From 5b93aa509881c307050de41e88000c33e13080be Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 15 Feb 2016 20:10:58 +0100
Subject: tests: Centralize the openssl ciphers flags when comparing

I used to have a separate set of options when comparing the
NSS and OpenSSL ciphers. These differed between tests, sometimes
being just a difference in order. This just made the tests
hard to understand.
---
 test/test_cipher.py | 120 ++++++++++++++++++++++++++++------------------------
 1 file changed, 64 insertions(+), 56 deletions(-)

diff --git a/test/test_cipher.py b/test/test_cipher.py
index d28b6ea..4e69fc6 100644
--- a/test/test_cipher.py
+++ b/test/test_cipher.py
@@ -4,7 +4,7 @@ import nose
 from nose.tools import make_decorator
 
 # This file is auto-generated by configure
-from variable import ENABLE_SHA384, ENABLE_GCM
+from variable import ENABLE_SHA384, ENABLE_GCM, ENABLE_SERVER_DHE
 
 cwd = os.getcwd()
 srcdir = os.path.dirname(cwd)
@@ -25,7 +25,14 @@ CIPHERS_NOT_IN_NSS = ['ECDH-RSA-AES128-SHA256',
                       'EXP-EDH-RSA-DES-CBC-SHA',
 ]
 
-def assert_equal_openssl(nss_ciphers, ossl_ciphers):
+OPENSSL_CIPHERS_IGNORE = ":-SSLv2:-KRB5:-PSK:-ADH:-DSS:-SEED:-IDEA"
+
+if ENABLE_SERVER_DHE == 0:
+    OPENSSL_CIPHERS_IGNORE += ':-DH'
+
+def assert_equal_openssl(ciphers):
+    nss_ciphers = ciphers
+    ossl_ciphers = ciphers + OPENSSL_CIPHERS_IGNORE
     (nss, err, rc) = run([exe, "--o", nss_ciphers])
     assert rc == 0
     (ossl, err, rc) = run([openssl, "ciphers", ossl_ciphers])
@@ -73,66 +80,67 @@ class test_ciphers(object):
         cls.ciphernum = int(out)
 
     def test_RSA(self):
-        assert_equal_openssl("RSA", "RSA:-SSLv2:-SEED:-IDEA")
+        assert_equal_openssl("RSA")
 
     def test_kRSA(self):
-        assert_equal_openssl("kRSA", "kRSA:-SSLv2:-SEED:-IDEA")
+        assert_equal_openssl("kRSA")
 
     def test_aRSA(self):
-        assert_equal_openssl("aRSA", "aRSA:-SSLv2:-SEED:-IDEA")
+        assert_equal_openssl("aRSA")
 
     def test_EDH(self):
-        # No DH ciphers supported yet
-        (out, err, rc) = run([exe, "EDH"])
-        assert rc == 1
+        assert_equal_openssl("EDH")
+
+    def test_DH(self):
+        assert_equal_openssl("DH")
 
     def test_RC4(self):
-        assert_equal_openssl("RC4", "RC4:-KRB5:-PSK:-ADH")
+        assert_equal_openssl("RC4")
 
     def test_RC2(self):
-        assert_equal_openssl("RC2", "RC2:-SSLv2:-KRB5")
+        assert_equal_openssl("RC2")
 
     def test_AES(self):
-        assert_equal_openssl("AES", "AES:-PSK:-ADH:-DSS")
+        assert_equal_openssl("AES")
 
     def test_AESGCM(self):
-        assert_equal_openssl("AESGCM", "AESGCM:-ADH:-DSS")
+        assert_equal_openssl("AESGCM")
 
     def test_AES128(self):
-        assert_equal_openssl("AES128", "AES128:-PSK:-ADH:-DSS")
+        assert_equal_openssl("AES128")
 
     def test_AES256(self):
-        assert_equal_openssl("AES256", "AES256:-PSK:-ADH:-DSS")
+        assert_equal_openssl("AES256")
 
     def test_CAMELLIA(self):
-        assert_equal_openssl("CAMELLIA", "CAMELLIA:-ADH:-DSS")
+        assert_equal_openssl("CAMELLIA")
 
     def test_CAMELLIA128(self):
-        assert_equal_openssl("CAMELLIA128", "CAMELLIA128:-ADH:-DSS")
+        assert_equal_openssl("CAMELLIA128")
 
