grpc 1.38.0 → 1.40.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +68 -21
- data/include/grpc/event_engine/endpoint_config.h +48 -0
- data/include/grpc/event_engine/event_engine.h +23 -29
- data/include/grpc/event_engine/port.h +2 -0
- data/include/grpc/event_engine/slice_allocator.h +21 -36
- data/include/grpc/grpc.h +9 -2
- data/include/grpc/grpc_security.h +32 -0
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +33 -19
- data/include/grpc/impl/codegen/port_platform.h +41 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +415 -249
- data/src/core/ext/filters/client_channel/client_channel.h +42 -18
- data/src/core/ext/filters/client_channel/config_selector.h +19 -6
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +2 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +16 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +7 -8
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +12 -21
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +10 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +8 -15
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +18 -36
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +14 -22
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +68 -103
- data/src/core/ext/filters/client_channel/lb_policy.cc +1 -15
- data/src/core/ext/filters/client_channel/lb_policy.h +70 -46
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -3
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +7 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +116 -76
- data/src/core/ext/filters/client_channel/retry_filter.cc +967 -544
- data/src/core/ext/filters/client_channel/retry_service_config.cc +57 -28
- data/src/core/ext/filters/client_channel/retry_service_config.h +9 -3
- data/src/core/ext/filters/client_channel/service_config_call_data.h +45 -5
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +5 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +2 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +5 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +1 -1
- data/src/core/{lib/event_engine/slice_allocator.cc → ext/transport/chttp2/transport/chttp2_slice_allocator.cc} +23 -16
- data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.h +74 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +12 -10
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +639 -752
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +190 -69
- data/src/core/ext/transport/chttp2/transport/internal.h +2 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +72 -56
- data/src/core/ext/transport/chttp2/transport/varint.cc +6 -4
- data/src/core/ext/transport/inproc/inproc_transport.cc +42 -31
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +56 -35
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +180 -76
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +35 -27
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +97 -48
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +45 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +67 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +66 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +227 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +121 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +32 -24
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -73
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +48 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +171 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +8 -6
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +27 -19
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +24 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +57 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +29 -17
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +6 -5
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +15 -11
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +85 -43
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +274 -91
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +11 -8
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +30 -13
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +33 -5
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +115 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +60 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +181 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +1 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +82 -66
- data/src/core/ext/upb-generated/validate/validate.upb.h +220 -124
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +15 -7
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +53 -52
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +318 -277
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +437 -410
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +198 -170
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +219 -163
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +29 -25
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +135 -125
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +131 -123
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +90 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +32 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +69 -55
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +684 -664
