kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add SendServerHelloAsHelloRetryRequest test.

Browse Source 
There was a case we were not covering.

Change-Id: Ia8bc1b73f5db3d18afc3cdcfa249867784c3dcd2
Reviewed-on: https://boringssl-review.googlesource.com/14824
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-04-08 11:00:45 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent d3bca049ee
commit ebacdeed67
3 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/test/runner/common.go
View File

@ -1331,6 +1331,10 @@ type ProtocolBugs struct {
// to use when signing in TLS 1.1 and earlier where algorithms are not // to use when signing in TLS 1.1 and earlier where algorithms are not
// negotiated. // negotiated.
UseLegacySigningAlgorithm signatureAlgorithm UseLegacySigningAlgorithm signatureAlgorithm
// SendServerHelloAsHelloRetryRequest, if true, causes the server to
// send ServerHello messages with a HelloRetryRequest type field.
SendServerHelloAsHelloRetryRequest bool
} }
func (c *Config) serverInit() { func (c *Config) serverInit() {

12
ssl/test/runner/conn.go
View File

@ -1001,11 +1001,17 @@ func (c *Conn) writeV2Record(data []byte) (n int, err error) {
// to the connection and updates the record layer state. // to the connection and updates the record layer state.
// c.out.Mutex <= L. // c.out.Mutex <= L.
func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) { func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) {
if msgType := c.config.Bugs.SendWrongMessageType; msgType != 0 { if typ == recordTypeHandshake {
if typ == recordTypeHandshake && data[0] == msgType { msgType := data[0]
if c.config.Bugs.SendWrongMessageType != 0 && msgType == c.config.Bugs.SendWrongMessageType {
msgType += 42
} else if msgType == typeServerHello && c.config.Bugs.SendServerHelloAsHelloRetryRequest {
msgType = typeHelloRetryRequest
}
if msgType != data[0] {
newData := make([]byte, len(data)) newData := make([]byte, len(data))
copy(newData, data) copy(newData, data)
newData[0] += 42 newData[0] = msgType
data = newData data = newData
} }
} }

16
ssl/test/runner/runner.go
View File

@ -9600,6 +9600,22 @@ func addWrongMessageTypeTests() {
testCases = append(testCases, t.test) testCases = append(testCases, t.test)
} }
// The processing order for TLS 1.3 version negotiation is such that one
// may accidentally accept a HelloRetryRequest in lieu of ServerHello in
// TLS 1.2. Test that we do not do this.
testCases = append(testCases, testCase{
name: "SendServerHelloAsHelloRetryRequest",
config: Config{
MaxVersion: VersionTLS12,
Bugs: ProtocolBugs{
SendServerHelloAsHelloRetryRequest: true,
},
},
shouldFail: true,
expectedError: ":UNEXPECTED_MESSAGE:",
expectedLocalError: "remote error: unexpected message",
})
} }
func addTrailingMessageDataTests() { func addTrailingMessageDataTests() {