diff options
author | David Benjamin <davidben@chromium.org> | 2015-12-17 03:34:22 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2016-02-16 21:42:07 +0300 |
commit | fb974e6cb314735e06771887ef8fdcbe837851ee (patch) | |
tree | c3f822aa92e9f6a7993176e13359b343396847b9 | |
parent | 894a47df2423f0d2b6be57e6d90f2bea88213382 (diff) |
Use initializer lists to specify cipher rule tests.
This is significantly less of a nuisance than having to explicitly type out
kRule5, kExpected5.
Change-Id: I61820c26a159c71e09000fbe0bf91e30da42205e
Reviewed-on: https://boringssl-review.googlesource.com/7000
Reviewed-by: Adam Langley <agl@google.com>
-rw-r--r-- | ssl/ssl_test.cc | 420 |
1 files changed, 190 insertions, 230 deletions
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index bef88fb5..f91542dc 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -39,215 +39,178 @@ struct ExpectedCipher { struct CipherTest { // The rule string to apply. const char *rule; - // The list of expected ciphers, in order, terminated with -1. - const ExpectedCipher *expected; + // The list of expected ciphers, in order. + std::vector<ExpectedCipher> expected; }; -// Selecting individual ciphers should work. -static const char kRule1[] = - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256"; - -static const ExpectedCipher kExpected1[] = { - { TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0 }, - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0 }, - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { 0, 0 }, -}; - -// + reorders selected ciphers to the end, keeping their relative -// order. -static const char kRule2[] = - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256:" - "+aRSA"; - -static const ExpectedCipher kExpected2[] = { - { TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0 }, - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0 }, - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { 0, 0 }, -}; - -// ! banishes ciphers from future selections. -static const char kRule3[] = - "!aRSA:" - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256"; - -static const ExpectedCipher kExpected3[] = { - { TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0 }, - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0 }, - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { 0, 0 }, -}; - -// Multiple masks can be ANDed in a single rule. -static const char kRule4[] = "kRSA+AESGCM+AES128"; - -static const ExpectedCipher kExpected4[] = { - { TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { 0, 0 }, -}; - -// - removes selected ciphers, but preserves their order for future -// selections. Select AES_128_GCM, but order the key exchanges RSA, -// DHE_RSA, ECDHE_RSA. -static const char kRule5[] = - "ALL:-kECDHE:-kDHE:-kRSA:-ALL:" - "AESGCM+AES128+aRSA"; - -static const ExpectedCipher kExpected5[] = { - { TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { 0, 0 }, -}; - -// Unknown selectors are no-ops. -static const char kRule6[] = - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256:" - "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4"; - -static const ExpectedCipher kExpected6[] = { - { TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0 }, - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0 }, - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { 0, 0 }, -}; - -// Square brackets specify equi-preference groups. -static const char kRule7[] = - "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:" - "[ECDHE-RSA-CHACHA20-POLY1305]:" - "ECDHE-RSA-AES128-GCM-SHA256"; - -static const ExpectedCipher kExpected7[] = { - { TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1 }, - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1 }, - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { 0, 0 }, -}; - -// @STRENGTH performs a stable strength-sort of the selected -// ciphers and only the selected ciphers. -static const char kRule8[] = - // To simplify things, banish all but {ECDHE_RSA,RSA} x - // {CHACHA20,AES_256_CBC,AES_128_CBC,RC4} x SHA1. - "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:" - // Order some ciphers backwards by strength. - "ALL:-CHACHA20:-AES256:-AES128:-RC4:-ALL:" - // Select ECDHE ones and sort them by strength. Ties should resolve - // based on the order above. - "kECDHE:@STRENGTH:-ALL:" - // Now bring back everything uses RSA. ECDHE_RSA should be first, - // sorted by strength. Then RSA, backwards by strength. - "aRSA"; - -static const ExpectedCipher kExpected8[] = { - { TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0 }, - { SSL3_CK_RSA_RC4_128_SHA, 0 }, - { TLS1_CK_RSA_WITH_AES_128_SHA, 0 }, - { TLS1_CK_RSA_WITH_AES_256_SHA, 0 }, - { 0, 0 }, -}; - -// Exact ciphers may not be used in multi-part rules; they are treated -// as unknown aliases. -static const char kRule9[] = - "ECDHE-ECDSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES128-GCM-SHA256:" - "!ECDHE-RSA-AES128-GCM-SHA256+RSA:" - "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256"; - -static