Validate ClientHellos in tests some more. This way we'll notice if we ever generate a bad padding extension or duplicate an extension. This did require fixing one of the JDK11 test vectors. When I manually added a padding extension, I forgot the contents were all zeros and incorrectly put in "padding" instead. Change-Id: Ifec5bb01a739014ed0fdf5b49b82a6b514646e9a Reviewed-on: https://boringssl-review.googlesource.com/c/33444 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>

commit: 278b3120ee572fc5ed705ef7c8889b769766664a [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Nov 22 11:04:07 2018 -0600
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Dec 03 20:31:55 2018 +0000
tree: 22b4733f9c5be047704cd37583c0dadaa447de35
parent: 0f5ecd3a854546d943104e1f7421e489b7f4d5aa [diff]
diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go
index e0867a5..823c6c8 100644
--- a/ssl/test/runner/handshake_messages.go
+++ b/ssl/test/runner/handshake_messages.go

@@ -653,6 +653,23 @@
 	return true
 }
 
+func checkDuplicateExtensions(extensions byteReader) bool {
+	seen := make(map[uint16]struct{})
+	for len(extensions) > 0 {
+		var extension uint16
+		var body byteReader
+		if !extensions.readU16(&extension) ||
+			!extensions.readU16LengthPrefixed(&body) {
+			return false
+		}
+		if _, ok := seen[extension]; ok {
+			return false
+		}
+		seen[extension] = struct{}{}
+	}
+	return true
+}
+
 func (m *clientHelloMsg) unmarshal(data []byte) bool {
 	m.raw = data
 	reader := byteReader(data[4:])
@@ -707,7 +724,7 @@
 	}
 
 	var extensions byteReader
-	if !reader.readU16LengthPrefixed(&extensions) || len(reader) != 0 {
+	if !reader.readU16LengthPrefixed(&extensions) || len(reader) != 0 || !checkDuplicateExtensions(extensions) {
 		return false
 	}
 	for len(extensions) > 0 {
@@ -923,6 +940,13 @@
 				seen[algID] = struct{}{}
 				m.compressedCertAlgs = append(m.compressedCertAlgs, algID)
 			}
+		case extensionPadding:
+			// Padding bytes must be all zero.
+			for _, b := range body {
+				if b != 0 {
+					return false
+				}
+			}
 		}
 
 		if isGREASEValue(extension) {
@@ -1067,7 +1091,7 @@
 	}
 
 	var extensions byteReader
-	if !reader.readU16LengthPrefixed(&extensions) || len(reader) != 0 {
+	if !reader.readU16LengthPrefixed(&extensions) || len(reader) != 0 || !checkDuplicateExtensions(extensions) {
 		return false
 	}
 
@@ -1330,6 +1354,10 @@
 	// Reset all fields.
 	*m = serverExtensions{}
 
+	if !checkDuplicateExtensions(data) {
+		return false
+	}
+
 	for len(data) > 0 {
 		var extension uint16
 		var body byteReader
@@ -1651,7 +1679,7 @@
 		}
 		if m.hasRequestContext {
 			var extensions byteReader
-			if !certs.readU16LengthPrefixed(&extensions) {
+			if !certs.readU16LengthPrefixed(&extensions) || !checkDuplicateExtensions(extensions) {
 				return false
 			}
 			for len(extensions) > 0 {
@@ -2010,7 +2038,8 @@
 		var extensions byteReader
 		if !reader.readU8LengthPrefixedBytes(&m.requestContext) ||
 			!reader.readU16LengthPrefixed(&extensions) ||
-			len(reader) != 0 {
+			len(reader) != 0 ||
+			!checkDuplicateExtensions(extensions) {
 			return false
 		}
 		for len(extensions) > 0 {

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index fadc890..6b251a2 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -14680,7 +14680,7 @@
 		},
 		{
 			// The above with a padding extension added at the end.
-			decodeHexOrPanic("010001b4030336a379aa355a22a064b4402760efae1c73977b0b4c975efc7654c35677723dde201fe3f8a2bca60418a68f72463ea19f3c241e7cbfceb347e451a62bd2417d8981005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff01000111000000080006000003736e69000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b0009080304030303020301002d000201010033004700450017004104721f007464cb08a0f36e093ad178eb78d6968df20077b2dd882694a85dc4c9884caf5092db41f16cc3f8d41f59426992fa5e32cfb9ad08deee752cdd95b1a6b50015000770616464696e67"),
+			decodeHexOrPanic("010001b4030336a379aa355a22a064b4402760efae1c73977b0b4c975efc7654c35677723dde201fe3f8a2bca60418a68f72463ea19f3c241e7cbfceb347e451a62bd2417d8981005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff01000111000000080006000003736e69000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b0009080304030303020301002d000201010033004700450017004104721f007464cb08a0f36e093ad178eb78d6968df20077b2dd882694a85dc4c9884caf5092db41f16cc3f8d41f59426992fa5e32cfb9ad08deee752cdd95b1a6b50015000700000000000000"),
 			false,
 		},
 		{
commit	278b3120ee572fc5ed705ef7c8889b769766664a	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Nov 22 11:04:07 2018 -0600
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Mon Dec 03 20:31:55 2018 +0000
tree	22b4733f9c5be047704cd37583c0dadaa447de35
parent	0f5ecd3a854546d943104e1f7421e489b7f4d5aa [diff]