Test that record-splitting splits records.

We probably should not have been able to land https://boringssl-review.googlesource.com/17944 without a test suppression. Change-Id: Ie47ca324f94d2f03b7d31218b0379656c070b21b Reviewed-on: https://boringssl-review.googlesource.com/17905 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-07-14 20:11:07 -04:00 · 2017-07-14 20:11:07 -04:00 · 09ed11928e
commit 09ed11928e
parent 14308731e5
4 changed files with 22 additions and 2 deletions
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@ -1389,9 +1389,13 @@ type ProtocolBugs struct {
 	// and ServerHello messages to be omitted.
 	OmitExtensions bool

-	// EmptyExtensions, if true, causese the extensions field in ClientHello
+	// EmptyExtensions, if true, causes the extensions field in ClientHello
 	// and ServerHello messages to be present, but empty.
 	EmptyExtensions bool
+
+	// ExpectRecordSplitting, if true, causes application records to only be
+	// accepted if they follow a 1/n-1 record split.
+	ExpectRecordSplitting bool
 }

 func (c *Config) serverInit() {
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@ -98,6 +98,7 @@ type Conn struct {
 	pendingFragments [][]byte // pending outgoing handshake fragments.

 	keyUpdateRequested bool
+	seenOneByteRecord  bool

 	tmp [16]byte
 }
@ -844,6 +845,13 @@ RestartReadRecord:
 		}
 		typ = encTyp
 	}
+
+	length := len(b.data[b.off:])
+	if c.config.Bugs.ExpectRecordSplitting && typ == recordTypeApplicationData && length != 1 && !c.seenOneByteRecord {
+		return 0, nil, c.in.setErrorLocked(fmt.Errorf("tls: application data records were not split"))
+	}
+
+	c.seenOneByteRecord = typ == recordTypeApplicationData && length == 1
 	return typ, b, nil
 }

--- a/ssl/test/runner/fuzzer_mode.json
+++ b/ssl/test/runner/fuzzer_mode.json
@ -48,6 +48,8 @@
    "*-EarlyData-Reject-Client": "Trial decryption does not work with the NULL cipher.",
    "*-EarlyData-RejectTicket-Client": "Trial decryption does not work with the NULL cipher.",

-    "Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info."
+    "Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info.",
+
+    "CBCRecordSplitting*": "Fuzzer mode does not implement record-splitting."
  }
 }
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -3324,6 +3324,9 @@ func addCBCSplittingTests() {
 				MaxVersion:   VersionTLS10,
 				MinVersion:   VersionTLS10,
 				CipherSuites: []uint16{t.cipher},
+				Bugs: ProtocolBugs{
+					ExpectRecordSplitting: true,
+				},
 			},
 			messageLen:    -1, // read until EOF
 			resumeSession: true,
@ -3339,6 +3342,9 @@ func addCBCSplittingTests() {
 				MaxVersion:   VersionTLS10,
 				MinVersion:   VersionTLS10,
 				CipherSuites: []uint16{t.cipher},
+				Bugs: ProtocolBugs{
+					ExpectRecordSplitting: true,
+				},
 			},
 			messageLen: -1, // read until EOF
 			flags: []string{