Google Git
Sign in
boringssl / boringssl / 09ed11928e7605ca9c4dd697c4a2acbd68789eaf^! / .
commit09ed11928e7605ca9c4dd697c4a2acbd68789eaf[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri Jul 14 20:11:07 2017 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Mon Jul 17 14:19:13 2017 +0000
treef924c1200e19f216c45f701b0b0c01190fa9d0c7
parent14308731e5446a73ac2258688a9688b524483cb6 [diff]
Test that record-splitting splits records.

We probably should not have been able to land
https://boringssl-review.googlesource.com/17944 without a test
suppression.

Change-Id: Ie47ca324f94d2f03b7d31218b0379656c070b21b
Reviewed-on: https://boringssl-review.googlesource.com/17905
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index fd9fb3d..be7d88e 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -1389,9 +1389,13 @@
 	// and ServerHello messages to be omitted.
 	OmitExtensions bool
 
-	// EmptyExtensions, if true, causese the extensions field in ClientHello
+	// EmptyExtensions, if true, causes the extensions field in ClientHello
 	// and ServerHello messages to be present, but empty.
 	EmptyExtensions bool
+
+	// ExpectRecordSplitting, if true, causes application records to only be
+	// accepted if they follow a 1/n-1 record split.
+	ExpectRecordSplitting bool
 }
 
 func (c *Config) serverInit() {

diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index c974bd4..047c3c5 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go

@@ -98,6 +98,7 @@
 	pendingFragments [][]byte // pending outgoing handshake fragments.
 
 	keyUpdateRequested bool
+	seenOneByteRecord  bool
 
 	tmp [16]byte
 }
@@ -844,6 +845,13 @@
 		}
 		typ = encTyp
 	}
+
+	length := len(b.data[b.off:])
+	if c.config.Bugs.ExpectRecordSplitting && typ == recordTypeApplicationData && length != 1 && !c.seenOneByteRecord {
+		return 0, nil, c.in.setErrorLocked(fmt.Errorf("tls: application data records were not split"))
+	}
+
+	c.seenOneByteRecord = typ == recordTypeApplicationData && length == 1
 	return typ, b, nil
 }
 

diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json
index 3957bea..834be40 100644
--- a/ssl/test/runner/fuzzer_mode.json
+++ b/ssl/test/runner/fuzzer_mode.json

@@ -48,6 +48,8 @@
     "*-EarlyData-Reject-Client": "Trial decryption does not work with the NULL cipher.",
     "*-EarlyData-RejectTicket-Client": "Trial decryption does not work with the NULL cipher.",
 
-    "Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info."
+    "Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info.",
+
+    "CBCRecordSplitting*": "Fuzzer mode does not implement record-splitting."
   }
 }

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 29747db..e526576 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -3324,6 +3324,9 @@
 				MaxVersion:   VersionTLS10,
 				MinVersion:   VersionTLS10,
 				CipherSuites: []uint16{t.cipher},
+				Bugs: ProtocolBugs{
+					ExpectRecordSplitting: true,
+				},
 			},
 			messageLen:    -1, // read until EOF
 			resumeSession: true,
@@ -3339,6 +3342,9 @@
 				MaxVersion:   VersionTLS10,
 				MinVersion:   VersionTLS10,
 				CipherSuites: []uint16{t.cipher},
+				Bugs: ProtocolBugs{
+					ExpectRecordSplitting: true,
+				},
 			},
 			messageLen: -1, // read until EOF
 			flags: []string{