From b84674b2d2512cfd200b7c392215b6eebda3c59a Mon Sep 17 00:00:00 2001 From: Steven Valdez Date: Tue, 28 Aug 2018 10:14:07 -0400 Subject: [PATCH] Delete the variants/draft code. Change-Id: I84abfedc30e4c34e42285f3c366c2f504a3b9cf2 Reviewed-on: https://boringssl-review.googlesource.com/c/34144 Commit-Queue: Steven Valdez Reviewed-by: David Benjamin --- include/openssl/ssl.h | 25 - ssl/handshake_client.cc | 3 +- ssl/internal.h | 25 +- ssl/s3_both.cc | 6 +- ssl/ssl_aead_ctx.cc | 11 +- ssl/ssl_lib.cc | 9 - ssl/ssl_test.cc | 5 - ssl/ssl_versions.cc | 51 +- ssl/test/fuzzer.h | 10 - ssl/test/fuzzer_tags.h | 7 +- ssl/test/runner/common.go | 48 - ssl/test/runner/conn.go | 7 +- ssl/test/runner/handshake_client.go | 5 +- ssl/test/runner/runner.go | 3362 ++++++++++++--------------- ssl/test/settings_writer.cc | 6 - ssl/test/test_config.cc | 4 - ssl/test/test_config.h | 1 - ssl/tls13_client.cc | 18 +- tool/client.cc | 34 - tool/server.cc | 34 - 20 files changed, 1467 insertions(+), 2204 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 2f0b1b52..c1286059 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -619,9 +619,6 @@ OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl); #define DTLS1_VERSION 0xfeff #define DTLS1_2_VERSION 0xfefd -#define TLS1_3_DRAFT23_VERSION 0x7f17 -#define TLS1_3_DRAFT28_VERSION 0x7f1c - // SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to // |version|. If |version| is zero, the default minimum version is used. It // returns one on success and zero if |version| is invalid. @@ -3518,28 +3515,6 @@ OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl); // performed by |ssl|. This includes the pending renegotiation, if any. OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl); -// tls13_variant_t determines what TLS 1.3 variant to negotiate. -enum tls13_variant_t { - tls13_rfc = 0, - tls13_draft23, - tls13_draft28, - // tls13_all enables all variants of TLS 1.3, to keep the transition smooth as - // early adopters move to the final version. - tls13_all, -}; - -// SSL_CTX_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the -// server, if |variant| is not |tls13_default|, all variants are enabled. On the -// client, only the configured variant is enabled. -OPENSSL_EXPORT void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, - enum tls13_variant_t variant); - -// SSL_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the -// server, if |variant| is not |tls13_default|, all variants are enabled. On the -// client, only the configured variant is enabled. -OPENSSL_EXPORT void SSL_set_tls13_variant(SSL *ssl, - enum tls13_variant_t variant); - // SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer // certificate chain. #define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100) diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc index 4d57ae56..e2b1ffe9 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc @@ -416,8 +416,6 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) { return ssl_hs_error; } - // Initialize a random session ID for the experimental TLS 1.3 variant - // requiring a session id. if (ssl->session != nullptr && !ssl->s3->initial_handshake_complete && ssl->session->session_id_length > 0) { @@ -425,6 +423,7 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) { OPENSSL_memcpy(hs->session_id, ssl->session->session_id, hs->session_id_len); } else if (hs->max_version >= TLS1_3_VERSION) { + // Initialize a random session ID. hs->session_id_len = sizeof(hs->session_id); if (!RAND_bytes(hs->session_id, hs->session_id_len)) { return ssl_hs_error; diff --git a/ssl/internal.h b/ssl/internal.h index 98469666..07e1b89d 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -359,8 +359,7 @@ OPENSSL_EXPORT bool CBBFinishArray(CBB *cbb, Array *out); // Protocol versions. // -// Due to DTLS's historical wire version differences and to support multiple -// variants of the same protocol during development, we maintain two notions of +// Due to DTLS's historical wire version differences, we maintain two notions of // version. // // The "version" or "wire version" is the actual 16-bit value that appears on @@ -369,9 +368,8 @@ OPENSSL_EXPORT bool CBBFinishArray(CBB *cbb, Array *out); // versions are opaque values and may not be compared numerically. // // The "protocol version" identifies the high-level handshake variant being -// used. DTLS versions map to the corresponding TLS versions. Draft TLS 1.3 -// variants all map to TLS 1.3. Protocol versions are sequential and may be -// compared numerically. +// used. DTLS versions map to the corresponding TLS versions. Protocol versions +// are sequential and may be compared numerically. // ssl_protocol_version_from_wire sets |*out| to the protocol version // corresponding to wire version |version| and returns true. If |version| is not @@ -408,10 +406,6 @@ bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, // call this function before the version is determined. uint16_t ssl_protocol_version(const SSL *ssl); -// ssl_is_draft28 returns whether the version corresponds to a draft28 TLS 1.3 -// variant. -bool ssl_is_draft28(uint16_t version); - // Cipher suites. BSSL_NAMESPACE_END @@ -785,8 +779,6 @@ class SSLAEADContext { // omit_length_in_ad_ is true if the length should be omitted in the // AEAD's ad parameter. bool omit_length_in_ad_ : 1; - // omit_ad_ is true if the AEAD's ad parameter should be omitted. - bool omit_ad_ : 1; // ad_is_header_ is true if the AEAD's ad parameter is the record header. bool ad_is_header_ : 1; }; @@ -1613,8 +1605,7 @@ struct SSL_HANDSHAKE { // record layer. uint16_t early_data_written = 0; - // session_id is the session ID in the ClientHello, used for the experimental - // TLS 1.3 variant. + // session_id is the session ID in the ClientHello. uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH] = {0}; uint8_t session_id_len = 0; @@ -2834,10 +2825,6 @@ struct ssl_ctx_st { // quic_method is the method table corresponding to the QUIC hooks. const SSL_QUIC_METHOD *quic_method = nullptr; - // tls13_variant is the variant of TLS 1.3 we are using for this - // configuration. - tls13_variant_t tls13_variant = tls13_rfc; - bssl::UniquePtr cipher_list; X509_STORE *cert_store = nullptr; @@ -3163,10 +3150,6 @@ struct ssl_st { // second. unsigned initial_timeout_duration_ms = 1000; - // tls13_variant is the variant of TLS 1.3 we are using for this - // configuration. - tls13_variant_t tls13_variant = tls13_rfc; - // session is the configured session to be offered by the client. This session // is immutable. bssl::UniquePtr session; diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc index f835dc26..02bc3bb2 100644 --- a/ssl/s3_both.cc +++ b/ssl/s3_both.cc @@ -188,14 +188,12 @@ bool ssl3_add_message(SSL *ssl, Array msg) { // unnecessary encryption overhead, notably in TLS 1.3 where we send several // encrypted messages in a row. For now, we do not do this for the null // cipher. The benefit is smaller and there is a risk of breaking buggy - // implementations. Additionally, we tie this to draft-28 as a sanity check, - // on the off chance middleboxes have fixated on sizes. + // implementations. // // TODO(davidben): See if we can do this uniformly. Span rest = msg; if (ssl->ctx->quic_method == nullptr && - (ssl->s3->aead_write_ctx->is_null_cipher() || - ssl->version == TLS1_3_DRAFT23_VERSION)) { + ssl->s3->aead_write_ctx->is_null_cipher()) { while (!rest.empty()) { Span chunk = rest.subspan(0, ssl->max_send_fragment); rest = rest.subspan(chunk.size()); diff --git a/ssl/ssl_aead_ctx.cc b/ssl/ssl_aead_ctx.cc index f01b57dc..0bad2661 100644 --- a/ssl/ssl_aead_ctx.cc +++ b/ssl/ssl_aead_ctx.cc @@ -42,7 +42,6 @@ SSLAEADContext::SSLAEADContext(uint16_t version_arg, bool is_dtls_arg, random_variable_nonce_(false), xor_fixed_nonce_(false), omit_length_in_ad_(false), - omit_ad_(false), ad_is_header_(false) { OPENSSL_memset(fixed_nonce_, 0, sizeof(fixed_nonce_)); } @@ -134,11 +133,7 @@ UniquePtr SSLAEADContext::Create( aead_ctx->xor_fixed_nonce_ = true; aead_ctx->variable_nonce_len_ = 8; aead_ctx->variable_nonce_included_in_record_ = false; - if (ssl_is_draft28(version)) { - aead_ctx->ad_is_header_ = true; - } else { - aead_ctx->omit_ad_ = true; - } + aead_ctx->ad_is_header_ = true; assert(fixed_iv.size() >= aead_ctx->variable_nonce_len_); } } else { @@ -231,10 +226,6 @@ Span SSLAEADContext::GetAdditionalData( return header; } - if (omit_ad_) { - return {}; - } - OPENSSL_memcpy(storage, seqnum, 8); size_t len = 8; storage[len++] = type; diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 313a0fa0..bbc37582 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -640,7 +640,6 @@ ssl_st::ssl_st(SSL_CTX *ctx_arg) max_send_fragment(ctx_arg->max_send_fragment), msg_callback(ctx_arg->msg_callback), msg_callback_arg(ctx_arg->msg_callback_arg), - tls13_variant(ctx_arg->tls13_variant), ctx(UpRef(ctx_arg)), session_ctx(UpRef(ctx_arg)), options(ctx->options), @@ -1261,14 +1260,6 @@ void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) { ctx->enable_early_data = !!enabled; } -void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, enum tls13_variant_t variant) { - ctx->tls13_variant = variant; -} - -void SSL_set_tls13_variant(SSL *ssl, enum tls13_variant_t variant) { - ssl->tls13_variant = variant; -} - void SSL_set_early_data_enabled(SSL *ssl, int enabled) { ssl->enable_early_data = !!enabled; } diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 1f09156e..f3f79234 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -2628,11 +2628,6 @@ TEST(SSLTest, SetVersion) { // SSL 3.0 is not available. EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION)); - // TLS1_3_DRAFT_VERSION is not an API-level version. - EXPECT_FALSE( - SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT23_VERSION)); - ERR_clear_error(); - ctx.reset(SSL_CTX_new(DTLS_method())); ASSERT_TRUE(ctx); diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc index 86169676..39540f1c 100644 --- a/ssl/ssl_versions.cc +++ b/ssl/ssl_versions.cc @@ -34,11 +34,6 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { *out = version; return true; - case TLS1_3_DRAFT23_VERSION: - case TLS1_3_DRAFT28_VERSION: - *out = TLS1_3_VERSION; - return true; - case DTLS1_VERSION: // DTLS 1.0 is analogous to TLS 1.1, not TLS 1.0. *out = TLS1_1_VERSION; @@ -58,8 +53,6 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { static const uint16_t kTLSVersions[] = { TLS1_3_VERSION, - TLS1_3_DRAFT28_VERSION, - TLS1_3_DRAFT23_VERSION, TLS1_2_VERSION, TLS1_1_VERSION, TLS1_VERSION, @@ -95,14 +88,10 @@ bool ssl_method_supports_version(const SSL_PROTOCOL_METHOD *method, } // The following functions map between API versions and wire versions. The -// public API works on wire versions, except that TLS 1.3 draft versions all -// appear as TLS 1.3. This will get collapsed back down when TLS 1.3 is -// finalized. +// public API works on wire versions. static const char *ssl_version_to_string(uint16_t version) { switch (version) { - case TLS1_3_DRAFT23_VERSION: - case TLS1_3_DRAFT28_VERSION: case TLS1_3_VERSION: return "TLSv1.3"; @@ -127,26 +116,11 @@ static const char *ssl_version_to_string(uint16_t version) { } static uint16_t wire_version_to_api(uint16_t version) { - switch (version) { - // Report TLS 1.3 draft versions as TLS 1.3 in the public API. - case TLS1_3_DRAFT23_VERSION: - case TLS1_3_DRAFT28_VERSION: - case TLS1_3_VERSION: - return TLS1_3_VERSION; - default: - return version; - } + return version; } -// api_version_to_wire maps |version| to some representative wire version. In -// particular, it picks an arbitrary TLS 1.3 representative. This should only be -// used in context where that does not matter. +// api_version_to_wire maps |version| to some representative wire version. static bool api_version_to_wire(uint16_t *out, uint16_t version) { - if (version == TLS1_3_DRAFT23_VERSION || - version == TLS1_3_DRAFT28_VERSION) { - return false; - } - // Check it is a real protocol version. uint16_t unused; if (!ssl_protocol_version_from_wire(&unused, version)) { @@ -299,21 +273,6 @@ bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) { return false; } - // If the TLS 1.3 variant is set to |tls13_default|, all variants are enabled, - // otherwise only the matching version is enabled. - if (protocol_version == TLS1_3_VERSION) { - switch (ssl->tls13_variant) { - case tls13_draft23: - return version == TLS1_3_DRAFT23_VERSION; - case tls13_draft28: - return version == TLS1_3_DRAFT28_VERSION; - case tls13_rfc: - return version == TLS1_3_VERSION; - case tls13_all: - return true; - } - } - return true; } @@ -373,10 +332,6 @@ bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, return false; } -bool ssl_is_draft28(uint16_t version) { - return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION; -} - BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/test/fuzzer.h b/ssl/test/fuzzer.h index 1ca970d0..de058e52 100644 --- a/ssl/test/fuzzer.h +++ b/ssl/test/fuzzer.h @@ -489,16 +489,6 @@ class TLSFuzzer { SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr); break; - case kTLS13Variant: { - uint8_t variant; - if (!CBS_get_u8(cbs, &variant)) { - return nullptr; - } - SSL_set_tls13_variant(ssl.get(), - static_cast(variant)); - break; - } - case kHandoffTag: { CBS handoff; if (!CBS_get_u24_length_prefixed(cbs, &handoff)) { diff --git a/ssl/test/fuzzer_tags.h b/ssl/test/fuzzer_tags.h index c21aca39..eb9991d3 100644 --- a/ssl/test/fuzzer_tags.h +++ b/ssl/test/fuzzer_tags.h @@ -39,13 +39,10 @@ static const uint16_t kSessionTag = 1; // certificates. static const uint16_t kRequestClientCert = 2; -// kTLS13Variant is followed by a u8 denoting the TLS 1.3 variant to configure. -static const uint16_t kTLS13Variant = 3; - // kHandoffTag is followed by the output of |SSL_serialize_handoff|. -static const uint16_t kHandoffTag = 4; +static const uint16_t kHandoffTag = 3; // kHandbackTag is followed by te output of |SSL_serialize_handback|. -static const uint16_t kHandbackTag = 5; +static const uint16_t kHandbackTag = 4; #endif // HEADER_SSL_TEST_FUZZER_TAGS diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index d99518c9..86f5a2c0 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go @@ -32,23 +32,8 @@ const ( VersionDTLS12 = 0xfefd ) -// A draft version of TLS 1.3 that is sent over the wire for the current draft. -const ( - tls13Draft23Version = 0x7f17 - tls13Draft28Version = 0x7f1c -) - -const ( - TLS13RFC = 0 - TLS13Draft23 = 1 - TLS13Draft28 = 2 - TLS13All = 3 -) - var allTLSWireVersions = []uint16{ VersionTLS13, - tls13Draft28Version, - tls13Draft23Version, VersionTLS12, VersionTLS11, VersionTLS10, @@ -447,9 +432,6 @@ type Config struct { // which is currently TLS 1.2. MaxVersion uint16 - // TLS13Variant is the variant of TLS 1.3 to use. - TLS13Variant int - // CurvePreferences contains the elliptic curves that will be used in // an ECDHE handshake, in preference order. If empty, the default will // be used. @@ -1531,10 +1513,6 @@ type ProtocolBugs struct { // specified number of plaintext bytes per record. ExpectPackedEncryptedHandshake int - // ForbidHandshakePacking, if true, requires the peer place a record - // boundary after every handshake message. - ForbidHandshakePacking bool - // SendTicketLifetime, if non-zero, is the ticket lifetime to send in // NewSessionTicket messages. SendTicketLifetime time.Duration @@ -1770,18 +1748,12 @@ func wireToVersion(vers uint16, isDTLS bool) (uint16, bool) { switch vers { case VersionSSL30, VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13: return vers, true - case tls13Draft23Version, tls13Draft28Version: - return VersionTLS13, true } } return 0, false } -func isDraft28(vers uint16) bool { - return vers == tls13Draft28Version || vers == VersionTLS13 -} - // isSupportedVersion checks if the specified wire version is acceptable. If so, // it returns true and the corresponding protocol version. Otherwise, it returns // false. @@ -1790,26 +1762,6 @@ func (c *Config) isSupportedVersion(wireVers uint16, isDTLS bool) (uint16, bool) if !ok || c.minVersion(isDTLS) > vers || vers > c.maxVersion(isDTLS) { return 0, false } - if vers == VersionTLS13 { - switch c.TLS13Variant { - case TLS13Draft23: - if wireVers != tls13Draft23Version { - return 0, false - } - case TLS13Draft28: - if wireVers != tls13Draft28Version { - return 0, false - } - case TLS13RFC: - if wireVers != VersionTLS13 { - return 0, false - } - case TLS13All: - // Allow all of them. - default: - panic(c.TLS13Variant) - } - } return vers, true } diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go index 816ffcad..8a3ed5d1 100644 --- a/ssl/test/runner/conn.go +++ b/ssl/test/runner/conn.go @@ -454,7 +454,7 @@ func (hc *halfConn) decrypt(b *block) (ok bool, prefixLen int, contentType recor n := len(payload) - c.Overhead() additionalData[11] = byte(n >> 8) additionalData[12] = byte(n) - } else if isDraft28(hc.wireVersion) { + } else { additionalData = b.data[:recordHeaderLen] } var err error @@ -620,7 +620,7 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int, typ recordType) (bool, copy(additionalData[8:], b.data[:3]) additionalData[11] = byte(payloadLen >> 8) additionalData[12] = byte(payloadLen) - } else if isDraft28(hc.wireVersion) { + } else { additionalData = make([]byte, 5) copy(additionalData, b.data[:3]) n := len(b.data) - recordHeaderLen @@ -1322,9 +1322,6 @@ func (c *Conn) doReadHandshake() ([]byte, error) { return nil, err } } - if c.hand.Len() > 4+n && c.config.Bugs.ForbidHandshakePacking { - return nil, errors.New("tls: forbidden trailing data after a handshake message") - } return c.hand.Next(4 + n), nil } diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index 5234462d..80035143 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go @@ -424,10 +424,9 @@ NextCipherSuite: if len(hello.pskIdentities) > 0 { version := session.wireVersion // We may have a pre-1.3 session if SendBothTickets is - // set. Fill in an arbitrary TLS 1.3 version to compute - // the binder. + // set. if session.vers < VersionTLS13 { - version = tls13Draft23Version + version = VersionTLS13 } generatePSKBinders(version, hello, pskCipherSuite, session.masterSecret, []byte{}, []byte{}, c.config) } diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index d64e95f0..e0f75c37 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -489,10 +489,6 @@ type testCase struct { // resumeShimPrefix is the prefix that the shim will send to the server on a // resumption. resumeShimPrefix string - // tls13Variant, if non-zero, causes both runner and shim to be - // configured with the specified TLS 1.3 variant. This is a convenience - // option for configuring both concurrently. - tls13Variant int // expectedQUICTransportParams contains the QUIC transport // parameters that are expected to be sent by the peer. expectedQUICTransportParams []byte @@ -572,9 +568,6 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr if *deterministic { config.Time = func() time.Time { return time.Unix(1234, 1234) } } - if test.tls13Variant != 0 { - config.TLS13Variant = test.tls13Variant - } conn = &timeoutConn{conn, *idleTimeout} @@ -1072,20 +1065,6 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error { if test.config.MaxVersion == 0 && test.config.MinVersion == 0 && test.expectedVersion == 0 { panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version)) } - - if ver.tls13Variant != 0 { - var foundFlag bool - for _, flag := range test.flags { - if flag == "-tls13-variant" { - foundFlag = true - break - } - } - if !foundFlag && test.config.TLS13Variant != ver.tls13Variant && test.tls13Variant != ver.tls13Variant { - panic(fmt.Sprintf("The name of test %q suggests that uses an experimental TLS 1.3 variant, but neither the shim nor the runner configures it", test.name)) - } - } - } listener, err := net.ListenTCP("tcp", &net.TCPAddr{IP: net.IPv6loopback}) @@ -1174,10 +1153,6 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error { flags = append(flags, "-tls-unique") } - if test.tls13Variant != 0 { - flags = append(flags, "-tls13-variant", strconv.Itoa(test.tls13Variant)) - } - flags = append(flags, "-handshaker-path", *handshakerPath) var transcriptPrefix string @@ -1385,8 +1360,7 @@ type tlsVersion struct { // versionWire, if non-zero, is the wire representation of the // version. Otherwise the wire version is the protocol version or // versionDTLS. - versionWire uint16 - tls13Variant int + versionWire uint16 } func (vers tlsVersion) shimFlag(protocol protocol) string { @@ -1429,25 +1403,10 @@ var tlsVersions = []tlsVersion{ versionDTLS: VersionDTLS12, }, { - name: "TLS13", - version: VersionTLS13, - excludeFlag: "-no-tls13", - versionWire: VersionTLS13, - tls13Variant: TLS13RFC, - }, - { - name: "TLS13Draft23", - version: VersionTLS13, - excludeFlag: "-no-tls13", - versionWire: tls13Draft23Version, - tls13Variant: TLS13Draft23, - }, - { - name: "TLS13Draft28", - version: VersionTLS13, - excludeFlag: "-no-tls13", - versionWire: tls13Draft28Version, - tls13Variant: TLS13Draft28, + name: "TLS13", + version: VersionTLS13, + excludeFlag: "-no-tls13", + versionWire: VersionTLS13, }, } @@ -1465,23 +1424,6 @@ func allVersions(protocol protocol) []tlsVersion { return ret } -func allShimVersions(protocol protocol) []tlsVersion { - if protocol == dtls { - return allVersions(protocol) - } - tls13Default := tlsVersion{ - name: "TLS13All", - version: VersionTLS13, - excludeFlag: "-no-tls13", - versionWire: 0, - tls13Variant: TLS13All, - } - - var shimVersions []tlsVersion - shimVersions = append(shimVersions, allVersions(protocol)...) - return append(shimVersions, tls13Default) -} - type testCipherSuite struct { name string id uint16 @@ -2985,20 +2927,19 @@ read alert 1 0 }, { testType: clientTest, - name: "TLS13Draft23-InvalidCompressionMethod", + name: "TLS13-InvalidCompressionMethod", config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ SendCompressionMethod: 1, }, }, - tls13Variant: TLS13Draft23, shouldFail: true, expectedError: ":DECODE_ERROR:", }, { testType: clientTest, - name: "TLS13Draft23-HRR-InvalidCompressionMethod", + name: "TLS13-HRR-InvalidCompressionMethod", config: Config{ MaxVersion: VersionTLS13, CurvePreferences: []CurveID{CurveP384}, @@ -3006,7 +2947,6 @@ read alert 1 0 SendCompressionMethod: 1, }, }, - tls13Variant: TLS13Draft23, shouldFail: true, expectedError: ":DECODE_ERROR:", expectedLocalError: "remote error: error decoding message", @@ -3095,8 +3035,7 @@ read alert 1 0 ExpectPackedEncryptedHandshake: 512, }, }, - tls13Variant: TLS13Draft28, - messageLen: 1024, + messageLen: 1024, flags: []string{ "-max-send-fragment", "512", "-read-size", "1024", @@ -3124,30 +3063,15 @@ read alert 1 0 expectedLocalError: "local error: record overflow", }, { - // Test that handshake data is not packed in TLS 1.3 - // draft-23. - testType: serverTest, - name: "ForbidHandshakePacking-TLS13Draft23", - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - ForbidHandshakePacking: true, - }, - }, - tls13Variant: TLS13Draft23, - }, - { - // Test that handshake data is tightly packed in TLS 1.3 - // draft-28. + // Test that handshake data is tightly packed in TLS 1.3. testType: serverTest, - name: "PackedEncryptedHandshake-TLS13Draft28", + name: "PackedEncryptedHandshake-TLS13", config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ ExpectPackedEncryptedHandshake: 16384, }, }, - tls13Variant: TLS13Draft28, }, { // Test that DTLS can handle multiple application data @@ -3306,7 +3230,6 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto AdvertiseAllConfiguredCiphers: true, }, }, - tls13Variant: ver.tls13Variant, certFile: certFile, keyFile: keyFile, flags: flags, @@ -3332,7 +3255,6 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto SendCipherSuite: sendCipherSuite, }, }, - tls13Variant: ver.tls13Variant, flags: flags, resumeSession: true, shouldFail: shouldFail, @@ -3356,9 +3278,8 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto PreSharedKey: []byte(psk), PreSharedKeyIdentity: pskIdentity, }, - tls13Variant: ver.tls13Variant, - flags: flags, - messageLen: maxPlaintext, + flags: flags, + messageLen: maxPlaintext, }) // Test bad records for all ciphers. Bad records are fatal in TLS @@ -3380,7 +3301,6 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto PreSharedKey: []byte(psk), PreSharedKeyIdentity: pskIdentity, }, - tls13Variant: ver.tls13Variant, flags: flags, damageFirstWrite: true, messageLen: maxPlaintext, @@ -3854,7 +3774,6 @@ func addClientAuthTests() { ClientAuth: RequireAnyClientCert, ClientCAs: certPool, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), @@ -3868,8 +3787,7 @@ func addClientAuthTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: ver.tls13Variant, - flags: []string{"-require-any-client-certificate"}, + flags: []string{"-require-any-client-certificate"}, }) testCases = append(testCases, testCase{ testType: serverTest, @@ -3879,8 +3797,7 @@ func addClientAuthTests() { MaxVersion: ver.version, Certificates: []Certificate{ecdsaP256Certificate}, }, - tls13Variant: ver.tls13Variant, - flags: []string{"-require-any-client-certificate"}, + flags: []string{"-require-any-client-certificate"}, }) testCases = append(testCases, testCase{ testType: clientTest, @@ -3891,7 +3808,6 @@ func addClientAuthTests() { ClientAuth: RequireAnyClientCert, ClientCAs: certPool, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile), "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile), @@ -3905,7 +3821,6 @@ func addClientAuthTests() { MaxVersion: ver.version, ClientAuth: RequireAnyClientCert, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "client didn't provide a certificate", }) @@ -3919,7 +3834,6 @@ func addClientAuthTests() { MinVersion: ver.version, MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-expect-verify-result", }, @@ -3935,7 +3849,6 @@ func addClientAuthTests() { MinVersion: ver.version, MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-expect-verify-result", "-verify-peer", @@ -3957,7 +3870,6 @@ func addClientAuthTests() { MaxVersion: ver.version, }, flags: []string{"-require-any-client-certificate"}, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:", expectedLocalError: certificateRequired, @@ -3975,7 +3887,6 @@ func addClientAuthTests() { }, // Setting SSL_VERIFY_PEER allows anonymous clients. flags: []string{"-verify-peer"}, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":UNEXPECTED_MESSAGE:", }) @@ -3991,7 +3902,6 @@ func addClientAuthTests() { "-enable-channel-id", "-verify-peer-if-no-obc", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:", expectedLocalError: certificateRequired, @@ -4006,7 +3916,6 @@ func addClientAuthTests() { ChannelID: channelIDKey, }, expectChannelID: true, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-channel-id", "-verify-peer-if-no-obc", @@ -4024,7 +3933,6 @@ func addClientAuthTests() { ExpectCertificateReqNames: caNames, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-require-any-client-certificate", "-use-client-ca-list", encodeDERValues(caNames), @@ -4041,7 +3949,6 @@ func addClientAuthTests() { ClientAuth: RequireAnyClientCert, ClientCAs: certPool, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), @@ -4107,7 +4014,7 @@ func addClientAuthTests() { // Test that an empty client CA list doesn't send a CA extension. testCases = append(testCases, testCase{ testType: serverTest, - name: "TLS13Draft23-Empty-Client-CA-List", + name: "TLS13-Empty-Client-CA-List", config: Config{ MaxVersion: VersionTLS13, Certificates: []Certificate{rsaCertificate}, @@ -4115,7 +4022,6 @@ func addClientAuthTests() { ExpectNoCertificateAuthoritiesExtension: true, }, }, - tls13Variant: TLS13Draft23, flags: []string{ "-require-any-client-certificate", "-use-client-ca-list", "", @@ -4160,8 +4066,7 @@ func addExtendedMasterSecretTests() { RequireExtendedMasterSecret: with, }, }, - tls13Variant: ver.tls13Variant, - flags: flags, + flags: flags, }) } } @@ -4467,37 +4372,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { resumeSession: true, }) - tests = append(tests, testCase{ - name: "TLS13Draft23-HelloRetryRequest-Client", - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - // P-384 requires a HelloRetryRequest against BoringSSL's default - // configuration. Assert this with ExpectMissingKeyShare. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - ExpectMissingKeyShare: true, - }, - }, - tls13Variant: TLS13Draft23, - // Cover HelloRetryRequest during an ECDHE-PSK resumption. - resumeSession: true, - }) - - tests = append(tests, testCase{ - testType: serverTest, - name: "TLS13Draft23-HelloRetryRequest-Server", - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - // Require a HelloRetryRequest for every curve. - DefaultCurves: []CurveID{}, - }, - tls13Variant: TLS13Draft23, - // Cover HelloRetryRequest during an ECDHE-PSK resumption. - resumeSession: true, - }) - tests = append(tests, testCase{ testType: clientTest, name: "TLS13-EarlyData-TooMuchData-Client", @@ -4855,7 +4729,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-ocsp-stapling", "-expect-ocsp-response", @@ -4870,7 +4743,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, expectedOCSPResponse: testOCSPResponse, flags: []string{ "-ocsp-response", @@ -4888,7 +4760,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-ocsp-stapling", "-use-ocsp-callback", @@ -4907,7 +4778,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-ocsp-stapling", "-use-ocsp-callback", @@ -4928,7 +4798,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{certNoStaple}, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-ocsp-stapling", "-use-ocsp-callback", @@ -4947,7 +4816,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, expectedOCSPResponse: testOCSPResponse, flags: []string{ "-use-ocsp-callback", @@ -4967,7 +4835,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, expectedOCSPResponse: []byte{}, flags: []string{ "-use-ocsp-callback", @@ -4985,7 +4852,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-use-ocsp-callback", "-fail-ocsp-callback", @@ -5028,7 +4894,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: append([]string{"-expect-verify-result"}, flags...), resumeSession: true, }) @@ -5039,7 +4904,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: append([]string{"-verify-fail"}, flags...), shouldFail: true, expectedError: ":CERTIFICATE_VERIFY_FAILED:", @@ -5052,7 +4916,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: append([]string{"-on-resume-verify-fail"}, flags...), resumeSession: true, }) @@ -5064,7 +4927,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: append([]string{ "-on-resume-verify-fail", "-reverify-on-resume", @@ -5080,7 +4942,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: append([]string{ "-reverify-on-resume", }, flags...), @@ -5099,7 +4960,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxEarlyDataSize: 16384, SessionTicketsDisabled: true, }, - tls13Variant: vers.tls13Variant, resumeSession: true, expectResumeRejected: true, flags: append([]string{ @@ -5126,7 +4986,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { AlwaysRejectEarlyData: true, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, expectResumeRejected: false, flags: append([]string{ @@ -5149,7 +5008,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxEarlyDataSize: 16384, SessionTicketsDisabled: true, }, - tls13Variant: vers.tls13Variant, resumeSession: true, expectResumeRejected: true, shouldFail: true, @@ -5179,7 +5037,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { AlwaysRejectEarlyData: true, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, expectResumeRejected: false, shouldFail: true, @@ -5208,7 +5065,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { ExpectEarlyData: [][]byte{[]byte("hello")}, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, expectResumeRejected: false, flags: append([]string{ @@ -5232,7 +5088,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { ExpectEarlyData: [][]byte{[]byte("hello")}, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, shouldFail: true, expectedError: ":CERTIFICATE_VERIFY_FAILED:", @@ -5258,7 +5113,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-verify-fail", "-expect-verify-result", @@ -5430,7 +5284,6 @@ read alert 1 0 MaxVersion: ver.version, RequestChannelID: true, }, - tls13Variant: ver.tls13Variant, flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)}, resumeSession: true, expectChannelID: true, @@ -5444,7 +5297,6 @@ read alert 1 0 MaxVersion: ver.version, ChannelID: channelIDKey, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-expect-channel-id", base64.StdEncoding.EncodeToString(channelIDBytes), @@ -5463,7 +5315,6 @@ read alert 1 0 InvalidChannelIDSignature: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{"-enable-channel-id"}, shouldFail: true, expectedError: ":CHANNEL_ID_SIGNATURE_INVALID:", @@ -5785,7 +5636,7 @@ func addDDoSCallbackTests() { func addVersionNegotiationTests() { for _, protocol := range []protocol{tls, dtls} { - for _, shimVers := range allShimVersions(protocol) { + for _, shimVers := range allVersions(protocol) { // Assemble flags to disable all newer versions on the shim. var flags []string for _, vers := range allVersions(protocol) { @@ -5796,11 +5647,6 @@ func addVersionNegotiationTests() { flags2 := []string{"-max-version", shimVers.shimFlag(protocol)} - if shimVers.tls13Variant != 0 { - flags = append(flags, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant)) - flags2 = append(flags2, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant)) - } - // Test configuring the runner's maximum version. for _, runnerVers := range allVersions(protocol) { expectedVersion := shimVers.version @@ -5808,12 +5654,6 @@ func addVersionNegotiationTests() { expectedVersion = runnerVers.version } - if expectedVersion == VersionTLS13 && runnerVers.tls13Variant != shimVers.tls13Variant { - if shimVers.tls13Variant != TLS13All { - expectedVersion = VersionTLS12 - } - } - suffix := shimVers.name + "-" + runnerVers.name if protocol == dtls { suffix += "-DTLS" @@ -5836,8 +5676,7 @@ func addVersionNegotiationTests() { testType: clientTest, name: "VersionNegotiation-Client-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ ExpectInitialRecordVersion: clientVers, }, @@ -5850,8 +5689,7 @@ func addVersionNegotiationTests() { testType: clientTest, name: "VersionNegotiation-Client2-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ ExpectInitialRecordVersion: clientVers, }, @@ -5865,8 +5703,7 @@ func addVersionNegotiationTests() { testType: serverTest, name: "VersionNegotiation-Server-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ ExpectInitialRecordVersion: serverVers, }, @@ -5879,8 +5716,7 @@ func addVersionNegotiationTests() { testType: serverTest, name: "VersionNegotiation-Server2-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ ExpectInitialRecordVersion: serverVers, }, @@ -5909,14 +5745,12 @@ func addVersionNegotiationTests() { testType: serverTest, name: "VersionNegotiationExtension-" + suffix, config: Config{ - TLS13Variant: vers.tls13Variant, Bugs: ProtocolBugs{ SendSupportedVersions: []uint16{0x1111, vers.wire(protocol), 0x2222}, IgnoreTLS13DowngradeRandom: true, }, }, expectedVersion: vers.version, - flags: []string{"-tls13-variant", strconv.Itoa(vers.tls13Variant)}, }) } } @@ -6140,7 +5974,6 @@ func addVersionNegotiationTests() { NegotiateVersion: test.version, }, }, - tls13Variant: TLS13RFC, expectedVersion: test.version, shouldFail: true, expectedError: ":TLS13_DOWNGRADE:", @@ -6156,7 +5989,6 @@ func addVersionNegotiationTests() { NegotiateVersion: test.version, }, }, - tls13Variant: TLS13RFC, expectedVersion: test.version, flags: []string{ "-ignore-tls13-downgrade", @@ -6173,37 +6005,12 @@ func addVersionNegotiationTests() { SendSupportedVersions: []uint16{test.version}, }, }, - tls13Variant: TLS13RFC, expectedVersion: test.version, shouldFail: true, expectedLocalError: test.clientShimError, }) } - // Test that the draft TLS 1.3 variants don't trigger the downgrade logic. - testCases = append(testCases, testCase{ - name: "Downgrade-Draft-Client", - config: Config{ - Bugs: ProtocolBugs{ - NegotiateVersion: VersionTLS12, - SendTLS13DowngradeRandom: true, - }, - }, - tls13Variant: TLS13Draft28, - expectedVersion: VersionTLS12, - }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "Downgrade-Draft-Server", - config: Config{ - Bugs: ProtocolBugs{ - CheckTLS13DowngradeRandom: true, - }, - }, - tls13Variant: TLS13Draft28, - expectedVersion: VersionTLS13, - }) - // Test that False Start is disabled when the downgrade logic triggers. testCases = append(testCases, testCase{ name: "Downgrade-FalseStart", @@ -6215,7 +6022,6 @@ func addVersionNegotiationTests() { AlertBeforeFalseStartTest: alertAccessDenied, }, }, - tls13Variant: TLS13RFC, expectedVersion: VersionTLS12, flags: []string{ "-false-start", @@ -6228,29 +6034,6 @@ func addVersionNegotiationTests() { expectedLocalError: "tls: peer did not false start: EOF", }) - // Test that draft TLS 1.3 versions do not trigger disabling False Start. - testCases = append(testCases, testCase{ - name: "Downgrade-FalseStart-Draft", - config: Config{ - MaxVersion: VersionTLS13, - TLS13Variant: TLS13RFC, - NextProtos: []string{"foo"}, - Bugs: ProtocolBugs{ - ExpectFalseStart: true, - }, - }, - expectedVersion: VersionTLS12, - flags: []string{ - "-false-start", - "-advertise-alpn", "\x03foo", - "-expect-alpn", "foo", - "-ignore-tls13-downgrade", - "-tls13-variant", strconv.Itoa(TLS13Draft28), - "-max-version", strconv.Itoa(VersionTLS13), - }, - shimWritesFirst: true, - }) - // SSL 3.0 support has been removed. Test that the shim does not // support it. testCases = append(testCases, testCase{ @@ -6305,22 +6088,7 @@ func addMinimumVersionTests() { flags2 := []string{"-min-version", shimVers.shimFlag(protocol)} - if shimVers.tls13Variant != 0 { - flags = append(flags, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant)) - flags2 = append(flags2, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant)) - } - for _, runnerVers := range allVersions(protocol) { - // Different TLS 1.3 variants are incompatible with each other and don't - // produce consistent minimum versions. - // - // TODO(davidben): Fold these tests (the main value is in the - // NegotiateVersion bug) into addVersionNegotiationTests and test based - // on intended shim behavior, not the shim + runner combination. - if shimVers.tls13Variant != runnerVers.tls13Variant { - continue - } - suffix := shimVers.name + "-" + runnerVers.name if protocol == dtls { suffix += "-DTLS" @@ -6342,8 +6110,7 @@ func addMinimumVersionTests() { testType: clientTest, name: "MinimumVersion-Client-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ // Ensure the server does not decline to // select a version (versions extension) or @@ -6363,8 +6130,7 @@ func addMinimumVersionTests() { testType: clientTest, name: "MinimumVersion-Client2-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ // Ensure the server does not decline to // select a version (versions extension) or @@ -6385,8 +6151,7 @@ func addMinimumVersionTests() { testType: serverTest, name: "MinimumVersion-Server-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, }, flags: flags, expectedVersion: expectedVersion, @@ -6399,8 +6164,7 @@ func addMinimumVersionTests() { testType: serverTest, name: "MinimumVersion-Server2-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, }, flags: flags2, expectedVersion: expectedVersion, @@ -6430,7 +6194,6 @@ func addExtensionTests() { DuplicateExtension: true, }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "remote error: error decoding message", }) @@ -6443,7 +6206,6 @@ func addExtensionTests() { DuplicateExtension: true, }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "remote error: error decoding message", }) @@ -6458,8 +6220,7 @@ func addExtensionTests() { ExpectServerName: "example.com", }, }, - tls13Variant: ver.tls13Variant, - flags: []string{"-host-name", "example.com"}, + flags: []string{"-host-name", "example.com"}, }) testCases = append(testCases, testCase{ testType: clientTest, @@ -6471,7 +6232,6 @@ func addExtensionTests() { }, }, flags: []string{"-host-name", "example.com"}, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "tls: unexpected server name", }) @@ -6484,7 +6244,6 @@ func addExtensionTests() { ExpectServerName: "missing.com", }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "tls: unexpected server name", }) @@ -6497,7 +6256,6 @@ func addExtensionTests() { SendServerNameAck: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{"-host-name", "example.com"}, resumeSession: true, }) @@ -6510,7 +6268,6 @@ func addExtensionTests() { SendServerNameAck: true, }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":UNEXPECTED_EXTENSION:", expectedLocalError: "remote error: unsupported extension", @@ -6522,7 +6279,6 @@ func addExtensionTests() { MaxVersion: ver.version, ServerName: "example.com", }, - tls13Variant: ver.tls13Variant, flags: []string{"-expect-server-name", "example.com"}, resumeSession: true, }) @@ -6539,7 +6295,6 @@ func addExtensionTests() { "-advertise-alpn", "\x03foo\x03bar\x03baz", "-expect-alpn", "foo", }, - tls13Variant: ver.tls13Variant, expectedNextProto: "foo", expectedNextProtoType: alpn, resumeSession: true, @@ -6556,7 +6311,6 @@ func addExtensionTests() { flags: []string{ "-advertise-alpn", "\x03foo\x03bar", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":INVALID_ALPN_PROTOCOL:", expectedLocalError: "remote error: illegal parameter", @@ -6575,7 +6329,6 @@ func addExtensionTests() { "-allow-unknown-alpn-protos", "-expect-alpn", "baz", }, - tls13Variant: ver.tls13Variant, }) testCases = append(testCases, testCase{ testType: serverTest, @@ -6588,7 +6341,6 @@ func addExtensionTests() { "-expect-advertised-alpn", "\x03foo\x03bar\x03baz", "-select-alpn", "foo", }, - tls13Variant: ver.tls13Variant, expectedNextProto: "foo", expectedNextProtoType: alpn, resumeSession: true, @@ -6601,7 +6353,6 @@ func addExtensionTests() { NextProtos: []string{"foo", "bar", "baz"}, }, flags: []string{"-decline-alpn"}, - tls13Variant: ver.tls13Variant, expectNoNextProto: true, resumeSession: true, }) @@ -6618,7 +6369,6 @@ func addExtensionTests() { "-expect-advertised-alpn", "\x03foo\x03bar\x03baz", "-select-empty-alpn", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "remote error: internal error", expectedError: ":INVALID_ALPN_PROTOCOL:", @@ -6640,7 +6390,6 @@ func addExtensionTests() { "-select-alpn", "foo", "-async", }, - tls13Variant: ver.tls13Variant, expectedNextProto: "foo", expectedNextProtoType: alpn, resumeSession: true, @@ -6662,7 +6411,6 @@ func addExtensionTests() { flags: []string{ "-advertise-alpn", "\x03foo", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":PARSE_TLSEXT:", }) @@ -6678,7 +6426,6 @@ func addExtensionTests() { flags: []string{ "-select-alpn", "foo", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":PARSE_TLSEXT:", }) @@ -6698,7 +6445,6 @@ func addExtensionTests() { "-select-alpn", "foo", "-advertise-npn", "\x03foo\x03bar\x03baz", }, - tls13Variant: ver.tls13Variant, expectedNextProto: "foo", expectedNextProtoType: alpn, resumeSession: true, @@ -6718,7 +6464,6 @@ func addExtensionTests() { "-select-alpn", "foo", "-advertise-npn", "\x03foo\x03bar\x03baz", }, - tls13Variant: ver.tls13Variant, expectedNextProto: "foo", expectedNextProtoType: alpn, resumeSession: true, @@ -6738,7 +6483,6 @@ func addExtensionTests() { "-advertise-alpn", "\x03foo", "-select-next-proto", "foo", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:", }) @@ -6756,7 +6500,6 @@ func addExtensionTests() { "-advertise-alpn", "\x03foo", "-select-next-proto", "foo", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:", }) @@ -6778,7 +6521,6 @@ func addExtensionTests() { }, expectTokenBinding: true, expectedTokenBindingParam: 2, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6796,7 +6538,6 @@ func addExtensionTests() { TokenBindingParams: []byte{3}, TokenBindingVersion: maxTokenBindingVersion, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6812,7 +6553,6 @@ func addExtensionTests() { TokenBindingParams: []byte{0, 1, 2}, TokenBindingVersion: minTokenBindingVersion - 1, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6830,7 +6570,6 @@ func addExtensionTests() { }, expectTokenBinding: true, expectedTokenBindingParam: 2, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6848,7 +6587,6 @@ func addExtensionTests() { TokenBindingParams: []byte{}, TokenBindingVersion: maxTokenBindingVersion, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6868,7 +6606,6 @@ func addExtensionTests() { }, expectTokenBinding: true, expectedTokenBindingParam: 2, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6887,7 +6624,6 @@ func addExtensionTests() { TokenBindingVersion: maxTokenBindingVersion, ExpectTokenBindingParams: []byte{0, 1, 2}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{0, 1, 2}), @@ -6905,7 +6641,6 @@ func addExtensionTests() { TokenBindingParams: []byte{2}, TokenBindingVersion: maxTokenBindingVersion, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":UNEXPECTED_EXTENSION:", }) @@ -6926,7 +6661,6 @@ func addExtensionTests() { "-expected-token-binding-param", "2", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ERROR_PARSING_EXTENSION:", }) @@ -6947,7 +6681,6 @@ func addExtensionTests() { "-expected-token-binding-param", "2", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ERROR_PARSING_EXTENSION:", }) @@ -6968,7 +6701,6 @@ func addExtensionTests() { "-expected-token-binding-param", "2", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ERROR_PARSING_EXTENSION:", }) @@ -6987,7 +6719,6 @@ func addExtensionTests() { "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{0, 1, 2}), }, - tls13Variant: ver.tls13Variant, }) testCases = append(testCases, testCase{ testType: clientTest, @@ -7006,7 +6737,6 @@ func addExtensionTests() { "-expected-token-binding-param", "2", }, - tls13Variant: ver.tls13Variant, }) testCases = append(testCases, testCase{ testType: clientTest, @@ -7023,7 +6753,6 @@ func addExtensionTests() { "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{0, 1, 2}), }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: "ERROR_PARSING_EXTENSION", }) @@ -7042,7 +6771,6 @@ func addExtensionTests() { NoExtendedMasterSecret: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -7063,7 +6791,6 @@ func addExtensionTests() { NoExtendedMasterSecret: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -7085,7 +6812,6 @@ func addExtensionTests() { NoRenegotiationInfo: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -7106,7 +6832,6 @@ func addExtensionTests() { NoRenegotiationInfo: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -7127,7 +6852,6 @@ func addExtensionTests() { MaxEarlyDataSize: 16384, }, resumeSession: true, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -7150,7 +6874,6 @@ func addExtensionTests() { resumeSession: true, expectTokenBinding: true, expectedTokenBindingParam: 2, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -7171,7 +6894,6 @@ func addExtensionTests() { MaxVersion: ver.version, QUICTransportParams: []byte{1, 2}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{3, 4}), @@ -7189,7 +6911,6 @@ func addExtensionTests() { MaxVersion: ver.version, QUICTransportParams: []byte{1, 2}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{3, 4}), @@ -7206,7 +6927,6 @@ func addExtensionTests() { MinVersion: ver.version, MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-max-version", strconv.Itoa(int(ver.version)), @@ -7222,7 +6942,6 @@ func addExtensionTests() { MaxVersion: ver.version, QUICTransportParams: []byte{1, 2}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{3, 4}), @@ -7238,7 +6957,6 @@ func addExtensionTests() { MaxVersion: ver.version, QUICTransportParams: []byte{1, 2}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-expected-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{1, 2}), @@ -7275,7 +6993,6 @@ func addExtensionTests() { }, }, }, - tls13Variant: ver.tls13Variant, resumeSession: true, expectResumeRejected: true, }) @@ -7286,7 +7003,6 @@ func addExtensionTests() { config: Config{ MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, resumeSession: true, flags: []string{"-use-ticket-callback"}, }) @@ -7299,7 +7015,6 @@ func addExtensionTests() { ExpectNewTicket: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{"-use-ticket-callback", "-renew-ticket"}, resumeSession: true, }) @@ -7319,7 +7034,6 @@ func addExtensionTests() { }, }, }, - tls13Variant: ver.tls13Variant, resumeSession: true, expectResumeRejected: true, flags: []string{ @@ -7475,7 +7189,6 @@ func addExtensionTests() { "-expect-signed-cert-timestamps", base64.StdEncoding.EncodeToString(testSCTList), }, - tls13Variant: ver.tls13Variant, resumeSession: true, }) @@ -7498,7 +7211,6 @@ func addExtensionTests() { "-expect-signed-cert-timestamps", base64.StdEncoding.EncodeToString(testSCTList), }, - tls13Variant: ver.tls13Variant, resumeSession: true, }) @@ -7512,7 +7224,6 @@ func addExtensionTests() { "-signed-cert-timestamps", base64.StdEncoding.EncodeToString(testSCTList), }, - tls13Variant: ver.tls13Variant, expectedSCTList: testSCTList, resumeSession: true, }) @@ -7531,7 +7242,6 @@ func addExtensionTests() { flags: []string{ "-enable-signed-cert-timestamps", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ERROR_PARSING_EXTENSION:", }) @@ -7550,7 +7260,6 @@ func addExtensionTests() { flags: []string{ "-enable-signed-cert-timestamps", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ERROR_PARSING_EXTENSION:", }) @@ -7566,7 +7275,6 @@ func addExtensionTests() { NoSignedCertificateTimestamps: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-ocsp-response", base64.StdEncoding.EncodeToString(testOCSPResponse), @@ -7835,29 +7543,19 @@ func addResumptionVersionTests() { suffix += "-DTLS" } - // We can't resume across TLS 1.3 variants and error out earlier in the - // session resumption. - if sessionVers.tls13Variant != resumeVers.tls13Variant { - continue - } - if sessionVers.version == resumeVers.version { testCases = append(testCases, testCase{ protocol: protocol, name: "Resume-Client" + suffix, resumeSession: true, config: Config{ - MaxVersion: sessionVers.version, - TLS13Variant: sessionVers.tls13Variant, + MaxVersion: sessionVers.version, Bugs: ProtocolBugs{ ExpectNoTLS13PSK: sessionVers.version < VersionTLS13, }, }, expectedVersion: sessionVers.version, expectedResumeVersion: resumeVers.version, - flags: []string{ - "-tls13-variant", strconv.Itoa(sessionVers.tls13Variant), - }, }) } else { testCases = append(testCases, testCase{ @@ -7865,13 +7563,11 @@ func addResumptionVersionTests() { name: "Resume-Client-Mismatch" + suffix, resumeSession: true, config: Config{ - MaxVersion: sessionVers.version, - TLS13Variant: sessionVers.tls13Variant, + MaxVersion: sessionVers.version, }, expectedVersion: sessionVers.version, resumeConfig: &Config{ - MaxVersion: resumeVers.version, - TLS13Variant: resumeVers.tls13Variant, + MaxVersion: resumeVers.version, Bugs: ProtocolBugs{ AcceptAnySession: true, }, @@ -7879,10 +7575,6 @@ func addResumptionVersionTests() { expectedResumeVersion: resumeVers.version, shouldFail: true, expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:", - flags: []string{ - "-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant), - "-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant), - }, }) } @@ -7891,21 +7583,15 @@ func addResumptionVersionTests() { name: "Resume-Client-NoResume" + suffix, resumeSession: true, config: Config{ - MaxVersion: sessionVers.version, - TLS13Variant: sessionVers.tls13Variant, + MaxVersion: sessionVers.version, }, expectedVersion: sessionVers.version, resumeConfig: &Config{ - MaxVersion: resumeVers.version, - TLS13Variant: resumeVers.tls13Variant, + MaxVersion: resumeVers.version, }, newSessionsOnResume: true, expectResumeRejected: true, expectedResumeVersion: resumeVers.version, - flags: []string{ - "-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant), - "-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant), - }, }) testCases = append(testCases, testCase{ @@ -7914,23 +7600,17 @@ func addResumptionVersionTests() { name: "Resume-Server" + suffix, resumeSession: true, config: Config{ - MaxVersion: sessionVers.version, - TLS13Variant: sessionVers.tls13Variant, + MaxVersion: sessionVers.version, }, expectedVersion: sessionVers.version, expectResumeRejected: sessionVers != resumeVers, resumeConfig: &Config{ - MaxVersion: resumeVers.version, - TLS13Variant: resumeVers.tls13Variant, + MaxVersion: resumeVers.version, Bugs: ProtocolBugs{ SendBothTickets: true, }, }, expectedResumeVersion: resumeVers.version, - flags: []string{ - "-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant), - "-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant), - }, }) // Repeat the test using session IDs, rather than tickets. @@ -8378,15 +8058,14 @@ func addRenegotiationTests() { }, }) testCases = append(testCases, testCase{ - name: "Renegotiate-Client-TLS13Draft23", + name: "Renegotiate-Client-TLS12", config: Config{ MaxVersion: VersionTLS12, Bugs: ProtocolBugs{ FailIfResumeOnRenego: true, }, }, - tls13Variant: TLS13Draft23, - renegotiate: 1, + renegotiate: 1, // Test renegotiation after both an initial and resumption // handshake. resumeSession: true, @@ -8996,7 +8675,6 @@ func addSignatureAlgorithmTests() { "-enable-all-curves", "-enable-ed25519", }, - tls13Variant: ver.tls13Variant, shouldFail: shouldSignFail, expectedError: signError, expectedLocalError: signLocalError, @@ -9019,7 +8697,6 @@ func addSignatureAlgorithmTests() { IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-require-any-client-certificate", "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)), @@ -9046,7 +8723,6 @@ func addSignatureAlgorithmTests() { fakeSigAlg2, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)), "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)), @@ -9075,7 +8751,6 @@ func addSignatureAlgorithmTests() { IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)), "-enable-all-curves", @@ -9103,7 +8778,6 @@ func addSignatureAlgorithmTests() { InvalidSignature: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-require-any-client-certificate", "-enable-all-curves", @@ -9126,7 +8800,6 @@ func addSignatureAlgorithmTests() { InvalidSignature: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-all-curves", "-enable-ed25519", @@ -9144,7 +8817,6 @@ func addSignatureAlgorithmTests() { ClientAuth: RequireAnyClientCert, VerifySignatureAlgorithms: allAlgorithms, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)), "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)), @@ -9163,7 +8835,6 @@ func addSignatureAlgorithmTests() { CipherSuites: signingCiphers, VerifySignatureAlgorithms: allAlgorithms, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)), "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)), @@ -9193,7 +8864,6 @@ func addSignatureAlgorithmTests() { signatureECDSAWithP256AndSHA256, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), @@ -9214,7 +8884,6 @@ func addSignatureAlgorithmTests() { signatureECDSAWithP256AndSHA256, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), @@ -10032,7 +9701,6 @@ func addSignatureAlgorithmTests() { ExpectRSAPSSSupport: expect, }, }, - tls13Variant: ver.tls13Variant, flags: flags, shouldFail: shouldFail, expectedLocalError: localError, @@ -10051,7 +9719,6 @@ func addSignatureAlgorithmTests() { ExpectRSAPSSSupport: expect, }, }, - tls13Variant: ver.tls13Variant, flags: serverFlags, shouldFail: shouldFail, expectedLocalError: localError, @@ -10279,7 +9946,6 @@ func addExportKeyingMaterialTests() { // Test the exporter in both initial and resumption // handshakes. resumeSession: true, - tls13Variant: vers.tls13Variant, exportKeyingMaterial: 1024, exportLabel: "label", exportContext: "context", @@ -10290,7 +9956,6 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, exportKeyingMaterial: 1024, }) testCases = append(testCases, testCase{ @@ -10298,7 +9963,6 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, exportKeyingMaterial: 1024, useExportContext: true, }) @@ -10307,7 +9971,6 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, exportKeyingMaterial: 1, exportLabel: "label", exportContext: "context", @@ -10324,7 +9987,6 @@ func addExportKeyingMaterialTests() { MaxEarlyDataSize: 16384, }, resumeSession: true, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -10356,7 +10018,6 @@ func addExportKeyingMaterialTests() { }, }, resumeSession: true, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -10381,7 +10042,6 @@ func addExportKeyingMaterialTests() { MaxEarlyDataSize: 16384, }, resumeSession: true, - tls13Variant: vers.tls13Variant, exportEarlyKeyingMaterial: 1024, exportLabel: "label", exportContext: "context", @@ -10402,7 +10062,6 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, flags: []string{"-export-early-keying-material", "1024"}, shouldFail: true, expectedError: ":EARLY_DATA_NOT_IN_USE:", @@ -10413,7 +10072,6 @@ func addExportKeyingMaterialTests() { MaxVersion: vers.version, }, resumeSession: true, - tls13Variant: vers.tls13Variant, flags: []string{"-on-resume-export-early-keying-material", "1024"}, shouldFail: true, expectedError: ":EARLY_DATA_NOT_IN_USE:", @@ -10431,7 +10089,6 @@ func addExportKeyingMaterialTests() { }, }, resumeSession: true, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -10453,7 +10110,6 @@ func addExportKeyingMaterialTests() { ExpectEarlyDataAccepted: true, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, exportKeyingMaterial: 1024, exportLabel: "label", @@ -10473,7 +10129,6 @@ func addExportKeyingMaterialTests() { ExpectEarlyDataAccepted: true, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, exportEarlyKeyingMaterial: 1024, exportLabel: "label", @@ -10489,7 +10144,6 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, flags: []string{"-export-early-keying-material", "1024"}, shouldFail: true, expectedError: ":EARLY_DATA_NOT_IN_USE:", @@ -10501,7 +10155,6 @@ func addExportKeyingMaterialTests() { MaxVersion: vers.version, }, resumeSession: true, - tls13Variant: vers.tls13Variant, flags: []string{"-on-resume-export-early-keying-material", "1024"}, shouldFail: true, expectedError: ":EARLY_DATA_NOT_IN_USE:", @@ -10514,7 +10167,6 @@ func addExportKeyingMaterialTests() { MaxVersion: vers.version, }, resumeSession: true, - tls13Variant: vers.tls13Variant, exportEarlyKeyingMaterial: 1024, exportLabel: "label", exportContext: "context", @@ -10528,7 +10180,6 @@ func addExportKeyingMaterialTests() { MaxVersion: vers.version, }, resumeSession: true, - tls13Variant: vers.tls13Variant, exportEarlyKeyingMaterial: 1024, exportLabel: "label", exportContext: "context", @@ -10814,7 +10465,6 @@ func addCurveTests() { }, CurvePreferences: []CurveID{curve.id}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-all-curves", "-expect-curve-id", strconv.Itoa(int(curve.id)), @@ -10833,7 +10483,6 @@ func addCurveTests() { }, CurvePreferences: []CurveID{curve.id}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-all-curves", "-expect-curve-id", strconv.Itoa(int(curve.id)), @@ -10856,7 +10505,6 @@ func addCurveTests() { SendCompressedCoordinates: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{"-enable-all-curves"}, shouldFail: true, expectedError: ":BAD_ECPOINT:", @@ -10876,7 +10524,6 @@ func addCurveTests() { SendCompressedCoordinates: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{"-enable-all-curves"}, shouldFail: true, expectedError: ":BAD_ECPOINT:", @@ -11639,7 +11286,6 @@ func addSessionTicketTests() { }, }, resumeSession: useStatefulResumption, - tls13Variant: ver.tls13Variant, flags: []string{"-no-ticket"}, }) @@ -11651,7 +11297,6 @@ func addSessionTicketTests() { MinVersion: ver.version, MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, resumeSession: true, expectResumeRejected: true, // Set SSL_OP_NO_TICKET on the second connection, after the first @@ -12281,7 +11926,7 @@ func makePerMessageTests() []perMessageTest { messageType: typeEndOfEarlyData, test: testCase{ testType: serverTest, - name: "TLS13Draft23-EndOfEarlyData", + name: "TLS13-EndOfEarlyData", config: Config{ MaxVersion: VersionTLS13, }, @@ -12292,7 +11937,6 @@ func makePerMessageTests() []perMessageTest { ExpectEarlyDataAccepted: true, }, }, - tls13Variant: TLS13Draft23, resumeSession: true, flags: []string{"-enable-early-data"}, }, @@ -12371,1637 +12015,1537 @@ func addTrailingMessageDataTests() { } func addTLS13HandshakeTests() { - for _, version := range allVersions(tls) { - if version.version != VersionTLS13 { - continue - } - name := version.name - variant := version.tls13Variant - - testCases = append(testCases, testCase{ - testType: clientTest, - name: "NegotiatePSKResumption-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - NegotiatePSKResumption: true, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "NegotiatePSKResumption-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + NegotiatePSKResumption: true, }, - tls13Variant: variant, - resumeSession: true, - shouldFail: true, - expectedError: ":MISSING_KEY_SHARE:", - }) + }, + resumeSession: true, + shouldFail: true, + expectedError: ":MISSING_KEY_SHARE:", + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "MissingKeyShare-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - MissingKeyShare: true, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "MissingKeyShare-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + MissingKeyShare: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":MISSING_KEY_SHARE:", - }) + }, + shouldFail: true, + expectedError: ":MISSING_KEY_SHARE:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "MissingKeyShare-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - MissingKeyShare: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "MissingKeyShare-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + MissingKeyShare: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":MISSING_KEY_SHARE:", - }) + }, + shouldFail: true, + expectedError: ":MISSING_KEY_SHARE:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "DuplicateKeyShares-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - DuplicateKeyShares: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "DuplicateKeyShares-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + DuplicateKeyShares: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DUPLICATE_KEY_SHARE:", - }) + }, + shouldFail: true, + expectedError: ":DUPLICATE_KEY_SHARE:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, }, - tls13Variant: variant, - }) + }, + }) - // Test that enabling a TLS 1.3 variant does not interfere with - // TLS 1.2 session ID resumption. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "ResumeTLS12SessionID-" + name, - config: Config{ - MaxVersion: VersionTLS12, - SessionTicketsDisabled: true, - }, - tls13Variant: variant, - resumeSession: true, - }) + // Test that enabling TLS 1.3 does not interfere with TLS 1.2 session ID + // resumption. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ResumeTLS12SessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS12, + SessionTicketsDisabled: true, + }, + resumeSession: true, + }) - // Test that the client correctly handles a TLS 1.3 ServerHello which echoes - // a TLS 1.2 session ID. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "TLS12SessionID-" + name, - config: Config{ - MaxVersion: VersionTLS12, - SessionTicketsDisabled: true, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, + // Test that the client correctly handles a TLS 1.3 ServerHello which echoes + // a TLS 1.2 session ID. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "TLS12SessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS12, + SessionTicketsDisabled: true, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + }, + resumeSession: true, + expectResumeRejected: true, + }) + + // Test that the server correctly echoes back session IDs of + // various lengths. The first test additionally asserts that + // BoringSSL always sends the ChangeCipherSpec messages for + // compatibility mode, rather than negotiating it based on the + // ClientHello. