Test various cases where plaintexts and ciphertexts are too large.

Note that DTLS treats oversized ciphertexts different from everything else.

Change-Id: I71cba69ebce0debdfc96a7fdeb2666252e8d28ed
Reviewed-on: https://boringssl-review.googlesource.com/5786
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index adcb405..51ba563 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -225,6 +225,9 @@
 	// sendWarningAlerts is the number of consecutive warning alerts to send
 	// before and after the test message.
 	sendWarningAlerts int
+	// expectMessageDropped, if true, means the test message is expected to
+	// be dropped by the client rather than echoed back.
+	expectMessageDropped bool
 }
 
 var testCases []testCase
@@ -425,7 +428,7 @@
 			tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
 		}
 
-		if test.shimShutsDown {
+		if test.shimShutsDown || test.expectMessageDropped {
 			// The shim will not respond.
 			continue
 		}
@@ -1883,6 +1886,54 @@
 			},
 			shimShutsDown: true,
 		},
+		{
+			name: "LargePlaintext",
+			config: Config{
+				Bugs: ProtocolBugs{
+					SendLargeRecords: true,
+				},
+			},
+			messageLen:    maxPlaintext + 1,
+			shouldFail:    true,
+			expectedError: ":DATA_LENGTH_TOO_LONG:",
+		},
+		{
+			protocol: dtls,
+			name:     "LargePlaintext-DTLS",
+			config: Config{
+				Bugs: ProtocolBugs{
+					SendLargeRecords: true,
+				},
+			},
+			messageLen:    maxPlaintext + 1,
+			shouldFail:    true,
+			expectedError: ":DATA_LENGTH_TOO_LONG:",
+		},
+		{
+			name: "LargeCiphertext",
+			config: Config{
+				Bugs: ProtocolBugs{
+					SendLargeRecords: true,
+				},
+			},
+			messageLen:    maxPlaintext * 2,
+			shouldFail:    true,
+			expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
+		},
+		{
+			protocol: dtls,
+			name:     "LargeCiphertext-DTLS",
+			config: Config{
+				Bugs: ProtocolBugs{
+					SendLargeRecords: true,
+				},
+			},
+			messageLen: maxPlaintext * 2,
+			// Unlike the other four cases, DTLS drops records which
+			// are invalid before authentication, so the connection
+			// does not fail.
+			expectMessageDropped: true,
+		},
 	}
 	testCases = append(testCases, basicTests...)
 }