Make bogo advertise and test only for draft 22

Current bogo tests for draft18, patch that to use draft22. Patch from
https://boringssl-review.googlesource.com/c/boringssl/+/23704/2

Upstream commit e1068b76bd1d7f6ea06c90faa523ad8d562ec11b ("Test RSA
premaster unpad better.") added another version-specific test, disable
that since no protection is implemented.
This commit is contained in:
Peter Wu 2017-12-01 18:11:01 +00:00
parent e74f36ba09
commit 81cc32b846
3 changed files with 84 additions and 38 deletions

View File

@ -8,7 +8,8 @@
"*-NoTickets-*": "Session IDs not supported",
"*-AES256-SHA384-*": "AES256-CBC-SHA384 not supported",
"BadRSAClientKeyExchange-4": "See comment in processClientKeyExchange",
"BadRSAClientKeyExchange-4": "case RSABadValueWrongVersion1 - See comment in processClientKeyExchange",
"BadRSAClientKeyExchange-5": "case RSABadValueWrongVersion2 - See comment in processClientKeyExchange",
"GREASE-Server-TLS13": "TODO",
"DuplicateExtensionServer-*": "TODO",

79
vendor/bogo-draft22.diff vendored Normal file
View File

@ -0,0 +1,79 @@
diff --git a/vendor/github.com/google/boringssl/ssl/test/runner/runner.go b/vendor/github.com/google/boringssl/ssl/test/runner/runner.go
index 8700af2..6084f42 100644
--- a/vendor/github.com/google/boringssl/ssl/test/runner/runner.go
+++ b/vendor/github.com/google/boringssl/ssl/test/runner/runner.go
@@ -540,6 +540,7 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr
if test.tls13Variant != 0 {
config.TLS13Variant = test.tls13Variant
}
+ config.TLS13Variant = TLS13Draft22
conn = &timeoutConn{conn, *idleTimeout}
@@ -1297,20 +1298,6 @@ var tlsVersions = []tlsVersion{
hasDTLS: true,
versionDTLS: VersionDTLS12,
},
- {
- name: "TLS13",
- version: VersionTLS13,
- excludeFlag: "-no-tls13",
- versionWire: tls13DraftVersion,
- tls13Variant: TLS13Default,
- },
- {
- name: "TLS13Draft21",
- version: VersionTLS13,
- excludeFlag: "-no-tls13",
- versionWire: tls13Draft21Version,
- tls13Variant: TLS13Draft21,
- },
{
name: "TLS13Draft22",
version: VersionTLS13,
@@ -1318,27 +1305,6 @@ var tlsVersions = []tlsVersion{
versionWire: tls13Draft22Version,
tls13Variant: TLS13Draft22,
},
- {
- name: "TLS13Experiment",
- version: VersionTLS13,
- excludeFlag: "-no-tls13",
- versionWire: tls13ExperimentVersion,
- tls13Variant: TLS13Experiment,
- },
- {
- name: "TLS13Experiment2",
- version: VersionTLS13,
- excludeFlag: "-no-tls13",
- versionWire: tls13Experiment2Version,
- tls13Variant: TLS13Experiment2,
- },
- {
- name: "TLS13Experiment3",
- version: VersionTLS13,
- excludeFlag: "-no-tls13",
- versionWire: tls13Experiment3Version,
- tls13Variant: TLS13Experiment3,
- },
}
func allVersions(protocol protocol) []tlsVersion {
@@ -5485,7 +5451,7 @@ func addVersionNegotiationTests() {
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
- SendServerSupportedExtensionVersion: tls13DraftVersion,
+ SendServerSupportedExtensionVersion: tls13Draft22Version,
},
},
shouldFail: true,
@@ -5499,7 +5465,7 @@ func addVersionNegotiationTests() {
name: "IgnoreClientVersionOrder",
config: Config{
Bugs: ProtocolBugs{
- SendSupportedVersions: []uint16{VersionTLS12, tls13DraftVersion},
+ SendSupportedVersions: []uint16{VersionTLS12, tls13Draft22Version},
},
},
expectedVersion: VersionTLS13,

View File

@ -540,6 +540,7 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr
if test.tls13Variant != 0 {
config.TLS13Variant = test.tls13Variant
}
config.TLS13Variant = TLS13Draft22
conn = &timeoutConn{conn, *idleTimeout}
@ -1297,20 +1298,6 @@ var tlsVersions = []tlsVersion{
hasDTLS: true,
versionDTLS: VersionDTLS12,
},
{
name: "TLS13",
version: VersionTLS13,
excludeFlag: "-no-tls13",
versionWire: tls13DraftVersion,
tls13Variant: TLS13Default,
},
{
name: "TLS13Draft21",
version: VersionTLS13,
excludeFlag: "-no-tls13",
versionWire: tls13Draft21Version,
tls13Variant: TLS13Draft21,
},
{
name: "TLS13Draft22",
version: VersionTLS13,
@ -1318,27 +1305,6 @@ var tlsVersions = []tlsVersion{
versionWire: tls13Draft22Version,
tls13Variant: TLS13Draft22,
},
{
name: "TLS13Experiment",
version: VersionTLS13,
excludeFlag: "-no-tls13",
versionWire: tls13ExperimentVersion,
tls13Variant: TLS13Experiment,
},
{
name: "TLS13Experiment2",
version: VersionTLS13,
excludeFlag: "-no-tls13",
versionWire: tls13Experiment2Version,
tls13Variant: TLS13Experiment2,
},
{
name: "TLS13Experiment3",
version: VersionTLS13,
excludeFlag: "-no-tls13",
versionWire: tls13Experiment3Version,
tls13Variant: TLS13Experiment3,
},
}
func allVersions(protocol protocol) []tlsVersion {
@ -5485,7 +5451,7 @@ func addVersionNegotiationTests() {
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
SendServerSupportedExtensionVersion: tls13DraftVersion,
SendServerSupportedExtensionVersion: tls13Draft22Version,
},
},
shouldFail: true,
@ -5499,7 +5465,7 @@ func addVersionNegotiationTests() {
name: "IgnoreClientVersionOrder",
config: Config{
Bugs: ProtocolBugs{
SendSupportedVersions: []uint16{VersionTLS12, tls13DraftVersion},
SendSupportedVersions: []uint16{VersionTLS12, tls13Draft22Version},
},
},
expectedVersion: VersionTLS13,