Google Git
Sign in
boringssl / boringssl / e6f30e4ce133ff9e33c8d670a12ffb0ef051ddfc^! / .
commite6f30e4ce133ff9e33c8d670a12ffb0ef051ddfc[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue Nov 14 11:10:49 2017 +0800
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Tue Nov 14 05:40:38 2017 +0000
tree8632cadce010030455ac0e3d6b3275c6f2d5a096
parent13761f2833c4eac2f9f5709d5120f80792ffb0c5 [diff]
Add tests for post-handshake CCS in draft "22".

The current PR says the sender only skips it during the handshake. Add a
test that we got this right.

Change-Id: Ib27eb942f11d955b8a24e32321efe474037f5254
Reviewed-on: https://boringssl-review.googlesource.com/23024
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 4564b0f..0216401 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -632,6 +632,10 @@
 	// ChangeCipherSpec messages.
 	SendExtraChangeCipherSpec int
 
+	// SendPostHandshakeChangeCipherSpec causes the implementation to send
+	// a ChangeCipherSpec record before every application data record.
+	SendPostHandshakeChangeCipherSpec bool
+
 	// SendUnencryptedFinished, if true, causes the Finished message to be
 	// send unencrypted before ChangeCipherSpec rather than after it.
 	SendUnencryptedFinished bool

diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 5359462..c633b50 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go

@@ -1089,6 +1089,12 @@
 		return 0, err
 	}
 
+	if typ == recordTypeApplicationData && c.config.Bugs.SendPostHandshakeChangeCipherSpec {
+		if _, err := c.doWriteRecord(recordTypeChangeCipherSpec, []byte{1}); err != nil {
+			return 0, err
+		}
+	}
+
 	return c.doWriteRecord(typ, data)
 }
 

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 0cd1e81..f098e87 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -11880,6 +11880,20 @@
 		expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
 	})
 
+	testCases = append(testCases, testCase{
+		name: "TLS13Draft22-SendPostHandshakeChangeCipherSpec",
+		config: Config{
+			MaxVersion: VersionTLS13,
+			Bugs: ProtocolBugs{
+				SendPostHandshakeChangeCipherSpec: true,
+			},
+		},
+		tls13Variant:       TLS13Draft22,
+		shouldFail:         true,
+		expectedError:      ":UNEXPECTED_RECORD:",
+		expectedLocalError: "remote error: unexpected message",
+	})
+
 	fooString := "foo"
 	barString := "bar"