grpc 1.24.0 → 1.25.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (505) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +306 -243
  3. data/etc/roots.pem +0 -100
  4. data/include/grpc/grpc_security.h +44 -18
  5. data/include/grpc/impl/codegen/grpc_types.h +15 -0
  6. data/include/grpc/impl/codegen/port_platform.h +27 -11
  7. data/include/grpc/impl/codegen/sync_generic.h +1 -1
  8. data/src/boringssl/err_data.c +695 -650
  9. data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
  10. data/src/core/ext/filters/client_channel/client_channel.h +24 -0
  11. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
  12. data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
  13. data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
  14. data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
  15. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
  16. data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
  17. data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
  18. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
  19. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
  20. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
  21. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
  22. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
  24. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
  25. data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
  26. data/src/core/ext/filters/client_channel/resolver.cc +1 -2
  27. data/src/core/ext/filters/client_channel/resolver.h +8 -16
  28. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
  29. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
  30. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
  31. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
  32. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
  33. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
  34. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
  35. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
  36. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
  37. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
  38. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
  39. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
  40. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
  41. data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
  42. data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
  43. data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
  44. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
  45. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
  46. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
  47. data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
  48. data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
  49. data/src/core/ext/filters/client_channel/service_config.h +8 -8
  50. data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
  51. data/src/core/ext/filters/client_channel/subchannel.h +7 -9
  52. data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
  53. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
  54. data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
  55. data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
  56. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
  57. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
  58. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
  59. data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
  60. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
  61. data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
  62. data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
  63. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
  64. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
  65. data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
  66. data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
  67. data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
  68. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
  69. data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
  70. data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
  71. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
  72. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
  73. data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
  74. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
  75. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
  76. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
  77. data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
  78. data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
  79. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
  80. data/src/core/lib/channel/channel_args.cc +16 -0
  81. data/src/core/lib/channel/channel_args.h +22 -0
  82. data/src/core/lib/channel/channelz.cc +5 -6
  83. data/src/core/lib/channel/channelz.h +1 -1
  84. data/src/core/lib/channel/connected_channel.cc +20 -20
  85. data/src/core/lib/channel/handshaker.h +3 -4
  86. data/src/core/lib/channel/handshaker_factory.h +1 -3
  87. data/src/core/lib/debug/trace.h +3 -2
  88. data/src/core/lib/gprpp/arena.cc +3 -3
  89. data/src/core/lib/gprpp/arena.h +2 -3
  90. data/src/core/lib/gprpp/inlined_vector.h +9 -0
  91. data/src/core/lib/gprpp/map.h +3 -501
  92. data/src/core/lib/gprpp/memory.h +45 -41
  93. data/src/core/lib/gprpp/mpscq.cc +108 -0
  94. data/src/core/lib/gprpp/mpscq.h +98 -0
  95. data/src/core/lib/gprpp/orphanable.h +6 -11
  96. data/src/core/lib/gprpp/ref_counted.h +25 -19
  97. data/src/core/lib/gprpp/set.h +33 -0
  98. data/src/core/lib/gprpp/thd.h +2 -4
  99. data/src/core/lib/http/httpcli.cc +1 -1
  100. data/src/core/lib/http/httpcli_security_connector.cc +15 -11
  101. data/src/core/lib/http/parser.cc +1 -1
  102. data/src/core/lib/iomgr/buffer_list.cc +4 -5
  103. data/src/core/lib/iomgr/buffer_list.h +5 -6
  104. data/src/core/lib/iomgr/call_combiner.cc +4 -5
  105. data/src/core/lib/iomgr/call_combiner.h +2 -2
  106. data/src/core/lib/iomgr/cfstream_handle.h +3 -5
  107. data/src/core/lib/iomgr/closure.h +8 -3
  108. data/src/core/lib/iomgr/combiner.cc +45 -82
  109. data/src/core/lib/iomgr/combiner.h +32 -8
  110. data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
  111. data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
  112. data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
  113. data/src/core/lib/iomgr/exec_ctx.h +4 -3
  114. data/src/core/lib/iomgr/executor.cc +4 -2
  115. data/src/core/lib/iomgr/executor.h +3 -0
  116. data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
  117. data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
  118. data/src/core/lib/iomgr/executor/threadpool.h +7 -11
  119. data/src/core/lib/iomgr/resource_quota.cc +55 -51
  120. data/src/core/lib/iomgr/resource_quota.h +13 -9
  121. data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
  122. data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
  123. data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
  124. data/src/core/lib/iomgr/tcp_custom.cc +9 -7
  125. data/src/core/lib/iomgr/tcp_posix.cc +20 -16
  126. data/src/core/lib/iomgr/tcp_server.h +1 -4
  127. data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
  128. data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
  129. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
  130. data/src/core/lib/iomgr/timer_custom.cc +2 -2
  131. data/src/core/lib/iomgr/udp_server.cc +3 -2
  132. data/src/core/lib/iomgr/udp_server.h +6 -12
  133. data/src/core/lib/json/json.h +1 -1
  134. data/src/core/lib/json/json_string.cc +2 -2
  135. data/src/core/lib/profiling/basic_timers.cc +2 -2
  136. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
  137. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
  138. data/src/core/lib/security/credentials/credentials.h +4 -20
  139. data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
  140. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
  141. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
  142. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
  143. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
  144. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
  145. data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
  146. data/src/core/lib/security/security_connector/security_connector.cc +1 -0
  147. data/src/core/lib/security/security_connector/security_connector.h +19 -17
  148. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
  149. data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
  150. data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
  151. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
  152. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
  153. data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
  154. data/src/core/lib/security/transport/security_handshaker.cc +29 -13
  155. data/src/core/lib/security/transport/security_handshaker.h +4 -2
  156. data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
  157. data/src/core/lib/slice/slice.cc +2 -10
  158. data/src/core/lib/slice/slice_hash_table.h +4 -6
  159. data/src/core/lib/slice/slice_intern.cc +42 -39
  160. data/src/core/lib/slice/slice_internal.h +3 -3
  161. data/src/core/lib/slice/slice_utils.h +21 -4
  162. data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
  163. data/src/core/lib/surface/call.cc +3 -3
  164. data/src/core/lib/surface/channel.cc +7 -0
  165. data/src/core/lib/surface/completion_queue.cc +12 -11
  166. data/src/core/lib/surface/completion_queue.h +4 -2
  167. data/src/core/lib/surface/init.cc +1 -0
  168. data/src/core/lib/surface/lame_client.cc +33 -18
  169. data/src/core/lib/surface/server.cc +77 -76
  170. data/src/core/lib/surface/version.cc +1 -1
  171. data/src/core/lib/transport/byte_stream.h +3 -7
  172. data/src/core/lib/transport/connectivity_state.cc +112 -98
  173. data/src/core/lib/transport/connectivity_state.h +100 -50
  174. data/src/core/lib/transport/static_metadata.cc +276 -288
  175. data/src/core/lib/transport/static_metadata.h +73 -76
  176. data/src/core/lib/transport/status_conversion.cc +1 -1
  177. data/src/core/lib/transport/status_metadata.cc +1 -1
  178. data/src/core/lib/transport/transport.cc +2 -2
  179. data/src/core/lib/transport/transport.h +12 -4
  180. data/src/core/lib/transport/transport_op_string.cc +14 -11
  181. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
  182. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
  183. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
  184. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
  185. data/src/core/tsi/fake_transport_security.cc +7 -5
  186. data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
  187. data/src/core/tsi/local_transport_security.cc +8 -6
  188. data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
  189. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
  190. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
  191. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
  192. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
  193. data/src/core/tsi/ssl_transport_security.cc +12 -12
  194. data/src/core/tsi/ssl_transport_security.h +2 -2
  195. data/src/core/tsi/transport_security_grpc.cc +7 -0
  196. data/src/core/tsi/transport_security_grpc.h +6 -0
  197. data/src/ruby/ext/grpc/extconf.rb +1 -0
  198. data/src/ruby/ext/grpc/rb_call.c +1 -1
  199. data/src/ruby/ext/grpc/rb_channel.c +1 -1
  200. data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
  201. data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
  202. data/src/ruby/lib/grpc/version.rb +1 -1
  203. data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
  204. data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
  205. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
  206. data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
  207. data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
  208. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
  209. data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
  210. data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
  211. data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
  212. data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
  213. data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
  214. data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
  215. data/third_party/boringssl/crypto/base64/base64.c +2 -2
  216. data/third_party/boringssl/crypto/bio/bio.c +73 -9
  217. data/third_party/boringssl/crypto/bio/connect.c +4 -0
  218. data/third_party/boringssl/crypto/bio/fd.c +4 -0
  219. data/third_party/boringssl/crypto/bio/file.c +5 -2
  220. data/third_party/boringssl/crypto/bio/socket.c +4 -0
  221. data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
  222. data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
  223. data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
  224. data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
  225. data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
  226. data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
  227. data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
  228. data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
  229. data/third_party/boringssl/crypto/chacha/internal.h +45 -0
  230. data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
  231. data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
  232. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
  233. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
  234. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
  235. data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
  236. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
  237. data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
  238. data/third_party/boringssl/crypto/conf/conf.c +7 -0
  239. data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
  240. data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
  241. data/third_party/boringssl/crypto/cpu-intel.c +45 -51
  242. data/third_party/boringssl/crypto/crypto.c +39 -22
  243. data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
  244. data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
  245. data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
  246. data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
  247. data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
  248. data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
  249. data/third_party/boringssl/crypto/engine/engine.c +2 -1
  250. data/third_party/boringssl/crypto/err/err.c +2 -0
  251. data/third_party/boringssl/crypto/err/internal.h +2 -2
  252. data/third_party/boringssl/crypto/evp/evp.c +89 -8
  253. data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
  254. data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
  255. data/third_party/boringssl/crypto/evp/internal.h +18 -1
  256. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
  257. data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
  258. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
  259. data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
  260. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
  261. data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
  262. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
  263. data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
  264. data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
  265. data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
  266. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
  267. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
  268. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
  269. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
  270. data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
  271. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
  272. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
  273. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
  274. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
  275. data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
  276. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
  277. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
  278. data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
  279. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
  280. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
  281. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
  282. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
  283. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
  284. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
  285. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
  286. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
  287. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
  288. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
  289. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
  290. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
  291. data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
  292. data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
  293. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
  294. data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
  295. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
  296. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
  297. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
  298. data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
  299. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
  300. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
  301. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
  302. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
  303. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
  304. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
  305. data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
  306. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
  307. data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
  308. data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
  309. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
  310. data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
  311. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
  312. data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
  313. data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
  314. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
  315. data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
  316. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
  317. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
  318. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
  319. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
  320. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
  321. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
  322. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
  323. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
  324. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
  325. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
  326. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
  327. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
  328. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
  329. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
  330. data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
  331. data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
  332. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
  333. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
  334. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
  335. data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
  336. data/third_party/boringssl/crypto/hrss/internal.h +62 -0
  337. data/third_party/boringssl/crypto/internal.h +95 -20
  338. data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
  339. data/third_party/boringssl/crypto/mem.c +39 -2
  340. data/third_party/boringssl/crypto/obj/obj.c +4 -4
  341. data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
  342. data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
  343. data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
  344. data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
  345. data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
  346. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
  347. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
  348. data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
  349. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
  350. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
  351. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
  352. data/third_party/boringssl/crypto/pool/internal.h +1 -1
  353. data/third_party/boringssl/crypto/pool/pool.c +21 -0
  354. data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
  355. data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
  356. data/third_party/boringssl/crypto/refcount_lock.c +2 -2
  357. data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
  358. data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
  359. data/third_party/boringssl/crypto/stack/stack.c +83 -32
  360. data/third_party/boringssl/crypto/thread_none.c +2 -2
  361. data/third_party/boringssl/crypto/thread_pthread.c +2 -2
  362. data/third_party/boringssl/crypto/thread_win.c +38 -19
  363. data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
  364. data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
  365. data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
  366. data/third_party/boringssl/crypto/x509/by_file.c +12 -10
  367. data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
  368. data/third_party/boringssl/crypto/x509/t_req.c +1 -3
  369. data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
  370. data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
  371. data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
  372. data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
  373. data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
  374. data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
  375. data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
  376. data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
  377. data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
  378. data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
  379. data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
  380. data/third_party/boringssl/crypto/x509/x509name.c +2 -3
  381. data/third_party/boringssl/crypto/x509/x_all.c +109 -210
  382. data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
  383. data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
  384. data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
  385. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
  386. data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
  387. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
  388. data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
  389. data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
  390. data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
  391. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
  392. data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
  393. data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
  394. data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
  395. data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
  396. data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
  397. data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
  398. data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
  399. data/third_party/boringssl/include/openssl/aead.h +45 -19
  400. data/third_party/boringssl/include/openssl/aes.h +32 -7
  401. data/third_party/boringssl/include/openssl/asn1.h +7 -77
  402. data/third_party/boringssl/include/openssl/base.h +120 -6
  403. data/third_party/boringssl/include/openssl/base64.h +4 -1
  404. data/third_party/boringssl/include/openssl/bio.h +112 -81
  405. data/third_party/boringssl/include/openssl/blowfish.h +3 -3
  406. data/third_party/boringssl/include/openssl/bn.h +55 -29
  407. data/third_party/boringssl/include/openssl/buf.h +2 -2
  408. data/third_party/boringssl/include/openssl/bytestring.h +54 -32
  409. data/third_party/boringssl/include/openssl/cast.h +2 -2
  410. data/third_party/boringssl/include/openssl/cipher.h +46 -16
  411. data/third_party/boringssl/include/openssl/cmac.h +6 -2
  412. data/third_party/boringssl/include/openssl/conf.h +3 -6
  413. data/third_party/boringssl/include/openssl/cpu.h +25 -9
  414. data/third_party/boringssl/include/openssl/crypto.h +32 -10
  415. data/third_party/boringssl/include/openssl/curve25519.h +4 -4
  416. data/third_party/boringssl/include/openssl/dh.h +3 -2
  417. data/third_party/boringssl/include/openssl/digest.h +21 -7
  418. data/third_party/boringssl/include/openssl/dsa.h +8 -2
  419. data/third_party/boringssl/include/openssl/e_os2.h +18 -0
  420. data/third_party/boringssl/include/openssl/ec.h +25 -21
  421. data/third_party/boringssl/include/openssl/ec_key.h +36 -8
  422. data/third_party/boringssl/include/openssl/ecdh.h +17 -0
  423. data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
  424. data/third_party/boringssl/include/openssl/engine.h +4 -4
  425. data/third_party/boringssl/include/openssl/err.h +3 -0
  426. data/third_party/boringssl/include/openssl/evp.h +199 -42
  427. data/third_party/boringssl/include/openssl/hmac.h +4 -4
  428. data/third_party/boringssl/include/openssl/hrss.h +100 -0
  429. data/third_party/boringssl/include/openssl/lhash.h +131 -23
  430. data/third_party/boringssl/include/openssl/md4.h +6 -4
  431. data/third_party/boringssl/include/openssl/md5.h +6 -4
  432. data/third_party/boringssl/include/openssl/mem.h +6 -2
  433. data/third_party/boringssl/include/openssl/nid.h +3 -0
  434. data/third_party/boringssl/include/openssl/obj.h +3 -0
  435. data/third_party/boringssl/include/openssl/pem.h +102 -64
  436. data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
  437. data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
  438. data/third_party/boringssl/include/openssl/pool.h +13 -2
  439. data/third_party/boringssl/include/openssl/ripemd.h +5 -4
  440. data/third_party/boringssl/include/openssl/rsa.h +46 -15
  441. data/third_party/boringssl/include/openssl/sha.h +40 -28
  442. data/third_party/boringssl/include/openssl/siphash.h +37 -0
  443. data/third_party/boringssl/include/openssl/span.h +17 -9
  444. data/third_party/boringssl/include/openssl/ssl.h +766 -393
  445. data/third_party/boringssl/include/openssl/ssl3.h +4 -3
  446. data/third_party/boringssl/include/openssl/stack.h +134 -77
  447. data/third_party/boringssl/include/openssl/thread.h +1 -1
  448. data/third_party/boringssl/include/openssl/tls1.h +25 -9
  449. data/third_party/boringssl/include/openssl/type_check.h +14 -15
  450. data/third_party/boringssl/include/openssl/x509.h +28 -3
  451. data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
  452. data/third_party/boringssl/include/openssl/x509v3.h +17 -13
  453. data/third_party/boringssl/ssl/d1_both.cc +9 -18
  454. data/third_party/boringssl/ssl/d1_lib.cc +4 -3
  455. data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
  456. data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
  457. data/third_party/boringssl/ssl/dtls_method.cc +0 -1
  458. data/third_party/boringssl/ssl/dtls_record.cc +28 -28
  459. data/third_party/boringssl/ssl/handoff.cc +295 -91
  460. data/third_party/boringssl/ssl/handshake.cc +133 -72
  461. data/third_party/boringssl/ssl/handshake_client.cc +218 -189
  462. data/third_party/boringssl/ssl/handshake_server.cc +399 -272
  463. data/third_party/boringssl/ssl/internal.h +1413 -928
  464. data/third_party/boringssl/ssl/s3_both.cc +175 -36
  465. data/third_party/boringssl/ssl/s3_lib.cc +9 -13
  466. data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
  467. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
  468. data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
  469. data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
  470. data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
  471. data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
  472. data/third_party/boringssl/ssl/ssl_file.cc +2 -0
  473. data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
  474. data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
  475. data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
  476. data/third_party/boringssl/ssl/ssl_session.cc +230 -178
  477. data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
  478. data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
  479. data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
  480. data/third_party/boringssl/ssl/t1_enc.cc +5 -96
  481. data/third_party/boringssl/ssl/t1_lib.cc +931 -678
  482. data/third_party/boringssl/ssl/tls13_both.cc +251 -121
  483. data/third_party/boringssl/ssl/tls13_client.cc +129 -73
  484. data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
  485. data/third_party/boringssl/ssl/tls13_server.cc +259 -192
  486. data/third_party/boringssl/ssl/tls_method.cc +26 -21
  487. data/third_party/boringssl/ssl/tls_record.cc +42 -47
  488. data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
  489. data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
  490. data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
  491. data/third_party/boringssl/third_party/fiat/p256.c +238 -999
  492. data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
  493. data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
  494. data/third_party/upb/upb/port_def.inc +1 -1
  495. data/third_party/upb/upb/table.c +2 -1
  496. metadata +72 -44
  497. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
  498. data/src/core/lib/gpr/mpscq.cc +0 -117
  499. data/src/core/lib/gpr/mpscq.h +0 -88
  500. data/src/core/lib/gprpp/abstract.h +0 -47
  501. data/src/core/lib/gprpp/pair.h +0 -38
  502. data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
  503. data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
  504. data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
  505. data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
@@ -165,6 +165,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) {
165
165
  }
166
166
 
