Google Git
Sign in
boringssl/boringssl.git/9114fae39e86c067d5451a4e23730fc0a7f2de58^!/.
commit
9114fae39e86c067d5451a4e23730fc0a7f2de58
[log]
author
David Benjamin <davidben@chromium.org>
Sat Nov 08 11:41:14 2014 -0500
committer
Adam Langley <agl@google.com>
Tue Nov 11 00:00:39 2014 +0000
tree
6591b97cf374c137120285a3ec0926959ed922dc
parent
688d8dfe48bb5510ad6390add0d676729dce8397 [diff]
Add a test for RSA ServerKeyExchange.

Ensure that the client rejects it with UNEXPECTED_MESSAGE, not by attempting to
decode it.

Change-Id: Ifc5613cf1152e0f7dcbee73e05df1ef367dfbfd5
Reviewed-on: https://boringssl-review.googlesource.com/2232
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 8cdbaea..c77f765 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -505,6 +505,10 @@
 	// stress the replay bitmap window by simulating extreme packet loss and
 	// retransmit at the record layer.
 	SequenceNumberIncrement uint64
+
+	// RSAServerKeyExchange, if true, causes the server to send a
+	// ServerKeyExchange message in the plain RSA key exchange.
+	RSAServerKeyExchange bool
 }
 
 func (c *Config) serverInit() {

diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index af54a8f..47f34cb 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go

@@ -28,6 +28,11 @@
 type rsaKeyAgreement struct{}
 
 func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
+	if config.Bugs.RSAServerKeyExchange {
+		// Send an empty ServerKeyExchange message.
+		return &serverKeyExchangeMsg{}, nil
+	}
+
 	return nil, nil
 }
 

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 44e15d1..2c89717 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -495,6 +495,17 @@
 		shouldFail:    true,
 		expectedError: ":WRONG_CIPHER_RETURNED:",
 	},
+	{
+		name: "RSAServerKeyExchange",
+		config: Config{
+			CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
+			Bugs: ProtocolBugs{
+				RSAServerKeyExchange: true,
+			},
+		},
+		shouldFail:    true,
+		expectedError: ":UNEXPECTED_MESSAGE:",
+	},
 }
 
 func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {