Make bogo advertise and test only for draft 22
Current bogo tests for draft18, patch that to use draft22. Patch from https://boringssl-review.googlesource.com/c/boringssl/+/23704/2 Upstream commit e1068b76bd1d7f6ea06c90faa523ad8d562ec11b ("Test RSA premaster unpad better.") added another version-specific test, disable that since no protection is implemented.
This commit is contained in:
Peter Wu
Filippo Valsorda
parent
e2b91783a7
commit
631e73e16f
@ -10,7 +10,8 @@
|
|||||||
"*-AES256-SHA256-*": "AES256-CBC-SHA256 not supported",
|
"*-AES256-SHA256-*": "AES256-CBC-SHA256 not supported",
|
||||||
"*-AES256-SHA384-*": "AES256-CBC-SHA384 not supported",
|
"*-AES256-SHA384-*": "AES256-CBC-SHA384 not supported",
|
||||||
|
|
||||||
"BadRSAClientKeyExchange-4": "See comment in processClientKeyExchange",
|
"BadRSAClientKeyExchange-4": "case RSABadValueWrongVersion1 - See comment in processClientKeyExchange",
|
||||||
|
"BadRSAClientKeyExchange-5": "case RSABadValueWrongVersion2 - See comment in processClientKeyExchange",
|
||||||
|
|
||||||
"GREASE-Server-TLS13": "TODO",
|
"GREASE-Server-TLS13": "TODO",
|
||||||
"DuplicateExtensionServer-*": "TODO",
|
"DuplicateExtensionServer-*": "TODO",
|
||||||
|
|||||||
79
vendor/bogo-draft22.diff
vendored
Normal file
79
vendor/bogo-draft22.diff
vendored
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
diff --git a/vendor/github.com/google/boringssl/ssl/test/runner/runner.go b/vendor/github.com/google/boringssl/ssl/test/runner/runner.go
|
||||||
|
index 8700af2..6084f42 100644
|
||||||
|
--- a/vendor/github.com/google/boringssl/ssl/test/runner/runner.go
|
||||||
|
+++ b/vendor/github.com/google/boringssl/ssl/test/runner/runner.go
|
||||||
|
@@ -540,6 +540,7 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr
|
||||||
|
if test.tls13Variant != 0 {
|
||||||
|
config.TLS13Variant = test.tls13Variant
|
||||||
|
}
|
||||||
|
+ config.TLS13Variant = TLS13Draft22
|
||||||
|
|
||||||
|
conn = &timeoutConn{conn, *idleTimeout}
|
||||||
|
|
||||||
|
@@ -1297,20 +1298,6 @@ var tlsVersions = []tlsVersion{
|
||||||
|
hasDTLS: true,
|
||||||
|
versionDTLS: VersionDTLS12,
|
||||||
|
},
|
||||||
|
- {
|
||||||
|
- name: "TLS13",
|
||||||
|
- version: VersionTLS13,
|
||||||
|
- excludeFlag: "-no-tls13",
|
||||||
|
- versionWire: tls13DraftVersion,
|
||||||
|
- tls13Variant: TLS13Default,
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- name: "TLS13Draft21",
|
||||||
|
- version: VersionTLS13,
|
||||||
|
- excludeFlag: "-no-tls13",
|
||||||
|
- versionWire: tls13Draft21Version,
|
||||||
|
- tls13Variant: TLS13Draft21,
|
||||||
|
- },
|
||||||
|
{
|
||||||
|
name: "TLS13Draft22",
|
||||||
|
version: VersionTLS13,
|
||||||
|
@@ -1318,27 +1305,6 @@ var tlsVersions = []tlsVersion{
|
||||||
|
versionWire: tls13Draft22Version,
|
||||||
|
tls13Variant: TLS13Draft22,
|
||||||
|
},
|
||||||
|
- {
|
||||||
|
- name: "TLS13Experiment",
|
||||||
|
- version: VersionTLS13,
|
||||||
|
- excludeFlag: "-no-tls13",
|
||||||
|
- versionWire: tls13ExperimentVersion,
|
||||||
|
- tls13Variant: TLS13Experiment,
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- name: "TLS13Experiment2",
|
||||||
|
- version: VersionTLS13,
|
||||||
|
- excludeFlag: "-no-tls13",
|
||||||
|
- versionWire: tls13Experiment2Version,
|
||||||
|
- tls13Variant: TLS13Experiment2,
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- name: "TLS13Experiment3",
|
||||||
|
- version: VersionTLS13,
|
||||||
|
- excludeFlag: "-no-tls13",
|
||||||
|
- versionWire: tls13Experiment3Version,
|
||||||
|
- tls13Variant: TLS13Experiment3,
|
||||||
|
- },
|
||||||
|
}
|
||||||
|
|
||||||
|
func allVersions(protocol protocol) []tlsVersion {
|
||||||
|
@@ -5485,7 +5451,7 @@ func addVersionNegotiationTests() {
|
||||||
|
config: Config{
|
||||||
|
MaxVersion: VersionTLS13,
|
||||||
|
Bugs: ProtocolBugs{
|
||||||
|
- SendServerSupportedExtensionVersion: tls13DraftVersion,
|
||||||
|