167
167
  // Check for duplicates.
168
+ sk_X509_NAME_sort(sk);
168
169
  if (sk_X509_NAME_find(sk, NULL, xn)) {
169
170
  continue;
170
171
  }
@@ -223,6 +224,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
223
224
  }
224
225
 
225
226
  // Check for duplicates.
227
+ sk_X509_NAME_sort(stack);
226
228
  if (sk_X509_NAME_find(stack, NULL, xn)) {
227
229
  continue;
228
230
  }
@@ -24,21 +24,21 @@
24
24
  #include <openssl/curve25519.h>
25
25
  #include <openssl/ec.h>
26
26
  #include <openssl/err.h>
27
+ #include <openssl/hrss.h>
27
28
  #include <openssl/mem.h>
28
29
  #include <openssl/nid.h>
30
+ #include <openssl/rand.h>
29
31
 
30
32
  #include "internal.h"
31
33
  #include "../crypto/internal.h"
32
34
 
33
-
34
- namespace bssl {
35
+ BSSL_NAMESPACE_BEGIN
35
36
 
36
37
  namespace {
37
38
 
38
39
  class ECKeyShare : public SSLKeyShare {
39
40
  public:
40
41
  ECKeyShare(int nid, uint16_t group_id) : nid_(nid), group_id_(group_id) {}
41
- ~ECKeyShare() override {}
42
42
 
43
43
  uint16_t GroupID() const override { return group_id_; }
44
44
 
@@ -124,6 +124,32 @@ class ECKeyShare : public SSLKeyShare {
124
124
  return true;
125
125
  }
126
126
 
127
+ bool Serialize(CBB *out) override {
128
+ assert(private_key_);
129
+ CBB cbb;
130
+ UniquePtr<EC_GROUP> group(EC_GROUP_new_by_curve_name(nid_));
131
+ // Padding is added to avoid leaking the length.
132
+ size_t len = BN_num_bytes(EC_GROUP_get0_order(group.get()));
133
+ if (!CBB_add_asn1_uint64(out, group_id_) ||
134
+ !CBB_add_asn1(out, &cbb, CBS_ASN1_OCTETSTRING) ||
135
+ !BN_bn2cbb_padded(&cbb, len, private_key_.get()) ||
136
+ !CBB_flush(out)) {
137
+ return false;
138
+ }
139
+ return true;
140
+ }
141
+
142
+ bool Deserialize(CBS *in) override {
143
+ assert(!private_key_);
144
+ CBS private_key;
145
+ if (!CBS_get_asn1(in, &private_key, CBS_ASN1_OCTETSTRING)) {
146
+ return false;
147
+ }
148
+ private_key_.reset(BN_bin2bn(CBS_data(&private_key),
149
+ CBS_len(&private_key), nullptr));
150
+ return private_key_ != nullptr;
151
+ }
152
+
127
153
  private:
128
154
  UniquePtr<BIGNUM> private_key_;
129
155
  int nid_;
@@ -133,9 +159,6 @@ class ECKeyShare : public SSLKeyShare {
133
159
  class X25519KeyShare : public SSLKeyShare {
134
160
  public:
135
161
  X25519KeyShare() {}
136
- ~X25519KeyShare() override {
137
- OPENSSL_cleanse(private_key_, sizeof(private_key_));
138
- }
139
162
 
140
163
  uint16_t GroupID() const override { return SSL_CURVE_X25519; }
141
164
 
@@ -166,24 +189,131 @@ class X25519KeyShare : public SSLKeyShare {
166
189
  return true;
167
190
  }
168
191
 
192
+ bool Serialize(CBB *out) override {
193
+ return (CBB_add_asn1_uint64(out, GroupID()) &&
194
+ CBB_add_asn1_octet_string(out, private_key_, sizeof(private_key_)));
195
+ }
196
+
197
+ bool Deserialize(CBS *in) override {
198
+ CBS key;
199
+ if (!CBS_get_asn1(in, &key, CBS_ASN1_OCTETSTRING) ||
200
+ CBS_len(&key) != sizeof(private_key_) ||
201
+ !CBS_copy_bytes(&key, private_key_, sizeof(private_key_))) {
202
+ return false;
203
+ }
204
+ return true;
205
+ }
206
+
169
207
  private:
170
208
  uint8_t private_key_[32];
171
209
  };
172
210
 
173
- CONSTEXPR_ARRAY struct {
174
- int nid;
175
- uint16_t group_id;
176
- const char name[8], alias[11];
177
- } kNamedGroups[] = {
211
+ class CECPQ2KeyShare : public SSLKeyShare {
212
+ public:
213
+ CECPQ2KeyShare() {}
214
+
215
+ uint16_t GroupID() const override { return SSL_CURVE_CECPQ2; }
216
+
217
+ bool Offer(CBB *out) override {
218
+ uint8_t x25519_public_key[32];
219
+ X25519_keypair(x25519_public_key, x25519_private_key_);
220
+
221
+ uint8_t hrss_entropy[HRSS_GENERATE_KEY_BYTES];
222
+ HRSS_public_key hrss_public_key;
223
+ RAND_bytes(hrss_entropy, sizeof(hrss_entropy));
224
+ HRSS_generate_key(&hrss_public_key, &hrss_private_key_, hrss_entropy);
225
+
226
+ uint8_t hrss_public_key_bytes[HRSS_PUBLIC_KEY_BYTES];
227
+ HRSS_marshal_public_key(hrss_public_key_bytes, &hrss_public_key);
228
+
229
+ if (!CBB_add_bytes(out, x25519_public_key, sizeof(x25519_public_key)) ||
230
+ !CBB_add_bytes(out, hrss_public_key_bytes,
231
+ sizeof(hrss_public_key_bytes))) {
232
+ return false;
233
+ }
234
+
235
+ return true;
236
+ }
237
+
238
+ bool Accept(CBB *out_public_key, Array<uint8_t> *out_secret,
239
+ uint8_t *out_alert, Span<const uint8_t> peer_key) override {
240
+ Array<uint8_t> secret;
241
+ if (!secret.Init(32 + HRSS_KEY_BYTES)) {
242
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
243
+ return false;
244
+ }
245
+
246
+ uint8_t x25519_public_key[32];
247
+ X25519_keypair(x25519_public_key, x25519_private_key_);
248
+
249
+ HRSS_public_key peer_public_key;
250
+ if (peer_key.size() != 32 + HRSS_PUBLIC_KEY_BYTES ||
251
+ !HRSS_parse_public_key(&peer_public_key, peer_key.data() + 32) ||
252
+ !X25519(secret.data(), x25519_private_key_, peer_key.data())) {
253
+ *out_alert = SSL_AD_DECODE_ERROR;
254
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);
255
+ return false;
256
+ }
257
+
258
+ uint8_t ciphertext[HRSS_CIPHERTEXT_BYTES];
259
+ uint8_t entropy[HRSS_ENCAP_BYTES];
260
+ RAND_bytes(entropy, sizeof(entropy));
261
+ HRSS_encap(ciphertext, secret.data() + 32, &peer_public_key, entropy);
262
+
263
+ if (!CBB_add_bytes(out_public_key, x25519_public_key,
264
+ sizeof(x25519_public_key)) ||
265
+ !CBB_add_bytes(out_public_key, ciphertext, sizeof(ciphertext))) {
266
+ return false;
267
+ }
268
+
269
+ *out_secret = std::move(secret);
270
+ return true;
271
+ }
272
+
273
+ bool Finish(Array<uint8_t> *out_secret, uint8_t *out_alert,
274
+ Span<const uint8_t> peer_key) override {
275
+ *out_alert = SSL_AD_INTERNAL_ERROR;
276
+
277
+ Array<uint8_t> secret;
278
+ if (!secret.Init(32 + HRSS_KEY_BYTES)) {
279
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
280
+ return false;
281
+ }
282
+
283
+ if (peer_key.size() != 32 + HRSS_CIPHERTEXT_BYTES ||
284
+ !X25519(secret.data(), x25519_private_key_, peer_key.data())) {
285
+ *out_alert = SSL_AD_DECODE_ERROR;
286
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);
287
+ return false;
288
+ }
289
+
290
+ HRSS_decap(secret.data() + 32, &hrss_private_key_, peer_key.data() + 32,
291
+ peer_key.size() - 32);
292
+
293
+ *out_secret = std::move(secret);
294
+ return true;
295
+ }
296
+
297
+ private:
298
+ uint8_t x25519_private_key_[32];
299
+ HRSS_private_key hrss_private_key_;
300
+ };
301
+
302
+ CONSTEXPR_ARRAY NamedGroup kNamedGroups[] = {
178
303
  {NID_secp224r1, SSL_CURVE_SECP224R1, "P-224", "secp224r1"},
179
304
  {NID_X9_62_prime256v1, SSL_CURVE_SECP256R1, "P-256", "prime256v1"},
180
305
  {NID_secp384r1, SSL_CURVE_SECP384R1, "P-384", "secp384r1"},
181
306
  {NID_secp521r1, SSL_CURVE_SECP521R1, "P-521", "secp521r1"},
182
307
  {NID_X25519, SSL_CURVE_X25519, "X25519", "x25519"},
308
+ {NID_CECPQ2, SSL_CURVE_CECPQ2, "CECPQ2", "CECPQ2"},
183
309
  };
184
310
 
185
311
  } // namespace
186
312
 
313
+ Span<const NamedGroup> NamedGroups() {
314
+ return MakeConstSpan(kNamedGroups, OPENSSL_ARRAY_SIZE(kNamedGroups));
315
+ }
316
+
187
317
  UniquePtr<SSLKeyShare> SSLKeyShare::Create(uint16_t group_id) {
188
318
  switch (group_id) {
189
319
  case SSL_CURVE_SECP224R1:
@@ -200,11 +330,26 @@ UniquePtr<SSLKeyShare> SSLKeyShare::Create(uint16_t group_id) {
200
330
  New<ECKeyShare>(NID_secp521r1, SSL_CURVE_SECP521R1));
201
331
  case SSL_CURVE_X25519:
202
332
  return UniquePtr<SSLKeyShare>(New<X25519KeyShare>());
333
+ case SSL_CURVE_CECPQ2:
334
+ return UniquePtr<SSLKeyShare>(New<CECPQ2KeyShare>());
203
335
  default:
204
336
  return nullptr;
205
337
  }
206
338
  }
207
339
 
340
+ UniquePtr<SSLKeyShare> SSLKeyShare::Create(CBS *in) {
341
+ uint64_t group;
342
+ if (!CBS_get_asn1_uint64(in, &group) || group > 0xffff) {
343
+ return nullptr;
344
+ }
345
+ UniquePtr<SSLKeyShare> key_share = Create(static_cast<uint16_t>(group));
346
+ if (!key_share || !key_share->Deserialize(in)) {
347
+ return nullptr;
348
+ }
349
+ return key_share;
350
+ }
351
+
352
+
208
353
  bool SSLKeyShare::Accept(CBB *out_public_key, Array<uint8_t> *out_secret,
209
354
  uint8_t *out_alert, Span<const uint8_t> peer_key) {
210
355
  *out_alert = SSL_AD_INTERNAL_ERROR;
@@ -212,33 +357,33 @@ bool SSLKeyShare::Accept(CBB *out_public_key, Array<uint8_t> *out_secret,
212
357
  Finish(out_secret, out_alert, peer_key);
213
358
  }
214
359
 
215
- int ssl_nid_to_group_id(uint16_t *out_group_id, int nid) {
360
+ bool ssl_nid_to_group_id(uint16_t *out_group_id, int nid) {
216
361
  for (const auto &group : kNamedGroups) {
217
362
  if (group.nid == nid) {
218
363
  *out_group_id = group.group_id;
219
- return 1;
364
+ return true;
220
365
  }
221
366
  }
222
- return 0;
367
+ return false;
223
368
  }
224
369
 
225
- int ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len) {
370
+ bool ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len) {
226
371
  for (const auto &group : kNamedGroups) {
227
372
  if (len == strlen(group.name) &&
228
373
  !strncmp(group.name, name, len)) {
229
374
  *out_group_id = group.group_id;
230
- return 1;
375
+ return true;
231
376
  }
232
377
  if (len == strlen(group.alias) &&
233
378
  !strncmp(group.alias, name, len)) {
234
379
  *out_group_id = group.group_id;
235
- return 1;
380
+ return true;
236
381
  }
237
382
  }
238
- return 0;
383
+ return false;
239
384
  }
240
385
 
