Add SendServerHelloAsHelloRetryRequest test.

There was a case we were not covering. Change-Id: Ia8bc1b73f5db3d18afc3cdcfa249867784c3dcd2 Reviewed-on: https://boringssl-review.googlesource.com/14824 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-08 11:00:45 -04:00 · 2017-04-08 11:00:45 -04:00 · ebacdeed67
commit ebacdeed67
parent d3bca049ee
3 changed files with 29 additions and 3 deletions
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@ -1331,6 +1331,10 @@ type ProtocolBugs struct {
 	// to use when signing in TLS 1.1 and earlier where algorithms are not
 	// negotiated.
 	UseLegacySigningAlgorithm signatureAlgorithm
+
+	// SendServerHelloAsHelloRetryRequest, if true, causes the server to
+	// send ServerHello messages with a HelloRetryRequest type field.
+	SendServerHelloAsHelloRetryRequest bool
 }

 func (c *Config) serverInit() {
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@ -1001,11 +1001,17 @@ func (c *Conn) writeV2Record(data []byte) (n int, err error) {
 // to the connection and updates the record layer state.
 // c.out.Mutex <= L.
 func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) {
-	if msgType := c.config.Bugs.SendWrongMessageType; msgType != 0 {
-		if typ == recordTypeHandshake && data[0] == msgType {
+	if typ == recordTypeHandshake {
+		msgType := data[0]
+		if c.config.Bugs.SendWrongMessageType != 0 && msgType == c.config.Bugs.SendWrongMessageType {
+			msgType += 42
+		} else if msgType == typeServerHello && c.config.Bugs.SendServerHelloAsHelloRetryRequest {
+			msgType = typeHelloRetryRequest
+		}
+		if msgType != data[0] {
 			newData := make([]byte, len(data))
 			copy(newData, data)
-			newData[0] += 42
+			newData[0] = msgType
 			data = newData
 		}
 	}
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -9600,6 +9600,22 @@ func addWrongMessageTypeTests() {

 		testCases = append(testCases, t.test)
 	}
+
+	// The processing order for TLS 1.3 version negotiation is such that one
+	// may accidentally accept a HelloRetryRequest in lieu of ServerHello in
+	// TLS 1.2. Test that we do not do this.
+	testCases = append(testCases, testCase{
+		name: "SendServerHelloAsHelloRetryRequest",
+		config: Config{
+			MaxVersion: VersionTLS12,
+			Bugs: ProtocolBugs{
+				SendServerHelloAsHelloRetryRequest: true,
+			},
+		},
+		shouldFail:         true,
+		expectedError:      ":UNEXPECTED_MESSAGE:",
+		expectedLocalError: "remote error: unexpected message",
+	})
 }

 func addTrailingMessageDataTests() {