runner: Check that the shim HRRs echo the session ID

We have a corresponding check on the ServerHello, but not HelloRetryRequest. See also https://github.com/rustls/rustls/pull/1374, where rustls forgot to apply the compatibility logic to HelloRetryRequest. (From the perspective of a TLS-1.2-expecting observer, HelloRetryRequest is the ServerHello, so encoding hacks need to apply to both.) Change-Id: I9b711ea45c54770a76ecfbca8bc992a4eaef6fcd Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62906 Reviewed-by: Adam Langley <agl@google.com> Auto-Submit: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com>
1 year ago · 9404a0b6c9
parent 235ee97b46
commit 9404a0b6c9
1 changed files with 5 additions and 1 deletions
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@ -997,6 +997,10 @@ func (hs *clientHandshakeState) doTLS13Handshake(msg any) error {
 	if haveHelloRetryRequest {
 		hs.writeServerHash(helloRetryRequest.marshal())

+		if !bytes.Equal(hs.hello.sessionID, helloRetryRequest.sessionID) {
+			return errors.New("tls: ClientHello and HelloRetryRequest session IDs did not match.")
+		}
+
 		if c.config.Bugs.FailIfHelloRetryRequested {
 			return errors.New("tls: unexpected HelloRetryRequest")
 		}
@ -1097,7 +1101,7 @@ func (hs *clientHandshakeState) doTLS13Handshake(msg any) error {
 	}

 	if !bytes.Equal(hs.hello.sessionID, hs.serverHello.sessionID) {
-		return errors.New("tls: session IDs did not match.")
+		return errors.New("tls: ClientHello and ServerHello session IDs did not match.")
 	}

 	// Resolve PSK and compute the early secret.