Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / 43be7d2d2548688fca8c4949f9df458305f4e57c^! / . / src / ssl / handshake_server.cc
commit43be7d2d2548688fca8c4949f9df458305f4e57c[log] [tgz]
authorTobias Thierer <tobiast@google.com>Mon Mar 02 19:23:34 2020 +0000
committerTobias Thierer <tobiast@google.com>Mon Mar 02 19:24:01 2020 +0000
treea11dda7567c62c10b08aee6e2ac292afac9b2726
parent18c89d67305f5e16f34595858b85ccde3082591c [diff] [blame]
external/boringssl: Sync to 2fb729d4f36beaf263ad85e24a790b571652679c.

This includes the following changes:

https://boringssl.googlesource.com/boringssl/+log/7f02881e96e51f1873afcf384d02f782b48967ca..2fb729d4f36beaf263ad85e24a790b571652679c

Test: atest CtsLibcoreTestCases
Change-Id: I46a15a7bae971f16f957b04bcbb771a6936d5c1b

diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc
index 36aa560..924701f 100644
--- a/src/ssl/handshake_server.cc
+++ b/src/ssl/handshake_server.cc

@@ -152,7 +152,6 @@
 #include <string.h>
 
 #include <openssl/bn.h>
-#include <openssl/buf.h>
 #include <openssl/bytestring.h>
 #include <openssl/cipher.h>
 #include <openssl/ec.h>
@@ -326,7 +325,7 @@
   *out_mask_a = mask_a;
 }
 
-static const SSL_CIPHER *ssl3_choose_cipher(
+static const SSL_CIPHER *choose_cipher(
     SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello,
     const SSLCipherPreferenceList *server_pref) {
   SSL *const ssl = hs->ssl;
@@ -570,6 +569,14 @@
     return ssl_hs_error;
   }
 
+  // ClientHello should be the end of the flight. We check this early to cover
+  // all protocol versions.
+  if (ssl->method->has_unprocessed_handshake_data(ssl)) {
+    ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+    OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
+    return ssl_hs_error;
+  }
+
   if (hs->config->handoff) {
     return ssl_hs_handoff;
   }
@@ -700,7 +707,7 @@
   SSLCipherPreferenceList *prefs = hs->config->cipher_list
                                        ? hs->config->cipher_list.get()
                                        : ssl->ctx->cipher_list.get();
-  hs->new_cipher = ssl3_choose_cipher(hs, &client_hello, prefs);
+  hs->new_cipher = choose_cipher(hs, &client_hello, prefs);
   if (hs->new_cipher == NULL) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
@@ -1093,12 +1100,9 @@
         !CBB_add_u8_length_prefixed(&body, &cert_types) ||
         !CBB_add_u8(&cert_types, SSL3_CT_RSA_SIGN) ||
         !CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN) ||
-        // TLS 1.2 has no way to specify different signature algorithms for
-        // certificates and the online signature, so emit the more restrictive
-        // certificate list.
         (ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
          (!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
-          !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb, true /* certs */))) ||
+          !tls12_add_verify_sigalgs(hs, &sigalgs_cbb))) ||
         !ssl_add_client_CA_list(hs, &body) ||
         !ssl_add_message_cbb(ssl, cbb.get())) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -1443,7 +1447,7 @@
       return ssl_hs_error;
     }
     uint8_t alert = SSL_AD_DECODE_ERROR;
-    if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
+    if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
       ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
       return ssl_hs_error;
     }