external/boringssl: Sync to 2fb729d4f36beaf263ad85e24a790b571652679c.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/7f02881e96e51f1873afcf384d02f782b48967ca..2fb729d4f36beaf263ad85e24a790b571652679c
Test: atest CtsLibcoreTestCases
Change-Id: I46a15a7bae971f16f957b04bcbb771a6936d5c1b
diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc
index 36aa560..924701f 100644
--- a/src/ssl/handshake_server.cc
+++ b/src/ssl/handshake_server.cc
@@ -152,7 +152,6 @@
#include <string.h>
#include <openssl/bn.h>
-#include <openssl/buf.h>
#include <openssl/bytestring.h>
#include <openssl/cipher.h>
#include <openssl/ec.h>
@@ -326,7 +325,7 @@
*out_mask_a = mask_a;
}
-static const SSL_CIPHER *ssl3_choose_cipher(
+static const SSL_CIPHER *choose_cipher(
SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello,
const SSLCipherPreferenceList *server_pref) {
SSL *const ssl = hs->ssl;
@@ -570,6 +569,14 @@
return ssl_hs_error;
}
+ // ClientHello should be the end of the flight. We check this early to cover
+ // all protocol versions.
+ if (ssl->method->has_unprocessed_handshake_data(ssl)) {
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
+ return ssl_hs_error;
+ }
+
if (hs->config->handoff) {
return ssl_hs_handoff;
}
@@ -700,7 +707,7 @@
SSLCipherPreferenceList *prefs = hs->config->cipher_list
? hs->config->cipher_list.get()
: ssl->ctx->cipher_list.get();
- hs->new_cipher = ssl3_choose_cipher(hs, &client_hello, prefs);
+ hs->new_cipher = choose_cipher(hs, &client_hello, prefs);
if (hs->new_cipher == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
@@ -1093,12 +1100,9 @@
!CBB_add_u8_length_prefixed(&body, &cert_types) ||
!CBB_add_u8(&cert_types, SSL3_CT_RSA_SIGN) ||
!CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN) ||
- // TLS 1.2 has no way to specify different signature algorithms for
- // certificates and the online signature, so emit the more restrictive
- // certificate list.
(ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
(!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
- !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb, true /* certs */))) ||
+ !tls12_add_verify_sigalgs(hs, &sigalgs_cbb))) ||
!ssl_add_client_CA_list(hs, &body) ||
!ssl_add_message_cbb(ssl, cbb.get())) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -1443,7 +1447,7 @@
return ssl_hs_error;
}
uint8_t alert = SSL_AD_DECODE_ERROR;
- if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
+ if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return ssl_hs_error;
}