Test empty extensions fields are omitted.

For historical reasons, TLS allows ServerHellos (and ClientHellos) without extensions to omit the extensions fields entirely. https://github.com/openssl/openssl/pull/4296 reports this is even necessary for compatibility with extension-less clients. We continue to do so, but add a test for it anyway. Change-Id: I63c2e3a5f298674eb21952fca6914dad07d7c245 Reviewed-on: https://boringssl-review.googlesource.com/19864 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-31 00:19:57 -04:00 · 2017-08-31 00:19:57 -04:00 · 0a471910b4
commit 0a471910b4
parent 2762b3542d
4 changed files with 30 additions and 0 deletions
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@ -1427,6 +1427,10 @@ type ProtocolBugs struct {
 	// and ServerHello messages to be present, but empty.
 	EmptyExtensions bool
 	// ExpectOmitExtensions, if true, causes the client to reject
 	// ServerHello messages that do not omit extensions.
 	ExpectOmitExtensions bool
 	// ExpectRecordSplitting, if true, causes application records to only be
 	// accepted if they follow a 1/n-1 record split.
 	ExpectRecordSplitting bool
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@ -579,6 +579,10 @@ NextCipherSuite:
 		return errors.New("tls: ServerHello parameters did not match HelloRetryRequest")
 	}
 	if c.config.Bugs.ExpectOmitExtensions && !serverHello.omitExtensions {
 		return errors.New("tls: ServerHello did not omit extensions")
 	}
 	hs := &clientHandshakeState{
 		c:            c,
 		serverHello:  serverHello,
--- a/ssl/test/runner/handshake_messages.go
+++ b/ssl/test/runner/handshake_messages.go
@ -974,6 +974,7 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
 	if len(data) == 0 && m.vers < VersionTLS13 {
 		// Extension data is optional before TLS 1.3.
 		m.extensions = serverExtensions{}
 		m.omitExtensions = true
 		return true
 	}
 	if len(data) < 2 {
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -12565,6 +12565,21 @@ func addExtraHandshakeTests() {
 // Test that omitted and empty extensions blocks are tolerated.
 func addOmitExtensionsTests() {
 	// Check the ExpectOmitExtensions setting works.
 	testCases = append(testCases, testCase{
 		testType: serverTest,
 		name:     "ExpectOmitExtensions",
 		config: Config{
 			MinVersion: VersionTLS12,
 			MaxVersion: VersionTLS12,
 			Bugs: ProtocolBugs{
 				ExpectOmitExtensions: true,
 			},
 		},
 		shouldFail:         true,
 		expectedLocalError: "tls: ServerHello did not omit extensions",
 	})
 	for _, ver := range tlsVersions {
 		if ver.version > VersionTLS12 {
 			continue
@ -12579,6 +12594,9 @@ func addOmitExtensionsTests() {
 				SessionTicketsDisabled: true,
 				Bugs: ProtocolBugs{
 					OmitExtensions: true,
 					// With no client extensions, the ServerHello must not have
 					// extensions. It should then omit the extensions field.
 					ExpectOmitExtensions: true,
 				},
 			},
 		})
@ -12592,6 +12610,9 @@ func addOmitExtensionsTests() {
 				SessionTicketsDisabled: true,
 				Bugs: ProtocolBugs{
 					EmptyExtensions: true,
 					// With no client extensions, the ServerHello must not have
 					// extensions. It should then omit the extensions field.
 					ExpectOmitExtensions: true,
 				},
 			},
 		})