Fill in the curve ID for TLS 1.3.

Apparently we forgot to do this. Change-Id: I348cf6d716ae888fddce69ba4801bf09446f5a72 Reviewed-on: https://boringssl-review.googlesource.com/10503 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-08-19 17:44:53 -04:00 · 2016-08-19 17:44:53 -04:00 · 5c4e8571cc
commit 5c4e8571cc
parent 29e5cf7209
2 changed files with 25 additions and 31 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -2145,8 +2145,8 @@ int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret,
                                        size_t *out_secret_len,
                                        uint8_t *out_alert, CBS *contents) {
  CBS peer_key;
-  uint16_t group;
-  if (!CBS_get_u16(contents, &group) ||
+  uint16_t group_id;
+  if (!CBS_get_u16(contents, &group_id) ||
      !CBS_get_u16_length_prefixed(contents, &peer_key) ||
      CBS_len(contents) != 0) {
    *out_alert = SSL_AD_DECODE_ERROR;
@ -2155,7 +2155,7 @@ int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret,

  SSL_ECDH_CTX *group_ctx = NULL;
  for (size_t i = 0; i < ssl->s3->hs->groups_len; i++) {
-    if (SSL_ECDH_CTX_get_id(&ssl->s3->hs->groups[i]) == group) {
+    if (SSL_ECDH_CTX_get_id(&ssl->s3->hs->groups[i]) == group_id) {
      group_ctx = &ssl->s3->hs->groups[i];
      break;
    }
@ -2173,6 +2173,7 @@ int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret,
    return 0;
  }

+  ssl->s3->new_session->key_exchange_info = group_id;
  ssl_handshake_clear_groups(ssl->s3->hs);
  return 1;
 }
@ -2242,6 +2243,7 @@ int ssl_ext_key_share_add_serverhello(SSL *ssl, CBB *out) {
    return 0;
  }

+  ssl->s3->new_session->key_exchange_info = group_id;
  return 1;
 }

--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -6796,7 +6796,10 @@ func addCurveTests() {
 				CipherSuites:     []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
 				CurvePreferences: []CurveID{curve.id},
 			},
-			flags:           []string{"-enable-all-curves"},
+			flags: []string{
+				"-enable-all-curves",
+				"-expect-curve-id", strconv.Itoa(int(curve.id)),
+			},
 			expectedCurveID: curve.id,
 		})
 		testCases = append(testCases, testCase{
@ -6806,7 +6809,10 @@ func addCurveTests() {
 				CipherSuites:     []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
 				CurvePreferences: []CurveID{curve.id},
 			},
-			flags:           []string{"-enable-all-curves"},
+			flags: []string{
+				"-enable-all-curves",
+				"-expect-curve-id", strconv.Itoa(int(curve.id)),
+			},
 			expectedCurveID: curve.id,
 		})
 		testCases = append(testCases, testCase{
@ -6817,7 +6823,10 @@ func addCurveTests() {
 				CipherSuites:     []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
 				CurvePreferences: []CurveID{curve.id},
 			},
-			flags:           []string{"-enable-all-curves"},
+			flags: []string{
+				"-enable-all-curves",
+				"-expect-curve-id", strconv.Itoa(int(curve.id)),
+			},
 			expectedCurveID: curve.id,
 		})
 		testCases = append(testCases, testCase{
@ -6828,7 +6837,10 @@ func addCurveTests() {
 				CipherSuites:     []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
 				CurvePreferences: []CurveID{curve.id},
 			},
-			flags:           []string{"-enable-all-curves"},
+			flags: []string{
+				"-enable-all-curves",
+				"-expect-curve-id", strconv.Itoa(int(curve.id)),
+			},
 			expectedCurveID: curve.id,
 		})
 	}
@ -7066,9 +7078,9 @@ func addCECPQ1Tests() {
 	})
 }

-func addKeyExchangeInfoTests() {
+func addDHEGroupSizeTests() {
 	testCases = append(testCases, testCase{
-		name: "KeyExchangeInfo-DHE-Client",
+		name: "DHEGroupSize-Client",
 		config: Config{
 			MaxVersion:   VersionTLS12,
 			CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
@ -7083,7 +7095,7 @@ func addKeyExchangeInfoTests() {
 	})
 	testCases = append(testCases, testCase{
 		testType: serverTest,
-		name:     "KeyExchangeInfo-DHE-Server",
+		name:     "DHEGroupSize-Server",
 		config: Config{
 			MaxVersion:   VersionTLS12,
 			CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
@ -7091,26 +7103,6 @@ func addKeyExchangeInfoTests() {
 		// bssl_shim as a server configures a 2048-bit DHE group.
 		flags: []string{"-expect-dhe-group-size", "2048"},
 	})
-
-	testCases = append(testCases, testCase{
-		name: "KeyExchangeInfo-ECDHE-Client",
-		config: Config{
-			MaxVersion:       VersionTLS12,
-			CipherSuites:     []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
-			CurvePreferences: []CurveID{CurveX25519},
-		},
-		flags: []string{"-expect-curve-id", "29", "-enable-all-curves"},
-	})
-	testCases = append(testCases, testCase{
-		testType: serverTest,
-		name:     "KeyExchangeInfo-ECDHE-Server",
-		config: Config{
-			MaxVersion:       VersionTLS12,
-			CipherSuites:     []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
-			CurvePreferences: []CurveID{CurveX25519},
-		},
-		flags: []string{"-expect-curve-id", "29", "-enable-all-curves"},
-	})
 }

 func addTLS13RecordTests() {
@ -8200,7 +8192,7 @@ func main() {
 	addRSAClientKeyExchangeTests()
 	addCurveTests()
 	addCECPQ1Tests()
-	addKeyExchangeInfoTests()
+	addDHEGroupSizeTests()
 	addTLS13RecordTests()
 	addAllStateMachineCoverageTests()
 	addChangeCipherSpecTests()