[go] crypto/tls: add support for cipher flags to bogo_shim_test
15 views
Skip to first unread message
Clide Stefani (Gerrit)
Jul 11, 2024, 9:51:39 PM7/11/24
to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Clide Stefani has uploaded the change for review![]( "Open in Gerrit")
Commit message
crypto/tls: add support for cipher flags to bogo_shim_test
The existing implementation of bogo_shim_test does not support test
flags that check the tls cipher. This change allows bogo_shim_test
to receive and enforce the flags -expect-cipher-aes,
-expect-cipher-no-aes, -on-initial-expect-cipher,
-on-resume-expect-cipher, and -on-retry-expect-cipher.
Updates #51434
Change-Id: I660a8eb626a524370af8898159b067420a89ce16
Change diff
diff --git a/src/crypto/tls/bogo_shim_test.go b/src/crypto/tls/bogo_shim_test.go
index f481a5a..473971e 100644
--- a/src/crypto/tls/bogo_shim_test.go
+++ b/src/crypto/tls/bogo_shim_test.go
@@ -48,6 +48,12 @@
curves = flagStringSlice("curves", "")
expectedCurve = flag.String("expect-curve-id", "", "")
+ expectCipherAes = flag.Int("expect-cipher-aes", 0, "")
+ expectCipherNoAes = flag.Int("expect-cipher-no-aes", 0, "")
+ onInitialExpectCipher = flag.Int("on-initial-expect-cipher", 0, "")
+ onResumeExpectCipher = flag.Int("on-resume-expect-cipher", 0, "")
+ onRetryExpectCipher = flag.Int("on-retry-expect-cipher", 0, "")
+
shimID = flag.Uint64("shim-id", 0, "")
_ = flag.Bool("ipv6", false, "")
@@ -261,6 +267,21 @@
cs := tlsConn.ConnectionState()
if cs.HandshakeComplete {
+ if i == 0 && *onInitialExpectCipher != 0 && uint16(*onInitialExpectCipher) != cs.CipherSuite {
+ log.Fatalf("expected initial cipher %#v but got %#v", uint16(*onInitialExpectCipher), cs.CipherSuite)
+ }
+ if i == 0 && *onResumeExpectCipher != 0 && uint16(*onResumeExpectCipher) == cs.CipherSuite {
+ log.Fatalf("expected on resume cipher %#v but got %#v", uint16(*onResumeExpectCipher), cs.CipherSuite)
+ }
+ if i == 1 && *onRetryExpectCipher != 0 && uint16(*onRetryExpectCipher) != cs.CipherSuite {
+ log.Fatalf("expected on retry cipher %#v but got %#v", uint16(*onRetryExpectCipher), cs.CipherSuite)
+ }
+ if *expectCipherAes != 0 && uint16(*expectCipherAes) != cs.CipherSuite {
+ log.Fatalf("expected aes cipher %v but got %v", expectCipherAes, cs.CipherSuite)
+ }
+ if *expectCipherNoAes != 0 && uint16(*expectCipherAes) != cs.CipherSuite {
+ log.Fatalf("expected non-aes cipher %v but got %v", expectCipherNoAes, cs.CipherSuite)
+ }
if *expectALPN != "" && cs.NegotiatedProtocol != *expectALPN {
log.Fatalf("unexpected protocol negotiated: want %q, got %q", *expectALPN, cs.NegotiatedProtocol)
}
Change information
Files:
- M src/crypto/tls/bogo_shim_test.go
Change size: S
Delta: 1 file changed, 21 insertions(+), 0 deletions(-)
Related details
Attention set is empty
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Russell Webb (Gerrit)
Jul 14, 2024, 2:35:21 AM7/14/24
to Clide Stefani, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Attention needed from Clide Stefani
Russell Webb added 1 comment![]( "Open in Gerrit")
File src/crypto/tls/bogo_shim_test.go
Line 273, Patchset 1 (Latest):
if i == 0 && *onResumeExpectCipher != 0 && uint16(*onResumeExpectCipher) == cs.CipherSuite {Russell Webb . unresolved
I'm surprised this is i == 0, given that i is counting up to resumeCount. Should it be > 0?
Related details
Attention is currently required from:
- Clide Stefani
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Clide Stefani (Gerrit)
Jul 15, 2024, 1:28:15 PM7/15/24
to goph...@pubsubhelper.golang.org, Russell Webb, golang-co...@googlegroups.com
Attention needed from Russell Webb
Clide Stefani added 1 comment![]( "Open in Gerrit")
File src/crypto/tls/bogo_shim_test.go
Line 273, Patchset 1:
if i == 0 && *onResumeExpectCipher != 0 && uint16(*onResumeExpectCipher) == cs.CipherSuite {Russell Webb . unresolved
I'm surprised this is i == 0, given that i is counting up to resumeCount. Should it be > 0?
