Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 639846e5e47a2aacfd3d368bec1b208af34e68c8^! / . / ssl / test / runner / runner.go
commit639846e5e47a2aacfd3d368bec1b208af34e68c8[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri Sep 09 11:41:18 2016 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Mon Sep 12 21:00:50 2016 +0000
tree012674c0c441d5c1080b5918f334821a1448c1d6
parentcd2c806530a47d2f4093615be55aa913e0f8b805 [diff] [blame]
Add tests for trailing data in handshake messages.

It's easy to forget to check those. Unfortunately, it's also easy to
forget to check inner structures, which is going to be harder to stress,
but do these to start with. In doing, so fix up and unify some
error-handling, and add a missing check when parsing TLS 1.2
CertificateRequest.

This was also inspired by the recent IETF posting.

Change-Id: I27fe3cd3506258389a75d486036388400f0a33ba
Reviewed-on: https://boringssl-review.googlesource.com/10963
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index dc2376c..8319690 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -7914,6 +7914,32 @@
 	}
 }
 
+func addTrailingMessageDataTests() {
+	for _, t := range makePerMessageTests() {
+		t.test.name = "TrailingMessageData-" + t.test.name
+		t.test.config.Bugs.SendTrailingMessageData = t.messageType
+		t.test.shouldFail = true
+		t.test.expectedError = ":DECODE_ERROR:"
+		t.test.expectedLocalError = "remote error: error decoding message"
+
+		if t.test.config.MaxVersion >= VersionTLS13 && t.messageType == typeServerHello {
+			// In TLS 1.3, a bad ServerHello means the client sends
+			// an unencrypted alert while the server expects
+			// encryption, so the alert is not readable by runner.
+			t.test.expectedLocalError = "local error: bad record MAC"
+		}
+
+		if t.messageType == typeFinished {
+			// Bad Finished messages read as the verify data having
+			// the wrong length.
+			t.test.expectedError = ":DIGEST_CHECK_FAILED:"
+			t.test.expectedLocalError = "remote error: error decrypting message"
+		}
+
+		testCases = append(testCases, t.test)
+	}
+}
+
 func addTLS13HandshakeTests() {
 	testCases = append(testCases, testCase{
 		testType: clientTest,
@@ -8289,6 +8315,7 @@
 	addAllStateMachineCoverageTests()
 	addChangeCipherSpecTests()
 	addWrongMessageTypeTests()
+	addTrailingMessageDataTests()
 	addTLS13HandshakeTests()
 
 	var wg sync.WaitGroup