Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / aba057a4e09a80cf8de4f43a8caaee30cdb799be^! / . / ssl / internal.h
commitaba057a4e09a80cf8de4f43a8caaee30cdb799be[log] [tgz]
authorDavid Benjamin <davidben@google.com>Mon Sep 11 15:21:43 2017 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Tue Sep 12 15:56:59 2017 +0000
tree25e639355595482e59b8627f0a626182bb5d78f5
parent1682126fd81ca12089323b936484e17285c36602 [diff] [blame]
Work around a Java client bug when rotating certificates.

The Java client implementation of the 3SHAKE mitigation incorrectly
rejects initial handshakes when all of the following are true:

1. The ClientHello offered a session.
2. The session was successfully resumed previously.
3. The server declines the session.
4. The server sends a certificate with a different SAN list than in the
   previous session.

(Note the 3SHAKE mitigation is to reject certificates changes on
renegotiation, while Java's logic applies to initial handshakes as
well.)

The end result is long-lived Java clients break on some certificate
rotations. Fingerprint Java clients and decline all offered sessions.
This avoids (2) while still introducing new sessions to clear any
existing problematic sessions.

See also b/65323005.

Change-Id: Ib2b84c69b5ecba285ffb8c4d03de5626838d794e
Reviewed-on: https://boringssl-review.googlesource.com/20184
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/internal.h b/ssl/internal.h
index 2ebb7e9..ddc91c7 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1440,8 +1440,11 @@
 
 // ClientHello functions.
 
-int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out,
-                          const SSLMessage &msg);
+// ssl_client_hello_init parses |msg| as a ClientHello and writes the result to
+// |*out|. It returns one on success and zero on error. This function is
+// exported for unit tests.
+OPENSSL_EXPORT int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out,
+                                         const SSLMessage &msg);
 
 int ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
                                    CBS *out, uint16_t extension_type);
@@ -1449,6 +1452,10 @@
 int ssl_client_cipher_list_contains_cipher(const SSL_CLIENT_HELLO *client_hello,
                                            uint16_t id);
 
+// ssl_is_probably_java returns true if |client_hello| looks like a Java
+// ClientHello and false otherwise. This function is exported for tests.
+OPENSSL_EXPORT bool ssl_is_probably_java(const SSL_CLIENT_HELLO *client_hello);
+
 
 // GREASE.