From 5c4e8571ccc63e559a7c2067ddea31280914f1c8 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 19 Aug 2016 17:44:53 -0400 Subject: [PATCH] Fill in the curve ID for TLS 1.3. Apparently we forgot to do this. Change-Id: I348cf6d716ae888fddce69ba4801bf09446f5a72 Reviewed-on: https://boringssl-review.googlesource.com/10503 Reviewed-by: Steven Valdez Reviewed-by: David Benjamin Commit-Queue: David Benjamin CQ-Verified: CQ bot account: commit-bot@chromium.org --- ssl/t1_lib.c | 8 ++++--- ssl/test/runner/runner.go | 48 ++++++++++++++++----------------------- 2 files changed, 25 insertions(+), 31 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 496c9c44..b3c94d24 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2145,8 +2145,8 @@ int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret, size_t *out_secret_len, uint8_t *out_alert, CBS *contents) { CBS peer_key; - uint16_t group; - if (!CBS_get_u16(contents, &group) || + uint16_t group_id; + if (!CBS_get_u16(contents, &group_id) || !CBS_get_u16_length_prefixed(contents, &peer_key) || CBS_len(contents) != 0) { *out_alert = SSL_AD_DECODE_ERROR; @@ -2155,7 +2155,7 @@ int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret, SSL_ECDH_CTX *group_ctx = NULL; for (size_t i = 0; i < ssl->s3->hs->groups_len; i++) { - if (SSL_ECDH_CTX_get_id(&ssl->s3->hs->groups[i]) == group) { + if (SSL_ECDH_CTX_get_id(&ssl->s3->hs->groups[i]) == group_id) { group_ctx = &ssl->s3->hs->groups[i]; break; } @@ -2173,6 +2173,7 @@ int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret, return 0; } + ssl->s3->new_session->key_exchange_info = group_id; ssl_handshake_clear_groups(ssl->s3->hs); return 1; } @@ -2242,6 +2243,7 @@ int ssl_ext_key_share_add_serverhello(SSL *ssl, CBB *out) { return 0; } + ssl->s3->new_session->key_exchange_info = group_id; return 1; } diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index ad3a5920..c33ca6a3 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -6796,7 +6796,10 @@ func addCurveTests() { CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, CurvePreferences: []CurveID{curve.id}, }, - flags: []string{"-enable-all-curves"}, + flags: []string{ + "-enable-all-curves", + "-expect-curve-id", strconv.Itoa(int(curve.id)), + }, expectedCurveID: curve.id, }) testCases = append(testCases, testCase{ @@ -6806,7 +6809,10 @@ func addCurveTests() { CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, CurvePreferences: []CurveID{curve.id}, }, - flags: []string{"-enable-all-curves"}, + flags: []string{ + "-enable-all-curves", + "-expect-curve-id", strconv.Itoa(int(curve.id)), + }, expectedCurveID: curve.id, }) testCases = append(testCases, testCase{ @@ -6817,7 +6823,10 @@ func addCurveTests() { CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, CurvePreferences: []CurveID{curve.id}, }, - flags: []string{"-enable-all-curves"}, + flags: []string{ + "-enable-all-curves", + "-expect-curve-id", strconv.Itoa(int(curve.id)), + }, expectedCurveID: curve.id, }) testCases = append(testCases, testCase{ @@ -6828,7 +6837,10 @@ func addCurveTests() { CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, CurvePreferences: []CurveID{curve.id}, }, - flags: []string{"-enable-all-curves"}, + flags: []string{ + "-enable-all-curves", + "-expect-curve-id", strconv.Itoa(int(curve.id)), + }, expectedCurveID: curve.id, }) } @@ -7066,9 +7078,9 @@ func addCECPQ1Tests() { }) } -func addKeyExchangeInfoTests() { +func addDHEGroupSizeTests() { testCases = append(testCases, testCase{ - name: "KeyExchangeInfo-DHE-Client", + name: "DHEGroupSize-Client", config: Config{ MaxVersion: VersionTLS12, CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256}, @@ -7083,7 +7095,7 @@ func addKeyExchangeInfoTests() { }) testCases = append(testCases, testCase{ testType: serverTest, - name: "KeyExchangeInfo-DHE-Server", + name: "DHEGroupSize-Server", config: Config{ MaxVersion: VersionTLS12, CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256}, @@ -7091,26 +7103,6 @@ func addKeyExchangeInfoTests() { // bssl_shim as a server configures a 2048-bit DHE group. flags: []string{"-expect-dhe-group-size", "2048"}, }) - - testCases = append(testCases, testCase{ - name: "KeyExchangeInfo-ECDHE-Client", - config: Config{ - MaxVersion: VersionTLS12, - CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, - CurvePreferences: []CurveID{CurveX25519}, - }, - flags: []string{"-expect-curve-id", "29", "-enable-all-curves"}, - }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "KeyExchangeInfo-ECDHE-Server", - config: Config{ - MaxVersion: VersionTLS12, - CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, - CurvePreferences: []CurveID{CurveX25519}, - }, - flags: []string{"-expect-curve-id", "29", "-enable-all-curves"}, - }) } func addTLS13RecordTests() { @@ -8200,7 +8192,7 @@ func main() { addRSAClientKeyExchangeTests() addCurveTests() addCECPQ1Tests() - addKeyExchangeInfoTests() + addDHEGroupSizeTests() addTLS13RecordTests() addAllStateMachineCoverageTests() addChangeCipherSpecTests()