241
- } // namespace bssl
386
+ BSSL_NAMESPACE_END
242
387
 
243
388
  using namespace bssl;
244
389
 
@@ -162,7 +162,7 @@
162
162
  #endif
163
163
 
164
164
 
165
- namespace bssl {
165
+ BSSL_NAMESPACE_BEGIN
166
166
 
167
167
  // |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it
168
168
  // to avoid downstream churn.
@@ -201,7 +201,7 @@ bool CBBFinishArray(CBB *cbb, Array<uint8_t> *out) {
201
201
  void ssl_reset_error_state(SSL *ssl) {
202
202
  // Functions which use |SSL_get_error| must reset I/O and error state on
203
203
  // entry.
204
- ssl->s3->rwstate = SSL_NOTHING;
204
+ ssl->s3->rwstate = SSL_ERROR_NONE;
205
205
  ERR_clear_error();
206
206
  ERR_clear_system_error();
207
207
  }
@@ -219,11 +219,11 @@ static bool check_read_error(const SSL *ssl) {
219
219
  return true;
220
220
  }
221
221
 
222
- int ssl_can_write(const SSL *ssl) {
222
+ bool ssl_can_write(const SSL *ssl) {
223
223
  return !SSL_in_init(ssl) || ssl->s3->hs->can_early_write;
224
224
  }
225
225
 
226
- int ssl_can_read(const SSL *ssl) {
226
+ bool ssl_can_read(const SSL *ssl) {
227
227
  return !SSL_in_init(ssl) || ssl->s3->hs->can_early_read;
228
228
  }
229
229
 
@@ -272,19 +272,9 @@ ssl_open_record_t ssl_open_app_data(SSL *ssl, Span<uint8_t> *out,
272
272
  return ret;
273
273
  }
274
274
 
275
- void ssl_cipher_preference_list_free(
276
- struct ssl_cipher_preference_list_st *cipher_list) {
277
- if (cipher_list == NULL) {
278
- return;
279
- }
280
- sk_SSL_CIPHER_free(cipher_list->ciphers);
281
- OPENSSL_free(cipher_list->in_group_flags);
282
- OPENSSL_free(cipher_list);
283
- }
284
-
285
275
  void ssl_update_cache(SSL_HANDSHAKE *hs, int mode) {
286
276
  SSL *const ssl = hs->ssl;
287
- SSL_CTX *ctx = ssl->session_ctx;
277
+ SSL_CTX *ctx = ssl->session_ctx.get();
288
278
  // Never cache sessions with empty session IDs.
289
279
  if (ssl->s3->established_session->session_id_length == 0 ||
290
280
  ssl->s3->established_session->not_resumable ||
@@ -299,16 +289,16 @@ void ssl_update_cache(SSL_HANDSHAKE *hs, int mode) {
299
289
  // A client may see new sessions on abbreviated handshakes if the server
300
290
  // decides to renew the ticket. Once the handshake is completed, it should be
301
291
  // inserted into the cache.
302
- if (ssl->s3->established_session.get() != ssl->session ||
292
+ if (ssl->s3->established_session.get() != ssl->session.get() ||
303
293
  (!ssl->server && hs->ticket_expected)) {
304
294
  if (use_internal_cache) {
305
295
  SSL_CTX_add_session(ctx, ssl->s3->established_session.get());
306
296
  }
307
297
  if (ctx->new_session_cb != NULL) {
308
- SSL_SESSION_up_ref(ssl->s3->established_session.get());
309
- if (!ctx->new_session_cb(ssl, ssl->s3->established_session.get())) {
298
+ UniquePtr<SSL_SESSION> ref = UpRef(ssl->s3->established_session);
299
+ if (ctx->new_session_cb(ssl, ref.get())) {
310
300
  // |new_session_cb|'s return value signals whether it took ownership.
311
- SSL_SESSION_free(ssl->s3->established_session.get());
301
+ ref.release();
312
302
  }
313
303
  }
314
304
  }
@@ -333,46 +323,45 @@ void ssl_update_cache(SSL_HANDSHAKE *hs, int mode) {
333
323
  }
334
324
  }
335
325
 
336
- static int cbb_add_hex(CBB *cbb, const uint8_t *in, size_t in_len) {
326
+ static bool cbb_add_hex(CBB *cbb, Span<const uint8_t> in) {
337
327
  static const char hextable[] = "0123456789abcdef";
338
328
  uint8_t *out;
339
329
 
340
- if (!CBB_add_space(cbb, &out, in_len * 2)) {
341
- return 0;
330
+ if (!CBB_add_space(cbb, &out, in.size() * 2)) {
331
+ return false;
342
332
  }
343
333
 
344
- for (size_t i = 0; i < in_len; i++) {
345
- *(out++) = (uint8_t)hextable[in[i] >> 4];
346
- *(out++) = (uint8_t)hextable[in[i] & 0xf];
334
+ for (uint8_t b : in) {
335
+ *(out++) = (uint8_t)hextable[b >> 4];
336
+ *(out++) = (uint8_t)hextable[b & 0xf];
347
337
  }
348
338
 
349
- return 1;
339
+ return true;
350
340
  }
351
341
 
352
- int ssl_log_secret(const SSL *ssl, const char *label, const uint8_t *secret,
353
- size_t secret_len) {
342
+ bool ssl_log_secret(const SSL *ssl, const char *label,
343
+ Span<const uint8_t> secret) {
354
344
  if (ssl->ctx->keylog_callback == NULL) {
355
- return 1;
345
+ return true;
356
346
  }
357
347
 
358
348
  ScopedCBB cbb;
359
- uint8_t *out;
360
- size_t out_len;
349
+ Array<uint8_t> line;
361
350
  if (!CBB_init(cbb.get(), strlen(label) + 1 + SSL3_RANDOM_SIZE * 2 + 1 +
362
- secret_len * 2 + 1) ||
363
- !CBB_add_bytes(cbb.get(), (const uint8_t *)label, strlen(label)) ||
364
- !CBB_add_bytes(cbb.get(), (const uint8_t *)" ", 1) ||
365
- !cbb_add_hex(cbb.get(), ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
366
- !CBB_add_bytes(cbb.get(), (const uint8_t *)" ", 1) ||
367
- !cbb_add_hex(cbb.get(), secret, secret_len) ||
351
+ secret.size() * 2 + 1) ||
352
+ !CBB_add_bytes(cbb.get(), reinterpret_cast<const uint8_t *>(label),
353
+ strlen(label)) ||
354
+ !CBB_add_u8(cbb.get(), ' ') ||
355
+ !cbb_add_hex(cbb.get(), ssl->s3->client_random) ||
356
+ !CBB_add_u8(cbb.get(), ' ') ||
357
+ !cbb_add_hex(cbb.get(), secret) ||
368
358
  !CBB_add_u8(cbb.get(), 0 /* NUL */) ||
369
- !CBB_finish(cbb.get(), &out, &out_len)) {
370
- return 0;
359
+ !CBBFinishArray(cbb.get(), &line)) {
360
+ return false;
371
361
  }
372
362
 
373
- ssl->ctx->keylog_callback(ssl, (const char *)out);
374
- OPENSSL_free(out);
375
- return 1;
363
+ ssl->ctx->keylog_callback(ssl, reinterpret_cast<const char *>(line.data()));
364
+ return true;
376
365
  }
377
366
 
378
367
  void ssl_do_info_callback(const SSL *ssl, int type, int value) {
@@ -388,7 +377,7 @@ void ssl_do_info_callback(const SSL *ssl, int type, int value) {
388
377
  }
389
378
  }
390
379
 
391
- void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type,
380
+ void ssl_do_msg_callback(const SSL *ssl, int is_write, int content_type,
392
381
  Span<const uint8_t> in) {
393
382
  if (ssl->msg_callback == NULL) {
394
383
  return;
@@ -409,14 +398,14 @@ void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type,
409
398
  version = SSL_version(ssl);
410
399
  }
411
400
 
412
- ssl->msg_callback(is_write, version, content_type, in.data(), in.size(), ssl,
413
- ssl->msg_callback_arg);
401
+ ssl->msg_callback(is_write, version, content_type, in.data(), in.size(),
402
+ const_cast<SSL *>(ssl), ssl->msg_callback_arg);
414
403
  }
415
404
 
416
405
  void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock) {
417
406
  // TODO(martinkr): Change callers to |ssl_ctx_get_current_time| and drop the
418
407
  // |ssl| arg from |current_time_cb| if possible.
419
- ssl_ctx_get_current_time(ssl->ctx, out_clock);
408
+ ssl_ctx_get_current_time(ssl->ctx.get(), out_clock);
420
409
  }
421
410
 
422
411
  void ssl_ctx_get_current_time(const SSL_CTX *ctx,
@@ -469,132 +458,167 @@ void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) {
469
458
  ctx->handoff = on;
470
459
  }
471
460
 
472
- } // namespace bssl
473
-
474
- using namespace bssl;
461
+ static bool ssl_can_renegotiate(const SSL *ssl) {
462
+ if (ssl->server || SSL_is_dtls(ssl)) {
463
+ return false;
464
+ }
475
465
 
476
- int SSL_library_init(void) {
477
- CRYPTO_library_init();
478
- return 1;
479
- }
466
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
467
+ return false;
468
+ }
480
469
 
481
- int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
482
- CRYPTO_library_init();
483
- return 1;
484
- }
470
+ // The config has already been shed.
471
+ if (!ssl->config) {
472
+ return false;
473
+ }
485
474
 
486
- static uint32_t ssl_session_hash(const SSL_SESSION *sess) {
487
- const uint8_t *session_id = sess->session_id;
475
+ switch (ssl->renegotiate_mode) {
476
+ case ssl_renegotiate_ignore:
477
+ case ssl_renegotiate_never:
478
+ return false;
488
479
 
489
- uint8_t tmp_storage[sizeof(uint32_t)];
490
- if (sess->session_id_length < sizeof(tmp_storage)) {
491
- OPENSSL_memset(tmp_storage, 0, sizeof(tmp_storage));
492
- OPENSSL_memcpy(tmp_storage, sess->session_id, sess->session_id_length);
493
- session_id = tmp_storage;
480
+ case ssl_renegotiate_freely:
481
+ case ssl_renegotiate_explicit:
482
+ return true;
483
+ case ssl_renegotiate_once:
484
+ return ssl->s3->total_renegotiations == 0;
494
485
  }
495
486
 
496
- uint32_t hash =
497
- ((uint32_t)session_id[0]) |
498
- ((uint32_t)session_id[1] << 8) |
499
- ((uint32_t)session_id[2] << 16) |
500
- ((uint32_t)session_id[3] << 24);
501
-
502
- return hash;
487
+ assert(0);
488
+ return false;
503
489
  }
504
490
 
505
- // NB: If this function (or indeed the hash function which uses a sort of
506
- // coarser function than this one) is changed, ensure
507
- // SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
508
- // able to construct an SSL_SESSION that will collide with any existing session
509
- // with a matching session ID.
510
- static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
511
- if (a->ssl_version != b->ssl_version) {
512
- return 1;
513
- }
514
-
515
- if (a->session_id_length != b->session_id_length) {
516
- return 1;
491
+ static void ssl_maybe_shed_handshake_config(SSL *ssl) {
492
+ if (ssl->s3->hs != nullptr ||
493
+ ssl->config == nullptr ||
494
+ !ssl->config->shed_handshake_config ||
495
+ ssl_can_renegotiate(ssl)) {
496
+ return;
517
497
  }
518
498
 
519
- return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length);
499
+ ssl->config.reset();
520
500
  }
521
501
 
522
- SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
523
- SSL_CTX *ret = NULL;
502
+ void SSL_set_handoff_mode(SSL *ssl, bool on) {
503
+ if (!ssl->config) {
504
+ return;
505
+ }
506
+ ssl->config->handoff = on;
507
+ }
524
508
 
525
- if (method == NULL) {
526
- OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_METHOD_PASSED);
527
- return NULL;
509
+ bool SSL_get_traffic_secrets(const SSL *ssl,
510
+ Span<const uint8_t> *out_read_traffic_secret,
511
+ Span<const uint8_t> *out_write_traffic_secret) {
512
+ if (SSL_version(ssl) < TLS1_3_VERSION) {
513
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
514
+ return false;
528
515
  }
529
516
 
530
- ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
531
- if (ret == NULL) {
532
- goto err;
517
+ if (!ssl->s3->initial_handshake_complete) {
518
+ OPENSSL_PUT_ERROR(SSL, SSL_R_HANDSHAKE_NOT_COMPLETE);
519
+ return false;
533
520
  }
534
521
 
535
- OPENSSL_memset(ret, 0, sizeof(SSL_CTX));
522
+ *out_read_traffic_secret = Span<const uint8_t>(
523
+ ssl->s3->read_traffic_secret, ssl->s3->read_traffic_secret_len);
524
+ *out_write_traffic_secret = Span<const uint8_t>(
525
+ ssl->s3->write_traffic_secret, ssl->s3->write_traffic_secret_len);
536
526
 
537
- ret->method = method->method;
538
- ret->x509_method = method->x509_method;
527
+ return true;
528
+ }
539
529
 
540
- CRYPTO_MUTEX_init(&ret->lock);
530
+ BSSL_NAMESPACE_END
541
531
 
542
- ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
543
- ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
532
+ using namespace bssl;
544
533
 
545
- ret->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
546
- ret->session_psk_dhe_timeout = SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT;
534
+ int SSL_library_init(void) {
535
+ CRYPTO_library_init();
536
+ return 1;
537
+ }
547
538
 
548
- ret->references = 1;
539
+ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
540
+ CRYPTO_library_init();
541
+ return 1;
542
+ }
549
543
 
550
- ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
551
- ret->verify_mode = SSL_VERIFY_NONE;
552
- ret->cert = ssl_cert_new(method->x509_method);
553
- if (ret->cert == NULL) {
554
- goto err;
555
- }
544
+ static uint32_t ssl_session_hash(const SSL_SESSION *sess) {
545
+ return ssl_hash_session_id(
546
+ MakeConstSpan(sess->session_id, sess->session_id_length));
547
+ }
556
548
 
557
- ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
558
- if (ret->sessions == NULL) {
559
- goto err;
549
+ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
550
+ if (a->session_id_length != b->session_id_length) {
551
+ return 1;
560
552
  }
561
553
 
562
- if (!ret->x509_method->ssl_ctx_new(ret)) {
563
- goto err;
564
- }
554
+ return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length);
555
+ }
565
556
 
566
- if (!SSL_CTX_set_strict_cipher_list(ret, SSL_DEFAULT_CIPHER_LIST)) {
567
- goto err2;
568
- }
557
+ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
558
+ : method(ssl_method->method),
559
+ x509_method(ssl_method->x509_method),
560
+ retain_only_sha256_of_client_certs(false),
561
+ quiet_shutdown(false),
562
+ ocsp_stapling_enabled(false),
563
+ signed_cert_timestamps_enabled(false),
564
+ channel_id_enabled(false),
565
+ grease_enabled(false),
566
+ allow_unknown_alpn_protos(false),
567
+ ed25519_enabled(false),
568
+ rsa_pss_rsae_certs_enabled(true),
569
+ false_start_allowed_without_alpn(false),
570
+ ignore_tls13_downgrade(false),
571
+ handoff(false),
572
+ enable_early_data(false),
573
+ pq_experiment_signal(false) {
574
+ CRYPTO_MUTEX_init(&lock);
575
+ CRYPTO_new_ex_data(&ex_data);
576
+ }
577
+
578
+ ssl_ctx_st::~ssl_ctx_st() {
579
+ // Free the internal session cache. Note that this calls the caller-supplied
580
+ // remove callback, so we must do it before clearing ex_data. (See ticket
581
+ // [openssl.org #212].)
582
+ SSL_CTX_flush_sessions(this, 0);
569
583
 
