grpc 1.12.0 → 1.13.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +314 -23
- data/include/grpc/impl/codegen/fork.h +4 -4
- data/include/grpc/impl/codegen/grpc_types.h +1 -1
- data/include/grpc/impl/codegen/port_platform.h +3 -0
- data/src/boringssl/err_data.c +256 -246
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +1 -1
- data/src/core/ext/filters/client_channel/client_channel.cc +367 -272
- data/src/core/ext/filters/client_channel/lb_policy.h +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +42 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +36 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +36 -102
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +37 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +22 -19
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver.h +1 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +0 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +3 -3
- data/src/core/ext/filters/http/client_authority_filter.cc +5 -4
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +4 -4
- data/src/core/ext/filters/http/server/http_server_filter.cc +123 -131
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +9 -8
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +19 -19
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +10 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +4 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +14 -12
- data/src/core/ext/transport/chttp2/transport/writing.cc +6 -6
- data/src/core/lib/channel/channel_stack.cc +0 -5
- data/src/core/lib/channel/channel_stack.h +1 -1
- data/src/core/lib/channel/channel_stack_builder.cc +0 -3
- data/src/core/lib/channel/channel_stack_builder.h +0 -2
- data/src/core/lib/channel/channel_trace.cc +3 -3
- data/src/core/lib/channel/channelz_registry.cc +77 -0
- data/src/core/lib/channel/channelz_registry.h +99 -0
- data/src/core/lib/channel/handshaker.cc +20 -1
- data/src/core/lib/debug/stats.h +7 -0
- data/src/core/lib/debug/stats_data.cc +5 -0
- data/src/core/lib/debug/stats_data.h +120 -0
- data/src/core/lib/debug/trace.h +11 -9
- data/src/core/lib/gprpp/fork.cc +260 -0
- data/src/core/lib/gprpp/fork.h +79 -0
- data/src/core/lib/gprpp/memory.h +12 -0
- data/src/core/lib/gprpp/orphanable.h +2 -6
- data/src/core/lib/gprpp/ref_counted.h +2 -6
- data/src/core/lib/gprpp/thd.h +0 -3
- data/src/core/lib/gprpp/thd_posix.cc +4 -53
- data/src/core/lib/gprpp/thd_windows.cc +0 -7
- data/src/core/lib/http/httpcli_security_connector.cc +1 -3
- data/src/core/lib/iomgr/combiner.cc +19 -2
- data/src/core/lib/iomgr/combiner.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +2 -2
- data/src/core/lib/iomgr/ev_epollex_linux.cc +59 -3
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +1 -1
- data/src/core/lib/iomgr/ev_poll_posix.cc +2 -2
- data/src/core/lib/iomgr/ev_posix.cc +11 -4
- data/src/core/lib/iomgr/ev_posix.h +6 -0
- data/src/core/lib/iomgr/exec_ctx.cc +9 -9
- data/src/core/lib/iomgr/exec_ctx.h +39 -20
- data/src/core/lib/iomgr/fork_posix.cc +30 -18
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
- data/src/core/lib/iomgr/polling_entity.cc +11 -2
- data/src/core/lib/iomgr/pollset_custom.cc +2 -2
- data/src/core/lib/iomgr/port.h +38 -1
- data/src/core/lib/iomgr/resolve_address.h +1 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -1
- data/src/core/lib/iomgr/resource_quota.cc +1 -1
- data/src/core/lib/iomgr/sockaddr_posix.h +1 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_client_custom.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_posix.cc +3 -2
- data/src/core/lib/iomgr/tcp_custom.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +18 -10
- data/src/core/lib/iomgr/tcp_server_posix.cc +9 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +16 -4
- data/src/core/lib/iomgr/timer.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +113 -41
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +88 -115
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +16 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/security_connector/alts_security_connector.cc +2 -1
- data/src/core/lib/security/security_connector/security_connector.cc +7 -7
- data/src/core/lib/security/transport/security_handshaker.cc +1 -0
- data/src/core/lib/security/util/json_util.cc +4 -0
- data/src/core/lib/slice/slice_buffer.cc +15 -3
- data/src/core/lib/surface/call.cc +31 -17
- data/src/core/lib/surface/call.h +5 -0
- data/src/core/lib/surface/channel.cc +2 -5
- data/src/core/lib/surface/completion_queue.cc +1 -3
- data/src/core/lib/surface/completion_queue.h +0 -1
- data/src/core/lib/surface/init.cc +7 -8
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -1
- data/src/core/lib/transport/transport.h +4 -8
- data/src/core/lib/transport/transport_op_string.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +19 -7
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +10 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +28 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +3 -0
- data/src/core/tsi/fake_transport_security.cc +1 -0
- data/src/core/tsi/ssl_transport_security.cc +238 -110
- data/src/core/tsi/transport_security.cc +14 -0
- data/src/core/tsi/transport_security.h +2 -0
- data/src/core/tsi/transport_security_interface.h +11 -1
- data/src/ruby/bin/math_client.rb +17 -9
- data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +4 -1
- data/third_party/boringssl/crypto/asn1/a_int.c +33 -28
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +24 -22
- data/third_party/boringssl/crypto/asn1/a_utf8.c +13 -11
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +3 -0
- data/third_party/boringssl/crypto/bio/fd.c +1 -0
- data/third_party/boringssl/crypto/bio/file.c +2 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +6 -5
- data/third_party/boringssl/crypto/bytestring/ber.c +1 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +116 -16
- data/third_party/boringssl/crypto/bytestring/cbs.c +150 -20
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +171 -0
- data/third_party/boringssl/crypto/cipher_extra/e_rc2.c +2 -0
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +1 -2
- data/third_party/boringssl/crypto/cpu-aarch64-fuchsia.c +55 -0
- data/third_party/boringssl/crypto/cpu-aarch64-linux.c +2 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +16 -54