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +13 -10
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +13 -10
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +441 -375
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +122 -114
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +112 -79
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +35 -32
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +4 -4
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +182 -160
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/xds_api.cc +582 -257
- data/src/core/ext/xds/xds_api.h +46 -8
- data/src/core/ext/xds/xds_bootstrap.cc +4 -1
- data/src/core/ext/xds/xds_client.cc +66 -43
- data/src/core/ext/xds/xds_client.h +0 -4
- data/src/core/ext/xds/xds_http_filters.cc +3 -2
- data/src/core/ext/xds/xds_http_filters.h +3 -0
- data/src/core/lib/address_utils/sockaddr_utils.cc +13 -0
- data/src/core/lib/address_utils/sockaddr_utils.h +10 -0
- data/src/core/lib/channel/call_tracer.h +85 -0
- data/src/core/lib/channel/channel_stack.h +1 -1
- data/src/core/lib/channel/channelz.h +3 -0
- data/src/core/lib/channel/context.h +3 -0
- data/src/core/lib/channel/status_util.h +4 -0
- data/src/core/lib/compression/stream_compression.h +1 -1
- data/src/core/lib/compression/stream_compression_gzip.h +1 -1
- data/src/core/lib/compression/stream_compression_identity.h +1 -1
- data/src/core/lib/debug/stats.h +1 -1
- data/src/core/lib/event_engine/endpoint_config.cc +46 -0
- data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
- data/src/core/lib/event_engine/event_engine.cc +50 -0
- data/src/core/lib/event_engine/sockaddr.cc +14 -12
- data/src/core/lib/event_engine/sockaddr.h +44 -0
- data/src/core/lib/gpr/murmur_hash.cc +4 -2
- data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/orphanable.h +3 -3
- data/src/core/lib/gprpp/status_helper.h +3 -0
- data/src/core/lib/gprpp/sync.h +2 -30
- data/src/core/lib/iomgr/buffer_list.cc +1 -1
- data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +33 -0
- data/src/core/lib/iomgr/error.cc +5 -4
- data/src/core/lib/iomgr/error.h +1 -1
- data/src/core/lib/iomgr/ev_apple.h +1 -1
- data/src/core/lib/iomgr/event_engine/closure.cc +54 -0
- data/src/core/lib/iomgr/event_engine/closure.h +33 -0
- data/src/core/lib/iomgr/event_engine/endpoint.cc +192 -0
- data/src/core/lib/iomgr/event_engine/endpoint.h +53 -0
- data/src/core/lib/iomgr/event_engine/iomgr.cc +105 -0
- data/src/core/lib/iomgr/event_engine/iomgr.h +24 -0
- data/src/core/lib/iomgr/event_engine/pollset.cc +87 -0
- data/{include/grpc/event_engine/channel_args.h → src/core/lib/iomgr/event_engine/pollset.h} +7 -10
- data/src/core/lib/iomgr/event_engine/promise.h +51 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
- data/src/core/lib/iomgr/event_engine/resolver.cc +110 -0
- data/src/core/lib/iomgr/event_engine/tcp.cc +263 -0
- data/src/core/lib/iomgr/event_engine/timer.cc +57 -0
- data/src/core/lib/iomgr/exec_ctx.cc +8 -0
- data/src/core/lib/iomgr/exec_ctx.h +3 -4
- data/src/core/lib/iomgr/executor/threadpool.cc +2 -3
- data/src/core/lib/iomgr/executor/threadpool.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +40 -10
- data/src/core/lib/iomgr/pollset_custom.cc +2 -2
- data/src/core/lib/iomgr/pollset_custom.h +3 -1
- data/src/core/lib/iomgr/pollset_uv.cc +3 -1
- data/src/core/lib/iomgr/pollset_uv.h +5 -1
- data/src/core/lib/iomgr/port.h +7 -5
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +5 -1
- data/src/core/lib/iomgr/resolve_address.h +6 -0
- data/src/core/lib/iomgr/resource_quota.cc +2 -0
- data/src/core/lib/iomgr/sockaddr.h +1 -0
- data/src/core/lib/iomgr/socket_mutator.cc +15 -2
- data/src/core/lib/iomgr/socket_mutator.h +26 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -4
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
- data/src/core/lib/iomgr/tcp_client_posix.cc +7 -2
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -0
- data/src/core/lib/iomgr/tcp_posix.cc +42 -39
- data/src/core/lib/iomgr/tcp_posix.h +8 -0
- data/src/core/lib/iomgr/tcp_server_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_server_posix.cc +7 -0
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -1
- data/src/core/lib/iomgr/timer.h +6 -1
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/json/json_reader.cc +1 -2
- data/src/core/lib/matchers/matchers.cc +8 -20
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/security/authorization/authorization_engine.h +44 -0
- data/src/core/lib/security/authorization/authorization_policy_provider.h +32 -0
- data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +209 -0
- data/src/core/lib/security/authorization/evaluate_args.h +91 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +49 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +7 -0
- data/src/core/lib/security/credentials/tls/tls_utils.cc +32 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +13 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +9 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +5 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +6 -18
- data/src/core/lib/security/transport/security_handshaker.cc +12 -4
- data/src/core/lib/security/transport/server_auth_filter.cc +0 -7
- data/src/core/lib/slice/slice.cc +12 -2
- data/src/core/lib/slice/slice_internal.h +1 -0
