Google Git
Sign in
boringssl/boringssl.git/ad5db965845a12fbd69bd23eab00dd6b9e5998f6^!/.
commit
ad5db965845a12fbd69bd23eab00dd6b9e5998f6
[log]
author
David Benjamin <davidben@google.com>
Thu Jul 08 11:56:53 2021 -0400
committer
Adam Langley <agl@google.com>
Fri Jul 09 16:35:53 2021 +0000
tree
d636ec04a752093af46d27b59bcefd4df06ab818
parent
62d6ed60dc192433d05fcc786a8dc0df23e80c96 [diff]
Handle the server case in SSL_get0_ech_name_override.

Found by OSS-Fuzz. This comes up if you enable client certificates and
the draft ECH implementation on the server.

Bug: 275, oss-fuzz:35815
Change-Id: I0b4fcc994f7238f8a3cf1f1934672bac0cee0cfb
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48425
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/encrypted_client_hello.cc b/ssl/encrypted_client_hello.cc
index e5fabd9..b70f66c 100644
--- a/ssl/encrypted_client_hello.cc
+++ b/ssl/encrypted_client_hello.cc

@@ -1003,7 +1003,7 @@
   // this point, |ech_status| will be |ssl_ech_none|. See the
   // ECH-Client-Reject-EarlyDataReject-OverrideNameOnRetry tests in runner.go.
   const SSL_HANDSHAKE *hs = ssl->s3->hs.get();
-  if (hs && ssl->s3->ech_status == ssl_ech_rejected) {
+  if (!ssl->server && hs && ssl->s3->ech_status == ssl_ech_rejected) {
     *out_name = reinterpret_cast<const char *>(
         hs->selected_ech_config->public_name.data());
     *out_name_len = hs->selected_ech_config->public_name.size();

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 4838eec..3306c88 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -17071,6 +17071,47 @@
 			},
 		})
 
+		// Test that ECH can be used with client certificates. In particular,
+		// the name override logic should not interfere with the server.
+		// Test the server can accept ECH.
+		testCases = append(testCases, testCase{
+			testType: serverTest,
+			protocol: protocol,
+			name:     prefix + "ECH-Server-ClientAuth",
+			config: Config{
+				Certificates:    []Certificate{rsaCertificate},
+				ClientECHConfig: echConfig.ECHConfig,
+			},
+			flags: []string{
+				"-ech-server-config", base64FlagValue(echConfig.ECHConfig.Raw),
+				"-ech-server-key", base64FlagValue(echConfig.Key),
+				"-ech-is-retry-config", "1",
+				"-expect-ech-accept",
+				"-require-any-client-certificate",
+			},
+			expectations: connectionExpectations{
+				echAccepted: true,
+			},
+		})
+		testCases = append(testCases, testCase{
+			testType: serverTest,
+			protocol: protocol,
+			name:     prefix + "ECH-Server-Decline-ClientAuth",
+			config: Config{
+				Certificates:    []Certificate{rsaCertificate},
+				ClientECHConfig: echConfig.ECHConfig,
+				Bugs: ProtocolBugs{
+					ExpectECHRetryConfigs: CreateECHConfigList(echConfig1.ECHConfig.Raw),
+				},
+			},
+			flags: []string{
+				"-ech-server-config", base64FlagValue(echConfig1.ECHConfig.Raw),
+				"-ech-server-key", base64FlagValue(echConfig1.Key),
+				"-ech-is-retry-config", "1",
+				"-require-any-client-certificate",
+			},
+		})
+
 		// Test the client's behavior when the server ignores ECH GREASE.
 		testCases = append(testCases, testCase{
 			testType: clientTest,