Clide Stefani
Yes, I think you are right. I have also fixed some other issues with the logic in this CL.
Related details
Attention is currently required from:
- Russell Webb
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Clide Stefani (Gerrit)
Jul 15, 2024, 1:28:15 PM7/15/24
to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Attention needed from Russell Webb
Clide Stefani uploaded new patchset![]( "Open in Gerrit")
Clide Stefani uploaded patch set #2 to this change.
Related details
Attention is currently required from:
- Russell Webb
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Clide Stefani (Gerrit)
Jul 15, 2024, 1:29:17 PM7/15/24
to goph...@pubsubhelper.golang.org, Russell Webb, golang-co...@googlegroups.com
Attention needed from Russell Webb
Clide Stefani added 1 comment![]( "Open in Gerrit")
File src/crypto/tls/bogo_shim_test.go
Line 273, Patchset 1:
if i == 0 && *onResumeExpectCipher != 0 && uint16(*onResumeExpectCipher) == cs.CipherSuite {Russell Webb . resolved
Clide StefaniI'm surprised this is i == 0, given that i is counting up to resumeCount. Should it be > 0?
Yes, I think you are right. I have also fixed some other issues with the logic in this CL.
Clide Stefani
Done
Related details
Attention is currently required from:
- Russell Webb
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Clide Stefani (Gerrit)
Jul 26, 2024, 3:38:02 PM7/26/24
to goph...@pubsubhelper.golang.org, Russell Webb, golang-co...@googlegroups.com
Attention needed from Russell Webb
Message from Clide Stefani![]( "Open in Gerrit")
Set Ready For Review
Related details
Attention is currently required from:
- Russell Webb
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Russell Webb (Gerrit)
Jul 26, 2024, 4:10:12 PM7/26/24
to Clide Stefani, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Attention needed from Clide Stefani and Filippo Valsorda
Russell Webb voted and added 3 comments![]( "Open in Gerrit")
Votes added by Russell Webb
| Code-Review | +1 |
3 comments
File src/crypto/tls/bogo_shim_test.go
Line 293, Patchset 3 (Latest):
log.Fatalf("expected initial cipher %v but got %v", CipherSuiteName(uint16(*onInitialExpectCipher)), CipherSuiteName(cs.CipherSuite))Russell Webb . unresolved
Optional: Pull this out as a cipherSuiteName variable.
Line 292, Patchset 3 (Latest):
if *onInitialExpectCipher != 0 && i == 0 && uint16(*onInitialExpectCipher) != cs.CipherSuite {
log.Fatalf("expected initial cipher %v but got %v", CipherSuiteName(uint16(*onInitialExpectCipher)), CipherSuiteName(cs.CipherSuite))
} else if *onResumeExpectCipher != 0 && cs.DidResume && uint16(*onResumeExpectCipher) != cs.CipherSuite {
log.Fatalf("expected on resume cipher %v but got %v", CipherSuiteName(uint16(*onResumeExpectCipher)), CipherSuiteName(cs.CipherSuite))
} else if *onRetryExpectCipher != 0 && cs.testingOnlyDidHRR && uint16(*onRetryExpectCipher) != cs.CipherSuite {
log.Fatalf("expected on retry cipher %v but got %v", CipherSuiteName(uint16(*onRetryExpectCipher)), CipherSuiteName(cs.CipherSuite))
}Russell Webb . resolved
In a subsequent CL, I'd like to see all of the "only check this for initial", "only check this for resume", "only check this for retry" checks pulled into three blocks.
Line 308, Patchset 3 (Latest):
if *expectVersion != 0 && cs.Version != uint16(*expectVersion) {
log.Fatalf("expected ssl version %q, got %q", uint16(*expectVersion), cs.Version)
}Russell Webb . unresolved
Optional: Hold off on making this change to help clarify that it's not related to the broader purpose of this CL.
Related details
Attention is currently required from:
- Clide Stefani
- Filippo Valsorda
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Clide Stefani (Gerrit)
Jul 29, 2024, 11:18:37 AM7/29/24
to goph...@pubsubhelper.golang.org, Russell Webb, golang-co...@googlegroups.com
Attention needed from Filippo Valsorda and Russell Webb
Clide Stefani added 3 comments![]( "Open in Gerrit")
File src/crypto/tls/bogo_shim_test.go
Line 293, Patchset 3:
log.Fatalf("expected initial cipher %v but got %v", CipherSuiteName(uint16(*onInitialExpectCipher)), CipherSuiteName(cs.CipherSuite))Russell Webb . resolved
Optional: Pull this out as a cipherSuiteName variable.
