Fix renegotiation with TLS 1.3 draft 22.
Change-Id: I87edf7e1fee07da4bc93cc7ab524b79991a4206e
Reviewed-on: https://boringssl-review.googlesource.com/23724
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 7b1c097..53adba6 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -298,7 +298,12 @@
CBB child;
if (!CBB_add_u16(&body, hs->client_version) ||
!CBB_add_bytes(&body, ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
- !CBB_add_u8_length_prefixed(&body, &child) ||
+ !CBB_add_u8_length_prefixed(&body, &child)) {
+ return 0;
+ }
+
+ // Do not send a session ID on renegotiation.
+ if (!ssl->s3->initial_handshake_complete &&
!CBB_add_bytes(&child, hs->session_id, hs->session_id_len)) {
return 0;
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 4f6fd13..66c13fc 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -7296,6 +7296,25 @@
},
})
testCases = append(testCases, testCase{
+ name: "Renegotiate-Client-TLS13Draft22",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ Bugs: ProtocolBugs{
+ FailIfResumeOnRenego: true,
+ },
+ },
+ tls13Variant: TLS13Draft22,
+ renegotiate: 1,
+ // Test renegotiation after both an initial and resumption
+ // handshake.
+ resumeSession: true,
+ flags: []string{
+ "-renegotiate-freely",
+ "-expect-total-renegotiations", "1",
+ "-expect-secure-renegotiation",
+ },
+ })
+ testCases = append(testCases, testCase{
name: "Renegotiate-Client-EmptyExt",
renegotiate: 1,
config: Config{
