Google Git
Sign in
boringssl / boringssl.git / 582ba04dce49e05f76c084c3a8bcb526a206fa2f^! / . / ssl / test / runner / conn.go
commit582ba04dce49e05f76c084c3a8bcb526a206fa2f[log] [tgz]
authorDavid Benjamin <davidben@google.com>Thu Jul 07 12:33:25 2016 -0700
committerDavid Benjamin <davidben@google.com>Thu Jul 07 23:23:20 2016 +0000
treef602b7215a7cb9fa05bcf707e7ad38fb91cd0fef
parent751014066c6c96f4bfa5eeae3caf7e3661c7bb19 [diff] [blame]
Add tests for packed handshake records in TLS.

I'm surprised we'd never tested this. In addition to splitting handshake
records up, one may pack multiple handshakes into a single record, as
they fit. Generalize the DTLS handshake flush hook to do this in TLS as
well.

Change-Id: Ia546d18c7c56ba45e50f489c5b53e1fcd6404f51
Reviewed-on: https://boringssl-review.googlesource.com/8650
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 551c6bc..c33ac0c 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go

@@ -77,6 +77,10 @@
 	input    *block       // application record waiting to be read
 	hand     bytes.Buffer // handshake record waiting to be read
 
+	// pendingFlight, if PackHandshakeFlight is enabled, is the buffer of
+	// handshake data to be split into records at the end of the flight.
+	pendingFlight bytes.Buffer
+
 	// DTLS state
 	sendHandshakeSeq uint16
 	recvHandshakeSeq uint16
@@ -934,6 +938,15 @@
 		return c.dtlsWriteRecord(typ, data)
 	}
 
+	if c.config.Bugs.PackHandshakeFlight && typ == recordTypeHandshake {
+		c.pendingFlight.Write(data)
+		return len(data), nil
+	}
+
+	return c.doWriteRecord(typ, data)
+}
+
+func (c *Conn) doWriteRecord(typ recordType, data []byte) (n int, err error) {
 	recordHeaderLen := tlsRecordHeaderLen
 	b := c.out.newBlock()
 	first := true
@@ -1031,6 +1044,23 @@
 	return
 }
 
+func (c *Conn) flushHandshake() error {
+	if c.isDTLS {
+		return c.dtlsFlushHandshake()
+	}
+
+	for c.pendingFlight.Len() > 0 {
+		var buf [maxPlaintext]byte
+		n, _ := c.pendingFlight.Read(buf[:])
+		if _, err := c.doWriteRecord(recordTypeHandshake, buf[:n]); err != nil {
+			return err
+		}
+	}
+
+	c.pendingFlight.Reset()
+	return nil
+}
+
 func (c *Conn) doReadHandshake() ([]byte, error) {
 	if c.isDTLS {
 		return c.dtlsDoReadHandshake()
@@ -1217,6 +1247,7 @@
 
 	if c.config.Bugs.SendHelloRequestBeforeEveryAppDataRecord {
 		c.writeRecord(recordTypeHandshake, []byte{typeHelloRequest, 0, 0, 0})
+		c.flushHandshake()
 	}
 
 	// SSL 3.0 and TLS 1.0 are susceptible to a chosen-plaintext
@@ -1269,6 +1300,7 @@
 			helloReq = c.config.Bugs.BadHelloRequest
 		}
 		c.writeRecord(recordTypeHandshake, helloReq)
+		c.flushHandshake()
 	}
 
 	c.handshakeComplete = false