Add tests for full handshakes under renegotiation.

In verifying the fix for CVE-2015-0291, I noticed we don't actually have any
test coverage for full handshakes on renegotiation. All our tests always do
resumptions.

Change-Id: Ia9b701e8a50ba9353fefb8cc4fb86e78065d0b40
Reviewed-on: https://boringssl-review.googlesource.com/4050
Reviewed-by: Adam Langley <agl@google.com>

ssl/test/runner/common.go

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index b8cc44a..a33ad19 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -663,6 +663,10 @@
 	// SendEmptyFragments, if true, causes handshakes to include empty
 	// fragments in DTLS.
 	SendEmptyFragments bool
+
+	// NeverResumeOnRenego, if true, causes renegotiations to always be full
+	// handshakes.
+	NeverResumeOnRenego bool
 }
 
 func (c *Config) serverInit() {

ssl/test/runner/handshake_client.go

diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index a4fab0c..4ed9025 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -137,6 +137,9 @@
 	var session *ClientSessionState
 	var cacheKey string
 	sessionCache := c.config.ClientSessionCache
+	if c.config.Bugs.NeverResumeOnRenego && c.cipherSuite != 0 {
+		sessionCache = nil
+	}
 
 	if sessionCache != nil {
 		hello.ticketSupported = !c.config.SessionTicketsDisabled

ssl/test/runner/handshake_server.go

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 9085faf..3caf81b 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -367,6 +367,10 @@
 func (hs *serverHandshakeState) checkForResumption() bool {
 	c := hs.c
 
+	if c.config.Bugs.NeverResumeOnRenego && c.cipherSuite != 0 {
+		return false
+	}
+
 	if len(hs.clientHello.sessionTicket) > 0 {
 		if c.config.SessionTicketsDisabled {
 			return false

ssl/test/runner/runner.go

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3f26786..3ea0332 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2619,6 +2619,17 @@
 	})
 	testCases = append(testCases, testCase{
 		testType: serverTest,
+		name:     "Renegotiate-Server-Full",
+		config: Config{
+			Bugs: ProtocolBugs{
+				NeverResumeOnRenego: true,
+			},
+		},
+		flags:           []string{"-renegotiate"},
+		shimWritesFirst: true,
+	})
+	testCases = append(testCases, testCase{
+		testType: serverTest,
 		name:     "Renegotiate-Server-EmptyExt",
 		config: Config{
 			Bugs: ProtocolBugs{
@@ -2677,6 +2688,15 @@
 		renegotiate: true,
 	})
 	testCases = append(testCases, testCase{
+		name: "Renegotiate-Client-Full",
+		config: Config{
+			Bugs: ProtocolBugs{
+				NeverResumeOnRenego: true,
+			},
+		},
+		renegotiate: true,
+	})
+	testCases = append(testCases, testCase{
 		name:        "Renegotiate-Client-EmptyExt",
 		renegotiate: true,
 		config: Config{