diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index ec0e2dbd..caf4aeeb 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go @@ -809,6 +809,10 @@ type ProtocolBugs struct { // BadChangeCipherSpec, if not nil, is the body to be sent in // ChangeCipherSpec records instead of {1}. BadChangeCipherSpec []byte + + // BadHelloRequest, if not nil, is what to send instead of a + // HelloRequest. + BadHelloRequest []byte } func (c *Config) serverInit() { diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go index 7178d208..cb60a928 100644 --- a/ssl/test/runner/conn.go +++ b/ssl/test/runner/conn.go @@ -1201,8 +1201,11 @@ func (c *Conn) handleRenegotiation() error { func (c *Conn) Renegotiate() error { if !c.isClient { - helloReq := new(helloRequestMsg) - c.writeRecord(recordTypeHandshake, helloReq.marshal()) + helloReq := new(helloRequestMsg).marshal() + if c.config.Bugs.BadHelloRequest != nil { + helloReq = c.config.Bugs.BadHelloRequest + } + c.writeRecord(recordTypeHandshake, helloReq) } c.handshakeComplete = false diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 1e5ffd98..5af93df6 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -2037,6 +2037,36 @@ func addBasicTests() { shouldFail: true, expectedError: ":BAD_CHANGE_CIPHER_SPEC:", }, + { + name: "BadHelloRequest-1", + renegotiate: 1, + config: Config{ + Bugs: ProtocolBugs{ + BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1}, + }, + }, + flags: []string{ + "-renegotiate-freely", + "-expect-total-renegotiations", "1", + }, + shouldFail: true, + expectedError: ":BAD_HELLO_REQUEST:", + }, + { + name: "BadHelloRequest-2", + renegotiate: 1, + config: Config{ + Bugs: ProtocolBugs{ + BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0}, + }, + }, + flags: []string{ + "-renegotiate-freely", + "-expect-total-renegotiations", "1", + }, + shouldFail: true, + expectedError: ":BAD_HELLO_REQUEST:", + }, } testCases = append(testCases, basicTests...) }