const ExpectedCipher kExpected9[] = { - { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 }, - { 0, 0 }, -}; - -// SSLv3 matches everything that existed before TLS 1.2. -static const char kRule10[] = "AES128-SHA:AES128-SHA256:!SSLv3"; - -static const ExpectedCipher kExpected10[] = { - { TLS1_CK_RSA_WITH_AES_128_SHA256, 0 }, - { 0, 0 }, -}; - -// TLSv1.2 matches everything added in TLS 1.2. -static const char kRule11[] = "AES128-SHA:AES128-SHA256:!TLSv1.2"; - -static const ExpectedCipher kExpected11[] = { - { TLS1_CK_RSA_WITH_AES_128_SHA, 0 }, - { 0, 0 }, -}; - -// The two directives have no intersection. -static const char kRule12[] = "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3"; - -static const ExpectedCipher kExpected12[] = { - { TLS1_CK_RSA_WITH_AES_128_SHA, 0 }, - { TLS1_CK_RSA_WITH_AES_128_SHA256, 0 }, - { 0, 0 }, -}; - -// The shared name of the CHACHA20_POLY1305 variants behaves like a cipher name -// and not an alias. It may not be used in a multipart rule. (That the shared -// name works is covered by the standard tests.) -static const char kRule13[] = - "ECDHE-ECDSA-CHACHA20-POLY1305:" - "ECDHE-RSA-CHACHA20-POLY1305:" - "!ECDHE-RSA-CHACHA20-POLY1305+RSA:" - "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305"; - -static const ExpectedCipher kExpected13[] = { - { TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0 }, - { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0 }, - { TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0 }, - { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0 }, - { 0, 0 }, -}; - -static CipherTest kCipherTests[] = { - { kRule1, kExpected1 }, - { kRule2, kExpected2 }, - { kRule3, kExpected3 }, - { kRule4, kExpected4 }, - { kRule5, kExpected5 }, - { kRule6, kExpected6 }, - { kRule7, kExpected7 }, - { kRule8, kExpected8 }, - { kRule9, kExpected9 }, - { kRule10, kExpected10 }, - { kRule11, kExpected11 }, - { kRule12, kExpected12 }, - { kRule13, kExpected13 }, - { NULL, NULL }, +static const CipherTest kCipherTests[] = { + // Selecting individual ciphers should work. + { + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256", + { + {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0}, + {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0}, + {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0}, + {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0}, + }, + }, + // + reorders selected ciphers to the end, keeping their relative order. + { + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256:" + "+aRSA", + { + {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0}, + {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0}, + {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0}, + {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0}, + }, + }, + // ! banishes ciphers from future selections. + { + "!aRSA:" + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256", + { + {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0}, + {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0}, + {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0}, + }, + }, + // Multiple masks can be ANDed in a single rule. + { + "kRSA+AESGCM+AES128", + { + {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0}, + }, + }, + // - removes selected ciphers, but preserves their order for future + // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA, + // ECDHE_RSA. + { + "ALL:-kECDHE:-kDHE:-kRSA:-ALL:" + "AESGCM+AES128+aRSA", + { + {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0}, + {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0}, + }, + }, + // Unknown selectors are no-ops. + { + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256:" + "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4", + { + {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0}, + {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0}, + {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0}, + {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0}, + }, + }, + // Square brackets specify equi-preference groups. + { + "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:" + "[ECDHE-RSA-CHACHA20-POLY1305]:" + "ECDHE-RSA-AES128-GCM-SHA256", + { + {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1}, + {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 1}, + {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 1}, + {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0}, + {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0}, + }, + }, + // @STRENGTH performs a stable strength-sort of the selected ciphers and + // only the selected ciphers. + { + // To simplify things, banish all but {ECDHE_RSA,RSA} x + // {CHACHA20,AES_256_CBC,AES_128_CBC,RC4} x SHA1. + "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:" + // Order some ciphers backwards by strength. + "ALL:-CHACHA20:-AES256:-AES128:-RC4:-ALL:" + // Select ECDHE ones and sort them by strength. Ties should resolve + // based on the order