Add a test for RSA ServerKeyExchange.

Ensure that the client rejects it with UNEXPECTED_MESSAGE, not by attempting to decode it. Change-Id: Ifc5613cf1152e0f7dcbee73e05df1ef367dfbfd5 Reviewed-on: https://boringssl-review.googlesource.com/2232 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos · 9114fae39e
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -505,6 +505,10 @@ type ProtocolBugs struct {
 	// stress the replay bitmap window by simulating extreme packet loss and
 	// retransmit at the record layer.
 	SequenceNumberIncrement uint64

 	// RSAServerKeyExchange, if true, causes the server to send a
 	// ServerKeyExchange message in the plain RSA key exchange.
 	RSAServerKeyExchange bool
 }

 func (c *Config) serverInit() {
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -28,6 +28,11 @@ var errServerKeyExchange = errors.New("tls: invalid ServerKeyExchange message")
 type rsaKeyAgreement struct{}

 func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
 	if config.Bugs.RSAServerKeyExchange {
 		// Send an empty ServerKeyExchange message.
 		return &serverKeyExchangeMsg{}, nil
 	}

 	return nil, nil
 }

--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -495,6 +495,17 @@ var testCases = []testCase{
 		shouldFail:    true,
 		expectedError: ":WRONG_CIPHER_RETURNED:",
 	},
 	{
 		name: "RSAServerKeyExchange",
 		config: Config{
 			CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
 			Bugs: ProtocolBugs{
 				RSAServerKeyExchange: true,
 			},
 		},
 		shouldFail:    true,
 		expectedError: ":UNEXPECTED_MESSAGE:",
 	},
 }

 func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {