commit 803c77a681ea5f0bed2bcacc0d71f26f48e1a596
author Steven Valdez <svaldez@google.com> Tue Sep 06 14:13:43 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Oct 06 14:37:09 2016 +0000
tree 43a8d6980d5f803db9ce5b2629d38503369a2f3c
parent 5b9860827f46c2cf5b620fefb3cda35f6c28318a

Update crypto negotation to draft 15.

BUG=77

Change-Id: If568412655aae240b072c29d763a5b17bb5ca3f7
Reviewed-on: https://boringssl-review.googlesource.com/10840
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Commit-Queue: David Benjamin <davidben@google.com>

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0da212b..b9d359e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1240,13 +1240,10 @@
     return 1;
   }
 
-  /* OCSP stapling is forbidden on a non-certificate cipher. */
-  if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
-    return 0;
-  }
-
   if (ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
-    if (CBS_len(contents) != 0) {
+    /* OCSP stapling is forbidden on non-certificate ciphers. */
+    if (CBS_len(contents) != 0 ||
+        !ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
       return 0;
     }
 
@@ -1258,6 +1255,11 @@
     return 1;
   }
 
+  /* In TLS 1.3, OCSP stapling is forbidden on resumption. */
+  if (ssl->s3->session_reused) {
+    return 0;
+  }
+
   uint8_t status_type;
   CBS ocsp_response;
   if (!CBS_get_u8(contents, &status_type) ||
@@ -1298,7 +1300,9 @@
 static int ext_ocsp_add_serverhello(SSL *ssl, CBB *out) {
   if (!ssl->s3->tmp.ocsp_stapling_requested ||
       ssl->ctx->ocsp_response_length == 0 ||
-      !ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+      ssl->s3->session_reused ||
+      (ssl3_protocol_version(ssl) < TLS1_3_VERSION &&
+       !ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher))) {
     return 1;
   }
 
@@ -2231,8 +2235,13 @@
                                         uint8_t *out_alert, CBS *contents) {
   uint16_t group_id;
   CBS key_shares;
-  if (!tls1_get_shared_group(ssl, &group_id) ||
-      !CBS_get_u16_length_prefixed(contents, &key_shares) ||
+  if (!tls1_get_shared_group(ssl, &group_id)) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_GROUP);
+    *out_alert = SSL_AD_HANDSHAKE_FAILURE;
+    return 0;
+  }
+
+  if (!CBS_get_u16_length_prefixed(contents, &key_shares) ||
       CBS_len(contents) != 0) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
     return 0;
@@ -2286,6 +2295,7 @@
     OPENSSL_free(secret);
     SSL_ECDH_CTX_cleanup(&group);
     CBB_cleanup(&public_key);
+    *out_alert = SSL_AD_ILLEGAL_PARAMETER;
     return 0;
   }
 
@@ -2298,10 +2308,6 @@
 }
 
 int ssl_ext_key_share_add_serverhello(SSL *ssl, CBB *out) {
-  if (ssl->s3->tmp.new_cipher->algorithm_mkey != SSL_kECDHE) {
-    return 1;
-  }
-
   uint16_t group_id;
   CBB kse_bytes, public_key;
   if (!tls1_get_shared_group(ssl, &group_id) ||