From ef5dfd298019b7eb721725b04ef3117eb37f2614 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Sun, 6 Dec 2015 13:17:07 -0500
Subject: [PATCH] Add tests for malformed HelloRequests.

Change-Id: Iff053022c7ffe5b01c0daf95726cc7d49c33cbd6
Reviewed-on: https://boringssl-review.googlesource.com/6640
Reviewed-by: Adam Langley <agl@google.com>
---
 ssl/test/runner/common.go |  4 ++++
 ssl/test/runner/conn.go   |  7 +++++--
 ssl/test/runner/runner.go | 30 ++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index ec0e2dbd..caf4aeeb 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -809,6 +809,10 @@ type ProtocolBugs struct {
 	// BadChangeCipherSpec, if not nil, is the body to be sent in
 	// ChangeCipherSpec records instead of {1}.
 	BadChangeCipherSpec []byte
+
+	// BadHelloRequest, if not nil, is what to send instead of a
+	// HelloRequest.
+	BadHelloRequest []byte
 }
 
 func (c *Config) serverInit() {
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 7178d208..cb60a928 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -1201,8 +1201,11 @@ func (c *Conn) handleRenegotiation() error {
 
 func (c *Conn) Renegotiate() error {
 	if !c.isClient {
-		helloReq := new(helloRequestMsg)
-		c.writeRecord(recordTypeHandshake, helloReq.marshal())
+		helloReq := new(helloRequestMsg).marshal()
+		if c.config.Bugs.BadHelloRequest != nil {
+			helloReq = c.config.Bugs.BadHelloRequest
+		}
+		c.writeRecord(recordTypeHandshake, helloReq)
 	}
 
 	c.handshakeComplete = false
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 1e5ffd98..5af93df6 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2037,6 +2037,36 @@ func addBasicTests() {
 			shouldFail:    true,
 			expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
 		},
+		{
+			name:        "BadHelloRequest-1",
+			renegotiate: 1,
+			config: Config{
+				Bugs: ProtocolBugs{
+					BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
+				},
+			},
+			flags: []string{
+				"-renegotiate-freely",
+				"-expect-total-renegotiations", "1",
+			},
+			shouldFail:    true,
+			expectedError: ":BAD_HELLO_REQUEST:",
+		},
+		{
+			name:        "BadHelloRequest-2",
+			renegotiate: 1,
+			config: Config{
+				Bugs: ProtocolBugs{
+					BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
+				},
+			},
+			flags: []string{
+				"-renegotiate-freely",
+				"-expect-total-renegotiations", "1",
+			},
+			shouldFail:    true,
+			expectedError: ":BAD_HELLO_REQUEST:",
+		},
 	}
 	testCases = append(testCases, basicTests...)
 }