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +11 -542
- data/third_party/boringssl/crypto/fipsmodule/bn/add.c +33 -64
- data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +4 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +122 -70
- data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +32 -71
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +58 -112
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +198 -122
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +31 -65
- data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +2 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +98 -15
- data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +124 -81
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +8 -30
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +303 -347
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +2 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +3 -4
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +199 -222
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +27 -47
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +45 -28
- data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +10 -10
- data/third_party/boringssl/crypto/fipsmodule/des/internal.h +2 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +78 -47
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +35 -54
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +3 -10
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +36 -22
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +59 -90
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +29 -48
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +17 -26
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +15 -11
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +45 -51
- data/third_party/boringssl/crypto/fipsmodule/ec/{util-64.c → util.c} +0 -5
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +144 -264
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +78 -56
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +256 -0
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +36 -32
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +9 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +16 -10
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +255 -102
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +581 -0
- data/third_party/boringssl/crypto/fipsmodule/tls/internal.h +39 -0
- data/third_party/boringssl/crypto/fipsmodule/tls/kdf.c +165 -0
- data/third_party/boringssl/crypto/internal.h +65 -2
- data/third_party/boringssl/crypto/mem.c +0 -2
- data/third_party/boringssl/crypto/obj/obj.c +6 -73
- data/third_party/boringssl/crypto/thread_pthread.c +35 -5
- data/third_party/boringssl/crypto/x509/a_strex.c +11 -11
- data/third_party/boringssl/crypto/x509/x_name.c +13 -0
- data/third_party/boringssl/include/openssl/aead.h +4 -0
- data/third_party/boringssl/include/openssl/asn1.h +1 -3
- data/third_party/boringssl/include/openssl/base.h +1 -14
- data/third_party/boringssl/include/openssl/bio.h +1 -1
- data/third_party/boringssl/include/openssl/bn.h +49 -15
- data/third_party/boringssl/include/openssl/bytestring.h +49 -24
- data/third_party/boringssl/include/openssl/crypto.h +4 -0
- data/third_party/boringssl/include/openssl/ec_key.h +7 -3
- data/third_party/boringssl/include/openssl/err.h +9 -9
- data/third_party/boringssl/include/openssl/evp.h +1 -1
- data/third_party/boringssl/include/openssl/rsa.h +34 -10
- data/third_party/boringssl/include/openssl/ssl.h +160 -17
- data/third_party/boringssl/include/openssl/stack.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +10 -2
- data/third_party/boringssl/include/openssl/x509.h +3 -0
- data/third_party/boringssl/ssl/d1_both.cc +16 -2
- data/third_party/boringssl/ssl/dtls_method.cc +1 -1
- data/third_party/boringssl/ssl/handoff.cc +285 -0
- data/third_party/boringssl/ssl/handshake.cc +26 -12
- data/third_party/boringssl/ssl/handshake_client.cc +65 -31
- data/third_party/boringssl/ssl/handshake_server.cc +14 -2
- data/third_party/boringssl/ssl/internal.h +132 -79
- data/third_party/boringssl/ssl/s3_both.cc +2 -2
- data/third_party/boringssl/ssl/s3_lib.cc +3 -1
- data/third_party/boringssl/ssl/s3_pkt.cc +0 -18
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +1 -4
- data/third_party/boringssl/ssl/ssl_asn1.cc +47 -43
- data/third_party/boringssl/ssl/ssl_cipher.cc +8 -8
- data/third_party/boringssl/ssl/ssl_key_share.cc +3 -1
- data/third_party/boringssl/ssl/ssl_lib.cc +83 -14
- data/third_party/boringssl/ssl/ssl_privkey.cc +6 -0
- data/third_party/boringssl/ssl/ssl_stat.cc +6 -6
- data/third_party/boringssl/ssl/ssl_versions.cc +12 -85
- data/third_party/boringssl/ssl/ssl_x509.cc +59 -61
- data/third_party/boringssl/ssl/t1_enc.cc +73 -124
- data/third_party/boringssl/ssl/t1_lib.cc +367 -41
- data/third_party/boringssl/ssl/tls13_both.cc +8 -0
- data/third_party/boringssl/ssl/tls13_client.cc +98 -184
- data/third_party/boringssl/ssl/tls13_enc.cc +88 -158
- data/third_party/boringssl/ssl/tls13_server.cc +91 -137
- data/third_party/boringssl/ssl/tls_method.cc +0 -17
- data/third_party/boringssl/ssl/tls_record.cc +1 -10
- data/third_party/boringssl/third_party/fiat/curve25519.c +921 -2753
- data/third_party/boringssl/third_party/fiat/curve25519_tables.h +7880 -0
- data/third_party/boringssl/third_party/fiat/internal.h +32 -20
- data/third_party/boringssl/third_party/fiat/p256.c +1824 -0
- metadata +64 -64
- data/src/core/lib/channel/channel_trace_registry.cc +0 -80
- data/src/core/lib/channel/channel_trace_registry.h +0 -43
- data/src/core/lib/gpr/fork.cc +0 -78
- data/src/core/lib/gpr/fork.h +0 -35
- data/src/core/tsi/transport_security_adapter.cc +0 -235
- data/src/core/tsi/transport_security_adapter.h +0 -41
- data/src/ruby/bin/apis/google/protobuf/empty.rb +0 -29
- data/src/ruby/bin/apis/pubsub_demo.rb +0 -241
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +0 -159
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +0 -88
- data/src/ruby/pb/test/client.rb +0 -764
- data/src/ruby/pb/test/server.rb +0 -252
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +0 -247
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +0 -1674
@@ -4,21 +4,21 @@
|
|
4
4
|
* This package is an SSL implementation written
|
5
5
|
* by Eric Young (eay@cryptsoft.com).
