diff options
| author | jsing <> | 2021-06-27 17:13:23 +0000 |
|---|---|---|
| committer | jsing <> | 2021-06-27 17:13:23 +0000 |
| commit | da216d6a9dc6ae0dde2d845b85225550b2abaa94 (patch) | |
| tree | 04a7dbb3017316200cda34b2a9a6ac4300aa0540 | |
| parent | a7ed9ad139d7a9319648b19afe65bf3e6b015fb1 (diff) | |
| download | openbsd-da216d6a9dc6ae0dde2d845b85225550b2abaa94.tar.gz openbsd-da216d6a9dc6ae0dde2d845b85225550b2abaa94.tar.bz2 openbsd-da216d6a9dc6ae0dde2d845b85225550b2abaa94.zip | |
Add test coverage for TLSv1.3 client hellos.
This is a little bit clunky due to the number of things that vary (largely
thanks to middlebox compatibility mode, along with the versions and key
share extensions), however it works and can be improved at a later date.
| -rw-r--r-- | src/regress/lib/libssl/client/clienttest.c | 179 |
1 files changed, 166 insertions, 13 deletions
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c index e797811e01..2efe676a9d 100644 --- a/src/regress/lib/libssl/client/clienttest.c +++ b/src/regress/lib/libssl/client/clienttest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clienttest.c,v 1.32 2021/06/27 16:55:46 jsing Exp $ */ | 1 | /* $OpenBSD: clienttest.c,v 1.33 2021/06/27 17:13:23 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -32,6 +32,15 @@ | |||
| 32 | #define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2) | 32 | #define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2) |
| 33 | #define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37) | 33 | #define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37) |
| 34 | 34 | ||
| 35 | #define TLS13_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH) | ||
| 36 | #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2) | ||
| 37 | #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34) | ||
| 38 | #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69) | ||
| 39 | #define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 194) | ||
| 40 | #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98) | ||
| 41 | |||
| 42 | #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000) | ||
| 43 | |||
| 35 | static const uint8_t cipher_list_dtls1[] = { | 44 | static const uint8_t cipher_list_dtls1[] = { |
| 36 | 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, | 45 | 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, |
| 37 | 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, | 46 | 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, |
| @@ -229,15 +238,123 @@ static const uint8_t client_hello_tls12[] = { | |||
| 229 | 0x02, 0x03, | 238 | 0x02, 0x03, |
| 230 | }; | 239 | }; |
| 231 | 240 | ||
| 241 | static const uint8_t cipher_list_tls13_aes[] = { | ||
| 242 | 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30, | ||
| 243 | 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, | ||
| 244 | 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, | ||
| 245 | 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85, | ||
| 246 | 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, | ||
| 247 | 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, | ||
| 248 | 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, | ||
| 249 | 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, | ||
| 250 | 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, | ||
| 251 | 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, | ||
| 252 | 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, | ||
| 253 | 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, | ||
| 254 | 0x00, 0xff | ||
| 255 | }; | ||
| 256 | |||
| 257 | static const uint8_t cipher_list_tls13_chacha[] = { | ||
| 258 | 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, | ||
| 259 | 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, | ||
| 260 | 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, | ||
| 261 | 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, | ||
| 262 | 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, | ||
| 263 | 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, | ||
| 264 | 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, | ||
