diff options
| author | David Benjamin <davidben@google.com> | 2016-09-13 01:40:27 +0300 |
|---|---|---|
| committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2016-09-13 01:54:08 +0300 |
| commit | 3d458dc048c2ece7d89f9d50239c022322f6d0bd (patch) | |
| tree | 731595cfbae63763509e6091c7c64cbd6d2ee0d8 | |
| parent | 639846e5e47a2aacfd3d368bec1b208af34e68c8 (diff) | |
Revert of Determining certificate_auth and key_exchange based on SSL.
Reason for revert: Right now in TLS 1.3, certificate_auth is exactly
the same as whether we're doing resumption. With the weird reauth
stuff punted to later in the spec, having extra state is just more
room for bugs to creep in.
Original issue's description:
> Determining certificate_auth and key_exchange based on SSL.
>
> This allows us to switch TLS 1.3 to use non-cipher based negotiation
> without needing to use separate functions between 1.3 and below.
>
> BUG=77
>
> Change-Id: I9207e7a6793cb69e8300e2c15afe3548cbf82af2
> Reviewed-on: https://boringssl-review.googlesource.com/10803
> Reviewed-by: David Benjamin <davidben@google.com>
> Commit-Queue: David Benjamin <davidben@google.com>
> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
>
Change-Id: I240e3ee959ffd1f2481a06eabece3af554d20ffa
Reviewed-on: https://boringssl-review.googlesource.com/11008
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
| -rw-r--r-- | ssl/handshake_client.c | 14 | ||||
| -rw-r--r-- | ssl/handshake_server.c | 12 | ||||
| -rw-r--r-- | ssl/internal.h | 2 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 4 | ||||
| -rw-r--r-- | ssl/tls13_client.c | 5 | ||||
| -rw-r--r-- | ssl/tls13_server.c | 9 |
6 files changed, 14 insertions, 32 deletions
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c index dd3ab040..ce736b57 100644 --- a/ssl/handshake_client.c +++ b/ssl/handshake_client.c @@ -264,7 +264,7 @@ int ssl3_connect(SSL *ssl) { break; case SSL3_ST_CR_CERT_A: - if (ssl->s3->hs->use_cert_auth) { + if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { ret = ssl3_get_server_certificate(ssl); if (ret <= 0) { goto end; @@ -288,7 +288,7 @@ int ssl3_connect(SSL *ssl) { break; case SSL3_ST_VERIFY_SERVER_CERT: - if (ssl->s3->hs->use_cert_auth) { + if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { ret = ssl3_verify_server_cert(ssl); if (ret <= 0) { goto end; @@ -308,7 +308,7 @@ int ssl3_connect(SSL *ssl) { break; case SSL3_ST_CR_CERT_REQ_A: - if (ssl->s3->hs->use_cert_auth) { + if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { ret = ssl3_get_certificate_request(ssl); if (ret <= 0) { goto end; @@ -952,9 +952,6 @@ static int ssl3_get_server_hello(SSL *ssl) { ssl->s3->new_session->cipher = c; } ssl->s3->tmp.new_cipher = c; - if (ssl_cipher_uses_certificate_auth(c)) { - ssl->s3->hs->use_cert_auth = 1; - } /* Now that the cipher is known, initialize the handshake hash. */ if (!ssl3_init_handshake_hash(ssl)) { @@ -964,7 +961,8 @@ static int ssl3_get_server_hello(SSL *ssl) { /* If doing a full handshake, the server may request a client certificate * which requires hashing the handshake transcript. Otherwise, the handshake * buffer may be released. */ - if (ssl->session != NULL || !ssl->s3->hs->use_cert_auth) { + if (ssl->session != NULL || + !ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { ssl3_free_handshake_buffer(ssl); } @@ -1286,7 +1284,7 @@ static int ssl3_get_server_key_exchange(SSL *ssl) { CBS_len(&server_key_exchange_orig) - CBS_len(&server_key_exchange)); /* ServerKeyExchange should be signed by the server's public key. */ - if (ssl->s3->hs->use_cert_auth) { + if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { pkey = X509_get_pubkey(ssl->s3->new_session->peer); if (pkey == NULL) { goto err; diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c index 421db42a..0189714e 100644 --- a/ssl/handshake_server.c +++ b/ssl/handshake_server.c @@ -257,7 +257,7 @@ int ssl3_accept(SSL *ssl) { case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: - if (ssl->s3->hs->use_cert_auth) { + if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { ret = ssl3_send_server_certificate(ssl); if (ret <= 0) { goto end; @@ -776,9 +776,6 @@ static int ssl3_get_client_hello(SSL *ssl) { ssl->s3->tmp.new_cipher = ssl->session->cipher; ssl->s3->tmp.cert_request = 0; - if (ssl_cipher_uses_certificate_auth(ssl->session->cipher)) { - ssl->s3->hs->use_cert_auth = 1; - } } else { /* Call |cert_cb| to update server certificates if required. */ if (ssl->cert->cert_cb != NULL) { @@ -804,9 +801,6 @@ static int ssl3_get_client_hello(SSL *ssl) { ssl->s3->new_session->cipher = c; ssl->s3->tmp.new_cipher = c; - if (ssl_cipher_uses_certificate_auth(c)) { - ssl->s3->hs->use_cert_auth = 1; - } /* Determine whether to request a client certificate. */ ssl->s3->tmp.cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER); @@ -816,7 +810,7 @@ static int ssl3_get_client_hello(SSL *ssl) { ssl->s3->tmp.cert_request = 0; } /* CertificateRequest may only be sent in certificate-based ciphers. */ - if (!ssl->s3->hs->use_cert_auth) { + if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { ssl->s3->tmp.cert_request = 0; } @@ -1053,7 +1047,7 @@ static int ssl3_send_server_key_exchange(SSL *ssl) { } /* Add a signature. */ - if (ssl->s3->hs->use_cert_auth) { + if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { if (!ssl_has_private_key(ssl)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); goto err; diff --git a/ssl/internal.h b/ssl/internal.h index 5dff6606..f2856825 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -897,8 +897,6 @@ struct ssl_handshake_st { uint8_t secret[EVP_MAX_MD_SIZE]; uint8_t traffic_secret_0[EVP_MAX_MD_SIZE]; - int use_cert_auth; - SSL_ECDH_CTX *groups; size_t groups_len; /* retry_group is the group ID selected by the server in HelloRetryRequest. */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ab4b663d..0febb1c5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1191,7 +1191,7 @@ static int ext_ocsp_parse_serverhello(SSL *ssl, uint8_t *out_alert, } /* OCSP stapling is forbidden on a non-certificate cipher. */ - if (!ssl->s3->hs->use_cert_auth) { + if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { return 0; } @@ -1244,7 +1244,7 @@ static int ext_ocsp_parse_clienthello(SSL *ssl, uint8_t *out_alert, static int ext_ocsp_add_serverhello(SSL *ssl, CBB *out) { if (!ssl->s3->tmp.ocsp_stapling_requested || ssl->ctx->ocsp_response_length == 0 || - !ssl->s3->hs->use_cert_auth) { + !ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { return 1; } diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c index cf3f284d..20f4bcda 100644 --- a/ssl/tls13_client.c +++ b/ssl/tls13_client.c @@ -267,9 +267,6 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) { ssl->s3->new_session->cipher = cipher; ssl->s3->tmp.new_cipher = cipher; - if (ssl_cipher_uses_certificate_auth(cipher)) { - hs->use_cert_auth = 1; - } /* The PRF hash is now known. Set up the key schedule. */ static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0}; @@ -383,7 +380,7 @@ static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl, ssl->s3->tmp.cert_request = 0; /* CertificateRequest may only be sent in certificate-based ciphers. */ - if (!ssl->s3->hs->use_cert_auth) { + if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { hs->state = state_process_server_finished; return ssl_hs_ok; } diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c index e2da097d..48279a79 100644 --- a/ssl/tls13_server.c +++ b/ssl/tls13_server.c @@ -230,10 +230,6 @@ static enum ssl_hs_wait_t do_select_parameters(SSL *ssl, SSL_HANDSHAKE *hs) { ssl->s3->new_session->cipher = cipher; ssl->s3->tmp.new_cipher = cipher; - - if (ssl_cipher_uses_certificate_auth(cipher)) { - hs->use_cert_auth = 1; - } } else { uint16_t resumption_cipher; if (!ssl_cipher_get_ecdhe_psk_cipher(ssl->s3->new_session->cipher, @@ -243,7 +239,6 @@ static enum ssl_hs_wait_t do_select_parameters(SSL *ssl, SSL_HANDSHAKE *hs) { return ssl_hs_error; } ssl->s3->tmp.new_cipher = SSL_get_cipher_by_value(resumption_cipher); - hs->use_cert_auth = 0; } ssl->method->received_flight(ssl); @@ -386,7 +381,7 @@ static enum ssl_hs_wait_t do_send_certificate_request(SSL *ssl, /* Determine whether to request a client certificate. */ ssl->s3->tmp.cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER); /* CertificateRequest may only be sent in certificate-based ciphers. */ - if (!ssl->s3->hs->use_cert_auth) { + if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { ssl->s3->tmp.cert_request = 0; } @@ -431,7 +426,7 @@ err: static enum ssl_hs_wait_t do_send_server_certificate(SSL *ssl, SSL_HANDSHAKE *hs) { - if (!ssl->s3->hs->use_cert_auth) { + if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { hs->state = state_send_server_finished; return ssl_hs_ok; } |