Test that V2ClientHello must be the first record.

Regression tests for upstream's https://github.com/openssl/openssl/issues/1298. Also, given that we're now on our third generation of V2ClientHello handling, I'm sure we'll have a fourth and fifth and one of these days I'm going to mess this one up. :-) Change-Id: I6fd8f311ed0939fbbfd370448b637ccc06145021 Reviewed-on: https://boringssl-review.googlesource.com/9040 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-29 09:23:07 -04:00 · 2016-07-29 09:23:07 -04:00 · e97fb48fbe
commit e97fb48fbe
parent ec3cb3adbc
1 changed files with 45 additions and 0 deletions
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -2121,6 +2121,51 @@ func addBasicTests() {
 			shouldFail:    true,
 			expectedError: ":UNEXPECTED_RECORD:",
 		},
+		{
+			testType: serverTest,
+			name:     "V2ClientHello-EmptyRecordPrefix",
+			config: Config{
+				// Choose a cipher suite that does not involve
+				// elliptic curves, so no extensions are
+				// involved.
+				MaxVersion:   VersionTLS12,
+				CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
+				Bugs: ProtocolBugs{
+					SendV2ClientHello: true,
+				},
+			},
+			sendPrefix: string([]byte{
+				byte(recordTypeHandshake),
+				3, 1, // version
+				0, 0, // length
+			}),
+			// A no-op empty record may not be sent before V2ClientHello.
+			shouldFail:    true,
+			expectedError: ":WRONG_VERSION_NUMBER:",
+		},
+		{
+			testType: serverTest,
+			name:     "V2ClientHello-WarningAlertPrefix",
+			config: Config{
+				// Choose a cipher suite that does not involve
+				// elliptic curves, so no extensions are
+				// involved.
+				MaxVersion:   VersionTLS12,
+				CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
+				Bugs: ProtocolBugs{
+					SendV2ClientHello: true,
+				},
+			},
+			sendPrefix: string([]byte{
+				byte(recordTypeAlert),
+				3, 1, // version
+				0, 2, // length
+				alertLevelWarning, byte(alertDecompressionFailure),
+			}),
+			// A no-op warning alert may not be sent before V2ClientHello.
+			shouldFail:    true,
+			expectedError: ":WRONG_VERSION_NUMBER:",
+		},
 	}
 	testCases = append(testCases, basicTests...)
 }