| 265 | 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, | ||
| 266 | 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, | ||
| 267 | 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, | ||
| 268 | 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, | ||
| 269 | 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, | ||
| 270 | 0x00, 0xff, | ||
| 271 | }; | ||
| 272 | |||
| 273 | static const uint8_t client_hello_tls13[] = { | ||
| 274 | 0x16, 0x03, 0x01, 0x01, 0x1a, 0x01, 0x00, 0x01, | ||
| 275 | 0x16, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 276 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 277 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 278 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 279 | 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, | ||
| 280 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 281 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 282 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 283 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x62, 0x13, 0x03, | ||
| 284 | 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8, | ||
| 285 | 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, | ||
| 286 | 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, | ||
| 287 | 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 0x00, 0xc4, | ||
| 288 | 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, | ||
| 289 | 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, | ||
| 290 | 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, | ||
| 291 | 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, | ||
| 292 | 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, | ||
| 293 | 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, | ||
| 294 | 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, | ||
| 295 | 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, | ||
| 296 | 0x01, 0x00, 0x00, 0x6b, 0x00, 0x2b, 0x00, 0x09, | ||
| 297 | 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, 0x02, 0x03, | ||
| 298 | 0x01, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, | ||
| 299 | 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 300 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 301 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 302 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 303 | 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, | ||
| 304 | 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, | ||
| 305 | 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, | ||
| 306 | 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, | ||
| 307 | 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, | ||
| 308 | 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, | ||
| 309 | 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, | ||
| 310 | }; | ||
| 311 | |||
| 312 | static const uint8_t cipher_list_tls13_only_aes[] = { | ||
| 313 | 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, | ||
| 314 | }; | ||
| 315 | |||
| 316 | static const uint8_t cipher_list_tls13_only_chacha[] = { | ||
| 317 | 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, | ||
| 318 | }; | ||
| 319 | |||
| 320 | static const uint8_t client_hello_tls13_only[] = { | ||
| 321 | 0x16, 0x03, 0x03, 0x00, 0xb6, 0x01, 0x00, 0x00, | ||
| 322 | 0xb2, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 323 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 324 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 325 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 326 | 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, | ||
| 327 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 328 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 329 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 330 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x13, 0x03, | ||
| 331 | 0x13, 0x02, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00, | ||
| 332 | 0x00, 0x61, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, | ||
| 333 | 0x04, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, | ||