|
6
6
|
* The implementation was written so as to conform with Netscapes SSL.
|
7
|
-
*
|
7
|
+
*
|
8
8
|
* This library is free for commercial and non-commercial use as long as
|
9
9
|
* the following conditions are aheared to. The following conditions
|
10
10
|
* apply to all code found in this distribution, be it the RC4, RSA,
|
11
11
|
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
12
12
|
* included with this distribution is covered by the same copyright terms
|
13
13
|
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
14
|
-
*
|
14
|
+
*
|
15
15
|
* Copyright remains Eric Young's, and as such any Copyright notices in
|
16
16
|
* the code are not to be removed.
|
17
17
|
* If this package is used in a product, Eric Young should be given attribution
|
18
18
|
* as the author of the parts of the library used.
|
19
19
|
* This can be in the form of a textual message at program startup or
|
20
20
|
* in documentation (online or textual) provided with the package.
|
21
|
-
*
|
21
|
+
*
|
22
22
|
* Redistribution and use in source and binary forms, with or without
|
23
23
|
* modification, are permitted provided that the following conditions
|
24
24
|
* are met:
|
@@ -33,10 +33,10 @@
|
|
33
33
|
* Eric Young (eay@cryptsoft.com)"
|
34
34
|
* The word 'cryptographic' can be left out if the rouines from the library
|
35
35
|
* being used are not cryptographic related :-).
|
36
|
-
* 4. If you include any Windows specific code (or a derivative thereof) from
|
36
|
+
* 4. If you include any Windows specific code (or a derivative thereof) from
|
37
37
|
* the apps directory (application code) you must include an acknowledgement:
|
38
38
|
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
39
|
-
*
|
39
|
+
*
|
40
40
|
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
41
41
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
42
42
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
@@ -48,7 +48,7 @@
|
|
48
48
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
49
49
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
50
50
|
* SUCH DAMAGE.
|
51
|
-
*
|
51
|
+
*
|
52
52
|
* The licence and distribution terms for any publically available version or
|
53
53
|
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
54
54
|
* copied and put under another distribution licence
|
@@ -62,7 +62,7 @@
|
|
62
62
|
* are met:
|
63
63
|
*
|
64
64
|
* 1. Redistributions of source code must retain the above copyright
|
65
|
-
* notice, this list of conditions and the following disclaimer.
|
65
|
+
* notice, this list of conditions and the following disclaimer.
|
66
66
|
*
|
67
67
|
* 2. Redistributions in binary form must reproduce the above copyright
|
68
68
|
* notice, this list of conditions and the following disclaimer in
|
@@ -116,6 +116,7 @@
|
|
116
116
|
#include <utility>
|
117
117
|
|
118
118
|
#include <openssl/bytestring.h>
|
119
|
+
#include <openssl/chacha.h>
|
119
120
|
#include <openssl/digest.h>
|
120
121
|
#include <openssl/err.h>
|
121
122
|
#include <openssl/evp.h>
|
@@ -463,29 +464,30 @@ static const uint16_t kSignSignatureAlgorithms[] = {
|
|
463
464
|
SSL_SIGN_RSA_PKCS1_SHA1,
|
464
465
|
};
|
465
466
|
|
466
|
-
|
467
|
-
|
468
|
-
|
469
|
-
if (
|
470
|
-
sigalgs = ssl->ctx->verify_sigalgs
|
471
|
-
|
467
|
+
bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out) {
|
468
|
+
bool use_default = ssl->ctx->num_verify_sigalgs == 0;
|
469
|
+
Span<const uint16_t> sigalgs = kVerifySignatureAlgorithms;
|
470
|
+
if (!use_default) {
|
471
|
+
sigalgs = MakeConstSpan(ssl->ctx->verify_sigalgs,
|
472
|
+
ssl->ctx->num_verify_sigalgs);
|
472
473
|
}
|
473
474
|
|
474
|
-
for (
|
475
|
-
if (
|
476
|
-
|
475
|
+
for (uint16_t sigalg : sigalgs) {
|
476
|
+
if (use_default &&
|
477
|
+
sigalg == SSL_SIGN_ED25519 &&
|
477
478
|
!ssl->ctx->ed25519_enabled) {
|
478
479
|
continue;
|
479
480
|
}
|
480
|
-
if (!CBB_add_u16(out,
|
481
|
-
return
|
481
|
+
if (!CBB_add_u16(out, sigalg)) {
|
482
|
+
return false;
|
482
483
|
}
|
483
484
|
}
|
484
485
|
|
485
|
-
return
|
486
|
+
return true;
|
486
487
|
}
|
487
488
|
|
488
|
-
|
489
|
+
bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
|
490
|
+
uint16_t sigalg) {
|
489
491
|
const uint16_t *sigalgs = kVerifySignatureAlgorithms;
|
490
492
|
size_t num_sigalgs = OPENSSL_ARRAY_SIZE(kVerifySignatureAlgorithms);
|
491
493
|
if (ssl->ctx->num_verify_sigalgs != 0) {
|
@@ -500,13 +502,13 @@ int tls12_check_peer_sigalg(SSL *ssl, uint8_t *out_alert, uint16_t sigalg) {
|
|
500
502
|
continue;
|
501
503
|
}
|
502
504
|
if (sigalg == sigalgs[i]) {
|
503
|
-
return
|
505
|
+
return true;
|
504
506
|
}
|
505
507
|
}
|
506
508
|
|
507
509
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
|
508
510
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
509
|
-
return
|
511
|
+
return false;
|
510
512
|
}
|
511
513
|
|
512
514
|
// tls_extension represents a TLS extension that is handled internally. The
|
@@ -1810,7 +1812,6 @@ static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1810
1812
|
// selected cipher in HelloRetryRequest does not match. This avoids performing
|
1811
1813
|
// the transcript hash transformation for multiple hashes.
