external/boringssl: Sync to 629db8cd0c84628e37aa81242b5b07fec7602f55.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/7c5728649affe20e2952b11a0aeaf0e7b114aad9..629db8cd0c84628e37aa81242b5b07fec7602f55
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I8f49012c4ae2500400d107f227bb7eb0616b7d2f
diff --git a/src/ssl/tls13_both.c b/src/ssl/tls13_both.c
index ea3eb77..5a058b1 100644
--- a/src/ssl/tls13_both.c
+++ b/src/ssl/tls13_both.c
@@ -163,7 +163,8 @@
return 0;
}
-int tls13_process_certificate(SSL *ssl, int allow_anonymous) {
+int tls13_process_certificate(SSL_HANDSHAKE *hs, int allow_anonymous) {
+ SSL *const ssl = hs->ssl;
CBS cbs, context, certificate_list;
CBS_init(&cbs, ssl->init_msg, ssl->init_num);
if (!CBS_get_u8_length_prefixed(&cbs, &context) ||
@@ -177,8 +178,9 @@
ssl->server && ssl->retain_only_sha256_of_client_certs;
int ret = 0;
- STACK_OF(X509) *chain = sk_X509_new_null();
- if (chain == NULL) {
+ EVP_PKEY *pkey = NULL;
+ STACK_OF(CRYPTO_BUFFER) *certs = sk_CRYPTO_BUFFER_new_null();
+ if (certs == NULL) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto err;
@@ -193,28 +195,41 @@
while (CBS_len(&certificate_list) > 0) {
CBS certificate, extensions;
if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate) ||
- !CBS_get_u16_length_prefixed(&certificate_list, &extensions)) {
+ !CBS_get_u16_length_prefixed(&certificate_list, &extensions) ||
+ CBS_len(&certificate) == 0) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
goto err;
}
- /* Retain the hash of the leaf certificate if requested. */
- if (sk_X509_num(chain) == 0 && retain_sha256) {
- SHA256(CBS_data(&certificate), CBS_len(&certificate),
- ssl->s3->new_session->peer_sha256);
+ if (sk_CRYPTO_BUFFER_num(certs) == 0) {
+ pkey = ssl_cert_parse_pubkey(&certificate);
+ if (pkey == NULL) {
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
+ goto err;
+ }
+ /* TLS 1.3 always uses certificate keys for signing thus the correct
+ * keyUsage is enforced. */
+ if (!ssl_cert_check_digital_signature_key_usage(&certificate)) {
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ goto err;
+ }
+
+ if (retain_sha256) {
+ /* Retain the hash of the leaf certificate if requested. */
+ SHA256(CBS_data(&certificate), CBS_len(&certificate),
+ ssl->s3->new_session->peer_sha256);
+ }
}
- X509 *x = ssl_parse_x509(&certificate);
- if (x == NULL || CBS_len(&certificate) != 0) {
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- X509_free(x);
- goto err;
- }
- if (!sk_X509_push(chain, x)) {
+ CRYPTO_BUFFER *buf =
+ CRYPTO_BUFFER_new_from_CBS(&certificate, ssl->ctx->pool);
+ if (buf == NULL ||
+ !sk_CRYPTO_BUFFER_push(certs, buf)) {
+ CRYPTO_BUFFER_free(buf);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- X509_free(x);
goto err;
}
@@ -253,7 +268,7 @@
goto err;
}
- if (sk_X509_num(chain) == 1 &&
+ if (sk_CRYPTO_BUFFER_num(certs) == 1 &&
!CBS_stow(&ocsp_response, &ssl->s3->new_session->ocsp_response,
&ssl->s3->new_session->ocsp_response_length)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
@@ -274,7 +289,7 @@
goto err;
}
- if (sk_X509_num(chain) == 1 &&
