grpc 1.10.0 → 1.11.0.pre2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +2098 -501
- data/include/grpc/byte_buffer.h +2 -0
- data/include/grpc/byte_buffer_reader.h +2 -0
- data/include/grpc/census.h +2 -0
- data/include/grpc/fork.h +2 -0
- data/include/grpc/grpc.h +10 -0
- data/include/grpc/grpc_cronet.h +2 -0
- data/include/grpc/grpc_posix.h +2 -1
- data/include/grpc/grpc_security.h +21 -0
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/byte_buffer.h +2 -0
- data/include/grpc/impl/codegen/grpc_types.h +24 -0
- data/include/grpc/impl/codegen/slice.h +1 -1
- data/include/grpc/impl/codegen/sync.h +1 -0
- data/include/grpc/impl/codegen/sync_custom.h +2 -0
- data/include/grpc/impl/codegen/sync_generic.h +2 -0
- data/include/grpc/impl/codegen/sync_posix.h +2 -0
- data/include/grpc/impl/codegen/sync_windows.h +2 -0
- data/include/grpc/slice.h +2 -0
- data/include/grpc/slice_buffer.h +2 -0
- data/include/grpc/status.h +2 -0
- data/include/grpc/support/alloc.h +2 -2
- data/include/grpc/support/atm.h +2 -0
- data/include/grpc/support/atm_gcc_atomic.h +2 -0
- data/include/grpc/support/atm_gcc_sync.h +2 -0
- data/include/grpc/support/atm_windows.h +2 -0
- data/include/grpc/support/log.h +1 -1
- data/include/grpc/support/sync.h +2 -0
- data/include/grpc/support/sync_custom.h +2 -0
- data/include/grpc/support/sync_generic.h +2 -0
- data/include/grpc/support/sync_posix.h +2 -0
- data/include/grpc/support/sync_windows.h +2 -0
- data/include/grpc/support/time.h +2 -0
- data/src/boringssl/err_data.c +444 -438
- data/src/core/ext/census/grpc_context.cc +2 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +13 -8
- data/src/core/ext/filters/client_channel/backup_poller.h +3 -2
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +2 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +1988 -433
- data/src/core/ext/filters/client_channel/client_channel.h +2 -0
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +2 -0
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -0
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +2 -27
- data/src/core/ext/filters/client_channel/connector.cc +2 -0
- data/src/core/ext/filters/client_channel/connector.h +2 -0
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -0
- data/src/core/ext/filters/client_channel/http_proxy.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +96 -78
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +70 -62
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +4 -2
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -2
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy_factory.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +2 -1
- data/src/core/ext/filters/client_channel/method_params.cc +178 -0
- data/src/core/ext/filters/client_channel/method_params.h +74 -0
- data/src/core/ext/filters/client_channel/parse_address.cc +17 -13
- data/src/core/ext/filters/client_channel/parse_address.h +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper.cc +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper.h +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +2 -0
- data/src/core/ext/filters/client_channel/resolver.cc +2 -0
- data/src/core/ext/filters/client_channel/resolver.h +6 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +24 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +2 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +55 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +8 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +1 -0
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +30 -3
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -1
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -0
- data/src/core/ext/filters/client_channel/resolver_registry.cc +2 -0
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -0
- data/src/core/ext/filters/client_channel/retry_throttle.cc +102 -120
- data/src/core/ext/filters/client_channel/retry_throttle.h +52 -25
- data/src/core/ext/filters/client_channel/subchannel.cc +14 -4
- data/src/core/ext/filters/client_channel/subchannel.h +10 -1
- data/src/core/ext/filters/client_channel/subchannel_index.cc +2 -0
- data/src/core/ext/filters/client_channel/subchannel_index.h +2 -0
- data/src/core/ext/filters/client_channel/uri_parser.cc +2 -1
- data/src/core/ext/filters/client_channel/uri_parser.h +2 -1
- data/src/core/ext/filters/deadline/deadline_filter.cc +2 -1
- data/src/core/ext/filters/deadline/deadline_filter.h +2 -0
- data/src/core/ext/filters/http/client/http_client_filter.cc +27 -25
- data/src/core/ext/filters/http/client/http_client_filter.h +2 -0
- data/src/core/ext/filters/http/client_authority_filter.cc +156 -0
- data/src/core/ext/filters/http/client_authority_filter.h +34 -0
- data/src/core/ext/filters/http/http_filters_plugin.cc +2 -0
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +21 -22
- data/src/core/ext/filters/http/message_compress/message_compress_filter.h +2 -0
- data/src/core/ext/filters/http/server/http_server_filter.cc +11 -8
- data/src/core/ext/filters/http/server/http_server_filter.h +2 -0
- data/src/core/ext/filters/load_reporting/server_load_reporting_filter.cc +2 -0
- data/src/core/ext/filters/load_reporting/server_load_reporting_filter.h +2 -0
- data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.h +2 -0
- data/src/core/ext/filters/max_age/max_age_filter.cc +2 -0
- data/src/core/ext/filters/max_age/max_age_filter.h +2 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +52 -49
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -0
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +5 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +2 -0
- data/src/core/ext/filters/workarounds/workaround_utils.cc +2 -0
- data/src/core/ext/filters/workarounds/workaround_utils.h +2 -0
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +3 -1
- data/src/core/ext/transport/chttp2/alpn/alpn.h +2 -0
- data/src/core/ext/transport/chttp2/client/authority.cc +42 -0
- data/src/core/ext/transport/chttp2/client/authority.h +36 -0
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -0
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +2 -0
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +10 -3
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +2 -2
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +37 -25
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +2 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +3 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +2 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +2 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +3 -1
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -0
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +2 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +152 -182
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +2 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +15 -19
- data/src/core/ext/transport/chttp2/transport/frame_data.h +7 -5
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -2
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -1
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +2 -0
- data/src/core/ext/transport/chttp2/transport/huffsyms.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -0
- data/src/core/ext/transport/chttp2/transport/internal.h +60 -24
- data/src/core/ext/transport/chttp2/transport/parsing.cc +2 -4
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/stream_map.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/varint.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -6
- data/src/core/ext/transport/inproc/inproc_plugin.cc +2 -0
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -23
- data/src/core/ext/transport/inproc/inproc_transport.h +2 -0
- data/src/core/lib/avl/avl.cc +2 -0
- data/src/core/lib/avl/avl.h +2 -0
- data/src/core/lib/backoff/backoff.cc +2 -0
- data/src/core/lib/backoff/backoff.h +2 -0
- data/src/core/lib/channel/channel_args.h +2 -0
- data/src/core/lib/channel/channel_stack.cc +3 -1
- data/src/core/lib/channel/channel_stack.h +2 -0
- data/src/core/lib/channel/channel_stack_builder.cc +2 -0
- data/src/core/lib/channel/channel_stack_builder.h +2 -0
- data/src/core/lib/channel/channel_trace.cc +239 -0
- data/src/core/lib/channel/channel_trace.h +133 -0
- data/src/core/lib/channel/channel_trace_registry.cc +80 -0
- data/src/core/lib/channel/channel_trace_registry.h +43 -0
- data/src/core/lib/channel/connected_channel.cc +2 -0
- data/src/core/lib/channel/connected_channel.h +2 -0
- data/src/core/lib/channel/handshaker.cc +2 -0
- data/src/core/lib/channel/handshaker.h +2 -0
- data/src/core/lib/channel/handshaker_factory.cc +2 -0
- data/src/core/lib/channel/handshaker_factory.h +2 -1
- data/src/core/lib/channel/handshaker_registry.cc +2 -0
- data/src/core/lib/channel/handshaker_registry.h +2 -1
- data/src/core/lib/channel/status_util.cc +100 -0
- data/src/core/lib/channel/status_util.h +58 -0
- data/src/core/lib/compression/algorithm_metadata.h +2 -0
- data/src/core/lib/compression/compression.cc +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -0
- data/src/core/lib/compression/compression_internal.h +2 -0
- data/src/core/lib/compression/message_compress.cc +2 -0
- data/src/core/lib/compression/message_compress.h +2 -0
- data/src/core/lib/compression/stream_compression.cc +2 -0
- data/src/core/lib/compression/stream_compression.h +2 -0
- data/src/core/lib/compression/stream_compression_gzip.cc +2 -0
- data/src/core/lib/compression/stream_compression_gzip.h +2 -0
- data/src/core/lib/compression/stream_compression_identity.cc +2 -1
- data/src/core/lib/compression/stream_compression_identity.h +2 -0
- data/src/core/lib/debug/stats.cc +2 -0
- data/src/core/lib/debug/stats.h +2 -0
- data/src/core/lib/debug/stats_data.cc +3 -1
- data/src/core/lib/debug/stats_data.h +2 -0
- data/src/core/lib/debug/trace.cc +2 -0
- data/src/core/lib/debug/trace.h +2 -1
- data/src/core/lib/gpr/alloc.cc +2 -1
- data/src/core/lib/gpr/arena.cc +47 -0
- data/src/core/lib/gpr/arena.h +2 -0
- data/src/core/lib/gpr/atm.cc +2 -0
- data/src/core/lib/gpr/cpu_linux.cc +5 -1
- data/src/core/lib/gpr/cpu_posix.cc +1 -1
- data/src/core/lib/gpr/env.h +2 -0
- data/src/core/lib/gpr/fork.cc +2 -0
- data/src/core/lib/gpr/host_port.cc +2 -0
- data/src/core/lib/gpr/log.cc +2 -1
- data/src/core/lib/gpr/log_linux.cc +1 -0
- data/src/core/lib/gpr/mpscq.cc +2 -0
- data/src/core/lib/gpr/mpscq.h +2 -0
- data/src/core/lib/gpr/murmur_hash.cc +2 -0
- data/src/core/lib/gpr/spinlock.h +2 -0
- data/src/core/lib/gpr/string.cc +2 -1
- data/src/core/lib/gpr/string.h +2 -2
- data/src/core/lib/gpr/sync.cc +2 -0
- data/src/core/lib/gpr/time.cc +2 -0
- data/src/core/lib/gpr/time_posix.cc +1 -0
- data/src/core/lib/gpr/time_precise.cc +2 -0
- data/src/core/lib/gpr/time_precise.h +2 -0
- data/src/core/lib/gpr/tls_gcc.h +2 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_pthread.h +2 -0
- data/src/core/lib/gpr/tmpfile.h +2 -0
- data/src/core/lib/gprpp/atomic_with_atm.h +2 -0
- data/src/core/lib/gprpp/atomic_with_std.h +2 -0
- data/src/core/lib/gprpp/inlined_vector.h +2 -0
- data/src/core/lib/gprpp/manual_constructor.h +3 -1
- data/src/core/lib/gprpp/memory.h +5 -3
- data/src/core/lib/gprpp/orphanable.h +3 -0
- data/src/core/lib/gprpp/ref_counted.h +4 -0
- data/src/core/lib/gprpp/ref_counted_ptr.h +3 -0
- data/src/core/lib/gprpp/thd.h +135 -0
- data/src/core/lib/gprpp/thd_posix.cc +209 -0
- data/src/core/lib/gprpp/thd_windows.cc +162 -0
- data/src/core/lib/http/format_request.cc +2 -0
- data/src/core/lib/http/format_request.h +2 -0
- data/src/core/lib/http/httpcli.cc +2 -0
- data/src/core/lib/http/httpcli.h +2 -0
- data/src/core/lib/http/httpcli_security_connector.cc +16 -7
- data/src/core/lib/http/parser.cc +2 -0
- data/src/core/lib/http/parser.h +2 -1
- data/src/core/lib/iomgr/call_combiner.cc +2 -0
- data/src/core/lib/iomgr/call_combiner.h +2 -1
- data/src/core/lib/iomgr/combiner.cc +2 -0
- data/src/core/lib/iomgr/combiner.h +2 -0
- data/src/core/lib/iomgr/endpoint.cc +4 -0
- data/src/core/lib/iomgr/endpoint.h +2 -0
- data/src/core/lib/iomgr/endpoint_pair.h +2 -0
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -0
- data/src/core/lib/iomgr/endpoint_pair_uv.cc +2 -0
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +7 -4
- data/src/core/lib/iomgr/error.h +2 -0
- data/src/core/lib/iomgr/error_internal.h +2 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +2 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.h +2 -0
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -18
- data/src/core/lib/iomgr/ev_epollex_linux.h +2 -0
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +2 -0
- data/src/core/lib/iomgr/ev_epollsig_linux.h +2 -0
- data/src/core/lib/iomgr/ev_poll_posix.cc +61 -31
- data/src/core/lib/iomgr/ev_poll_posix.h +2 -0
- data/src/core/lib/iomgr/ev_posix.cc +35 -19
- data/src/core/lib/iomgr/ev_posix.h +2 -0
- data/src/core/lib/iomgr/ev_windows.cc +2 -0
- data/src/core/lib/iomgr/exec_ctx.cc +3 -1
- data/src/core/lib/iomgr/exec_ctx.h +21 -9
- data/src/core/lib/iomgr/executor.cc +13 -11
- data/src/core/lib/iomgr/executor.h +2 -0
- data/src/core/lib/iomgr/fork_posix.cc +4 -2
- data/src/core/lib/iomgr/fork_windows.cc +2 -0
- data/src/core/lib/iomgr/gethostname_fallback.cc +2 -0
- data/src/core/lib/iomgr/gethostname_host_name_max.cc +2 -0
- data/src/core/lib/iomgr/gethostname_sysconf.cc +2 -0
- data/src/core/lib/iomgr/iocp_windows.cc +3 -1
- data/src/core/lib/iomgr/iocp_windows.h +3 -0
- data/src/core/lib/iomgr/iomgr.cc +2 -1
- data/src/core/lib/iomgr/iomgr.h +2 -0
- data/src/core/lib/iomgr/iomgr_custom.cc +63 -0
- data/src/core/lib/iomgr/iomgr_custom.h +47 -0
- data/src/core/lib/iomgr/iomgr_internal.cc +43 -0
- data/src/core/lib/iomgr/iomgr_internal.h +14 -0
- data/src/core/lib/iomgr/iomgr_posix.cc +30 -3
- data/src/core/lib/iomgr/iomgr_posix.h +2 -0
- data/src/core/lib/iomgr/iomgr_uv.cc +17 -20
- data/src/core/lib/iomgr/iomgr_windows.cc +29 -3
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +2 -0
- data/src/core/lib/iomgr/is_epollexclusive_available.h +2 -0
- data/src/core/lib/iomgr/load_file.cc +2 -0
- data/src/core/lib/iomgr/load_file.h +2 -0
- data/src/core/lib/iomgr/lockfree_event.cc +2 -0
- data/src/core/lib/iomgr/lockfree_event.h +14 -1
- data/src/core/lib/iomgr/nameser.h +2 -0
- data/src/core/lib/iomgr/network_status_tracker.cc +3 -1
- data/src/core/lib/iomgr/network_status_tracker.h +2 -0
- data/src/core/lib/iomgr/polling_entity.cc +2 -0
- data/src/core/lib/iomgr/polling_entity.h +2 -0
- data/src/core/lib/iomgr/pollset.cc +56 -0
- data/src/core/lib/iomgr/pollset.h +19 -0
- data/src/core/lib/iomgr/pollset_custom.cc +106 -0
- data/src/core/lib/iomgr/{timer_generic.h → pollset_custom.h} +15 -17
- data/src/core/lib/iomgr/pollset_set.cc +55 -0
- data/src/core/lib/iomgr/pollset_set.h +13 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +48 -0
- data/src/core/lib/iomgr/{pollset_uv.h → pollset_set_custom.h} +6 -7
- data/src/core/lib/iomgr/pollset_set_windows.cc +17 -10
- data/src/core/lib/iomgr/pollset_set_windows.h +2 -0
- data/src/core/lib/iomgr/pollset_uv.cc +42 -105
- data/src/core/lib/iomgr/pollset_windows.cc +20 -12
- data/src/core/lib/iomgr/pollset_windows.h +2 -0
- data/src/core/lib/iomgr/port.h +10 -19
- data/src/core/lib/iomgr/resolve_address.cc +50 -0
- data/src/core/lib/iomgr/resolve_address.h +39 -10
- data/src/core/lib/iomgr/resolve_address_custom.cc +187 -0
- data/src/core/lib/iomgr/resolve_address_custom.h +43 -0
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -22
- data/src/core/lib/iomgr/resolve_address_windows.cc +10 -22
- data/src/core/lib/iomgr/resource_quota.cc +2 -0
- data/src/core/lib/iomgr/resource_quota.h +3 -5
- data/src/core/lib/iomgr/sockaddr.h +3 -11
- data/src/core/lib/iomgr/sockaddr_custom.h +54 -0
- data/src/core/lib/iomgr/sockaddr_posix.h +26 -0
- data/src/core/lib/iomgr/sockaddr_utils.cc +91 -71
- data/src/core/lib/iomgr/sockaddr_utils.h +4 -0
- data/src/core/lib/iomgr/sockaddr_windows.h +21 -0
- data/src/core/lib/iomgr/socket_factory_posix.cc +2 -0
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -0
- data/src/core/lib/iomgr/socket_mutator.cc +2 -0
- data/src/core/lib/iomgr/socket_mutator.h +2 -0
- data/src/core/lib/iomgr/socket_utils.h +11 -0
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +15 -6
- data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
- data/src/core/lib/iomgr/socket_utils_posix.cc +3 -2
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -0
- data/src/core/lib/iomgr/socket_utils_uv.cc +13 -2
- data/src/core/lib/iomgr/socket_utils_windows.cc +10 -0
- data/src/core/lib/iomgr/socket_windows.cc +2 -0
- data/src/core/lib/iomgr/socket_windows.h +2 -1
- data/src/core/lib/iomgr/sys_epoll_wrapper.h +2 -0
- data/src/core/lib/iomgr/tcp_client.cc +36 -0
- data/src/core/lib/iomgr/tcp_client.h +13 -0
- data/src/core/lib/iomgr/tcp_client_custom.cc +151 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +11 -24
- data/src/core/lib/iomgr/tcp_client_posix.h +2 -0
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -23
- data/src/core/lib/iomgr/tcp_custom.cc +365 -0
- data/src/core/lib/iomgr/tcp_custom.h +81 -0
- data/src/core/lib/iomgr/tcp_posix.cc +3 -1
- data/src/core/lib/iomgr/tcp_posix.h +2 -0
- data/src/core/lib/iomgr/tcp_server.cc +73 -0
- data/src/core/lib/iomgr/tcp_server.h +24 -0
- data/src/core/lib/iomgr/tcp_server_custom.cc +472 -0
- data/src/core/lib/iomgr/tcp_server_posix.cc +41 -23
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +2 -0
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -7
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -6
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +2 -0
- data/src/core/lib/iomgr/tcp_server_windows.cc +43 -21
- data/src/core/lib/iomgr/tcp_uv.cc +308 -314
- data/src/core/lib/iomgr/tcp_windows.cc +3 -1
- data/src/core/lib/iomgr/tcp_windows.h +2 -0
- data/src/core/lib/iomgr/time_averaged_stats.cc +2 -0
- data/src/core/lib/iomgr/timer.cc +45 -0
- data/src/core/lib/iomgr/timer.h +36 -15
- data/src/core/lib/iomgr/timer_custom.cc +93 -0
- data/src/core/lib/iomgr/timer_custom.h +43 -0
- data/src/core/lib/iomgr/timer_generic.cc +12 -10
- data/src/core/lib/iomgr/timer_heap.cc +2 -4
- data/src/core/lib/iomgr/timer_heap.h +2 -0
- data/src/core/lib/iomgr/timer_manager.cc +12 -20
- data/src/core/lib/iomgr/timer_manager.h +2 -0
- data/src/core/lib/iomgr/timer_uv.cc +15 -49
- data/src/core/lib/iomgr/udp_server.cc +271 -230
- data/src/core/lib/iomgr/udp_server.h +44 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +10 -7
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_cv.cc +3 -1
- data/src/core/lib/iomgr/wakeup_fd_cv.h +2 -0
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.h +2 -0
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_posix.h +2 -0
- data/src/core/lib/json/json.cc +38 -0
- data/src/core/lib/json/json.h +22 -1
- data/src/core/lib/json/json_reader.cc +2 -2
- data/src/core/lib/json/json_reader.h +1 -0
- data/src/core/lib/json/json_string.cc +2 -0
- data/src/core/lib/json/json_writer.cc +2 -2
- data/src/core/lib/json/json_writer.h +2 -0
- data/src/core/lib/profiling/basic_timers.cc +11 -9
- data/src/core/lib/profiling/timers.h +6 -3
- data/src/core/lib/security/context/security_context.cc +2 -0
