diff options
Diffstat (limited to 'src/ssl/test/runner/handshake_client.go')
-rw-r--r-- | src/ssl/test/runner/handshake_client.go | 52 |
1 files changed, 42 insertions, 10 deletions
diff --git a/src/ssl/test/runner/handshake_client.go b/src/ssl/test/runner/handshake_client.go index bf38c1a7..d73722c5 100644 --- a/src/ssl/test/runner/handshake_client.go +++ b/src/ssl/test/runner/handshake_client.go @@ -330,7 +330,7 @@ NextCipherSuite: } var sendEarlyData bool - if len(hello.pskIdentities) > 0 && session.maxEarlyDataSize > 0 && c.config.Bugs.SendEarlyData != nil { + if len(hello.pskIdentities) > 0 && c.config.Bugs.SendEarlyData != nil { hello.hasEarlyData = true sendEarlyData = true } @@ -392,7 +392,6 @@ NextCipherSuite: finishedHash.Write(helloBytes) earlyTrafficSecret := finishedHash.deriveSecret(earlyTrafficLabel) c.out.useTrafficSecret(session.vers, pskCipherSuite, earlyTrafficSecret, clientWrite) - for _, earlyData := range c.config.Bugs.SendEarlyData { if _, err := c.writeRecord(recordTypeApplicationData, earlyData); err != nil { return err @@ -861,20 +860,41 @@ func (hs *clientHandshakeState) doTLS13Handshake() error { // If we're expecting 0.5-RTT messages from the server, read them // now. - for _, expectedMsg := range c.config.Bugs.ExpectHalfRTTData { - if err := c.readRecord(recordTypeApplicationData); err != nil { - return err + if encryptedExtensions.extensions.hasEarlyData { + // BoringSSL will always send two tickets half-RTT when + // negotiating 0-RTT. + for i := 0; i < shimConfig.HalfRTTTickets; i++ { + msg, err := c.readHandshake() + if err != nil { + return fmt.Errorf("tls: error reading half-RTT ticket: %s", err) + } + newSessionTicket, ok := msg.(*newSessionTicketMsg) + if !ok { + return errors.New("tls: expected half-RTT ticket") + } + if err := c.processTLS13NewSessionTicket(newSessionTicket, hs.suite); err != nil { + return err + } } - if !bytes.Equal(c.input.data[c.input.off:], expectedMsg) { - return errors.New("ExpectHalfRTTData: did not get expected message") + for _, expectedMsg := range c.config.Bugs.ExpectHalfRTTData { + if err := c.readRecord(recordTypeApplicationData); err != nil { + return err + } + if !bytes.Equal(c.input.data[c.input.off:], expectedMsg) { + return errors.New("ExpectHalfRTTData: did not get expected message") + } + c.in.freeBlock(c.input) + c.input = nil } - c.in.freeBlock(c.input) - c.input = nil } // Send EndOfEarlyData and then switch write key to handshake // traffic key. - if c.out.cipher != nil { + if c.out.cipher != nil && !c.config.Bugs.SkipEndOfEarlyData { + if c.config.Bugs.SendStrayEarlyHandshake { + helloRequest := new(helloRequestMsg) + c.writeRecord(recordTypeHandshake, helloRequest.marshal()) + } c.sendAlert(alertEndOfEarlyData) } c.out.useTrafficSecret(c.vers, hs.suite, clientHandshakeTrafficSecret, clientWrite) @@ -1336,6 +1356,18 @@ func (hs *clientHandshakeState) processServerExtensions(serverExtensions *server c.srtpProtectionProfile = serverExtensions.srtpProtectionProfile } + if c.vers >= VersionTLS13 && c.didResume { + if c.config.Bugs.ExpectEarlyDataAccepted && !serverExtensions.hasEarlyData { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: server did not accept early data when expected") + } + + if !c.config.Bugs.ExpectEarlyDataAccepted && serverExtensions.hasEarlyData { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: server accepted early data when not expected") + } + } + return nil } |