[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed May 17 14:38:37 UTC 2017
The branch master has been updated
via 964f2788908e19b4faf370eb99652367672374e7 (commit)
via 108d45df737f5b0a4842de02c3f8ff1b9b07306f (commit)
from 355a0d10a9a736202d3dbc41ce2218acb46a30ca (commit)
- Log -----------------------------------------------------------------
commit 964f2788908e19b4faf370eb99652367672374e7
Author: Matt Caswell <matt at openssl.org>
Date: Tue May 16 12:05:57 2017 +0100
Add a test for a missing sig algs extension
Check that a missing sig algs extension succeeds if we are resuming.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3478)
commit 108d45df737f5b0a4842de02c3f8ff1b9b07306f
Author: Matt Caswell <matt at openssl.org>
Date: Tue May 16 12:04:00 2017 +0100
Allow a missing sig algs extension if resuming
The current TLSv1.3 spec says:
'If a server is authenticating via a certificate and the client has not
sent a "signature_algorithms" extension, then the server MUST abort the
handshake with a "missing_extension" alert (see Section 8.2).'
If we are resuming then we are not "authenticating via a certificate" but
we were still aborting with the missing_extension alert if sig algs was
missing.
This commit ensures that we only send the alert if we are not resuming.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3478)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions.c | 2 +-
test/recipes/70-test_tls13psk.t | 26 +++++++++++++++++++++++---
2 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index fd76337..68d8cea 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1081,7 +1081,7 @@ static int init_srtp(SSL *s, unsigned int context)
static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al)
{
- if (!sent && SSL_IS_TLS13(s)) {
+ if (!sent && SSL_IS_TLS13(s) && !s->hit) {
*al = TLS13_AD_MISSING_EXTENSION;
SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION);
return 0;
diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t
index 48d1dde..23767f9 100644
--- a/test/recipes/70-test_tls13psk.t
+++ b/test/recipes/70-test_tls13psk.t
@@ -42,15 +42,15 @@ use constant {
ILLEGAL_EXT_SECOND_CH => 1
};
-#Most PSK tests are done in test_ssl_new. This just checks sending a PSK
-#extension when it isn't in the last place in a ClientHello
+#Most PSK tests are done in test_ssl_new. This tests various failure scenarios
+#around PSK
#Test 1: First get a session
(undef, my $session) = tempfile();
$proxy->clientflags("-sess_out ".$session);
$proxy->sessionfile($session);
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 4;
+plan tests => 5;
ok(TLSProxy::Message->success(), "Initial connection");
#Test 2: Attempt a resume with PSK not in last place. Should fail
@@ -94,6 +94,13 @@ $pskseen = $ch2seen
&& defined ${$ch2->extension_data}{TLSProxy::Message::EXT_PSK};
ok($ch2seen && !$pskseen, "PSK hash does not match");
+#Test 5: Attempt a resume without a sig agls extension. Should succeed because
+# sig algs is not needed in a resumption.
+$proxy->clear();
+$proxy->clientflags("-sess_in ".$session);
+$proxy->filter(\&remove_sig_algs_filter);
+$proxy->start();
+ok(TLSProxy::Message->success(), "Remove sig algs");
unlink $session;
@@ -129,3 +136,16 @@ sub modify_psk_filter
}
$message->repack();
}
+
+sub remove_sig_algs_filter
+{
+ my $proxy = shift;
+ my $message;
+
+ # Only look at the first ClientHello
+ return if $proxy->flight != 0;
+
+ $message = ${$proxy->message_list}[0];
+ $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS);
+ $message->repack();
+}
More information about the openssl-commits
mailing list