Google Git
Sign in
boringssl/boringssl.git/e7e36aae253be9d054b5df108ac9fea42e1a0557^!/.
commit
e7e36aae253be9d054b5df108ac9fea42e1a0557
[log] [tgz]
author
David Benjamin <davidben@google.com>
Mon Aug 08 12:39:41 2016 -0400
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Mon Aug 08 17:27:42 2016 +0000
tree
636e793a39ff49a1e180993f1acbe9ab44203afc
parent
2f8ea545a63be73a6869a5cfd018748c0f868d83 [diff]
Test that switching versions on renego is illegal.

We handle this correctly but never wrote a test for it. Noticed this in
chatting about the second ClientHello.version bug workaround with Eric
Rescorla.

Change-Id: I09bc6c995d07c0f2c9936031b52c3c639ed3695e
Reviewed-on: https://boringssl-review.googlesource.com/9154
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index aca308c..b6befe4 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -606,6 +606,10 @@
 	// peer.
 	NegotiateVersion uint16
 
+	// NegotiateVersionOnRenego, if non-zero, causes the server to negotiate
+	// the specified TLS version on renegotiation rather than retaining it.
+	NegotiateVersionOnRenego uint16
+
 	// ExpectFalseStart causes the server to, on full handshakes,
 	// expect the peer to False Start; the server Finished message
 	// isn't sent until we receive an application data record

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index c2b28f2..fe860f8 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -222,6 +222,8 @@
 
 	if config.Bugs.NegotiateVersion != 0 {
 		c.vers = config.Bugs.NegotiateVersion
+	} else if c.haveVers && config.Bugs.NegotiateVersionOnRenego != 0 {
+		c.vers = config.Bugs.NegotiateVersionOnRenego
 	} else {
 		c.vers, ok = config.mutualVersion(hs.clientHello.vers, c.isDTLS)
 		if !ok {

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index ee4694b..635600f 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -5026,6 +5026,9 @@
 			"-expect-total-renegotiations", "1",
 		},
 	})
+
+	// Test that the server may switch ciphers on renegotiation without
+	// problems.
 	testCases = append(testCases, testCase{
 		name:        "Renegotiate-Client-SwitchCiphers",
 		renegotiate: 1,
@@ -5052,6 +5055,27 @@
 			"-expect-total-renegotiations", "1",
 		},
 	})
+
+	// Test that the server may not switch versions on renegotiation.
+	testCases = append(testCases, testCase{
+		name: "Renegotiate-Client-SwitchVersion",
+		config: Config{
+			MaxVersion: VersionTLS12,
+			// Pick a cipher which exists at both versions.
+			CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
+			Bugs: ProtocolBugs{
+				NegotiateVersionOnRenego: VersionTLS11,
+			},
+		},
+		renegotiate: 1,
+		flags: []string{
+			"-renegotiate-freely",
+			"-expect-total-renegotiations", "1",
+		},
+		shouldFail:    true,
+		expectedError: ":WRONG_SSL_VERSION:",
+	})
+
 	testCases = append(testCases, testCase{
 		name:        "Renegotiate-SameClientVersion",
 		renegotiate: 1,