external/boringssl: Sync to 2d98d49cf712ca7dc6f4b23b9c5f5542385d8dbe.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/5ede28c8a422801ace3ba5e466ba963005351145..2d98d49cf712ca7dc6f4b23b9c5f5542385d8dbe
Test: BoringSSL CTS Presubmits
Change-Id: I21750d81b070d7e4741e205f5c2ccd8d541b36d1
diff --git a/src/ssl/handshake_client.cc b/src/ssl/handshake_client.cc
index ae96bcf..e46b39f 100644
--- a/src/ssl/handshake_client.cc
+++ b/src/ssl/handshake_client.cc
@@ -600,7 +600,7 @@
.subspan(SSL3_RANDOM_SIZE - sizeof(kTLS13DowngradeRandom));
if (suffix == kTLS12DowngradeRandom || suffix == kTLS13DowngradeRandom) {
ssl->s3->tls13_downgrade = true;
- if (!ssl->ctx->ignore_tls13_downgrade) {
+ if (!hs->config->ignore_tls13_downgrade) {
OPENSSL_PUT_ERROR(SSL, SSL_R_TLS13_DOWNGRADE);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
diff --git a/src/ssl/internal.h b/src/ssl/internal.h
index 0535b8d..561b5d9 100644
--- a/src/ssl/internal.h
+++ b/src/ssl/internal.h
@@ -2456,6 +2456,10 @@
// shed_handshake_config indicates that the handshake config (this object!)
// should be freed after the handshake completes.
bool shed_handshake_config : 1;
+
+ // ignore_tls13_downgrade is whether the connection should continue when the
+ // server random signals a downgrade.
+ bool ignore_tls13_downgrade:1;
};
// From RFC 8446, used in determining PSK modes.
diff --git a/src/ssl/ssl_lib.cc b/src/ssl/ssl_lib.cc
index 13b9cac..9c16de4 100644
--- a/src/ssl/ssl_lib.cc
+++ b/src/ssl/ssl_lib.cc
@@ -693,6 +693,7 @@
ctx->signed_cert_timestamps_enabled;
ssl->config->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
ssl->config->handoff = ctx->handoff;
+ ssl->config->ignore_tls13_downgrade = ctx->ignore_tls13_downgrade;
if (!ssl->method->ssl_new(ssl.get()) ||
!ssl->ctx->x509_method->ssl_new(ssl->s3->hs.get())) {
@@ -709,7 +710,8 @@
channel_id_enabled(false),
retain_only_sha256_of_client_certs(false),
handoff(false),
- shed_handshake_config(false) {
+ shed_handshake_config(false),
+ ignore_tls13_downgrade(false) {
assert(ssl);
}
@@ -2642,6 +2644,13 @@
ctx->ignore_tls13_downgrade = !!ignore;
}
+void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {
+ if (!ssl->config) {
+ return;
+ }
+ ssl->config->ignore_tls13_downgrade = !!ignore;
+}
+
void SSL_set_shed_handshake_config(SSL *ssl, int enable) {
if (!ssl->config) {
return;
diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc
index 894bb14..61a47d3 100644
--- a/src/ssl/ssl_test.cc
+++ b/src/ssl/ssl_test.cc
@@ -48,7 +48,7 @@
#include <sys/time.h>
#endif
-#if !defined(OPENSSL_NO_THREADS)
+#if defined(OPENSSL_THREADS)
#include <thread>
#endif
@@ -4298,7 +4298,7 @@
// These tests test multi-threaded behavior. They are intended to run with
// ThreadSanitizer.
-#if !defined(OPENSSL_NO_THREADS)
+#if defined(OPENSSL_THREADS)
TEST_P(SSLVersionTest, SessionCacheThreads) {
SSL_CTX_set_options(server_ctx_.get(), SSL_OP_NO_TICKET);
SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
diff --git a/src/ssl/ssl_x509.cc b/src/ssl/ssl_x509.cc
index 9fa800f..ec203b2 100644
--- a/src/ssl/ssl_x509.cc
+++ b/src/ssl/ssl_x509.cc
@@ -999,17 +999,25 @@
return 1;
}
-static SSL_SESSION *ssl_session_new_with_crypto_x509(void) {
- return ssl_session_new(&ssl_crypto_x509_method).release();
-}
-
SSL_SESSION *d2i_SSL_SESSION_bio(BIO *bio, SSL_SESSION **out) {
- return ASN1_d2i_bio_of(SSL_SESSION, ssl_session_new_with_crypto_x509,
- d2i_SSL_SESSION, bio, out);
+ uint8_t *data;
+ size_t len;
+ if (!BIO_read_asn1(bio, &data, &len, 1024 * 1024)) {
+ return 0;
+ }
+ bssl::UniquePtr<uint8_t> free_data(data);
+ const uint8_t *ptr = data;
+ return d2i_SSL_SESSION(out, &ptr, static_cast<long>(len));
}
int i2d_SSL_SESSION_bio(BIO *bio, const SSL_SESSION *session) {
- return ASN1_i2d_bio_of(SSL_SESSION, i2d_SSL_SESSION, bio, session);
+ uint8_t *data;
+ size_t len;
+ if (!SSL_SESSION_to_bytes(session, &data, &len)) {
+ return 0;
+ }
+ bssl::UniquePtr<uint8_t> free_data(data);
+ return BIO_write_all(bio, data, len);
}
IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go
index 4bcf603..9631e6e 100644
--- a/src/ssl/test/runner/runner.go
+++ b/src/ssl/test/runner/runner.go
@@ -5891,59 +5891,65 @@
})
// Test TLS 1.3's downgrade signal.
