Add test for renego client_version quirk.

In upstream's f4e1169341ad1217e670387db5b0c12d680f95f4, the client_version was made constant across renegotiations, even if the server negotiated a lower version. NSS has the same quirk, reportedly for SChannel: https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/ssl3con.c&sq=package:chromium&l=5103 Add a test to ensure we do not regress this. Change-Id: I214e062463c203b86a9bab00f8503442e1bf74fe Reviewed-on: https://boringssl-review.googlesource.com/2405 Reviewed-by: Adam Langley <agl@google.com>
2014-11-23 12:11:01 -05:00 · 2014-11-23 12:11:01 -05:00 · c44b1df459
commit c44b1df459
parent 81ea0bf538
5 changed files with 24 additions and 6 deletions
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@ -717,14 +717,8 @@ int ssl3_send_client_hello(SSL *s)
 		 * client_version in client hello and not resetting it to
 		 * the negotiated version.
 		 */
-#if 0
-		*(p++)=s->version>>8;
-		*(p++)=s->version&0xff;
-		s->client_version=s->version;
-#else
 		*(p++)=s->client_version>>8;
 		*(p++)=s->client_version&0xff;
-#endif

 		/* Random stuff */
 		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@ -577,6 +577,11 @@ type ProtocolBugs struct {
 	// CertificateRequest message. None the less, the configured set will
 	// still be enforced.
 	NoSignatureAndHashes bool
+
+	// RequireSameRenegoClientVersion, if true, causes the server
+	// to require that all ClientHellos match in offered version
+	// across a renego.
+	RequireSameRenegoClientVersion bool
 }

 func (c *Config) serverInit() {
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@ -58,6 +58,8 @@ type Conn struct {

 	srtpProtectionProfile uint16

+	clientVersion uint16
+
 	// input/output
 	in, out  halfConn     // in.Mutex < out.Mutex
 	rawInput *block       // raw input, right off the wire
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@ -162,6 +162,13 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) {
 		hs.clientHello = newClientHello
 	}

+	if config.Bugs.RequireSameRenegoClientVersion && c.clientVersion != 0 {
+		if c.clientVersion != hs.clientHello.vers {
+			return false, fmt.Errorf("tls: client offered different version on renego")
+		}
+	}
+	c.clientVersion = hs.clientHello.vers
+
 	c.vers, ok = config.mutualVersion(hs.clientHello.vers)
 	if !ok {
 		c.sendAlert(alertProtocolVersion)
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -2109,6 +2109,16 @@ func addRenegotiationTests() {
 		},
 		renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
 	})
+	testCases = append(testCases, testCase{
+		name:        "Renegotiate-SameClientVersion",
+		renegotiate: true,
+		config: Config{
+			MaxVersion: VersionTLS10,
+			Bugs: ProtocolBugs{
+				RequireSameRenegoClientVersion: true,
+			},
+		},
+	})
 }

 func addDTLSReplayTests() {