|
1812
1814
|
if (hs->received_hello_retry_request &&
|
1813
|
-
ssl_is_draft21(ssl->version) &&
|
1814
1815
|
ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) {
|
1815
1816
|
return true;
|
1816
1817
|
}
|
@@ -2033,7 +2034,7 @@ static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2033
2034
|
return false;
|
2034
2035
|
}
|
2035
2036
|
|
2036
|
-
ssl->early_data_accepted = true;
|
2037
|
+
ssl->s3->early_data_accepted = true;
|
2037
2038
|
return true;
|
2038
2039
|
}
|
2039
2040
|
|
@@ -2055,7 +2056,7 @@ static bool ext_early_data_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
2055
2056
|
}
|
2056
2057
|
|
2057
2058
|
static bool ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
2058
|
-
if (!hs->ssl->early_data_accepted) {
|
2059
|
+
if (!hs->ssl->s3->early_data_accepted) {
|
2059
2060
|
return true;
|
2060
2061
|
}
|
2061
2062
|
|
@@ -2103,7 +2104,7 @@ static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2103
2104
|
// Add a fake group. See draft-davidben-tls-grease-01.
|
2104
2105
|
if (ssl->ctx->grease_enabled &&
|
2105
2106
|
(!CBB_add_u16(&kse_bytes,
|
2106
|
-
ssl_get_grease_value(
|
2107
|
+
ssl_get_grease_value(hs, ssl_grease_group)) ||
|
2107
2108
|
!CBB_add_u16(&kse_bytes, 1 /* length */) ||
|
2108
2109
|
!CBB_add_u8(&kse_bytes, 0 /* one byte key share */))) {
|
2109
2110
|
return false;
|
@@ -2273,7 +2274,7 @@ static bool ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out)
|
|
2273
2274
|
|
2274
2275
|
// Add a fake version. See draft-davidben-tls-grease-01.
|
2275
2276
|
if (ssl->ctx->grease_enabled &&
|
2276
|
-
!CBB_add_u16(&versions, ssl_get_grease_value(
|
2277
|
+
!CBB_add_u16(&versions, ssl_get_grease_value(hs, ssl_grease_version))) {
|
2277
2278
|
return false;
|
2278
2279
|
}
|
2279
2280
|
|
@@ -2310,6 +2311,79 @@ static bool ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2310
2311
|
}
|
2311
2312
|
|
2312
2313
|
|
2314
|
+
// Dummy PQ Padding extension
|
2315
|
+
//
|
2316
|
+
// Dummy post-quantum padding invovles the client (and later server) sending
|
2317
|
+
// useless, random-looking bytes in an extension in their ClientHello or
|
2318
|
+
// ServerHello. These extensions are sized to simulate a post-quantum
|
2319
|
+
// key-exchange and so enable measurement of the latency impact of the
|
2320
|
+
// additional bandwidth.
|
2321
|
+
|
2322
|
+
static bool ext_dummy_pq_padding_add(CBB *out, size_t len) {
|
2323
|
+
CBB contents;
|
2324
|
+
uint8_t *buffer;
|
2325
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_dummy_pq_padding) ||
|
2326
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
2327
|
+
!CBB_add_space(&contents, &buffer, len)) {
|
2328
|
+
return false;
|
2329
|
+
}
|
2330
|
+
|
2331
|
+
// The length is used as the nonce so that different length extensions have
|
2332
|
+
// different contents. There's no reason this has to be the case, it just
|
2333
|
+
// makes things a little more obvious in a packet dump.