+ SendServerSupportedExtensionVersion: tls13Draft22Version,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
shouldFail: true,
|
||||||
|
@@ -5499,7 +5465,7 @@ func addVersionNegotiationTests() {
|
||||||
|
name: "IgnoreClientVersionOrder",
|
||||||
|
config: Config{
|
||||||
|
Bugs: ProtocolBugs{
|
||||||
|
- SendSupportedVersions: []uint16{VersionTLS12, tls13DraftVersion},
|
||||||
|
+ SendSupportedVersions: []uint16{VersionTLS12, tls13Draft22Version},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedVersion: VersionTLS13,
|
||||||
40
vendor/github.com/google/boringssl/ssl/test/runner/runner.go
generated
vendored
40
vendor/github.com/google/boringssl/ssl/test/runner/runner.go
generated
vendored
@ -540,6 +540,7 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr
|
|||||||
if test.tls13Variant != 0 {
|
if test.tls13Variant != 0 {
|
||||||
config.TLS13Variant = test.tls13Variant
|
config.TLS13Variant = test.tls13Variant
|
||||||
}
|
}
|
||||||
|
config.TLS13Variant = TLS13Draft22
|
||||||
|
|
||||||
conn = &timeoutConn{conn, *idleTimeout}
|
conn = &timeoutConn{conn, *idleTimeout}
|
||||||
|
|
||||||
@ -1297,20 +1298,6 @@ var tlsVersions = []tlsVersion{
|
|||||||
hasDTLS: true,
|
hasDTLS: true,
|
||||||
versionDTLS: VersionDTLS12,
|
versionDTLS: VersionDTLS12,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
name: "TLS13",
|
|
||||||
version: VersionTLS13,
|
|
||||||
excludeFlag: "-no-tls13",
|
|
||||||
versionWire: tls13DraftVersion,
|
|
||||||
tls13Variant: TLS13Default,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "TLS13Draft21",
|
|
||||||
version: VersionTLS13,
|
|
||||||
excludeFlag: "-no-tls13",
|
|
||||||
versionWire: tls13Draft21Version,
|
|
||||||
tls13Variant: TLS13Draft21,
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
name: "TLS13Draft22",
|
name: "TLS13Draft22",
|
||||||
version: VersionTLS13,
|
version: VersionTLS13,
|
||||||
@ -1318,27 +1305,6 @@ var tlsVersions = []tlsVersion{
|
|||||||
versionWire: tls13Draft22Version,
|
versionWire: tls13Draft22Version,
|
||||||
tls13Variant: TLS13Draft22,
|
tls13Variant: TLS13Draft22,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
name: "TLS13Experiment",
|
|
||||||
version: VersionTLS13,
|
|
||||||
excludeFlag: "-no-tls13",
|
|
||||||
versionWire: tls13ExperimentVersion,
|
|
||||||
tls13Variant: TLS13Experiment,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "TLS13Experiment2",
|
|
||||||
version: VersionTLS13,
|
|
||||||
excludeFlag: "-no-tls13",
|
|
||||||
versionWire: tls13Experiment2Version,
|
|
||||||
tls13Variant: TLS13Experiment2,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "TLS13Experiment3",
|
|
||||||
version: VersionTLS13,
|
|
||||||
excludeFlag: "-no-tls13",
|
|
||||||
versionWire: tls13Experiment3Version,
|
|
||||||
tls13Variant: TLS13Experiment3,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func allVersions(protocol protocol) []tlsVersion {
|
func allVersions(protocol protocol) []tlsVersion {
|
||||||
@ -5485,7 +5451,7 @@ func addVersionNegotiationTests() {
|
|||||||
config: Config{
|
config: Config{
|
||||||
MaxVersion: VersionTLS13,
|
MaxVersion: VersionTLS13,
|
||||||
Bugs: ProtocolBugs{
|
Bugs: ProtocolBugs{
|
||||||
SendServerSupportedExtensionVersion: tls13DraftVersion,
|
SendServerSupportedExtensionVersion: tls13Draft22Version,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
shouldFail: true,
|
shouldFail: true,
|
||||||
@ -5499,7 +5465,7 @@ func addVersionNegotiationTests() {
|
|||||||
name: "IgnoreClientVersionOrder",
|
name: "IgnoreClientVersionOrder",
|
||||||
config: Config{
|
config: Config{
|
||||||
Bugs: ProtocolBugs{
|
Bugs: ProtocolBugs{
|
||||||
SendSupportedVersions: []uint16{VersionTLS12, tls13DraftVersion},
|
SendSupportedVersions: []uint16{VersionTLS12, tls13Draft22Version},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
expectedVersion: VersionTLS13,
|
expectedVersion: VersionTLS13,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user