570
- ret->client_CA = sk_CRYPTO_BUFFER_new_null();
571
- if (ret->client_CA == NULL) {
572
- goto err;
573
- }
584
+ CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, this, &ex_data);
574
585
 
575
- CRYPTO_new_ex_data(&ret->ex_data);
586
+ CRYPTO_MUTEX_cleanup(&lock);
587
+ lh_SSL_SESSION_free(sessions);
588
+ x509_method->ssl_ctx_free(this);
589
+ }
576
590
 
577
- ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
591
+ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
592
+ if (method == NULL) {
593
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_METHOD_PASSED);
594
+ return nullptr;
595
+ }
578
596
 
579
- // Disable the auto-chaining feature by default. Once this has stuck without
580
- // problems, the feature will be removed entirely.
581
- ret->mode = SSL_MODE_NO_AUTO_CHAIN;
597
+ UniquePtr<SSL_CTX> ret = MakeUnique<SSL_CTX>(method);
598
+ if (!ret) {
599
+ return nullptr;
600
+ }
582
601
 
583
- // Lock the SSL_CTX to the specified version, for compatibility with legacy
584
- // uses of SSL_METHOD.
585
- if (!SSL_CTX_set_max_proto_version(ret, method->version) ||
586
- !SSL_CTX_set_min_proto_version(ret, method->version)) {
602
+ ret->cert = MakeUnique<CERT>(method->x509_method);
603
+ ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
604
+ ret->client_CA.reset(sk_CRYPTO_BUFFER_new_null());
605
+ if (ret->cert == nullptr ||
606
+ ret->sessions == nullptr ||
607
+ ret->client_CA == nullptr ||
608
+ !ret->x509_method->ssl_ctx_new(ret.get())) {
609
+ return nullptr;
610
+ }
611
+
612
+ if (!SSL_CTX_set_strict_cipher_list(ret.get(), SSL_DEFAULT_CIPHER_LIST) ||
613
+ // Lock the SSL_CTX to the specified version, for compatibility with
614
+ // legacy uses of SSL_METHOD.
615
+ !SSL_CTX_set_max_proto_version(ret.get(), method->version) ||
616
+ !SSL_CTX_set_min_proto_version(ret.get(), method->version)) {
587
617
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
588
- goto err2;
618
+ return nullptr;
589
619
  }
590
620
 
591
- return ret;
592
-
593
- err:
594
- OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
595
- err2:
596
- SSL_CTX_free(ret);
597
- return NULL;
621
+ return ret.release();
598
622
  }
599
623
 
600
624
  int SSL_CTX_up_ref(SSL_CTX *ctx) {
@@ -608,184 +632,121 @@ void SSL_CTX_free(SSL_CTX *ctx) {
608
632
  return;
609
633
  }
610
634
 
611
- // Free internal session cache. However: the remove_cb() may reference the
612
- // ex_data of SSL_CTX, thus the ex_data store can only be removed after the
613
- // sessions were flushed. As the ex_data handling routines might also touch
614
- // the session cache, the most secure solution seems to be: empty (flush) the
615
- // cache, then free ex_data, then finally free the cache. (See ticket
616
- // [openssl.org #212].)
617
- SSL_CTX_flush_sessions(ctx, 0);
618
-
619
- CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data);
620
-
621
- CRYPTO_MUTEX_cleanup(&ctx->lock);
622
- lh_SSL_SESSION_free(ctx->sessions);
623
- ssl_cipher_preference_list_free(ctx->cipher_list);
624
- ssl_cert_free(ctx->cert);
625
- sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->client_custom_extensions,
626
- SSL_CUSTOM_EXTENSION_free);
627
- sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->server_custom_extensions,
628
- SSL_CUSTOM_EXTENSION_free);
629
- sk_CRYPTO_BUFFER_pop_free(ctx->client_CA, CRYPTO_BUFFER_free);
630
- ctx->x509_method->ssl_ctx_free(ctx);
631
- sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
632
- OPENSSL_free(ctx->psk_identity_hint);
633
- OPENSSL_free(ctx->supported_group_list);
634
- OPENSSL_free(ctx->alpn_client_proto_list);
635
- EVP_PKEY_free(ctx->tlsext_channel_id_private);
636
- OPENSSL_free(ctx->verify_sigalgs);
637
- OPENSSL_free(ctx->tlsext_ticket_key_current);
638
- OPENSSL_free(ctx->tlsext_ticket_key_prev);
639
-
635
+ ctx->~ssl_ctx_st();
640
636
  OPENSSL_free(ctx);
641
637
  }
642
638
 
643
- SSL *SSL_new(SSL_CTX *ctx) {
644
- if (ctx == NULL) {
645
- OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_CTX);
646
- return NULL;
647
- }
648
- if (ctx->method == NULL) {
649
- OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
650
- return NULL;
651
- }
639
+ ssl_st::ssl_st(SSL_CTX *ctx_arg)
640
+ : method(ctx_arg->method),
641
+ max_send_fragment(ctx_arg->max_send_fragment),
642
+ msg_callback(ctx_arg->msg_callback),
643
+ msg_callback_arg(ctx_arg->msg_callback_arg),
644
+ ctx(UpRef(ctx_arg)),
645
+ session_ctx(UpRef(ctx_arg)),
646
+ options(ctx->options),
647
+ mode(ctx->mode),
648
+ max_cert_list(ctx->max_cert_list),
649
+ server(false),
650
+ quiet_shutdown(ctx->quiet_shutdown),
651
+ enable_early_data(ctx->enable_early_data) {
652
+ CRYPTO_new_ex_data(&ex_data);
653
+ }
652
654
 
653
- SSL *ssl = (SSL *)OPENSSL_malloc(sizeof(SSL));
654
- if (ssl == NULL) {
655
- goto err;
655
+ ssl_st::~ssl_st() {
656
+ CRYPTO_free_ex_data(&g_ex_data_class_ssl, this, &ex_data);
657
+ // |config| refers to |this|, so we must release it earlier.
658
+ config.reset();
659
+ if (method != NULL) {
660
+ method->ssl_free(this);
656
661
  }
657
- OPENSSL_memset(ssl, 0, sizeof(SSL));
658
-
659
- ssl->conf_min_version = ctx->conf_min_version;
660
- ssl->conf_max_version = ctx->conf_max_version;
661
- ssl->tls13_variant = ctx->tls13_variant;
662
-
663
- // RFC 6347 states that implementations SHOULD use an initial timer value of
664
- // 1 second.
665
- ssl->initial_timeout_duration_ms = 1000;
666
-
667
- ssl->options = ctx->options;
668
- ssl->mode = ctx->mode;
669
- ssl->max_cert_list = ctx->max_cert_list;
662
+ }
670
663
 
671
- ssl->cert = ssl_cert_dup(ctx->cert);
672
- if (ssl->cert == NULL) {
673
- goto err;
664
+ SSL *SSL_new(SSL_CTX *ctx) {
665
+ if (ctx == nullptr) {
666
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_CTX);
667
+ return nullptr;
674
668
  }
675
669
 
676
- ssl->msg_callback = ctx->msg_callback;
677
- ssl->msg_callback_arg = ctx->msg_callback_arg;
678
- ssl->verify_mode = ctx->verify_mode;
679
- ssl->verify_callback = ctx->default_verify_callback;
680
- ssl->custom_verify_callback = ctx->custom_verify_callback;
681
- ssl->retain_only_sha256_of_client_certs =
682
- ctx->retain_only_sha256_of_client_certs;
683
-
684
- ssl->quiet_shutdown = ctx->quiet_shutdown;
685
- ssl->max_send_fragment = ctx->max_send_fragment;
686
-
687
- SSL_CTX_up_ref(ctx);
688
- ssl->ctx = ctx;
689
- SSL_CTX_up_ref(ctx);
690
- ssl->session_ctx = ctx;
691
-
692
- if (!ssl->ctx->x509_method->ssl_new(ssl)) {
693
- goto err;
670
+ UniquePtr<SSL> ssl = MakeUnique<SSL>(ctx);
671
+ if (ssl == nullptr) {
672
+ return nullptr;
694
673
  }
695
674
 
696
- if (ctx->supported_group_list) {
697
- ssl->supported_group_list = (uint16_t *)BUF_memdup(
698
- ctx->supported_group_list, ctx->supported_group_list_len * 2);
699
- if (!ssl->supported_group_list) {
700
- goto err;
701
- }
702
- ssl->supported_group_list_len = ctx->supported_group_list_len;
675
+ ssl->config = MakeUnique<SSL_CONFIG>(ssl.get());
676
+ if (ssl->config == nullptr) {
677
+ return nullptr;
703
678
  }
679
+ ssl->config->conf_min_version = ctx->conf_min_version;
680
+ ssl->config->conf_max_version = ctx->conf_max_version;
704
681
 
705
- if (ctx->alpn_client_proto_list) {
706
- ssl->alpn_client_proto_list = (uint8_t *)BUF_memdup(
707
- ctx->alpn_client_proto_list, ctx->alpn_client_proto_list_len);
708
- if (ssl->alpn_client_proto_list == NULL) {
709
- goto err;
710
- }
711
- ssl->alpn_client_proto_list_len = ctx->alpn_client_proto_list_len;
682
+ ssl->config->cert = ssl_cert_dup(ctx->cert.get());
683
+ if (ssl->config->cert == nullptr) {
684
+ return nullptr;
712
685
  }
713
686
 
714
- ssl->method = ctx->method;
687
+ ssl->config->verify_mode = ctx->verify_mode;
688
+ ssl->config->verify_callback = ctx->default_verify_callback;
689
+ ssl->config->custom_verify_callback = ctx->custom_verify_callback;
690
+ ssl->config->retain_only_sha256_of_client_certs =
691
+ ctx->retain_only_sha256_of_client_certs;
715
692
 
716
- if (!ssl->method->ssl_new(ssl)) {
717
- goto err;
693
+ if (!ssl->config->supported_group_list.CopyFrom(ctx->supported_group_list) ||
694
+ !ssl->config->alpn_client_proto_list.CopyFrom(
695
+ ctx->alpn_client_proto_list) ||
696
+ !ssl->config->verify_sigalgs.CopyFrom(ctx->verify_sigalgs)) {
697
+ return nullptr;
718
698
  }
719
699
 
720
- CRYPTO_new_ex_data(&ssl->ex_data);
721
-
722
- ssl->psk_identity_hint = NULL;
723
700
  if (ctx->psk_identity_hint) {
724
- ssl->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint);
725
- if (ssl->psk_identity_hint == NULL) {
726
- goto err;
701
+ ssl->config->psk_identity_hint.reset(
702
+ BUF_strdup(ctx->psk_identity_hint.get()));
703
+ if (ssl->config->psk_identity_hint == nullptr) {
704
+ return nullptr;
727
705
  }
728
706
  }
729
- ssl->psk_client_callback = ctx->psk_client_callback;
730
- ssl->psk_server_callback = ctx->psk_server_callback;
731
-
732
- ssl->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled;
733
- if (ctx->tlsext_channel_id_private) {
734
- EVP_PKEY_up_ref(ctx->tlsext_channel_id_private);
735
- ssl->tlsext_channel_id_private = ctx->tlsext_channel_id_private;
736
- }
737
-
738
- ssl->signed_cert_timestamps_enabled = ctx->signed_cert_timestamps_enabled;
739
- ssl->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
740
- ssl->handoff = ctx->handoff;
707
+ ssl->config->psk_client_callback = ctx->psk_client_callback;
708
+ ssl->config->psk_server_callback = ctx->psk_server_callback;
741
709
 
742
- return ssl;
710
+ ssl->config->channel_id_enabled = ctx->channel_id_enabled;
711
+ ssl->config->channel_id_private = UpRef(ctx->channel_id_private);
743
712
 
744
- err:
745
- SSL_free(ssl);
746
- OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
747
-
748
- return NULL;
749
- }
713
+ ssl->config->signed_cert_timestamps_enabled =
714
+ ctx->signed_cert_timestamps_enabled;
715
+ ssl->config->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
716
+ ssl->config->handoff = ctx->handoff;
717
+ ssl->config->ignore_tls13_downgrade = ctx->ignore_tls13_downgrade;
718
+ ssl->quic_method = ctx->quic_method;
750
719
 
751
- void SSL_free(SSL *ssl) {
752
- if (ssl == NULL) {
753
- return;
720
+ if (!ssl->method->ssl_new(ssl.get()) ||
721
+ !ssl->ctx->x509_method->ssl_new(ssl->s3->hs.get())) {
722
+ return nullptr;
754
723
  }
755
724
 
756
- if (ssl->ctx != NULL) {
757
- ssl->ctx->x509_method->ssl_free(ssl);
758
- }
759
-
760
- CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data);
761
-
762
- BIO_free_all(ssl->rbio);
763
- BIO_free_all(ssl->wbio);
764
-
765
- // add extra stuff
766
- ssl_cipher_preference_list_free(ssl->cipher_list);
767
-
768
- SSL_SESSION_free(ssl->session);
769
-
770
- ssl_cert_free(ssl->cert);
725
+ return ssl.release();
726
+ }
771
727
 
772
- OPENSSL_free(ssl->tlsext_hostname);
773
- SSL_CTX_free(ssl->session_ctx);
774
- OPENSSL_free(ssl->supported_group_list);
775
- OPENSSL_free(ssl->alpn_client_proto_list);
776
- OPENSSL_free(ssl->token_binding_params);
777
- OPENSSL_free(ssl->quic_transport_params);
778
- EVP_PKEY_free(ssl->tlsext_channel_id_private);
779
- OPENSSL_free(ssl->psk_identity_hint);
780
- sk_CRYPTO_BUFFER_pop_free(ssl->client_CA, CRYPTO_BUFFER_free);
781
- sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles);
728
+ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
729
+ : ssl(ssl_arg),
730
+ signed_cert_timestamps_enabled(false),
731
+ ocsp_stapling_enabled(false),
732
+ channel_id_enabled(false),
733
+ enforce_rsa_key_usage(false),
734
+ retain_only_sha256_of_client_certs(false),
735
+ handoff(false),
736
+ shed_handshake_config(false),
737
+ ignore_tls13_downgrade(false),
738
+ jdk11_workaround(false) {
739
+ assert(ssl);
740
+ }
782
741
 
783
- if (ssl->method != NULL) {
784
- ssl->method->ssl_free(ssl);
742
+ SSL_CONFIG::~SSL_CONFIG() {
743
+ if (ssl->ctx != nullptr) {
744
+ ssl->ctx->x509_method->ssl_config_free(this);
785
745
  }
786
- SSL_CTX_free(ssl->ctx);
746
+ }
787
747
 
788
- OPENSSL_free(ssl);
748
+ void SSL_free(SSL *ssl) {
749
+ Delete(ssl);
789
750
  }
790
751
 
791
752
  void SSL_set_connect_state(SSL *ssl) {
@@ -799,13 +760,11 @@ void SSL_set_accept_state(SSL *ssl) {
799
760
  }
800
761
 
801
762
  void SSL_set0_rbio(SSL *ssl, BIO *rbio) {
802
- BIO_free_all(ssl->rbio);
803
- ssl->rbio = rbio;
763
+ ssl->rbio.reset(rbio);
804
764
  }
805
765
 
806
766
  void SSL_set0_wbio(SSL *ssl, BIO *wbio) {
807
- BIO_free_all(ssl->wbio);
808
- ssl->wbio = wbio;
767
+ ssl->wbio.reset(wbio);
809
768
  }
810
769
 
