Test the behavior of running SSL_do_handshake twice in a row.
BUG=185
Change-Id: I4ce6735ca78cd687538a8c0fdbd78ee97b93585c
Reviewed-on: https://boringssl-review.googlesource.com/14382
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3aa2c46..3bdb865 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -10740,6 +10740,109 @@
}
}
+func addExtraHandshakeTests() {
+ // An extra SSL_do_handshake is normally a no-op. These tests use -async
+ // to ensure there is no transport I/O.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "ExtraHandshake-Client-TLS12",
+ config: Config{
+ MinVersion: VersionTLS12,
+ MaxVersion: VersionTLS12,
+ },
+ flags: []string{
+ "-async",
+ "-no-op-extra-handshake",
+ },
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "ExtraHandshake-Server-TLS12",
+ config: Config{
+ MinVersion: VersionTLS12,
+ MaxVersion: VersionTLS12,
+ },
+ flags: []string{
+ "-async",
+ "-no-op-extra-handshake",
+ },
+ })
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "ExtraHandshake-Client-TLS13",
+ config: Config{
+ MinVersion: VersionTLS13,
+ MaxVersion: VersionTLS13,
+ },
+ flags: []string{
+ "-async",
+ "-no-op-extra-handshake",
+ },
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "ExtraHandshake-Server-TLS13",
+ config: Config{
+ MinVersion: VersionTLS13,
+ MaxVersion: VersionTLS13,
+ },
+ flags: []string{
+ "-async",
+ "-no-op-extra-handshake",
+ },
+ })
+
+ // An extra SSL_do_handshake is a no-op in server 0-RTT.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "ExtraHandshake-Server-EarlyData-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MinVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: true,
+ ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
+ },
+ },
+ messageCount: 2,
+ resumeSession: true,
+ flags: []string{
+ "-async",
+ "-enable-early-data",
+ "-expect-accept-early-data",
+ "-no-op-extra-handshake",
+ },
+ })
+
+ // An extra SSL_do_handshake drives the handshake to completion in False
+ // Start. We test this by handshaking twice and asserting the False
+ // Start does not appear to happen. See AlertBeforeFalseStartTest for
+ // how the test works.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "ExtraHandshake-FalseStart",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ NextProtos: []string{"foo"},
+ Bugs: ProtocolBugs{
+ ExpectFalseStart: true,
+ AlertBeforeFalseStartTest: alertAccessDenied,
+ },
+ },
+ flags: []string{
+ "-handshake-twice",
+ "-false-start",
+ "-advertise-alpn", "\x03foo",
+ },
+ shimWritesFirst: true,
+ shouldFail: true,
+ expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
+ expectedLocalError: "tls: peer did not false start: EOF",
+ })
+}
+
func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
defer wg.Done()
@@ -10866,6 +10969,7 @@
addCertificateTests()
addRetainOnlySHA256ClientCertTests()
addECDSAKeyUsageTests()
+ addExtraHandshakeTests()
var wg sync.WaitGroup