Change-Id: I1b34acbbb5528e7e31595ee0cbce7618890f3955 Reviewed-on: https://boringssl-review.googlesource.com/8669 Reviewed-by: David Benjamin <davidben@google.com>kris/onging/CECPQ3_patch15
@@ -574,12 +574,14 @@ again: | |||||
ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_HANDSHAKE, | ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_HANDSHAKE, | ||||
ssl->init_buf->data, ssl->init_buf->length); | ssl->init_buf->data, ssl->init_buf->length); | ||||
/* Ignore stray HelloRequest messages. Per RFC 5246, section 7.4.1.1, the | |||||
* server may send HelloRequest at any time. */ | |||||
static const uint8_t kHelloRequest[4] = {SSL3_MT_HELLO_REQUEST, 0, 0, 0}; | static const uint8_t kHelloRequest[4] = {SSL3_MT_HELLO_REQUEST, 0, 0, 0}; | ||||
if (!ssl->server && ssl->init_buf->length == sizeof(kHelloRequest) && | |||||
if (!ssl->server && | |||||
(!ssl->s3->have_version || | |||||
ssl3_protocol_version(ssl) < TLS1_3_VERSION) && | |||||
ssl->init_buf->length == sizeof(kHelloRequest) && | |||||
memcmp(kHelloRequest, ssl->init_buf->data, sizeof(kHelloRequest)) == 0) { | memcmp(kHelloRequest, ssl->init_buf->data, sizeof(kHelloRequest)) == 0) { | ||||
/* The server may always send 'Hello Request' messages -- we are doing a | |||||
* handshake anyway now, so ignore them if their format is correct. Does | |||||
* not count for 'Finished' MAC. */ | |||||
goto again; | goto again; | ||||
} | } | ||||
@@ -353,6 +353,10 @@ void ssl3_read_close_notify(SSL *ssl) { | |||||
} | } | ||||
static int ssl3_can_renegotiate(SSL *ssl) { | static int ssl3_can_renegotiate(SSL *ssl) { | ||||
if (ssl->server || ssl3_protocol_version(ssl) >= TLS1_3_VERSION) { | |||||
return 0; | |||||
} | |||||
switch (ssl->renegotiate_mode) { | switch (ssl->renegotiate_mode) { | ||||
case ssl_renegotiate_never: | case ssl_renegotiate_never: | ||||
return 0; | return 0; | ||||
@@ -4542,7 +4542,7 @@ func addRenegotiationTests() { | |||||
}, | }, | ||||
}) | }) | ||||
// Stray HelloRequests during the handshake are ignored. | |||||
// Stray HelloRequests during the handshake are ignored in TLS 1.2. | |||||
testCases = append(testCases, testCase{ | testCases = append(testCases, testCase{ | ||||
name: "StrayHelloRequest", | name: "StrayHelloRequest", | ||||
config: Config{ | config: Config{ | ||||
@@ -4563,7 +4563,32 @@ func addRenegotiationTests() { | |||||
}, | }, | ||||
}) | }) | ||||
// TODO(davidben): Add a test that HelloRequests are illegal in TLS 1.3. | |||||
// Renegotiation is forbidden in TLS 1.3. | |||||
testCases = append(testCases, testCase{ | |||||
name: "Renegotiate-Client-TLS13", | |||||
config: Config{ | |||||
MaxVersion: VersionTLS13, | |||||
}, | |||||
renegotiate: 1, | |||||
flags: []string{ | |||||
"-renegotiate-freely", | |||||
}, | |||||
shouldFail: true, | |||||
expectedError: ":NO_RENEGOTIATION:", | |||||
}) | |||||
// Stray HelloRequests during the handshake are forbidden in TLS 1.3. | |||||
testCases = append(testCases, testCase{ | |||||
name: "StrayHelloRequest-TLS13", | |||||
config: Config{ | |||||
MaxVersion: VersionTLS13, | |||||
Bugs: ProtocolBugs{ | |||||
SendHelloRequestBeforeEveryHandshakeMessage: true, | |||||
}, | |||||
}, | |||||
shouldFail: true, | |||||
expectedError: ":UNEXPECTED_MESSAGE:", | |||||
}) | |||||
} | } | ||||
func addDTLSReplayTests() { | func addDTLSReplayTests() { | ||||