diff options
| author | Matt Caswell <matt@openssl.org> | 2017-11-03 16:38:48 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-12-14 15:06:37 +0000 |
| commit | 88050dd1960bfaba7ede12a3ce1afe40f5deb124 (patch) | |
| tree | 4f3f8bcce1f05fe4bf2b55068ad2112c7ce88fac /test | |
| parent | 86b165e39fa94d4eceb9bb1611350b949fea7cc9 (diff) | |
Update ServerHello to new draft-22 format
The new ServerHello format is essentially now the same as the old TLSv1.2
one, but it must additionally include supported_versions. The version
field is fixed at TLSv1.2, and the version negotiation happens solely via
supported_versions.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
Diffstat (limited to 'test')
| -rw-r--r-- | test/asynciotest.c | 42 | ||||
| -rw-r--r-- | test/recipes/70-test_tls13kexmodes.t | 2 | ||||
| -rw-r--r-- | test/recipes/70-test_tls13messages.t | 2 |
3 files changed, 41 insertions, 5 deletions
diff --git a/test/asynciotest.c b/test/asynciotest.c index fdb9770251..179fe2620d 100644 --- a/test/asynciotest.c +++ b/test/asynciotest.c @@ -146,7 +146,7 @@ static int async_write(BIO *bio, const char *in, int inl) return -1; while (PACKET_remaining(&pkt) > 0) { - PACKET payload, wholebody; + PACKET payload, wholebody, sessionid, extensions; unsigned int contenttype, versionhi, versionlo, data; unsigned int msgtype = 0, negversion = 0; @@ -164,11 +164,43 @@ static int async_write(BIO *bio, const char *in, int inl) && !PACKET_get_1(&wholebody, &msgtype)) return -1; - if (msgtype == SSL3_MT_SERVER_HELLO - && (!PACKET_forward(&wholebody, + if (msgtype == SSL3_MT_SERVER_HELLO) { + if (!PACKET_forward(&wholebody, SSL3_HM_HEADER_LENGTH - 1) - || !PACKET_get_net_2(&wholebody, &negversion))) - return -1; + || !PACKET_get_net_2(&wholebody, &negversion) + /* Skip random (32 bytes) */ + || !PACKET_forward(&wholebody, 32) + /* Skip session id */ + || !PACKET_get_length_prefixed_1(&wholebody, + &sessionid) + /* + * Skip ciphersuite (2 bytes) and compression + * method (1 byte) + */ + || !PACKET_forward(&wholebody, 2 + 1) + || !PACKET_get_length_prefixed_2(&wholebody, + &extensions)) + return -1; + + /* + * Find the negotiated version in supported_versions + * extension, if present. + */ + while (PACKET_remaining(&extensions)) { + unsigned int type; + PACKET extbody; + + if (!PACKET_get_net_2(&extensions, &type) + || !PACKET_get_length_prefixed_2(&extensions, + &extbody)) + return -1; + + if (type == TLSEXT_TYPE_supported_versions + && (!PACKET_get_net_2(&extbody, &negversion) + || PACKET_remaining(&extbody) != 0)) + return -1; + } + } while (PACKET_get_1(&payload, &data)) { /* Create a new one byte long record for each byte in the diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index 97cbf7676b..dcc51aecdd 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -122,6 +122,8 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, checkhandshake::PSK_CLI_EXTENSION], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, checkhandshake::KEY_SHARE_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 5bd2a966c7..9319e8492d 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -122,6 +122,8 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, checkhandshake::PSK_CLI_EXTENSION], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, |