|
2334
|
+
uint8_t nonce[12] = {0};
|
2335
|
+
memcpy(nonce, &len, sizeof(len));
|
2336
|
+
|
2337
|
+
memset(buffer, 0, len);
|
2338
|
+
static const uint8_t kZeroKey[32] = {0};
|
2339
|
+
CRYPTO_chacha_20(buffer, buffer, len, kZeroKey, nonce, 0);
|
2340
|
+
|
2341
|
+
return CBB_flush(out);
|
2342
|
+
}
|
2343
|
+
|
2344
|
+
static bool ext_dummy_pq_padding_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
2345
|
+
const size_t len = hs->ssl->dummy_pq_padding_len;
|
2346
|
+
if (len == 0) {
|
2347
|
+
return true;
|
2348
|
+
}
|
2349
|
+
|
2350
|
+
return ext_dummy_pq_padding_add(out, len);
|
2351
|
+
}
|
2352
|
+
|
2353
|
+
static bool ext_dummy_pq_padding_parse_serverhello(SSL_HANDSHAKE *hs,
|
2354
|
+
uint8_t *out_alert,
|
2355
|
+
CBS *contents) {
|
2356
|
+
if (contents == nullptr) {
|
2357
|
+
return true;
|
2358
|
+
}
|
2359
|
+
|
2360
|
+
if (CBS_len(contents) != hs->ssl->dummy_pq_padding_len) {
|
2361
|
+
return false;
|
2362
|
+
}
|
2363
|
+
|
2364
|
+
hs->ssl->did_dummy_pq_padding = true;
|
2365
|
+
return true;
|
2366
|
+
}
|
2367
|
+
|
2368
|
+
static bool ext_dummy_pq_padding_parse_clienthello(SSL_HANDSHAKE *hs,
|
2369
|
+
uint8_t *out_alert,
|
2370
|
+
CBS *contents) {
|
2371
|
+
if (contents != nullptr &&
|
2372
|
+
0 < CBS_len(contents) && CBS_len(contents) < (1 << 12)) {
|
2373
|
+
hs->dummy_pq_padding_len = CBS_len(contents);
|
2374
|
+
}
|
2375
|
+
|
2376
|
+
return true;
|
2377
|
+
}
|
2378
|
+
|
2379
|
+
static bool ext_dummy_pq_padding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
2380
|
+
if (!hs->dummy_pq_padding_len) {
|
2381
|
+
return true;
|
2382
|
+
}
|
2383
|
+
|
2384
|
+
return ext_dummy_pq_padding_add(out, hs->dummy_pq_padding_len);
|
2385
|
+
}
|
2386
|
+
|
2313
2387
|
// Negotiated Groups
|
2314
2388
|
//
|
2315
2389
|
// https://tools.ietf.org/html/rfc4492#section-5.1.2
|
@@ -2327,7 +2401,7 @@ static bool ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2327
2401
|
// Add a fake group. See draft-davidben-tls-grease-01.
|
2328
2402
|
if (ssl->ctx->grease_enabled &&
|
2329
2403
|
!CBB_add_u16(&groups_bytes,
|
2330
|
-
ssl_get_grease_value(
|
2404
|
+
ssl_get_grease_value(hs, ssl_grease_group))) {
|
2331
2405
|
return false;
|
2332
2406
|
}
|
2333
2407
|
|
@@ -2389,6 +2463,224 @@ static bool ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
2389
2463
|
return true;
|
2390
2464
|
}
|
2391
2465
|
|
2466
|
+
// Token Binding
|
2467
|
+
//
|
2468
|
+
// https://tools.ietf.org/html/draft-ietf-tokbind-negotiation-10
|
2469
|
+
|
2470
|
+
// The Token Binding version number currently matches the draft number of
|
2471
|
+
// draft-ietf-tokbind-protocol, and when published as an RFC it will be 0x0100.
|
2472
|
+
// Since there are no wire changes to the protocol from draft 13 through the
|
2473
|
+
// current draft (16), this implementation supports all versions in that range.
|
2474
|
+
static uint16_t kTokenBindingMaxVersion = 16;
|
2475
|
+
static uint16_t kTokenBindingMinVersion = 13;
|
2476
|
+
|
2477
|
+
static bool ext_token_binding_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
2478
|
+
SSL *const ssl = hs->ssl;
|
2479
|
+
if (ssl->token_binding_params == nullptr || SSL_is_dtls(ssl)) {
|
2480
|
+
return true;
|
2481
|
+
}
|
2482
|
+
|
2483
|
+
CBB contents, params;
|
2484
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_token_binding) ||
|
2485
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
2486
|
+
!CBB_add_u16(&contents, kTokenBindingMaxVersion) ||
|
2487
|
+
!CBB_add_u8_length_prefixed(&contents, ¶ms) ||
|
2488
|
+
!CBB_add_bytes(¶ms, ssl->token_binding_params,
|
2489
|
+
ssl->token_binding_params_len) ||
|
2490
|
+
!CBB_flush(out)) {
|
2491
|
+
return false;
|
2492
|
+
}
|
2493
|
+
|
2494
|
+
return true;
|
2495
|
+
}
|
2496
|
+
|
2497
|
+
static bool ext_token_binding_parse_serverhello(SSL_HANDSHAKE *hs,
|
2498
|
+
uint8_t *out_alert,
|
2499
|
+
CBS *contents) {
|
2500
|
+
SSL *const ssl = hs->ssl;
|
2501
|
+
if (contents == nullptr) {
|
2502
|
+
return true;
|
2503
|
+
}
|
2504
|
+
|
2505
|
+
CBS params_list;
|
2506
|
+
uint16_t version;
|
2507
|
+
uint8_t param;
|
2508
|
+
if (!CBS_get_u16(contents, &version) ||
|
2509
|
+
!CBS_get_u8_length_prefixed(contents, ¶ms_list) ||
|
2510
|
+
!CBS_get_u8(¶ms_list, ¶m) ||
|
2511
|
+
CBS_len(¶ms_list) > 0 ||
|
2512
|
+
CBS_len(contents) > 0) {
|
2513
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
2514
|
+
return false;
|
2515
|
+
}
|
2516
|
+
|
2517
|
+
// The server-negotiated version must be less than or equal to our version.