- data/src/core/lib/surface/call.cc +26 -7
- data/src/core/lib/surface/call.h +11 -0
- data/src/core/lib/surface/completion_queue.cc +22 -22
- data/src/core/lib/surface/completion_queue.h +1 -1
- data/src/core/lib/surface/completion_queue_factory.cc +1 -2
- data/src/core/lib/surface/init.cc +1 -3
- data/src/core/lib/surface/init.h +10 -1
- data/src/core/lib/surface/server.cc +3 -1
- data/src/core/lib/surface/server.h +3 -3
- data/src/core/lib/surface/version.cc +2 -4
- data/src/core/lib/transport/error_utils.cc +2 -2
- data/src/core/lib/transport/metadata_batch.cc +13 -2
- data/src/core/lib/transport/metadata_batch.h +7 -0
- data/src/core/lib/transport/transport.h +2 -0
- data/src/core/lib/transport/transport_op_string.cc +1 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
- data/src/core/tsi/alts/crypt/gsec.h +2 -0
- data/src/ruby/ext/grpc/extconf.rb +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +10 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/err_data.c +269 -263
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +8 -6
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -121
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +20 -30
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +19 -30
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +26 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +28 -39
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +48 -66
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +362 -371
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +101 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +53 -73
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +66 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +40 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +14 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +19 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +325 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +23 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +99 -63
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -109
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +12 -19
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +48 -50
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +451 -435
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +773 -84
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +80 -47
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +24 -19
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +189 -86
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +45 -56
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +272 -167
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -102
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +8 -31
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +576 -648
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +31 -3
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -39
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +141 -94
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +58 -68
- data/third_party/xxhash/xxhash.h +77 -195
- metadata +81 -39
- data/src/core/lib/gpr/arena.h +0 -47
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -267
- data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
@@ -232,7 +232,7 @@ static bool apply_remote_features(SSL *ssl, CBS *in) {
|
|
232
232
|
// disqualifies it for split handshakes.
|
233
233
|
static bool uses_disallowed_feature(const SSL *ssl) {
|
234
234
|
return ssl->method->is_dtls || (ssl->config->cert && ssl->config->cert->dc) ||
|
235
|
-
ssl->config->quic_transport_params.size() > 0;
|
235
|
+
ssl->config->quic_transport_params.size() > 0 || ssl->ctx->ech_keys;
|
236
236
|
}
|
237
237
|
|
238
238
|
bool SSL_apply_handoff(SSL *ssl, Span<const uint8_t> handoff) {
|
@@ -338,6 +338,7 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
|
|
338
338
|
} else {
|
339
339
|
session = s3->session_reused ? ssl->session.get() : hs->new_session.get();
|
340
340
|
}
|
341
|
+
static const uint8_t kUnusedChannelID[64] = {0};
|
341
342
|
if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) ||
|
342
343
|
!CBB_add_asn1_uint64(&seq, kHandbackVersion) ||
|
343
344
|
!CBB_add_asn1_uint64(&seq, type) ||
|
@@ -352,7 +353,7 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
|
|
352
353
|
!CBB_add_asn1_octet_string(&seq, read_iv, read_iv_len) ||
|
353
354
|
!CBB_add_asn1_octet_string(&seq, write_iv, write_iv_len) ||
|
354
355
|
!CBB_add_asn1_bool(&seq, s3->session_reused) ||
|
355
|
-
!CBB_add_asn1_bool(&seq,
|
356
|
+
!CBB_add_asn1_bool(&seq, hs->channel_id_negotiated) ||
|
356
357
|
!ssl_session_serialize(session, &seq) ||
|
357
358
|
!CBB_add_asn1_octet_string(&seq, s3->next_proto_negotiated.data(),
|
358
359
|
s3->next_proto_negotiated.size()) ||
|
@@ -361,10 +362,12 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
|
|
361
362
|
!CBB_add_asn1_octet_string(
|
362
363
|
&seq, reinterpret_cast<uint8_t *>(s3->hostname.get()),
|
363
364
|
hostname_len) ||
|
364
|
-
!CBB_add_asn1_octet_string(&seq,
|
365
|
-
sizeof(
|
366
|
-
|
367
|
-
|
365
|
+
!CBB_add_asn1_octet_string(&seq, kUnusedChannelID,
|
366
|
+
sizeof(kUnusedChannelID)) ||
|
367
|
+
// These two fields were historically |token_binding_negotiated| and
|
368
|
+
// |negotiated_token_binding_param|.
