Test if the ServerHello includes an unknown cipher suite.

We never had coverage for that codepath. Change-Id: Iba1b0a3ddca743745773c663995acccda9fa6970 Reviewed-on: https://boringssl-review.googlesource.com/8827 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-18 15:47:32 +02:00 · 2016-07-18 15:47:32 +02:00 · e470e66e14
commit e470e66e14
parent b62d287128
1 changed files with 25 additions and 1 deletions
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -2082,6 +2082,8 @@ func addBasicTests() {
 }

 func addCipherSuiteTests() {
+	const bogusCipher = 0xfe00
+
 	for _, suite := range testCipherSuites {
 		const psk = "12345"
 		const pskIdentity = "luggage combo"
@ -2256,6 +2258,29 @@ func addCipherSuiteTests() {
 		expectedError: ":WRONG_CIPHER_RETURNED:",
 	})

+	testCases = append(testCases, testCase{
+		name: "ServerHelloBogusCipher",
+		config: Config{
+			MaxVersion: VersionTLS12,
+			Bugs: ProtocolBugs{
+				SendCipherSuite: bogusCipher,
+			},
+		},
+		shouldFail:    true,
+		expectedError: ":UNKNOWN_CIPHER_RETURNED:",
+	})
+	testCases = append(testCases, testCase{
+		name: "ServerHelloBogusCipher-TLS13",
+		config: Config{
+			MaxVersion: VersionTLS13,
+			Bugs: ProtocolBugs{
+				SendCipherSuite: bogusCipher,
+			},
+		},
+		shouldFail:    true,
+		expectedError: ":UNKNOWN_CIPHER_RETURNED:",
+	})
+
 	testCases = append(testCases, testCase{
 		name: "WeakDH",
 		config: Config{
@ -2305,7 +2330,6 @@ func addCipherSuiteTests() {
 	})

 	// The server must be tolerant to bogus ciphers.
-	const bogusCipher = 0x1234
 	testCases = append(testCases, testCase{
 		testType: serverTest,
 		name:     "UnknownCipher",