commit 0080d83b9faf8dd325f5f5f92eb56faa93864e4c
author Adam Langley <agl@google.com> Thu Jun 07 16:39:49 2018 -0700
committer Adam Langley <agl@google.com> Mon Jun 18 22:16:11 2018 +0000
tree 461fb2eed0bbb68dcf54a7db47d9050fee9ae0e3
parent f6e5d0d5a16e1bbb4116606c1fc04dd31502fa14

Implement the client side of certificate compression.

Change-Id: I0aced480af98276ebfe0970b4afb9aa957ee07cb
Reviewed-on: https://boringssl-review.googlesource.com/29024
Reviewed-by: Adam Langley <agl@google.com>

ssl/tls13_both.cc

diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index 993dd02..495838c 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc
@@ -105,7 +105,61 @@
 int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
                               int allow_anonymous) {
   SSL *const ssl = hs->ssl;
-  CBS body = msg.body, context, certificate_list;
+  CBS body = msg.body;
+  bssl::UniquePtr<CRYPTO_BUFFER> decompressed;
+
+  if (msg.type == SSL3_MT_COMPRESSED_CERTIFICATE) {
+    CBS compressed;
+    uint16_t alg_id;
+    uint32_t uncompressed_len;
+
+    if (!CBS_get_u16(&body, &alg_id) ||
+        !CBS_get_u24(&body, &uncompressed_len) ||
+        !CBS_get_u24_length_prefixed(&body, &compressed) ||
+        CBS_len(&body) != 0) {
+      ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+      OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
+      return 0;
+    }
+
+    if (uncompressed_len > ssl->max_cert_list) {
+      ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+      OPENSSL_PUT_ERROR(SSL, SSL_R_UNCOMPRESSED_CERT_TOO_LARGE);
+      ERR_add_error_dataf("requested=%u",
+                          static_cast<unsigned>(uncompressed_len));
+      return 0;
+    }
+
+    bssl::CertDecompressFunc decompress = nullptr;
+    for (const auto& alg : ssl->ctx->cert_compression_algs) {
+      if (alg->alg_id == alg_id) {
+        decompress = alg->decompress;
+        break;
+      }
+    }
+
+    if (decompress == nullptr) {
+      ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+      OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERT_COMPRESSION_ALG);
+      ERR_add_error_dataf("alg=%d", static_cast<int>(alg_id));
+      return 0;
+    }
+
+    if (!decompress(ssl, &decompressed, uncompressed_len, compressed) ||
+        CRYPTO_BUFFER_len(decompressed.get()) != uncompressed_len) {
+      ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+      OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_DECOMPRESSION_FAILED);
+      ERR_add_error_dataf("alg=%d", static_cast<int>(alg_id));
+      return 0;
+    }
+
+    CBS_init(&body, CRYPTO_BUFFER_data(decompressed.get()),
+             CRYPTO_BUFFER_len(decompressed.get()));
+  } else {
+    assert(msg.type == SSL3_MT_CERTIFICATE);
+  }
+
+  CBS context, certificate_list;
   if (!CBS_get_u8_length_prefixed(&body, &context) ||
       CBS_len(&context) != 0 ||
       !CBS_get_u24_length_prefixed(&body, &certificate_list) ||