[openssl-commits] [openssl] tls1.3-draft-18 update
Matt Caswell
matt at openssl.org
Tue Mar 21 10:12:30 UTC 2017
The branch tls1.3-draft-18 has been updated
via 05a2feb6841c786b24a104943b2765ef8bc7a61f (commit)
via 2c7e64564cf7ab00c099d4f398ae9e53698b68f6 (commit)
from 7baabf45c424c135ecfafc6b3bb7ea1d225fbfda (commit)
- Log -----------------------------------------------------------------
commit 05a2feb6841c786b24a104943b2765ef8bc7a61f
Author: Matt Caswell <matt at openssl.org>
Date: Mon Mar 20 18:21:54 2017 +0000
Add a test for resumption after HRR
Make sure we actually test resumption where an HRR has occurred.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2996)
(cherry picked from commit 1763ab10291eec361d8e56519582d710158e1e8e)
commit 2c7e64564cf7ab00c099d4f398ae9e53698b68f6
Author: Matt Caswell <matt at openssl.org>
Date: Mon Mar 20 18:03:34 2017 +0000
Fix resumption after HRR
Commit 6b1bb98fa moved the processing of ClientHello extensions into the
state machine post-processing stage. After processing s->init_num is reset
to 0, so by post-processing we cannot rely on its value. Unfortunately we
were using it to handle the PSK extension. This causes the handshake to
fail.
We were using init_num to figure out the length of ClientHello2 so we can
remove it from the handshake_buffer. The handshake_buffer holds the
transcript of all the messages sent so far. For PSK processing though we
only want to add in a partial ClientHello2. This commit changes things so
we just work out where ClientHello2 starts, working forward from the
beginning of handshake_buffer.
Fixes #2983
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2996)
(cherry picked from commit 77815a026cbedbb7b9a89558612f69e6294fe1ea)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions.c | 11 +++++++++--
test/ssl-tests/protocol_version.pm | 21 ++++++++++++++++++++-
2 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 0ab1f04..8550dfe 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1191,11 +1191,18 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
* ClientHello - which we don't want - so we need to take that bit off.
*/
if (s->server) {
- if (hdatalen < s->init_num + SSL3_HM_HEADER_LENGTH) {
+ PACKET hashprefix, msg;
+
+ /* Find how many bytes are left after the first two messages */
+ if (!PACKET_buf_init(&hashprefix, hdata, hdatalen)
+ || !PACKET_forward(&hashprefix, 1)
+ || !PACKET_get_length_prefixed_3(&hashprefix, &msg)
+ || !PACKET_forward(&hashprefix, 1)
+ || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {
SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
goto err;
}
- hdatalen -= s->init_num + SSL3_HM_HEADER_LENGTH;
+ hdatalen -= PACKET_remaining(&hashprefix);
}
if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) {
diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
index cc39c75..7c28bcf 100644
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@@ -17,7 +17,7 @@ use warnings;
use List::Util qw/max min/;
use OpenSSL::Test;
-use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
+use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/;
setup("no_test_here");
my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
@@ -203,6 +203,25 @@ sub generate_resumption_tests {
}
}
+ if (!disabled("tls1_3") && !$dtls) {
+ push @client_tests, {
+ "name" => "resumption-with-hrr",
+ "client" => {
+ },
+ "server" => {
+ "Curves" => "P-256"
+ },
+ "resume_client" => {
+ },
+ "test" => {
+ "ExpectedProtocol" => "TLSv1.3",
+ "Method" => "TLS",
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ }
+ };
+ }
+
return (@server_tests, @client_tests);
}
More information about the openssl-commits
mailing list