Add tests for CVE-2014-3511.

Also change MaxHandshakeRecordLength to 1 in the handshake coverage tests to better stress the state machine. Change-Id: I27fce2c000b3d4818fd2e9a47fb09d3f646dd1bd Reviewed-on: https://boringssl-review.googlesource.com/1452 Reviewed-by: Adam Langley <agl@google.com>
2014-08-07 18:02:39 -04:00 · 2014-08-07 18:02:39 -04:00 · 9821454f2b
commit 9821454f2b
parent 7e2e6cf1a0
3 changed files with 29 additions and 3 deletions
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@ -393,10 +393,15 @@ type ProtocolBugs struct {
 	SendFallbackSCSV bool

 	// MaxHandshakeRecordLength, if non-zero, is the maximum size of a
-	// handshake record. Handshake messages will be split at the record
-	// layer.
+	// handshake record. Handshake messages will be split into multiple
+	// records at the specified size, except that the client_version will
+	// never be fragmented.
 	MaxHandshakeRecordLength int

+	// FragmentClientVersion will allow MaxHandshakeRecordLength to apply to
+	// the first 6 bytes of the ClientHello.
+	FragmentClientVersion bool
+
 	// RsaClientKeyExchangeVersion, if non-zero, causes the client to send a
 	// ClientKeyExchange with the specified version rather than the
 	// client_version when performing the RSA key exchange.
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@ -714,6 +714,8 @@ func (c *Conn) writeV2Record(data []byte) (n int, err error) {
 // c.out.Mutex <= L.
 func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) {
 	b := c.out.newBlock()
+	first := true
+	isClientHello := typ == recordTypeHandshake && len(data) > 0 && data[0] == typeClientHello
 	for len(data) > 0 {
 		m := len(data)
 		if m > maxPlaintext {
@ -721,9 +723,16 @@ func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) {
 		}
 		if typ == recordTypeHandshake && c.config.Bugs.MaxHandshakeRecordLength > 0 && m > c.config.Bugs.MaxHandshakeRecordLength {
 			m = c.config.Bugs.MaxHandshakeRecordLength
+			// By default, do not fragment the client_version or
+			// server_version, which are located in the first 6
+			// bytes.
+			if first && isClientHello && !c.config.Bugs.FragmentClientVersion && m < 6 {
+				m = 6
+			}
 		}
 		explicitIVLen := 0
 		explicitIVIsSeq := false
+		first = false

 		var cbc cbcMode
 		if c.out.version >= VersionTLS11 {
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -383,6 +383,18 @@ var testCases = []testCase{
 			},
 		},
 	},
+	{
+		testType: serverTest,
+		name:     "FragmentedClientVersion",
+		config: Config{
+			Bugs: ProtocolBugs{
+				MaxHandshakeRecordLength: 1,
+				FragmentClientVersion:    true,
+			},
+		},
+		shouldFail:    true,
+		expectedError: ":RECORD_TOO_SMALL:",
+	},
 }

 func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int) error {
@ -863,7 +875,7 @@ func addStateMachineCoverageTests(async bool, splitHandshake bool) {
 	}
 	if splitHandshake {
 		suffix += "-SplitHandshakeRecords"
-		maxHandshakeRecordLength = 10
+		maxHandshakeRecordLength = 1
 	}

 	// Basic handshake, with resumption. Client and server.