Clide Stefani
Acknowledged
Line 292, Patchset 3:
if *onInitialExpectCipher != 0 && i == 0 && uint16(*onInitialExpectCipher) != cs.CipherSuite {
log.Fatalf("expected initial cipher %v but got %v", CipherSuiteName(uint16(*onInitialExpectCipher)), CipherSuiteName(cs.CipherSuite))
} else if *onResumeExpectCipher != 0 && cs.DidResume && uint16(*onResumeExpectCipher) != cs.CipherSuite {
log.Fatalf("expected on resume cipher %v but got %v", CipherSuiteName(uint16(*onResumeExpectCipher)), CipherSuiteName(cs.CipherSuite))
} else if *onRetryExpectCipher != 0 && cs.testingOnlyDidHRR && uint16(*onRetryExpectCipher) != cs.CipherSuite {
log.Fatalf("expected on retry cipher %v but got %v", CipherSuiteName(uint16(*onRetryExpectCipher)), CipherSuiteName(cs.CipherSuite))
}Russell Webb . resolved
In a subsequent CL, I'd like to see all of the "only check this for initial", "only check this for resume", "only check this for retry" checks pulled into three blocks.
Clide Stefani
Yes, that makes sense. I think when there are more checks that rely on on checking the type of connection, it might make reading easier if they are blocked this way. I think that it makes more sense to to this in a later organizational CL.
Line 308, Patchset 3:
if *expectVersion != 0 && cs.Version != uint16(*expectVersion) {
log.Fatalf("expected ssl version %q, got %q", uint16(*expectVersion), cs.Version)
}Russell Webb . resolved
Optional: Hold off on making this change to help clarify that it's not related to the broader purpose of this CL.
Attention is currently required from:
- Filippo Valsorda
- Russell Webb
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Clide Stefani (Gerrit)
Jul 29, 2024, 11:18:38 AM7/29/24
to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Attention needed from Filippo Valsorda and Russell Webb
Clide Stefani uploaded new patchset![]( "Open in Gerrit")
Clide Stefani uploaded patch set #4 to this change.
Related details
Attention is currently required from:
- Filippo Valsorda
- Russell Webb
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Roland Shoemaker (Gerrit)
Aug 23, 2024, 4:00:11 PM8/23/24
to Clide Stefani, goph...@pubsubhelper.golang.org, Russell Webb, golang-co...@googlegroups.com
Attention needed from Clide Stefani and Filippo Valsorda
Roland Shoemaker voted![]( "Open in Gerrit")
Attention is currently required from:
- Clide Stefani
- Filippo Valsorda
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Cherry Mui (Gerrit)
Aug 23, 2024, 8:56:09 PM8/23/24
to Clide Stefani, goph...@pubsubhelper.golang.org, Go LUCI, Roland Shoemaker, Russell Webb, golang-co...@googlegroups.com
Attention needed from Clide Stefani and Filippo Valsorda
Cherry Mui voted Code-Review+1![]( "Open in Gerrit")
| Code-Review | +1 |
Related details
Attention is currently required from:
- Clide Stefani
- Filippo Valsorda
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Filippo Valsorda (Gerrit)
May 23, 2025, 2:05:06 PMMay 23
to Clide Stefani, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Attention needed from Clide Stefani, Daniel McCarney and Filippo Valsorda
Filippo Valsorda uploaded new patchset![]( "Open in Gerrit")
Filippo Valsorda uploaded patch set #5 to the change originally created by Clide Stefani.
Following approvals got outdated and were removed:
- TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI
Related details
Attention is currently required from:
- Clide Stefani
- Daniel McCarney
- Filippo Valsorda
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Daniel McCarney (Gerrit)
May 23, 2025, 2:49:50 PMMay 23
to Clide Stefani, goph...@pubsubhelper.golang.org, Go LUCI, Cherry Mui, Roland Shoemaker, Russell Webb, golang-co...@googlegroups.com
Attention needed from Clide Stefani and Filippo Valsorda
Daniel McCarney added 2 comments![]( "Open in Gerrit")
Commit Message
Line 14, Patchset 5 (Latest):
Updates #51434File src/crypto/tls/bogo_shim_test.go
Line 448, Patchset 5 (Latest):
if *onInitialExpectCipher != 0 && i == 0 && uint16(*onInitialExpectCipher) != cs.CipherSuite {Daniel McCarney . unresolved
I had tried to revive this CR as well (and then lost track of it, oops) and @rol...@golang.org left some feedback that I think might also apply here. See https://go-review.googlesource.com/c/go/+/650738
Related details
Attention is currently required from:
- Clide Stefani
- Filippo Valsorda
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages