e7c95d91f8
We were only running a random subset of TLS 1.3 tests with variants and let a lot of bugs through as a result. - HelloRetryRequest-EmptyCookie wasn't actually testing what we were trying to test. - The second HelloRetryRequest detection needs tweaks in draft-22. - The empty HelloRetryRequest logic can't be based on non-empty extensions in draft-22. - We weren't sending ChangeCipherSpec correctly in HRR or testing it right. - Rework how runner reads ChangeCipherSpec by setting a flag which affects the next readRecord. This cuts down a lot of cases and works correctly if the client didn't send early data. (In that case, we don't flush CCS until EndOfEarlyData and runner deadlocks waiting for the ChangeCipherSpec to arrive.) Change-Id: I559c96ea3a8b350067e391941231713c6edb2f78 Reviewed-on: https://boringssl-review.googlesource.com/23125 Reviewed-by: Steven Valdez <svaldez@chromium.org> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> |
||
|---|---|---|
| .. | ||
| asn1.errordata | ||
| bio.errordata | ||
| bn.errordata | ||
| cipher.errordata | ||
| CMakeLists.txt | ||
| conf.errordata | ||
| dh.errordata | ||
| digest.errordata | ||
| dsa.errordata | ||
| ec.errordata | ||
| ecdh.errordata | ||
| ecdsa.errordata | ||
| engine.errordata | ||
| err_data_generate.go | ||
| err_test.cc | ||
| err.c | ||
| evp.errordata | ||
| hkdf.errordata | ||
| internal.h | ||
| obj.errordata | ||
| pem.errordata | ||
| pkcs7.errordata | ||
| pkcs8.errordata | ||
| rsa.errordata | ||
| ssl.errordata | ||
| x509.errordata | ||
| x509v3.errordata | ||