Add some tests to ensure we ignore bogus curves and ciphers.

We haven't had problems with this, but make sure it stays that way. Bogus signature algorithms are already covered. Change-Id: I085350d89d79741dba3f30fc7c9f92de16bf242a Reviewed-on: https://boringssl-review.googlesource.com/6910 Reviewed-by: David Benjamin <davidben@google.com>
2016-01-15 03:04:54 -05:00 · 2016-01-15 03:04:54 -05:00 · 241ae837f0
commit 241ae837f0
parent f6494f4928
1 changed files with 21 additions and 0 deletions
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -2289,6 +2289,16 @@ func addCipherSuiteTests() {
 		flags: []string{"-use-sparse-dh-prime"},
 	})

+	// The server must be tolerant to bogus ciphers.
+	const bogusCipher = 0x1234
+	testCases = append(testCases, testCase{
+		testType: serverTest,
+		name:     "UnknownCipher",
+		config: Config{
+			CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+		},
+	})
+
 	// versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
 	// 1.1 specific cipher suite settings. A server is setup with the given
 	// cipher lists and then a connection is made for each member of
@ -4684,6 +4694,17 @@ func addCurveTests() {
 			flags: []string{"-enable-all-curves"},
 		})
 	}
+
+	// The server must be tolerant to bogus curves.
+	const bogusCurve = 0x1234
+	testCases = append(testCases, testCase{
+		testType: serverTest,
+		name:     "UnknownCurve",
+		config: Config{
+			CipherSuites:     []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+			CurvePreferences: []CurveID{bogusCurve, CurveP256},
+		},
+	})
 }

 func addKeyExchangeInfoTests() {