runner: Tidy up 0-RTT support.
earlyCipherSuite is a remnant of early exporters, which we've since
removed. Also runner should perform the cipher suite matching check for
0-RTT.
Change-Id: Ia6dc2ff6cf7072d94820e8755acd555037c557f1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/40004
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index e24cf5a..0142ff6 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -43,7 +43,6 @@
didResume bool // whether this connection was a session resumption
extendedMasterSecret bool // whether this session used an extended master secret
cipherSuite *cipherSuite
- earlyCipherSuite *cipherSuite
ocspResponse []byte // stapled OCSP response
sctList []byte // signed certificate timestamp list
peerCertificates []*x509.Certificate
@@ -1893,17 +1892,13 @@
}
func (c *Conn) exportKeyingMaterialTLS13(length int, secret, label, context []byte) []byte {
- cipherSuite := c.cipherSuite
- if cipherSuite == nil {
- cipherSuite = c.earlyCipherSuite
- }
- hash := cipherSuite.hash()
+ hash := c.cipherSuite.hash()
exporterKeyingLabel := []byte("exporter")
contextHash := hash.New()
contextHash.Write(context)
exporterContext := hash.New().Sum(nil)
- derivedSecret := hkdfExpandLabel(cipherSuite.hash(), secret, label, exporterContext, hash.Size())
- return hkdfExpandLabel(cipherSuite.hash(), derivedSecret, exporterKeyingLabel, contextHash.Sum(nil), length)
+ derivedSecret := hkdfExpandLabel(c.cipherSuite.hash(), secret, label, exporterContext, hash.Size())
+ return hkdfExpandLabel(c.cipherSuite.hash(), derivedSecret, exporterKeyingLabel, contextHash.Sum(nil), length)
}
// ExportKeyingMaterial exports keying material from the current connection
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index dc4b744..28523f0 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -709,7 +709,10 @@
// Decide whether or not to accept early data.
if !sendHelloRetryRequest && hs.clientHello.hasEarlyData {
if !config.Bugs.AlwaysRejectEarlyData && hs.sessionState != nil {
- if c.clientProtocol == string(hs.sessionState.earlyALPN) || config.Bugs.AlwaysAcceptEarlyData {
+ if hs.sessionState.cipherSuite == hs.suite.id && c.clientProtocol == string(hs.sessionState.earlyALPN) {
+ encryptedExtensions.extensions.hasEarlyData = true
+ }
+ if config.Bugs.AlwaysAcceptEarlyData {
encryptedExtensions.extensions.hasEarlyData = true
}
}
@@ -717,11 +720,11 @@
earlyTrafficSecret := hs.finishedHash.deriveSecret(earlyTrafficLabel)
c.earlyExporterSecret = hs.finishedHash.deriveSecret(earlyExporterLabel)
- if err := c.useInTrafficSecret(c.wireVersion, hs.suite, earlyTrafficSecret); err != nil {
+ sessionCipher := cipherSuiteFromID(hs.sessionState.cipherSuite)
+ if err := c.useInTrafficSecret(c.wireVersion, sessionCipher, earlyTrafficSecret); err != nil {
return err
}
- c.earlyCipherSuite = hs.suite
for _, expectedMsg := range config.Bugs.ExpectEarlyData {
if err := c.readRecord(recordTypeApplicationData); err != nil {
return err
