runner: Fix ECH confirmation calculation with PSKs in tests.
Re-encoding a message does not necessarily give back the same value.
Bug: 275
Change-Id: I52cddd6152445b70579cbe03525898383bee211d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46644
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Dan McArdle <dmcardle@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go
index d8bdd82..121244c 100644
--- a/ssl/test/runner/handshake_messages.go
+++ b/ssl/test/runner/handshake_messages.go
@@ -1287,11 +1287,20 @@
// marshalForECHConf marshals |m|, but zeroes out the last 8 bytes of the
// ServerHello.random.
func (m *serverHelloMsg) marshalForECHConf() []byte {
- serverHelloECHConf := *m
- serverHelloECHConf.raw = nil
- serverHelloECHConf.random = make([]byte, 32)
- copy(serverHelloECHConf.random[:24], m.random)
- return serverHelloECHConf.marshal()
+ ret := m.marshal()
+ // Make a copy so we can mutate it.
+ ret = append(make([]byte, 0, len(ret)), ret...)
+
+ reparsed := new(serverHelloMsg)
+ if !reparsed.unmarshal(ret) {
+ panic("could not re-parse ServerHello")
+ }
+ // We rely on |unmarshal| aliasing the |random| into |ret|.
+ for i := 24; i < 32; i++ {
+ reparsed.random[i] = 0
+ }
+
+ return ret
}
type encryptedExtensionsMsg struct {
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 79f6f7d..e648b68 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -16556,6 +16556,7 @@
ExpectServerAcceptECH: true,
},
},
+ resumeSession: true,
})
// Test that server fails the handshake when it sees a nonempty ech_is_inner
@@ -16586,6 +16587,7 @@
ExpectServerAcceptECH: false,
},
},
+ resumeSession: true,
})
// Test that a TLS 1.3 server that receives an ech_is_inner extension can