diff options
| author | Steven Valdez <dvorak42@mit.edu> | 2016-07-15 13:51:15 +0300 |
|---|---|---|
| committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2016-07-15 14:20:41 +0300 |
| commit | 0ee2e1107e6e59021b2e26ec83382010190e9f3c (patch) | |
| tree | 365d699a8ccd3ff82b4e276febf32235ce15f795 | |
| parent | bf5aa846d6c4e055f9ead2e091c8a226bf0f56de (diff) | |
Fixing TLS 1.3 Go Handshake Bugs.
Change-Id: I2f5c45e0e491f9dd25c2463710697599fea708ed
Reviewed-on: https://boringssl-review.googlesource.com/8794
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
| -rw-r--r-- | ssl/test/runner/handshake_client.go | 13 | ||||
| -rw-r--r-- | ssl/test/runner/handshake_server.go | 19 |
2 files changed, 30 insertions, 2 deletions
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index 003aaf44..81e6fdb9 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go @@ -120,6 +120,14 @@ func (c *Conn) clientHandshake() error { if err != nil { return err } + + if c.config.Bugs.SendCurve != 0 { + curveID = c.config.Bugs.SendCurve + } + if c.config.Bugs.InvalidECDHPoint { + publicKey[0] ^= 0xff + } + hello.keyShares = append(hello.keyShares, keyShareEntry{ group: curveID, keyExchange: publicKey, @@ -601,7 +609,7 @@ func (hs *clientHandshakeState) doTLS13Handshake() error { masterSecret := hs.finishedHash.extractKey(handshakeSecret, zeroSecret) trafficSecret := hs.finishedHash.deriveSecret(masterSecret, applicationTrafficLabel) - if certReq != nil { + if certReq != nil && !c.config.Bugs.SkipClientCertificate { certMsg := &certificateMsg{ hasRequestContext: true, requestContext: certReq.requestContext, @@ -633,6 +641,9 @@ func (hs *clientHandshakeState) doTLS13Handshake() error { c.sendAlert(alertInternalError) return err } + if c.config.Bugs.SendSignatureAlgorithm != 0 { + certVerify.signatureAlgorithm = c.config.Bugs.SendSignatureAlgorithm + } hs.writeClientHash(certVerify.marshal()) c.writeRecord(recordTypeHandshake, certVerify.marshal()) diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go index f6bf0db5..2cdfbee0 100644 --- a/ssl/test/runner/handshake_server.go +++ b/ssl/test/runner/handshake_server.go @@ -324,6 +324,10 @@ Curves: } hs.hello.cipherSuite = hs.suite.id + if c.config.Bugs.SendCipherSuite != 0 { + hs.hello.cipherSuite = c.config.Bugs.SendCipherSuite + } + hs.finishedHash = newFinishedHash(c.vers, hs.suite) hs.finishedHash.discardHandshakeBuffer() hs.writeClientHash(hs.clientHello.marshal()) @@ -367,8 +371,17 @@ Curves: return err } hs.hello.hasKeyShare = true + + curveID := selectedKeyShare.group + if c.config.Bugs.SendCurve != 0 { + curveID = config.Bugs.SendCurve + } + if c.config.Bugs.InvalidECDHPoint { + publicKey[0] ^= 0xff + } + hs.hello.keyShare = keyShareEntry{ - group: selectedKeyShare.group, + group: curveID, keyExchange: publicKey, } } else { @@ -460,6 +473,10 @@ Curves: return err } + if config.Bugs.SendSignatureAlgorithm != 0 { + certVerify.signatureAlgorithm = config.Bugs.SendSignatureAlgorithm + } + hs.writeServerHash(certVerify.marshal()) c.writeRecord(recordTypeHandshake, certVerify.marshal()) } |