Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / cecee27c9943574b213d1e045573646365169f7b^! / . / ssl / test / runner / common.go
commitcecee27c9943574b213d1e045573646365169f7b[log] [tgz]
authorDavid Benjamin <davidben@google.com>Thu Jun 30 13:33:47 2016 -0400
committerDavid Benjamin <davidben@google.com>Wed Jul 06 20:35:03 2016 +0000
tree05869abd0a18c9f2afa9cd12fee4c9fc373c58e5
parent4c3ddf7ec0b653e959bcdac8f3ce882501b9cc54 [diff] [blame]
Fix the Go code to be aware of DTLS version bounds.

Right now I believe we are testing against DTLS 1.3 ClientHellos. Fix
this in preparation for making VersionTLS13 go elsewhere in the Go code.

Unfortunately, I made the mistake of mapping DTLS 1.0 to TLS 1.0 rather
than 1.1 in Go. This does mean the names of the tests naturally work out
correctly, but we have to deal with this awkward DTLS-1.1-shaped hole in
our logic.

Change-Id: I8715582ed90acc1f08197831cae6de8d5442d028
Reviewed-on: https://boringssl-review.googlesource.com/8562
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 1012810..95c5461 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -917,18 +917,40 @@
 	return s
 }
 
-func (c *Config) minVersion() uint16 {
-	if c == nil || c.MinVersion == 0 {
-		return minVersion
+func (c *Config) minVersion(isDTLS bool) uint16 {
+	ret := uint16(minVersion)
+	if c != nil && c.MinVersion != 0 {
+		ret = c.MinVersion
 	}
-	return c.MinVersion
+	if isDTLS {
+		// The lowest version of DTLS is 1.0. There is no DSSL 3.0.
+		if ret < VersionTLS10 {
+			return VersionTLS10
+		}
+		// There is no such thing as DTLS 1.1.
+		if ret == VersionTLS11 {
+			return VersionTLS12
+		}
+	}
+	return ret
 }
 
-func (c *Config) maxVersion() uint16 {
-	if c == nil || c.MaxVersion == 0 {
-		return maxVersion
+func (c *Config) maxVersion(isDTLS bool) uint16 {
+	ret := uint16(maxVersion)
+	if c != nil && c.MaxVersion != 0 {
+		ret = c.MaxVersion
 	}
-	return c.MaxVersion
+	if isDTLS {
+		// We only implement up to DTLS 1.2.
+		if ret > VersionTLS12 {
+			return VersionTLS12
+		}
+		// There is no such thing as DTLS 1.1.
+		if ret == VersionTLS11 {
+			return VersionTLS10
+		}
+	}
+	return ret
 }
 
 var defaultCurvePreferences = []CurveID{CurveX25519, CurveP256, CurveP384, CurveP521}
@@ -942,9 +964,14 @@
 
 // mutualVersion returns the protocol version to use given the advertised
 // version of the peer.
-func (c *Config) mutualVersion(vers uint16) (uint16, bool) {
-	minVersion := c.minVersion()
-	maxVersion := c.maxVersion()
+func (c *Config) mutualVersion(vers uint16, isDTLS bool) (uint16, bool) {
+	// There is no such thing as DTLS 1.1.
+	if isDTLS && vers == VersionTLS11 {
+		vers = VersionTLS10
+	}
+
+	minVersion := c.minVersion(isDTLS)
+	maxVersion := c.maxVersion(isDTLS)
 
 	if vers < minVersion {
 		return 0, false