We shouldn't spend human code review time checking this.
Let the computer check.
Change-Id: I6de9d733c128d833b958b0e43a52b564e8f82dd3
Reviewed-on: https://go-review.googlesource.com/c/go/+/630417
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
If Be and Le stand for big-endian and little-endian,
then they should be BE and LE.
Change-Id: I723e3962b8918da84791783d3c547638f1c9e8a9
Reviewed-on: https://go-review.googlesource.com/c/go/+/627376
Reviewed-by: Robert Griesemer <gri@google.com>
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This has the important advantage of using the system GOMODCACHE when it
exists, avoiding the download on every "go test".
While at it, also consistently use testenv.Command.
Change-Id: Ic999ffa281f6da73fe601b0feba29e60982cce3d
Reviewed-on: https://go-review.googlesource.com/c/go/+/628755
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
The existing implementation of bogo_shim_test does not support tests
that use the -expect-advertised-alpn flag or the -select-alpn flag. This
change allows bogo_shim_test to receive and enforce these flags.
Support for these flags is added in the same change because these flags are set together.
Updates #51434
Change-Id: Ia37f9e7403d4a43e6da68c16039a4bcb56ebd032
Reviewed-on: https://go-review.googlesource.com/c/go/+/595655
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Russell Webb <russell.webb@protonmail.com>
Reviewed-by: Clide Stefani <cstefani.sites@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
The existing implementation of bogo_shim_test does not support tests
that use the -no-tls1, -no-tls11, or -no-tls12 flags.
This change adds support for these flags.
Updates #51434
Change-Id: I43eaea9f5ec6da6811b150630a7dde24d108017e
Reviewed-on: https://go-review.googlesource.com/c/go/+/595775
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russell Webb <russell.webb@protonmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
The existing implementation of bogo_shim_test does not support tests
that use the expect-no-hrr flag. This change adds support for this flag.
Updates #51434
Change-Id: Iadb38fc2262783cab144a7b52904d0443e7fc2c2
Reviewed-on: https://go-review.googlesource.com/c/go/+/594835
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russell Webb <russell.webb@protonmail.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
The existing implementation of bogo_shim_test does not support tests
which use the reject-alpn or the decline-alpn flag.
This change adds support for these flags in bogo_shim_test.
Updates #51434
Updates #46310
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Change-Id: I3ff23ff4edd8f4c6c37ee6c9f2ee4689066c4e00
Reviewed-on: https://go-review.googlesource.com/c/go/+/592198
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
The existing implementation of bogo_shim_test does not support tests
that use the expect-version flag.
This change adds support for this flag.
Updates #51434.
Change-Id: Ie23fdb06d15ec0593ca58f28144e83f93ef7f200
Reviewed-on: https://go-review.googlesource.com/c/go/+/592635
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
The existing implementation logs some errors to the results file created in TestBogoSuite.
This change would additionally log json errors to the results file.
Change-Id: Ib1a6f612ed83f6c5046531ee259c4e85dd71402a
Reviewed-on: https://go-review.googlesource.com/c/go/+/591379
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Use a stat to tell the test caching infrastructure that we care about
the bogo config file.
Change-Id: Iae2336bfc45cd6a9e73cb83a3b68ade8b4f23927
Reviewed-on: https://go-review.googlesource.com/c/go/+/589155
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Use the bogo JSON output format to make the test output more readable.
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Change-Id: Ie1a67c6a031bc1d5d8b2cdfaf78d094a0967bc2a
Reviewed-on: https://go-review.googlesource.com/c/go/+/587955
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This CL adds a (very opinionated) client-side ECH implementation.
In particular, if a user configures a ECHConfigList, by setting the
Config.EncryptedClientHelloConfigList, but we determine that none of
the configs are appropriate, we will not fallback to plaintext SNI, and
will instead return an error. It is then up to the user to decide if
they wish to fallback to plaintext themselves (by removing the config
list).
Additionally if Config.EncryptedClientHelloConfigList is provided, we
will not offer TLS support lower than 1.3, since negotiating any other
version, while offering ECH, is a hard error anyway. Similarly, if a
user wishes to fallback to plaintext SNI by using 1.2, they may do so
by removing the config list.
With regard to PSK GREASE, we match the boringssl behavior, which does
not include PSK identities/binders in the outer hello when doing ECH.
If the server rejects ECH, we will return a ECHRejectionError error,
which, if provided by the server, will contain a ECHConfigList in the
RetryConfigList field containing configs that should be used if the user
wishes to retry. It is up to the user to replace their existing
Config.EncryptedClientHelloConfigList with the retry config list.
Fixes#63369
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Change-Id: I9bc373c044064221a647a388ac61624efd6bbdbf
Reviewed-on: https://go-review.googlesource.com/c/go/+/578575
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Forced the testConfig CurvePreferences to exclude X25519Kyber768Draft00
to avoid bloating the transcripts, but I manually tested it and the
tests all update and pass successfully, causing 7436 insertions(+), 3251
deletions(-).
Fixes#67061
Change-Id: If6f13bca561835777ab0889a490487b7c2366c3c
Reviewed-on: https://go-review.googlesource.com/c/go/+/586656
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Updates #54097
Change-Id: I827a5efd1736ce057b76f079466f2d9ead225898
GitHub-Last-Rev: 40af10469d85ce9f4bef4b40025589d9e44f43d6
GitHub-Pull-Request: golang/go#67321
Reviewed-on: https://go-review.googlesource.com/c/go/+/585017
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
Auto-Submit: Keith Randall <khr@golang.org>
Commit-Queue: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run the BoGo test suite.
For now a number of tests are disabled, so that we can land the shim.
Once the shim is in the tree I'll work on fixing tests, and aligning
the TLS stack with the boringssl stack.
Eventually we should also remove the --loose-errors flag.
Fixes#51434
Change-Id: Ic8339fc34552936b798acf834011a129e375750e
Reviewed-on: https://go-review.googlesource.com/c/go/+/486495
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
