Google Git
Sign in
boringssl / boringssl / 69eec38a25a709553db67e5cba43b43c23e26848^! / .
commit69eec38a25a709553db67e5cba43b43c23e26848[log] [tgz]
authorDavid Benjamin <davidben@google.com>Thu Feb 29 19:49:37 2024 -0500
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Mar 06 16:42:06 2024 +0000
treebe15415446f2c0bd6cc7e01156915bef82ceec38
parent9b34a3224062c456ff0d0b77fd9a34c5ad08dfea [diff]
runner: Add a test for hint mismatch due to public key

The implementation itself does check for a match, but we never tested
it. I suspect I omitted it because, in TLS 1.3, that check is actually
redundant. However, in TLS 1.2, it's load-bearing.

Change-Id: I51ed0b2b554ff2090b360db2c60e22ca0afe0c89
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66669
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 7a4bfa6..5a53493 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -18950,6 +18950,45 @@
 			})
 		}
 
+		// The shim and handshaker may use different certificates. In TLS 1.3,
+		// the signature input includes the certificate, so we do not need to
+		// explicitly check for a public key match. In TLS 1.2, it does not.
+		ecdsaP256Certificate2 := generateSingleCertChain(nil, &channelIDKey)
+		testCases = append(testCases, testCase{
+			name:               protocol.String() + "-HintMismatch-Certificate-TLS13",
+			testType:           serverTest,
+			protocol:           protocol,
+			skipSplitHandshake: true,
+			config: Config{
+				MinVersion: VersionTLS13,
+				MaxVersion: VersionTLS13,
+			},
+			shimCertificate:       &ecdsaP256Certificate,
+			handshakerCertificate: &ecdsaP256Certificate2,
+			flags:                 []string{"-allow-hint-mismatch"},
+			expectations: connectionExpectations{
+				peerCertificate: &ecdsaP256Certificate,
+			},
+		})
+		if protocol != quic {
+			testCases = append(testCases, testCase{
+				name:               protocol.String() + "-HintMismatch-Certificate-TLS12",
+				testType:           serverTest,
+				protocol:           protocol,
+				skipSplitHandshake: true,
+				config: Config{
+					MinVersion: VersionTLS12,
+					MaxVersion: VersionTLS12,
+				},
+				shimCertificate:       &ecdsaP256Certificate,
+				handshakerCertificate: &ecdsaP256Certificate2,
+				flags:                 []string{"-allow-hint-mismatch"},
+				expectations: connectionExpectations{
+					peerCertificate: &ecdsaP256Certificate,
+				},
+			})
+		}
+
 		// The shim and handshaker may disagree on whether resumption is allowed.
 		// We run the first connection with tickets enabled, so the client is
 		// issued a ticket, then disable tickets on the second connection.