|
2518
|
+
if (version > kTokenBindingMaxVersion) {
|
2519
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
2520
|
+
return false;
|
2521
|
+
}
|
2522
|
+
|
2523
|
+
// If the server-selected version is less than what we support, then Token
|
2524
|
+
// Binding wasn't negotiated (but the extension was parsed successfully).
|
2525
|
+
if (version < kTokenBindingMinVersion) {
|
2526
|
+
return true;
|
2527
|
+
}
|
2528
|
+
|
2529
|
+
for (size_t i = 0; i < ssl->token_binding_params_len; ++i) {
|
2530
|
+
if (param == ssl->token_binding_params[i]) {
|
2531
|
+
ssl->negotiated_token_binding_param = param;
|
2532
|
+
ssl->token_binding_negotiated = true;
|
2533
|
+
return true;
|
2534
|
+
}
|
2535
|
+
}
|
2536
|
+
|
2537
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
2538
|
+
return false;
|
2539
|
+
}
|
2540
|
+
|
2541
|
+
// select_tb_param looks for the first token binding param in
|
2542
|
+
// |ssl->token_binding_params| that is also in |params| and puts it in
|
2543
|
+
// |ssl->negotiated_token_binding_param|. It returns true if a token binding
|
2544
|
+
// param is found, and false otherwise.
|
2545
|
+
static bool select_tb_param(SSL *ssl, Span<const uint8_t> peer_params) {
|
2546
|
+
for (size_t i = 0; i < ssl->token_binding_params_len; ++i) {
|
2547
|
+
uint8_t tb_param = ssl->token_binding_params[i];
|
2548
|
+
for (uint8_t peer_param : peer_params) {
|
2549
|
+
if (tb_param == peer_param) {
|
2550
|
+
ssl->negotiated_token_binding_param = tb_param;
|
2551
|
+
return true;
|
2552
|
+
}
|
2553
|
+
}
|
2554
|
+
}
|
2555
|
+
return false;
|
2556
|
+
}
|
2557
|
+
|
2558
|
+
static bool ext_token_binding_parse_clienthello(SSL_HANDSHAKE *hs,
|
2559
|
+
uint8_t *out_alert,
|
2560
|
+
CBS *contents) {
|
2561
|
+
SSL *const ssl = hs->ssl;
|
2562
|
+
if (contents == nullptr || ssl->token_binding_params == nullptr) {
|
2563
|
+
return true;
|
2564
|
+
}
|
2565
|
+
|
2566
|
+
CBS params;
|
2567
|
+
uint16_t version;
|
2568
|
+
if (!CBS_get_u16(contents, &version) ||
|
2569
|
+
!CBS_get_u8_length_prefixed(contents, ¶ms) ||
|
2570
|
+
CBS_len(¶ms) == 0 ||
|
2571
|
+
CBS_len(contents) > 0) {
|
2572
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
2573
|
+
return false;
|
2574
|
+
}
|
2575
|
+
|
2576
|
+
// If the client-selected version is less than what we support, then Token
|
2577
|
+
// Binding wasn't negotiated (but the extension was parsed successfully).
|
2578
|
+
if (version < kTokenBindingMinVersion) {
|
2579
|
+
return true;
|
2580
|
+
}
|
2581
|
+
|
2582
|
+
// If the client-selected version is higher than we support, use our max
|
2583
|
+
// version. Otherwise, use the client's version.