|
369
|
+
!CBB_add_asn1_bool(&seq, 0) ||
|
370
|
+
!CBB_add_asn1_uint64(&seq, 0) ||
|
368
371
|
!CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) ||
|
369
372
|
!CBB_add_asn1_bool(&seq, s3->hs->cert_request) ||
|
370
373
|
!CBB_add_asn1_bool(&seq, s3->hs->extended_master_secret) ||
|
@@ -443,12 +446,13 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
443
446
|
}
|
444
447
|
|
445
448
|
SSL3_STATE *const s3 = ssl->s3;
|
446
|
-
uint64_t handback_version,
|
449
|
+
uint64_t handback_version, unused_token_binding_param, cipher, type_u64;
|
447
450
|
|
448
451
|
CBS seq, read_seq, write_seq, server_rand, client_rand, read_iv, write_iv,
|
449
|
-
next_proto, alpn, hostname,
|
450
|
-
int session_reused,
|
451
|
-
ticket_expected,
|
452
|
+
next_proto, alpn, hostname, unused_channel_id, transcript, key_share;
|
453
|
+
int session_reused, channel_id_negotiated, cert_request,
|
454
|
+
extended_master_secret, ticket_expected, unused_token_binding,
|
455
|
+
next_proto_neg_seen;
|
452
456
|
SSL_SESSION *session = nullptr;
|
453
457
|
|
454
458
|
CBS handback_cbs(handback);
|
@@ -476,7 +480,7 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
476
480
|
!CBS_get_asn1(&seq, &read_iv, CBS_ASN1_OCTETSTRING) ||
|
477
481
|
!CBS_get_asn1(&seq, &write_iv, CBS_ASN1_OCTETSTRING) ||
|
478
482
|
!CBS_get_asn1_bool(&seq, &session_reused) ||
|
479
|
-
!CBS_get_asn1_bool(&seq, &
|
483
|
+
!CBS_get_asn1_bool(&seq, &channel_id_negotiated)) {
|
480
484
|
return false;
|
481
485
|
}
|
482
486
|
|
@@ -495,12 +499,9 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
495
499
|
if (!session || !CBS_get_asn1(&seq, &next_proto, CBS_ASN1_OCTETSTRING) ||
|
496
500
|
!CBS_get_asn1(&seq, &alpn, CBS_ASN1_OCTETSTRING) ||
|
497
501
|
!CBS_get_asn1(&seq, &hostname, CBS_ASN1_OCTETSTRING) ||
|
498
|
-
!CBS_get_asn1(&seq, &
|
499
|
-
|
500
|
-
!