811
770
  void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
@@ -842,9 +801,77 @@ void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
842
801
  SSL_set0_wbio(ssl, wbio);
843
802
  }
844
803
 
845
- BIO *SSL_get_rbio(const SSL *ssl) { return ssl->rbio; }
804
+ BIO *SSL_get_rbio(const SSL *ssl) { return ssl->rbio.get(); }
846
805
 
847
- BIO *SSL_get_wbio(const SSL *ssl) { return ssl->wbio; }
806
+ BIO *SSL_get_wbio(const SSL *ssl) { return ssl->wbio.get(); }
807
+
808
+ size_t SSL_quic_max_handshake_flight_len(const SSL *ssl,
809
+ enum ssl_encryption_level_t level) {
810
+ // Limits flights to 16K by default when there are no large
811
+ // (certificate-carrying) messages.
812
+ static const size_t kDefaultLimit = 16384;
813
+
814
+ switch (level) {
815
+ case ssl_encryption_initial:
816
+ return kDefaultLimit;
817
+ case ssl_encryption_early_data:
818
+ // QUIC does not send EndOfEarlyData.
819
+ return 0;
820
+ case ssl_encryption_handshake:
821
+ if (ssl->server) {
822
+ // Servers may receive Certificate message if configured to request
823
+ // client certificates.
824
+ if (!!(ssl->config->verify_mode & SSL_VERIFY_PEER) &&
825
+ ssl->max_cert_list > kDefaultLimit) {
826
+ return ssl->max_cert_list;
827
+ }
828
+ } else {
829
+ // Clients may receive both Certificate message and a CertificateRequest
830
+ // message.
831
+ if (2*ssl->max_cert_list > kDefaultLimit) {
832
+ return 2*ssl->max_cert_list;
833
+ }
834
+ }
835
+ return kDefaultLimit;
836
+ case ssl_encryption_application:
837
+ // Note there is not actually a bound on the number of NewSessionTickets
838
+ // one may send in a row. This level may need more involved flow
839
+ // control. See https://github.com/quicwg/base-drafts/issues/1834.
840
+ return kDefaultLimit;
841
+ }
842
+
843
+ return 0;
844
+ }
845
+
846
+ enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl) {
847
+ return ssl->s3->read_level;
848
+ }
849
+
850
+ enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl) {
851
+ return ssl->s3->write_level;
852
+ }
853
+
854
+ int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
855
+ const uint8_t *data, size_t len) {
856
+ if (ssl->quic_method == nullptr) {
857
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
858
+ return 0;
859
+ }
860
+
861
+ if (level != ssl->s3->read_level) {
862
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED);
863
+ return 0;
864
+ }
865
+
866
+ size_t new_len = (ssl->s3->hs_buf ? ssl->s3->hs_buf->length : 0) + len;
867
+ if (new_len < len ||
868
+ new_len > SSL_quic_max_handshake_flight_len(ssl, level)) {
869
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE);
870
+ return 0;
871
+ }
872
+
873
+ return tls_append_handshake_data(ssl, MakeConstSpan(data, len));
874
+ }
848
875
 
849
876
  int SSL_do_handshake(SSL *ssl) {
850
877
  ssl_reset_error_state(ssl);
@@ -872,6 +899,7 @@ int SSL_do_handshake(SSL *ssl) {
872
899
  // Destroy the handshake object if the handshake has completely finished.
873
900
  if (!early_return) {
874
901
  ssl->s3->hs.reset();
902
+ ssl_maybe_shed_handshake_config(ssl);
875
903
  }
876
904
 
877
905
  return 1;
@@ -900,11 +928,12 @@ static int ssl_do_post_handshake(SSL *ssl, const SSLMessage &msg) {
900
928
  return tls13_post_handshake(ssl, msg);
901
929
  }
902
930
 
903
- // We do not accept renegotiations as a server or SSL 3.0. SSL 3.0 will be
904
- // removed entirely in the future and requires retaining more data for
905
- // renegotiation_info.
906
- if (ssl->server || ssl->version == SSL3_VERSION) {
907
- goto no_renegotiation;
931
+ // Check for renegotiation on the server before parsing to use the correct
932
+ // error. Renegotiation is triggered by a different message for servers.
933
+ if (ssl->server) {
934
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
935
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION);
936
+ return 0;
908
937
  }
909
938
 
910
939
  if (msg.type != SSL3_MT_HELLO_REQUEST || CBS_len(&msg.body) != 0) {
@@ -913,50 +942,48 @@ static int ssl_do_post_handshake(SSL *ssl, const SSLMessage &msg) {
913
942
  return 0;
914
943
  }
915
944
 
916
- switch (ssl->renegotiate_mode) {
917
- case ssl_renegotiate_ignore:
918
- // Ignore the HelloRequest.
919
- return 1;
920
-
921
- case ssl_renegotiate_once:
922
- if (ssl->s3->total_renegotiations != 0) {
923
- goto no_renegotiation;
924
- }
925
- break;
926
-
927
- case ssl_renegotiate_never:
928
- goto no_renegotiation;
945
+ if (ssl->renegotiate_mode == ssl_renegotiate_ignore) {
946
+ return 1; // Ignore the HelloRequest.
947
+ }
929
948
 
930
- case ssl_renegotiate_freely:
931
- break;
949
+ ssl->s3->renegotiate_pending = true;
950
+ if (ssl->renegotiate_mode == ssl_renegotiate_explicit) {
951
+ return 1; // Handle it later.
932
952
  }
933
953
 
934
- // Renegotiation is only supported at quiescent points in the application
935
- // protocol, namely in HTTPS, just before reading the HTTP response. Require
936
- // the record-layer be idle and avoid complexities of sending a handshake
937
- // record while an application_data record is being written.
938
- if (!ssl->s3->write_buffer.empty() ||
939
- ssl->s3->write_shutdown != ssl_shutdown_none) {
940
- goto no_renegotiation;
954
+ if (!SSL_renegotiate(ssl)) {
955
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION);
956
+ return 0;
941
957
  }
942
958
 
943
- // Begin a new handshake.
944
- if (ssl->s3->hs != nullptr) {
945
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
959
+ return 1;
960
+ }
961
+
962
+ int SSL_process_quic_post_handshake(SSL *ssl) {
963
+ ssl_reset_error_state(ssl);
964
+
965
+ if (SSL_in_init(ssl)) {
966
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
946
967
  return 0;
947
968
  }
948
- ssl->s3->hs = ssl_handshake_new(ssl);
949
- if (ssl->s3->hs == nullptr) {
969
+
970
+ // Replay post-handshake message errors.
971
+ if (!check_read_error(ssl)) {
950
972
  return 0;
951
973
  }
952
974
 
953
- ssl->s3->total_renegotiations++;
954
- return 1;
975
+ // Process any buffered post-handshake messages.
976
+ SSLMessage msg;
977
+ while (ssl->method->get_message(ssl, &msg)) {
978
+ // Handle the post-handshake message and try again.
979
+ if (!ssl_do_post_handshake(ssl, msg)) {
980
+ ssl_set_read_error(ssl);
981
+ return 0;
982
+ }
983
+ ssl->method->next_message(ssl);
984
+ }
955
985
 
956
- no_renegotiation:
957
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
958
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION);
959
- return 0;
986
+ return 1;
960
987
  }
961
988
 
962
989
  static int ssl_read_impl(SSL *ssl) {
@@ -973,6 +1000,11 @@ static int ssl_read_impl(SSL *ssl) {
973
1000
  }
974
1001
 
975
1002
  while (ssl->s3->pending_app_data.empty()) {
1003
+ if (ssl->s3->renegotiate_pending) {
1004
+ ssl->s3->rwstate = SSL_ERROR_WANT_RENEGOTIATE;
1005
+ return -1;
1006
+ }
1007
+
976
1008
  // Complete the current handshake, if any. False Start will cause
977
1009
  // |SSL_do_handshake| to return mid-handshake, so this may require multiple
978
1010
  // iterations.
@@ -1040,6 +1072,11 @@ int SSL_read(SSL *ssl, void *buf, int num) {
1040
1072
  }
1041
1073
 
1042
1074
  int SSL_peek(SSL *ssl, void *buf, int num) {
1075
+ if (ssl->quic_method != nullptr) {
1076
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1077
+ return 0;
1078
+ }
1079
+
1043
1080
  int ret = ssl_read_impl(ssl);
1044
1081
  if (ret <= 0) {
1045
1082
  return ret;
@@ -1056,6 +1093,11 @@ int SSL_peek(SSL *ssl, void *buf, int num) {
1056
1093
  int SSL_write(SSL *ssl, const void *buf, int num) {
1057
1094
  ssl_reset_error_state(ssl);
1058
1095
 
1096
+ if (ssl->quic_method != nullptr) {
1097
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1098
+ return 0;
1099
+ }
1100
+
1059
1101
  if (ssl->do_handshake == NULL) {
1060
1102
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
1061
1103
  return -1;
@@ -1087,6 +1129,37 @@ int SSL_write(SSL *ssl, const void *buf, int num) {
1087
1129
  return ret;
1088
1130
  }
1089
1131
 
1132
+ int SSL_key_update(SSL *ssl, int request_type) {
1133
+ ssl_reset_error_state(ssl);
1134
+
1135
+ if (ssl->do_handshake == NULL) {
1136
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
1137
+ return 0;
1138
+ }
1139
+
1140
+ if (ssl->ctx->quic_method != nullptr) {
1141
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1142
+ return 0;
1143
+ }
1144
+
1145
+ if (!ssl->s3->initial_handshake_complete) {
1146
+ OPENSSL_PUT_ERROR(SSL, SSL_R_HANDSHAKE_NOT_COMPLETE);
1147
+ return 0;
1148
+ }
1149
+
1150
+ if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
1151
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
1152
+ return 0;
1153
+ }
1154
+
1155
+ if (!ssl->s3->key_update_pending &&
1156
+ !tls13_add_key_update(ssl, request_type)) {
1157
+ return 0;
1158
+ }
1159
+
1160
+ return 1;
1161
+ }
1162
+
1090
1163
  int SSL_shutdown(SSL *ssl) {
1091
1164
  ssl_reset_error_state(ssl);
1092
1165
 
@@ -1115,7 +1188,7 @@ int SSL_shutdown(SSL *ssl) {
1115
1188
 
1116
1189
  if (ssl->s3->write_shutdown != ssl_shutdown_close_notify) {
1117
1190
  // Send a close_notify.
1118
- if (ssl_send_alert(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY) <= 0) {
1191
+ if (ssl_send_alert_impl(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY) <= 0) {
1119
1192
  return -1;
1120
1193
  }
1121
1194
  } else if (ssl->s3->alert_dispatch) {
@@ -1135,13 +1208,11 @@ int SSL_shutdown(SSL *ssl) {
1135
1208
  }
1136
1209
  ssl->s3->read_shutdown = ssl_shutdown_close_notify;
1137
1210
  } else {
1138
- // Keep discarding data until we see a close_notify.
1139
- for (;;) {
1140
- ssl->s3->pending_app_data = Span<uint8_t>();
1141
- int ret = ssl_read_impl(ssl);
1142
- if (ret <= 0) {
1143
- break;
1144
- }
1211
+ // Process records until an error, close_notify, or application data.
1212
+ if (ssl_read_impl(ssl) > 0) {
1213
+ // We received some unexpected application data.
1214
+ OPENSSL_PUT_ERROR(SSL, SSL_R_APPLICATION_DATA_ON_SHUTDOWN);
1215
+ return -1;
1145
1216
  }
1146
1217
  if (ssl->s3->read_shutdown != ssl_shutdown_close_notify) {
1147
1218
  return -1;
@@ -1164,17 +1235,21 @@ int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) {
1164
1235
  return ssl->method->dispatch_alert(ssl);
1165
1236
  }
1166
1237
 
1167
- return ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1238
+ return ssl_send_alert_impl(ssl, SSL3_AL_FATAL, alert);
1239
+ }
1240
+
1241
+ void SSL_CTX_enable_pq_experiment_signal(SSL_CTX *ctx) {
1242
+ ctx->pq_experiment_signal = true;
1243
+ }
1244
+
1245
+ int SSL_pq_experiment_signal_seen(const SSL *ssl) {
1246
+ return ssl->s3->pq_experiment_signal_seen;
1168
1247
  }
1169
1248
 
1170
1249
  int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
1171
1250
  size_t params_len) {
1172
- ssl->quic_transport_params = (uint8_t *)BUF_memdup(params, params_len);
1173
- if (!ssl->quic_transport_params) {
1174
- return 0;
1175
- }
1176
- ssl->quic_transport_params_len = params_len;
1177
- return 1;
1251
+ return ssl->config && ssl->config->quic_transport_params.CopyFrom(
1252
+ MakeConstSpan(params, params_len));
1178
1253
  }
1179
1254
 
1180
1255
  void SSL_get_peer_quic_transport_params(const SSL *ssl,
@@ -1185,19 +1260,11 @@ void SSL_get_peer_quic_transport_params(const SSL *ssl,
1185
1260
  }
1186
1261
 
1187
1262
  void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
1188
- ctx->cert->enable_early_data = !!enabled;
1189
- }
1190
-
1191
- void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, enum tls13_variant_t variant) {
1192
- ctx->tls13_variant = variant;
1193
- }
1194
-
1195
- void SSL_set_tls13_variant(SSL *ssl, enum tls13_variant_t variant) {
1196
- ssl->tls13_variant = variant;
1263
+ ctx->enable_early_data = !!enabled;
1197
1264
  }
1198
1265
 
1199
1266
  void SSL_set_early_data_enabled(SSL *ssl, int enabled) {
1200
- ssl->cert->enable_early_data = !!enabled;
1267
+ ssl->enable_early_data = !!enabled;
1201
1268
  }
1202
1269
 
1203
1270
  int SSL_in_early_data(const SSL *ssl) {
@@ -1228,6 +1295,10 @@ void SSL_reset_early_data_reject(SSL *ssl) {
1228
1295
  ssl->s3->wpend_pending = false;
1229
1296
  }
1230
1297
 
1298
+ enum ssl_early_data_reason_t SSL_get_early_data_reason(const SSL *ssl) {
1299
+ return ssl->s3->early_data_reason;
1300
+ }
1301
+
1231
1302
  static int bio_retry_reason_to_error(int reason) {
1232
1303
  switch (reason) {
1233
1304
  case BIO_RR_CONNECT:
@@ -1265,16 +1336,23 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
1265
1336
  }
1266
1337
 
1267
1338
  switch (ssl->s3->rwstate) {
1268
- case SSL_PENDING_SESSION:
1269
- return SSL_ERROR_PENDING_SESSION;
1270
-
1271
- case SSL_CERTIFICATE_SELECTION_PENDING:
1272
- return SSL_ERROR_PENDING_CERTIFICATE;
1273
-
1274
- case SSL_HANDOFF:
1275
- return SSL_ERROR_HANDOFF;
1276
-
1277
- case SSL_READING: {
1339
+ case SSL_ERROR_PENDING_SESSION:
1340
+ case SSL_ERROR_PENDING_CERTIFICATE:
1341
+ case SSL_ERROR_HANDOFF:
1342
+ case SSL_ERROR_HANDBACK:
1343
+ case SSL_ERROR_WANT_X509_LOOKUP:
1344
+ case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
1345
+ case SSL_ERROR_WANT_PRIVATE_KEY_OPERATION:
1346
+ case SSL_ERROR_PENDING_TICKET:
1347
+ case SSL_ERROR_EARLY_DATA_REJECTED:
1348
+ case SSL_ERROR_WANT_CERTIFICATE_VERIFY:
1349
+ case SSL_ERROR_WANT_RENEGOTIATE:
1350
+ return ssl->s3->rwstate;
1351
+
1352
+ case SSL_ERROR_WANT_READ: {
1353
+ if (ssl->quic_method) {
1354
+ return SSL_ERROR_WANT_READ;
1355
+ }
1278
1356
  BIO *bio = SSL_get_rbio(ssl);
1279
1357
  if (BIO_should_read(bio)) {
1280
1358
  return SSL_ERROR_WANT_READ;
@@ -1293,7 +1371,7 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
1293
1371
  break;
1294
1372
  }
1295
1373
 
