Navigation Menu

Skip to content

Commit

Permalink
Bug 1311688 - Implement the BoGo test flag -min-version r=ekr
Browse files Browse the repository at this point in the history
  • Loading branch information
@jld
jld committed Nov 29, 2016
1 parent c609920 commit 622d905
Showing 1 changed file with 53 additions and 16 deletions.
69 changes: 53 additions & 16 deletions gtests/nss_bogo_shim/nss_bogo_shim.cc
View file
Expand Up @@ -15,6 +15,7 @@
#include "ssl.h"
#include "sslerr.h"
#include "sslproto.h"
#include "ssl3prot.h"

#include "nsskeys.h"

Expand Down Expand Up @@ -152,33 +153,66 @@ class TestAgent {
return true;
}

bool GetVersionRange(SSLVersionRange* range_out, SSLProtocolVariant variant) {
SSLVersionRange supported;
if (SSL_VersionRangeGetSupported(variant, &supported) != SECSuccess) {
return false;
static bool ConvertFromWireVersion(SSLProtocolVariant variant,
int wire_version,
uint16_t* lib_version) {
// These default values are used when {min,max}-version isn't given.
if (wire_version == 0 || wire_version == 0xffff) {
*lib_version = static_cast<uint16_t>(wire_version);
return true;
}

#ifdef TLS_1_3_DRAFT_VERSION
if (wire_version == (0x7f00 | TLS_1_3_DRAFT_VERSION)) {
// N.B. SSL_LIBRARY_VERSION_DTLS_1_3_WIRE == SSL_LIBRARY_VERSION_TLS_1_3
wire_version = SSL_LIBRARY_VERSION_TLS_1_3;
}
#endif

auto max_allowed = static_cast<uint16_t>(cfg_.get<int>("max-version"));
if (variant == ssl_variant_datagram) {
// For DTLS this is the wire version; adjust if needed.
switch (max_allowed) {
switch (wire_version) {
case SSL_LIBRARY_VERSION_DTLS_1_0_WIRE:
max_allowed = SSL_LIBRARY_VERSION_DTLS_1_0;
*lib_version = SSL_LIBRARY_VERSION_DTLS_1_0;
break;
case SSL_LIBRARY_VERSION_DTLS_1_2_WIRE:
max_allowed = SSL_LIBRARY_VERSION_DTLS_1_2;
*lib_version = SSL_LIBRARY_VERSION_DTLS_1_2;
break;
case SSL_LIBRARY_VERSION_DTLS_1_3_WIRE:
max_allowed = SSL_LIBRARY_VERSION_DTLS_1_3;
break;
case 0xffff: // No maximum specified.
*lib_version = SSL_LIBRARY_VERSION_DTLS_1_3;
break;
default:
// Unrecognized DTLS version.
std::cerr << "Unrecognized DTLS version " << wire_version << ".\n";
return false;
}
} else {
if (wire_version < SSL_LIBRARY_VERSION_3_0 ||
wire_version > SSL_LIBRARY_VERSION_TLS_1_3) {
std::cerr << "Unrecognized TLS version " << wire_version << ".\n";
return false;
}
*lib_version = static_cast<uint16_t>(wire_version);
}
return true;
}

bool GetVersionRange(SSLVersionRange* range_out, SSLProtocolVariant variant) {
SSLVersionRange supported;
if (SSL_VersionRangeGetSupported(variant, &supported) != SECSuccess) {
return false;
}

uint16_t min_allowed;
uint16_t max_allowed;
if (!ConvertFromWireVersion(variant, cfg_.get<int>("min-version"),
&min_allowed)) {
return false;
}
if (!ConvertFromWireVersion(variant, cfg_.get<int>("max-version"),
&max_allowed)) {
return false;
}

min_allowed = std::max(min_allowed, supported.min);
max_allowed = std::min(max_allowed, supported.max);

bool found_min = false;
Expand All @@ -199,7 +233,7 @@ class TestAgent {
}
}

if (version < supported.min) {
if (version < min_allowed) {
continue;
}
if (version > max_allowed) {
Expand All @@ -220,12 +254,14 @@ class TestAgent {
}
}
if (found_max && allowed) {
// Discontiguous range.
std::cerr << "Discontiguous version range.\n";
return false;
}
}

// Iff found_min is still false, no usable version was found.
if (!found_min) {
std::cerr << "All versions disabled.\n";
}
return found_min;
}

Expand Down Expand Up @@ -354,6 +390,7 @@ std::unique_ptr<const Config> ReadConfig(int argc, char** argv) {
cfg->AddEntry<int>("resume-count", 0);
cfg->AddEntry<std::string>("key-file", "");
cfg->AddEntry<std::string>("cert-file", "");
cfg->AddEntry<int>("min-version", 0);
cfg->AddEntry<int>("max-version", 0xffff);
for (auto flag : kVersionDisableFlags) {
cfg->AddEntry<bool>(flag, false);
Expand Down

0 comments on commit 622d905

Please sign in to comment.