     def test_CAMELLIA256(self):
-        assert_equal_openssl("CAMELLIA256", "CAMELLIA256:-ADH:-DSS")
+        assert_equal_openssl("CAMELLIA256")
 
     def test_3DES(self):
-        assert_equal_openssl("3DES", "3DES:-SSLv2:-PSK:-KRB5:-ADH:-DSS")
+        assert_equal_openssl("3DES")
 
     def test_DES(self):
-        assert_equal_openssl("DES", "DES:-SSLv2:-KRB5:-ADH:-DSS")
+        assert_equal_openssl("DES")
 
     def test_ALL(self):
-        assert_equal_openssl("ALL", "ALL:-SSLv2:-KRB5:-ADH:-DSS:-PSK:-SEED:-IDEA")
+        assert_equal_openssl("ALL")
 
     def test_ALL_no_AES(self):
-        assert_equal_openssl("ALL:-AES", "ALL:-AES:-SSLv2:-KRB5:-ADH:-DSS:-PSK:-SEED:-IDEA")
+        assert_equal_openssl("ALL:-AES")
 
     def test_COMPLEMENTOFALL(self):
-        assert_equal_openssl("COMPLEMENTOFALL", "COMPLEMENTOFALL")
+        assert_equal_openssl("COMPLEMENTOFALL")
 
     # skipping DEFAULT as we use the NSS defaults
     # skipping COMPLEMENTOFDEFAULT as these are all ADH ciphers
 
     def test_SSLv3(self):
-        assert_equal_openssl("SSLv3", "SSLv3:-KRB5:-PSK:-ADH:-SEED:-IDEA:-DSS")
+        assert_equal_openssl("SSLv3")
 
     def test_SSLv3_equals_TLSv1(self):
         (nss, err, rc) = run([exe, "--o", "SSLv3"])
@@ -142,10 +150,10 @@ class test_ciphers(object):
         assert_equal(nss, nss2)
 
     def test_TLSv12(self):
-        assert_equal_openssl("TLSv1.2", "TLSv1.2:TLSv1.2:-ADH:-DSS")
+        assert_equal_openssl("TLSv1.2")
 
     def test_NULL(self):
-        assert_equal_openssl("NULL", "NULL")
+        assert_equal_openssl("NULL")
 
     def test_nss_rsa_rc4_128(self):
         # Test NSS cipher parsing
@@ -154,94 +162,94 @@ class test_ciphers(object):
         assert_equal(out, 'rsa_rc4_128_md5, rsa_rc4_128_sha')
 
     def test_EXP(self):
-        assert_equal_openssl("EXP", "EXP:-SSLv2:-KRB5:-ADH:-DSS")
+        assert_equal_openssl("EXP")
 
     def test_EXPORT(self):
-        assert_equal_openssl("EXPORT", "EXPORT:-SSLv2:-KRB5:-ADH:-DSS")
+        assert_equal_openssl("EXPORT")
 
     def test_EXPORT40(self):
-        assert_equal_openssl("EXPORT40", "EXPORT40:-SSLv2:-ADH:-KRB5:-DSS")
+        assert_equal_openssl("EXPORT40")
 
     def test_MD5(self):
-        assert_equal_openssl("MD5", "MD5:-SSLv2:-KRB5:-ADH")
+        assert_equal_openssl("MD5")
 
     def test_SHA(self):
-        assert_equal_openssl("SHA", "SHA:-SSLv2:-KRB5:-PSK:-IDEA:-SEED:-ADH:-DSS")
+        assert_equal_openssl("SHA")
 
     def test_HIGH(self):
-        assert_equal_openssl("HIGH", "HIGH:-SSLv2:-ADH:-KRB5:-PSK:-DSS")
+        assert_equal_openssl("HIGH")
 
     def test_MEDIUM(self):
-        assert_equal_openssl("MEDIUM", "MEDIUM:-SSLv2:-ADH:-KRB5:-PSK:-SEED:-IDEA")
+        assert_equal_openssl("MEDIUM")
 
     def test_LOW(self):
-        assert_equal_openssl("LOW", "LOW:-SSLv2:-ADH:-KRB5:-DSS")
+        assert_equal_openssl("LOW")
 
     def test_SHA256(self):
-        assert_equal_openssl("SHA256", "SHA256:-ADH:-DSS")
+        assert_equal_openssl("SHA256")
 
