Open duesee opened 2 years ago
I'm currently working on this.
I noticed that a large number of BoGo test cases currently fail because the BoGo runner and the Bertie shim are unable to agree on a cipher suite. The reason is, that Bertie is temporarily unable to do RSA, while the BoGo runner defaults to RSA for the TLS1.3 cipher suites and by default loads a RSA certificate for most test cases. See: https://github.com/google/boringssl/blob/ad57528d2c978543106f9b115bd0eb658f3ebdd2/ssl/test/runner/runner.go#L769 https://github.com/google/boringssl/blob/ad57528d2c978543106f9b115bd0eb658f3ebdd2/ssl/test/runner/cipher_suites.go#L56
Bertie needs to support RSA again for this large number of test cases to pass, or at least to reveal their actual failure reasons. I have verified that some test cases advance further and give different failure reasons if I force the BoGo runner to load an ECDSA certificate instead.
See https://github.com/google/boringssl/blob/master/ssl/test/PORTING.md and https://github.com/rustls/rustls/blob/main/rustls/examples/internal/bogo_shim.rs.
Issues
decrypt_handshake
should ignoreuser_canceled
warning alert (SendUserCanceledAlerts-TLS13)decrypt_handshake
doesn't handle (post-handshake) alerts (SendBogusAlertType, EmptyCertificateList-TLS13)decrypt_handshake
must handle bad records/ciphertexts (TLSFatalBadPackets, TLS13-EmptyRecords, TLS13-OnlyPadding, SkipEarlyData-OmitEarlyDataExtension-TLS13, SkipEarlyData-Interleaved-TLS13)decrypt_handshake
must handle invalid certificates (GarbageCertificate-Client-TLS13)