Prepare runner's wire/version conversions for the version extension.
This mirror's 2dc0204603f777597e2f97662e42887d1af5013f on the C side.
BUG=90
Change-Id: Iebb72df5a5ae98cb2fd8db519d973cd734ff05ea
Reviewed-on: https://boringssl-review.googlesource.com/11320
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 55bc9cc..85d4ca8 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -205,7 +205,39 @@
}
}
c.clientVersion = hs.clientHello.vers
- clientVersion := wireToVersion(c.clientVersion, c.isDTLS)
+ var clientVersion uint16
+ if c.isDTLS {
+ if hs.clientHello.vers <= 0xfefd {
+ clientVersion = VersionTLS12
+ } else if hs.clientHello.vers <= 0xfeff {
+ clientVersion = VersionTLS10
+ }
+ } else {
+ if hs.clientHello.vers >= VersionTLS13 {
+ clientVersion = VersionTLS13
+ } else if hs.clientHello.vers >= VersionTLS12 {
+ clientVersion = VersionTLS12
+ } else if hs.clientHello.vers >= VersionTLS11 {
+ clientVersion = VersionTLS11
+ } else if hs.clientHello.vers >= VersionTLS10 {
+ clientVersion = VersionTLS10
+ } else if hs.clientHello.vers >= VersionSSL30 {
+ clientVersion = VersionSSL30
+ }
+ }
+
+ if config.Bugs.NegotiateVersion != 0 {
+ c.vers = config.Bugs.NegotiateVersion
+ } else if c.haveVers && config.Bugs.NegotiateVersionOnRenego != 0 {
+ c.vers = config.Bugs.NegotiateVersionOnRenego
+ } else {
+ c.vers, ok = config.mutualVersion(clientVersion, c.isDTLS)
+ if !ok {
+ c.sendAlert(alertProtocolVersion)
+ return fmt.Errorf("tls: client offered an unsupported, maximum protocol version of %x", hs.clientHello.vers)
+ }
+ }
+ c.haveVers = true
// Reject < 1.2 ClientHellos with signature_algorithms.
if clientVersion < VersionTLS12 && len(hs.clientHello.signatureAlgorithms) > 0 {
@@ -234,19 +266,6 @@
return fmt.Errorf("tls: client offered unexpected PSK identities")
}
- if config.Bugs.NegotiateVersion != 0 {
- c.vers = config.Bugs.NegotiateVersion
- } else if c.haveVers && config.Bugs.NegotiateVersionOnRenego != 0 {
- c.vers = config.Bugs.NegotiateVersionOnRenego
- } else {
- c.vers, ok = config.mutualVersion(clientVersion, c.isDTLS)
- if !ok {
- c.sendAlert(alertProtocolVersion)
- return fmt.Errorf("tls: client offered an unsupported, maximum protocol version of %x", clientVersion)
- }
- }
- c.haveVers = true
-
var scsvFound, greaseFound bool
for _, cipherSuite := range hs.clientHello.cipherSuites {
if cipherSuite == fallbackSCSV {
@@ -311,12 +330,9 @@
config := c.config
hs.hello = &serverHelloMsg{
- isDTLS: c.isDTLS,
- vers: versionToWire(c.vers, c.isDTLS),
- }
-
- if config.Bugs.SendServerHelloVersion != 0 {
- hs.hello.vers = config.Bugs.SendServerHelloVersion
+ isDTLS: c.isDTLS,
+ vers: versionToWire(c.vers, c.isDTLS),
+ versOverride: config.Bugs.SendServerHelloVersion,
}
hs.hello.random = make([]byte, 32)
@@ -818,13 +834,10 @@
hs.hello = &serverHelloMsg{
isDTLS: c.isDTLS,
vers: versionToWire(c.vers, c.isDTLS),
+ versOverride: config.Bugs.SendServerHelloVersion,
compressionMethod: compressionNone,
}
- if config.Bugs.SendServerHelloVersion != 0 {
- hs.hello.vers = config.Bugs.SendServerHelloVersion
- }
-
hs.hello.random = make([]byte, 32)
_, err = io.ReadFull(config.rand(), hs.hello.random)
if err != nil {