diff options
author | Matt Caswell <matt@openssl.org> | 2017-11-03 17:38:48 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-12-14 16:06:37 +0100 |
commit | 88050dd1960bfaba7ede12a3ce1afe40f5deb124 (patch) | |
tree | 4f3f8bcce1f05fe4bf2b55068ad2112c7ce88fac /test/asynciotest.c | |
parent | Update the TLSv1.3 draft version indicators to draft 22 (diff) | |
download | openssl-88050dd1960bfaba7ede12a3ce1afe40f5deb124.tar.xz openssl-88050dd1960bfaba7ede12a3ce1afe40f5deb124.zip |
Update ServerHello to new draft-22 format
The new ServerHello format is essentially now the same as the old TLSv1.2
one, but it must additionally include supported_versions. The version
field is fixed at TLSv1.2, and the version negotiation happens solely via
supported_versions.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
Diffstat (limited to 'test/asynciotest.c')
-rw-r--r-- | test/asynciotest.c | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/test/asynciotest.c b/test/asynciotest.c index fdb9770251..179fe2620d 100644 --- a/test/asynciotest.c +++ b/test/asynciotest.c @@ -146,7 +146,7 @@ static int async_write(BIO *bio, const char *in, int inl) return -1; while (PACKET_remaining(&pkt) > 0) { - PACKET payload, wholebody; + PACKET payload, wholebody, sessionid, extensions; unsigned int contenttype, versionhi, versionlo, data; unsigned int msgtype = 0, negversion = 0; @@ -164,11 +164,43 @@ static int async_write(BIO *bio, const char *in, int inl) && !PACKET_get_1(&wholebody, &msgtype)) return -1; - if (msgtype == SSL3_MT_SERVER_HELLO - && (!PACKET_forward(&wholebody, + if (msgtype == SSL3_MT_SERVER_HELLO) { + if (!PACKET_forward(&wholebody, SSL3_HM_HEADER_LENGTH - 1) - || !PACKET_get_net_2(&wholebody, &negversion))) - return -1; + || !PACKET_get_net_2(&wholebody, &negversion) + /* Skip random (32 bytes) */ + || !PACKET_forward(&wholebody, 32) + /* Skip session id */ + || !PACKET_get_length_prefixed_1(&wholebody, + &sessionid) + /* + * Skip ciphersuite (2 bytes) and compression + * method (1 byte) + */ + || !PACKET_forward(&wholebody, 2 + 1) + || !PACKET_get_length_prefixed_2(&wholebody, + &extensions)) + return -1; + + /* + * Find the negotiated version in supported_versions + * extension, if present. + */ + while (PACKET_remaining(&extensions)) { + unsigned int type; + PACKET extbody; + + if (!PACKET_get_net_2(&extensions, &type) + || !PACKET_get_length_prefixed_2(&extensions, + &extbody)) + return -1; + + if (type == TLSEXT_TYPE_supported_versions + && (!PACKET_get_net_2(&extbody, &negversion) + || PACKET_remaining(&extbody) != 0)) + return -1; + } + } while (PACKET_get_1(&payload, &data)) { /* Create a new one byte long record for each byte in the |