Add tests for post-handshake CCS in draft "22".
The current PR says the sender only skips it during the handshake. Add a
test that we got this right.
Change-Id: Ib27eb942f11d955b8a24e32321efe474037f5254
Reviewed-on: https://boringssl-review.googlesource.com/23024
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 4564b0f..0216401 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -632,6 +632,10 @@
// ChangeCipherSpec messages.
SendExtraChangeCipherSpec int
+ // SendPostHandshakeChangeCipherSpec causes the implementation to send
+ // a ChangeCipherSpec record before every application data record.
+ SendPostHandshakeChangeCipherSpec bool
+
// SendUnencryptedFinished, if true, causes the Finished message to be
// send unencrypted before ChangeCipherSpec rather than after it.
SendUnencryptedFinished bool
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 5359462..c633b50 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -1089,6 +1089,12 @@
return 0, err
}
+ if typ == recordTypeApplicationData && c.config.Bugs.SendPostHandshakeChangeCipherSpec {
+ if _, err := c.doWriteRecord(recordTypeChangeCipherSpec, []byte{1}); err != nil {
+ return 0, err
+ }
+ }
+
return c.doWriteRecord(typ, data)
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 0cd1e81..f098e87 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -11880,6 +11880,20 @@
expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
})
+ testCases = append(testCases, testCase{
+ name: "TLS13Draft22-SendPostHandshakeChangeCipherSpec",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendPostHandshakeChangeCipherSpec: true,
+ },
+ },
+ tls13Variant: TLS13Draft22,
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_RECORD:",
+ expectedLocalError: "remote error: unexpected message",
+ })
+
fooString := "foo"
barString := "bar"