above. + "kECDHE:@STRENGTH:-ALL:" + // Now bring back everything uses RSA. ECDHE_RSA should be first, sorted + // by strength. Then RSA, backwards by strength. + "aRSA", + { + {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0}, + {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0}, + {TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 0}, + {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0}, + {SSL3_CK_RSA_RC4_128_SHA, 0}, + {TLS1_CK_RSA_WITH_AES_128_SHA, 0}, + {TLS1_CK_RSA_WITH_AES_256_SHA, 0}, + }, + }, + // Exact ciphers may not be used in multi-part rules; they are treated + // as unknown aliases. + { + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256:" + "!ECDHE-RSA-AES128-GCM-SHA256+RSA:" + "!ECDSA+ECDHE-ECDSA-AES128-GCM-SHA256", + { + {TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0}, + }, + }, + // SSLv3 matches everything that existed before TLS 1.2. + { + "AES128-SHA:AES128-SHA256:!SSLv3", + { + {TLS1_CK_RSA_WITH_AES_128_SHA256, 0}, + }, + }, + // TLSv1.2 matches everything added in TLS 1.2. + { + "AES128-SHA:AES128-SHA256:!TLSv1.2", + { + {TLS1_CK_RSA_WITH_AES_128_SHA, 0}, + }, + }, + // The two directives have no intersection. + { + "AES128-SHA:AES128-SHA256:!TLSv1.2+SSLv3", + { + {TLS1_CK_RSA_WITH_AES_128_SHA, 0}, + {TLS1_CK_RSA_WITH_AES_128_SHA256, 0}, + }, + }, + // The shared name of the CHACHA20_POLY1305 variants behaves like a cipher + // name and not an alias. It may not be used in a multipart rule. (That the + // shared name works is covered by the standard tests.) + { + "ECDHE-ECDSA-CHACHA20-POLY1305:" + "ECDHE-RSA-CHACHA20-POLY1305:" + "!ECDHE-RSA-CHACHA20-POLY1305+RSA:" + "!ECDSA+ECDHE-ECDSA-CHACHA20-POLY1305", + { + {TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 0}, + {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, 0}, + {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0}, + {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0}, + }, + }, }; static const char *kBadRules[] = { @@ -271,7 +234,6 @@ static const char *kBadRules[] = { "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO", "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO", "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH", - NULL, }; static const char *kMustNotIncludeNull[] = { @@ -288,7 +250,6 @@ static const char *kMustNotIncludeNull[] = { "SSLv3", "TLSv1", "TLSv1.2", - NULL }; static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) { @@ -311,36 +272,35 @@ static void PrintCipherPreferenceList(ssl_cipher_preference_list_st *list) { } } -static bool TestCipherRule(CipherTest *t) { +static bool TestCipherRule(const CipherTest &t) { ScopedSSL_CTX ctx(SSL_CTX_new(TLS_method())); if (!ctx) { return false; } - if (!SSL_CTX_set_cipher_list(ctx.get(), t->rule)) { - fprintf(stderr, "Error testing cipher rule '%s'\n", t->rule); + if (!SSL_CTX_set_cipher_list(ctx.get(), t.rule)) { + fprintf(stderr, "Error testing cipher rule '%s'\n", t.rule); return false; } // Compare the two lists. - size_t i; - for (i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) { + if (sk_SSL_CIPHER_num(ctx->cipher_list->ciphers) != t.expected.size()) { + fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule); + PrintCipherPreferenceList(ctx->cipher_list); + return false; + } + + for (size_t i = 0; i < t.expected.size(); i++) { const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i); - if (t->expected[i].id != SSL_CIPHER_get_id(cipher) || - t->expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) { - fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t->rule); + if (t.expected[i].id != SSL_CIPHER_get_id(cipher) || + t.expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) { + fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t.rule); PrintCipherPreferenceList(ctx->cipher_list); return false; } } - if (t->expected[i].id != 0) { - fprintf(stderr, "Error: cipher rule '%s' evaluated to:\n", t->rule); - PrintCipherPreferenceList(ctx->cipher_list); - return false; - } - return true; } @@ -363,26 +323,26 @@ static bool TestRuleDoesNotIncludeNull(const char *rule) { } static bool TestCipherRules() { - for (size_t i = 0; kCipherTests[i].rule != NULL; i++) { - if (!TestCipherRule(&kCipherTests[i])) { + for (const CipherTest &test : kCipherTests) { + if (!TestCipherRule(test)) { return false; } } - for (size_t i = 0; kBadRules[i] != NULL; i++) { + for (const char *rule : kBadRules) { ScopedSSL_CTX ctx(SSL_CTX_new(SSLv23_server_method())); if (!ctx) { return false; } - if (SSL_CTX_set_cipher_list(ctx.get(), kBadRules[i])) { - fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", kBadRules[i]); + if (SSL_CTX_set_cipher_list(ctx.get(), rule)) { + fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", rule); return false; } ERR_clear_error(); } - for (size_t i = 0; kMustNotIncludeNull[i] != NULL; i++) { - if (!TestRuleDoesNotIncludeNull(kMustNotIncludeNull[i])) { + for (const char *rule : kMustNotIncludeNull) { + if (!TestRuleDoesNotIncludeNull(rule)) { return false; } } |