Google Git
Sign in
boringssl/boringssl/83ea777db54769c8bb95ddd62bf11c3946e6d3bf^!/.
commit
83ea777db54769c8bb95ddd62bf11c3946e6d3bf
[log]
author
David Benjamin <davidben@google.com>
Tue Feb 11 15:54:54 2020 -0500
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Fri Feb 14 16:44:37 2020 +0000
tree
117cd26186c0888659d63e73aea2de8bb3a4c2c5
parent
0dc70e462c058356e7a3ccb97e74690aab44c23f [diff]
runner: Tidy up 0-RTT support.

earlyCipherSuite is a remnant of early exporters, which we've since
removed. Also runner should perform the cipher suite matching check for
0-RTT.

Change-Id: Ia6dc2ff6cf7072d94820e8755acd555037c557f1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/40004
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index e24cf5a..0142ff6 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go

@@ -43,7 +43,6 @@
 	didResume            bool // whether this connection was a session resumption
 	extendedMasterSecret bool // whether this session used an extended master secret
 	cipherSuite          *cipherSuite
-	earlyCipherSuite     *cipherSuite
 	ocspResponse         []byte // stapled OCSP response
 	sctList              []byte // signed certificate timestamp list
 	peerCertificates     []*x509.Certificate
@@ -1893,17 +1892,13 @@
 }
 
 func (c *Conn) exportKeyingMaterialTLS13(length int, secret, label, context []byte) []byte {
-	cipherSuite := c.cipherSuite
-	if cipherSuite == nil {
-		cipherSuite = c.earlyCipherSuite
-	}
-	hash := cipherSuite.hash()
+	hash := c.cipherSuite.hash()
 	exporterKeyingLabel := []byte("exporter")
 	contextHash := hash.New()
 	contextHash.Write(context)
 	exporterContext := hash.New().Sum(nil)
-	derivedSecret := hkdfExpandLabel(cipherSuite.hash(), secret, label, exporterContext, hash.Size())
-	return hkdfExpandLabel(cipherSuite.hash(), derivedSecret, exporterKeyingLabel, contextHash.Sum(nil), length)
+	derivedSecret := hkdfExpandLabel(c.cipherSuite.hash(), secret, label, exporterContext, hash.Size())
+	return hkdfExpandLabel(c.cipherSuite.hash(), derivedSecret, exporterKeyingLabel, contextHash.Sum(nil), length)
 }
 
 // ExportKeyingMaterial exports keying material from the current connection

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index dc4b744..28523f0 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -709,7 +709,10 @@
 	// Decide whether or not to accept early data.
 	if !sendHelloRetryRequest && hs.clientHello.hasEarlyData {
 		if !config.Bugs.AlwaysRejectEarlyData && hs.sessionState != nil {
-			if c.clientProtocol == string(hs.sessionState.earlyALPN) || config.Bugs.AlwaysAcceptEarlyData {
+			if hs.sessionState.cipherSuite == hs.suite.id && c.clientProtocol == string(hs.sessionState.earlyALPN) {
+				encryptedExtensions.extensions.hasEarlyData = true
+			}
+			if config.Bugs.AlwaysAcceptEarlyData {
 				encryptedExtensions.extensions.hasEarlyData = true
 			}
 		}
@@ -717,11 +720,11 @@
 			earlyTrafficSecret := hs.finishedHash.deriveSecret(earlyTrafficLabel)
 			c.earlyExporterSecret = hs.finishedHash.deriveSecret(earlyExporterLabel)
 
-			if err := c.useInTrafficSecret(c.wireVersion, hs.suite, earlyTrafficSecret); err != nil {
+			sessionCipher := cipherSuiteFromID(hs.sessionState.cipherSuite)
+			if err := c.useInTrafficSecret(c.wireVersion, sessionCipher, earlyTrafficSecret); err != nil {
 				return err
 			}
 
-			c.earlyCipherSuite = hs.suite
 			for _, expectedMsg := range config.Bugs.ExpectEarlyData {
 				if err := c.readRecord(recordTypeApplicationData); err != nil {
 					return err