Unbreak SSL_total_renegotiations.

The logic to update that got removed in
https://boringssl-review.googlesource.com/4825. Add tests.

Change-Id: Idc550e8fa3ce6f69a76fa65d7651adde281edba6
Reviewed-on: https://boringssl-review.googlesource.com/6220
Reviewed-by: Matt Braithwaite <mab@google.com>
Reviewed-by: Adam Langley <alangley@gmail.com>
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_pkt.c

@@ -563,6 +563,7 @@ start:
     }
 
     /* Begin a new handshake. */
+    s->s3->total_renegotiations++;
     s->state = SSL_ST_CONNECT;
     i = s->handshake_func(s);
     if (i < 0) {

ssl/test/bssl_shim.cc

@@ -1333,6 +1333,14 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx,
     return false;
   }
 
+  if (SSL_total_renegotiations(ssl.get()) !=
+      config->expect_total_renegotiations) {
+    fprintf(stderr, "Expected %d renegotiations, got %d\n",
+            config->expect_total_renegotiations,
+            SSL_total_renegotiations(ssl.get()));
+    return false;
+  }
+
   return true;
 }
 

ssl/test/runner/runner.go

@@ -2711,6 +2711,7 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol)
 		tests = append(tests, testCase{
 			name:        "Renegotiate-Client",
 			renegotiate: true,
+			flags:       []string{"-expect-total-renegotiations", "1"},
 		})
 		// NPN on client and server; results in post-handshake message.
 		tests = append(tests, testCase{
@@ -3715,6 +3716,7 @@ func addRenegotiationTests() {
 			},
 		},
 		renegotiate: true,
+		flags:       []string{"-expect-total-renegotiations", "1"},
 	})
 	testCases = append(testCases, testCase{
 		name:        "Renegotiate-Client-EmptyExt",
@@ -3757,6 +3759,7 @@ func addRenegotiationTests() {
 				NoRenegotiationInfo: true,
 			},
 		},
+		flags: []string{"-expect-total-renegotiations", "1"},
 	})
 	testCases = append(testCases, testCase{
 		name:        "Renegotiate-Client-SwitchCiphers",
@@ -3765,6 +3768,7 @@ func addRenegotiationTests() {
 			CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
 		},
 		renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+		flags:              []string{"-expect-total-renegotiations", "1"},
 	})
 	testCases = append(testCases, testCase{
 		name:        "Renegotiate-Client-SwitchCiphers2",
@@ -3773,6 +3777,7 @@ func addRenegotiationTests() {
 			CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
 		},
 		renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
+		flags:              []string{"-expect-total-renegotiations", "1"},
 	})
 	testCases = append(testCases, testCase{
 		name:               "Renegotiate-Client-Forbidden",
@@ -3791,6 +3796,7 @@ func addRenegotiationTests() {
 				RequireSameRenegoClientVersion: true,
 			},
 		},
+		flags: []string{"-expect-total-renegotiations", "1"},
 	})
 	testCases = append(testCases, testCase{
 		name:        "Renegotiate-FalseStart",
@@ -3802,6 +3808,7 @@ func addRenegotiationTests() {
 		flags: []string{
 			"-false-start",
 			"-select-next-proto", "foo",
+			"-expect-total-renegotiations", "1",
 		},
 		shimWritesFirst: true,
 	})

ssl/test/test_config.cc

@@ -138,6 +138,7 @@ const Flag<int> kIntFlags[] = {
   { "-max-version", &TestConfig::max_version },
   { "-mtu", &TestConfig::mtu },
   { "-export-keying-material", &TestConfig::export_keying_material },
+  { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations },
 };
 
 }  // namespace

ssl/test/test_config.h

@@ -97,6 +97,7 @@ struct TestConfig {
   bool verify_peer = false;
   bool expect_verify_result = false;
   std::string signed_cert_timestamps;
+  int expect_total_renegotiations = 0;
 };
 
 bool ParseConfig(int argc, char **argv, TestConfig *out_config);