1296
- case SSL_WRITING: {
1374
+ case SSL_ERROR_WANT_WRITE: {
1297
1375
  BIO *bio = SSL_get_wbio(ssl);
1298
1376
  if (BIO_should_write(bio)) {
1299
1377
  return SSL_ERROR_WANT_WRITE;
@@ -1311,29 +1389,54 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
1311
1389
 
1312
1390
  break;
1313
1391
  }
1314
-
1315
- case SSL_X509_LOOKUP:
1316
- return SSL_ERROR_WANT_X509_LOOKUP;
1317
-
1318
- case SSL_CHANNEL_ID_LOOKUP:
1319
- return SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
1320
-
1321
- case SSL_PRIVATE_KEY_OPERATION:
1322
- return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
1323
-
1324
- case SSL_PENDING_TICKET:
1325
- return SSL_ERROR_PENDING_TICKET;
1326
-
1327
- case SSL_EARLY_DATA_REJECTED:
1328
- return SSL_ERROR_EARLY_DATA_REJECTED;
1329
-
1330
- case SSL_CERTIFICATE_VERIFY:
1331
- return SSL_ERROR_WANT_CERTIFICATE_VERIFY;
1332
1392
  }
1333
1393
 
1334
1394
  return SSL_ERROR_SYSCALL;
1335
1395
  }
1336
1396
 
1397
+ const char *SSL_error_description(int err) {
1398
+ switch (err) {
1399
+ case SSL_ERROR_NONE:
1400
+ return "NONE";
1401
+ case SSL_ERROR_SSL:
1402
+ return "SSL";
1403
+ case SSL_ERROR_WANT_READ:
1404
+ return "WANT_READ";
1405
+ case SSL_ERROR_WANT_WRITE:
1406
+ return "WANT_WRITE";
1407
+ case SSL_ERROR_WANT_X509_LOOKUP:
1408
+ return "WANT_X509_LOOKUP";
1409
+ case SSL_ERROR_SYSCALL:
1410
+ return "SYSCALL";
1411
+ case SSL_ERROR_ZERO_RETURN:
1412
+ return "ZERO_RETURN";
1413
+ case SSL_ERROR_WANT_CONNECT:
1414
+ return "WANT_CONNECT";
1415
+ case SSL_ERROR_WANT_ACCEPT:
1416
+ return "WANT_ACCEPT";
1417
+ case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
1418
+ return "WANT_CHANNEL_ID_LOOKUP";
1419
+ case SSL_ERROR_PENDING_SESSION:
1420
+ return "PENDING_SESSION";
1421
+ case SSL_ERROR_PENDING_CERTIFICATE:
1422
+ return "PENDING_CERTIFICATE";
1423
+ case SSL_ERROR_WANT_PRIVATE_KEY_OPERATION:
1424
+ return "WANT_PRIVATE_KEY_OPERATION";
1425
+ case SSL_ERROR_PENDING_TICKET:
1426
+ return "PENDING_TICKET";
1427
+ case SSL_ERROR_EARLY_DATA_REJECTED:
1428
+ return "EARLY_DATA_REJECTED";
1429
+ case SSL_ERROR_WANT_CERTIFICATE_VERIFY:
1430
+ return "WANT_CERTIFICATE_VERIFY";
1431
+ case SSL_ERROR_HANDOFF:
1432
+ return "HANDOFF";
1433
+ case SSL_ERROR_HANDBACK:
1434
+ return "HANDBACK";
1435
+ default:
1436
+ return nullptr;
1437
+ }
1438
+ }
1439
+
1337
1440
  uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
1338
1441
  ctx->options |= options;
1339
1442
  return ctx->options;
@@ -1391,9 +1494,8 @@ int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len,
1391
1494
  *out_len = 0;
1392
1495
  OPENSSL_memset(out, 0, max_out);
1393
1496
 
1394
- // tls-unique is not defined for SSL 3.0 or TLS 1.3.
1497
+ // tls-unique is not defined for TLS 1.3.
1395
1498
  if (!ssl->s3->initial_handshake_complete ||
1396
- ssl_protocol_version(ssl) < TLS1_VERSION ||
1397
1499
  ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1398
1500
  return 0;
1399
1501
  }
@@ -1436,20 +1538,33 @@ static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx,
1436
1538
 
1437
1539
  int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx,
1438
1540
  size_t sid_ctx_len) {
1439
- return set_session_id_context(ctx->cert, sid_ctx, sid_ctx_len);
1541
+ return set_session_id_context(ctx->cert.get(), sid_ctx, sid_ctx_len);
1440
1542
  }
1441
1543
 
1442
1544
  int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx,
1443
1545
  size_t sid_ctx_len) {
1444
- return set_session_id_context(ssl->cert, sid_ctx, sid_ctx_len);
1546
+ if (!ssl->config) {
1547
+ return 0;
1548
+ }
1549
+ return set_session_id_context(ssl->config->cert.get(), sid_ctx, sid_ctx_len);
1445
1550
  }
1446
1551
 
1447
1552
  const uint8_t *SSL_get0_session_id_context(const SSL *ssl, size_t *out_len) {
1448
- *out_len = ssl->cert->sid_ctx_length;
1449
- return ssl->cert->sid_ctx;
1553
+ if (!ssl->config) {
1554
+ assert(ssl->config);
1555
+ *out_len = 0;
1556
+ return NULL;
1557
+ }
1558
+ *out_len = ssl->config->cert->sid_ctx_length;
1559
+ return ssl->config->cert->sid_ctx;
1450
1560
  }
1451
1561
 
1452
- void SSL_certs_clear(SSL *ssl) { ssl_cert_clear_certs(ssl->cert); }
1562
+ void SSL_certs_clear(SSL *ssl) {
1563
+ if (!ssl->config) {
1564
+ return;
1565
+ }
1566
+ ssl_cert_clear_certs(ssl->config->cert.get());
1567
+ }
1453
1568
 
1454
1569
  int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); }
1455
1570
 
@@ -1532,7 +1647,6 @@ static size_t copy_finished(void *out, size_t out_len, const uint8_t *in,
1532
1647
 
1533
1648
  size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
1534
1649
  if (!ssl->s3->initial_handshake_complete ||
1535
- ssl_protocol_version(ssl) < TLS1_VERSION ||
1536
1650
  ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1537
1651
  return 0;
1538
1652
  }
@@ -1548,7 +1662,6 @@ size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
1548
1662
 
1549
1663
  size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
1550
1664
  if (!ssl->s3->initial_handshake_complete ||
1551
- ssl_protocol_version(ssl) < TLS1_VERSION ||
1552
1665
  ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1553
1666
  return 0;
1554
1667
  }
@@ -1562,7 +1675,13 @@ size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
1562
1675
  ssl->s3->previous_server_finished_len);
1563
1676
  }
1564
1677
 
1565
- int SSL_get_verify_mode(const SSL *ssl) { return ssl->verify_mode; }
1678
+ int SSL_get_verify_mode(const SSL *ssl) {
1679
+ if (!ssl->config) {
1680
+ assert(ssl->config);
1681
+ return -1;
1682
+ }
1683
+ return ssl->config->verify_mode;
1684
+ }
1566
1685
 
1567
1686
  int SSL_get_extms_support(const SSL *ssl) {
1568
1687
  // TLS 1.3 does not require extended master secret and always reports as
@@ -1591,22 +1710,25 @@ int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return 0; }
1591
1710
 
1592
1711
  int SSL_get_read_ahead(const SSL *ssl) { return 0; }
1593
1712
 
1594
- void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { }
1713
+ int SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { return 1; }
1595
1714
 
1596
- void SSL_set_read_ahead(SSL *ssl, int yes) { }
1715
+ int SSL_set_read_ahead(SSL *ssl, int yes) { return 1; }
1597
1716
 
1598
1717
  int SSL_pending(const SSL *ssl) {
1599
1718
  return static_cast<int>(ssl->s3->pending_app_data.size());
1600
1719
  }
1601
1720
 
1602
- // Fix this so it checks all the valid key/cert options
1603
1721
  int SSL_CTX_check_private_key(const SSL_CTX *ctx) {
1604
- return ssl_cert_check_private_key(ctx->cert, ctx->cert->privatekey);
1722
+ return ssl_cert_check_private_key(ctx->cert.get(),
1723
+ ctx->cert->privatekey.get());
1605
1724
  }
1606
1725
 
1607
- // Fix this function so that it takes an optional type parameter
1608
1726
  int SSL_check_private_key(const SSL *ssl) {
1609
- return ssl_cert_check_private_key(ssl->cert, ssl->cert->privatekey);
1727
+ if (!ssl->config) {
1728
+ return 0;
1729
+ }
1730
+ return ssl_cert_check_private_key(ssl->config->cert.get(),
1731
+ ssl->config->cert->privatekey.get());
1610
1732
  }
1611
1733
 
1612
1734
  long SSL_get_default_timeout(const SSL *ssl) {
@@ -1615,8 +1737,39 @@ long SSL_get_default_timeout(const SSL *ssl) {
1615
1737
 
1616
1738
  int SSL_renegotiate(SSL *ssl) {
1617
1739
  // Caller-initiated renegotiation is not supported.
1618
- OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1619
- return 0;
1740
+ if (!ssl->s3->renegotiate_pending) {
1741
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1742
+ return 0;
1743
+ }
1744
+
1745
+ if (!ssl_can_renegotiate(ssl)) {
1746
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
1747
+ return 0;
1748
+ }
1749
+
1750
+ // Renegotiation is only supported at quiescent points in the application
1751
+ // protocol, namely in HTTPS, just before reading the HTTP response.
1752
+ // Require the record-layer be idle and avoid complexities of sending a
1753
+ // handshake record while an application_data record is being written.
1754
+ if (!ssl->s3->write_buffer.empty() ||
1755
+ ssl->s3->write_shutdown != ssl_shutdown_none) {
1756
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
1757
+ return 0;
1758
+ }
1759
+
1760
+ // Begin a new handshake.
1761
+ if (ssl->s3->hs != nullptr) {
1762
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1763
+ return 0;
1764
+ }
1765
+ ssl->s3->hs = ssl_handshake_new(ssl);
1766
+ if (ssl->s3->hs == nullptr) {
1767
+ return 0;
1768
+ }
1769
+
1770
+ ssl->s3->renegotiate_pending = false;
1771
+ ssl->s3->total_renegotiations++;
1772
+ return 1;
1620
1773
  }
1621
1774
 
1622
1775
  int SSL_renegotiate_pending(SSL *ssl) {
@@ -1732,9 +1885,9 @@ int SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, void *out, size_t len) {
1732
1885
 
1733
1886
  uint8_t *out_bytes = reinterpret_cast<uint8_t *>(out);
1734
1887
  MutexReadLock lock(&ctx->lock);
1735
- OPENSSL_memcpy(out_bytes, ctx->tlsext_ticket_key_current->name, 16);
1736
- OPENSSL_memcpy(out_bytes + 16, ctx->tlsext_ticket_key_current->hmac_key, 16);
1737
- OPENSSL_memcpy(out_bytes + 32, ctx->tlsext_ticket_key_current->aes_key, 16);
1888
+ OPENSSL_memcpy(out_bytes, ctx->ticket_key_current->name, 16);
1889
+ OPENSSL_memcpy(out_bytes + 16, ctx->ticket_key_current->hmac_key, 16);
1890
+ OPENSSL_memcpy(out_bytes + 32, ctx->ticket_key_current->aes_key, 16);
1738
1891
  return 1;
1739
1892
  }
1740
1893
 
@@ -1746,22 +1899,19 @@ int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, size_t len) {
1746
1899
  OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
1747
1900
  return 0;
1748
1901
  }
1749
- if (!ctx->tlsext_ticket_key_current) {
1750
- ctx->tlsext_ticket_key_current =
1751
- (tlsext_ticket_key *)OPENSSL_malloc(sizeof(tlsext_ticket_key));
1752
- if (!ctx->tlsext_ticket_key_current) {
1753
- return 0;
1754
- }
1902
+ auto key = MakeUnique<TicketKey>();
1903
+ if (!key) {
1904
+ return 0;
1755
1905
  }
1756
- OPENSSL_memset(ctx->tlsext_ticket_key_current, 0, sizeof(tlsext_ticket_key));
1757
1906
  const uint8_t *in_bytes = reinterpret_cast<const uint8_t *>(in);
1758
- OPENSSL_memcpy(ctx->tlsext_ticket_key_current->name, in_bytes, 16);
1759
- OPENSSL_memcpy(ctx->tlsext_ticket_key_current->hmac_key, in_bytes + 16, 16);
1760
- OPENSSL_memcpy(ctx->tlsext_ticket_key_current->aes_key, in_bytes + 32, 16);
1761
- OPENSSL_free(ctx->tlsext_ticket_key_prev);
1762
- ctx->tlsext_ticket_key_prev = nullptr;
1763
- // Disable automatic key rotation.
1764
- ctx->tlsext_ticket_key_current->next_rotation_tv_sec = 0;
1907
+ OPENSSL_memcpy(key->name, in_bytes, 16);
1908
+ OPENSSL_memcpy(key->hmac_key, in_bytes + 16, 16);
1909
+ OPENSSL_memcpy(key->aes_key, in_bytes + 32, 16);
1910
+ // Disable automatic key rotation for manually-configured keys. This is now
1911
+ // the caller's responsibility.
1912
+ key->next_rotation_tv_sec = 0;
1913
+ ctx->ticket_key_current = std::move(key);
1914
+ ctx->ticket_key_prev.reset();
1765
1915
  return 1;
1766
1916
  }
1767
1917
 
@@ -1769,30 +1919,32 @@ int SSL_CTX_set_tlsext_ticket_key_cb(
1769
1919
  SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
1770
1920
  EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
1771
1921
  int encrypt)) {
1772
- ctx->tlsext_ticket_key_cb = callback;
1922
+ ctx->ticket_key_cb = callback;
1773
1923
  return 1;
1774
1924
  }
1775
1925
 
1776
1926
  int SSL_CTX_set1_curves(SSL_CTX *ctx, const int *curves, size_t curves_len) {
1777
1927
  return tls1_set_curves(&ctx->supported_group_list,
1778
- &ctx->supported_group_list_len, curves,
1779
- curves_len);
1928
+ MakeConstSpan(curves, curves_len));
1780
1929
  }
1781
1930
 
1782
1931
  int SSL_set1_curves(SSL *ssl, const int *curves, size_t curves_len) {
1783
- return tls1_set_curves(&ssl->supported_group_list,
1784
- &ssl->supported_group_list_len, curves,
1785
- curves_len);
1932
+ if (!ssl->config) {
1933
+ return 0;
1934
+ }
1935
+ return tls1_set_curves(&ssl->config->supported_group_list,
1936
+ MakeConstSpan(curves, curves_len));
1786
1937
  }
1787
1938
 
1788
1939
  int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves) {
1789
- return tls1_set_curves_list(&ctx->supported_group_list,
1790
- &ctx->supported_group_list_len, curves);
1940
+ return tls1_set_curves_list(&ctx->supported_group_list, curves);
1791
1941
  }
1792
1942
 