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EmptySessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendClientHelloSessionID: []byte{}, }, - tls13Variant: variant, - resumeSession: true, - expectResumeRejected: true, - }) + }, + }) - // Test that the server correctly echoes back session IDs of - // various lengths. The first test additionally asserts that - // BoringSSL always sends the ChangeCipherSpec messages for - // compatibility mode, rather than negotiating it based on the - // ClientHello. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EmptySessionID-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendClientHelloSessionID: []byte{}, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ShortSessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendClientHelloSessionID: make([]byte, 16), }, - tls13Variant: variant, - }) + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "ShortSessionID-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendClientHelloSessionID: make([]byte, 16), - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "FullSessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendClientHelloSessionID: make([]byte, 32), }, - tls13Variant: variant, - }) + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "FullSessionID-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendClientHelloSessionID: make([]byte, 32), - }, + // Test that the client sends a fake session ID in TLS 1.3. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "TLS13SessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExpectClientHelloSessionID: true, }, - tls13Variant: variant, - }) + }, + }) - // Test that the client sends a fake session ID in TLS 1.3. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "TLS13SessionID-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - ExpectClientHelloSessionID: true, - }, + // Test that the client omits the fake session ID when the max version is TLS 1.2 and below. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "TLS12NoSessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExpectNoTLS12Session: true, }, - tls13Variant: variant, - }) + }, + flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, + }) - // Test that the client omits the fake session ID when the max version is TLS 1.2 and below. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "TLS12NoSessionID-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - ExpectNoTLS12Session: true, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}}, }, - tls13Variant: variant, - flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-accept-early-data", + "-on-resume-shim-writes-first", + }, + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}}, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-accept-early-data", - "-on-resume-shim-writes-first", + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-Reject-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + AlwaysRejectEarlyData: true, }, - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + "-on-resume-shim-writes-first", + }, + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-Reject-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - AlwaysRejectEarlyData: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-resume-shim-writes-first", + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, }, - }) + }, + messageCount: 2, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-accept-early-data", + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, - }, - tls13Variant: variant, - messageCount: 2, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-accept-early-data", + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-FirstTicket-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + Bugs: ProtocolBugs{ + UseFirstSessionTicket: true, + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, }, - }) + }, + messageCount: 2, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-accept-early-data", + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-FirstTicket-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - Bugs: ProtocolBugs{ - UseFirstSessionTicket: true, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-OmitEarlyDataExtension-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, + OmitEarlyDataExtension: true, }, - tls13Variant: variant, - messageCount: 2, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-accept-early-data", + }, + shouldFail: true, + expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-TooMuchData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 16384 + 1, }, - }) + }, + shouldFail: true, + expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-OmitEarlyDataExtension-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - OmitEarlyDataExtension: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-Interleaved-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, + InterleaveEarlyData: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", - }) + }, + shouldFail: true, + expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-TooMuchData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 16384 + 1, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-EarlyDataInTLS12-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:", - }) + }, + shouldFail: true, + expectedError: ":UNEXPECTED_RECORD:", + flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-Interleaved-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - InterleaveEarlyData: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-HRR-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", - }) + DefaultCurves: []CurveID{}, + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-EarlyDataInTLS12-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - }, - }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_RECORD:", - flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, - }) - - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-HRR-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - }, - DefaultCurves: []CurveID{}, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-HRR-Interleaved-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, + InterleaveEarlyData: true, }, - tls13Variant: variant, - }) + DefaultCurves: []CurveID{}, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_RECORD:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-HRR-Interleaved-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - InterleaveEarlyData: true, - }, - DefaultCurves: []CurveID{}, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-HRR-TooMuchData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 16384 + 1, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_RECORD:", - }) + DefaultCurves: []CurveID{}, + }, + shouldFail: true, + expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-HRR-TooMuchData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 16384 + 1, - }, - DefaultCurves: []CurveID{}, + // Test that skipping early data looking for cleartext correctly + // processes an alert record. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-HRR-FatalAlert-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyAlert: true, + SendFakeEarlyDataLength: 4, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:", - }) + DefaultCurves: []CurveID{}, + }, + shouldFail: true, + expectedError: ":SSLV3_ALERT_HANDSHAKE_FAILURE:", + }) - // Test that skipping early data looking for cleartext correctly - // processes an alert record. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-HRR-FatalAlert-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyAlert: true, - SendFakeEarlyDataLength: 4, - }, - DefaultCurves: []CurveID{}, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-SecondClientHelloEarlyData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyDataOnSecondClientHello: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":SSLV3_ALERT_HANDSHAKE_FAILURE:", - }) + DefaultCurves: []CurveID{}, + }, + shouldFail: true, + expectedLocalError: "remote error: bad record MAC", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-SecondClientHelloEarlyData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyDataOnSecondClientHello: true, - }, - DefaultCurves: []CurveID{}, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EmptyEncryptedExtensions-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + EmptyEncryptedExtensions: true, }, - tls13Variant: variant, - shouldFail: true, - expectedLocalError: "remote error: bad record MAC", - }) + }, + shouldFail: true, + expectedLocalError: "remote error: error decoding message", + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EmptyEncryptedExtensions-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - EmptyEncryptedExtensions: true, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EncryptedExtensionsWithKeyShare-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + EncryptedExtensionsWithKeyShare: true, }, - tls13Variant: variant, - shouldFail: true, - expectedLocalError: "remote error: error decoding message", - }) + }, + shouldFail: true, + expectedLocalError: "remote error: unsupported extension", + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EncryptedExtensionsWithKeyShare-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - EncryptedExtensionsWithKeyShare: true, - }, - }, - tls13Variant: variant, - shouldFail: true, - expectedLocalError: "remote error: unsupported extension", - }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SendHelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // Require a HelloRetryRequest for every curve. + DefaultCurves: []CurveID{}, + }, + expectedCurveID: CurveX25519, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SendHelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // Require a HelloRetryRequest for every curve. - DefaultCurves: []CurveID{}, - }, - tls13Variant: variant, - expectedCurveID: CurveX25519, - }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SendHelloRetryRequest-2-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + DefaultCurves: []CurveID{CurveP384}, + }, + // Although the ClientHello did not predict our preferred curve, + // we always select it whether it is predicted or not. + expectedCurveID: CurveX25519, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SendHelloRetryRequest-2-" + name, - config: Config{ - MaxVersion: VersionTLS13, - DefaultCurves: []CurveID{CurveP384}, + testCases = append(testCases, testCase{ + name: "UnknownCurve-HelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCurve: bogusCurve, }, - tls13Variant: variant, - // Although the ClientHello did not predict our preferred curve, - // we always select it whether it is predicted or not. - expectedCurveID: CurveX25519, - }) + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - testCases = append(testCases, testCase{ - name: "UnknownCurve-HelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCurve: bogusCurve, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-CipherChange-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendCipherSuite: TLS_AES_128_GCM_SHA256, + SendHelloRetryRequestCipherSuite: TLS_CHACHA20_POLY1305_SHA256, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) + }, + shouldFail: true, + expectedError: ":WRONG_CIPHER_RETURNED:", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-CipherChange-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SendCipherSuite: TLS_AES_128_GCM_SHA256, - SendHelloRetryRequestCipherSuite: TLS_CHACHA20_POLY1305_SHA256, - }, + // Test that the client does not offer a PSK in the second ClientHello if the + // HelloRetryRequest is incompatible with it. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "HelloRetryRequest-NonResumableCipher-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + CipherSuites: []uint16{ + TLS_AES_128_GCM_SHA256, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CIPHER_RETURNED:", - }) - - // Test that the client does not offer a PSK in the second ClientHello if the - // HelloRetryRequest is incompatible with it. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "HelloRetryRequest-NonResumableCipher-" + name, - config: Config{ - MaxVersion: VersionTLS13, - CipherSuites: []uint16{ - TLS_AES_128_GCM_SHA256, - }, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + ExpectNoTLS13PSKAfterHRR: true, }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - ExpectNoTLS13PSKAfterHRR: true, - }, - CipherSuites: []uint16{ - TLS_AES_256_GCM_SHA384, - }, + CipherSuites: []uint16{ + TLS_AES_256_GCM_SHA384, }, - tls13Variant: variant, - resumeSession: true, - expectResumeRejected: true, - }) + }, + resumeSession: true, + expectResumeRejected: true, + }) - testCases = append(testCases, testCase{ - name: "DisabledCurve-HelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - CurvePreferences: []CurveID{CurveP256}, - Bugs: ProtocolBugs{ - IgnorePeerCurvePreferences: true, - }, + testCases = append(testCases, testCase{ + name: "DisabledCurve-HelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + CurvePreferences: []CurveID{CurveP256}, + Bugs: ProtocolBugs{ + IgnorePeerCurvePreferences: true, }, - tls13Variant: variant, - flags: []string{"-curves", strconv.Itoa(int(CurveP384))}, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) + }, + flags: []string{"-curves", strconv.Itoa(int(CurveP384))}, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - testCases = append(testCases, testCase{ - name: "UnnecessaryHelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - CurvePreferences: []CurveID{CurveX25519}, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCurve: CurveX25519, - }, + testCases = append(testCases, testCase{ + name: "UnnecessaryHelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + CurvePreferences: []CurveID{CurveX25519}, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCurve: CurveX25519, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - testCases = append(testCases, testCase{ - name: "SecondHelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SecondHelloRetryRequest: true, - }, + testCases = append(testCases, testCase{ + name: "SecondHelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SecondHelloRetryRequest: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_MESSAGE:", - }) + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-Empty-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - AlwaysSendHelloRetryRequest: true, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-Empty-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + AlwaysSendHelloRetryRequest: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":EMPTY_HELLO_RETRY_REQUEST:", - expectedLocalError: "remote error: illegal parameter", - }) + }, + shouldFail: true, + expectedError: ":EMPTY_HELLO_RETRY_REQUEST:", + expectedLocalError: "remote error: illegal parameter", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-DuplicateCurve-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires a HelloRetryRequest against BoringSSL's default - // configuration. Assert this ExpectMissingKeyShare. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - ExpectMissingKeyShare: true, - DuplicateHelloRetryRequestExtensions: true, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-DuplicateCurve-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires a HelloRetryRequest against BoringSSL's default + // configuration. Assert this ExpectMissingKeyShare. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + ExpectMissingKeyShare: true, + DuplicateHelloRetryRequestExtensions: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DUPLICATE_EXTENSION:", - expectedLocalError: "remote error: illegal parameter", - }) + }, + shouldFail: true, + expectedError: ":DUPLICATE_EXTENSION:", + expectedLocalError: "remote error: illegal parameter", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-Cookie-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte("cookie"), - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-Cookie-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte("cookie"), }, - tls13Variant: variant, - }) + }, + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-DuplicateCookie-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte("cookie"), - DuplicateHelloRetryRequestExtensions: true, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-DuplicateCookie-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte("cookie"), + DuplicateHelloRetryRequestExtensions: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DUPLICATE_EXTENSION:", - expectedLocalError: "remote error: illegal parameter", - }) + }, + shouldFail: true, + expectedError: ":DUPLICATE_EXTENSION:", + expectedLocalError: "remote error: illegal parameter", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-EmptyCookie-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte{}, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-EmptyCookie-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte{}, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DECODE_ERROR:", - }) + }, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-Cookie-Curve-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte("cookie"), - ExpectMissingKeyShare: true, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-Cookie-Curve-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte("cookie"), + ExpectMissingKeyShare: true, }, - tls13Variant: variant, - }) + }, + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-Unknown-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - CustomHelloRetryRequestExtension: "extension", - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-Unknown-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + CustomHelloRetryRequestExtension: "extension", }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION:", - expectedLocalError: "remote error: unsupported extension", - }) + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + expectedLocalError: "remote error: unsupported extension", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SecondClientHelloMissingKeyShare-" + name, - config: Config{ - MaxVersion: VersionTLS13, - DefaultCurves: []CurveID{}, - Bugs: ProtocolBugs{ - SecondClientHelloMissingKeyShare: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SecondClientHelloMissingKeyShare-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + DefaultCurves: []CurveID{}, + Bugs: ProtocolBugs{ + SecondClientHelloMissingKeyShare: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":MISSING_KEY_SHARE:", - }) + }, + shouldFail: true, + expectedError: ":MISSING_KEY_SHARE:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SecondClientHelloWrongCurve-" + name, - config: Config{ - MaxVersion: VersionTLS13, - DefaultCurves: []CurveID{}, - Bugs: ProtocolBugs{ - MisinterpretHelloRetryRequestCurve: CurveP521, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SecondClientHelloWrongCurve-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + DefaultCurves: []CurveID{}, + Bugs: ProtocolBugs{ + MisinterpretHelloRetryRequestCurve: CurveP521, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequestVersionMismatch-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SendServerHelloVersion: 0x0305, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequestVersionMismatch-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendServerHelloVersion: 0x0305, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_VERSION_NUMBER:", - }) + }, + shouldFail: true, + expectedError: ":WRONG_VERSION_NUMBER:", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequestCurveMismatch-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - // Send P-384 (correct) in the HelloRetryRequest. - SendHelloRetryRequestCurve: CurveP384, - // But send P-256 in the ServerHello. - SendCurve: CurveP256, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequestCurveMismatch-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + // Send P-384 (correct) in the HelloRetryRequest. + SendHelloRetryRequestCurve: CurveP384, + // But send P-256 in the ServerHello. + SendCurve: CurveP256, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - // Test the server selecting a curve that requires a HelloRetryRequest - // without sending it. - testCases = append(testCases, testCase{ - name: "SkipHelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SkipHelloRetryRequest: true, - }, + // Test the server selecting a curve that requires a HelloRetryRequest + // without sending it. + testCases = append(testCases, testCase{ + name: "SkipHelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SkipHelloRetryRequest: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) - - // Test that the supported_versions extension is enforced in the - // second ServerHello. Note we only enforce this starting draft 28. - if isDraft28(version.versionWire) { - testCases = append(testCases, testCase{ - name: "SecondServerHelloNoVersion-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - OmitServerSupportedVersionExtension: true, - }, - }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:", - }) - testCases = append(testCases, testCase{ - name: "SecondServerHelloWrongVersion-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SendServerSupportedVersionExtension: 0x1234, - }, - }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:", - }) - } + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - testCases = append(testCases, testCase{ - name: "RequestContextInHandshake-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - ClientAuth: RequireAnyClientCert, - Bugs: ProtocolBugs{ - SendRequestContext: []byte("request context"), - }, + testCases = append(testCases, testCase{ + name: "SecondServerHelloNoVersion-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + OmitServerSupportedVersionExtension: true, }, - tls13Variant: variant, - flags: []string{ - "-cert-file", path.Join(*resourceDir, rsaCertificateFile), - "-key-file", path.Join(*resourceDir, rsaKeyFile), + }, + shouldFail: true, + expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:", + }) + testCases = append(testCases, testCase{ + name: "SecondServerHelloWrongVersion-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendServerSupportedVersionExtension: 0x1234, }, - shouldFail: true, - expectedError: ":DECODE_ERROR:", - }) + }, + shouldFail: true, + expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:", + }) - testCases = append(testCases, testCase{ - name: "UnknownExtensionInCertificateRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - ClientAuth: RequireAnyClientCert, - Bugs: ProtocolBugs{ - SendCustomCertificateRequest: 0x1212, - }, - }, - tls13Variant: variant, - flags: []string{ - "-cert-file", path.Join(*resourceDir, rsaCertificateFile), - "-key-file", path.Join(*resourceDir, rsaKeyFile), + testCases = append(testCases, testCase{ + name: "RequestContextInHandshake-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + ClientAuth: RequireAnyClientCert, + Bugs: ProtocolBugs{ + SendRequestContext: []byte("request context"), }, - }) + }, + flags: []string{ + "-cert-file", path.Join(*resourceDir, rsaCertificateFile), + "-key-file", path.Join(*resourceDir, rsaKeyFile), + }, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + }) - testCases = append(testCases, testCase{ - name: "MissingSignatureAlgorithmsInCertificateRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - ClientAuth: RequireAnyClientCert, - Bugs: ProtocolBugs{ - OmitCertificateRequestAlgorithms: true, - }, - }, - tls13Variant: variant, - flags: []string{ - "-cert-file", path.Join(*resourceDir, rsaCertificateFile), - "-key-file", path.Join(*resourceDir, rsaKeyFile), + testCases = append(testCases, testCase{ + name: "UnknownExtensionInCertificateRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + ClientAuth: RequireAnyClientCert, + Bugs: ProtocolBugs{ + SendCustomCertificateRequest: 0x1212, }, - shouldFail: true, - expectedError: ":DECODE_ERROR:", - }) + }, + flags: []string{ + "-cert-file", path.Join(*resourceDir, rsaCertificateFile), + "-key-file", path.Join(*resourceDir, rsaKeyFile), + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "TrailingKeyShareData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - TrailingKeyShareData: true, - }, + testCases = append(testCases, testCase{ + name: "MissingSignatureAlgorithmsInCertificateRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + ClientAuth: RequireAnyClientCert, + Bugs: ProtocolBugs{ + OmitCertificateRequestAlgorithms: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DECODE_ERROR:", - }) + }, + flags: []string{ + "-cert-file", path.Join(*resourceDir, rsaCertificateFile), + "-key-file", path.Join(*resourceDir, rsaKeyFile), + }, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + }) - testCases = append(testCases, testCase{ - name: "AlwaysSelectPSKIdentity-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - AlwaysSelectPSKIdentity: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "TrailingKeyShareData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + TrailingKeyShareData: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION:", - }) + }, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + }) - testCases = append(testCases, testCase{ - name: "InvalidPSKIdentity-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SelectPSKIdentityOnResume: 1, - }, + testCases = append(testCases, testCase{ + name: "AlwaysSelectPSKIdentity-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + AlwaysSelectPSKIdentity: true, }, - tls13Variant: variant, - resumeSession: true, - shouldFail: true, - expectedError: ":PSK_IDENTITY_NOT_FOUND:", - }) + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "ExtraPSKIdentity-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - ExtraPSKIdentity: true, - SendExtraPSKBinder: true, - }, + testCases = append(testCases, testCase{ + name: "InvalidPSKIdentity-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SelectPSKIdentityOnResume: 1, }, - tls13Variant: variant, - resumeSession: true, - }) + }, + resumeSession: true, + shouldFail: true, + expectedError: ":PSK_IDENTITY_NOT_FOUND:", + }) - // Test that unknown NewSessionTicket extensions are tolerated. - testCases = append(testCases, testCase{ - name: "CustomTicketExtension-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - CustomTicketExtension: "1234", - }, - }, - tls13Variant: variant, - }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-RejectTicket-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Certificates: []Certificate{rsaCertificate}, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Certificates: []Certificate{ecdsaP256Certificate}, - SessionTicketsDisabled: true, - }, - tls13Variant: variant, - resumeSession: true, - expectResumeRejected: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-resume-shim-writes-first", - "-on-initial-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile), - "-on-resume-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile), - "-on-retry-expect-peer-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile), - // Session tickets are disabled, so the runner will not send a ticket. - "-on-retry-expect-no-session", + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ExtraPSKIdentity-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExtraPSKIdentity: true, + SendExtraPSKBinder: true, }, - }) + }, + resumeSession: true, + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-HRR-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", + // Test that unknown NewSessionTicket extensions are tolerated. + testCases = append(testCases, testCase{ + name: "CustomTicketExtension-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + CustomTicketExtension: "1234", }, - }) + }, + }) + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-RejectTicket-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Certificates: []Certificate{rsaCertificate}, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Certificates: []Certificate{ecdsaP256Certificate}, + SessionTicketsDisabled: true, + }, + resumeSession: true, + expectResumeRejected: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + "-on-resume-shim-writes-first", + "-on-initial-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile), + "-on-resume-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile), + "-on-retry-expect-peer-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile), + // Session tickets are disabled, so the runner will not send a ticket. + "-on-retry-expect-no-session", + }, + }) - // The client must check the server does not send the early_data - // extension while rejecting the session. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataWithoutResume-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - SessionTicketsDisabled: true, - Bugs: ProtocolBugs{ - SendEarlyDataExtension: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-HRR-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, }, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION:", - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + }, + }) - // The client must fail with a dedicated error code if the server - // responds with TLS 1.2 when offering 0-RTT. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataVersionDowngrade-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS12, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", + // The client must check the server does not send the early_data + // extension while rejecting the session. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyDataWithoutResume-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + SessionTicketsDisabled: true, + Bugs: ProtocolBugs{ + SendEarlyDataExtension: true, }, - shouldFail: true, - expectedError: ":WRONG_VERSION_ON_EARLY_DATA:", - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + }) - // Test that the client rejects an (unsolicited) early_data extension if - // the server sent an HRR. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "ServerAcceptsEarlyDataOnHRR-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, - SendEarlyDataExtension: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", + // The client must fail with a dedicated error code if the server + // responds with TLS 1.2 when offering 0-RTT. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyDataVersionDowngrade-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS12, + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + }, + shouldFail: true, + expectedError: ":WRONG_VERSION_ON_EARLY_DATA:", + }) + + // Test that the client rejects an (unsolicited) early_data extension if + // the server sent an HRR. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ServerAcceptsEarlyDataOnHRR-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, + SendEarlyDataExtension: true, }, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION:", - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "SkipChangeCipherSpec-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SkipChangeCipherSpec: true, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "SkipChangeCipherSpec-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SkipChangeCipherSpec: true, }, - tls13Variant: variant, - }) + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipChangeCipherSpec-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SkipChangeCipherSpec: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipChangeCipherSpec-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SkipChangeCipherSpec: true, }, - tls13Variant: variant, - }) + }, + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "TooManyChangeCipherSpec-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendExtraChangeCipherSpec: 33, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "TooManyChangeCipherSpec-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendExtraChangeCipherSpec: 33, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:", - }) + }, + shouldFail: true, + expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "TooManyChangeCipherSpec-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendExtraChangeCipherSpec: 33, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "TooManyChangeCipherSpec-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendExtraChangeCipherSpec: 33, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:", - }) + }, + shouldFail: true, + expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:", + }) - testCases = append(testCases, testCase{ - name: "SendPostHandshakeChangeCipherSpec-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendPostHandshakeChangeCipherSpec: true, - }, + testCases = append(testCases, testCase{ + name: "SendPostHandshakeChangeCipherSpec-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendPostHandshakeChangeCipherSpec: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_RECORD:", - expectedLocalError: "remote error: unexpected message", - }) + }, + shouldFail: true, + expectedError: ":UNEXPECTED_RECORD:", + expectedLocalError: "remote error: unexpected message", + }) - fooString := "foo" - barString := "bar" + fooString := "foo" + barString := "bar" - // Test that the client reports the correct ALPN after a 0-RTT reject - // that changed it. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-ALPNMismatch-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ALPNProtocol: &fooString, - }, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ALPNProtocol: &barString, - }, + // Test that the client reports the correct ALPN after a 0-RTT reject + // that changed it. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-ALPNMismatch-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + ALPNProtocol: &fooString, }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-initial-expect-alpn", "foo", - "-on-resume-expect-alpn", "foo", - "-on-retry-expect-alpn", "bar", + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + ALPNProtocol: &barString, }, - }) + }, + resumeSession: true, + flags: []string{ + "-advertise-alpn", "\x03foo\x03bar", + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + "-on-initial-expect-alpn", "foo", + "-on-resume-expect-alpn", "foo", + "-on-retry-expect-alpn", "bar", + }, + }) - // Test that the client reports the correct ALPN after a 0-RTT reject if - // ALPN was omitted from the first connection. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-ALPNOmitted1-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - NextProtos: []string{"foo"}, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-initial-expect-alpn", "", - "-on-resume-expect-alpn", "", - "-on-retry-expect-alpn", "foo", - "-on-resume-shim-writes-first", - }, - }) + // Test that the client reports the correct ALPN after a 0-RTT reject if + // ALPN was omitted from the first connection. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-ALPNOmitted1-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + NextProtos: []string{"foo"}, + }, + resumeSession: true, + flags: []string{ + "-advertise-alpn", "\x03foo\x03bar", + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + "-on-initial-expect-alpn", "", + "-on-resume-expect-alpn", "", + "-on-retry-expect-alpn", "foo", + "-on-resume-shim-writes-first", + }, + }) - // Test that the client reports the correct ALPN after a 0-RTT reject if - // ALPN was omitted from the second connection. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-ALPNOmitted2-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - NextProtos: []string{"foo"}, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + // Test that the client reports the correct ALPN after a 0-RTT reject if + // ALPN was omitted from the second connection. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-ALPNOmitted2-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + NextProtos: []string{"foo"}, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeSession: true, + flags: []string{ + "-advertise-alpn", "\x03foo\x03bar", + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + "-on-initial-expect-alpn", "foo", + "-on-resume-expect-alpn", "foo", + "-on-retry-expect-alpn", "", + "-on-resume-shim-writes-first", + }, + }) + + // Test that the client enforces ALPN match on 0-RTT accept. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-BadALPNMismatch-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + ALPNProtocol: &fooString, }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-initial-expect-alpn", "foo", - "-on-resume-expect-alpn", "foo", - "-on-retry-expect-alpn", "", - "-on-resume-shim-writes-first", + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + AlwaysAcceptEarlyData: true, + ALPNProtocol: &barString, }, - }) + }, + resumeSession: true, + flags: []string{ + "-advertise-alpn", "\x03foo\x03bar", + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-on-initial-expect-alpn", "foo", + "-on-resume-expect-alpn", "foo", + "-on-retry-expect-alpn", "bar", + }, + shouldFail: true, + expectedError: ":ALPN_MISMATCH_ON_EARLY_DATA:", + }) - // Test that the client enforces ALPN match on 0-RTT accept. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-BadALPNMismatch-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ALPNProtocol: &fooString, - }, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - AlwaysAcceptEarlyData: true, - ALPNProtocol: &barString, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-initial-expect-alpn", "foo", - "-on-resume-expect-alpn", "foo", - "-on-retry-expect-alpn", "bar", - }, - shouldFail: true, - expectedError: ":ALPN_MISMATCH_ON_EARLY_DATA:", - }) - - // Test that the client does not offer early data if it is incompatible - // with ALPN preferences. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-ALPNPreferenceChanged-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - NextProtos: []string{"foo", "bar"}, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-no-offer-early-data", - "-on-initial-advertise-alpn", "\x03foo", - "-on-resume-advertise-alpn", "\x03bar", - "-on-initial-expect-alpn", "foo", - "-on-resume-expect-alpn", "bar", - }, - }) - - // Test that the server correctly rejects 0-RTT when the previous - // session did not allow early data on resumption. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-NonZeroRTTSession-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-on-resume-enable-early-data", - "-expect-reject-early-data", - }, - }) - - // Test that we reject early data where ALPN is omitted from the first - // connection. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-ALPNOmitted1-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{}, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{"foo"}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-on-initial-select-alpn", "", - "-on-resume-select-alpn", "foo", - }, - }) - - // Test that we reject early data where ALPN is omitted from the second - // connection. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-ALPNOmitted2-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{"foo"}, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-on-initial-select-alpn", "foo", - "-on-resume-select-alpn", "", - }, - }) - - // Test that we reject early data with mismatched ALPN. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-ALPNMismatch-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{"foo"}, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{"bar"}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-on-initial-select-alpn", "foo", - "-on-resume-select-alpn", "bar", - }, - }) - - // Test that the client offering 0-RTT and Channel ID forbids the server - // from accepting both. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataChannelID-AcceptBoth-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - RequestChannelID: true, - }, - tls13Variant: variant, - resumeSession: true, - expectChannelID: true, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION_ON_EARLY_DATA:", - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), - }, - }) - - // Test that the client offering Channel ID and 0-RTT allows the server - // to decline 0-RTT. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataChannelID-AcceptChannelID-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - RequestChannelID: true, - Bugs: ProtocolBugs{ - AlwaysRejectEarlyData: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - expectChannelID: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), - "-expect-reject-early-data", - }, - }) - - // Test that the client offering Channel ID and 0-RTT allows the server - // to decline Channel ID. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataChannelID-AcceptEarlyData-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), - "-expect-accept-early-data", - }, - }) + // Test that the client does not offer early data if it is incompatible + // with ALPN preferences. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-ALPNPreferenceChanged-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + NextProtos: []string{"foo", "bar"}, + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-no-offer-early-data", + "-on-initial-advertise-alpn", "\x03foo", + "-on-resume-advertise-alpn", "\x03bar", + "-on-initial-expect-alpn", "foo", + "-on-resume-expect-alpn", "bar", + }, + }) - // Test that the server supporting Channel ID and 0-RTT declines 0-RTT - // if it would negotiate Channel ID. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyDataChannelID-OfferBoth-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - ChannelID: channelIDKey, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, - }, - tls13Variant: variant, - resumeSession: true, - expectChannelID: true, - flags: []string{ - "-enable-early-data", - "-expect-reject-early-data", - "-expect-channel-id", - base64.StdEncoding.EncodeToString(channelIDBytes), + // Test that the server correctly rejects 0-RTT when the previous + // session did not allow early data on resumption. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-NonZeroRTTSession-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: false, }, - }) + }, + resumeSession: true, + flags: []string{ + "-on-resume-enable-early-data", + "-expect-reject-early-data", + }, + }) - // Test that the server supporting Channel ID and 0-RTT accepts 0-RTT - // if not offered Channel ID. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyDataChannelID-OfferEarlyData-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, - }, - tls13Variant: variant, - resumeSession: true, - expectChannelID: false, - flags: []string{ - "-enable-early-data", - "-expect-accept-early-data", - "-enable-channel-id", + // Test that we reject early data where ALPN is omitted from the first + // connection. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-ALPNOmitted1-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{}, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{"foo"}, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: false, }, - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-on-initial-select-alpn", "", + "-on-resume-select-alpn", "foo", + }, + }) - // Test that the server rejects 0-RTT streams without end_of_early_data. - // The subsequent records should fail to decrypt. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-SkipEndOfEarlyData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - SkipEndOfEarlyData: true, - }, + // Test that we reject early data where ALPN is omitted from the second + // connection. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-ALPNOmitted2-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{"foo"}, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{}, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: false, }, - tls13Variant: variant, - resumeSession: true, - flags: []string{"-enable-early-data"}, - shouldFail: true, - expectedLocalError: "remote error: bad record MAC", - expectedError: ":BAD_DECRYPT:", - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-on-initial-select-alpn", "foo", + "-on-resume-select-alpn", "", + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-UnexpectedHandshake-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - SendStrayEarlyHandshake: true, - ExpectEarlyDataAccepted: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - shouldFail: true, - expectedError: ":UNEXPECTED_MESSAGE:", - expectedLocalError: "remote error: unexpected message", - flags: []string{ - "-enable-early-data", + // Test that we reject early data with mismatched ALPN. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-ALPNMismatch-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{"foo"}, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{"bar"}, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: false, }, - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-on-initial-select-alpn", "foo", + "-on-resume-select-alpn", "bar", + }, + }) - // Test that the client reports TLS 1.3 as the version while sending - // early data. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-Client-VersionAPI-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-accept-early-data", - "-expect-version", strconv.Itoa(VersionTLS13), - }, - }) + // Test that the client offering 0-RTT and Channel ID forbids the server + // from accepting both. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyDataChannelID-AcceptBoth-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + RequestChannelID: true, + }, + resumeSession: true, + expectChannelID: true, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION_ON_EARLY_DATA:", + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), + }, + }) - // Test that client and server both notice handshake errors after data - // has started flowing. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-Client-BadFinished-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - BadFinished: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-accept-early-data", - }, - shouldFail: true, - expectedError: ":DIGEST_CHECK_FAILED:", - expectedLocalError: "remote error: error decrypting message", - }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-Server-BadFinished-" + name, - config: Config{ - MaxVersion: VersionTLS13, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - BadFinished: true, - }, + // Test that the client offering Channel ID and 0-RTT allows the server + // to decline 0-RTT. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyDataChannelID-AcceptChannelID-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + RequestChannelID: true, + Bugs: ProtocolBugs{ + AlwaysRejectEarlyData: true, }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-accept-early-data", + }, + resumeSession: true, + expectChannelID: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), + "-expect-reject-early-data", + }, + }) + + // Test that the client offering Channel ID and 0-RTT allows the server + // to decline Channel ID. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyDataChannelID-AcceptEarlyData-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), + "-expect-accept-early-data", + }, + }) + + // Test that the server supporting Channel ID and 0-RTT declines 0-RTT + // if it would negotiate Channel ID. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyDataChannelID-OfferBoth-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + ChannelID: channelIDKey, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: false, }, - shouldFail: true, - expectedError: ":DIGEST_CHECK_FAILED:", - expectedLocalError: "remote error: error decrypting message", - }) + }, + resumeSession: true, + expectChannelID: true, + flags: []string{ + "-enable-early-data", + "-expect-reject-early-data", + "-expect-channel-id", + base64.StdEncoding.EncodeToString(channelIDBytes), + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "Server-NonEmptyEndOfEarlyData-" + name, - config: Config{ - MaxVersion: VersionTLS13, + // Test that the server supporting Channel ID and 0-RTT accepts 0-RTT + // if not offered Channel ID. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyDataChannelID-OfferEarlyData-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - NonEmptyEndOfEarlyData: true, - }, + }, + resumeSession: true, + expectChannelID: false, + flags: []string{ + "-enable-early-data", + "-expect-accept-early-data", + "-enable-channel-id", + }, + }) + + // Test that the server rejects 0-RTT streams without end_of_early_data. + // The subsequent records should fail to decrypt. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-SkipEndOfEarlyData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + SkipEndOfEarlyData: true, }, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-accept-early-data", + }, + resumeSession: true, + flags: []string{"-enable-early-data"}, + shouldFail: true, + expectedLocalError: "remote error: bad record MAC", + expectedError: ":BAD_DECRYPT:", + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-UnexpectedHandshake-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + SendStrayEarlyHandshake: true, + ExpectEarlyDataAccepted: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DECODE_ERROR:", - }) + }, + resumeSession: true, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + flags: []string{ + "-enable-early-data", + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "ServerSkipCertificateVerify-" + name, - config: Config{ - MinVersion: VersionTLS13, - MaxVersion: VersionTLS13, - Certificates: []Certificate{rsaChainCertificate}, - Bugs: ProtocolBugs{ - SkipCertificateVerify: true, - }, + // Test that the client reports TLS 1.3 as the version while sending + // early data. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-Client-VersionAPI-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-accept-early-data", + "-expect-version", strconv.Itoa(VersionTLS13), + }, + }) + + // Test that client and server both notice handshake errors after data + // has started flowing. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-Client-BadFinished-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + BadFinished: true, }, - tls13Variant: variant, - expectPeerCertificate: &rsaChainCertificate, - flags: []string{ - "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), - "-key-file", path.Join(*resourceDir, rsaChainKeyFile), - "-require-any-client-certificate", + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-accept-early-data", + }, + shouldFail: true, + expectedError: ":DIGEST_CHECK_FAILED:", + expectedLocalError: "remote error: error decrypting message", + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-Server-BadFinished-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, + BadFinished: true, }, - shouldFail: true, - expectedError: ":UNEXPECTED_MESSAGE:", - expectedLocalError: "remote error: unexpected message", - }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "ClientSkipCertificateVerify-" + name, - config: Config{ - MinVersion: VersionTLS13, - MaxVersion: VersionTLS13, - Certificates: []Certificate{rsaChainCertificate}, - Bugs: ProtocolBugs{ - SkipCertificateVerify: true, - }, + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-accept-early-data", + }, + shouldFail: true, + expectedError: ":DIGEST_CHECK_FAILED:", + expectedLocalError: "remote error: error decrypting message", + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "Server-NonEmptyEndOfEarlyData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + NonEmptyEndOfEarlyData: true, }, - tls13Variant: variant, - expectPeerCertificate: &rsaChainCertificate, - flags: []string{ - "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), - "-key-file", path.Join(*resourceDir, rsaChainKeyFile), + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-accept-early-data", + }, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ServerSkipCertificateVerify-TLS13", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Certificates: []Certificate{rsaChainCertificate}, + Bugs: ProtocolBugs{ + SkipCertificateVerify: true, }, - shouldFail: true, - expectedError: ":UNEXPECTED_MESSAGE:", - expectedLocalError: "remote error: unexpected message", - }) - } + }, + expectPeerCertificate: &rsaChainCertificate, + flags: []string{ + "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), + "-key-file", path.Join(*resourceDir, rsaChainKeyFile), + "-require-any-client-certificate", + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + }) + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ClientSkipCertificateVerify-TLS13", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Certificates: []Certificate{rsaChainCertificate}, + Bugs: ProtocolBugs{ + SkipCertificateVerify: true, + }, + }, + expectPeerCertificate: &rsaChainCertificate, + flags: []string{ + "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), + "-key-file", path.Join(*resourceDir, rsaChainKeyFile), + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + }) + } func addTLS13CipherPreferenceTests() { @@ -14192,7 +13736,6 @@ func addRecordVersionTests() { SendRecordVersion: 0x03ff, }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":WRONG_VERSION_NUMBER:", }) @@ -14209,7 +13752,6 @@ func addRecordVersionTests() { SendInitialRecordVersion: 0x03ff, }, }, - tls13Variant: ver.tls13Variant, }) // Test that garbage ClientHello record versions are rejected. @@ -14223,7 +13765,6 @@ func addRecordVersionTests() { SendInitialRecordVersion: 0xffff, }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":WRONG_VERSION_NUMBER:", }) @@ -14243,7 +13784,6 @@ func addCertificateTests() { Certificates: []Certificate{rsaChainCertificate}, ClientAuth: RequireAnyClientCert, }, - tls13Variant: ver.tls13Variant, expectPeerCertificate: &rsaChainCertificate, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), @@ -14260,7 +13800,6 @@ func addCertificateTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaChainCertificate}, }, - tls13Variant: ver.tls13Variant, expectPeerCertificate: &rsaChainCertificate, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), @@ -14279,7 +13818,6 @@ func addCertificateTests() { MaxVersion: ver.version, Certificates: []Certificate{garbageCertificate}, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":CANNOT_PARSE_LEAF_CERT:", expectedLocalError: "remote error: error decoding message", @@ -14293,7 +13831,6 @@ func addCertificateTests() { MaxVersion: ver.version, Certificates: []Certificate{garbageCertificate}, }, - tls13Variant: ver.tls13Variant, flags: []string{"-require-any-client-certificate"}, shouldFail: true, expectedError: ":CANNOT_PARSE_LEAF_CERT:", @@ -14314,7 +13851,6 @@ func addRetainOnlySHA256ClientCertTests() { MinVersion: ver.version, MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-on-initial-retain-only-sha256-client-cert", "-on-resume-retain-only-sha256-client-cert", @@ -14332,7 +13868,6 @@ func addRetainOnlySHA256ClientCertTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-verify-peer", "-on-initial-retain-only-sha256-client-cert", @@ -14354,7 +13889,6 @@ func addRetainOnlySHA256ClientCertTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-verify-peer", "-on-initial-retain-only-sha256-client-cert", @@ -14375,7 +13909,6 @@ func addRetainOnlySHA256ClientCertTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-verify-peer", "-on-resume-retain-only-sha256-client-cert", @@ -14438,7 +13971,6 @@ func addECDSAKeyUsageTests() { MaxVersion: ver.version, Certificates: []Certificate{cert}, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ECC_CERT_NOT_FOR_SIGNING:", }) @@ -14692,9 +14224,8 @@ func addCertCompressionTests() { // Duplicate compression algorithms is an error, even if nothing is // configured. testCases = append(testCases, testCase{ - testType: serverTest, - name: "DuplicateCertCompressionExt-" + ver.name, - tls13Variant: ver.tls13Variant, + testType: serverTest, + name: "DuplicateCertCompressionExt-" + ver.name, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14709,10 +14240,9 @@ func addCertCompressionTests() { // With compression algorithms configured, an duplicate values should still // be an error. testCases = append(testCases, testCase{ - testType: serverTest, - name: "DuplicateCertCompressionExt2-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: serverTest, + name: "DuplicateCertCompressionExt2-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14740,10 +14270,9 @@ func addCertCompressionTests() { } testCases = append(testCases, testCase{ - testType: serverTest, - name: "CertCompressionExpands-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: serverTest, + name: "CertCompressionExpands-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14755,10 +14284,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: serverTest, - name: "CertCompressionShrinks-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: serverTest, + name: "CertCompressionShrinks-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14772,10 +14300,9 @@ func addCertCompressionTests() { // With both algorithms configured, the server should pick its most // preferable. (Which is expandingAlgId.) testCases = append(testCases, testCase{ - testType: serverTest, - name: "CertCompressionPriority-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: serverTest, + name: "CertCompressionPriority-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14790,10 +14317,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: clientTest, - name: "CertCompressionExpandsClient-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: clientTest, + name: "CertCompressionExpandsClient-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14807,10 +14333,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: clientTest, - name: "CertCompressionShrinksClient-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: clientTest, + name: "CertCompressionShrinksClient-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14824,10 +14349,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: clientTest, - name: "CertCompressionBadAlgIdClient-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: clientTest, + name: "CertCompressionBadAlgIdClient-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14844,10 +14368,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: clientTest, - name: "CertCompressionTooSmallClient-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: clientTest, + name: "CertCompressionTooSmallClient-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14864,10 +14387,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: clientTest, - name: "CertCompressionTooLargeClient-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: clientTest, + name: "CertCompressionTooLargeClient-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, diff --git a/ssl/test/settings_writer.cc b/ssl/test/settings_writer.cc index 66025f6e..fe8d42e9 100644 --- a/ssl/test/settings_writer.cc +++ b/ssl/test/settings_writer.cc @@ -59,12 +59,6 @@ bool SettingsWriter::Init(int i, const TestConfig *config, return false; } - if (config->tls13_variant != 0 && - (!CBB_add_u16(cbb_.get(), kTLS13Variant) || - !CBB_add_u8(cbb_.get(), static_cast(config->tls13_variant)))) { - return false; - } - return true; } diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index b88d0aec..edbede62 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -218,7 +218,6 @@ const Flag kIntFlags[] = { { "-max-send-fragment", &TestConfig::max_send_fragment }, { "-read-size", &TestConfig::read_size }, { "-expect-ticket-age-skew", &TestConfig::expect_ticket_age_skew }, - { "-tls13-variant", &TestConfig::tls13_variant }, }; const Flag> kIntVectorFlags[] = { @@ -1247,9 +1246,6 @@ bssl::UniquePtr TestConfig::SetupCtx(SSL_CTX *old_ctx) const { SSL_CTX_set_early_data_enabled(ssl_ctx.get(), 1); } - SSL_CTX_set_tls13_variant(ssl_ctx.get(), - static_cast(tls13_variant)); - if (allow_unknown_alpn_protos) { SSL_CTX_set_allow_unknown_alpn_protos(ssl_ctx.get(), 1); } diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index 5d5eb5ad..41709ab0 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h @@ -104,7 +104,6 @@ struct TestConfig { bool use_ticket_callback = false; bool renew_ticket = false; bool enable_early_data = false; - int tls13_variant = 0; bool enable_client_custom_extension = false; bool enable_server_custom_extension = false; bool custom_extension_skip = false; diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc index e7d6dae6..ac97165f 100644 --- a/ssl/tls13_client.cc +++ b/ssl/tls13_client.cc @@ -294,16 +294,14 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) { return ssl_hs_error; } - if (ssl_is_draft28(ssl->version)) { - // Recheck supported_versions, in case this is the second ServerHello. - uint16_t version; - if (!have_supported_versions || - !CBS_get_u16(&supported_versions, &version) || - version != ssl->version) { - OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH); - ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - return ssl_hs_error; - } + // Recheck supported_versions, in case this is the second ServerHello. + uint16_t version; + if (!have_supported_versions || + !CBS_get_u16(&supported_versions, &version) || + version != ssl->version) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH); + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return ssl_hs_error; } alert = SSL_AD_DECODE_ERROR; diff --git a/tool/client.cc b/tool/client.cc index 80acf34a..f4d14410 100644 --- a/tool/client.cc +++ b/tool/client.cc @@ -125,10 +125,6 @@ static const struct argument kArguments[] = { "this flag is the early data to send or if it starts with '@', the " "file to read from for early data.", }, - { - "-tls13-variant", kOptionalArgument, - "Enable the specified experimental TLS 1.3 variant", - }, { "-ed25519", kBooleanArgument, "Advertise Ed25519 support", }, @@ -328,26 +324,6 @@ static bool DoConnection(SSL_CTX *ctx, return cb(ssl.get(), sock); } -static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) { - if (in == "draft23") { - *out = tls13_draft23; - return true; - } - if (in == "draft28") { - *out = tls13_draft28; - return true; - } - if (in == "rfc") { - *out = tls13_rfc; - return true; - } - if (in == "all") { - *out = tls13_all; - return true; - } - return false; -} - static void InfoCallback(const SSL *ssl, int type, int value) { switch (type) { case SSL_CB_HANDSHAKE_START: @@ -528,16 +504,6 @@ bool Client(const std::vector &args) { SSL_CTX_set_early_data_enabled(ctx.get(), 1); } - if (args_map.count("-tls13-variant") != 0) { - tls13_variant_t variant; - if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) { - fprintf(stderr, "Unknown TLS 1.3 variant: %s\n", - args_map["-tls13-variant"].c_str()); - return false; - } - SSL_CTX_set_tls13_variant(ctx.get(), variant); - } - if (args_map.count("-ed25519") != 0) { SSL_CTX_set_ed25519_enabled(ctx.get(), 1); } diff --git a/tool/server.cc b/tool/server.cc index a655db52..989d335f 100644 --- a/tool/server.cc +++ b/tool/server.cc @@ -67,10 +67,6 @@ static const struct argument kArguments[] = { { "-early-data", kBooleanArgument, "Allow early data", }, - { - "-tls13-variant", kOptionalArgument, - "Enable the specified experimental TLS 1.3 variant", - }, { "-www", kBooleanArgument, "The server will print connection information in response to a " @@ -152,26 +148,6 @@ static bssl::UniquePtr MakeSelfSignedCert(EVP_PKEY *evp_pkey, return x509; } -static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) { - if (in == "draft23") { - *out = tls13_draft23; - return true; - } - if (in == "draft28") { - *out = tls13_draft28; - return true; - } - if (in == "rfc") { - *out = tls13_rfc; - return true; - } - if (in == "all") { - *out = tls13_all; - return true; - } - return false; -} - static void InfoCallback(const SSL *ssl, int type, int value) { switch (type) { case SSL_CB_HANDSHAKE_START: @@ -331,16 +307,6 @@ bool Server(const std::vector &args) { SSL_CTX_set_early_data_enabled(ctx.get(), 1); } - if (args_map.count("-tls13-variant") != 0) { - tls13_variant_t variant; - if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) { - fprintf(stderr, "Unknown TLS 1.3 variant: %s\n", - args_map["-tls13-variant"].c_str()); - return false; - } - SSL_CTX_set_tls13_variant(ctx.get(), variant); - } - if (args_map.count("-debug") != 0) { SSL_CTX_set_info_callback(ctx.get(), InfoCallback); }