Add limit for consecutive KeyUpdate messages.
Change-Id: I2e1ee319bb9852b9c686f2f297c470db54f72279
Reviewed-on: https://boringssl-review.googlesource.com/10370
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3e4ba2e..19b8ee7 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -353,6 +353,9 @@
// sendWarningAlerts is the number of consecutive warning alerts to send
// before and after the test message.
sendWarningAlerts int
+ // sendKeyUpdates is the number of consecutive key updates to send
+ // before and after the test message.
+ sendKeyUpdates int
// expectMessageDropped, if true, means the test message is expected to
// be dropped by the client rather than echoed back.
expectMessageDropped bool
@@ -615,6 +618,10 @@
}
}
+ for i := 0; i < test.sendKeyUpdates; i++ {
+ tlsConn.SendKeyUpdate()
+ }
+
for i := 0; i < test.sendEmptyRecords; i++ {
tlsConn.Write(nil)
}
@@ -671,6 +678,10 @@
}
tlsConn.Write(testMessage)
+ for i := 0; i < test.sendKeyUpdates; i++ {
+ tlsConn.SendKeyUpdate()
+ }
+
for i := 0; i < test.sendEmptyRecords; i++ {
tlsConn.Write(nil)
}
@@ -1993,6 +2004,15 @@
expectedError: ":TOO_MANY_WARNING_ALERTS:",
},
{
+ name: "SendKeyUpdates",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ },
+ sendKeyUpdates: 33,
+ shouldFail: true,
+ expectedError: ":TOO_MANY_KEY_UPDATES:",
+ },
+ {
name: "EmptySessionID",
config: Config{
MaxVersion: VersionTLS12,