1793
1943
  int SSL_set1_curves_list(SSL *ssl, const char *curves) {
1794
- return tls1_set_curves_list(&ssl->supported_group_list,
1795
- &ssl->supported_group_list_len, curves);
1944
+ if (!ssl->config) {
1945
+ return 0;
1946
+ }
1947
+ return tls1_set_curves_list(&ssl->config->supported_group_list, curves);
1796
1948
  }
1797
1949
 
1798
1950
  uint16_t SSL_get_curve_id(const SSL *ssl) {
@@ -1815,11 +1967,11 @@ int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
1815
1967
  }
1816
1968
 
1817
1969
  STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
1818
- return ctx->cipher_list->ciphers;
1970
+ return ctx->cipher_list->ciphers.get();
1819
1971
  }
1820
1972
 
1821
1973
  int SSL_CTX_cipher_in_group(const SSL_CTX *ctx, size_t i) {
1822
- if (i >= sk_SSL_CIPHER_num(ctx->cipher_list->ciphers)) {
1974
+ if (i >= sk_SSL_CIPHER_num(ctx->cipher_list->ciphers.get())) {
1823
1975
  return 0;
1824
1976
  }
1825
1977
  return ctx->cipher_list->in_group_flags[i];
@@ -1829,14 +1981,13 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
1829
1981
  if (ssl == NULL) {
1830
1982
  return NULL;
1831
1983
  }
1832
-
1833
- const struct ssl_cipher_preference_list_st *prefs =
1834
- ssl_get_cipher_preferences(ssl);
1835
- if (prefs == NULL) {
1984
+ if (ssl->config == NULL) {
1985
+ assert(ssl->config);
1836
1986
  return NULL;
1837
1987
  }
1838
1988
 
1839
- return prefs->ciphers;
1989
+ return ssl->config->cipher_list ? ssl->config->cipher_list->ciphers.get()
1990
+ : ssl->ctx->cipher_list->ciphers.get();
1840
1991
  }
1841
1992
 
1842
1993
  const char *SSL_get_cipher_list(const SSL *ssl, int n) {
@@ -1866,11 +2017,19 @@ int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, const char *str) {
1866
2017
  }
1867
2018
 
1868
2019
  int SSL_set_cipher_list(SSL *ssl, const char *str) {
1869
- return ssl_create_cipher_list(&ssl->cipher_list, str, false /* not strict */);
2020
+ if (!ssl->config) {
2021
+ return 0;
2022
+ }
2023
+ return ssl_create_cipher_list(&ssl->config->cipher_list, str,
2024
+ false /* not strict */);
1870
2025
  }
1871
2026
 
1872
2027
  int SSL_set_strict_cipher_list(SSL *ssl, const char *str) {
1873
- return ssl_create_cipher_list(&ssl->cipher_list, str, true /* strict */);
2028
+ if (!ssl->config) {
2029
+ return 0;
2030
+ }
2031
+ return ssl_create_cipher_list(&ssl->config->cipher_list, str,
2032
+ true /* strict */);
1874
2033
  }
1875
2034
 
1876
2035
  const char *SSL_get_servername(const SSL *ssl, const int type) {
@@ -1880,8 +2039,8 @@ const char *SSL_get_servername(const SSL *ssl, const int type) {
1880
2039
 
1881
2040
  // Historically, |SSL_get_servername| was also the configuration getter
1882
2041
  // corresponding to |SSL_set_tlsext_host_name|.
1883
- if (ssl->tlsext_hostname != NULL) {
1884
- return ssl->tlsext_hostname;
2042
+ if (ssl->hostname != nullptr) {
2043
+ return ssl->hostname.get();
1885
2044
  }
1886
2045
 
1887
2046
  return ssl->s3->hostname.get();
@@ -1904,8 +2063,11 @@ void SSL_CTX_set_custom_verify(
1904
2063
  void SSL_set_custom_verify(
1905
2064
  SSL *ssl, int mode,
1906
2065
  enum ssl_verify_result_t (*callback)(SSL *ssl, uint8_t *out_alert)) {
1907
- ssl->verify_mode = mode;
1908
- ssl->custom_verify_callback = callback;
2066
+ if (!ssl->config) {
2067
+ return;
2068
+ }
2069
+ ssl->config->verify_mode = mode;
2070
+ ssl->config->custom_verify_callback = callback;
1909
2071
  }
1910
2072
 
1911
2073
  void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) {
@@ -1913,7 +2075,10 @@ void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) {
1913
2075
  }
1914
2076
 
1915
2077
  void SSL_enable_signed_cert_timestamps(SSL *ssl) {
1916
- ssl->signed_cert_timestamps_enabled = true;
2078
+ if (!ssl->config) {
2079
+ return;
2080
+ }
2081
+ ssl->config->signed_cert_timestamps_enabled = true;
1917
2082
  }
1918
2083
 
1919
2084
  void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) {
@@ -1921,7 +2086,10 @@ void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) {
1921
2086
  }
1922
2087
 
1923
2088
  void SSL_enable_ocsp_stapling(SSL *ssl) {
1924
- ssl->ocsp_stapling_enabled = true;
2089
+ if (!ssl->config) {
2090
+ return;
2091
+ }
2092
+ ssl->config->ocsp_stapling_enabled = true;
1925
2093
  }
1926
2094
 
1927
2095
  void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out,
@@ -1933,8 +2101,8 @@ void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out,
1933
2101
  return;
1934
2102
  }
1935
2103
 
1936
- *out = CRYPTO_BUFFER_data(session->signed_cert_timestamp_list);
1937
- *out_len = CRYPTO_BUFFER_len(session->signed_cert_timestamp_list);
2104
+ *out = CRYPTO_BUFFER_data(session->signed_cert_timestamp_list.get());
2105
+ *out_len = CRYPTO_BUFFER_len(session->signed_cert_timestamp_list.get());
1938
2106
  }
1939
2107
 
1940
2108
  void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out,
@@ -1946,15 +2114,13 @@ void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out,
1946
2114
  return;
1947
2115
  }
1948
2116
 
1949
- *out = CRYPTO_BUFFER_data(session->ocsp_response);
1950
- *out_len = CRYPTO_BUFFER_len(session->ocsp_response);
2117
+ *out = CRYPTO_BUFFER_data(session->ocsp_response.get());
2118
+ *out_len = CRYPTO_BUFFER_len(session->ocsp_response.get());
1951
2119
  }
1952
2120
 
1953
2121
  int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
1954
- OPENSSL_free(ssl->tlsext_hostname);
1955
- ssl->tlsext_hostname = NULL;
1956
-
1957
- if (name == NULL) {
2122
+ ssl->hostname.reset();
2123
+ if (name == nullptr) {
1958
2124
  return 1;
1959
2125
  }
1960
2126
 
@@ -1963,8 +2129,8 @@ int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
1963
2129
  OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
1964
2130
  return 0;
1965
2131
  }
1966
- ssl->tlsext_hostname = BUF_strdup(name);
1967
- if (ssl->tlsext_hostname == NULL) {
2132
+ ssl->hostname.reset(BUF_strdup(name));
2133
+ if (ssl->hostname == nullptr) {
1968
2134
  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1969
2135
  return 0;
1970
2136
  }
@@ -1973,12 +2139,12 @@ int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
1973
2139
 
1974
2140
  int SSL_CTX_set_tlsext_servername_callback(
1975
2141
  SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) {
1976
- ctx->tlsext_servername_callback = callback;
2142
+ ctx->servername_callback = callback;
1977
2143
  return 1;
1978
2144
  }
1979
2145
 
1980
2146
  int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) {
1981
- ctx->tlsext_servername_arg = arg;
2147
+ ctx->servername_arg = arg;
1982
2148
  return 1;
1983
2149
  }
1984
2150
 
@@ -2039,25 +2205,21 @@ void SSL_CTX_set_next_proto_select_cb(
2039
2205
 
2040
2206
  int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
2041
2207
  unsigned protos_len) {
2042
- OPENSSL_free(ctx->alpn_client_proto_list);
2043
- ctx->alpn_client_proto_list = (uint8_t *)BUF_memdup(protos, protos_len);
2044
- if (!ctx->alpn_client_proto_list) {
2045
- return 1;
2046
- }
2047
- ctx->alpn_client_proto_list_len = protos_len;
2048
-
2049
- return 0;
2208
+ // Note this function's calling convention is backwards.
2209
+ return ctx->alpn_client_proto_list.CopyFrom(MakeConstSpan(protos, protos_len))
2210
+ ? 0
2211
+ : 1;
2050
2212
  }
2051
2213
 
2052
2214
  int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
2053
- OPENSSL_free(ssl->alpn_client_proto_list);
2054
- ssl->alpn_client_proto_list = (uint8_t *)BUF_memdup(protos, protos_len);
2055
- if (!ssl->alpn_client_proto_list) {
2215
+ // Note this function's calling convention is backwards.
2216
+ if (!ssl->config) {
2056
2217
  return 1;
2057
2218
  }
2058
- ssl->alpn_client_proto_list_len = protos_len;
2059
-
2060
- return 0;
2219
+ return ssl->config->alpn_client_proto_list.CopyFrom(
2220
+ MakeConstSpan(protos, protos_len))
2221
+ ? 0
2222
+ : 1;
2061
2223
  }
2062
2224
 
2063
2225
  void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
@@ -2072,8 +2234,8 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
2072
2234
  void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data,
2073
2235
  unsigned *out_len) {
2074
2236
  if (SSL_in_early_data(ssl) && !ssl->server) {
2075
- *out_data = ssl->s3->hs->early_session->early_alpn;
2076
- *out_len = ssl->s3->hs->early_session->early_alpn_len;
2237
+ *out_data = ssl->s3->hs->early_session->early_alpn.data();
2238
+ *out_len = ssl->s3->hs->early_session->early_alpn.size();
2077
2239
  } else {
2078
2240
  *out_data = ssl->s3->alpn_selected.data();
2079
2241
  *out_len = ssl->s3->alpn_selected.size();
@@ -2084,8 +2246,26 @@ void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled) {
2084
2246
  ctx->allow_unknown_alpn_protos = !!enabled;
2085
2247
  }
2086
2248
 
2249
+ int SSL_CTX_add_cert_compression_alg(SSL_CTX *ctx, uint16_t alg_id,
2250
+ ssl_cert_compression_func_t compress,
2251
+ ssl_cert_decompression_func_t decompress) {
2252
+ assert(compress != nullptr || decompress != nullptr);
2253
+
2254
+ for (const auto &alg : ctx->cert_compression_algs) {
2255
+ if (alg.alg_id == alg_id) {
2256
+ return 0;
2257
+ }
2258
+ }
2259
+
2260
+ CertCompressionAlg alg;
2261
+ alg.alg_id = alg_id;
2262
+ alg.compress = compress;
2263
+ alg.decompress = decompress;
2264
+ return ctx->cert_compression_algs.Push(alg);
2265
+ }
2266
+
2087
2267
  void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx, int enabled) {
2088
- ctx->tlsext_channel_id_enabled = !!enabled;
2268
+ ctx->channel_id_enabled = !!enabled;
2089
2269
  }
2090
2270
 
2091
2271
  int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) {
@@ -2094,7 +2274,10 @@ int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) {
2094
2274
  }
2095
2275
 
2096
2276
  void SSL_set_tls_channel_id_enabled(SSL *ssl, int enabled) {
2097
- ssl->tlsext_channel_id_enabled = !!enabled;
2277
+ if (!ssl->config) {
2278
+ return;
2279
+ }
2280
+ ssl->config->channel_id_enabled = !!enabled;
2098
2281
  }
2099
2282
 
2100
2283
  int SSL_enable_tls_channel_id(SSL *ssl) {
@@ -2115,71 +2298,80 @@ int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {
2115
2298
  return 0;
2116
2299
  }
2117
2300
 
2118
- EVP_PKEY_free(ctx->tlsext_channel_id_private);
2119
- EVP_PKEY_up_ref(private_key);
2120
- ctx->tlsext_channel_id_private = private_key;
2121
- ctx->tlsext_channel_id_enabled = true;
2301
+ ctx->channel_id_private = UpRef(private_key);
2302
+ ctx->channel_id_enabled = true;
2122
2303
 
2123
2304
  return 1;
2124
2305
  }
2125
2306
 
2126
2307
  int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) {
2308
+ if (!ssl->config) {
2309
+ return 0;
2310
+ }
2127
2311
  if (!is_p256_key(private_key)) {
2128
2312
  OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256);
2129
2313
  return 0;
2130
2314
  }
2131
2315
 
2132
- EVP_PKEY_free(ssl->tlsext_channel_id_private);
2133
- EVP_PKEY_up_ref(private_key);
2134
- ssl->tlsext_channel_id_private = private_key;
2135
- ssl->tlsext_channel_id_enabled = true;
2316
+ ssl->config->channel_id_private = UpRef(private_key);
2317
+ ssl->config->channel_id_enabled = true;
2136
2318
 
2137
2319
  return 1;
2138
2320
  }
2139
2321
 
2140
2322
  size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) {
2141
- if (!ssl->s3->tlsext_channel_id_valid) {
2323
+ if (!ssl->s3->channel_id_valid) {
2142
2324
  return 0;
2143
2325
  }
2144
- OPENSSL_memcpy(out, ssl->s3->tlsext_channel_id,
2145
- (max_out < 64) ? max_out : 64);
2326
+ OPENSSL_memcpy(out, ssl->s3->channel_id, (max_out < 64) ? max_out : 64);
2146
2327
  return 64;
2147
2328
  }
2148
2329
 
2149
2330
  int SSL_set_token_binding_params(SSL *ssl, const uint8_t *params, size_t len) {
2150
- if (len > 256) {
2151
- OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
2331
+ if (!ssl->config) {
2152
2332
  return 0;
2153
2333
  }
2154
- OPENSSL_free(ssl->token_binding_params);
2155
- ssl->token_binding_params = (uint8_t *)BUF_memdup(params, len);
2156
- if (!ssl->token_binding_params) {
2334
+ if (len > 256) {
2335
+ OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
2157
2336
  return 0;
2158
2337
  }
2159
- ssl->token_binding_params_len = len;
2160
- return 1;
2338
+ return ssl->config->token_binding_params.CopyFrom(MakeConstSpan(params, len));
2161
2339
  }
2162
2340
 
2163
2341
  int SSL_is_token_binding_negotiated(const SSL *ssl) {
2164
- return ssl->token_binding_negotiated;
2342
+ return ssl->s3->token_binding_negotiated;
2165
2343
  }
2166
2344
 
2167
2345
  uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl) {
2168
- return ssl->negotiated_token_binding_param;
2346
+ return ssl->s3->negotiated_token_binding_param;
2169
2347
  }
2170
2348
 
2171
- size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) {
2172
- if (ssl->server || ssl->s3->hs == NULL) {
2173
- *out_types = NULL;
2174
- return 0;
2349
+ size_t SSL_get0_certificate_types(const SSL *ssl, const uint8_t **out_types) {
2350
+ Span<const uint8_t> types;
2351
+ if (!ssl->server && ssl->s3->hs != nullptr) {
2352
+ types = ssl->s3->hs->certificate_types;
2353
+ }
2354
+ *out_types = types.data();
2355
+ return types.size();
2356
+ }
2357
+
2358
+ size_t SSL_get0_peer_verify_algorithms(const SSL *ssl,
2359
+ const uint16_t **out_sigalgs) {
2360
+ Span<const uint16_t> sigalgs;
2361
+ if (ssl->s3->hs != nullptr) {
2362
+ sigalgs = ssl->s3->hs->peer_sigalgs;
2175
2363
  }
2176
- *out_types = ssl->s3->hs->certificate_types.data();
2177
- return ssl->s3->hs->certificate_types.size();
2364
+ *out_sigalgs = sigalgs.data();
2365
+ return sigalgs.size();
2178
2366
  }
2179
2367
 
