Test that record-splitting splits records.
We probably should not have been able to land
https://boringssl-review.googlesource.com/17944 without a test
suppression.
Change-Id: Ie47ca324f94d2f03b7d31218b0379656c070b21b
Reviewed-on: https://boringssl-review.googlesource.com/17905
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index fd9fb3d..be7d88e 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -1389,9 +1389,13 @@
// and ServerHello messages to be omitted.
OmitExtensions bool
- // EmptyExtensions, if true, causese the extensions field in ClientHello
+ // EmptyExtensions, if true, causes the extensions field in ClientHello
// and ServerHello messages to be present, but empty.
EmptyExtensions bool
+
+ // ExpectRecordSplitting, if true, causes application records to only be
+ // accepted if they follow a 1/n-1 record split.
+ ExpectRecordSplitting bool
}
func (c *Config) serverInit() {
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index c974bd4..047c3c5 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -98,6 +98,7 @@
pendingFragments [][]byte // pending outgoing handshake fragments.
keyUpdateRequested bool
+ seenOneByteRecord bool
tmp [16]byte
}
@@ -844,6 +845,13 @@
}
typ = encTyp
}
+
+ length := len(b.data[b.off:])
+ if c.config.Bugs.ExpectRecordSplitting && typ == recordTypeApplicationData && length != 1 && !c.seenOneByteRecord {
+ return 0, nil, c.in.setErrorLocked(fmt.Errorf("tls: application data records were not split"))
+ }
+
+ c.seenOneByteRecord = typ == recordTypeApplicationData && length == 1
return typ, b, nil
}
diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json
index 3957bea..834be40 100644
--- a/ssl/test/runner/fuzzer_mode.json
+++ b/ssl/test/runner/fuzzer_mode.json
@@ -48,6 +48,8 @@
"*-EarlyData-Reject-Client": "Trial decryption does not work with the NULL cipher.",
"*-EarlyData-RejectTicket-Client": "Trial decryption does not work with the NULL cipher.",
- "Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info."
+ "Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info.",
+
+ "CBCRecordSplitting*": "Fuzzer mode does not implement record-splitting."
}
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 29747db..e526576 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -3324,6 +3324,9 @@
MaxVersion: VersionTLS10,
MinVersion: VersionTLS10,
CipherSuites: []uint16{t.cipher},
+ Bugs: ProtocolBugs{
+ ExpectRecordSplitting: true,
+ },
},
messageLen: -1, // read until EOF
resumeSession: true,
@@ -3339,6 +3342,9 @@
MaxVersion: VersionTLS10,
MinVersion: VersionTLS10,
CipherSuites: []uint16{t.cipher},
+ Bugs: ProtocolBugs{
+ ExpectRecordSplitting: true,
+ },
},
messageLen: -1, // read until EOF
flags: []string{