|
2584
|
+
hs->negotiated_token_binding_version =
|
2585
|
+
std::min(version, kTokenBindingMaxVersion);
|
2586
|
+
if (!select_tb_param(ssl, params)) {
|
2587
|
+
return true;
|
2588
|
+
}
|
2589
|
+
|
2590
|
+
ssl->token_binding_negotiated = true;
|
2591
|
+
return true;
|
2592
|
+
}
|
2593
|
+
|
2594
|
+
static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
2595
|
+
SSL *const ssl = hs->ssl;
|
2596
|
+
|
2597
|
+
if (!ssl->token_binding_negotiated) {
|
2598
|
+
return true;
|
2599
|
+
}
|
2600
|
+
|
2601
|
+
CBB contents, params;
|
2602
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_token_binding) ||
|
2603
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
2604
|
+
!CBB_add_u16(&contents, hs->negotiated_token_binding_version) ||
|
2605
|
+
!CBB_add_u8_length_prefixed(&contents, ¶ms) ||
|
2606
|
+
!CBB_add_u8(¶ms, ssl->negotiated_token_binding_param) ||
|
2607
|
+
!CBB_flush(out)) {
|
2608
|
+
return false;
|
2609
|
+
}
|
2610
|
+
|
2611
|
+
return true;
|
2612
|
+
}
|
2613
|
+
|
2614
|
+
// QUIC Transport Parameters
|
2615
|
+
|
2616
|
+
static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
|
2617
|
+
CBB *out) {
|
2618
|
+
SSL *const ssl = hs->ssl;
|
2619
|
+
if (!ssl->quic_transport_params || hs->max_version <= TLS1_2_VERSION) {
|
2620
|
+
return true;
|
2621
|
+
}
|
2622
|
+
|
2623
|
+
CBB contents;
|
2624
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_quic_transport_parameters) ||
|
2625
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
2626
|
+
!CBB_add_bytes(&contents, ssl->quic_transport_params,
|
2627
|
+
ssl->quic_transport_params_len) ||
|
2628
|
+
!CBB_flush(out)) {
|
2629
|
+
return false;
|
2630
|
+
}
|
2631
|
+
return true;
|
2632
|
+
}
|
2633
|
+
|
2634
|
+
static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs,
|
2635
|
+
uint8_t *out_alert,
|
2636
|
+
CBS *contents) {
|
2637
|
+
SSL *const ssl = hs->ssl;
|
2638
|
+
if (contents == nullptr) {
|
2639
|
+
return true;
|
2640
|
+
}
|
2641
|
+
// QUIC requires TLS 1.3.
|
2642
|
+
if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
2643
|
+
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
2644
|
+
return false;
|
2645
|
+
}
|
2646
|
+
|
2647
|
+
return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
|
2648
|
+
}
|
2649
|
+
|
2650
|
+
static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
|
2651
|
+
uint8_t *out_alert,
|
2652
|
+
CBS *contents) {
|
2653
|
+
SSL *const ssl = hs->ssl;
|
2654
|
+
if (!contents || !ssl->quic_transport_params) {
|
2655
|
+
return true;
|
2656
|
+
}
|
2657
|
+
// Ignore the extension before TLS 1.3.
|
2658
|
+
if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
2659
|
+
return true;
|
2660
|
+
}
|
2661
|
+
|
2662
|
+
return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
|
2663
|
+
}
|
2664
|
+
|
2665
|
+
static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
|
2666
|
+
CBB *out) {
|
2667
|
+
SSL *const ssl = hs->ssl;
|
2668
|
+
if (!ssl->quic_transport_params) {
|
2669
|
+
return true;
|
2670
|
+
}
|
2671
|
+
|
2672
|
+
CBB contents;
|
2673
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_quic_transport_parameters) ||
|
2674
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
2675
|
+
!CBB_add_bytes(&contents, ssl->quic_transport_params,
|
2676
|
+
ssl->quic_transport_params_len) ||
|
2677
|
+
!CBB_flush(out)) {
|
2678
|
+
return false;
|
2679
|
+
}
|
2680
|
+
|
2681
|
+
return true;
|
2682
|
+
}
|
2683
|
+
|
2392
2684
|
|
2393
2685
|
// kExtensions contains all the supported extensions.
|
2394
2686
|
static const struct tls_extension kExtensions[] = {
|
@@ -2530,6 +2822,22 @@ static const struct tls_extension kExtensions[] = {
|
|
2530
2822
|
ignore_parse_clienthello,
|
2531
2823
|
dont_add_serverhello,
|
2532
2824
|
},
|
2825
|
+
{
|
2826
|
+
TLSEXT_TYPE_dummy_pq_padding,
|
2827
|
+
NULL,
|
2828
|
+
ext_dummy_pq_padding_add_clienthello,
|
2829
|
+
ext_dummy_pq_padding_parse_serverhello,
|
2830
|
+
ext_dummy_pq_padding_parse_clienthello,
|
2831
|
+
ext_dummy_pq_padding_add_serverhello,
|
2832
|
+
},
|
2833
|
+
{
|
2834
|
+
TLSEXT_TYPE_quic_transport_parameters,
|
2835
|
+
NULL,
|
2836
|
+
ext_quic_transport_params_add_clienthello,
|
2837
|
+
ext_quic_transport_params_parse_serverhello,
|
2838
|
+
ext_quic_transport_params_parse_clienthello,
|
2839
|
+
ext_quic_transport_params_add_serverhello,
|
2840
|
+
},
|
2533
2841
|
// The final extension must be non-empty. WebSphere Application Server 7.0 is
|
2534
2842
|
// intolerant to the last extension being zero-length. See
|
2535
2843
|
// https://crbug.com/363583.
|
@@ -2541,6 +2849,14 @@ static const struct tls_extension kExtensions[] = {
|
|
2541
2849
|
ext_supported_groups_parse_clienthello,
|
2542
2850
|
dont_add_serverhello,
|
2543
2851
|
},
|
2852
|
+
{
|
2853
|
+
TLSEXT_TYPE_token_binding,
|
2854
|
+
NULL,
|
2855
|
+
ext_token_binding_add_clienthello,
|
2856
|
+
ext_token_binding_parse_serverhello,
|
2857
|
+
ext_token_binding_parse_clienthello,
|
2858
|
+
ext_token_binding_add_serverhello,
|
2859
|
+
},
|
2544
2860
|
};
|
2545
2861
|
|
2546
2862
|
#define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
|
@@ -2591,7 +2907,7 @@ int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len) {
|
|
2591
2907
|
uint16_t grease_ext1 = 0;
|
2592
2908
|
if (ssl->ctx->grease_enabled) {
|
2593
2909
|
// Add a fake empty extension. See draft-davidben-tls-grease-01.
