From 47383aadffdd80b5a8d4e4fa4b172a1a25dbd376 Mon Sep 17 00:00:00 2001 From: Nick Harper Date: Wed, 30 Nov 2016 12:50:43 -0800 Subject: [PATCH] Skip over early data in bogo. Change-Id: Idc93fdca2f1c5c23e4ba48c4efed2edbad1e857b Reviewed-on: https://boringssl-review.googlesource.com/12521 Reviewed-by: David Benjamin Commit-Queue: David Benjamin CQ-Verified: CQ bot account: commit-bot@chromium.org --- ssl/test/runner/conn.go | 16 ++++++++++++++++ ssl/test/runner/handshake_server.go | 6 ++++++ 2 files changed, 22 insertions(+) diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go index 3cbd496a..9a65f77d 100644 --- a/ssl/test/runner/conn.go +++ b/ssl/test/runner/conn.go @@ -38,6 +38,7 @@ type Conn struct { haveVers bool // version has been negotiated config *Config // configuration passed to constructor handshakeComplete bool + skipEarlyData bool didResume bool // whether this connection was a session resumption extendedMasterSecret bool // whether this session used an extended master secret cipherSuite *cipherSuite @@ -726,6 +727,7 @@ func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) { } func (c *Conn) doReadRecord(want recordType) (recordType, *block, error) { +RestartReadRecord: if c.isDTLS { return c.dtlsDoReadRecord(want) } @@ -829,10 +831,24 @@ func (c *Conn) doReadRecord(want recordType) (recordType, *block, error) { // Process message. b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n) ok, off, encTyp, alertValue := c.in.decrypt(b) + + // Handle skipping over early data. + if !ok && c.skipEarlyData { + goto RestartReadRecord + } + + // If the server is expecting a second ClientHello (in response to + // a HelloRetryRequest) and the client sends early data, there + // won't be a decryption failure but it still needs to be skipped. + if c.in.cipher == nil && typ == recordTypeApplicationData && c.skipEarlyData { + goto RestartReadRecord + } + if !ok { return 0, nil, c.in.setErrorLocked(c.sendAlert(alertValue)) } b.off = off + c.skipEarlyData = false if c.vers >= VersionTLS13 && c.in.cipher != nil { if typ != recordTypeApplicationData { diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go index 1116d6c1..7dad05fe 100644 --- a/ssl/test/runner/handshake_server.go +++ b/ssl/test/runner/handshake_server.go @@ -509,6 +509,12 @@ Curves: } } + // Decide whether or not to accept early data. + if hs.clientHello.hasEarlyData { + // For now, we'll reject and skip early data. + c.skipEarlyData = true + } + // Resolve PSK and compute the early secret. if hs.sessionState != nil { hs.finishedHash.addEntropy(hs.sessionState.masterSecret)