Fix SSL_version on 0-RTT.

Like other handshake properties, when in 0-RTT on the client, SSL_version should report the predicted version. This used to work on accident because of how ssl->version got set in handshake_client.c early (and that TLS 1.4 does not exist), but we no longer do that. Change-Id: Ifb63a22b795fe8964ac553844a46040acd5d7323 Reviewed-on: https://boringssl-review.googlesource.com/17664 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7年前 · d9cbb53562
--- a/ssl/ssl_versions.c
+++ b/ssl/ssl_versions.c
@@ -224,13 +224,21 @@ int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version,
  return 1;
 }

 static uint16_t ssl_version(const SSL *ssl) {
  /* In early data, we report the predicted version. */
  if (SSL_in_early_data(ssl) && !ssl->server) {
    return ssl->s3->hs->early_session->ssl_version;
  }
  return ssl->version;
 }

 int SSL_version(const SSL *ssl) {
  uint16_t ret = ssl_version(ssl);
  /* Report TLS 1.3 draft version as TLS 1.3 in the public API. */
  if (ssl->version == TLS1_3_DRAFT_VERSION) {
  if (ret == TLS1_3_DRAFT_VERSION) {
    return TLS1_3_VERSION;
  }

  return ssl->version;
  return ret;
 }

 static const char *ssl_get_version(int version) {
@@ -263,7 +271,7 @@ static const char *ssl_get_version(int version) {
 }

 const char *SSL_get_version(const SSL *ssl) {
  return ssl_get_version(ssl->version);
  return ssl_get_version(ssl_version(ssl));
 }

 const char *SSL_SESSION_get_version(const SSL_SESSION *session) {
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -1372,6 +1372,13 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume,
    return false;
  }

  if (config->expect_version != 0 &&
      SSL_version(ssl) != config->expect_version) {
    fprintf(stderr, "want version %04x, got %04x\n", config->expect_version,
            SSL_version(ssl));
    return false;
  }

  bool expect_resume =
      is_resume && (!config->expect_session_miss || SSL_in_early_data(ssl));
  if (!!SSL_session_reused(ssl) != expect_resume) {
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -11155,6 +11155,24 @@ func addTLS13HandshakeTests() {
 			"-enable-early-data",
 		},
 	})

 	// Test that the client reports TLS 1.3 as the version while sending
 	// early data.
 	testCases = append(testCases, testCase{
 		testType: clientTest,
 		name:     "TLS13-EarlyData-Client-VersionAPI",
 		config: Config{
 			MaxVersion:       VersionTLS13,
 			MaxEarlyDataSize: 16384,
 		},
 		resumeSession: true,
 		flags: []string{
 			"-enable-early-data",
 			"-expect-early-data-info",
 			"-expect-accept-early-data",
 			"-expect-version", strconv.Itoa(VersionTLS13),
 		},
 	})
 }

 func addTLS13CipherPreferenceTests() {
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -174,6 +174,7 @@ const Flag<int> kIntFlags[] = {
  { "-resume-count", &TestConfig::resume_count },
  { "-min-version", &TestConfig::min_version },
  { "-max-version", &TestConfig::max_version },
  { "-expect-version", &TestConfig::expect_version },
  { "-mtu", &TestConfig::mtu },
  { "-export-keying-material", &TestConfig::export_keying_material },
  { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations },
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -69,6 +69,7 @@ struct TestConfig {
  std::string expected_signed_cert_timestamps;
  int min_version = 0;
  int max_version = 0;
  int expect_version = 0;
  int mtu = 0;
  bool implicit_handshake = false;
  bool use_early_callback = false;