|
2594
|
-
grease_ext1 = ssl_get_grease_value(
|
2910
|
+
grease_ext1 = ssl_get_grease_value(hs, ssl_grease_extension1);
|
2595
2911
|
if (!CBB_add_u16(&extensions, grease_ext1) ||
|
2596
2912
|
!CBB_add_u16(&extensions, 0 /* zero length */)) {
|
2597
2913
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
@@ -2619,7 +2935,7 @@ int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len) {
|
|
2619
2935
|
|
2620
2936
|
if (ssl->ctx->grease_enabled) {
|
2621
2937
|
// Add a fake non-empty extension. See draft-davidben-tls-grease-01.
|
2622
|
-
uint16_t grease_ext2 = ssl_get_grease_value(
|
2938
|
+
uint16_t grease_ext2 = ssl_get_grease_value(hs, ssl_grease_extension2);
|
2623
2939
|
|
2624
2940
|
// The two fake extensions must not have the same value. GREASE values are
|
2625
2941
|
// of the form 0x1a1a, 0x2a2a, 0x3a3a, etc., so XOR to generate a different
|
@@ -2903,6 +3219,15 @@ static int ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs,
|
|
2903
3219
|
|
2904
3220
|
static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
|
2905
3221
|
SSL *const ssl = hs->ssl;
|
3222
|
+
|
3223
|
+
if (ssl->token_binding_negotiated &&
|
3224
|
+
!(SSL_get_secure_renegotiation_support(ssl) &&
|
3225
|
+
SSL_get_extms_support(ssl))) {
|
3226
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI);
|
3227
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
|
3228
|
+
return -1;
|
3229
|
+
}
|
3230
|
+
|
2906
3231
|
int ret = SSL_TLSEXT_ERR_NOACK;
|
2907
3232
|
int al = SSL_AD_UNRECOGNIZED_NAME;
|
2908
3233
|
|
@@ -3138,29 +3463,29 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
|
|
3138
3463
|
return ssl_ticket_aead_success;
|
3139
3464
|
}
|
3140
3465
|
|
3141
|
-
|
3466
|
+
bool tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
|
3142
3467
|
// Extension ignored for inappropriate versions
|
3143
3468
|
if (ssl_protocol_version(hs->ssl) < TLS1_2_VERSION) {
|
3144
|
-
return
|
3469
|
+
return true;
|
3145
3470
|
}
|
3146
3471
|
|
3147
3472
|
return parse_u16_array(in_sigalgs, &hs->peer_sigalgs);
|
3148
3473
|
}
|
3149
3474
|
|
3150
|
-
|
3475
|
+
bool tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey) {
|
3151
3476
|
switch (EVP_PKEY_id(pkey)) {
|
3152
3477
|
case EVP_PKEY_RSA:
|
3153
3478
|
*out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
|
3154
|
-
return
|
3479
|
+
return true;
|
3155
3480
|
case EVP_PKEY_EC:
|
3156
3481
|
*out = SSL_SIGN_ECDSA_SHA1;
|
3157
|
-
return
|
3482
|
+
return true;
|
3158
3483
|
default:
|
3159
|
-
return
|
3484
|
+
return false;
|
3160
3485
|
}
|
3161
3486
|
}
|
3162
3487
|
|
3163
|
-
|
3488
|
+
bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
|
3164
3489
|
SSL *const ssl = hs->ssl;
|
3165
3490
|
CERT *cert = ssl->cert;
|
3166
3491
|
|
@@ -3169,9 +3494,9 @@ int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
|
|
3169
3494
|
if (ssl_protocol_version(ssl) < TLS1_2_VERSION) {
|
3170
3495
|
if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey.get())) {
|
3171
3496
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
|
3172
|
-
return
|
3497
|
+
return false;
|
3173
3498
|
}
|
3174
|
-
return
|
3499
|
+
return true;
|
3175
3500
|
}
|
3176
3501
|
|
3177
3502
|
Span<const uint16_t> sigalgs = kSignSignatureAlgorithms;
|
@@ -3200,13 +3525,13 @@ int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
|
|
3200
3525
|
for (uint16_t peer_sigalg : peer_sigalgs) {
|
3201
3526
|
if (sigalg == peer_sigalg) {
|
3202
3527
|
*out = sigalg;
|
3203
|
-
return
|
3528
|
+
return true;
|
3204
3529
|
}
|
3205
3530
|
}
|
3206
3531
|
}
|
3207
3532
|
|
3208
3533
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
|
3209
|
-
return
|
3534
|
+
return false;
|
3210
3535
|
}
|
3211
3536
|
|
3212
3537
|
int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
|
@@ -3264,6 +3589,7 @@ int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
|
|
3264
3589
|
int sig_ok = ECDSA_do_verify(digest, digest_len, sig.get(), key.get());
|
3265
3590
|
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
3266
3591
|
sig_ok = 1;
|
3592
|
+
ERR_clear_error();
|
3267
3593
|
#endif
|
3268
3594
|
if (!sig_ok) {
|
3269
3595
|
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
|