2180
2368
  EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
2181
- if (ssl->cert != NULL) {
2182
- return ssl->cert->privatekey;
2369
+ if (!ssl->config) {
2370
+ assert(ssl->config);
2371
+ return NULL;
2372
+ }
2373
+ if (ssl->config->cert != NULL) {
2374
+ return ssl->config->cert->privatekey.get();
2183
2375
  }
2184
2376
 
2185
2377
  return NULL;
@@ -2187,14 +2379,15 @@ EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
2187
2379
 
2188
2380
  EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) {
2189
2381
  if (ctx->cert != NULL) {
2190
- return ctx->cert->privatekey;
2382
+ return ctx->cert->privatekey.get();
2191
2383
  }
2192
2384
 
2193
2385
  return NULL;
2194
2386
  }
2195
2387
 
2196
2388
  const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) {
2197
- return ssl->s3->aead_write_ctx->cipher();
2389
+ const SSL_SESSION *session = SSL_get_session(ssl);
2390
+ return session == nullptr ? nullptr : session->cipher;
2198
2391
  }
2199
2392
 
2200
2393
  int SSL_session_reused(const SSL *ssl) {
@@ -2205,7 +2398,7 @@ const COMP_METHOD *SSL_get_current_compression(SSL *ssl) { return NULL; }
2205
2398
 
2206
2399
  const COMP_METHOD *SSL_get_current_expansion(SSL *ssl) { return NULL; }
2207
2400
 
2208
- int *SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **out_key) { return 0; }
2401
+ int SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **out_key) { return 0; }
2209
2402
 
2210
2403
  void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) {
2211
2404
  ctx->quiet_shutdown = (mode != 0);
@@ -2251,11 +2444,14 @@ int SSL_get_shutdown(const SSL *ssl) {
2251
2444
  return ret;
2252
2445
  }
2253
2446
 
2254
- SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; }
2447
+ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx.get(); }
2255
2448
 
2256
2449
  SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) {
2257
- if (ssl->ctx == ctx) {
2258
- return ssl->ctx;
2450
+ if (!ssl->config) {
2451
+ return NULL;
2452
+ }
2453
+ if (ssl->ctx.get() == ctx) {
2454
+ return ssl->ctx.get();
2259
2455
  }
2260
2456
 
2261
2457
  // One cannot change the X.509 callbacks during a connection.
@@ -2264,18 +2460,16 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) {
2264
2460
  return NULL;
2265
2461
  }
2266
2462
 
2267
- if (ctx == NULL) {
2268
- ctx = ssl->session_ctx;
2463
+ UniquePtr<CERT> new_cert = ssl_cert_dup(ctx->cert.get());
2464
+ if (!new_cert) {
2465
+ return nullptr;
2269
2466
  }
2270
2467
 
2271
- ssl_cert_free(ssl->cert);
2272
- ssl->cert = ssl_cert_dup(ctx->cert);
2273
-
2274
- SSL_CTX_up_ref(ctx);
2275
- SSL_CTX_free(ssl->ctx);
2276
- ssl->ctx = ctx;
2468
+ ssl->config->cert = std::move(new_cert);
2469
+ ssl->ctx = UpRef(ctx);
2470
+ ssl->enable_early_data = ssl->ctx->enable_early_data;
2277
2471
 
2278
- return ssl->ctx;
2472
+ return ssl->ctx.get();
2279
2473
  }
2280
2474
 
2281
2475
  void SSL_set_info_callback(SSL *ssl,
@@ -2302,6 +2496,22 @@ char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len) {
2302
2496
  return buf;
2303
2497
  }
2304
2498
 
2499
+ int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) {
2500
+ if (ctx->method->is_dtls) {
2501
+ return 0;
2502
+ }
2503
+ ctx->quic_method = quic_method;
2504
+ return 1;
2505
+ }
2506
+
2507
+ int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) {
2508
+ if (ssl->method->is_dtls) {
2509
+ return 0;
2510
+ }
2511
+ ssl->quic_method = quic_method;
2512
+ return 1;
2513
+ }
2514
+
2305
2515
  int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
2306
2516
  CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) {
2307
2517
  int index;
@@ -2355,23 +2565,23 @@ void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
2355
2565
  void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*cb)(SSL *ssl, int is_export,
2356
2566
  int keylength)) {}
2357
2567
 
2358
- static int use_psk_identity_hint(char **out, const char *identity_hint) {
2568
+ static int use_psk_identity_hint(UniquePtr<char> *out,
2569
+ const char *identity_hint) {
2359
2570
  if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
2360
2571
  OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
2361
2572
  return 0;
2362
2573
  }
2363
2574
 
2364
2575
  // Clear currently configured hint, if any.
2365
- OPENSSL_free(*out);
2366
- *out = NULL;
2576
+ out->reset();
2367
2577
 
2368
2578
  // Treat the empty hint as not supplying one. Plain PSK makes it possible to
2369
2579
  // send either no hint (omit ServerKeyExchange) or an empty hint, while
2370
2580
  // ECDHE_PSK can only spell empty hint. Having different capabilities is odd,
2371
2581
  // so we interpret empty and missing as identical.
2372
2582
  if (identity_hint != NULL && identity_hint[0] != '\0') {
2373
- *out = BUF_strdup(identity_hint);
2374
- if (*out == NULL) {
2583
+ out->reset(BUF_strdup(identity_hint));
2584
+ if (*out == nullptr) {
2375
2585
  return 0;
2376
2586
  }
2377
2587
  }
@@ -2384,14 +2594,21 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) {
2384
2594
  }
2385
2595
 
2386
2596
  int SSL_use_psk_identity_hint(SSL *ssl, const char *identity_hint) {
2387
- return use_psk_identity_hint(&ssl->psk_identity_hint, identity_hint);
2597
+ if (!ssl->config) {
2598
+ return 0;
2599
+ }
2600
+ return use_psk_identity_hint(&ssl->config->psk_identity_hint, identity_hint);
2388
2601
  }
2389
2602
 
2390
2603
  const char *SSL_get_psk_identity_hint(const SSL *ssl) {
2391
2604
  if (ssl == NULL) {
2392
2605
  return NULL;
2393
2606
  }
2394
- return ssl->psk_identity_hint;
2607
+ if (ssl->config == NULL) {
2608
+ assert(ssl->config);
2609
+ return NULL;
2610
+ }
2611
+ return ssl->config->psk_identity_hint.get();
2395
2612
  }
2396
2613
 
2397
2614
  const char *SSL_get_psk_identity(const SSL *ssl) {
@@ -2402,14 +2619,17 @@ const char *SSL_get_psk_identity(const SSL *ssl) {
2402
2619
  if (session == NULL) {
2403
2620
  return NULL;
2404
2621
  }
2405
- return session->psk_identity;
2622
+ return session->psk_identity.get();
2406
2623
  }
2407
2624
 
2408
2625
  void SSL_set_psk_client_callback(
2409
2626
  SSL *ssl, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
2410
2627
  unsigned max_identity_len, uint8_t *psk,
2411
2628
  unsigned max_psk_len)) {
2412
- ssl->psk_client_callback = cb;
2629
+ if (!ssl->config) {
2630
+ return;
2631
+ }
2632
+ ssl->config->psk_client_callback = cb;
2413
2633
  }
2414
2634
 
2415
2635
  void SSL_CTX_set_psk_client_callback(
@@ -2422,7 +2642,10 @@ void SSL_CTX_set_psk_client_callback(
2422
2642
  void SSL_set_psk_server_callback(
2423
2643
  SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
2424
2644
  unsigned max_psk_len)) {
2425
- ssl->psk_server_callback = cb;
2645
+ if (!ssl->config) {
2646
+ return;
2647
+ }
2648
+ ssl->config->psk_server_callback = cb;
2426
2649
  }
2427
2650
 
2428
2651
  void SSL_CTX_set_psk_server_callback(
@@ -2431,23 +2654,6 @@ void SSL_CTX_set_psk_server_callback(
2431
2654
  ctx->psk_server_callback = cb;
2432
2655
  }
2433
2656
 
2434
- int SSL_set_dummy_pq_padding_size(SSL *ssl, size_t num_bytes) {
2435
- if (num_bytes > 0xffff) {
2436
- return 0;
2437
- }
2438
-
2439
- ssl->dummy_pq_padding_len = num_bytes;
2440
- return 1;
2441
- }
2442
-
2443
- int SSL_dummy_pq_padding_used(SSL *ssl) {
2444
- if (ssl->server) {
2445
- return 0;
2446
- }
2447
-
2448
- return ssl->did_dummy_pq_padding;
2449
- }
2450
-
2451
2657
  void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
2452
2658
  void (*cb)(int write_p, int version,
2453
2659
  int content_type, const void *buf,
@@ -2509,13 +2715,6 @@ int SSL_cutthrough_complete(const SSL *ssl) {
2509
2715
  return SSL_in_false_start(ssl);
2510
2716
  }
2511
2717
 
2512
- void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
2513
- size_t *ssl_session_size) {
2514
- *ssl_size = sizeof(SSL);
2515
- *ssl_ctx_size = sizeof(SSL_CTX);
2516
- *ssl_session_size = sizeof(SSL_SESSION);
2517
- }
2518
-
2519
2718
  int SSL_is_server(const SSL *ssl) { return ssl->server; }
2520
2719
 
2521
2720
  int SSL_is_dtls(const SSL *ssl) { return ssl->method->is_dtls; }
@@ -2531,8 +2730,24 @@ void SSL_CTX_set_dos_protection_cb(SSL_CTX *ctx,
2531
2730
  ctx->dos_protection_cb = cb;
2532
2731
  }
2533
2732
 
2733
+ void SSL_CTX_set_reverify_on_resume(SSL_CTX *ctx, int enabled) {
2734
+ ctx->reverify_on_resume = !!enabled;
2735
+ }
2736
+
2737
+ void SSL_set_enforce_rsa_key_usage(SSL *ssl, int enabled) {
2738
+ if (!ssl->config) {
2739
+ return;
2740
+ }
2741
+ ssl->config->enforce_rsa_key_usage = !!enabled;
2742
+ }
2743
+
2534
2744
  void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) {
2535
2745
  ssl->renegotiate_mode = mode;
2746
+
2747
+ // Check if |ssl_can_renegotiate| has changed and the configuration may now be
2748
+ // shed. HTTP clients may initially allow renegotiation for HTTP/1.1, and then
2749
+ // disable after the handshake once the ALPN protocol is known to be HTTP/2.
2750
+ ssl_maybe_shed_handshake_config(ssl);
2536
2751
  }
2537
2752
 
2538
2753
  int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
@@ -2615,7 +2830,10 @@ const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl) {
2615
2830
  }
2616
2831
 
2617
2832
  void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl, int enabled) {
2618
- ssl->retain_only_sha256_of_client_certs = !!enabled;
2833
+ if (!ssl->config) {
2834
+ return;
2835
+ }
2836
+ ssl->config->retain_only_sha256_of_client_certs = !!enabled;
2619
2837
  }
2620
2838
 
2621
2839
  void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx, int enabled) {
@@ -2634,16 +2852,44 @@ void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed) {
2634
2852
  ctx->false_start_allowed_without_alpn = !!allowed;
2635
2853
  }
2636
2854
 
2637
- int SSL_is_draft_downgrade(const SSL *ssl) { return ssl->s3->draft_downgrade; }
2855
+ int SSL_is_tls13_downgrade(const SSL *ssl) { return ssl->s3->tls13_downgrade; }
2856
+
2857
+ void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {
2858
+ ctx->ignore_tls13_downgrade = !!ignore;
2859
+ }
2860
+
2861
+ void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {
2862
+ if (!ssl->config) {
2863
+ return;
2864
+ }
2865
+ ssl->config->ignore_tls13_downgrade = !!ignore;
2866
+ }
2867
+
2868
+ void SSL_set_shed_handshake_config(SSL *ssl, int enable) {
2869
+ if (!ssl->config) {
2870
+ return;
2871
+ }
2872
+ ssl->config->shed_handshake_config = !!enable;
2873
+ }
2874
+
2875
+ void SSL_set_jdk11_workaround(SSL *ssl, int enable) {
2876
+ if (!ssl->config) {
2877
+ return;
2878
+ }
2879
+ ssl->config->jdk11_workaround = !!enable;
2880
+ }
2638
2881
 
2639
2882
  int SSL_clear(SSL *ssl) {
2883
+ if (!ssl->config) {
2884
+ return 0; // SSL_clear may not be used after shedding config.
2885
+ }
2886
+
2640
2887
  // In OpenSSL, reusing a client |SSL| with |SSL_clear| causes the previously
2641
2888
  // established session to be offered the next time around. wpa_supplicant
2642
2889
  // depends on this behavior, so emulate it.
2643
2890
  UniquePtr<SSL_SESSION> session;
2644
2891
  if (!ssl->server && ssl->s3->established_session != NULL) {
2645
- session.reset(ssl->s3->established_session.get());
2646
- SSL_SESSION_up_ref(session.get());
2892
+ session = UpRef(ssl->s3->established_session);
2647
2893
  }
2648
2894
 
2649
2895
  // The ssl->d1->mtu is simultaneously configuration (preserved across
@@ -2717,3 +2963,49 @@ void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
2717
2963
  const SSL_TICKET_AEAD_METHOD *aead_method) {
2718
2964
  ctx->ticket_aead_method = aead_method;
2719
2965
  }
2966
+
2967
+ int SSL_set_tlsext_status_type(SSL *ssl, int type) {
2968
+ if (!ssl->config) {
2969
+ return 0;
2970
+ }
2971
+ ssl->config->ocsp_stapling_enabled = type == TLSEXT_STATUSTYPE_ocsp;
2972
+ return 1;
2973
+ }
2974
+
2975
+ int SSL_get_tlsext_status_type(const SSL *ssl) {
2976
+ if (ssl->server) {
2977
+ SSL_HANDSHAKE *hs = ssl->s3->hs.get();
2978
+ return hs != nullptr && hs->ocsp_stapling_requested
2979
+ ? TLSEXT_STATUSTYPE_ocsp
2980
+ : TLSEXT_STATUSTYPE_nothing;
2981
+ }
2982
+
2983
+ return ssl->config != nullptr && ssl->config->ocsp_stapling_enabled
2984
+ ? TLSEXT_STATUSTYPE_ocsp
2985
+ : TLSEXT_STATUSTYPE_nothing;
2986
+ }
2987
+
2988
+ int SSL_set_tlsext_status_ocsp_resp(SSL *ssl, uint8_t *resp, size_t resp_len) {
2989
+ if (SSL_set_ocsp_response(ssl, resp, resp_len)) {
2990
+ OPENSSL_free(resp);
2991
+ return 1;
2992
+ }
2993
+ return 0;
2994
+ }
2995
+
2996
+ size_t SSL_get_tlsext_status_ocsp_resp(const SSL *ssl, const uint8_t **out) {
2997
+ size_t ret;
2998
+ SSL_get0_ocsp_response(ssl, out, &ret);
2999
+ return ret;
3000
+ }
3001
+
3002
+ int SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx,
3003
+ int (*callback)(SSL *ssl, void *arg)) {
3004
+ ctx->legacy_ocsp_callback = callback;
3005
+ return 1;
3006
+ }
3007
+
3008
+ int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg) {
3009
+ ctx->legacy_ocsp_callback_arg = arg;
3010
+ return 1;
3011
+ }