| 334 | 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 335 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 336 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 337 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 338 | 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, | ||
| 339 | 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, | ||
| 340 | 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, | ||
| 341 | 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, | ||
| 342 | 0x12, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, | ||
| 343 | 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, | ||
| 344 | 0x01, 0x04, 0x03, | ||
| 345 | }; | ||
| 346 | |||
| 232 | struct client_hello_test { | 347 | struct client_hello_test { |
| 233 | const char *desc; | 348 | const char *desc; |
| 234 | const int protocol; | 349 | const int protocol; |
| 235 | const size_t random_start; | 350 | const size_t random_start; |
| 351 | const size_t session_start; | ||
| 352 | const size_t key_share_start; | ||
| 236 | const SSL_METHOD *(*ssl_method)(void); | 353 | const SSL_METHOD *(*ssl_method)(void); |
| 237 | const long ssl_options; | 354 | const long ssl_options; |
| 238 | }; | 355 | }; |
| 239 | 356 | ||
| 240 | static struct client_hello_test client_hello_tests[] = { | 357 | static const struct client_hello_test client_hello_tests[] = { |
| 241 | { | 358 | { |
| 242 | .desc = "DTLSv1 client method", | 359 | .desc = "DTLSv1 client method", |
| 243 | .protocol = DTLS1_VERSION, | 360 | .protocol = DTLS1_VERSION, |
| @@ -288,15 +405,15 @@ static struct client_hello_test client_hello_tests[] = { | |||
| 288 | .random_start = SSL3_RANDOM_OFFSET, | 405 | .random_start = SSL3_RANDOM_OFFSET, |
| 289 | .ssl_method = TLSv1_2_client_method, | 406 | .ssl_method = TLSv1_2_client_method, |
| 290 | }, | 407 | }, |
| 291 | #if 0 | ||
| 292 | { | 408 | { |
| 293 | .desc = "SSLv23 default", | 409 | .desc = "SSLv23 default", |
| 294 | .protocol = TLS1_3_VERSION, | 410 | .protocol = TLS1_3_VERSION, |
| 295 | .random_start = SSL3_RANDOM_OFFSET, | 411 | .random_start = TLS13_RANDOM_OFFSET, |
| 412 | .session_start = TLS13_SESSION_OFFSET, | ||
| 413 | .key_share_start = TLS13_KEY_SHARE_OFFSET, | ||
| 296 | .ssl_method = SSLv23_client_method, | 414 | .ssl_method = SSLv23_client_method, |
| 297 | .ssl_options = 0, | 415 | .ssl_options = 0, |
| 298 | }, | 416 | }, |
| 299 | #endif | ||
| 300 | { | 417 | { |
| 301 | .desc = "SSLv23 default (no TLSv1.3)", | 418 | .desc = "SSLv23 default (no TLSv1.3)", |
| 302 | .protocol = TLS1_2_VERSION, | 419 | .protocol = TLS1_2_VERSION, |
| @@ -318,15 +435,15 @@ static struct client_hello_test client_hello_tests[] = { | |||
| 318 | .ssl_method = SSLv23_client_method, | 435 | .ssl_method = SSLv23_client_method, |
| 319 | .ssl_options = SSL_OP_NO_TLSv1_1, | 436 | .ssl_options = SSL_OP_NO_TLSv1_1, |
| 320 | }, | 437 | }, |
| 321 | #if 0 | ||
| 322 | { | 438 | { |
| 323 | .desc = "TLS default", | 439 | .desc = "TLS default", |
| 324 | .protocol = TLS1_3_VERSION, | 440 | .protocol = TLS1_3_VERSION, |
| 325 | .random_start = SSL3_RANDOM_OFFSET, | 441 | .random_start = TLS13_RANDOM_OFFSET, |
| 442 | .session_start = TLS13_SESSION_OFFSET, | ||
| 443 | .key_share_start = TLS13_KEY_SHARE_OFFSET, | ||
| 326 | .ssl_method = TLS_client_method, | 444 | .ssl_method = TLS_client_method, |
| 327 | .ssl_options = 0, | 445 | .ssl_options = 0, |
| 328 | }, | 446 | }, |
| 329 | #endif | ||
| 330 | { | 447 | { |
| 331 | .desc = "TLS (no TLSv1.3)", | 448 | .desc = "TLS (no TLSv1.3)", |
| 332 | .protocol = TLS1_2_VERSION, | 449 | .protocol = TLS1_2_VERSION, |
| @@ -349,23 +466,26 @@ static struct client_hello_test client_hello_tests[] = { | |||
| 349 | .ssl_options = SSL_OP_NO_TLSv1_1, | 466 | .ssl_options = SSL_OP_NO_TLSv1_1, |
| 350 | }, | 467 | }, |
| 351 | #if 0 | 468 | #if 0 |
| 469 | /* XXX - build client hello with explicit versions extension. */ | ||
| 352 | { | 470 | { |
| 353 | .desc = "TLS (no TLSv1.0, no TLSv1.1)", | 471 | .desc = "TLS (no TLSv1.0, no TLSv1.1)", |
| 354 | .protocol = TLS1_3_VERSION, | 472 | .protocol = TLS1_3_VERSION, |