- data/src/core/lib/security/context/security_context.h +2 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +119 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.h +102 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +72 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment.h +57 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +67 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +33 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +114 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +126 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +46 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +112 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +58 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +2 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials.cc +2 -0
- data/src/core/lib/security/credentials/credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials_metadata.cc +2 -0
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -3
- data/src/core/lib/security/credentials/fake/fake_credentials.h +5 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +2 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +2 -0
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -0
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -0
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +2 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +11 -2
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -0
- data/src/core/lib/security/security_connector/alts_security_connector.cc +287 -0
- data/src/core/lib/security/security_connector/alts_security_connector.h +69 -0
- data/src/core/lib/security/security_connector/security_connector.cc +174 -74
- data/src/core/lib/security/security_connector/security_connector.h +41 -7
- data/src/core/lib/security/transport/auth_filters.h +2 -0
- data/src/core/lib/security/transport/client_auth_filter.cc +14 -28
- data/src/core/lib/security/transport/secure_endpoint.cc +2 -0
- data/src/core/lib/security/transport/secure_endpoint.h +2 -0
- data/src/core/lib/security/transport/security_handshaker.cc +2 -0
- data/src/core/lib/security/transport/security_handshaker.h +2 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -0
- data/src/core/lib/security/transport/target_authority_table.cc +75 -0
- data/src/core/lib/security/transport/{lb_targets_info.h → target_authority_table.h} +16 -8
- data/src/core/lib/security/transport/tsi_error.cc +2 -0
- data/src/core/lib/security/transport/tsi_error.h +2 -0
- data/src/core/lib/security/util/json_util.cc +2 -0
- data/src/core/lib/security/util/json_util.h +2 -0
- data/src/core/lib/slice/b64.cc +2 -0
- data/src/core/lib/slice/b64.h +2 -0
- data/src/core/lib/slice/percent_encoding.cc +2 -0
- data/src/core/lib/slice/percent_encoding.h +2 -0
- data/src/core/lib/slice/slice.cc +2 -0
- data/src/core/lib/slice/slice_buffer.cc +3 -1
- data/src/core/lib/slice/slice_hash_table.h +178 -45
- data/src/core/lib/slice/slice_intern.cc +2 -0
- data/src/core/lib/slice/slice_internal.h +2 -2
- data/src/core/lib/slice/slice_string_helpers.cc +2 -0
- data/src/core/lib/slice/slice_string_helpers.h +2 -1
- data/src/core/lib/slice/slice_weak_hash_table.h +105 -0
- data/src/core/lib/surface/api_trace.cc +3 -1
- data/src/core/lib/surface/api_trace.h +2 -0
- data/src/core/lib/surface/byte_buffer.cc +3 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +3 -0
- data/src/core/lib/surface/call.cc +46 -80
- data/src/core/lib/surface/call.h +2 -0
- data/src/core/lib/surface/call_details.cc +2 -0
- data/src/core/lib/surface/call_log_batch.cc +2 -0
- data/src/core/lib/surface/call_test_only.h +2 -0
- data/src/core/lib/surface/channel.cc +72 -41
- data/src/core/lib/surface/channel.h +2 -0
- data/src/core/lib/surface/channel_init.cc +2 -0
- data/src/core/lib/surface/channel_init.h +2 -0
- data/src/core/lib/surface/channel_ping.cc +2 -0
- data/src/core/lib/surface/channel_stack_type.cc +3 -2
- data/src/core/lib/surface/channel_stack_type.h +2 -0
- data/src/core/lib/surface/completion_queue.h +2 -0
- data/src/core/lib/surface/completion_queue_factory.cc +3 -1
- data/src/core/lib/surface/completion_queue_factory.h +2 -0
- data/src/core/lib/surface/event_string.cc +2 -0
- data/src/core/lib/surface/event_string.h +2 -0
- data/src/core/lib/surface/init.cc +5 -2
- data/src/core/lib/surface/init_secure.cc +5 -2
- data/src/core/lib/surface/lame_client.cc +7 -5
- data/src/core/lib/surface/lame_client.h +2 -0
- data/src/core/lib/surface/metadata_array.cc +2 -0
- data/src/core/lib/surface/server.cc +2 -0
- data/src/core/lib/surface/server.h +2 -0
- data/src/core/lib/surface/validate_metadata.cc +2 -1
- data/src/core/lib/surface/validate_metadata.h +2 -0
- data/src/core/lib/surface/version.cc +4 -2
- data/src/core/lib/transport/bdp_estimator.cc +2 -0
- data/src/core/lib/transport/byte_stream.cc +94 -116
- data/src/core/lib/transport/byte_stream.h +111 -78
- data/src/core/lib/transport/connectivity_state.cc +2 -0
- data/src/core/lib/transport/connectivity_state.h +3 -1
- data/src/core/lib/transport/error_utils.cc +2 -0
- data/src/core/lib/transport/error_utils.h +2 -0
- data/src/core/lib/transport/metadata.cc +2 -0
- data/src/core/lib/transport/metadata.h +3 -1
- data/src/core/lib/transport/metadata_batch.cc +26 -0
- data/src/core/lib/transport/metadata_batch.h +12 -1
- data/src/core/lib/transport/pid_controller.cc +2 -0
- data/src/core/lib/transport/pid_controller.h +2 -0
- data/src/core/lib/transport/service_config.cc +21 -175
- data/src/core/lib/transport/service_config.h +223 -35
- data/src/core/lib/transport/static_metadata.cc +310 -294
- data/src/core/lib/transport/static_metadata.h +96 -82
- data/src/core/lib/transport/status_conversion.cc +2 -0
- data/src/core/lib/transport/status_conversion.h +3 -0
- data/src/core/lib/transport/status_metadata.cc +54 -0
- data/src/core/lib/{iomgr/timer_uv.h → transport/status_metadata.h} +10 -12
- data/src/core/lib/transport/timeout_encoding.cc +2 -1
- data/src/core/lib/transport/timeout_encoding.h +2 -0
- data/src/core/lib/transport/transport.cc +3 -1
- data/src/core/lib/transport/transport.h +33 -7
- data/src/core/lib/transport/transport_impl.h +2 -0
- data/src/core/lib/transport/transport_op_string.cc +10 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +10 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +687 -0
- data/src/core/tsi/alts/crypt/gsec.cc +189 -0
- data/src/core/tsi/alts/crypt/gsec.h +454 -0
- data/src/core/tsi/alts/frame_protector/alts_counter.cc +118 -0
- data/src/core/tsi/alts/frame_protector/alts_counter.h +98 -0
- data/src/core/tsi/alts/frame_protector/alts_crypter.cc +66 -0
- data/src/core/tsi/alts/frame_protector/alts_crypter.h +255 -0
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +407 -0
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +55 -0
- data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +114 -0
- data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +114 -0
- data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +105 -0
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +103 -0
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +218 -0
- data/src/core/tsi/alts/frame_protector/frame_handler.h +236 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +316 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +137 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +520 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +323 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +143 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +149 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_event.cc +73 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_event.h +93 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +483 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +83 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +52 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +58 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +52 -0
- data/src/core/tsi/alts/handshaker/altscontext.pb.c +48 -0
- data/src/core/tsi/alts/handshaker/altscontext.pb.h +64 -0
- data/src/core/tsi/alts/handshaker/handshaker.pb.c +123 -0
- data/src/core/tsi/alts/handshaker/handshaker.pb.h +255 -0
- data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +50 -0
- data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +78 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +196 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +163 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +180 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +52 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +144 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +49 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +91 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +174 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +100 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +476 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +199 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +296 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +52 -0
- data/src/core/tsi/alts_transport_security.cc +3 -1
- data/src/core/tsi/alts_transport_security.h +4 -2
- data/src/core/tsi/fake_transport_security.cc +2 -1
- data/src/core/tsi/fake_transport_security.h +2 -0
- data/src/core/tsi/ssl/session_cache/ssl_session.h +73 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +58 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +211 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +93 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +76 -0
- data/src/core/tsi/ssl_transport_security.cc +266 -62
- data/src/core/tsi/ssl_transport_security.h +128 -6
- data/src/core/tsi/ssl_types.h +2 -0
- data/src/core/tsi/transport_security.cc +2 -0
- data/src/core/tsi/transport_security.h +2 -0
- data/src/core/tsi/transport_security_adapter.cc +2 -0
- data/src/core/tsi/transport_security_adapter.h +2 -0
- data/src/core/tsi/transport_security_grpc.cc +2 -0
- data/src/core/tsi/transport_security_grpc.h +2 -0
- data/src/core/tsi/transport_security_interface.h +2 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -2
- data/src/ruby/ext/grpc/rb_call.c +1 -13
- data/src/ruby/ext/grpc/rb_channel.c +6 -6
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +10 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +15 -0
- data/src/ruby/lib/grpc/core/time_consts.rb +1 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +19 -8
- data/src/ruby/lib/grpc/generic/client_stub.rb +6 -10
- data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/generic/client_stub_spec.rb +133 -0
- data/src/ruby/spec/pb/package_with_underscore/checker_spec.rb +54 -0
- data/src/ruby/spec/pb/package_with_underscore/data.proto +23 -0
- data/src/ruby/spec/pb/package_with_underscore/service.proto +23 -0
- data/third_party/address_sorting/address_sorting.c +369 -0
- data/third_party/address_sorting/address_sorting_internal.h +70 -0
- data/third_party/address_sorting/address_sorting_posix.c +97 -0
- data/third_party/address_sorting/address_sorting_windows.c +55 -0
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +110 -0
- data/third_party/boringssl/crypto/asn1/a_enum.c +20 -9
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +3 -0
- data/third_party/boringssl/crypto/asn1/a_int.c +19 -8
- data/third_party/boringssl/crypto/asn1/a_object.c +0 -128
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +3 -0
- data/third_party/boringssl/crypto/asn1/tasn_fre.c +2 -4
- data/third_party/boringssl/crypto/asn1/tasn_new.c +3 -2
- data/third_party/boringssl/crypto/bn_extra/bn_asn1.c +0 -16
- data/third_party/boringssl/crypto/buf/buf.c +14 -0
- data/third_party/boringssl/crypto/bytestring/cbb.c +93 -0
- data/third_party/boringssl/crypto/conf/conf.c +2 -2
- data/third_party/boringssl/crypto/cpu-intel.c +17 -17
- data/third_party/boringssl/crypto/crypto.c +16 -4
- data/third_party/boringssl/crypto/curve25519/spake25519.c +11 -11
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +1 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +9 -21
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +2 -2
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -8
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +2 -23
- data/third_party/boringssl/crypto/ex_data.c +0 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/add.c +7 -11
- data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +19 -16
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +15 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +53 -46
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +242 -85
- data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +42 -47
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +176 -34
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +118 -65
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +94 -61
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +79 -63
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +26 -28
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +250 -149
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +0 -27
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +54 -20
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +3 -3
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +7 -41
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +6 -40
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +17 -122
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +3 -64
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +27 -9
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +203 -205
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +14 -15
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +12 -8
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +4 -3
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +25 -36
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +10 -0
- data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +0 -4
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +9 -19
- data/third_party/boringssl/crypto/lhash/lhash.c +19 -0
- data/third_party/boringssl/crypto/obj/obj.c +29 -69
- data/third_party/boringssl/crypto/pem/pem_lib.c +2 -2
- data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +4 -55
- data/third_party/boringssl/crypto/rsa_extra/rsa_asn1.c +3 -22
- data/third_party/boringssl/crypto/x509/by_dir.c +1 -3
- data/third_party/boringssl/crypto/x509/by_file.c +0 -1
- data/third_party/boringssl/crypto/x509/x509_lu.c +0 -1
- data/third_party/boringssl/crypto/x509/x509_obj.c +1 -3
- data/third_party/boringssl/crypto/x509/x509_txt.c +0 -6
- data/third_party/boringssl/crypto/x509/x509_vfy.c +0 -1
- data/third_party/boringssl/crypto/x509/x509_vpm.c +0 -1
- data/third_party/boringssl/crypto/x509/x_algor.c +2 -2
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +3 -4
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -0
- data/third_party/boringssl/crypto/x509v3/v3_info.c +1 -2
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +15 -7
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +41 -2
- data/third_party/boringssl/include/openssl/asn1.h +0 -1
- data/third_party/boringssl/include/openssl/base.h +1 -1
- data/third_party/boringssl/include/openssl/bio.h +5 -2
- data/third_party/boringssl/include/openssl/bn.h +2 -17
- data/third_party/boringssl/include/openssl/buf.h +4 -0
- data/third_party/boringssl/include/openssl/bytestring.h +11 -0
- data/third_party/boringssl/include/openssl/chacha.h +5 -1
- data/third_party/boringssl/include/openssl/cipher.h +10 -0
- data/third_party/boringssl/include/openssl/conf.h +4 -8
- data/third_party/boringssl/include/openssl/dsa.h +2 -18
- data/third_party/boringssl/include/openssl/ec.h +5 -5
- data/third_party/boringssl/include/openssl/ecdsa.h +10 -28
- data/third_party/boringssl/include/openssl/evp.h +0 -4
- data/third_party/boringssl/include/openssl/lhash.h +1 -18
- data/third_party/boringssl/include/openssl/obj.h +1 -0
- data/third_party/boringssl/include/openssl/rsa.h +3 -4
- data/third_party/boringssl/include/openssl/ssl.h +35 -54
- data/third_party/boringssl/include/openssl/ssl3.h +2 -0
- data/third_party/boringssl/include/openssl/stack.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +1 -16
- data/third_party/boringssl/include/openssl/x509.h +3 -2
- data/third_party/boringssl/include/openssl/x509_vfy.h +0 -2
- data/third_party/boringssl/include/openssl/x509v3.h +1 -0
- data/third_party/boringssl/ssl/custom_extensions.cc +1 -1
- data/third_party/boringssl/ssl/d1_both.cc +120 -129
- data/third_party/boringssl/ssl/d1_lib.cc +23 -21
- data/third_party/boringssl/ssl/d1_pkt.cc +39 -143
- data/third_party/boringssl/ssl/dtls_method.cc +16 -23
- data/third_party/boringssl/ssl/dtls_record.cc +11 -4
- data/third_party/boringssl/ssl/handshake.cc +109 -40
- data/third_party/boringssl/ssl/handshake_client.cc +104 -96
- data/third_party/boringssl/ssl/handshake_server.cc +62 -72
- data/third_party/boringssl/ssl/internal.h +397 -318
- data/third_party/boringssl/ssl/s3_both.cc +173 -191
- data/third_party/boringssl/ssl/s3_lib.cc +26 -34
- data/third_party/boringssl/ssl/s3_pkt.cc +105 -247
- data/third_party/boringssl/ssl/ssl_asn1.cc +22 -22
- data/third_party/boringssl/ssl/ssl_buffer.cc +98 -108
- data/third_party/boringssl/ssl/ssl_cert.cc +12 -1
- data/third_party/boringssl/ssl/ssl_cipher.cc +23 -28
- data/third_party/boringssl/ssl/ssl_key_share.cc +11 -6
- data/third_party/boringssl/ssl/ssl_lib.cc +190 -113
- data/third_party/boringssl/ssl/ssl_privkey.cc +76 -106
- data/third_party/boringssl/ssl/ssl_session.cc +3 -3
- data/third_party/boringssl/ssl/ssl_stat.cc +3 -3
- data/third_party/boringssl/ssl/ssl_transcript.cc +38 -22
- data/third_party/boringssl/ssl/ssl_versions.cc +64 -31
- data/third_party/boringssl/ssl/t1_enc.cc +137 -154
- data/third_party/boringssl/ssl/t1_lib.cc +463 -478
- data/third_party/boringssl/ssl/tls13_both.cc +57 -58
- data/third_party/boringssl/ssl/tls13_client.cc +256 -121
- data/third_party/boringssl/ssl/tls13_enc.cc +187 -72
- data/third_party/boringssl/ssl/tls13_server.cc +187 -86
- data/third_party/boringssl/ssl/tls_method.cc +20 -30
- data/third_party/boringssl/ssl/tls_record.cc +77 -40
- data/third_party/boringssl/third_party/fiat/curve25519.c +5062 -0
- data/third_party/boringssl/{crypto/curve25519 → third_party/fiat}/internal.h +40 -27
- data/third_party/nanopb/pb.h +1 -1
- metadata +147 -45
- data/src/core/lib/gpr/thd.cc +0 -49
- data/src/core/lib/gpr/thd.h +0 -71
- data/src/core/lib/gpr/thd_posix.cc +0 -154
- data/src/core/lib/gpr/thd_windows.cc +0 -107
- data/src/core/lib/iomgr/iomgr_uv.h +0 -37
- data/src/core/lib/iomgr/pollset_set_uv.cc +0 -43
- data/src/core/lib/iomgr/resolve_address_uv.cc +0 -284
- data/src/core/lib/iomgr/tcp_client_uv.cc +0 -175
- data/src/core/lib/iomgr/tcp_server_uv.cc +0 -471
- data/src/core/lib/iomgr/tcp_uv.h +0 -51
- data/src/core/lib/security/transport/lb_targets_info.cc +0 -59
- data/src/core/lib/slice/slice_hash_table.cc +0 -145
- data/third_party/boringssl/crypto/curve25519/curve25519.c +0 -4938
|
@@ -418,25 +418,15 @@ static const uint16_t kVerifySignatureAlgorithms[] = {
|
|
|
418
418
|
// List our preferred algorithms first.
