From 24003a04e895447e4ac7cdf070054b6382f8dd7b Mon Sep 17 00:00:00 2001
From: Rushil Mehra <rmehra@cloudflare.com>
Date: Wed, 12 Feb 2025 10:11:06 -0800
Subject: [PATCH] Clean up ECH tests

---
 boring/src/ssl/test/ech.rs | 35 ++++++++++++++---------------------
 1 file changed, 14 insertions(+), 21 deletions(-)

diff --git a/boring/src/ssl/test/ech.rs b/boring/src/ssl/test/ech.rs
index 7413240e..54926524 100644
--- a/boring/src/ssl/test/ech.rs
+++ b/boring/src/ssl/test/ech.rs
@@ -1,6 +1,6 @@
 use crate::hpke::HpkeKey;
 use crate::ssl::ech::SslEchKeys;
-use crate::ssl::test::Server;
+use crate::ssl::test::server::{ClientSslBuilder, Server};
 use crate::ssl::HandshakeError;
 
 // For future reference, these configs are generated by building the bssl tool (the binary is built
@@ -15,12 +15,11 @@ static ECH_KEY: &[u8] = include_bytes!("../../../test/echkey");
 static ECH_CONFIG_2: &[u8] = include_bytes!("../../../test/echconfig-2");
 static ECH_KEY_2: &[u8] = include_bytes!("../../../test/echkey-2");
 
-#[test]
-fn ech() {
+fn bootstrap_ech(config: &[u8], key: &[u8], list: &[u8]) -> (Server, ClientSslBuilder) {
     let server = {
-        let key = HpkeKey::dhkem_p256_sha256(ECH_KEY).unwrap();
+        let key = HpkeKey::dhkem_p256_sha256(key).unwrap();
         let mut ech_keys = SslEchKeys::new().unwrap();
-        ech_keys.add_key(true, ECH_CONFIG, key).unwrap();
+        ech_keys.add_key(true, config, key).unwrap();
 
         let mut builder = Server::builder();
         builder.ctx().set_ech_keys(ech_keys).unwrap();
@@ -29,35 +28,29 @@ fn ech() {
     };
 
     let mut client = server.client_with_root_ca().build().builder();
-    client.ssl().set_ech_config_list(ECH_CONFIG_LIST).unwrap();
+    client.ssl().set_ech_config_list(list).unwrap();
     client.ssl().set_hostname("foobar.com").unwrap();
 
+    (server, client)
+}
+
+#[test]
+fn ech() {
+    let (_server, client) = bootstrap_ech(ECH_CONFIG, ECH_KEY, ECH_CONFIG_LIST);
+
     let ssl_stream = client.connect();
     assert!(ssl_stream.ssl().ech_accepted())
 }
 
 #[test]
 fn ech_rejection() {
-    let server = {
-        let key = HpkeKey::dhkem_p256_sha256(ECH_KEY_2).unwrap();
-        let mut ech_keys = SslEchKeys::new().unwrap();
-        ech_keys.add_key(true, ECH_CONFIG_2, key).unwrap();
-
-        let mut builder = Server::builder();
-        builder.ctx().set_ech_keys(ech_keys).unwrap();
-
-        builder.build()
-    };
-
-    let mut client = server.client_with_root_ca().build().builder();
     // Server is initialized using `ECH_CONFIG_2`, so using `ECH_CONFIG_LIST` instead of
     // `ECH_CONFIG_LIST_2` should trigger rejection.
-    client.ssl().set_ech_config_list(ECH_CONFIG_LIST).unwrap();
-    client.ssl().set_hostname("foobar.com").unwrap();
+    let (_server, client) = bootstrap_ech(ECH_CONFIG_2, ECH_KEY_2, ECH_CONFIG_LIST);
+
     let HandshakeError::Failure(failed_ssl_stream) = client.connect_err() else {
         panic!("wrong HandshakeError failure variant!");
     };
-
     assert_eq!(
         failed_ssl_stream.ssl().get_ech_name_override(),
         Some(b"ech.com".to_vec().as_ref())