commit 8a8349b53eb22bc1636444768a4e39f3c2b58551
author David Benjamin <davidben@google.com> Thu Aug 18 02:32:23 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Aug 18 15:40:40 2016 +0000
tree b1ea19dd385370c4630ab618c1bca9a7c8c83c13
parent e73c7f42813444204b836040a128ba8265abfbf9

Request contexts are now illegal during the handshake.

One less thing to keep track of.
https://github.com/tlswg/tls13-spec/pull/549 got merged.

Change-Id: Ide66e547140f8122a3b8013281be5215c11b6de0
Reviewed-on: https://boringssl-review.googlesource.com/10482
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index ade9416..4f13459 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -906,9 +906,6 @@
   uint8_t *public_key;
   size_t public_key_len;
 
-  uint8_t *cert_context;
-  size_t cert_context_len;
-
   uint8_t session_tickets_sent;
 } /* SSL_HANDSHAKE */;
 

ssl/test/runner/common.go

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 2b4f53d..319ae28 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -1049,6 +1049,10 @@
 	// SendExtraFinished, if true, causes an extra Finished message to be
 	// sent.
 	SendExtraFinished bool
+
+	// SendRequestContext, if not empty, is the request context to send in
+	// a TLS 1.3 CertificateRequest.
+	SendRequestContext []byte
 }
 
 func (c *Config) serverInit() {

ssl/test/runner/handshake_client.go

diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index 91afc64..e8e6490 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -673,6 +673,10 @@
 		var ok bool
 		certReq, ok = msg.(*certificateRequestMsg)
 		if ok {
+			if len(certReq.requestContext) != 0 {
+				return errors.New("tls: non-empty certificate request context sent in handshake")
+			}
+
 			if c.config.Bugs.IgnorePeerSignatureAlgorithmPreferences {
 				certReq.signatureAlgorithms = c.config.signSignatureAlgorithms()
 			}

ssl/test/runner/handshake_server.go

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 64e2a71..6d4d70a 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -596,6 +596,7 @@
 			certReq := &certificateRequestMsg{
 				hasSignatureAlgorithm: true,
 				hasRequestContext:     true,
+				requestContext:        config.Bugs.SendRequestContext,
 			}
 			if !config.Bugs.NoSignatureAlgorithms {
 				certReq.signatureAlgorithms = config.verifySignatureAlgorithms()

ssl/test/runner/runner.go

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 71278ae..f999f48 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -3125,7 +3125,7 @@
 				MaxVersion: VersionTLS13,
 				MinVersion: VersionTLS13,
 			},
-			resumeSession:        true,
+			resumeSession: true,
 		})
 
 		tests = append(tests, testCase{
@@ -3135,7 +3135,7 @@
 				MaxVersion: VersionTLS13,
 				MinVersion: VersionTLS13,
 			},
-			resumeSession:        true,
+			resumeSession: true,
 		})
 
 		tests = append(tests, testCase{
@@ -8007,6 +8007,24 @@
 		shouldFail:    true,
 		expectedError: ":WRONG_CURVE:",
 	})
+
+	testCases = append(testCases, testCase{
+		name: "TLS13-RequestContextInHandshake",
+		config: Config{
+			MaxVersion: VersionTLS13,
+			MinVersion: VersionTLS13,
+			ClientAuth: RequireAnyClientCert,
+			Bugs: ProtocolBugs{
+				SendRequestContext: []byte("request context"),
+			},
+		},
+		flags: []string{
+			"-cert-file", path.Join(*resourceDir, rsaCertificateFile),
+			"-key-file", path.Join(*resourceDir, rsaKeyFile),
+		},
+		shouldFail:    true,
+		expectedError: ":DECODE_ERROR:",
+	})
 }
 
 func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {

ssl/tls13_both.c

diff --git a/ssl/tls13_both.c b/ssl/tls13_both.c
index 2527896..9dd27ce 100644
--- a/ssl/tls13_both.c
+++ b/ssl/tls13_both.c
@@ -63,7 +63,6 @@
   ssl_handshake_clear_groups(hs);
   OPENSSL_free(hs->key_share_bytes);
   OPENSSL_free(hs->public_key);
-  OPENSSL_free(hs->cert_context);
   OPENSSL_free(hs);
 }
 
@@ -329,11 +328,10 @@
 }
 
 int tls13_prepare_certificate(SSL *ssl) {
-  CBB cbb, body, context;
+  CBB cbb, body;
   if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE) ||
-      !CBB_add_u8_length_prefixed(&body, &context) ||
-      !CBB_add_bytes(&context, ssl->s3->hs->cert_context,
-                     ssl->s3->hs->cert_context_len) ||
+      /* The request context is always empty in the handshake. */
+      !CBB_add_u8(&body, 0) ||
       !ssl_add_cert_chain(ssl, &body) ||
       !ssl->method->finish_message(ssl, &cbb)) {
     CBB_cleanup(&cbb);

ssl/tls13_client.c

diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c
index d58f72d..d2d99a7 100644
--- a/ssl/tls13_client.c
+++ b/ssl/tls13_client.c
@@ -394,8 +394,8 @@
   CBS cbs, context, supported_signature_algorithms;
   CBS_init(&cbs, ssl->init_msg, ssl->init_num);
   if (!CBS_get_u8_length_prefixed(&cbs, &context) ||
-      !CBS_stow(&context, &ssl->s3->hs->cert_context,
-                &ssl->s3->hs->cert_context_len) ||
+      /* The request context is always empty during the handshake. */
+      CBS_len(&context) != 0 ||
       !CBS_get_u16_length_prefixed(&cbs, &supported_signature_algorithms) ||
       CBS_len(&supported_signature_algorithms) == 0 ||
       !tls1_parse_peer_sigalgs(ssl, &supported_signature_algorithms)) {