|
|
419
419
|
SSL_SIGN_ED25519,
|
|
420
420
|
SSL_SIGN_ECDSA_SECP256R1_SHA256,
|
|
421
|
-
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
|
422
421
|
SSL_SIGN_RSA_PSS_SHA256,
|
|
423
|
-
#endif
|
|
424
422
|
SSL_SIGN_RSA_PKCS1_SHA256,
|
|
425
423
|
|
|
426
424
|
// Larger hashes are acceptable.
|
|
427
425
|
SSL_SIGN_ECDSA_SECP384R1_SHA384,
|
|
428
|
-
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
|
429
426
|
SSL_SIGN_RSA_PSS_SHA384,
|
|
430
|
-
#endif
|
|
431
427
|
SSL_SIGN_RSA_PKCS1_SHA384,
|
|
432
428
|
|
|
433
|
-
// TODO(davidben): Remove this.
|
|
434
|
-
#if defined(BORINGSSL_ANDROID_SYSTEM)
|
|
435
|
-
SSL_SIGN_ECDSA_SECP521R1_SHA512,
|
|
436
|
-
#endif
|
|
437
|
-
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
|
438
429
|
SSL_SIGN_RSA_PSS_SHA512,
|
|
439
|
-
#endif
|
|
440
430
|
SSL_SIGN_RSA_PKCS1_SHA512,
|
|
441
431
|
|
|
442
432
|
// For now, SHA-1 is still accepted but least preferable.
|
|
@@ -454,24 +444,18 @@ static const uint16_t kSignSignatureAlgorithms[] = {
|
|
|
454
444
|
// List our preferred algorithms first.
|
|
455
445
|
SSL_SIGN_ED25519,
|
|
456
446
|
SSL_SIGN_ECDSA_SECP256R1_SHA256,
|
|
457
|
-
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
|
458
447
|
SSL_SIGN_RSA_PSS_SHA256,
|
|
459
|
-
#endif
|
|
460
448
|
SSL_SIGN_RSA_PKCS1_SHA256,
|
|
461
449
|
|
|
462
450
|
// If needed, sign larger hashes.
|
|
463
451
|
//
|
|
464
452
|
// TODO(davidben): Determine which of these may be pruned.
|
|
465
453
|
SSL_SIGN_ECDSA_SECP384R1_SHA384,
|
|
466
|
-
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
|
467
454
|
SSL_SIGN_RSA_PSS_SHA384,
|
|
468
|
-
#endif
|
|
469
455
|
SSL_SIGN_RSA_PKCS1_SHA384,
|
|
470
456
|
|
|
471
457
|
SSL_SIGN_ECDSA_SECP521R1_SHA512,
|
|
472
|
-
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
|
473
458
|
SSL_SIGN_RSA_PSS_SHA512,
|
|
474
|
-
#endif
|
|
475
459
|
SSL_SIGN_RSA_PKCS1_SHA512,
|
|
476
460
|
|
|
477
461
|
// If the peer supports nothing else, sign with SHA-1.
|
|
@@ -537,52 +521,52 @@ int tls12_check_peer_sigalg(SSL *ssl, uint8_t *out_alert, uint16_t sigalg) {
|
|
|
537
521
|
// The add callbacks receive a |CBB| to which the extension can be appended but
|
|
538
522
|
// the function is responsible for appending the type and length bytes too.
|
|
539
523
|
//
|
|
540
|
-
// All callbacks return
|
|
541
|
-
// returns zero then a fatal alert with value |*out_alert| will be
|
|
542
|
-
// |*out_alert| isn't set, then a |decode_error| alert will be sent.
|
|
524
|
+
// All callbacks return true for success and false for error. If a parse
|
|
525
|
+
// function returns zero then a fatal alert with value |*out_alert| will be
|
|
526
|
+
// sent. If |*out_alert| isn't set, then a |decode_error| alert will be sent.
|
|
543
527
|
struct tls_extension {
|
|
544
528
|
uint16_t value;
|
|
545
529
|
void (*init)(SSL_HANDSHAKE *hs);
|
|
546
530
|
|
|
547
|
-
|
|
548
|
-
|
|
549
|
-
|
|
531
|
+
bool (*add_clienthello)(SSL_HANDSHAKE *hs, CBB *out);
|
|
532
|
+
bool (*parse_serverhello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
533
|
+
CBS *contents);
|
|
550
534
|
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
535
|
+
bool (*parse_clienthello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
536
|
+
CBS *contents);
|
|
537
|
+
bool (*add_serverhello)(SSL_HANDSHAKE *hs, CBB *out);
|
|
554
538
|
};
|
|
555
539
|
|
|
556
|
-
static
|
|
540
|
+
static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
557
541
|
CBS *contents) {
|
|
558
542
|
if (contents != NULL) {
|
|
559
543
|
// Servers MUST NOT send this extension.
|
|
560
544
|
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
|
561
545
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
|
562
|
-
return
|
|
546
|
+
return false;
|
|
563
547
|
}
|
|
564
548
|
|
|
565
|
-
return
|
|
549
|
+
return true;
|
|
566
550
|
}
|
|
567
551
|
|
|
568
|
-
static
|
|
552
|
+
static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
569
553
|
CBS *contents) {
|
|
570
554
|
// This extension from the client is handled elsewhere.
|
|
571
|
-
return
|
|
555
|
+
return true;
|
|
572
556
|
}
|
|
573
557
|
|
|
574
|
-
static
|
|
575
|
-
return
|
|
558
|
+
static bool dont_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
559
|
+
return true;
|
|
576
560
|
}
|
|
577
561
|
|
|
578
562
|
// Server name indication (SNI).
|
|
579
563
|
//
|
|
580
564
|
// https://tools.ietf.org/html/rfc6066#section-3.
|
|
581
565
|
|
|
582
|
-
static
|
|
566
|
+
static bool ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
583
567
|
SSL *const ssl = hs->ssl;
|
|
584
568
|
if (ssl->tlsext_hostname == NULL) {
|
|
585
|
-
return
|
|
569
|
+
return true;
|
|
586
570
|
}
|
|
587
571
|
|
|
588
572
|
CBB contents, server_name_list, name;
|
|
@@ -594,24 +578,24 @@ static int ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
594
578
|
!CBB_add_bytes(&name, (const uint8_t *)ssl->tlsext_hostname,
|
|
595
579
|
strlen(ssl->tlsext_hostname)) ||
|
|
596
580
|
!CBB_flush(out)) {
|
|
597
|
-
return
|
|
581
|
+
return false;
|
|
598
582
|
}
|
|
599
583
|
|
|
600
|
-
return
|
|
584
|
+
return true;
|
|
601
585
|
}
|
|
602
586
|
|
|
603
|
-
static
|
|
604
|
-
|
|
587
|
+
static bool ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
588
|
+
CBS *contents) {
|
|
605
589
|
// The server may acknowledge SNI with an empty extension. We check the syntax
|
|
606
590
|
// but otherwise ignore this signal.
|
|
607
591
|
return contents == NULL || CBS_len(contents) == 0;
|
|
608
592
|
}
|
|
609
593
|
|
|
610
|
-
static
|
|
611
|
-
|
|
594
|
+
static bool ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
595
|
+
CBS *contents) {
|
|
612
596
|
SSL *const ssl = hs->ssl;
|
|
613
597
|
if (contents == NULL) {
|
|
614
|
-
return
|
|
598
|
+
return true;
|
|
615
599
|
}
|
|
616
600
|
|
|
617
601
|
CBS server_name_list, host_name;
|
|
@@ -628,7 +612,7 @@ static int ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
628
612
|
!CBS_get_u16_length_prefixed(&server_name_list, &host_name) ||
|
|
629
613
|
CBS_len(&server_name_list) != 0 ||
|
|
630
614
|
CBS_len(contents) != 0) {
|
|
631
|
-
return
|
|
615
|
+
return false;
|
|
632
616
|
}
|
|
633
617
|
|
|
634
618
|
if (name_type != TLSEXT_NAMETYPE_host_name ||
|
|
@@ -636,31 +620,33 @@ static int ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
636
620
|
CBS_len(&host_name) > TLSEXT_MAXLEN_host_name ||
|
|
637
621
|
CBS_contains_zero_byte(&host_name)) {
|
|
638
622
|
*out_alert = SSL_AD_UNRECOGNIZED_NAME;
|
|
639
|
-
return
|
|
623
|
+
return false;
|
|
640
624
|
}
|
|
641
625
|
|
|
642
626
|
// Copy the hostname as a string.
|
|
643
|
-
|
|
627
|
+
char *raw = nullptr;
|
|
628
|
+
if (!CBS_strdup(&host_name, &raw)) {
|
|
644
629
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
645
|
-
return
|
|
630
|
+
return false;
|
|
646
631
|
}
|
|
632
|
+
ssl->s3->hostname.reset(raw);
|
|
647
633
|
|
|
648
634
|
hs->should_ack_sni = true;
|
|
649
|
-
return
|
|
635
|
+
return true;
|
|
650
636
|
}
|
|
651
637
|
|
|
652
|
-
static
|
|
638
|
+
static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
653
639
|
if (hs->ssl->s3->session_reused ||
|
|
654
640
|
!hs->should_ack_sni) {
|
|
655
|
-
return
|
|
641
|
+
return true;
|
|
656
642
|
}
|
|
657
643
|
|
|
658
644
|
if (!CBB_add_u16(out, TLSEXT_TYPE_server_name) ||
|
|
659
645
|
!CBB_add_u16(out, 0 /* length */)) {
|
|
660
|
-
return
|
|
646
|
+
return false;
|
|
661
647
|
}
|
|
662
648
|
|
|
663
|
-
return
|
|
649
|
+
return true;
|
|
664
650
|
}
|
|
665
651
|
|
|
666
652
|
|
|
@@ -668,11 +654,11 @@ static int ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
668
654
|
//
|
|
669
655
|
// https://tools.ietf.org/html/rfc5746
|
|
670
656
|
|
|
671
|
-
static
|
|
657
|
+
static bool ext_ri_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
672
658
|
SSL *const ssl = hs->ssl;
|
|
673
659
|
// Renegotiation indication is not necessary in TLS 1.3.
|
|
674
660
|
if (hs->min_version >= TLS1_3_VERSION) {
|
|
675
|
-
return
|
|
661
|
+
return true;
|
|
676
662
|
}
|
|
677
663
|
|
|
678
664
|
assert(ssl->s3->initial_handshake_complete ==
|
|
@@ -685,18 +671,18 @@ static int ext_ri_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
685
671
|
!CBB_add_bytes(&prev_finished, ssl->s3->previous_client_finished,
|
|
686
672
|
ssl->s3->previous_client_finished_len) ||
|
|
687
673
|
!CBB_flush(out)) {
|
|
688
|
-
return
|
|
674
|
+
return false;
|
|
689
675
|
}
|
|
690
676
|
|
|
691
|
-
return
|
|
677
|
+
return true;
|
|
692
678
|
}
|
|
693
679
|
|
|
694
|
-
static
|
|
695
|
-
|
|
680
|
+
static bool ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
681
|
+
CBS *contents) {
|
|
696
682
|
SSL *const ssl = hs->ssl;
|
|
697
|
-
if (contents != NULL &&
|
|
683
|
+
if (contents != NULL && ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
698
684
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
699
|
-
return
|
|
685
|
+
return false;
|
|
700
686
|
}
|
|
701
687
|
|
|
702
688
|
// Servers may not switch between omitting the extension and supporting it.
|
|
@@ -705,7 +691,7 @@ static int ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
705
691
|
(contents != NULL) != ssl->s3->send_connection_binding) {
|
|
706
692
|
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
|
|
707
693
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
|
|
708
|
-
return
|
|
694
|
+
return false;
|
|
709
695
|
}
|
|
710
696
|
|
|
711
697
|
if (contents == NULL) {
|
|
@@ -716,7 +702,7 @@ static int ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
716
702
|
//
|
|
717
703
|
// OpenSSL has |SSL_OP_LEGACY_SERVER_CONNECT| to control this, but in
|
|
718
704
|
// practical terms every client sets it so it's just assumed here.
|
|
719
|
-
return
|
|
705
|
+
return true;
|
|
720
706
|
}
|
|
721
707
|
|
|
722
708
|
const size_t expected_len = ssl->s3->previous_client_finished_len +
|
|
@@ -736,64 +722,64 @@ static int ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
736
722
|
CBS_len(contents) != 0) {
|
|
737
723
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_ENCODING_ERR);
|
|
738
724
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
739
|
-
return
|
|
725
|
+
return false;
|
|
740
726
|
}
|
|
741
727
|
|
|
742
728
|
// Check that the extension matches.
|
|
743
729
|
if (CBS_len(&renegotiated_connection) != expected_len) {
|
|
744
730
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
|
|
745
731
|
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
|
|
746
|
-
return
|
|
732
|
+
return false;
|
|
747
733
|
}
|
|
748
734
|
|
|
749
735
|
const uint8_t *d = CBS_data(&renegotiated_connection);
|
|
750
|
-
|
|
751
|
-
|
|
736
|
+
bool ok = CRYPTO_memcmp(d, ssl->s3->previous_client_finished,
|
|
737
|
+
ssl->s3->previous_client_finished_len) == 0;
|
|
752
738
|
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
|
753
|
-
ok =
|
|
739
|
+
ok = true;
|
|
754
740
|
#endif
|
|
755
741
|
if (!ok) {
|
|
756
742
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
|
|
757
743
|
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
|
|
758
|
-
return
|
|
744
|
+
return false;
|
|
759
745
|
}
|
|
760
746
|
d += ssl->s3->previous_client_finished_len;
|
|
761
747
|
|
|
762
748
|
ok = CRYPTO_memcmp(d, ssl->s3->previous_server_finished,
|
|
763
749
|
ssl->s3->previous_server_finished_len) == 0;
|
|
764
750
|
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
|
765
|
-
ok =
|
|
751
|
+
ok = true;
|
|
766
752
|
#endif
|
|
767
753
|
if (!ok) {
|
|
768
754
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
|
|
769
755
|
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
|
|
770
|
-
return
|
|
756
|
+
return false;
|
|
771
757
|
}
|
|
772
758
|
ssl->s3->send_connection_binding = true;
|
|
773
759
|
|
|
774
|
-
return
|
|
760
|
+
return true;
|
|
775
761
|
}
|
|
776
762
|
|
|
777
|
-
static
|
|
778
|
-
|
|
763
|
+
static bool ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
764
|
+
CBS *contents) {
|
|
779
765
|
SSL *const ssl = hs->ssl;
|
|
780
766
|
// Renegotiation isn't supported as a server so this function should never be
|
|
781
767
|
// called after the initial handshake.
|
|
782
768
|
assert(!ssl->s3->initial_handshake_complete);
|
|
783
769
|
|
|
784
|
-
if (
|
|
785
|
-
return
|
|
770
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
771
|
+
return true;
|
|
786
772
|
}
|
|
787
773
|
|
|
788
774
|
if (contents == NULL) {
|
|
789
|
-
return
|
|
775
|
+
return true;
|
|
790
776
|
}
|
|
791
777
|
|
|
792
778
|
CBS renegotiated_connection;
|
|
793
779
|
if (!CBS_get_u8_length_prefixed(contents, &renegotiated_connection) ||
|
|
794
780
|
CBS_len(contents) != 0) {
|
|
795
781
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_ENCODING_ERR);
|
|
796
|
-
return
|
|
782
|
+
return false;
|
|
797
783
|
}
|
|
798
784
|
|
|
799
785
|
// Check that the extension matches. We do not support renegotiation as a
|
|
@@ -801,31 +787,31 @@ static int ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
801
787
|
if (CBS_len(&renegotiated_connection) != 0) {
|
|
802
788
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
|
|
803
789
|
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
|
|
804
|
-
return
|
|
790
|
+
return false;
|
|
805
791
|
}
|
|
806
792
|
|
|
807
793
|
ssl->s3->send_connection_binding = true;
|
|
808
794
|
|
|
809
|
-
return
|
|
795
|
+
return true;
|
|
810
796
|
}
|
|
811
797
|
|
|
812
|
-
static
|
|
798
|
+
static bool ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
813
799
|
SSL *const ssl = hs->ssl;
|
|
814
800
|
// Renegotiation isn't supported as a server so this function should never be
|
|
815
801
|
// called after the initial handshake.
