Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / a252b34d66373c10be8e43c74df91e3c634bd26c^! / . / ssl / test / runner / runner.go
commita252b34d66373c10be8e43c74df91e3c634bd26c[log] [tgz]
authorDavid Benjamin <davidben@google.com>Mon Sep 26 19:57:53 2016 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Thu Sep 29 16:31:54 2016 +0000
tree216f588951fad684da2ac7162d8610b0dd069cdc
parentb6f6927cac40c78310bee0bc14b71704f7c30617 [diff] [blame]
Add tests for very large handshake messages.

OpenSSL recently had a regression here (CVE-2016-6309). We're fine,
but so that we stay that way, add some tests.

Change-Id: I244d7ff327b7aad550f86408c5e5e65e6d1babe5
Reviewed-on: https://boringssl-review.googlesource.com/11321
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index ec20947..5fd333d 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -2331,6 +2331,46 @@
 		},
 	}
 	testCases = append(testCases, basicTests...)
+
+	// Test that very large messages can be received.
+	cert := rsaCertificate
+	for i := 0; i < 50; i++ {
+		cert.Certificate = append(cert.Certificate, cert.Certificate[0])
+	}
+	testCases = append(testCases, testCase{
+		name: "LargeMessage",
+		config: Config{
+			Certificates: []Certificate{cert},
+		},
+	})
+	testCases = append(testCases, testCase{
+		protocol: dtls,
+		name:     "LargeMessage-DTLS",
+		config: Config{
+			Certificates: []Certificate{cert},
+		},
+	})
+
+	// They are rejected if the maximum certificate chain length is capped.
+	testCases = append(testCases, testCase{
+		name: "LargeMessage-Reject",
+		config: Config{
+			Certificates: []Certificate{cert},
+		},
+		flags:         []string{"-max-cert-list", "16384"},
+		shouldFail:    true,
+		expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
+	})
+	testCases = append(testCases, testCase{
+		protocol: dtls,
+		name:     "LargeMessage-Reject-DTLS",
+		config: Config{
+			Certificates: []Certificate{cert},
+		},
+		flags:         []string{"-max-cert-list", "16384"},
+		shouldFail:    true,
+		expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
+	})
 }
 
 func addCipherSuiteTests() {