commit e8f3d666ccf4495fffc5aa9d7ac8ee3356bb980d
author David Benjamin <davidben@chromium.org> Sat Jul 12 01:10:19 2014 -0400
committer Adam Langley <agl@google.com> Mon Jul 14 20:50:30 2014 +0000
tree f16a469b1926c627db8beb1c23591ee0832019c6
parent 1c375dda8a254d762f1439e22489b505a2a051bd

Be strict about expecting a server Certificate message.

Introduce a ssl_cipher_has_server_public_key to save the repeated
NULL/PSK/RSA_PSK[*] check. Don't allow skipping to ServerKeyExchange when
expecting Certificate; the messages expected are determined by the cipher
suite. The ssl3_get_server_public_key call is already guarded.

As the previous test demonstrates, this is safe because of the
ssl3_check_cert_and_algorithm call, but avoid the looseness in the parsing
there.

[*] NB: we don't implement RSA_PSK, and OpenSSL has never implemented it.

Change-Id: I0571e6bcbeb8eb883f77878bdc98d1aa3a287cf3
Reviewed-on: https://boringssl-review.googlesource.com/1156
Reviewed-by: Adam Langley <agl@google.com>

ssl/ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 63e7dcc..ed3a0b5 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -993,6 +993,8 @@
 int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
 int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
 const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr);
+int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher);
+
 int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain);
 int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain);
 int ssl_cert_add0_chain_cert(CERT *c, X509 *x);