|
|
816
802
|
assert(!ssl->s3->initial_handshake_complete);
|
|
817
803
|
|
|
818
|
-
if (
|
|
819
|
-
return
|
|
804
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
805
|
+
return true;
|
|
820
806
|
}
|
|
821
807
|
|
|
822
808
|
if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
|
|
823
809
|
!CBB_add_u16(out, 1 /* length */) ||
|
|
824
810
|
!CBB_add_u8(out, 0 /* empty renegotiation info */)) {
|
|
825
|
-
return
|
|
811
|
+
return false;
|
|
826
812
|
}
|
|
827
813
|
|
|
828
|
-
return
|
|
814
|
+
return true;
|
|
829
815
|
}
|
|
830
816
|
|
|
831
817
|
|
|
@@ -833,77 +819,77 @@ static int ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
833
819
|
//
|
|
834
820
|
// https://tools.ietf.org/html/rfc7627
|
|
835
821
|
|
|
836
|
-
static
|
|
822
|
+
static bool ext_ems_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
837
823
|
// Extended master secret is not necessary in TLS 1.3.
|
|
838
824
|
if (hs->min_version >= TLS1_3_VERSION || hs->max_version <= SSL3_VERSION) {
|
|
839
|
-
return
|
|
825
|
+
return true;
|
|
840
826
|
}
|
|
841
827
|
|
|
842
828
|
if (!CBB_add_u16(out, TLSEXT_TYPE_extended_master_secret) ||
|
|
843
829
|
!CBB_add_u16(out, 0 /* length */)) {
|
|
844
|
-
return
|
|
830
|
+
return false;
|
|
845
831
|
}
|
|
846
832
|
|
|
847
|
-
return
|
|
833
|
+
return true;
|
|
848
834
|
}
|
|
849
835
|
|
|
850
|
-
static
|
|
851
|
-
|
|
836
|
+
static bool ext_ems_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
837
|
+
CBS *contents) {
|
|
852
838
|
SSL *const ssl = hs->ssl;
|
|
853
839
|
|
|
854
840
|
if (contents != NULL) {
|
|
855
|
-
if (
|
|
841
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
|
|
856
842
|
ssl->version == SSL3_VERSION ||
|
|
857
843
|
CBS_len(contents) != 0) {
|
|
858
|
-
return
|
|
844
|
+
return false;
|
|
859
845
|
}
|
|
860
846
|
|
|
861
847
|
hs->extended_master_secret = true;
|
|
862
848
|
}
|
|
863
849
|
|
|
864
850
|
// Whether EMS is negotiated may not change on renegotiation.
|
|
865
|
-
if (ssl->s3->established_session !=
|
|
851
|
+
if (ssl->s3->established_session != nullptr &&
|
|
866
852
|
hs->extended_master_secret !=
|
|
867
853
|
!!ssl->s3->established_session->extended_master_secret) {
|
|
868
854
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_EMS_MISMATCH);
|
|
869
855
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
870
|
-
return
|
|
856
|
+
return false;
|
|
871
857
|
}
|
|
872
858
|
|
|
873
|
-
return
|
|
859
|
+
return true;
|
|
874
860
|
}
|
|
875
861
|
|
|
876
|
-
static
|
|
877
|
-
|
|
878
|
-
uint16_t version =
|
|
862
|
+
static bool ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
863
|
+
CBS *contents) {
|
|
864
|
+
uint16_t version = ssl_protocol_version(hs->ssl);
|
|
879
865
|
if (version >= TLS1_3_VERSION ||
|
|
880
866
|
version == SSL3_VERSION) {
|
|
881
|
-
return
|
|
867
|
+
return true;
|
|
882
868
|
}
|
|
883
869
|
|
|
884
870
|
if (contents == NULL) {
|
|
885
|
-
return
|
|
871
|
+
return true;
|
|
886
872
|
}
|
|
887
873
|
|
|
888
874
|
if (CBS_len(contents) != 0) {
|
|
889
|
-
return
|
|
875
|
+
return false;
|
|
890
876
|
}
|
|
891
877
|
|
|
892
878
|
hs->extended_master_secret = true;
|
|
893
|
-
return
|
|
879
|
+
return true;
|
|
894
880
|
}
|
|
895
881
|
|
|
896
|
-
static
|
|
882
|
+
static bool ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
897
883
|
if (!hs->extended_master_secret) {
|
|
898
|
-
return
|
|
884
|
+
return true;
|
|
899
885
|
}
|
|
900
886
|
|
|
901
887
|
if (!CBB_add_u16(out, TLSEXT_TYPE_extended_master_secret) ||
|
|
902
888
|
!CBB_add_u16(out, 0 /* length */)) {
|
|
903
|
-
return
|
|
889
|
+
return false;
|
|
904
890
|
}
|
|
905
891
|
|
|
906
|
-
return
|
|
892
|
+
return true;
|
|
907
893
|
}
|
|
908
894
|
|
|
909
895
|
|
|
@@ -911,12 +897,12 @@ static int ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
911
897
|
//
|
|
912
898
|
// https://tools.ietf.org/html/rfc5077
|
|
913
899
|
|
|
914
|
-
static
|
|
900
|
+
static bool ext_ticket_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
915
901
|
SSL *const ssl = hs->ssl;
|
|
916
902
|
// TLS 1.3 uses a different ticket extension.
|
|
917
903
|
if (hs->min_version >= TLS1_3_VERSION ||
|
|
918
904
|
SSL_get_options(ssl) & SSL_OP_NO_TICKET) {
|
|
919
|
-
return
|
|
905
|
+
return true;
|
|
920
906
|
}
|
|
921
907
|
|
|
922
908
|
const uint8_t *ticket_data = NULL;
|
|
@@ -940,21 +926,21 @@ static int ext_ticket_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
940
926
|
!CBB_add_u16_length_prefixed(out, &ticket) ||
|
|
941
927
|
!CBB_add_bytes(&ticket, ticket_data, ticket_len) ||
|
|
942
928
|
!CBB_flush(out)) {
|
|
943
|
-
return
|
|
929
|
+
return false;
|
|
944
930
|
}
|
|
945
931
|
|
|
946
|
-
return
|
|
932
|
+
return true;
|
|
947
933
|
}
|
|
948
934
|
|
|
949
|
-
static
|
|
950
|
-
|
|
935
|
+
static bool ext_ticket_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
936
|
+
CBS *contents) {
|
|
951
937
|
SSL *const ssl = hs->ssl;
|
|
952
938
|
if (contents == NULL) {
|
|
953
|
-
return
|
|
939
|
+
return true;
|
|
954
940
|
}
|
|
955
941
|
|
|
956
|
-
if (
|
|
957
|
-
return
|
|
942
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
943
|
+
return false;
|
|
958
944
|
}
|
|
959
945
|
|
|
960
946
|
// If |SSL_OP_NO_TICKET| is set then no extension will have been sent and
|
|
@@ -963,16 +949,16 @@ static int ext_ticket_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
963
949
|
assert((SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0);
|
|
964
950
|
|
|
965
951
|
if (CBS_len(contents) != 0) {
|
|
966
|
-
return
|
|
952
|
+
return false;
|
|
967
953
|
}
|
|
968
954
|
|
|
969
955
|
hs->ticket_expected = true;
|
|
970
|
-
return
|
|
956
|
+
return true;
|
|
971
957
|
}
|
|
972
958
|
|
|
973
|
-
static
|
|
959
|
+
static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
974
960
|
if (!hs->ticket_expected) {
|
|
975
|
-
return
|
|
961
|
+
return true;
|
|
976
962
|
}
|
|
977
963
|
|
|
978
964
|
// If |SSL_OP_NO_TICKET| is set, |ticket_expected| should never be true.
|
|
@@ -980,10 +966,10 @@ static int ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
980
966
|
|
|
981
967
|
if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
|
|
982
968
|
!CBB_add_u16(out, 0 /* length */)) {
|
|
983
|
-
return
|
|
969
|
+
return false;
|
|
984
970
|
}
|
|
985
971
|
|
|
986
|
-
return
|
|
972
|
+
return true;
|
|
987
973
|
}
|
|
988
974
|
|
|
989
975
|
|
|
@@ -991,10 +977,10 @@ static int ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
991
977
|
//
|
|
992
978
|
// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
|
993
979
|
|
|
994
|
-
static
|
|
980
|
+
static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
995
981
|
SSL *const ssl = hs->ssl;
|
|
996
982
|
if (hs->max_version < TLS1_2_VERSION) {
|
|
997
|
-
return
|
|
983
|
+
return true;
|
|
998
984
|
}
|
|
999
985
|
|
|
1000
986
|
CBB contents, sigalgs_cbb;
|
|
@@ -1003,17 +989,17 @@ static int ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1003
989
|
!CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
|
|
1004
990
|
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb) ||
|
|
1005
991
|
!CBB_flush(out)) {
|
|
1006
|
-
return
|
|
992
|
+
return false;
|
|
1007
993
|
}
|
|
1008
994
|
|
|
1009
|
-
return
|
|
995
|
+
return true;
|
|
1010
996
|
}
|
|
1011
997
|
|
|
1012
|
-
static
|
|
1013
|
-
|
|
998
|
+
static bool ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
999
|
+
CBS *contents) {
|
|
1014
1000
|
hs->peer_sigalgs.Reset();
|
|
1015
1001
|
if (contents == NULL) {
|
|
1016
|
-
return
|
|
1002
|
+
return true;
|
|
1017
1003
|
}
|
|
1018
1004
|
|
|
1019
1005
|
CBS supported_signature_algorithms;
|
|
@@ -1021,10 +1007,10 @@ static int ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1021
1007
|
CBS_len(contents) != 0 ||
|
|
1022
1008
|
CBS_len(&supported_signature_algorithms) == 0 ||
|
|
1023
1009
|
!tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
|
|
1024
|
-
return
|
|
1010
|
+
return false;
|
|
1025
1011
|
}
|
|
1026
1012
|
|
|
1027
|
-
return
|
|
1013
|
+
return true;
|
|
1028
1014
|
}
|
|
1029
1015
|
|
|
1030
1016
|
|
|
@@ -1032,10 +1018,10 @@ static int ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1032
1018
|
//
|
|
1033
1019
|
// https://tools.ietf.org/html/rfc6066#section-8
|
|
1034
1020
|
|
|
1035
|
-
static
|
|
1021
|
+
static bool ext_ocsp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1036
1022
|
SSL *const ssl = hs->ssl;
|
|
1037
1023
|
if (!ssl->ocsp_stapling_enabled) {
|
|
1038
|
-
return
|
|
1024
|
+
return true;
|
|
1039
1025
|
}
|
|
1040
1026
|
|
|
1041
1027
|
CBB contents;
|
|
@@ -1045,28 +1031,28 @@ static int ext_ocsp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1045
1031
|
!CBB_add_u16(&contents, 0 /* empty responder ID list */) ||
|
|
1046
1032
|
!CBB_add_u16(&contents, 0 /* empty request extensions */) ||
|
|
1047
1033
|
!CBB_flush(out)) {
|
|
1048
|
-
return
|
|
1034
|
+
return false;
|
|
1049
1035
|
}
|
|
1050
1036
|
|
|
1051
|
-
return
|
|
1037
|
+
return true;
|
|
1052
1038
|
}
|
|
1053
1039
|
|
|
1054
|
-
static
|
|
1055
|
-
|
|
1040
|
+
static bool ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1041
|
+
CBS *contents) {
|
|
1056
1042
|
SSL *const ssl = hs->ssl;
|
|
1057
1043
|
if (contents == NULL) {
|
|
1058
|
-
return
|
|
1044
|
+
return true;
|
|
1059
1045
|
}
|
|
1060
1046
|
|
|
1061
1047
|
// TLS 1.3 OCSP responses are included in the Certificate extensions.
|
|
1062
|
-
if (
|
|
1063
|
-
return
|
|
1048
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
1049
|
+
return false;
|
|
1064
1050
|
}
|
|
1065
1051
|
|
|
1066
1052
|
// OCSP stapling is forbidden on non-certificate ciphers.
|
|
1067
1053
|
if (CBS_len(contents) != 0 ||
|
|
1068
1054
|
!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
|
|
1069
|
-
return
|
|
1055
|
+
return false;
|
|
1070
1056
|
}
|
|
1071
1057
|
|
|
1072
1058
|
// Note this does not check for resumption in TLS 1.2. Sending
|
|
@@ -1074,35 +1060,35 @@ static int ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1074
1060
|
// specification does not say anything. Tolerate it but ignore it.
|
|
1075
1061
|
|
|
1076
1062
|
hs->certificate_status_expected = true;
|
|
1077
|
-
return
|
|
1063
|
+
return true;
|
|
1078
1064
|
}
|
|
1079
1065
|
|
|
1080
|
-
static
|
|
1081
|
-
|
|
1066
|
+
static bool ext_ocsp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1067
|
+
CBS *contents) {
|
|
1082
1068
|
if (contents == NULL) {
|
|
1083
|
-
return
|
|
1069
|
+
return true;
|
|
1084
1070
|
}
|
|
1085
1071
|
|
|
1086
1072
|
uint8_t status_type;
|
|
1087
1073
|
if (!CBS_get_u8(contents, &status_type)) {
|
|
1088
|
-
return
|
|
1074
|
+
return false;
|
|
1089
1075
|
}
|
|
1090
1076
|
|
|
1091
1077
|
// We cannot decide whether OCSP stapling will occur yet because the correct
|
|
1092
1078
|
// SSL_CTX might not have been selected.
|
|
1093
1079
|
hs->ocsp_stapling_requested = status_type == TLSEXT_STATUSTYPE_ocsp;
|
|
1094
1080
|
|
|
1095
|
-
return
|
|
1081
|
+
return true;
|
|
1096
1082
|
}
|
|
1097
1083
|
|
|
1098
|
-
static
|
|
1084
|
+
static bool ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1099
1085
|
SSL *const ssl = hs->ssl;
|
|
1100
|
-
if (
|
|
1086
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
|
|
1101
1087
|
!hs->ocsp_stapling_requested ||
|
|
1102
1088
|
ssl->cert->ocsp_response == NULL ||
|
|
1103
1089
|
ssl->s3->session_reused ||
|
|
1104
1090
|
!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
|
|
1105
|
-
return
|
|
1091
|
+
return true;
|
|
1106
1092
|
}
|
|
1107
1093
|
|
|
1108
1094
|
hs->certificate_status_expected = true;
|
|
@@ -1116,31 +1102,31 @@ static int ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1116
1102
|
//
|
|
1117
1103
|
// https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html
|
|
1118
1104
|
|
|
1119
|
-
static
|
|
1105
|
+
static bool ext_npn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1120
1106
|
SSL *const ssl = hs->ssl;
|
|
1121
1107
|
if (ssl->s3->initial_handshake_complete ||
|
|
1122
1108
|
ssl->ctx->next_proto_select_cb == NULL ||
|
|
1123
1109
|
SSL_is_dtls(ssl)) {
|
|
1124
|
-
return
|
|
1110
|
+
return true;
|
|
1125
1111
|
}
|
|
1126
1112
|
|
|
1127
1113
|
if (!CBB_add_u16(out, TLSEXT_TYPE_next_proto_neg) ||
|
|
1128
1114
|
!CBB_add_u16(out, 0 /* length */)) {
|
|
1129
|
-
return
|
|
1115
|
+
return false;
|
|
1130
1116
|
}
|
|
1131
1117
|
|
|
1132
|
-
return
|
|
1118
|
+
return true;
|
|
1133
1119
|
}
|
|
1134
1120
|
|
|
1135
|
-
static
|
|
1136
|
-
|
|
1121
|
+
static bool ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1122
|
+
CBS *contents) {
|
|
1137
1123
|
SSL *const ssl = hs->ssl;
|
|
1138
1124
|
if (contents == NULL) {
|
|
1139
|
-
return
|
|
1125
|
+
return true;
|
|
1140
1126
|
}
|
|
1141
1127
|
|
|
1142
|
-
if (
|
|
1143
|
-
return
|
|
1128
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
1129
|
+
return false;
|
|
1144
1130
|
}
|
|
1145
1131
|
|
|
1146
1132
|
// If any of these are false then we should never have sent the NPN
|
|
@@ -1150,11 +1136,11 @@ static int ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1150
1136
|
assert(!SSL_is_dtls(ssl));
|
|
1151
1137
|
assert(ssl->ctx->next_proto_select_cb != NULL);
|
|
1152
1138
|
|
|
1153
|
-
if (ssl->s3->alpn_selected
|
|
1139
|
+
if (!ssl->s3->alpn_selected.empty()) {
|
|
1154
1140
|
// NPN and ALPN may not be negotiated in the same connection.
|
|
1155
1141
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
1156
1142
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
|
|
1157
|
-
return
|
|
1143
|
+
return false;
|
|
1158
1144
|
}
|
|
1159
1145
|
|
|
1160
1146
|
const uint8_t *const orig_contents = CBS_data(contents);
|
|
@@ -1164,7 +1150,7 @@ static int ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1164
1150
|
CBS proto;
|
|
1165
1151
|
if (!CBS_get_u8_length_prefixed(contents, &proto) ||
|
|
1166
1152
|
CBS_len(&proto) == 0) {
|
|
1167
|
-
return
|
|
1153
|
+
return false;
|
|
1168
1154
|
}
|
|
1169
1155
|
}
|
|
1170
1156
|
|
|
@@ -1172,53 +1158,45 @@ static int ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1172
1158
|
uint8_t selected_len;
|
|
1173
1159
|
if (ssl->ctx->next_proto_select_cb(
|
|
1174
1160
|
ssl, &selected, &selected_len, orig_contents, orig_len,
|
|
1175
|
-
ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK
|
|
1176
|
-
|
|
1177
|
-
|
|
1178
|
-
}
|
|
1179
|
-
|
|
1180
|
-
OPENSSL_free(ssl->s3->next_proto_negotiated);
|
|
1181
|
-
ssl->s3->next_proto_negotiated =
|
|
1182
|
-
(uint8_t *)BUF_memdup(selected, selected_len);
|
|
1183
|
-
if (ssl->s3->next_proto_negotiated == NULL) {
|
|
1161
|
+
ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK ||
|
|
1162
|
+
!ssl->s3->next_proto_negotiated.CopyFrom(
|
|
1163
|
+
MakeConstSpan(selected, selected_len))) {
|
|
1184
1164
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
1185
|
-
return
|
|
1165
|
+
return false;
|
|
1186
1166
|
}
|
|
1187
1167
|
|
|
1188
|
-
ssl->s3->next_proto_negotiated_len = selected_len;
|
|
1189
1168
|
hs->next_proto_neg_seen = true;
|
|
1190
|
-
|
|
1191
|
-
return 1;
|
|
1169
|
+
return true;
|
|
1192
1170
|
}
|
|
1193
1171
|
|
|
1194
|
-
static
|
|
1195
|
-
|
|
1172
|
+
static bool ext_npn_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1173
|
+
CBS *contents) {
|
|
1196
1174
|
SSL *const ssl = hs->ssl;
|
|
1197
|
-
if (
|
|
1198
|
-
return
|
|
1175
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
1176
|
+
return true;
|
|
1199
1177
|
}
|
|
1200
1178
|
|
|
1201
1179
|
if (contents != NULL && CBS_len(contents) != 0) {
|
|
1202
|
-
return
|
|
1180
|
+
return false;
|
|
1203
1181
|
}
|
|
1204
1182
|
|
|
1205
1183
|
if (contents == NULL ||
|
|
1206
1184
|
ssl->s3->initial_handshake_complete ||
|
|
1207
1185
|
ssl->ctx->next_protos_advertised_cb == NULL ||
|
|
1208
1186
|
SSL_is_dtls(ssl)) {
|
|
1209
|
-
return
|
|
1187
|
+
return true;
|
|
1210
1188
|
}
|
|
1211
1189
|
|
|
1212
1190
|
hs->next_proto_neg_seen = true;
|
|
1213
|
-
return
|
|
1191
|
+
return true;
|
|
1214
1192
|
}
|
|
1215
1193
|
|
|
1216
|
-
static
|
|
1194
|
+
static bool ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1217
1195
|
SSL *const ssl = hs->ssl;
|
|
1218
1196
|
// |next_proto_neg_seen| might have been cleared when an ALPN extension was
|
|
1219
1197
|
// parsed.
|
|
1220
1198
|
if (!hs->next_proto_neg_seen) {
|
|
1221
|
-
return
|
|
1199
|
+
return true;
|
|
1222
1200
|
}
|
|
1223
1201
|
|
|
1224
1202
|
const uint8_t *npa;
|
|
@@ -1228,7 +1206,7 @@ static int ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1228
1206
|
ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) !=
|
|
1229
1207
|
SSL_TLSEXT_ERR_OK) {
|
|
1230
1208
|
hs->next_proto_neg_seen = false;
|
|
1231
|
-
return
|
|
1209
|
+
return true;
|
|
1232
1210
|
}
|
|
1233
1211
|
|
|
1234
1212
|
CBB contents;
|
|
@@ -1236,10 +1214,10 @@ static int ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1236
1214
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
1237
1215
|
!CBB_add_bytes(&contents, npa, npa_len) ||
|
|
1238
1216
|
!CBB_flush(out)) {
|
|
1239
|
-
return
|
|
1217
|
+
return false;
|
|
1240
1218
|
}
|
|
1241
1219
|
|
|
1242
|
-
return
|
|
1220
|
+
return true;
|
|
1243
1221
|
}
|
|
1244
1222
|
|
|
1245
1223
|
|
|
@@ -1247,31 +1225,31 @@ static int ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1247
1225
|
//
|
|
1248
1226
|
// https://tools.ietf.org/html/rfc6962#section-3.3.1
|
|
1249
1227
|
|
|
1250
|
-
static
|
|
1228
|
+
static bool ext_sct_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1251
1229
|
SSL *const ssl = hs->ssl;
|
|
1252
1230
|
if (!ssl->signed_cert_timestamps_enabled) {
|
|
1253
|
-
return
|
|
1231
|
+
return true;
|
|
1254
1232
|
}
|
|
1255
1233
|
|
|
1256
1234
|
if (!CBB_add_u16(out, TLSEXT_TYPE_certificate_timestamp) ||
|
|
1257
1235
|
!CBB_add_u16(out, 0 /* length */)) {
|
|
1258
|
-
return
|
|
1236
|
+
return false;
|
|
1259
1237
|
}
|
|
1260
1238
|
|
|
1261
|
-
return
|
|
1239
|
+
return true;
|
|
1262
1240
|
}
|
|
1263
1241
|
|
|
1264
|
-
static
|
|
1265
|
-
|
|
1242
|
+
static bool ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1243
|
+
CBS *contents) {
|
|
1266
1244
|
SSL *const ssl = hs->ssl;
|
|
1267
1245
|
if (contents == NULL) {
|
|
1268
|
-
return
|
|
1246
|
+
return true;
|
|
1269
1247
|
}
|
|
1270
1248
|
|
|
1271
1249
|
// TLS 1.3 SCTs are included in the Certificate extensions.
|
|
1272
|
-
if (
|
|
1250
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
1273
1251
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1274
|
-
return
|
|
1252
|
+
return false;
|
|
1275
1253
|
}
|
|
1276
1254
|
|
|
1277
1255
|
// If this is false then we should never have sent the SCT extension in the
|
|
@@ -1280,7 +1258,7 @@ static int ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1280
1258
|
|
|
1281
1259
|
if (!ssl_is_sct_list_valid(contents)) {
|
|
1282
1260
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1283
|
-
return
|
|
1261
|
+
return false;
|
|
1284
1262
|
}
|
|
1285
1263
|
|
|
1286
1264
|
// Session resumption uses the original session information. The extension
|
|
@@ -1294,34 +1272,34 @@ static int ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1294
1272
|
CRYPTO_BUFFER_new_from_CBS(contents, ssl->ctx->pool);
|
|
1295
1273
|
if (hs->new_session->signed_cert_timestamp_list == nullptr) {
|
|
1296
1274
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
1297
|
-
return
|
|
1275
|
+
return false;
|
|
1298
1276
|
}
|
|
1299
1277
|
}
|
|
1300
1278
|
|
|
1301
|
-
return
|
|
1279
|
+
return true;
|
|
1302
1280
|
}
|
|
1303
1281
|
|
|
1304
|
-
static
|
|
1305
|
-
|
|
1282
|
+
static bool ext_sct_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1283
|
+
CBS *contents) {
|
|
1306
1284
|
if (contents == NULL) {
|
|
1307
|
-
return
|
|
1285
|
+
return true;
|
|
1308
1286
|
}
|
|
1309
1287
|
|
|
1310
1288
|
if (CBS_len(contents) != 0) {
|
|
1311
|
-
return
|
|
1289
|
+
return false;
|
|
1312
1290
|
}
|
|
1313
1291
|
|
|
1314
1292
|
hs->scts_requested = true;
|
|
1315
|
-
return
|
|
1293
|
+
return true;
|
|
1316
1294
|
}
|
|
1317
1295
|
|
|
1318
|
-
static
|
|
1296
|
+
static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1319
1297
|
SSL *const ssl = hs->ssl;
|
|
1320
1298
|
// The extension shouldn't be sent when resuming sessions.
|
|
1321
|
-
if (
|
|
1299
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
|
|
1322
1300
|
ssl->s3->session_reused ||
|
|
1323
1301
|
ssl->cert->signed_cert_timestamp_list == NULL) {
|
|
1324
|
-
return
|
|
1302
|
+
return true;
|
|
1325
1303
|
}
|
|
1326
1304
|
|
|
1327
1305
|
CBB contents;
|
|
@@ -1339,11 +1317,11 @@ static int ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1339
1317
|
//
|
|
1340
1318
|
// https://tools.ietf.org/html/rfc7301
|
|
1341
1319
|
|
|
1342
|
-
static
|
|
1320
|
+
static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1343
1321
|
SSL *const ssl = hs->ssl;
|
|
1344
1322
|
if (ssl->alpn_client_proto_list == NULL ||
|
|
1345
1323
|
ssl->s3->initial_handshake_complete) {
|
|
1346
|
-
return
|
|
1324
|
+
return true;
|
|
1347
1325
|
}
|
|
1348
1326
|
|
|
1349
1327
|
CBB contents, proto_list;
|
|
@@ -1353,17 +1331,17 @@ static int ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1353
1331
|
!CBB_add_bytes(&proto_list, ssl->alpn_client_proto_list,
|
|
1354
1332
|
ssl->alpn_client_proto_list_len) ||
|
|
1355
1333
|
!CBB_flush(out)) {
|
|
1356
|
-
return
|
|
1334
|
+
return false;
|
|
1357
1335
|
}
|
|
1358
1336
|
|
|
1359
|
-
return
|
|
1337
|
+
return true;
|
|
1360
1338
|
}
|
|
1361
1339
|
|
|
1362
|
-
static
|
|
1363
|
-
|
|
1340
|
+
static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1341
|
+
CBS *contents) {
|
|
1364
1342
|
SSL *const ssl = hs->ssl;
|
|
1365
1343
|
if (contents == NULL) {
|
|
1366
|
-
return
|
|
1344
|
+
return true;
|
|
1367
1345
|
}
|
|
1368
1346
|
|
|
1369
1347
|
assert(!ssl->s3->initial_handshake_complete);
|
|
@@ -1373,7 +1351,7 @@ static int ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1373
1351
|
// NPN and ALPN may not be negotiated in the same connection.
|
|
1374
1352
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
1375
1353
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
|
|
1376
|
-
return
|
|
1354
|
+
return false;
|
|
1377
1355
|
}
|
|
1378
1356
|
|
|
1379
1357
|
// The extension data consists of a ProtocolNameList which must have
|
|
@@ -1385,49 +1363,53 @@ static int ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1385
1363
|
// Empty protocol names are forbidden.
|
|
1386
1364
|
CBS_len(&protocol_name) == 0 ||
|
|
1387
1365
|
CBS_len(&protocol_name_list) != 0) {
|
|
1388
|
-
return
|
|
1366
|
+
return false;
|
|
1389
1367
|
}
|
|
1390
1368
|
|
|
1391
|
-
if (!ssl
|
|
1392
|
-
|
|
1393
|
-
|
|
1394
|
-
|
|
1395
|
-
|
|
1396
|
-
ssl->alpn_client_proto_list_len);
|
|
1397
|
-
while (CBS_len(&client_protocol_name_list) > 0) {
|
|
1398
|
-
if (!CBS_get_u8_length_prefixed(&client_protocol_name_list,
|
|
1399
|
-
&client_protocol_name)) {
|
|
1400
|
-
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
1401
|
-
return 0;
|
|
1402
|
-
}
|
|
1369
|
+
if (!ssl_is_alpn_protocol_allowed(ssl, protocol_name)) {
|
|
1370
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
|
|
1371
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
1372
|
+
return false;
|
|
1373
|
+
}
|
|
1403
1374
|
|
|
1404
|
-
|
|
1405
|
-
|
|
1406
|
-
|
|
1407
|
-
|
|
1408
|
-
protocol_ok = 1;
|
|
1409
|
-
break;
|
|
1410
|
-
}
|
|
1411
|
-
}
|
|
1375
|
+
if (!ssl->s3->alpn_selected.CopyFrom(protocol_name)) {
|
|
1376
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
1377
|
+
return false;
|
|
1378
|
+
}
|
|
1412
1379
|
|
|
1413
|
-
|
|
1414
|
-
|
|
1415
|
-
|
|
1416
|
-
|
|
1417
|
-
|
|
1380
|
+
return true;
|
|
1381
|
+
}
|
|
1382
|
+
|
|
1383
|
+
bool ssl_is_alpn_protocol_allowed(const SSL *ssl,
|
|
1384
|
+
Span<const uint8_t> protocol) {
|
|
1385
|
+
if (ssl->alpn_client_proto_list == nullptr) {
|
|
1386
|
+
return false;
|
|
1418
1387
|
}
|
|
1419
1388
|
|
|
1420
|
-
if (
|
|
1421
|
-
|
|
1422
|
-
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
1423
|
-
return 0;
|
|
1389
|
+
if (ssl->ctx->allow_unknown_alpn_protos) {
|
|
1390
|
+
return true;
|
|
1424
1391
|
}
|
|
1425
1392
|
|
|
1426
|
-
|
|
1393
|
+
// Check that the protocol name is one of the ones we advertised.
|
|
1394
|
+
CBS client_protocol_name_list, client_protocol_name;
|
|
1395
|
+
CBS_init(&client_protocol_name_list, ssl->alpn_client_proto_list,
|
|
1396
|
+
ssl->alpn_client_proto_list_len);
|
|
1397
|
+
while (CBS_len(&client_protocol_name_list) > 0) {
|
|
1398
|
+
if (!CBS_get_u8_length_prefixed(&client_protocol_name_list,
|
|
1399
|
+
&client_protocol_name)) {
|
|
1400
|
+
return false;
|
|
1401
|
+
}
|
|
1402
|
+
|
|
1403
|
+
if (client_protocol_name == protocol) {
|
|
1404
|
+
return true;
|
|
1405
|
+
}
|
|
1406
|
+
}
|
|
1407
|
+
|
|
1408
|
+
return false;
|
|
1427
1409
|
}
|
|
1428
1410
|
|
|
1429
|
-
|
|
1430
|
-
|
|
1411
|
+
bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1412
|
+
const SSL_CLIENT_HELLO *client_hello) {
|
|
1431
1413
|
SSL *const ssl = hs->ssl;
|
|
1432
1414
|
CBS contents;
|
|
1433
1415
|
if (ssl->ctx->alpn_select_cb == NULL ||
|
|
@@ -1435,7 +1417,7 @@ int ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1435
1417
|
client_hello, &contents,
|
|
1436
1418
|
TLSEXT_TYPE_application_layer_protocol_negotiation)) {
|
|
1437
1419
|
// Ignore ALPN if not configured or no extension was supplied.
|
|
1438
|
-
return
|
|
1420
|
+
return true;
|
|
1439
1421
|
}
|
|
1440
1422
|
|
|
1441
1423
|
// ALPN takes precedence over NPN.
|
|
@@ -1447,7 +1429,7 @@ int ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1447
1429
|
CBS_len(&protocol_name_list) < 2) {
|
|
1448
1430
|
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
|
|
1449
1431
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1450
|
-
return
|
|
1432
|
+
return false;
|
|
1451
1433
|
}
|
|
1452
1434
|
|
|
1453
1435
|
// Validate the protocol list.