+ if (sk_CRYPTO_BUFFER_num(certs) == 1 &&
!CBS_stow(&sct,
&ssl->s3->new_session->tlsext_signed_cert_timestamp_list,
&ssl->s3->new_session
@@ -291,7 +306,21 @@
goto err;
}
- if (sk_X509_num(chain) == 0) {
+ EVP_PKEY_free(hs->peer_pubkey);
+ hs->peer_pubkey = pkey;
+ pkey = NULL;
+
+ sk_CRYPTO_BUFFER_pop_free(ssl->s3->new_session->certs, CRYPTO_BUFFER_free);
+ ssl->s3->new_session->certs = certs;
+ certs = NULL;
+
+ if (!ssl_session_x509_cache_objects(ssl->s3->new_session)) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ goto err;
+ }
+
+ if (sk_CRYPTO_BUFFER_num(ssl->s3->new_session->certs) == 0) {
if (!allow_anonymous) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_CERTIFICATE_REQUIRED);
@@ -310,36 +339,25 @@
ssl->s3->new_session->peer_sha256_valid = retain_sha256;
if (!ssl_verify_cert_chain(ssl, &ssl->s3->new_session->verify_result,
- chain)) {
+ ssl->s3->new_session->x509_chain)) {
goto err;
}
- X509_free(ssl->s3->new_session->x509_peer);
- X509 *leaf = sk_X509_value(chain, 0);
- X509_up_ref(leaf);
- ssl->s3->new_session->x509_peer = leaf;
-
- sk_X509_pop_free(ssl->s3->new_session->x509_chain, X509_free);
- ssl->s3->new_session->x509_chain = chain;
- chain = NULL;
-
ret = 1;
err:
- sk_X509_pop_free(chain, X509_free);
+ sk_CRYPTO_BUFFER_pop_free(certs, CRYPTO_BUFFER_free);
+ EVP_PKEY_free(pkey);
return ret;
}
-int tls13_process_certificate_verify(SSL *ssl) {
+int tls13_process_certificate_verify(SSL_HANDSHAKE *hs) {
+ SSL *const ssl = hs->ssl;
int ret = 0;
- X509 *peer = ssl->s3->new_session->x509_peer;
- EVP_PKEY *pkey = NULL;
uint8_t *msg = NULL;
size_t msg_len;
- /* Filter out unsupported certificate types. */
- pkey = X509_get_pubkey(peer);
- if (pkey == NULL) {
+ if (hs->peer_pubkey == NULL) {
goto err;
}
@@ -359,7 +377,7 @@
ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
goto err;
}
- ssl->s3->tmp.peer_signature_algorithm = signature_algorithm;
+ ssl->s3->new_session->peer_signature_algorithm = signature_algorithm;
if (!tls13_get_cert_verify_signature_input(
ssl, &msg, &msg_len,
@@ -370,7 +388,7 @@
int sig_ok =
ssl_public_key_verify(ssl, CBS_data(&signature), CBS_len(&signature),
- signature_algorithm, pkey, msg, msg_len);
+ signature_algorithm, hs->peer_pubkey, msg, msg_len);
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
sig_ok = 1;
ERR_clear_error();
@@ -384,7 +402,6 @@
ret = 1;
err:
- EVP_PKEY_free(pkey);
OPENSSL_free(msg);
return ret;
}
@@ -466,14 +483,14 @@
}
if (hs->ocsp_stapling_requested &&
- ssl->ctx->ocsp_response_length != 0) {
+ ssl->ocsp_response != NULL) {
CBB contents, ocsp_response;
if (!CBB_add_u16(&extensions, TLSEXT_TYPE_status_request) ||
!CBB_add_u16_length_prefixed(&extensions, &contents) ||
!CBB_add_u8(&contents, TLSEXT_STATUSTYPE_ocsp) ||
!CBB_add_u24_length_prefixed(&contents, &ocsp_response) ||
- !CBB_add_bytes(&ocsp_response, ssl->ctx->ocsp_response,
- ssl->ctx->ocsp_response_length) ||
+ !CBB_add_bytes(&ocsp_response, CRYPTO_BUFFER_data(ssl->ocsp_response),
+ CRYPTO_BUFFER_len(ssl->ocsp_response)) ||
!CBB_flush(&extensions)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
goto err;