On 04/04/17 15:34, Thiago Arrais wrote:
> Hmmm... The Getting Started page talks about writing test cases.
> 
> It seems like a good start. Is there any area that needs special attention?

Actually I have a suggestion for a fairly small self-contained piece of
work suitable for a starting project.

The spec has this requirement:

   As of TLS 1.3, servers are permitted to send the "supported_groups"
   extension to the client.  If the server has a group it prefers to the
   ones in the "key_share" extension but is still willing to accept the
   ClientHello, it SHOULD send "supported_groups" to update the client's
   view of its preferences; this extension SHOULD contain all groups the
   server supports, regardless of whether they are currently supported
   by the client.  Clients MUST NOT act upon any information found in
   "supported_groups" prior to successful completion of the handshake,
   but MAY use the information learned from a successfully completed
   handshake to change what groups they use in their "key_share"
   extension in subsequent connections.

At the moment we only ever send supported_groups client -> server. Never
server -> client. I wouldn't worry about the client acting on this
information at this stage. Just start with the server sending it if the
selected key_share is not for the most preferred group.

Hint: you will need to look at ssl/statem/extensions.c and you will also
need to add code to ssl/statem/extensions_srvr.c.

I strongly suggest you spend some time looking at some other github pull
requests to get a feel for how our submission and review process works,
and the kind of review comments that come up. You should also
familiarise yourself with our coding style:

https://www.openssl.org/policies/codingstyle.html

All submissions should include tests. Adding something to
test/recipes/70-test_tls13messages.t would probably be sufficient, i.e.
a test to demonstrate that sending a preferred key_share results in no
supported_groups extension in the EncryptedExtensions message, and then
a test to demonstrate that sending an acceptable but non-preferred
key_share results in the supported_groups extension being sent.

If you are not already familiar with the TLSv1.3 spec then you will need
to be. Make sure you read it through and gain a good understanding of it
before you start.

Matt
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to