Add tests for client-initiated renegotiation.
These'll get removed once most of renego support is gone, but this is to prove
removing the warning alert from the previous commit still prevents legacy
renegotiations.
Change-Id: I7d9d95e1d4c5d23d3b6d170938a5499a65f2d5ea
Reviewed-on: https://boringssl-review.googlesource.com/2236
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index ce2a3da..7adf082 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -388,6 +388,9 @@
if (config->tls_d5_bug) {
SSL_set_options(ssl, SSL_OP_TLS_D5_BUG);
}
+ if (config->allow_unsafe_legacy_renegotiation) {
+ SSL_set_options(ssl, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+ }
if (!config->expected_channel_id.empty()) {
SSL_enable_tls_channel_id(ssl);
}
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index c77f765..6130343 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -488,7 +488,7 @@
// the extended master secret option.
RequireExtendedMasterSecret bool
- // NoExtendedMasterSecret causes the client and server to behave is if
+ // NoExtendedMasterSecret causes the client and server to behave as if
// they didn't support an extended master secret.
NoExtendedMasterSecret bool
@@ -500,6 +500,10 @@
// renegotiation handshake to be incorrect.
BadRenegotiationInfo bool
+ // NoRenegotiationInfo causes the client to behave as if it
+ // didn't support the renegotiation info extension.
+ NoRenegotiationInfo bool
+
// SequenceNumberIncrement, if non-zero, causes outgoing sequence
// numbers in DTLS to increment by that value rather by 1. This is to
// stress the replay bitmap window by simulating extreme packet loss and
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index 0c5192f..702797b 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -90,6 +90,10 @@
}
}
+ if c.config.Bugs.NoRenegotiationInfo {
+ hello.secureRenegotiation = nil
+ }
+
possibleCipherSuites := c.config.cipherSuites()
hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites))
@@ -249,7 +253,7 @@
return fmt.Errorf("tls: server selected an unsupported cipher suite")
}
- if len(c.clientVerify) > 0 {
+ if len(c.clientVerify) > 0 && !c.config.Bugs.NoRenegotiationInfo {
var expectedRenegInfo []byte
expectedRenegInfo = append(expectedRenegInfo, c.clientVerify...)
expectedRenegInfo = append(expectedRenegInfo, c.serverVerify...)
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 2c89717..f8649d3 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -1826,6 +1826,34 @@
shouldFail: true,
expectedError: ":RENEGOTIATION_MISMATCH:",
})
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "Renegotiate-Server-ClientInitiated",
+ renegotiate: true,
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "Renegotiate-Server-ClientInitiated-NoExt",
+ renegotiate: true,
+ config: Config{
+ Bugs: ProtocolBugs{
+ NoRenegotiationInfo: true,
+ },
+ },
+ shouldFail: true,
+ expectedError: ":UNSAFE_LEGACY_RENEGOTIATION_DISABLED:",
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "Renegotiate-Server-ClientInitiated-NoExt-Allowed",
+ renegotiate: true,
+ config: Config{
+ Bugs: ProtocolBugs{
+ NoRenegotiationInfo: true,
+ },
+ },
+ flags: []string{"-allow-unsafe-legacy-renegotiation"},
+ })
// TODO(agl): test the renegotiation info SCSV.
testCases = append(testCases, testCase{
name: "Renegotiate-Client",
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index b717bd3..ebd5e4e 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -60,6 +60,8 @@
{ "-expect-extended-master-secret",
&TestConfig::expect_extended_master_secret },
{ "-renegotiate", &TestConfig::renegotiate },
+ { "-allow-unsafe-legacy-renegotiation",
+ &TestConfig::allow_unsafe_legacy_renegotiation },
};
const size_t kNumBoolFlags = sizeof(kBoolFlags) / sizeof(kBoolFlags[0]);
@@ -112,7 +114,8 @@
tls_d5_bug(false),
expect_session_miss(false),
expect_extended_master_secret(false),
- renegotiate(false) {
+ renegotiate(false),
+ allow_unsafe_legacy_renegotiation(false) {
}
bool ParseConfig(int argc, char **argv, TestConfig *out_config) {
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index 2dc4dc1..7de8b3f 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -57,6 +57,7 @@
std::string psk;
std::string psk_identity;
bool renegotiate;
+ bool allow_unsafe_legacy_renegotiation;
};
bool ParseConfig(int argc, char **argv, TestConfig *out_config);