read_fp"
+  - "IMPLEMENT_PEM_rw"
+  - "IMPLEMENT_PEM_rw_cb"
+  - "IMPLEMENT_PEM_rw_const"
+  - "IMPLEMENT_PEM_write"
+  - "IMPLEMENT_PEM_write_bio"
+  - "IMPLEMENT_PEM_write_bio_const"
+  - "IMPLEMENT_PEM_write_cb"
+  - "IMPLEMENT_PEM_write_cb_bio"
+  - "IMPLEMENT_PEM_write_cb_bio_const"
+  - "IMPLEMENT_PEM_write_cb_const"
+  - "IMPLEMENT_PEM_write_cb_fp"
+  - "IMPLEMENT_PEM_write_cb_fp_const"
+  - "IMPLEMENT_PEM_write_const"
+  - "IMPLEMENT_PEM_write_fp"
+  - "IMPLEMENT_PEM_write_fp_const"

impl-endpoints/boringssl/runner-src/Makefile

@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: 2020 The tls-interop-runner Authors
+# SPDX-License-Identifier: MIT
+
+BORINGSSL_DIR = /boringssl
+CXXFLAGS = -std=c++11 -Werror -Wformat=2 -Wsign-compare -Wmissing-field-initializers -Wwrite-strings -Wvla -Wno-implicit-fallthrough -I${BORINGSSL_DIR}/include
+LDFLAGS = -L${BORINGSSL_DIR}/build/ssl -lssl -L${BORINGSSL_DIR}/build/crypto -lcrypto -lpthread
+RUNNER_SRCS = args.cc client.cc server.cc file.cc runner.cc transport_common.cc
+
+runner: ${RUNNER_SRCS}
+	$(CXX) $(CXXFLAGS) $^ -o $@ ${LDFLAGS}

impl-endpoints/boringssl/runner-src/args.cc

@@ -0,0 +1,60 @@
+// SPDX-FileCopyrightText: 2014 Google Inc.
+// SPDX-License-Identifier: ISC
+
+#include <string>
+#include <vector>
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "internal.h"
+
+bool ParseKeyValueArguments(std::map<std::string, std::string> *out_args,
+                            const std::vector<std::string> &args,
+                            const struct argument *templates) {
+  out_args->clear();
+
+  for (size_t i = 0; i < args.size(); i++) {
+    const std::string &arg = args[i];
+    const struct argument *templ = nullptr;
+    for (size_t j = 0; templates[j].name[0] != 0; j++) {
+      if (strcmp(arg.c_str(), templates[j].name) == 0) {
+        templ = &templates[j];
+        break;
+      }
+    }
+
+    if (templ == nullptr) {
+      fprintf(stderr, "Unknown argument: %s\n", arg.c_str());
+      return false;
+    }
+
+    if (out_args->find(arg) != out_args->end()) {
+      fprintf(stderr, "Duplicate argument: %s\n", arg.c_str());
+      return false;
+    }
+
+    if (templ->type == kBooleanArgument) {
+      (*out_args)[arg] = "";
+    } else {
+      if (i + 1 >= args.size()) {
+        fprintf(stderr, "Missing argument for option: %s\n", arg.c_str());
+        return false;
+      }
+      (*out_args)[arg] = args[++i];
+    }
+  }
+
+  for (size_t j = 0; templates[j].name[0] != 0; j++) {
+    const struct argument *templ = &templates[j];
+    if (templ->type == kRequiredArgument &&
+        out_args->find(templ->name) == out_args->end()) {
+      fprintf(stderr, "Missing value for required argument: %s\n", templ->name);
+      return false;
+    }
+  }
+
+  return true;
+}

impl-endpoints/boringssl/runner-src/client.cc

@@ -0,0 +1,90 @@
+// SPDX-FileCopyrightText: 2014 Google Inc.
+// SPDX-License-Identifier: ISC
+
+#include <openssl/base.h>
+
+#include <stdio.h>
+
+#include <sys/select.h>
+
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+#include "internal.h"
+#include "transport_common.h"
+
+static const char *g_server_url = "example.com:4433";
+
+static FILE *g_keylog_file = nullptr;
+static const char *g_keylog_filename = "/test-outputs/client_keylog";
+
+static void KeyLogCallback(const SSL *ssl, const char *line) {
+  (void)ssl;
+  fprintf(g_keylog_file, "%s\n", line);
+  fflush(g_keylog_file);
+}
+
+static bool DoConnection(SSL *ssl) {
+  int sock = -1;
+  if (!Connect(&sock, g_server_url)) {
+    return false;
+  }
+
+  bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_CLOSE));
+  SSL_set_bio(ssl, bio.get(), bio.get());
+  bio.release();
+
+  int ret = SSL_connect(ssl);
+  if (ret != 1) {
+    int ssl_err = SSL_get_error(ssl, ret);
+    PrintSSLError(stderr, "Error while connecting", ssl_err, ret);
+    return false;
+  }
+
+  fprintf(stdout, "Connected.\n");
+  bssl::UniquePtr<BIO> bio_stdout(BIO_new_fp(stdout, BIO_NOCLOSE));
+  PrintConnectionInfo(bio_stdout.get(), ssl);
+
+  return true;
+}
+
+unsigned int DoClient(std::string testcase) {
+  bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
+
+  g_keylog_file = fopen(g_keylog_filename, "a");
+  if (g_keylog_file == nullptr) {
+    perror("fopen");
+    return 1;
+  }
+  SSL_CTX_set_keylog_callback(ctx.get(), KeyLogCallback);
+
+  if (testcase == "dc") {
+    if (!SSL_CTX_load_verify_locations(ctx.get(), "/test-inputs/root.crt",
+                                       nullptr)) {
+      fprintf(stderr, "Failed to load root certificates.\n");
+      ERR_print_errors_fp(stderr);
+      return 1;
+    }
+    SSL_CTX_set_verify(
+        ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
+
+    bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
+    SSL_set_tlsext_host_name(ssl.get(), "example.com");
+    SSL_enable_delegated_credentials(ssl.get(), true);
+
+    if (!DoConnection(ssl.get())) {
+      return 1;
+    }
+
+    if (!SSL_delegated_credential_used_for_certificate_verify(ssl.get())) {
+      fprintf(stderr, "Delegated credential not used.\n");
+      return 1;
+    }
+
+    return 0;
+  } else {
+    fprintf(stderr, "Testcase unsupported.\n");
+    return 64;
+  }
+}