runner: Simplify Config.minVersion and Config.maxVersion The DTLS machinery doesn't really do anything. It's not enough to keep the range from excluding a hypothetical DTLS 1.1, and between (D)TLS 1.3 and the weird version switches, we already have to do something a little special to compute the ClientHello version. Change-Id: I2854c9332bba51257121aa0aa1b57a85c650feff Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/89470 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Lily Chen <chlily@google.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index bbdae4f..3044813 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go
@@ -2215,35 +2215,19 @@ return s } -func (c *Config) minVersion(isDTLS bool) uint16 { +func (c *Config) minVersion() uint16 { ret := uint16(minVersion) if c != nil && c.MinVersion != 0 { ret = c.MinVersion } - if isDTLS { - // The lowest version of DTLS is 1.0. There is no DSSL 3.0. - if ret < VersionTLS10 { - return VersionTLS10 - } - // There is no such thing as DTLS 1.1. - if ret == VersionTLS11 { - return VersionTLS12 - } - } return ret } -func (c *Config) maxVersion(isDTLS bool) uint16 { +func (c *Config) maxVersion() uint16 { ret := uint16(maxVersion) if c != nil && c.MaxVersion != 0 { ret = c.MaxVersion } - if isDTLS { - // There is no such thing as DTLS 1.1. - if ret == VersionTLS11 { - return VersionTLS10 - } - } return ret } @@ -2306,7 +2290,7 @@ // false. func (c *Config) isSupportedVersion(wireVers uint16, isDTLS bool) (uint16, bool) { vers, ok := wireToVersion(wireVers, isDTLS) - if !ok || c.minVersion(isDTLS) > vers || vers > c.maxVersion(isDTLS) { + if !ok || c.minVersion() > vers || vers > c.maxVersion() { return 0, false } return vers, true
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index f2f9c97..72caba4 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go
@@ -52,7 +52,8 @@ switch vers { case VersionTLS12: return VersionDTLS12 - case VersionTLS10: + case VersionTLS11, VersionTLS10: + // There is no DTLS 1.1. return VersionDTLS10 } @@ -475,8 +476,8 @@ isInner := innerHello == nil && hs.echHPKEContext != nil - minVersion := c.config.minVersion(c.isDTLS) - maxVersion := c.config.maxVersion(c.isDTLS) + minVersion := c.config.minVersion() + maxVersion := c.config.maxVersion() // The ClientHelloInner may not offer TLS 1.2 or below. requireTLS13 := isInner && !c.config.Bugs.AllowTLS12InClientHelloInner if requireTLS13 && minVersion < VersionTLS13 { @@ -2166,13 +2167,13 @@ // Check for downgrade signals in the server random, per RFC 8446, section 4.1.3. gotDowngrade := hs.serverHello.random[len(hs.serverHello.random)-8:] if !c.config.Bugs.IgnoreTLS13DowngradeRandom { - if c.config.maxVersion(c.isDTLS) >= VersionTLS13 { + if c.config.maxVersion() >= VersionTLS13 { if bytes.Equal(gotDowngrade, downgradeTLS13) { c.sendAlert(alertProtocolVersion) return false, errors.New("tls: downgrade from TLS 1.3 detected") } } - if c.vers <= VersionTLS11 && c.config.maxVersion(c.isDTLS) >= VersionTLS12 { + if c.vers <= VersionTLS11 && c.config.maxVersion() >= VersionTLS12 { if bytes.Equal(gotDowngrade, downgradeTLS12) { c.sendAlert(alertProtocolVersion) return false, errors.New("tls: downgrade from TLS 1.2 detected")
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go index 0f0feab..7dad53a 100644 --- a/ssl/test/runner/handshake_server.go +++ b/ssl/test/runner/handshake_server.go
@@ -1495,10 +1495,10 @@ // Signal downgrades in the server random, per RFC 8446, section 4.1.3. if supportsTLS13 || config.Bugs.SendTLS13DowngradeRandom { - if c.vers <= VersionTLS12 && config.maxVersion(c.isDTLS) >= VersionTLS13 { + if c.vers <= VersionTLS12 && config.maxVersion() >= VersionTLS13 { copy(hs.hello.random[len(hs.hello.random)-8:], downgradeTLS13) } - if c.vers <= VersionTLS11 && config.maxVersion(c.isDTLS) == VersionTLS12 { + if c.vers <= VersionTLS11 && config.maxVersion() == VersionTLS12 { copy(hs.hello.random[len(hs.hello.random)-8:], downgradeTLS12) } }