[openssl-dev] Contributing to TLS 1.3 - Where to start?
Matt Caswell
matt at openssl.org
Tue Apr 4 17:09:53 UTC 2017
On 04/04/17 15:34, Thiago Arrais wrote:
> Hmmm... The Getting Started page talks about writing test cases.
>
> It seems like a good start. Is there any area that needs special attention?
Actually I have a suggestion for a fairly small self-contained piece of
work suitable for a starting project.
The spec has this requirement:
As of TLS 1.3, servers are permitted to send the "supported_groups"
extension to the client. If the server has a group it prefers to the
ones in the "key_share" extension but is still willing to accept the
ClientHello, it SHOULD send "supported_groups" to update the client's
view of its preferences; this extension SHOULD contain all groups the
server supports, regardless of whether they are currently supported
by the client. Clients MUST NOT act upon any information found in
"supported_groups" prior to successful completion of the handshake,
but MAY use the information learned from a successfully completed
handshake to change what groups they use in their "key_share"
extension in subsequent connections.
At the moment we only ever send supported_groups client -> server. Never
server -> client. I wouldn't worry about the client acting on this
information at this stage. Just start with the server sending it if the
selected key_share is not for the most preferred group.
Hint: you will need to look at ssl/statem/extensions.c and you will also
need to add code to ssl/statem/extensions_srvr.c.
I strongly suggest you spend some time looking at some other github pull
requests to get a feel for how our submission and review process works,
and the kind of review comments that come up. You should also
familiarise yourself with our coding style:
https://www.openssl.org/policies/codingstyle.html
All submissions should include tests. Adding something to
test/recipes/70-test_tls13messages.t would probably be sufficient, i.e.
a test to demonstrate that sending a preferred key_share results in no
supported_groups extension in the EncryptedExtensions message, and then
a test to demonstrate that sending an acceptable but non-preferred
key_share results in the supported_groups extension being sent.
If you are not already familiar with the TLSv1.3 spec then you will need
to be. Make sure you read it through and gain a good understanding of it
before you start.
Matt
More information about the openssl-dev
mailing list