|
|
@@ -1460,7 +1442,7 @@ int ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1460
1442
|
CBS_len(&protocol_name) == 0) {
|
|
1461
1443
|
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
|
|
1462
1444
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1463
|
-
return
|
|
1445
|
+
return false;
|
|
1464
1446
|
}
|
|
1465
1447
|
}
|
|
1466
1448
|
|
|
@@ -1470,22 +1452,20 @@ int ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1470
1452
|
ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
|
|
1471
1453
|
CBS_len(&protocol_name_list),
|
|
1472
1454
|
ssl->ctx->alpn_select_cb_arg) == SSL_TLSEXT_ERR_OK) {
|
|
1473
|
-
|
|
1474
|
-
|
|
1475
|
-
if (ssl->s3->alpn_selected == NULL) {
|
|
1455
|
+
if (!ssl->s3->alpn_selected.CopyFrom(
|
|
1456
|
+
MakeConstSpan(selected, selected_len))) {
|
|
1476
1457
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
1477
|
-
return
|
|
1458
|
+
return false;
|
|
1478
1459
|
}
|
|
1479
|
-
ssl->s3->alpn_selected_len = selected_len;
|
|
1480
1460
|
}
|
|
1481
1461
|
|
|
1482
|
-
return
|
|
1462
|
+
return true;
|
|
1483
1463
|
}
|
|
1484
1464
|
|
|
1485
|
-
static
|
|
1465
|
+
static bool ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1486
1466
|
SSL *const ssl = hs->ssl;
|
|
1487
|
-
if (ssl->s3->alpn_selected
|
|
1488
|
-
return
|
|
1467
|
+
if (ssl->s3->alpn_selected.empty()) {
|
|
1468
|
+
return true;
|
|
1489
1469
|
}
|
|
1490
1470
|
|
|
1491
1471
|
CBB contents, proto_list, proto;
|
|
@@ -1493,13 +1473,13 @@ static int ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1493
1473
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
1494
1474
|
!CBB_add_u16_length_prefixed(&contents, &proto_list) ||
|
|
1495
1475
|
!CBB_add_u8_length_prefixed(&proto_list, &proto) ||
|
|
1496
|
-
!CBB_add_bytes(&proto, ssl->s3->alpn_selected,
|
|
1497
|
-
ssl->s3->
|
|
1476
|
+
!CBB_add_bytes(&proto, ssl->s3->alpn_selected.data(),
|
|
1477
|
+
ssl->s3->alpn_selected.size()) ||
|
|
1498
1478
|
!CBB_flush(out)) {
|
|
1499
|
-
return
|
|
1479
|
+
return false;
|
|
1500
1480
|
}
|
|
1501
1481
|
|
|
1502
|
-
return
|
|
1482
|
+
return true;
|
|
1503
1483
|
}
|
|
1504
1484
|
|
|
1505
1485
|
|
|
@@ -1511,68 +1491,70 @@ static void ext_channel_id_init(SSL_HANDSHAKE *hs) {
|
|
|
1511
1491
|
hs->ssl->s3->tlsext_channel_id_valid = false;
|
|
1512
1492
|
}
|
|
1513
1493
|
|
|
1514
|
-
static
|
|
1494
|
+
static bool ext_channel_id_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1515
1495
|
SSL *const ssl = hs->ssl;
|
|
1516
1496
|
if (!ssl->tlsext_channel_id_enabled ||
|
|
1517
1497
|
SSL_is_dtls(ssl)) {
|
|
1518
|
-
return
|
|
1498
|
+
return true;
|
|
1519
1499
|
}
|
|
1520
1500
|
|
|
1521
1501
|
if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
|
|
1522
1502
|
!CBB_add_u16(out, 0 /* length */)) {
|
|
1523
|
-
return
|
|
1503
|
+
return false;
|
|
1524
1504
|
}
|
|
1525
1505
|
|
|
1526
|
-
return
|
|
1506
|
+
return true;
|
|
1527
1507
|
}
|
|
1528
1508
|
|
|
1529
|
-
static
|
|
1530
|
-
|
|
1509
|
+
static bool ext_channel_id_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
1510
|
+
uint8_t *out_alert,
|
|
1511
|
+
CBS *contents) {
|
|
1531
1512
|
SSL *const ssl = hs->ssl;
|
|
1532
1513
|
if (contents == NULL) {
|
|
1533
|
-
return
|
|
1514
|
+
return true;
|
|
1534
1515
|
}
|
|
1535
1516
|
|
|
1536
1517
|
assert(!SSL_is_dtls(ssl));
|
|
1537
1518
|
assert(ssl->tlsext_channel_id_enabled);
|
|
1538
1519
|
|
|
1539
1520
|
if (CBS_len(contents) != 0) {
|
|
1540
|
-
return
|
|
1521
|
+
return false;
|
|
1541
1522
|
}
|
|
1542
1523
|
|
|
1543
1524
|
ssl->s3->tlsext_channel_id_valid = true;
|
|
1544
|
-
return
|
|
1525
|
+
return true;
|
|
1545
1526
|
}
|
|
1546
1527
|
|
|
1547
|
-
static
|
|
1548
|
-
|
|
1528
|
+
static bool ext_channel_id_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
1529
|
+
uint8_t *out_alert,
|
|
1530
|
+
CBS *contents) {
|
|
1549
1531
|
SSL *const ssl = hs->ssl;
|
|
1550
1532
|
if (contents == NULL ||
|
|
1551
1533
|
!ssl->tlsext_channel_id_enabled ||
|
|
1552
1534
|
SSL_is_dtls(ssl)) {
|
|
1553
|
-
return
|
|
1535
|
+
return true;
|
|
1554
1536
|
}
|
|
1555
1537
|
|
|
1556
1538
|
if (CBS_len(contents) != 0) {
|
|
1557
|
-
return
|
|
1539
|
+
return false;
|
|
1558
1540
|
}
|
|
1559
1541
|
|
|
1560
1542
|
ssl->s3->tlsext_channel_id_valid = true;
|
|
1561
|
-
return
|
|
1543
|
+
return true;
|
|
1562
1544
|
}
|
|
1563
1545
|
|
|
1564
|
-
static
|
|
1546
|
+
static bool ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1565
1547
|
SSL *const ssl = hs->ssl;
|
|
1566
1548
|
if (!ssl->s3->tlsext_channel_id_valid) {
|
|
1567
|
-
return
|
|
1549
|
+
return true;
|
|
1568
1550
|
}
|
|
1569
1551
|
|
|
1570
1552
|
if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
|
|
1571
1553
|
!CBB_add_u16(out, 0 /* length */)) {
|
|
1572
|
-
return
|
|
1554
|
+
return false;
|
|
1573
1555
|
}
|
|
1574
1556
|
|
|
1575
|
-
return
|
|
1557
|
+
return true;
|
|
1576
1558
|
}
|
|
1577
1559
|
|
|
1578
1560
|
|
|
@@ -1585,40 +1567,40 @@ static void ext_srtp_init(SSL_HANDSHAKE *hs) {
|
|
|
1585
1567
|
hs->ssl->srtp_profile = NULL;
|
|
1586
1568
|
}
|
|
1587
1569
|
|
|
1588
|
-
static
|
|
1570
|
+
static bool ext_srtp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1589
1571
|
SSL *const ssl = hs->ssl;
|
|
1590
1572
|
STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
|
|
1591
1573
|
if (profiles == NULL ||
|
|
1592
1574
|
sk_SRTP_PROTECTION_PROFILE_num(profiles) == 0) {
|
|
1593
|
-
return
|
|
1575
|
+
return true;
|
|
1594
1576
|
}
|
|
1595
1577
|
|
|
1596
1578
|
CBB contents, profile_ids;
|
|
1597
1579
|
if (!CBB_add_u16(out, TLSEXT_TYPE_srtp) ||
|
|
1598
1580
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
1599
1581
|
!CBB_add_u16_length_prefixed(&contents, &profile_ids)) {
|
|
1600
|
-
return
|
|
1582
|
+
return false;
|
|
1601
1583
|
}
|
|
1602
1584
|
|
|
1603
1585
|
for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
|
|
1604
1586
|
if (!CBB_add_u16(&profile_ids, profile->id)) {
|
|
1605
|
-
return
|
|
1587
|
+
return false;
|
|
1606
1588
|
}
|
|
1607
1589
|
}
|
|
1608
1590
|
|
|
1609
1591
|
if (!CBB_add_u8(&contents, 0 /* empty use_mki value */) ||
|
|
1610
1592
|
!CBB_flush(out)) {
|
|
1611
|
-
return
|
|
1593
|
+
return false;
|
|
1612
1594
|
}
|
|
1613
1595
|
|
|
1614
|
-
return
|
|
1596
|
+
return true;
|
|
1615
1597
|
}
|
|
1616
1598
|
|
|
1617
|
-
static
|
|
1618
|
-
|
|
1599
|
+
static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1600
|
+
CBS *contents) {
|
|
1619
1601
|
SSL *const ssl = hs->ssl;
|
|
1620
1602
|
if (contents == NULL) {
|
|
1621
|
-
return
|
|
1603
|
+
return true;
|
|
1622
1604
|
}
|
|
1623
1605
|
|
|
1624
1606
|
// The extension consists of a u16-prefixed profile ID list containing a
|
|
@@ -1633,14 +1615,14 @@ static int ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1633
1615
|
!CBS_get_u8_length_prefixed(contents, &srtp_mki) ||
|
|
1634
1616
|
CBS_len(contents) != 0) {
|
|
1635
1617
|
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
|
1636
|
-
return
|
|
1618
|
+
return false;
|
|
1637
1619
|
}
|
|
1638
1620
|
|
|
1639
1621
|
if (CBS_len(&srtp_mki) != 0) {
|
|
1640
1622
|
// Must be no MKI, since we never offer one.
|
|
1641
1623
|
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_MKI_VALUE);
|
|
1642
1624
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
1643
|
-
return
|
|
1625
|
+
return false;
|
|
1644
1626
|
}
|
|
1645
1627
|
|
|
1646
1628
|
STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
|
|
@@ -1650,20 +1632,20 @@ static int ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1650
1632
|
for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
|
|
1651
1633
|
if (profile->id == profile_id) {
|
|
1652
1634
|
ssl->srtp_profile = profile;
|
|
1653
|
-
return
|
|
1635
|
+
return true;
|
|
1654
1636
|
}
|
|
1655
1637
|
}
|
|
1656
1638
|
|
|
1657
1639
|
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
|
1658
1640
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
1659
|
-
return
|
|
1641
|
+
return false;
|
|
1660
1642
|
}
|
|
1661
1643
|
|
|
1662
|
-
static
|
|
1663
|
-
|
|
1644
|
+
static bool ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1645
|
+
CBS *contents) {
|
|
1664
1646
|
SSL *const ssl = hs->ssl;
|
|
1665
1647
|
if (contents == NULL) {
|
|
1666
|
-
return
|
|
1648
|
+
return true;
|
|
1667
1649
|
}
|
|
1668
1650
|
|
|
1669
1651
|
CBS profile_ids, srtp_mki;
|
|
@@ -1672,7 +1654,7 @@ static int ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1672
1654
|
!CBS_get_u8_length_prefixed(contents, &srtp_mki) ||
|
|
1673
1655
|
CBS_len(contents) != 0) {
|
|
1674
1656
|
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
|
1675
|
-
return
|
|
1657
|
+
return false;
|
|
1676
1658
|
}
|
|
1677
1659
|
// Discard the MKI value for now.
|
|
1678
1660
|
|
|
@@ -1687,23 +1669,23 @@ static int ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1687
1669
|
while (CBS_len(&profile_ids_tmp) > 0) {
|
|
1688
1670
|
uint16_t profile_id;
|
|
1689
1671
|
if (!CBS_get_u16(&profile_ids_tmp, &profile_id)) {
|
|
1690
|
-
return
|
|
1672
|
+
return false;
|
|
1691
1673
|
}
|
|
1692
1674
|
|
|
1693
1675
|
if (server_profile->id == profile_id) {
|
|
1694
1676
|
ssl->srtp_profile = server_profile;
|
|
1695
|
-
return
|
|
1677
|
+
return true;
|
|
1696
1678
|
}
|
|
1697
1679
|
}
|
|
1698
1680
|
}
|
|
1699
1681
|
|
|
1700
|
-
return
|
|
1682
|
+
return true;
|
|
1701
1683
|
}
|
|
1702
1684
|
|
|
1703
|
-
static
|
|
1685
|
+
static bool ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1704
1686
|
SSL *const ssl = hs->ssl;
|
|
1705
1687
|
if (ssl->srtp_profile == NULL) {
|
|
1706
|
-
return
|
|
1688
|
+
return true;
|
|
1707
1689
|
}
|
|
1708
1690
|
|
|
1709
1691
|
CBB contents, profile_ids;
|
|
@@ -1713,10 +1695,10 @@ static int ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1713
1695
|
!CBB_add_u16(&profile_ids, ssl->srtp_profile->id) ||
|
|
1714
1696
|
!CBB_add_u8(&contents, 0 /* empty MKI */) ||
|
|
1715
1697
|
!CBB_flush(out)) {
|
|
1716
|
-
return
|
|
1698
|
+
return false;
|
|
1717
1699
|
}
|
|
1718
1700
|
|
|
1719
|
-
return
|
|
1701
|
+
return true;
|
|
1720
1702
|
}
|
|
1721
1703
|
|
|
1722
1704
|
|
|
@@ -1724,42 +1706,42 @@ static int ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1724
1706
|
//
|
|
1725
1707
|
// https://tools.ietf.org/html/rfc4492#section-5.1.2
|
|
1726
1708
|
|
|
1727
|
-
static
|
|
1709
|
+
static bool ext_ec_point_add_extension(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1728
1710
|
CBB contents, formats;
|
|
1729
1711
|
if (!CBB_add_u16(out, TLSEXT_TYPE_ec_point_formats) ||
|
|
1730
1712
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
1731
1713
|
!CBB_add_u8_length_prefixed(&contents, &formats) ||
|
|
1732
1714
|
!CBB_add_u8(&formats, TLSEXT_ECPOINTFORMAT_uncompressed) ||
|
|
1733
1715
|
!CBB_flush(out)) {
|
|
1734
|
-
return
|
|
1716
|
+
return false;
|
|
1735
1717
|
}
|
|
1736
1718
|
|
|
1737
|
-
return
|
|
1719
|
+
return true;
|
|
1738
1720
|
}
|
|
1739
1721
|
|
|
1740
|
-
static
|
|
1722
|
+
static bool ext_ec_point_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1741
1723
|
// The point format extension is unneccessary in TLS 1.3.
|
|
1742
1724
|
if (hs->min_version >= TLS1_3_VERSION) {
|
|
1743
|
-
return
|
|
1725
|
+
return true;
|
|
1744
1726
|
}
|
|
1745
1727
|
|
|
1746
1728
|
return ext_ec_point_add_extension(hs, out);
|
|
1747
1729
|
}
|
|
1748
1730
|
|
|
1749
|
-
static
|
|
1750
|
-
|
|
1731
|
+
static bool ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1732
|
+
CBS *contents) {
|
|
1751
1733
|
if (contents == NULL) {
|
|
1752
|
-
return
|
|
1734
|
+
return true;
|
|
1753
1735
|
}
|
|
1754
1736
|
|
|
1755
|
-
if (
|
|
1756
|
-
return
|
|
1737
|
+
if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
|
|
1738
|
+
return false;
|
|
1757
1739
|
}
|
|
1758
1740
|
|
|
1759
1741
|
CBS ec_point_format_list;
|
|
1760
1742
|
if (!CBS_get_u8_length_prefixed(contents, &ec_point_format_list) ||
|
|
1761
1743
|
CBS_len(contents) != 0) {
|
|
1762
|
-
return
|
|
1744
|
+
return false;
|
|
1763
1745
|
}
|
|
1764
1746
|
|
|
1765
1747
|
// Per RFC 4492, section 5.1.2, implementations MUST support the uncompressed
|
|
@@ -1768,33 +1750,33 @@ static int ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1768
1750
|
TLSEXT_ECPOINTFORMAT_uncompressed,
|
|
1769
1751
|
CBS_len(&ec_point_format_list)) == NULL) {
|
|
1770
1752
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
1771
|
-
return
|
|
1753
|
+
return false;
|
|
1772
1754
|
}
|
|
1773
1755
|
|
|
1774
|
-
return
|
|
1756
|
+
return true;
|
|
1775
1757
|
}
|
|
1776
1758
|
|
|
1777
|
-
static
|
|
1759
|
+
static bool ext_ec_point_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1778
1760
|
CBS *contents) {
|
|
1779
|
-
if (
|
|
1780
|
-
return
|
|
1761
|
+
if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
|
|
1762
|
+
return true;
|
|
1781
1763
|
}
|
|
1782
1764
|
|
|
1783
1765
|
return ext_ec_point_parse_serverhello(hs, out_alert, contents);
|
|
1784
1766
|
}
|
|
1785
1767
|
|
|
1786
|
-
static
|
|
1768
|
+
static bool ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1787
1769
|
SSL *const ssl = hs->ssl;
|
|
1788
|
-
if (
|
|
1789
|
-
return
|
|
1770
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
1771
|
+
return true;
|
|
1790
1772
|
}
|
|
1791
1773
|
|
|
1792
1774
|
const uint32_t alg_k = hs->new_cipher->algorithm_mkey;
|
|
1793
1775
|
const uint32_t alg_a = hs->new_cipher->algorithm_auth;
|
|
1794
|
-
const
|
|
1776
|
+
const bool using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
|
|
1795
1777
|
|
|
1796
1778
|
if (!using_ecc) {
|
|
1797
|
-
return
|
|
1779
|
+
return true;
|
|
1798
1780
|
}
|
|
1799
1781
|
|
|
1800
1782
|
return ext_ec_point_add_extension(hs, out);
|
|
@@ -1816,11 +1798,21 @@ static size_t ext_pre_shared_key_clienthello_length(SSL_HANDSHAKE *hs) {
|
|
|
1816
1798
|
return 15 + ssl->session->tlsext_ticklen + binder_len;
|
|
1817
1799
|
}
|
|
1818
1800
|
|
|
1819
|
-
static
|
|
1801
|
+
static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1820
1802
|
SSL *const ssl = hs->ssl;
|
|
1803
|
+
hs->needs_psk_binder = false;
|
|
1821
1804
|
if (hs->max_version < TLS1_3_VERSION || ssl->session == NULL ||
|
|
1822
1805
|
ssl_session_protocol_version(ssl->session) < TLS1_3_VERSION) {
|
|
1823
|
-
return
|
|
1806
|
+
return true;
|
|
1807
|
+
}
|
|
1808
|
+
|
|
1809
|
+
// Per draft-ietf-tls-tls13-21 section 4.1.4, skip offering the session if the
|
|
1810
|
+
// selected cipher in HelloRetryRequest does not match. This avoids performing
|
|
1811
|
+
// the transcript hash transformation for multiple hashes.
|
|
1812
|
+
if (hs->received_hello_retry_request &&
|
|
1813
|
+
ssl_is_draft21(ssl->version) &&
|
|
1814
|
+
ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) {
|
|
1815
|
+
return true;
|
|
1824
1816
|
}
|
|
1825
1817
|
|
|
1826
1818
|
struct OPENSSL_timeval now;
|
|
@@ -1844,35 +1836,35 @@ static int ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1844
1836
|
!CBB_add_u16_length_prefixed(&contents, &binders) ||
|
|
1845
1837
|
!CBB_add_u8_length_prefixed(&binders, &binder) ||
|
|
1846
1838
|
!CBB_add_bytes(&binder, zero_binder, binder_len)) {
|
|
1847
|
-
return
|
|
1839
|
+
return false;
|
|
1848
1840
|
}
|
|
1849
1841
|
|
|
1850
1842
|
hs->needs_psk_binder = true;
|
|
1851
1843
|
return CBB_flush(out);
|
|
1852
1844
|
}
|
|
1853
1845
|
|
|
1854
|
-
|
|
1855
|
-
|
|
1856
|
-
|
|
1846
|
+
bool ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
1847
|
+
uint8_t *out_alert,
|
|
1848
|
+
CBS *contents) {
|
|
1857
1849
|
uint16_t psk_id;
|
|
1858
1850
|
if (!CBS_get_u16(contents, &psk_id) ||
|
|
1859
1851
|
CBS_len(contents) != 0) {
|
|
1860
1852
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
1861
1853
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1862
|
-
return
|
|
1854
|
+
return false;
|
|
1863
1855
|
}
|
|
1864
1856
|
|
|
1865
1857
|
// We only advertise one PSK identity, so the only legal index is zero.
|
|
1866
1858
|
if (psk_id != 0) {
|
|
1867
1859
|
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
|
|
1868
1860
|
*out_alert = SSL_AD_UNKNOWN_PSK_IDENTITY;
|
|
1869
|
-
return
|
|
1861
|
+
return false;
|
|
1870
1862
|
}
|
|
1871
1863
|
|
|
1872
|
-
return
|
|
1864
|
+
return true;
|
|
1873
1865
|
}
|
|
1874
1866
|
|
|
1875
|
-
|
|
1867
|
+
bool ssl_ext_pre_shared_key_parse_clienthello(
|
|
1876
1868
|
SSL_HANDSHAKE *hs, CBS *out_ticket, CBS *out_binders,
|
|
1877
1869
|
uint32_t *out_obfuscated_ticket_age, uint8_t *out_alert, CBS *contents) {
|
|
1878
1870
|
// We only process the first PSK identity since we don't support pure PSK.
