[openssl-commits] [openssl] tls1.3-draft-18 update

Matt Caswell matt at openssl.org
Tue Mar 21 10:12:30 UTC 2017


The branch tls1.3-draft-18 has been updated
       via  05a2feb6841c786b24a104943b2765ef8bc7a61f (commit)
       via  2c7e64564cf7ab00c099d4f398ae9e53698b68f6 (commit)
      from  7baabf45c424c135ecfafc6b3bb7ea1d225fbfda (commit)


- Log -----------------------------------------------------------------
commit 05a2feb6841c786b24a104943b2765ef8bc7a61f
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Mar 20 18:21:54 2017 +0000

    Add a test for resumption after HRR
    
    Make sure we actually test resumption where an HRR has occurred.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2996)
    (cherry picked from commit 1763ab10291eec361d8e56519582d710158e1e8e)

commit 2c7e64564cf7ab00c099d4f398ae9e53698b68f6
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Mar 20 18:03:34 2017 +0000

    Fix resumption after HRR
    
    Commit 6b1bb98fa moved the processing of ClientHello extensions into the
    state machine post-processing stage. After processing s->init_num is reset
    to 0, so by post-processing we cannot rely on its value. Unfortunately we
    were using it to handle the PSK extension. This causes the handshake to
    fail.
    
    We were using init_num to figure out the length of ClientHello2 so we can
    remove it from the handshake_buffer. The handshake_buffer holds the
    transcript of all the messages sent so far. For PSK processing though we
    only want to add in a partial ClientHello2. This commit changes things so
    we just work out where ClientHello2 starts, working forward from the
    beginning of handshake_buffer.
    
    Fixes #2983
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2996)
    (cherry picked from commit 77815a026cbedbb7b9a89558612f69e6294fe1ea)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/extensions.c            | 11 +++++++++--
 test/ssl-tests/protocol_version.pm | 21 ++++++++++++++++++++-
 2 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 0ab1f04..8550dfe 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1191,11 +1191,18 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
          * ClientHello - which we don't want - so we need to take that bit off.
          */
         if (s->server) {
-            if (hdatalen < s->init_num + SSL3_HM_HEADER_LENGTH) {
+            PACKET hashprefix, msg;
+
+            /* Find how many bytes are left after the first two messages */
+            if (!PACKET_buf_init(&hashprefix, hdata, hdatalen)
+                    || !PACKET_forward(&hashprefix, 1)
+                    || !PACKET_get_length_prefixed_3(&hashprefix, &msg)
+                    || !PACKET_forward(&hashprefix, 1)
+                    || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {
                 SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
                 goto err;
             }
-            hdatalen -= s->init_num + SSL3_HM_HEADER_LENGTH;
+            hdatalen -= PACKET_remaining(&hashprefix);
         }
 
         if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) {
diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
index cc39c75..7c28bcf 100644
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@@ -17,7 +17,7 @@ use warnings;
 use List::Util qw/max min/;
 
 use OpenSSL::Test;
-use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
+use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/;
 setup("no_test_here");
 
 my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
@@ -203,6 +203,25 @@ sub generate_resumption_tests {
         }
     }
 
+    if (!disabled("tls1_3") && !$dtls) {
+        push @client_tests, {
+            "name" => "resumption-with-hrr",
+            "client" => {
+            },
+            "server" => {
+                "Curves" => "P-256"
+            },
+            "resume_client" => {
+            },
+            "test" => {
+                "ExpectedProtocol" => "TLSv1.3",
+                "Method" => "TLS",
+                "HandshakeMode" => "Resume",
+                "ResumptionExpected" => "Yes",
+            }
+        };
+    }
+
     return (@server_tests, @client_tests);
 }
 


More information about the openssl-commits mailing list