- testCases = append(testCases, testCase{
- name: "Downgrade-TLS12-Client",
- config: Config{
- Bugs: ProtocolBugs{
- NegotiateVersion: VersionTLS12,
- },
- },
- tls13Variant: TLS13RFC,
- expectedVersion: VersionTLS12,
- shouldFail: true,
- expectedError: ":TLS13_DOWNGRADE:",
- expectedLocalError: "remote error: illegal parameter",
- })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "Downgrade-TLS12-Server",
- config: Config{
- Bugs: ProtocolBugs{
- SendSupportedVersions: []uint16{VersionTLS12},
- },
- },
- tls13Variant: TLS13RFC,
- expectedVersion: VersionTLS12,
- shouldFail: true,
- expectedLocalError: "tls: downgrade from TLS 1.3 detected",
- })
+ var downgradeTests = []struct {
+ name string
+ version uint16
+ clientShimError string
+ }{
+ {"TLS12", VersionTLS12, "tls: downgrade from TLS 1.3 detected"},
+ {"TLS11", VersionTLS11, "tls: downgrade from TLS 1.2 detected"},
+ // TLS 1.0 does not have a dedicated value.
+ {"TLS10", VersionTLS10, "tls: downgrade from TLS 1.2 detected"},
+ }
- testCases = append(testCases, testCase{
- name: "Downgrade-TLS11-Client",
- config: Config{
- Bugs: ProtocolBugs{
- NegotiateVersion: VersionTLS11,
+ for _, test := range downgradeTests {
+ // The client should enforce the downgrade sentinel.
+ testCases = append(testCases, testCase{
+ name: "Downgrade-" + test.name + "-Client",
+ config: Config{
+ Bugs: ProtocolBugs{
+ NegotiateVersion: test.version,
+ },
},
- },
- tls13Variant: TLS13RFC,
- expectedVersion: VersionTLS11,
- shouldFail: true,
- expectedError: ":TLS13_DOWNGRADE:",
- expectedLocalError: "remote error: illegal parameter",
- })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "Downgrade-TLS11-Server",
- config: Config{
- Bugs: ProtocolBugs{
- SendSupportedVersions: []uint16{VersionTLS11},
+ tls13Variant: TLS13RFC,
+ expectedVersion: test.version,
+ shouldFail: true,
+ expectedError: ":TLS13_DOWNGRADE:",
+ expectedLocalError: "remote error: illegal parameter",
+ })
+
+ // The client should ignore the downgrade sentinel if
+ // configured.
+ testCases = append(testCases, testCase{
+ name: "Downgrade-" + test.name + "-Client-Ignore",
+ config: Config{
+ Bugs: ProtocolBugs{
+ NegotiateVersion: test.version,
+ },
},
- },
- tls13Variant: TLS13RFC,
- expectedVersion: VersionTLS11,
- shouldFail: true,
- expectedLocalError: "tls: downgrade from TLS 1.2 detected",
- })
+ tls13Variant: TLS13RFC,
+ expectedVersion: test.version,
+ flags: []string{
+ "-ignore-tls13-downgrade",
+ "-expect-tls13-downgrade",
+ },
+ })
+
+ // The server should emit the downgrade signal.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "Downgrade-" + test.name + "-Server",
+ config: Config{
+ Bugs: ProtocolBugs{
+ SendSupportedVersions: []uint16{test.version},
+ },
+ },
+ tls13Variant: TLS13RFC,
+ expectedVersion: test.version,
+ shouldFail: true,
+ expectedLocalError: test.clientShimError,
+ })
+ }
// Test that the draft TLS 1.3 variants don't trigger the downgrade logic.
testCases = append(testCases, testCase{