commit 6553b379e2dbda9d03f6892f45fa97e4d8a37f04
author David Benjamin <davidben@chromium.org> Tue Jul 22 14:11:30 2014 -0400
committer Adam Langley <agl@google.com> Wed Jul 23 15:45:55 2014 +0000
tree df0a2874cf6878aaea9794b3c3a20008b54d5bfe
parent b61b4de6dfd52cc4d0c90d32696ea37a769f3ba6

Don't accidentally read Finished in ssl3_get_cert_verify.

This removes one place where we set CCS_OK. ssl3_get_cert_verify already knows
whether or not to expect a CertificateVerify message, so there is no need to
look ahead and potentially read ChangeCipherSpec early.

Change-Id: I80f4ec218b073c1007b01dbe1e3bd529fb848d37
Reviewed-on: https://boringssl-review.googlesource.com/1293
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 2a348aa..14506fc 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -590,9 +590,6 @@
 
 		case SSL3_ST_SR_CERT_VRFY_A:
 		case SSL3_ST_SR_CERT_VRFY_B:
-
-			s->s3->flags |= SSL3_FLAGS_CCS_OK;
-			/* we should decide if we expected this one */
 			ret=ssl3_get_cert_verify(s);
 			if (ret <= 0) goto end;
 
@@ -2619,67 +2616,35 @@
 	long n;
 	CBS certificate_verify, signature;
 	int type = 0;
-	X509 *peer;
+	X509 *peer = s->session->peer;
 	const EVP_MD *md = NULL;
 	EVP_MD_CTX mctx;
 
 	EVP_MD_CTX_init(&mctx);
 
+	/* Determine if a CertificateVerify message is expected at all. It is
+	 * important that this be determined before ssl_get_message is called,
+	 * so as not to process the ChangeCipherSpec message early. */
+	if (peer != NULL)
+		{
+		pkey = X509_get_pubkey(peer);
+		type = X509_certificate_type(peer,pkey);
+		}
+	if (!(type & EVP_PKT_SIGN))
+		{
+		ret = 1;
+		goto end;
+		}
+
 	n=s->method->ssl_get_message(s,
 		SSL3_ST_SR_CERT_VRFY_A,
 		SSL3_ST_SR_CERT_VRFY_B,
-		-1,
+		SSL3_MT_CERTIFICATE_VERIFY,
 		516, /* Enough for 4096 bit RSA key with TLS v1.2 */
 		&ok);
 
 	if (!ok) return((int)n);
 
-	if (s->session->peer != NULL)
-		{
-		peer=s->session->peer;
-		pkey=X509_get_pubkey(peer);
-		type=X509_certificate_type(peer,pkey);
-		}
-	else
-		{
-		peer=NULL;
-		pkey=NULL;
-		}
-
-	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
-		{
-		s->s3->tmp.reuse_message=1;
-		if ((peer != NULL) && (type & EVP_PKT_SIGN))
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_verify, SSL_R_MISSING_VERIFY_MESSAGE);
-			goto f_err;
-			}
-		ret=1;
-		goto end;
-		}
-
-	if (peer == NULL)
-		{
-		OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_verify, SSL_R_NO_CLIENT_CERT_RECEIVED);
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		goto f_err;
-		}
-
-	if (!(type & EVP_PKT_SIGN))
-		{
-		OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_verify, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		goto f_err;
-		}
-
-	if (s->s3->change_cipher_spec)
-		{
-		OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_verify, SSL_R_CCS_RECEIVED_EARLY);
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		goto f_err;
-		}
-
 	CBS_init(&certificate_verify, s->init_msg, n);
 
 	/* We now have a signature that we need to verify. */