     def test_SHA_MD5_minus_AES(self):
-        assert_equal_openssl("SHA:MD5:-AES", "SHA:MD5:-AES:-SSLv2:-DSS:-KRB5:-SEED:-PSK:-IDEA:-ADH")
+        assert_equal_openssl("SHA:MD5:-AES")
 
     def test_SHA_MD5_not_AES(self):
-        assert_equal_openssl("!AES:SHA:MD5", "!AES:SHA:MD5:-SSLv2:-KRB5:-DSS:-SEED:-PSK:-IDEA:-ADH")
+        assert_equal_openssl("!AES:SHA:MD5")
 
     def test_aECDH(self):
-        assert_equal_openssl("aECDH", "aECDH")
+        assert_equal_openssl("aECDH")
 
     def test_kECDH(self):
-        assert_equal_openssl("kECDH", "kECDH")
+        assert_equal_openssl("kECDH")
 
     def test_kECDHe(self):
-        assert_equal_openssl("kECDHe", "kECDHe")
+        assert_equal_openssl("kECDHe")
 
     def test_kECDHr(self):
-        assert_equal_openssl("kECDHr", "kECDHr")
+        assert_equal_openssl("kECDHr")
 
     def test_kEECDH(self):
-        assert_equal_openssl("kEECDH", "kEECDH")
+        assert_equal_openssl("kEECDH")
 
     def test_AECDH(self):
-        assert_equal_openssl("AECDH", "AECDH")
+        assert_equal_openssl("AECDH")
 
     def test_EECDH(self):
-        assert_equal_openssl("EECDH", "EECDH")
+        assert_equal_openssl("EECDH")
 
     def test_ECDSA(self):
-        assert_equal_openssl("ECDSA", "ECDSA")
+        assert_equal_openssl("ECDSA")
 
     def test_aECDSA(self):
-        assert_equal_openssl("aECDSA", "aECDSA")
+        assert_equal_openssl("aECDSA")
 
     def test_ECDH(self):
-        assert_equal_openssl("ECDH", "ECDH")
+        assert_equal_openssl("ECDH")
 
     def test_AES_no_ECDH(self):
-        assert_equal_openssl("AES:-ECDH", "AES:-ECDH:-ADH:-PSK:-ADH:-DSS")
+        assert_equal_openssl("AES:-ECDH")
 
     def test_AES_plus_RSA(self):
-        assert_equal_openssl("AES+RSA", "AES+RSA:-ADH:-DSS")
+        assert_equal_openssl("AES+RSA")
 
     def test_logical_and_3DES_RSA(self):
-        assert_equal_openssl("3DES+RSA", "3DES+RSA:-SSLv2")
+        assert_equal_openssl("3DES+RSA")
 
     def test_logical_and_RSA_RC4(self):
-        assert_equal_openssl("RSA+RC4", "RSA+RC4:-SSLv2")
+        assert_equal_openssl("RSA+RC4")
 
     def test_logical_and_ECDH_SHA(self):
-        assert_equal_openssl("ECDH+SHA", "ECDH+SHA")
+        assert_equal_openssl("ECDH+SHA")
 
     def test_logical_and_RSA_RC4_no_SHA(self):
-        assert_equal_openssl("RSA+RC4:!SHA", "RSA+RC4:-SSLv2:!SHA")
+        assert_equal_openssl("RSA+RC4:!SHA")
 
     def test_additive_RSA_RC4(self):
-        assert_equal_openssl("RSA:+RC4", "RSA:+RC4:-SSLv2:-SEED:-IDEA")
+        assert_equal_openssl("RSA:+RC4")
 
     def test_additive_ECDH_plus_aRSA(self):
-        assert_equal_openssl("ECDH+aRSA", "ECDH+aRSA")
+        assert_equal_openssl("ECDH+aRSA")
 
     def test_negative_plus_RSA_MD5(self):
-        assert_equal_openssl("-RC2:RSA+MD5", "-RC2:RSA+MD5:-SSLv2")
+        assert_equal_openssl("-RC2:RSA+MD5")
 
     def test_DEFAULT_aRSA(self):
         assert_no_NULL("DEFAULT:aRSA")
@@ -273,7 +281,7 @@ class test_ciphers(object):
         assert_equal(out, 'aes_128_sha_256')
 
     def test_openssl_single_cipher(self):
-        assert_equal_openssl("RC4-SHA", "RC4-SHA")
+        assert_equal_openssl("RC4-SHA")
 
     def test_invalid_format(self):
         (out, err, rc) = run([exe, "none"])
-- 
cgit