Google Git
Sign in
boringssl / boringssl / c971a961b6f413adf4374a8b2b2fbb0ef3d65e17^! / .
commitc971a961b6f413adf4374a8b2b2fbb0ef3d65e17[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Nov 27 00:50:42 2024 -0500
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Dec 05 23:18:24 2024 +0000
tree55f44a21b947bdb1f1e38cecc33168d5a0a915f4
parent873ff5c9efc0cc82eea4748b9431b278c3a92cd7 [diff]
Run TLS 1.3 per-message tests in DTLS

Bug: 42290594
Change-Id: I5d9c81ebbfb6afd8fef234a12a28360aea80c447
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/73627
Reviewed-by: Nick Harper <nharper@chromium.org>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index fd20b77..7173f92 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -14976,7 +14976,7 @@
 
 	}
 
-	for _, protocol := range []protocol{tls, quic} {
+	for _, protocol := range []protocol{tls, quic, dtls} {
 		suffix := "-" + protocol.String()
 		ret = append(ret, perMessageTest{
 			messageType: typeClientHello,
@@ -15133,14 +15133,10 @@
 		if t.test.config.MaxVersion >= VersionTLS13 && t.messageType == typeServerHello {
 			// In TLS 1.3, if the server believes it has sent ServerHello,
 			// but the client cannot process it, the client will send an
-			// unencrypted alert while the server expects encryption. In TLS,
-			// this is a decryption failure. In QUIC, the encryption levels
-			// do not match.
-			if t.test.protocol == quic {
-				t.test.expectedLocalError = "received record at initial encryption level, but expected handshake"
-			} else {
-				t.test.expectedLocalError = "local error: bad record MAC"
-			}
+			// unencrypted alert while the server expects encryption. This
+			// decryption failure is reported differently for each protocol, so
+			// leave it unchecked.
+			t.test.expectedLocalError = ""
 		}
 
 		testCases = append(testCases, t.test)
@@ -15162,14 +15158,10 @@
 		if t.test.config.MaxVersion >= VersionTLS13 && t.messageType == typeServerHello {
 			// In TLS 1.3, if the server believes it has sent ServerHello,
 			// but the client cannot process it, the client will send an
-			// unencrypted alert while the server expects encryption. In TLS,
-			// this is a decryption failure. In QUIC, the encryption levels
-			// do not match.
-			if t.test.protocol == quic {
-				t.test.expectedLocalError = "received record at initial encryption level, but expected handshake"
-			} else {
-				t.test.expectedLocalError = "local error: bad record MAC"
-			}
+			// unencrypted alert while the server expects encryption. This
+			// decryption failure is reported differently for each protocol, so
+			// leave it unchecked.
+			t.test.expectedLocalError = ""
 		}
 
 		if t.messageType == typeFinished {