| 355 | .random_start = SSL3_RANDOM_OFFSET, | 473 | .random_start = TLS13_RANDOM_OFFSET, |
| 474 | .session_start = TLS13_SESSION_OFFSET, | ||
| 475 | .key_share_start = TLS13_KEY_SHARE_OFFSET, | ||
| 356 | .ssl_method = TLS_client_method, | 476 | .ssl_method = TLS_client_method, |
| 357 | .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, | 477 | .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, |
| 358 | }, | 478 | }, |
| 359 | #endif | 479 | #endif |
| 360 | #if 0 | ||
| 361 | { | 480 | { |
| 362 | .desc = "TLS (no TLSv1.0, no TLSv1.1, no TLSv1.2)", | 481 | .desc = "TLS (no TLSv1.0, no TLSv1.1, no TLSv1.2)", |
| 363 | .protocol = TLS1_3_VERSION, | 482 | .protocol = TLS1_3_VERSION_ONLY, |
| 364 | .random_start = SSL3_RANDOM_OFFSET, | 483 | .random_start = TLS13_RANDOM_OFFSET, |
| 484 | .session_start = TLS13_SESSION_OFFSET, | ||
| 485 | .key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET, | ||
| 365 | .ssl_method = TLS_client_method, | 486 | .ssl_method = TLS_client_method, |
| 366 | .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, | 487 | .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, |
| 367 | }, | 488 | }, |
| 368 | #endif | ||
| 369 | }; | 489 | }; |
| 370 | 490 | ||
| 371 | #define N_CLIENT_HELLO_TESTS \ | 491 | #define N_CLIENT_HELLO_TESTS \ |
| @@ -455,6 +575,30 @@ make_client_hello(int protocol, char **out, size_t *outlen) | |||
| 455 | cipher_list_offset = SSL3_CIPHER_OFFSET; | 575 | cipher_list_offset = SSL3_CIPHER_OFFSET; |
| 456 | break; | 576 | break; |
| 457 | 577 | ||
| 578 | case TLS1_3_VERSION: | ||
| 579 | client_hello = client_hello_tls13; | ||
| 580 | client_hello_len = sizeof(client_hello_tls13); | ||
| 581 | cipher_list = cipher_list_tls13_chacha; | ||
| 582 | cipher_list_len = sizeof(cipher_list_tls13_chacha); | ||
| 583 | if (ssl_aes_is_accelerated()) { | ||
| 584 | cipher_list = cipher_list_tls13_aes; | ||
| 585 | cipher_list_len = sizeof(cipher_list_tls13_aes); | ||
| 586 | } | ||
| 587 | cipher_list_offset = TLS13_CIPHER_OFFSET; | ||
| 588 | break; | ||
| 589 | |||
| 590 | case TLS1_3_VERSION_ONLY: | ||
| 591 | client_hello = client_hello_tls13_only; | ||
| 592 | client_hello_len = sizeof(client_hello_tls13_only); | ||
| 593 | cipher_list = cipher_list_tls13_only_chacha; | ||
| 594 | cipher_list_len = sizeof(cipher_list_tls13_only_chacha); | ||
| 595 | if (ssl_aes_is_accelerated()) { | ||
| 596 | cipher_list = cipher_list_tls13_only_aes; | ||
| 597 | cipher_list_len = sizeof(cipher_list_tls13_only_aes); | ||
| 598 | } | ||
| 599 | cipher_list_offset = TLS13_CIPHER_OFFSET; | ||
| 600 | break; | ||
| 601 | |||
| 458 | default: | 602 | default: |
| 459 | return (-1); | 603 | return (-1); |
| 460 | } | 604 | } |
| @@ -479,6 +623,7 @@ client_hello_test(int testno, const struct client_hello_test *cht) | |||
| 479 | SSL *ssl = NULL; | 623 | SSL *ssl = NULL; |
| 480 | char *client_hello = NULL; | 624 | char *client_hello = NULL; |
| 481 | size_t client_hello_len; | 625 | size_t client_hello_len; |
| 626 | size_t session_len; | ||
| 482 | char *wbuf, rbuf[1]; | 627 | char *wbuf, rbuf[1]; |
| 483 | int ret = 1; | 628 | int ret = 1; |
| 484 | long len; | 629 | long len; |
| @@ -543,6 +688,14 @@ client_hello_test(int testno, const struct client_hello_test *cht) | |||
| 543 | 688 | ||
| 544 | memset(&wbuf[cht->random_start], 0, SSL3_RANDOM_SIZE); | 689 | memset(&wbuf[cht->random_start], 0, SSL3_RANDOM_SIZE); |
| 545 | 690 | ||
| 691 | if (cht->session_start > 0) { | ||
| 692 | session_len = wbuf[cht->session_start]; | ||
| 693 | if (session_len > 0) | ||
| 694 | memset(&wbuf[cht->session_start + 1], 0, session_len); | ||
| 695 | } | ||
| 696 | if (cht->key_share_start > 0) | ||
| 697 | memset(&wbuf[cht->key_share_start], 0, 32); | ||
| 698 | |||
| 546 | if (memcmp(client_hello, wbuf, client_hello_len) != 0) { | 699 | if (memcmp(client_hello, wbuf, client_hello_len) != 0) { |
| 547 | fprintf(stderr, "FAIL: ClientHello differs:\n"); | 700 | fprintf(stderr, "FAIL: ClientHello differs:\n"); |
| 548 | fprintf(stderr, "received:\n"); | 701 | fprintf(stderr, "received:\n"); |