From 6de0e539195a7f70bcded4a094ca60a8c1e67d65 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Tue, 28 Jul 2015 22:43:19 -0400
Subject: [PATCH] Add tests for bad CertificateVerify signatures.

I don't think we had coverage for this check.

Change-Id: I5e454e69c1ee9f1b9760d2ef1431170d76f78d63
Reviewed-on: https://boringssl-review.googlesource.com/5544
Reviewed-by: Adam Langley <agl@google.com>
---
 ssl/test/runner/common.go           |  4 ++++
 ssl/test/runner/handshake_client.go |  3 +++
 ssl/test/runner/runner.go           | 26 ++++++++++++++++++++++++++
 3 files changed, 33 insertions(+)

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index ddd0468d..07cb1753 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -400,6 +400,10 @@ type ProtocolBugs struct {
 	// ServerKeyExchange message should be invalid.
 	InvalidSKXSignature bool
 
+	// InvalidCertVerifySignature specifies that the signature in a
+	// CertificateVerify message should be invalid.
+	InvalidCertVerifySignature bool
+
 	// InvalidSKXCurve causes the curve ID in the ServerKeyExchange message
 	// to be wrong.
 	InvalidSKXCurve bool
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index a96cd9c1..c38334e2 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -622,6 +622,9 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 			c.sendAlert(alertInternalError)
 			return err
 		}
+		if c.config.Bugs.InvalidCertVerifySignature {
+			digest[0] ^= 0x80
+		}
 
 		switch key := c.config.Certificates[0].PrivateKey.(type) {
 		case *ecdsa.PrivateKey:
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 1121dacd..9fa394f7 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -785,6 +785,32 @@ func addBasicTests() {
 			shouldFail:    true,
 			expectedError: ":BAD_SIGNATURE:",
 		},
+		{
+			testType: serverTest,
+			name:     "BadRSASignature-ClientAuth",
+			config: Config{
+				Bugs: ProtocolBugs{
+					InvalidCertVerifySignature: true,
+				},
+				Certificates: []Certificate{getRSACertificate()},
+			},
+			shouldFail:    true,
+			expectedError: ":BAD_SIGNATURE:",
+			flags:         []string{"-require-any-client-certificate"},
+		},
+		{
+			testType: serverTest,
+			name:     "BadECDSASignature-ClientAuth",
+			config: Config{
+				Bugs: ProtocolBugs{
+					InvalidCertVerifySignature: true,
+				},
+				Certificates: []Certificate{getECDSACertificate()},
+			},
+			shouldFail:    true,
+			expectedError: ":BAD_SIGNATURE:",
+			flags:         []string{"-require-any-client-certificate"},
+		},
 		{
 			name: "BadECDSACurve",
 			config: Config{