Fix renegotiation with TLS 1.3 draft 22.

Change-Id: I87edf7e1fee07da4bc93cc7ab524b79991a4206e Reviewed-on: https://boringssl-review.googlesource.com/23724 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-12-01 12:24:01 -05:00 · 2017-12-01 12:24:01 -05:00 · 9986f6b045
commit 9986f6b045
parent 48eaa28a12
2 changed files with 25 additions and 1 deletions
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@ -298,7 +298,12 @@ int ssl_write_client_hello(SSL_HANDSHAKE *hs) {
  CBB child;
  if (!CBB_add_u16(&body, hs->client_version) ||
      !CBB_add_bytes(&body, ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
-      !CBB_add_u8_length_prefixed(&body, &child) ||
+      !CBB_add_u8_length_prefixed(&body, &child)) {
+    return 0;
+  }
+
+  // Do not send a session ID on renegotiation.
+  if (!ssl->s3->initial_handshake_complete &&
      !CBB_add_bytes(&child, hs->session_id, hs->session_id_len)) {
    return 0;
  }
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -7295,6 +7295,25 @@ func addRenegotiationTests() {
 			"-expect-secure-renegotiation",
 		},
 	})
+	testCases = append(testCases, testCase{
+		name: "Renegotiate-Client-TLS13Draft22",
+		config: Config{
+			MaxVersion: VersionTLS12,
+			Bugs: ProtocolBugs{
+				FailIfResumeOnRenego: true,
+			},
+		},
+		tls13Variant: TLS13Draft22,
+		renegotiate:  1,
+		// Test renegotiation after both an initial and resumption
+		// handshake.
+		resumeSession: true,
+		flags: []string{
+			"-renegotiate-freely",
+			"-expect-total-renegotiations", "1",
+			"-expect-secure-renegotiation",
+		},
+	})
 	testCases = append(testCases, testCase{
 		name:        "Renegotiate-Client-EmptyExt",
 		renegotiate: 1,