|
|
@@ -1885,7 +1877,7 @@ int ssl_ext_pre_shared_key_parse_clienthello(
|
|
|
1885
1877
|
CBS_len(contents) != 0) {
|
|
1886
1878
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
1887
1879
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1888
|
-
return
|
|
1880
|
+
return false;
|
|
1889
1881
|
}
|
|
1890
1882
|
|
|
1891
1883
|
*out_binders = binders;
|
|
@@ -1899,7 +1891,7 @@ int ssl_ext_pre_shared_key_parse_clienthello(
|
|
|
1899
1891
|
!CBS_get_u32(&identities, &unused_obfuscated_ticket_age)) {
|
|
1900
1892
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
1901
1893
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1902
|
-
return
|
|
1894
|
+
return false;
|
|
1903
1895
|
}
|
|
1904
1896
|
|
|
1905
1897
|
num_identities++;
|
|
@@ -1913,7 +1905,7 @@ int ssl_ext_pre_shared_key_parse_clienthello(
|
|
|
1913
1905
|
if (!CBS_get_u8_length_prefixed(&binders, &binder)) {
|
|
1914
1906
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
1915
1907
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1916
|
-
return
|
|
1908
|
+
return false;
|
|
1917
1909
|
}
|
|
1918
1910
|
|
|
1919
1911
|
num_binders++;
|
|
@@ -1922,15 +1914,15 @@ int ssl_ext_pre_shared_key_parse_clienthello(
|
|
|
1922
1914
|
if (num_identities != num_binders) {
|
|
1923
1915
|
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_BINDER_COUNT_MISMATCH);
|
|
1924
1916
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
1925
|
-
return
|
|
1917
|
+
return false;
|
|
1926
1918
|
}
|
|
1927
1919
|
|
|
1928
|
-
return
|
|
1920
|
+
return true;
|
|
1929
1921
|
}
|
|
1930
1922
|
|
|
1931
|
-
|
|
1923
|
+
bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1932
1924
|
if (!hs->ssl->s3->session_reused) {
|
|
1933
|
-
return
|
|
1925
|
+
return true;
|
|
1934
1926
|
}
|
|
1935
1927
|
|
|
1936
1928
|
CBB contents;
|
|
@@ -1939,10 +1931,10 @@ int ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1939
1931
|
// We only consider the first identity for resumption
|
|
1940
1932
|
!CBB_add_u16(&contents, 0) ||
|
|
1941
1933
|
!CBB_flush(out)) {
|
|
1942
|
-
return
|
|
1934
|
+
return false;
|
|
1943
1935
|
}
|
|
1944
1936
|
|
|
1945
|
-
return
|
|
1937
|
+
return true;
|
|
1946
1938
|
}
|
|
1947
1939
|
|
|
1948
1940
|
|
|
@@ -1950,10 +1942,10 @@ int ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1950
1942
|
//
|
|
1951
1943
|
// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.7
|
|
1952
1944
|
|
|
1953
|
-
static
|
|
1954
|
-
|
|
1945
|
+
static bool ext_psk_key_exchange_modes_add_clienthello(SSL_HANDSHAKE *hs,
|
|
1946
|
+
CBB *out) {
|
|
1955
1947
|
if (hs->max_version < TLS1_3_VERSION) {
|
|
1956
|
-
return
|
|
1948
|
+
return true;
|
|
1957
1949
|
}
|
|
1958
1950
|
|
|
1959
1951
|
CBB contents, ke_modes;
|
|
@@ -1961,17 +1953,17 @@ static int ext_psk_key_exchange_modes_add_clienthello(SSL_HANDSHAKE *hs,
|
|
|
1961
1953
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
1962
1954
|
!CBB_add_u8_length_prefixed(&contents, &ke_modes) ||
|
|
1963
1955
|
!CBB_add_u8(&ke_modes, SSL_PSK_DHE_KE)) {
|
|
1964
|
-
return
|
|
1956
|
+
return false;
|
|
1965
1957
|
}
|
|
1966
1958
|
|
|
1967
1959
|
return CBB_flush(out);
|
|
1968
1960
|
}
|
|
1969
1961
|
|
|
1970
|
-
static
|
|
1971
|
-
|
|
1972
|
-
|
|
1962
|
+
static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
1963
|
+
uint8_t *out_alert,
|
|
1964
|
+
CBS *contents) {
|
|
1973
1965
|
if (contents == NULL) {
|
|
1974
|
-
return
|
|
1966
|
+
return true;
|
|
1975
1967
|
}
|
|
1976
1968
|
|
|
1977
1969
|
CBS ke_modes;
|
|
@@ -1979,14 +1971,14 @@ static int ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
|
1979
1971
|
CBS_len(&ke_modes) == 0 ||
|
|
1980
1972
|
CBS_len(contents) != 0) {
|
|
1981
1973
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1982
|
-
return
|
|
1974
|
+
return false;
|
|
1983
1975
|
}
|
|
1984
1976
|
|
|
1985
1977
|
// We only support tickets with PSK_DHE_KE.
|
|
1986
1978
|
hs->accept_psk_mode = OPENSSL_memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE,
|
|
1987
1979
|
CBS_len(&ke_modes)) != NULL;
|
|
1988
1980
|
|
|
1989
|
-
return
|
|
1981
|
+
return true;
|
|
1990
1982
|
}
|
|
1991
1983
|
|
|
1992
1984
|
|
|
@@ -1994,14 +1986,22 @@ static int ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
|
1994
1986
|
//
|
|
1995
1987
|
// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.8
|
|
1996
1988
|
|
|
1997
|
-
static
|
|
1989
|
+
static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1998
1990
|
SSL *const ssl = hs->ssl;
|
|
1999
|
-
if (ssl->
|
|
1991
|
+
if (!ssl->cert->enable_early_data ||
|
|
1992
|
+
// Session must be 0-RTT capable.
|
|
1993
|
+
ssl->session == NULL ||
|
|
2000
1994
|
ssl_session_protocol_version(ssl->session) < TLS1_3_VERSION ||
|
|
2001
1995
|
ssl->session->ticket_max_early_data == 0 ||
|
|
1996
|
+
// The second ClientHello never offers early data.
|
|
2002
1997
|
hs->received_hello_retry_request ||
|
|
2003
|
-
|
|
2004
|
-
|
|
1998
|
+
// In case ALPN preferences changed since this session was established,
|
|
1999
|
+
// avoid reporting a confusing value in |SSL_get0_alpn_selected|.
|
|
2000
|
+
(ssl->session->early_alpn_len != 0 &&
|
|
2001
|
+
!ssl_is_alpn_protocol_allowed(
|
|
2002
|
+
ssl, MakeConstSpan(ssl->session->early_alpn,
|
|
2003
|
+
ssl->session->early_alpn_len)))) {
|
|
2004
|
+
return true;
|
|
2005
2005
|
}
|
|
2006
2006
|
|
|
2007
2007
|
hs->early_data_offered = true;
|
|
@@ -2009,63 +2009,63 @@ static int ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2009
2009
|
if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
|
|
2010
2010
|
!CBB_add_u16(out, 0) ||
|
|
2011
2011
|
!CBB_flush(out)) {
|
|
2012
|
-
return
|
|
2012
|
+
return false;
|
|
2013
2013
|
}
|
|
2014
2014
|
|
|
2015
|
-
return
|
|
2015
|
+
return true;
|
|
2016
2016
|
}
|
|
2017
2017
|
|
|
2018
|
-
static
|
|
2019
|
-
|
|
2018
|
+
static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2019
|
+
uint8_t *out_alert, CBS *contents) {
|
|
2020
2020
|
SSL *const ssl = hs->ssl;
|
|
2021
2021
|
if (contents == NULL) {
|
|
2022
|
-
return
|
|
2022
|
+
return true;
|
|
2023
2023
|
}
|
|
2024
2024
|
|
|
2025
2025
|
if (CBS_len(contents) != 0) {
|
|
2026
2026
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
2027
|
-
return
|
|
2027
|
+
return false;
|
|
2028
2028
|
}
|
|
2029
2029
|
|
|
2030
2030
|
if (!ssl->s3->session_reused) {
|
|
2031
2031
|
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
|
2032
2032
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
|
2033
|
-
return
|
|
2033
|
+
return false;
|
|
2034
2034
|
}
|
|
2035
2035
|
|
|
2036
|
-
ssl->early_data_accepted =
|
|
2037
|
-
return
|
|
2036
|
+
ssl->early_data_accepted = true;
|
|
2037
|
+
return true;
|
|
2038
2038
|
}
|
|
2039
2039
|
|
|
2040
|
-
static
|
|
2041
|
-
|
|
2040
|
+
static bool ext_early_data_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
2041
|
+
uint8_t *out_alert, CBS *contents) {
|
|
2042
2042
|
SSL *const ssl = hs->ssl;
|
|
2043
2043
|
if (contents == NULL ||
|
|
2044
|
-
|
|
2045
|
-
return
|
|
2044
|
+
ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
|
2045
|
+
return true;
|
|
2046
2046
|
}
|
|
2047
2047
|
|
|
2048
2048
|
if (CBS_len(contents) != 0) {
|
|
2049
2049
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
2050
|
-
return
|
|
2050
|
+
return false;
|
|
2051
2051
|
}
|
|
2052
2052
|
|
|
2053
2053
|
hs->early_data_offered = true;
|
|
2054
|
-
return
|
|
2054
|
+
return true;
|
|
2055
2055
|
}
|
|
2056
2056
|
|
|
2057
|
-
static
|
|
2057
|
+
static bool ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2058
2058
|
if (!hs->ssl->early_data_accepted) {
|
|
2059
|
-
return
|
|
2059
|
+
return true;
|
|
2060
2060
|
}
|
|
2061
2061
|
|
|
2062
2062
|
if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
|
|
2063
2063
|
!CBB_add_u16(out, 0) ||
|
|
2064
2064
|
!CBB_flush(out)) {
|
|
2065
|
-
return
|
|
2065
|
+
return false;
|
|
2066
2066
|
}
|
|
2067
2067
|
|
|
2068
|
-
return
|
|
2068
|
+
return true;
|
|
2069
2069
|
}
|
|
2070
2070
|
|
|
2071
2071
|
|
|
@@ -2073,17 +2073,17 @@ static int ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2073
2073
|
//
|
|
2074
2074
|
// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.5
|
|
2075
2075
|
|
|
2076
|
-
static
|
|
2076
|
+
static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2077
2077
|
SSL *const ssl = hs->ssl;
|
|
2078
2078
|
if (hs->max_version < TLS1_3_VERSION) {
|
|
2079
|
-
return
|
|
2079
|
+
return true;
|
|
2080
2080
|
}
|
|
2081
2081
|
|
|
2082
2082
|
CBB contents, kse_bytes;
|
|
2083
2083
|
if (!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
|
|
2084
2084
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
2085
2085
|
!CBB_add_u16_length_prefixed(&contents, &kse_bytes)) {
|
|
2086
|
-
return
|
|
2086
|
+
return false;
|
|
2087
2087
|
}
|
|
2088
2088
|
|
|
2089
2089
|
uint16_t group_id = hs->retry_group;
|
|
@@ -2093,7 +2093,7 @@ static int ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2093
2093
|
if (group_id == 0 &&
|
|
2094
2094
|
!CBB_add_bytes(&kse_bytes, hs->key_share_bytes.data(),
|
|
2095
2095
|
hs->key_share_bytes.size())) {
|
|
2096
|
-
return
|
|
2096
|
+
return false;
|
|
2097
2097
|
}
|
|
2098
2098
|
hs->key_share_bytes.Reset();
|
|
2099
2099
|
if (group_id == 0) {
|
|
@@ -2106,14 +2106,14 @@ static int ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2106
2106
|
ssl_get_grease_value(ssl, ssl_grease_group)) ||
|
|
2107
2107
|
!CBB_add_u16(&kse_bytes, 1 /* length */) ||
|
|
2108
2108
|
!CBB_add_u8(&kse_bytes, 0 /* one byte key share */))) {
|
|
2109
|
-
return
|
|
2109
|
+
return false;
|
|
2110
2110
|
}
|
|
2111
2111
|
|
|
2112
2112
|
// Predict the most preferred group.
|
|
2113
2113
|
Span<const uint16_t> groups = tls1_get_grouplist(ssl);
|
|
2114
2114
|
if (groups.empty()) {
|
|
2115
2115
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_GROUPS_SPECIFIED);
|
|
2116
|
-
return
|
|
2116
|
+
return false;
|
|
2117
2117
|
}
|
|
2118
2118
|
|
|
2119
2119
|
group_id = groups[0];
|
|
@@ -2126,93 +2126,94 @@ static int ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2126
2126
|
!CBB_add_u16_length_prefixed(&kse_bytes, &key_exchange) ||
|
|
2127
2127
|
!hs->key_share->Offer(&key_exchange) ||
|
|
2128
2128
|
!CBB_flush(&kse_bytes)) {
|
|
2129
|
-
return
|
|
2129
|
+
return false;
|
|
2130
2130
|
}
|
|
2131
2131
|
|
|
2132
2132
|
// Save the contents of the extension to repeat it in the second ClientHello.
|
|
2133
2133
|
if (!hs->received_hello_retry_request &&
|
|
2134
2134
|
!hs->key_share_bytes.CopyFrom(
|
|
2135
2135
|
MakeConstSpan(CBB_data(&kse_bytes), CBB_len(&kse_bytes)))) {
|
|
2136
|
-
return
|
|
2136
|
+
return false;
|
|
2137
2137
|
}
|
|
2138
2138
|
|
|
2139
2139
|
return CBB_flush(out);
|
|
2140
2140
|
}
|
|
2141
2141
|
|
|
2142
|
-
|
|
2143
|
-
|
|
2144
|
-
|
|
2142
|
+
bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2143
|
+
Array<uint8_t> *out_secret,
|
|
2144
|
+
uint8_t *out_alert, CBS *contents) {
|
|
2145
2145
|
CBS peer_key;
|
|
2146
2146
|
uint16_t group_id;
|
|
2147
2147
|
if (!CBS_get_u16(contents, &group_id) ||
|
|
2148
2148
|
!CBS_get_u16_length_prefixed(contents, &peer_key) ||
|
|
2149
2149
|
CBS_len(contents) != 0) {
|
|
2150
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
2150
2151
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
2151
|
-
return
|
|
2152
|
+
return false;
|
|
2152
2153
|
}
|
|
2153
2154
|
|
|
2154
2155
|
if (hs->key_share->GroupID() != group_id) {
|
|
2155
2156
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
2156
2157
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
|
|
2157
|
-
return
|
|
2158
|
+
return false;
|
|
2158
2159
|
}
|
|
2159
2160
|
|
|
2160
2161
|
if (!hs->key_share->Finish(out_secret, out_alert, peer_key)) {
|
|
2161
2162
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
2162
|
-
return
|
|
2163
|
+
return false;
|
|
2163
2164
|
}
|
|
2164
2165
|
|
|
2165
2166
|
hs->new_session->group_id = group_id;
|
|
2166
2167
|
hs->key_share.reset();
|
|
2167
|
-
return
|
|
2168
|
+
return true;
|
|
2168
2169
|
}
|
|
2169
2170
|
|
|
2170
|
-
|
|
2171
|
-
|
|
2172
|
-
|
|
2171
|
+
bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
|
|
2172
|
+
Array<uint8_t> *out_secret,
|
|
2173
|
+
uint8_t *out_alert, CBS *contents) {
|
|
2173
2174
|
uint16_t group_id;
|
|
2174
2175
|
CBS key_shares;
|
|
2175
2176
|
if (!tls1_get_shared_group(hs, &group_id)) {
|
|
2176
2177
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_GROUP);
|
|
2177
2178
|
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
|
|
2178
|
-
return
|
|
2179
|
+
return false;
|
|
2179
2180
|
}
|
|
2180
2181
|
|
|
2181
2182
|
if (!CBS_get_u16_length_prefixed(contents, &key_shares) ||
|
|
2182
2183
|
CBS_len(contents) != 0) {
|
|
2183
2184
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
2184
|
-
return
|
|
2185
|
+
return false;
|
|
2185
2186
|
}
|
|
2186
2187
|
|
|
2187
2188
|
// Find the corresponding key share.
|
|
2188
|
-
bool found = false;
|
|
2189
2189
|
CBS peer_key;
|
|
2190
|
+
CBS_init(&peer_key, NULL, 0);
|
|
2190
2191
|
while (CBS_len(&key_shares) > 0) {
|
|
2191
2192
|
uint16_t id;
|
|
2192
2193
|
CBS peer_key_tmp;
|
|
2193
2194
|
if (!CBS_get_u16(&key_shares, &id) ||
|
|
2194
|
-
!CBS_get_u16_length_prefixed(&key_shares, &peer_key_tmp)
|
|
2195
|
+
!CBS_get_u16_length_prefixed(&key_shares, &peer_key_tmp) ||
|
|
2196
|
+
CBS_len(&peer_key_tmp) == 0) {
|
|
2195
2197
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
2196
|
-
return
|
|
2198
|
+
return false;
|
|
2197
2199
|
}
|
|
2198
2200
|
|
|
2199
2201
|
if (id == group_id) {
|
|
2200
|
-
if (
|
|
2202
|
+
if (CBS_len(&peer_key) != 0) {
|
|
2201
2203
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_KEY_SHARE);
|
|
2202
2204
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
2203
|
-
return
|
|
2205
|
+
return false;
|
|
2204
2206
|
}
|
|
2205
2207
|
|
|
2206
|
-
found = true;
|
|
2207
2208
|
peer_key = peer_key_tmp;
|
|
2208
2209
|
// Continue parsing the structure to keep peers honest.
|
|
2209
2210
|
}
|
|
2210
2211
|
}
|
|
2211
2212
|
|
|
2212
|
-
if (
|
|
2213
|
+
if (CBS_len(&peer_key) == 0) {
|
|
2213
2214
|
*out_found = false;
|
|
2214
2215
|
out_secret->Reset();
|
|
2215
|
-
return
|
|
2216
|
+
return true;
|
|
2216
2217
|
}
|
|
2217
2218
|
|
|
2218
2219
|
// Compute the DH secret.
