Google Git
Sign in
boringssl / boringssl / 4a37de076b542aacb0c76c2c69d69277162f5641^! / .
commit4a37de076b542aacb0c76c2c69d69277162f5641[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue Aug 08 20:15:40 2017 -0400
committerDavid Benjamin <davidben@google.com>Wed Aug 09 00:42:34 2017 +0000
tree9c93f5269192c55d5cd834319dc5612ae982e059
parent70dbf042b61c68294474923accd49f1971032fab [diff]
Test that Finished checks are enforced in 0-RTT.

This is analogous to needing to test that Finished is enforced in False
Start.

Change-Id: I168a72ac51b0f75156aaf6ccc9724ae66ce1e734
Reviewed-on: https://boringssl-review.googlesource.com/18986
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json
index 834be40..9fa49b5 100644
--- a/ssl/test/runner/fuzzer_mode.json
+++ b/ssl/test/runner/fuzzer_mode.json

@@ -2,8 +2,7 @@
   "DisabledTests": {
     "BadCBCPadding*": "Fuzzer mode has no CBC padding.",
 
-    "BadFinished-*": "Fuzzer mode ignores Finished checks.",
-    "FalseStart-BadFinished": "Fuzzer mode ignores Finished checks.",
+    "*BadFinished*": "Fuzzer mode ignores Finished checks.",
     "TrailingMessageData-*Finished*": "Fuzzer mode ignores Finished checks.",
 
     "DTLSIgnoreBadPackets*": "Fuzzer mode has no bad packets.",

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 4d7d2b0..1015857 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -11768,7 +11768,8 @@
 			Bugs: ProtocolBugs{
 				SendEarlyData:           [][]byte{{1, 2, 3, 4}},
 				SendStrayEarlyHandshake: true,
-				ExpectEarlyDataAccepted: true},
+				ExpectEarlyDataAccepted: true,
+			},
 		},
 		resumeSession:      true,
 		shouldFail:         true,
@@ -11796,6 +11797,59 @@
 			"-expect-version", strconv.Itoa(VersionTLS13),
 		},
 	})
+
+	// Test that client and server both notice handshake errors after data
+	// has started flowing.
+	testCases = append(testCases, testCase{
+		testType: clientTest,
+		name:     "TLS13-EarlyData-Client-BadFinished",
+		config: Config{
+			MaxVersion:       VersionTLS13,
+			MaxEarlyDataSize: 16384,
+		},
+		resumeConfig: &Config{
+			MaxVersion:       VersionTLS13,
+			MaxEarlyDataSize: 16384,
+			Bugs: ProtocolBugs{
+				BadFinished: true,
+			},
+		},
+		resumeSession: true,
+		flags: []string{
+			"-enable-early-data",
+			"-expect-early-data-info",
+			"-expect-accept-early-data",
+		},
+		shouldFail:         true,
+		expectedError:      ":DIGEST_CHECK_FAILED:",
+		expectedLocalError: "remote error: error decrypting message",
+	})
+	testCases = append(testCases, testCase{
+		testType: serverTest,
+		name:     "TLS13-EarlyData-Server-BadFinished",
+		config: Config{
+			MaxVersion:       VersionTLS13,
+			MaxEarlyDataSize: 16384,
+		},
+		resumeConfig: &Config{
+			MaxVersion:       VersionTLS13,
+			MaxEarlyDataSize: 16384,
+			Bugs: ProtocolBugs{
+				SendEarlyData:           [][]byte{{1, 2, 3, 4}},
+				ExpectEarlyDataAccepted: true,
+				ExpectHalfRTTData:       [][]byte{{254, 253, 252, 251}},
+				BadFinished:             true,
+			},
+		},
+		resumeSession: true,
+		flags: []string{
+			"-enable-early-data",
+			"-expect-accept-early-data",
+		},
+		shouldFail:         true,
+		expectedError:      ":DIGEST_CHECK_FAILED:",
+		expectedLocalError: "remote error: error decrypting message",
+	})
 }
 
 func addTLS13CipherPreferenceTests() {