Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update for draft -22 and client support #2

Merged
merged 15 commits into from
Dec 16, 2017
Merged

Update for draft -22 and client support #2

merged 15 commits into from
Dec 16, 2017

Conversation

Lekensteyn
Copy link
Collaborator

Main changes:

  • draft22 support (updated vendored bogo copy).
  • added SSLKEYLOGFILE support to assist in debugging
  • documented and disabled tests that are not applicable or not implemented yet in tris (majority of the commits)

This branch is used by the current master branch in tris.

@Lekensteyn
shim: support -min-version and -max-version
e12c7d5 
Required for test case RSA-PSS-Default-Sign which is currently the only
test that fails with tls-tris.
@Lekensteyn
Enable client tests
3b70371 
Tested with the initial tls-tris client support branch which includes
basic RSASSA-PSS support. Coverage changed from ... to ...:

    0/3509/3692/3692/4136
    0/2784/3195/3195/4136
@Lekensteyn
Improve description for some disabled tests
ae4cad4
@Lekensteyn
Fold LargeRecord tests
57e3e08 
See cloudflare/tls-tris#46, current
implementations may send one byte too much since they do not include the
content type in the calculation.
@Lekensteyn
Fixed BadCBCPadding255 test
961b387 
https://go-review.googlesource.com/c/go/+/68070
@Lekensteyn
Document TLS13-WrongOuterRecord
3fbd902 
The spec only says that the "opaque_type" field is always set to 23
(application_data), but that is not a MUST check.

cloudflare/tls-tris#47
@Lekensteyn
Fixed PartialEncryptedExtensionsWithServerHello test
742b5b3 
Problem was in the TLS 1.3 client implementation of tls-tris, fixed in:
"crypto/tls: prevent handshake messages crossing key boundaries"
@Lekensteyn
Fixes LargeMessage test
3726fac 
Fixed in tls-tris: "crypto/tls: accept 2^14+1 TLSInnerPlaintext"
@Lekensteyn
Add keylog file support for debugging
d4993a8 
Normally this environment variable is not set, but when it is, it allows
inspection of the IPC with Wireshark.
@Lekensteyn
Update bogo to latest version for draft22 tests
2eb6f2a
@Lekensteyn
Disable PSS test for TLS 1.2, disable unknown extension client test
fc9d5b3 
PSS test is disabled because its implementation is not accepted yet
(https://go-review.googlesource.com/c/go/+/79738). Do not check for
UnknownUnencryptedExtension-Client-TLS13, the client currently does not
check for extensions that it did not advertise.
@Lekensteyn
Disable SupportedVersionSelection-TLS13 test
3f5e87d 
This test checks for a handshake failure when the server sends
supported_versions, but draft 22 will start using this extension. Do not
bother checking for it.
@Lekensteyn
Update bogo to final draft 22
e74f36b
@Lekensteyn
Make bogo advertise and test only for draft 22
81cc32b 
Current bogo tests for draft18, patch that to use draft22. Patch from
https://boringssl-review.googlesource.com/c/boringssl/+/23704/2

Upstream commit e1068b76bd1d7f6ea06c90faa523ad8d562ec11b ("Test RSA
premaster unpad better.") added another version-specific test, disable
that since no protection is implemented.
@Lekensteyn
Merge branch 'client-tests' into draft22-client
f9729b5
@Lekensteyn Lekensteyn mentioned this pull request Dec 15, 2017
Closed
FiloSottile
FiloSottile approved these changes Dec 16, 2017
View reviewed changes
Copy link
Owner

@FiloSottile FiloSottile left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wonderful, thank you!

And thanks for including vendor/bogo-draft22.diff.

@FiloSottile FiloSottile merged commit 631e73e into master Dec 16, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FiloSottile FiloSottile FiloSottile approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Lekensteyn @FiloSottile