Handle the server case in SSL_get0_ech_name_override.
Found by OSS-Fuzz. This comes up if you enable client certificates and
the draft ECH implementation on the server.
Bug: 275, oss-fuzz:35815
Change-Id: I0b4fcc994f7238f8a3cf1f1934672bac0cee0cfb
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48425
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/encrypted_client_hello.cc b/ssl/encrypted_client_hello.cc
index e5fabd9..b70f66c 100644
--- a/ssl/encrypted_client_hello.cc
+++ b/ssl/encrypted_client_hello.cc
@@ -1003,7 +1003,7 @@
// this point, |ech_status| will be |ssl_ech_none|. See the
// ECH-Client-Reject-EarlyDataReject-OverrideNameOnRetry tests in runner.go.
const SSL_HANDSHAKE *hs = ssl->s3->hs.get();
- if (hs && ssl->s3->ech_status == ssl_ech_rejected) {
+ if (!ssl->server && hs && ssl->s3->ech_status == ssl_ech_rejected) {
*out_name = reinterpret_cast<const char *>(
hs->selected_ech_config->public_name.data());
*out_name_len = hs->selected_ech_config->public_name.size();
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 4838eec..3306c88 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -17071,6 +17071,47 @@
},
})
+ // Test that ECH can be used with client certificates. In particular,
+ // the name override logic should not interfere with the server.
+ // Test the server can accept ECH.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ protocol: protocol,
+ name: prefix + "ECH-Server-ClientAuth",
+ config: Config{
+ Certificates: []Certificate{rsaCertificate},
+ ClientECHConfig: echConfig.ECHConfig,
+ },
+ flags: []string{
+ "-ech-server-config", base64FlagValue(echConfig.ECHConfig.Raw),
+ "-ech-server-key", base64FlagValue(echConfig.Key),
+ "-ech-is-retry-config", "1",
+ "-expect-ech-accept",
+ "-require-any-client-certificate",
+ },
+ expectations: connectionExpectations{
+ echAccepted: true,
+ },
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ protocol: protocol,
+ name: prefix + "ECH-Server-Decline-ClientAuth",
+ config: Config{
+ Certificates: []Certificate{rsaCertificate},
+ ClientECHConfig: echConfig.ECHConfig,
+ Bugs: ProtocolBugs{
+ ExpectECHRetryConfigs: CreateECHConfigList(echConfig1.ECHConfig.Raw),
+ },
+ },
+ flags: []string{
+ "-ech-server-config", base64FlagValue(echConfig1.ECHConfig.Raw),
+ "-ech-server-key", base64FlagValue(echConfig1.Key),
+ "-ech-is-retry-config", "1",
+ "-require-any-client-certificate",
+ },
+ })
+
// Test the client's behavior when the server ignores ECH GREASE.
testCases = append(testCases, testCase{
testType: clientTest,
