The branch master has been updated via 964f2788908e19b4faf370eb99652367672374e7 (commit) via 108d45df737f5b0a4842de02c3f8ff1b9b07306f (commit) from 355a0d10a9a736202d3dbc41ce2218acb46a30ca (commit)
- Log ----------------------------------------------------------------- commit 964f2788908e19b4faf370eb99652367672374e7 Author: Matt Caswell <m...@openssl.org> Date: Tue May 16 12:05:57 2017 +0100 Add a test for a missing sig algs extension Check that a missing sig algs extension succeeds if we are resuming. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3478) commit 108d45df737f5b0a4842de02c3f8ff1b9b07306f Author: Matt Caswell <m...@openssl.org> Date: Tue May 16 12:04:00 2017 +0100 Allow a missing sig algs extension if resuming The current TLSv1.3 spec says: 'If a server is authenticating via a certificate and the client has not sent a "signature_algorithms" extension, then the server MUST abort the handshake with a "missing_extension" alert (see Section 8.2).' If we are resuming then we are not "authenticating via a certificate" but we were still aborting with the missing_extension alert if sig algs was missing. This commit ensures that we only send the alert if we are not resuming. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3478) ----------------------------------------------------------------------- Summary of changes: ssl/statem/extensions.c | 2 +- test/recipes/70-test_tls13psk.t | 26 +++++++++++++++++++++++--- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index fd76337..68d8cea 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1081,7 +1081,7 @@ static int init_srtp(SSL *s, unsigned int context) static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al) { - if (!sent && SSL_IS_TLS13(s)) { + if (!sent && SSL_IS_TLS13(s) && !s->hit) { *al = TLS13_AD_MISSING_EXTENSION; SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION); return 0; diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t index 48d1dde..23767f9 100644 --- a/test/recipes/70-test_tls13psk.t +++ b/test/recipes/70-test_tls13psk.t @@ -42,15 +42,15 @@ use constant { ILLEGAL_EXT_SECOND_CH => 1 }; -#Most PSK tests are done in test_ssl_new. This just checks sending a PSK -#extension when it isn't in the last place in a ClientHello +#Most PSK tests are done in test_ssl_new. This tests various failure scenarios +#around PSK #Test 1: First get a session (undef, my $session) = tempfile(); $proxy->clientflags("-sess_out ".$session); $proxy->sessionfile($session); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 4; +plan tests => 5; ok(TLSProxy::Message->success(), "Initial connection"); #Test 2: Attempt a resume with PSK not in last place. Should fail @@ -94,6 +94,13 @@ $pskseen = $ch2seen && defined ${$ch2->extension_data}{TLSProxy::Message::EXT_PSK}; ok($ch2seen && !$pskseen, "PSK hash does not match"); +#Test 5: Attempt a resume without a sig agls extension. Should succeed because +# sig algs is not needed in a resumption. +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->filter(\&remove_sig_algs_filter); +$proxy->start(); +ok(TLSProxy::Message->success(), "Remove sig algs"); unlink $session; @@ -129,3 +136,16 @@ sub modify_psk_filter } $message->repack(); } + +sub remove_sig_algs_filter +{ + my $proxy = shift; + my $message; + + # Only look at the first ClientHello + return if $proxy->flight != 0; + + $message = ${$proxy->message_list}[0]; + $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS); + $message->repack(); +} _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits