Google Git
Sign in
boringssl/boringssl/41754d58e549d45762f906ba9e0da6ccf28c7b3f^!/.
commit
41754d58e549d45762f906ba9e0da6ccf28c7b3f
[log]
author
Nick Harper <nharper@chromium.org>
Tue Jul 23 22:30:50 2024 +0000
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Wed Aug 14 17:24:06 2024 +0000
tree
e6d106ff0430f964fab9855787a27d0ad34528ab
parent
e64610a84d8c164c782582227d8a9976900f8fce [diff]
Refactor record header length in test runner.

The length of the DTLS record header isn't a constant - update variables
and functions to match that reality.

Change-Id: Ib6abc3af98a15994c72a22b8fdd8e230e87b966a
Bug: 715
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/69949
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 9260af0..89948b3 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -51,12 +51,11 @@
 }
 
 const (
-	maxPlaintext       = 16384        // maximum plaintext payload length
-	maxCiphertext      = 16384 + 2048 // maximum ciphertext payload length
-	tlsRecordHeaderLen = 5            // record header length
-	// TODO(nharper): check whether this value needs to be changed for DTLS 1.3
-	dtlsRecordHeaderLen = 13
-	maxHandshake        = 65536 // maximum handshake we support (protocol max is 16 MB)
+	maxPlaintext           = 16384        // maximum plaintext payload length
+	maxCiphertext          = 16384 + 2048 // maximum ciphertext payload length
+	tlsRecordHeaderLen     = 5            // record header length
+	dtlsMaxRecordHeaderLen = 13
+	maxHandshake           = 65536 // maximum handshake we support (protocol max is 16 MB)
 
 	minVersion = VersionSSL30
 	maxVersion = VersionTLS13

diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 9cb9fde..434ba1e 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go

@@ -357,9 +357,16 @@
 	copy(hc.outSeq[:], hc.seq[:])
 }
 
-func (hc *halfConn) recordHeaderLen() int {
+// writeRecordHeaderLen returns the length of the record header that will be
+// written. Do not use this for the length of a record header when reading, as
+// that can depend on the bytes read.
+func (hc *halfConn) writeRecordHeaderLen() int {
 	if hc.isDTLS {
-		return dtlsRecordHeaderLen
+		// TODO(nharper): Change this to be the actual record header
+		// length that will be written. This will depend on version and
+		// write cipher, as well as configuration or protocol bugs to
+		// exercise all options of the DTLS 1.3 record header.
+		return dtlsMaxRecordHeaderLen
 	}
 	return tlsRecordHeaderLen
 }
@@ -564,7 +571,7 @@
 
 // encrypt encrypts and macs the data in b.
 func (hc *halfConn) encrypt(b *block, explicitIVLen int, typ recordType) (bool, alert) {
-	recordHeaderLen := hc.recordHeaderLen()
+	recordHeaderLen := hc.writeRecordHeaderLen()
 
 	// mac
 	if hc.mac != nil {
@@ -782,7 +789,7 @@
 		return c.dtlsDoReadRecord(want)
 	}
 
-	recordHeaderLen := c.in.recordHeaderLen()
+	recordHeaderLen := tlsRecordHeaderLen
 
 	if c.rawInput == nil {
 		c.rawInput = c.in.newBlock()
@@ -1209,7 +1216,7 @@
 }
 
 func (c *Conn) doWriteRecord(typ recordType, data []byte) (n int, err error) {
-	recordHeaderLen := c.out.recordHeaderLen()
+	recordHeaderLen := c.out.writeRecordHeaderLen()
 	b := c.out.newBlock()
 	first := true
 	isClientHello := typ == recordTypeHandshake && len(data) > 0 && data[0] == typeClientHello

diff --git a/ssl/test/runner/dtls.go b/ssl/test/runner/dtls.go
index 9be916a..95e1a9a 100644
--- a/ssl/test/runner/dtls.go
+++ b/ssl/test/runner/dtls.go

@@ -24,7 +24,7 @@
 )
 
 func (c *Conn) dtlsDoReadRecord(want recordType) (recordType, *block, error) {
-	recordHeaderLen := dtlsRecordHeaderLen
+	recordHeaderLen := dtlsMaxRecordHeaderLen
 
 	if c.rawInput == nil {
 		c.rawInput = c.in.newBlock()
@@ -335,7 +335,7 @@
 // if necessary. The caller should call dtlsFlushPacket to flush the current
 // pending packet afterwards.
 func (c *Conn) dtlsPackRecord(typ recordType, data []byte, mustPack bool) (n int, err error) {
-	recordHeaderLen := dtlsRecordHeaderLen
+	recordHeaderLen := c.out.writeRecordHeaderLen()
 	maxLen := c.config.Bugs.MaxHandshakeRecordLength
 	if maxLen <= 0 {
 		maxLen = 1024

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 623f277..dae8a2a 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -2725,7 +2725,7 @@
 			name:     "SplitFragments-Boundary-DTLS",
 			config: Config{
 				Bugs: ProtocolBugs{
-					SplitFragments: dtlsRecordHeaderLen,
+					SplitFragments: dtlsMaxRecordHeaderLen,
 				},
 			},
 			shouldFail:    true,
@@ -2736,7 +2736,7 @@
 			name:     "SplitFragments-Body-DTLS",
 			config: Config{
 				Bugs: ProtocolBugs{
-					SplitFragments: dtlsRecordHeaderLen + 1,
+					SplitFragments: dtlsMaxRecordHeaderLen + 1,
 				},
 			},
 			shouldFail:    true,