|
|
@@ -2224,15 +2225,15 @@ int ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
|
|
|
2224
2225
|
!key_share->Accept(public_key.get(), &secret, out_alert, peer_key) ||
|
|
2225
2226
|
!CBBFinishArray(public_key.get(), &hs->ecdh_public_key)) {
|
|
2226
2227
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
2227
|
-
return
|
|
2228
|
+
return false;
|
|
2228
2229
|
}
|
|
2229
2230
|
|
|
2230
2231
|
*out_secret = std::move(secret);
|
|
2231
2232
|
*out_found = true;
|
|
2232
|
-
return
|
|
2233
|
+
return true;
|
|
2233
2234
|
}
|
|
2234
2235
|
|
|
2235
|
-
|
|
2236
|
+
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2236
2237
|
uint16_t group_id;
|
|
2237
2238
|
CBB kse_bytes, public_key;
|
|
2238
2239
|
if (!tls1_get_shared_group(hs, &group_id) ||
|
|
@@ -2243,13 +2244,13 @@ int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2243
2244
|
!CBB_add_bytes(&public_key, hs->ecdh_public_key.data(),
|
|
2244
2245
|
hs->ecdh_public_key.size()) ||
|
|
2245
2246
|
!CBB_flush(out)) {
|
|
2246
|
-
return
|
|
2247
|
+
return false;
|
|
2247
2248
|
}
|
|
2248
2249
|
|
|
2249
2250
|
hs->ecdh_public_key.Reset();
|
|
2250
2251
|
|
|
2251
2252
|
hs->new_session->group_id = group_id;
|
|
2252
|
-
return
|
|
2253
|
+
return true;
|
|
2253
2254
|
}
|
|
2254
2255
|
|
|
2255
2256
|
|
|
@@ -2257,31 +2258,31 @@ int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2257
2258
|
//
|
|
2258
2259
|
// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.1
|
|
2259
2260
|
|
|
2260
|
-
static
|
|
2261
|
+
static bool ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2261
2262
|
SSL *const ssl = hs->ssl;
|
|
2262
2263
|
if (hs->max_version <= TLS1_2_VERSION) {
|
|
2263
|
-
return
|
|
2264
|
+
return true;
|
|
2264
2265
|
}
|
|
2265
2266
|
|
|
2266
2267
|
CBB contents, versions;
|
|
2267
2268
|
if (!CBB_add_u16(out, TLSEXT_TYPE_supported_versions) ||
|
|
2268
2269
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
2269
2270
|
!CBB_add_u8_length_prefixed(&contents, &versions)) {
|
|
2270
|
-
return
|
|
2271
|
+
return false;
|
|
2271
2272
|
}
|
|
2272
2273
|
|
|
2273
2274
|
// Add a fake version. See draft-davidben-tls-grease-01.
|
|
2274
2275
|
if (ssl->ctx->grease_enabled &&
|
|
2275
2276
|
!CBB_add_u16(&versions, ssl_get_grease_value(ssl, ssl_grease_version))) {
|
|
2276
|
-
return
|
|
2277
|
+
return false;
|
|
2277
2278
|
}
|
|
2278
2279
|
|
|
2279
2280
|
if (!ssl_add_supported_versions(hs, &versions) ||
|
|
2280
2281
|
!CBB_flush(out)) {
|
|
2281
|
-
return
|
|
2282
|
+
return false;
|
|
2282
2283
|
}
|
|
2283
2284
|
|
|
2284
|
-
return
|
|
2285
|
+
return true;
|
|
2285
2286
|
}
|
|
2286
2287
|
|
|
2287
2288
|
|
|
@@ -2289,9 +2290,9 @@ static int ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2289
2290
|
//
|
|
2290
2291
|
// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.2
|
|
2291
2292
|
|
|
2292
|
-
static
|
|
2293
|
+
static bool ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2293
2294
|
if (hs->cookie.empty()) {
|
|
2294
|
-
return
|
|
2295
|
+
return true;
|
|
2295
2296
|
}
|
|
2296
2297
|
|
|
2297
2298
|
CBB contents, cookie;
|
|
@@ -2300,12 +2301,12 @@ static int ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2300
2301
|
!CBB_add_u16_length_prefixed(&contents, &cookie) ||
|
|
2301
2302
|
!CBB_add_bytes(&cookie, hs->cookie.data(), hs->cookie.size()) ||
|
|
2302
2303
|
!CBB_flush(out)) {
|
|
2303
|
-
return
|
|
2304
|
+
return false;
|
|
2304
2305
|
}
|
|
2305
2306
|
|
|
2306
2307
|
// The cookie is no longer needed in memory.
|
|
2307
2308
|
hs->cookie.Reset();
|
|
2308
|
-
return
|
|
2309
|
+
return true;
|
|
2309
2310
|
}
|
|
2310
2311
|
|
|
2311
2312
|
|
|
@@ -2314,37 +2315,37 @@ static int ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2314
2315
|
// https://tools.ietf.org/html/rfc4492#section-5.1.2
|
|
2315
2316
|
// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.4
|
|
2316
2317
|
|
|
2317
|
-
static
|
|
2318
|
+
static bool ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2318
2319
|
SSL *const ssl = hs->ssl;
|
|
2319
2320
|
CBB contents, groups_bytes;
|
|
2320
2321
|
if (!CBB_add_u16(out, TLSEXT_TYPE_supported_groups) ||
|
|
2321
2322
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
2322
2323
|
!CBB_add_u16_length_prefixed(&contents, &groups_bytes)) {
|
|
2323
|
-
return
|
|
2324
|
+
return false;
|
|
2324
2325
|
}
|
|
2325
2326
|
|
|
2326
2327
|
// Add a fake group. See draft-davidben-tls-grease-01.
|
|
2327
2328
|
if (ssl->ctx->grease_enabled &&
|
|
2328
2329
|
!CBB_add_u16(&groups_bytes,
|
|
2329
2330
|
ssl_get_grease_value(ssl, ssl_grease_group))) {
|
|
2330
|
-
return
|
|
2331
|
+
return false;
|
|
2331
2332
|
}
|
|
2332
2333
|
|
|
2333
2334
|
for (uint16_t group : tls1_get_grouplist(ssl)) {
|
|
2334
2335
|
if (!CBB_add_u16(&groups_bytes, group)) {
|
|
2335
|
-
return
|
|
2336
|
+
return false;
|
|
2336
2337
|
}
|
|
2337
2338
|
}
|
|
2338
2339
|
|
|
2339
2340
|
return CBB_flush(out);
|
|
2340
2341
|
}
|
|
2341
2342
|
|
|
2342
|
-
static
|
|
2343
|
-
|
|
2344
|
-
|
|
2343
|
+
static bool ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2344
|
+
uint8_t *out_alert,
|
|
2345
|
+
CBS *contents) {
|
|
2345
2346
|
// This extension is not expected to be echoed by servers in TLS 1.2, but some
|
|
2346
2347
|
// BigIP servers send it nonetheless, so do not enforce this.
|
|
2347
|
-
return
|
|
2348
|
+
return true;
|
|
2348
2349
|
}
|
|
2349
2350
|
|
|
2350
2351
|
static bool parse_u16_array(const CBS *cbs, Array<uint16_t> *out) {
|
|
@@ -2370,11 +2371,11 @@ static bool parse_u16_array(const CBS *cbs, Array<uint16_t> *out) {
|
|
|
2370
2371
|
return 1;
|
|
2371
2372
|
}
|
|
2372
2373
|
|
|
2373
|
-
static
|
|
2374
|
+
static bool ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
2374
2375
|
uint8_t *out_alert,
|
|
2375
|
-
|
|
2376
|
+
CBS *contents) {
|
|
2376
2377
|
if (contents == NULL) {
|
|
2377
|
-
return
|
|
2378
|
+
return true;
|
|
2378
2379
|
}
|
|
2379
2380
|
|
|
2380
2381
|
CBS supported_group_list;
|
|
@@ -2382,15 +2383,10 @@ static int ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
|
2382
2383
|
CBS_len(&supported_group_list) == 0 ||
|
|
2383
2384
|
CBS_len(contents) != 0 ||
|
|
2384
2385
|
!parse_u16_array(&supported_group_list, &hs->peer_supported_group_list)) {
|
|
2385
|
-
return
|
|
2386
|
+
return false;
|
|
2386
2387
|
}
|
|
2387
2388
|
|
|
2388
|
-
return
|
|
2389
|
-
}
|
|
2390
|
-
|
|
2391
|
-
static int ext_supported_groups_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2392
|
-
// Servers don't echo this extension.
|
|
2393
|
-
return 1;
|
|
2389
|
+
return true;
|
|
2394
2390
|
}
|
|
2395
2391
|
|
|
2396
2392
|
|
|
@@ -2543,7 +2539,7 @@ static const struct tls_extension kExtensions[] = {
|
|
|
2543
2539
|
ext_supported_groups_add_clienthello,
|
|
2544
2540
|
ext_supported_groups_parse_serverhello,
|
|
2545
2541
|
ext_supported_groups_parse_clienthello,
|
|
2546
|
-
|
|
2542
|
+
dont_add_serverhello,
|
|
2547
2543
|
},
|
|
2548
2544
|
};
|
|
2549
2545
|
|
|
@@ -2710,7 +2706,7 @@ int ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2710
2706
|
}
|
|
2711
2707
|
|
|
2712
2708
|
// Discard empty extensions blocks before TLS 1.3.
|
|
2713
|
-
if (
|
|
2709
|
+
if (ssl_protocol_version(ssl) < TLS1_3_VERSION &&
|
|
2714
2710
|
CBB_len(&extensions) == 0) {
|
|
2715
2711
|
CBB_discard_child(out);
|
|
2716
2712
|
}
|
|
@@ -2812,7 +2808,7 @@ int ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
|
|
|
2812
2808
|
SSL *const ssl = hs->ssl;
|
|
2813
2809
|
int alert = SSL_AD_DECODE_ERROR;
|
|
2814
2810
|
if (ssl_scan_clienthello_tlsext(hs, client_hello, &alert) <= 0) {
|
|
2815
|
-
|
|
2811
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
|
2816
2812
|
return 0;
|
|
2817
2813
|
}
|
|
2818
2814
|
|
|
@@ -2828,7 +2824,7 @@ static int ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs,
|
|
|
2828
2824
|
int *out_alert) {
|
|
2829
2825
|
SSL *const ssl = hs->ssl;
|
|
2830
2826
|
// Before TLS 1.3, ServerHello extensions blocks may be omitted if empty.
|
|
2831
|
-
if (CBS_len(cbs) == 0 &&
|
|
2827
|
+
if (CBS_len(cbs) == 0 && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
|
2832
2828
|
return 1;
|
|
2833
2829
|
}
|
|
2834
2830
|
|
|
@@ -2920,7 +2916,7 @@ static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
|
|
|
2920
2916
|
|
|
2921
2917
|
switch (ret) {
|
|
2922
2918
|
case SSL_TLSEXT_ERR_ALERT_FATAL:
|
|
2923
|
-
|
|
2919
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, al);
|
|
2924
2920
|
return -1;
|
|
2925
2921
|
|
|
2926
2922
|
case SSL_TLSEXT_ERR_NOACK:
|
|
@@ -2936,7 +2932,7 @@ int ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
|
|
|
2936
2932
|
SSL *const ssl = hs->ssl;
|
|
2937
2933
|
int alert = SSL_AD_DECODE_ERROR;
|
|
2938
2934
|
if (ssl_scan_serverhello_tlsext(hs, cbs, &alert) <= 0) {
|
|
2939
|
-
|
|
2935
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
|
2940
2936
|
return 0;
|
|
2941
2937
|
}
|
|
2942
2938
|
|
|
@@ -3144,7 +3140,7 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
|
|
|
3144
3140
|
|
|
3145
3141
|
int tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
|
|
3146
3142
|
// Extension ignored for inappropriate versions
|
|
3147
|
-
if (
|
|
3143
|
+
if (ssl_protocol_version(hs->ssl) < TLS1_2_VERSION) {
|
|
3148
3144
|
return 1;
|
|
3149
3145
|
}
|
|
3150
3146
|
|
|
@@ -3170,7 +3166,7 @@ int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
|
|
|
3170
3166
|
|
|
3171
3167
|
// Before TLS 1.2, the signature algorithm isn't negotiated as part of the
|
|
3172
3168
|
// handshake.
|
|
3173
|
-
if (
|
|
3169
|
+
if (ssl_protocol_version(ssl) < TLS1_2_VERSION) {
|
|
3174
3170
|
if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey.get())) {
|
|
3175
3171
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
|
|
3176
3172
|
return 0;
|
|
@@ -3184,7 +3180,7 @@ int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
|
|
|
3184
3180
|
}
|
|
3185
3181
|
|
|
3186
3182
|
Span<const uint16_t> peer_sigalgs = hs->peer_sigalgs;
|
|
3187
|
-
if (peer_sigalgs.empty() &&
|
|
3183
|
+
if (peer_sigalgs.empty() && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
|
3188
3184
|
// If the client didn't specify any signature_algorithms extension then
|
|
3189
3185
|
// we can assume that it supports SHA1. See
|
|
3190
3186
|
// http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
|
@@ -3225,7 +3221,7 @@ int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
|
|
|
3225
3221
|
extension_type != TLSEXT_TYPE_channel_id ||
|
|
3226
3222
|
CBS_len(&extension) != TLSEXT_CHANNEL_ID_SIZE) {
|
|
3227
3223
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
3228
|
-
|
|
3224
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
|
3229
3225
|
return 0;
|
|
3230
3226
|
}
|
|
3231
3227
|
|
|
@@ -3271,7 +3267,7 @@ int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
|
|
|
3271
3267
|
#endif
|
|
3272
3268
|
if (!sig_ok) {
|
|
3273
3269
|
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
|
|
3274
|
-
|
|
3270
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
|
|
3275
3271
|
ssl->s3->tlsext_channel_id_valid = false;
|
|
3276
3272
|
return 0;
|
|
3277
3273
|
}
|
|
@@ -3280,68 +3276,57 @@ int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
|
|
|
3280
3276
|
return 1;
|
|
3281
3277
|
}
|
|
3282
3278
|
|
|
3283
|
-
|
|
3279
|
+
bool tls1_write_channel_id(SSL_HANDSHAKE *hs, CBB *cbb) {
|
|
3284
3280
|
SSL *const ssl = hs->ssl;
|
|
3285
3281
|
uint8_t digest[EVP_MAX_MD_SIZE];
|
|
3286
3282
|
size_t digest_len;
|
|
3287
3283
|
if (!tls1_channel_id_hash(hs, digest, &digest_len)) {
|
|
3288
|
-
return
|
|
3284
|
+
return false;
|
|
3289
3285
|
}
|
|
3290
3286
|
|
|
3291
3287
|
EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ssl->tlsext_channel_id_private);
|
|
3292
|
-
if (ec_key ==
|
|
3288
|
+
if (ec_key == nullptr) {
|
|
3293
3289
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
3294
|
-
return
|
|
3290
|
+
return false;
|
|
3295
3291
|
}
|
|
3296
3292
|
|
|
3297
|
-
|
|
3298
|
-
|
|
3299
|
-
BIGNUM *y = BN_new();
|
|
3300
|
-
ECDSA_SIG *sig = NULL;
|
|
3301
|
-
if (x == NULL || y == NULL ||
|
|
3293
|
+
UniquePtr<BIGNUM> x(BN_new()), y(BN_new());
|
|
3294
|
+
if (!x || !y ||
|
|
3302
3295
|
!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key),
|
|
3303
3296
|
EC_KEY_get0_public_key(ec_key),
|
|
3304
|
-
x, y,
|
|
3305
|
-
|
|
3297
|
+
x.get(), y.get(), nullptr)) {
|
|
3298
|
+
return false;
|
|
3306
3299
|
}
|
|
3307
3300
|
|
|
3308
|
-
sig
|
|
3309
|
-
if (sig
|
|
3310
|
-
|
|
3301
|
+
UniquePtr<ECDSA_SIG> sig(ECDSA_do_sign(digest, digest_len, ec_key));
|
|
3302
|
+
if (!sig) {
|
|
3303
|
+
return false;
|
|
3311
3304
|
}
|
|
3312
3305
|
|
|
3313
3306
|
CBB child;
|
|
3314
3307
|
if (!CBB_add_u16(cbb, TLSEXT_TYPE_channel_id) ||
|
|
3315
3308
|
!CBB_add_u16_length_prefixed(cbb, &child) ||
|
|
3316
|
-
!BN_bn2cbb_padded(&child, 32, x) ||
|
|
3317
|
-
!BN_bn2cbb_padded(&child, 32, y) ||
|
|
3309
|
+
!BN_bn2cbb_padded(&child, 32, x.get()) ||
|
|
3310
|
+
!BN_bn2cbb_padded(&child, 32, y.get()) ||
|
|
3318
3311
|
!BN_bn2cbb_padded(&child, 32, sig->r) ||
|
|
3319
3312
|
!BN_bn2cbb_padded(&child, 32, sig->s) ||
|
|
3320
3313
|
!CBB_flush(cbb)) {
|
|
3321
|
-
|
|
3314
|
+
return false;
|
|
3322
3315
|
}
|
|
3323
3316
|
|
|
3324
|
-
|
|
3325
|
-
|
|
3326
|
-
err:
|
|
3327
|
-
BN_free(x);
|
|
3328
|
-
BN_free(y);
|
|
3329
|
-
ECDSA_SIG_free(sig);
|
|
3330
|
-
return ret;
|
|
3317
|
+
return true;
|
|
3331
3318
|
}
|
|
3332
3319
|
|
|
3333
3320
|
int tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) {
|
|
3334
3321
|
SSL *const ssl = hs->ssl;
|
|
3335
|
-
if (
|
|
3336
|
-
uint8_t
|
|
3337
|
-
|
|
3338
|
-
if (!tls13_get_cert_verify_signature_input(hs, &msg, &msg_len,
|
|
3322
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
3323
|
+
Array<uint8_t> msg;
|
|
3324
|
+
if (!tls13_get_cert_verify_signature_input(hs, &msg,
|
|
3339
3325
|
ssl_cert_verify_channel_id)) {
|
|
3340
3326
|
return 0;
|
|
3341
3327
|
}
|
|
3342
|
-
SHA256(msg,
|
|
3328
|
+
SHA256(msg.data(), msg.size(), out);
|
|
3343
3329
|
*out_len = SHA256_DIGEST_LENGTH;
|
|
3344
|
-
OPENSSL_free(msg);
|
|
3345
3330
|
return 1;
|
|
3346
3331
|
}
|
|
3347
3332
|
|