diff options
| author | David Benjamin <davidben@google.com> | 2016-08-01 19:12:47 +0300 |
|---|---|---|
| committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2016-08-01 22:47:26 +0300 |
| commit | 489016550997ba53185658d501d972517a1b79b5 (patch) | |
| tree | 696a9665c2a996128a59a32d2f6434fdd9120ee6 | |
| parent | 0c40a96455b0f720267b9eeb47704c85ee883121 (diff) | |
Empty signature algorithms in TLS 1.3 CertificateRequest is illegal.
In TLS 1.2, this was allowed to be empty for the weird SHA-1 fallback
logic. In TLS 1.3, not only is the fallback logic gone, but omitting
them is a syntactic error.
struct {
opaque certificate_request_context<0..2^8-1>;
SignatureScheme
supported_signature_algorithms<2..2^16-2>;
DistinguishedName certificate_authorities<0..2^16-1>;
CertificateExtension certificate_extensions<0..2^16-1>;
} CertificateRequest;
Thanks to Eric Rescorla for pointing this out.
Change-Id: I4991e59bc4647bb665aaf920ed4836191cea3a5a
Reviewed-on: https://boringssl-review.googlesource.com/9062
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
| -rw-r--r-- | ssl/test/runner/runner.go | 7 | ||||
| -rw-r--r-- | ssl/tls13_client.c | 1 |
2 files changed, 6 insertions, 2 deletions
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 5e049b11..3a367c53 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -5662,8 +5662,11 @@ func addSignatureAlgorithmTests() { "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), }, - shouldFail: true, - expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:", + shouldFail: true, + // An empty CertificateRequest signature algorithm list is a + // syntax error in TLS 1.3. + expectedError: ":DECODE_ERROR:", + expectedLocalError: "remote error: error decoding message", }) testCases = append(testCases, testCase{ diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c index c38358db..61996952 100644 --- a/ssl/tls13_client.c +++ b/ssl/tls13_client.c @@ -323,6 +323,7 @@ static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl, !CBS_stow(&context, &ssl->s3->hs->cert_context, &ssl->s3->hs->cert_context_len) || !CBS_get_u16_length_prefixed(&cbs, &supported_signature_algorithms) || + CBS_len(&supported_signature_algorithms) == 0 || !tls1_parse_peer_sigalgs(ssl, &supported_signature_algorithms)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); |