Option to reverify certs on resumption. Works in the 1.3 and 1.2 client handshakes, not implemented on the server for now. Creates an SSL_CTX option to reverify the server certificate on session resumption. Reverification only runs the client's certificate verify callback. Adds new states to the client handshakes: state_reverify_server_certificate in TLS 1.2, and state_server_certificate_reverify in TLS 1.3. Adds a negative test to make sure that by default we don't verify the certificate on resumption, and positive tests that make sure we do when the new option is set. Change-Id: I3a47ff3eacb3099df4db4c5bc57f7c801ceea8f1 Bug: chromium:347402 Reviewed-on: https://boringssl-review.googlesource.com/29984 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 1c337e566d98a46798fe76c170c35e8c1a3ca6ea [log] [tgz]
author: Jesse Selover <jselover@google.com> Fri Aug 10 13:28:47 2018 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri Aug 10 20:06:22 2018 +0000
tree: 910025ec6ed36d97aa00b07b4b71a426503ecd3e
parent: bdc409801f793bc15cae6e57697e061b96dd9487 [diff] [blame]
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index 40281a0..cf20403 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc

@@ -40,6 +40,7 @@
   state_read_certificate_request,
   state_read_server_certificate,
   state_read_server_certificate_verify,
+  state_server_certificate_reverify,
   state_read_server_finished,
   state_send_end_of_early_data,
   state_send_client_certificate,
@@ -464,6 +465,10 @@
   SSL *const ssl = hs->ssl;
   // CertificateRequest may only be sent in non-resumption handshakes.
   if (ssl->s3->session_reused) {
+    if (ssl->ctx->reverify_on_resume) {
+      hs->tls13_state = state_server_certificate_reverify;
+      return ssl_hs_ok;
+    }
     hs->tls13_state = state_read_server_finished;
     return ssl_hs_ok;
   }
@@ -585,6 +590,21 @@
   return ssl_hs_ok;
 }
 
+static enum ssl_hs_wait_t do_server_certificate_reverify(
+    SSL_HANDSHAKE *hs) {
+  switch (ssl_reverify_peer_cert(hs)) {
+    case ssl_verify_ok:
+      break;
+    case ssl_verify_invalid:
+      return ssl_hs_error;
+    case ssl_verify_retry:
+      hs->tls13_state = state_server_certificate_reverify;
+      return ssl_hs_certificate_verify;
+  }
+  hs->tls13_state = state_read_server_finished;
+  return ssl_hs_ok;
+}
+
 static enum ssl_hs_wait_t do_read_server_finished(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
   SSLMessage msg;
@@ -754,6 +774,9 @@
       case state_read_server_certificate_verify:
         ret = do_read_server_certificate_verify(hs);
         break;
+      case state_server_certificate_reverify:
+        ret = do_server_certificate_reverify(hs);
+        break;
       case state_read_server_finished:
         ret = do_read_server_finished(hs);
         break;
@@ -804,6 +827,8 @@
       return "TLS 1.3 client read_server_certificate";
     case state_read_server_certificate_verify:
       return "TLS 1.3 client read_server_certificate_verify";
+    case state_server_certificate_reverify:
+      return "TLS 1.3 client server_certificate_reverify";
     case state_read_server_finished:
       return "TLS 1.3 client read_server_finished";
     case state_send_end_of_early_data:
commit	1c337e566d98a46798fe76c170c35e8c1a3ca6ea	[log] [tgz]
author	Jesse Selover <jselover@google.com>	Fri Aug 10 13:28:47 2018 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Fri Aug 10 20:06:22 2018 +0000
tree	910025ec6ed36d97aa00b07b4b71a426503ecd3e
parent	bdc409801f793bc15cae6e57697e061b96dd9487 [diff] [blame]