|
501
|
-
sizeof(s3->channel_id)) ||
|
502
|
-
!CBS_get_asn1_bool(&seq, &token_binding_negotiated) ||
|
503
|
-
!CBS_get_asn1_uint64(&seq, &negotiated_token_binding_param) ||
|
502
|
+
!CBS_get_asn1(&seq, &unused_channel_id, CBS_ASN1_OCTETSTRING) ||
|
503
|
+
!CBS_get_asn1_bool(&seq, &unused_token_binding) ||
|
504
|
+
!CBS_get_asn1_uint64(&seq, &unused_token_binding_param) ||
|
504
505
|
!CBS_get_asn1_bool(&seq, &next_proto_neg_seen) ||
|
505
506
|
!CBS_get_asn1_bool(&seq, &cert_request) ||
|
506
507
|
!CBS_get_asn1_bool(&seq, &extended_master_secret) ||
|
@@ -614,7 +615,7 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
614
615
|
return false;
|
615
616
|
}
|
616
617
|
s3->session_reused = session_reused;
|
617
|
-
|
618
|
+
hs->channel_id_negotiated = channel_id_negotiated;
|
618
619
|
s3->next_proto_negotiated.CopyFrom(next_proto);
|
619
620
|
s3->alpn_selected.CopyFrom(alpn);
|
620
621
|
|
@@ -629,9 +630,6 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
629
630
|
s3->hostname.reset(hostname_str);
|
630
631
|
}
|
631
632
|
|
632
|
-
s3->token_binding_negotiated = token_binding_negotiated;
|
633
|
-
s3->negotiated_token_binding_param =
|
634
|
-
static_cast<uint8_t>(negotiated_token_binding_param);
|
635
633
|
hs->next_proto_neg_seen = next_proto_neg_seen;
|
636
634
|
hs->wait = ssl_hs_flush;
|
637
635
|
hs->extended_master_secret = extended_master_secret;
|
@@ -780,6 +778,7 @@ int SSL_request_handshake_hints(SSL *ssl, const uint8_t *client_hello,
|
|
780
778
|
// -- them up.
|
781
779
|
// decryptedPSKHint [3] IMPLICIT OCTET STRING OPTIONAL,
|
782
780
|
// ignorePSKHint [4] IMPLICIT NULL OPTIONAL,
|
781
|
+
// compressCertificateHint [5] IMPLICIT CompressCertificateHint OPTIONAL,
|
783
782
|
// }
|
784
783
|
//
|
785
784
|
// KeyShareHint ::= SEQUENCE {
|
@@ -794,6 +793,12 @@ int SSL_request_handshake_hints(SSL *ssl, const uint8_t *client_hello,
|
|
794
793
|
// subjectPublicKeyInfo OCTET STRING,
|
795
794
|
// signature OCTET STRING,
|
796
795
|
// }
|
796
|
+
//
|
797
|
+
// CompressCertificateHint ::= SEQUENCE {
|
798
|
+
// algorithm INTEGER,
|
799
|
+
// input OCTET STRING,
|
800
|
+
// compressed OCTET STRING,
|
801
|
+
// }
|
797
802
|
|
798
803
|
// HandshakeHints tags.
|
799
804
|
static const unsigned kServerRandomTag = CBS_ASN1_CONTEXT_SPECIFIC | 0;
|
@@ -803,6 +808,7 @@ static const unsigned kSignatureHintTag =
|
|
803
808
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2;
|
804
809
|
static const unsigned kDecryptedPSKTag = CBS_ASN1_CONTEXT_SPECIFIC | 3;
|
805
810
|
static const unsigned kIgnorePSKTag = CBS_ASN1_CONTEXT_SPECIFIC | 4;
|
811
|
+
static const unsigned kCompressCertificateTag = CBS_ASN1_CONTEXT_SPECIFIC | 5;
|
806
812
|
|
807
813
|
int SSL_serialize_handshake_hints(const SSL *ssl, CBB *out) {
|
808
814
|
const SSL_HANDSHAKE *hs = ssl->s3->hs.get();
|
@@ -812,15 +818,14 @@ int SSL_serialize_handshake_hints(const SSL *ssl, CBB *out) {
|
|
812
818
|
}
|
813
819
|
|
814
820
|
const SSL_HANDSHAKE_HINTS *hints = hs->hints.get();
|
815
|
-
CBB seq,
|
816
|
-
ignore_psk;
|
821
|
+
CBB seq, child;
|
817
822
|
if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE)) {
|
818
823
|
return 0;
|
819
824
|
}
|
820
825
|
|
821
826
|
if (!hints->server_random.empty()) {
|
822
|
-
if (!CBB_add_asn1(&seq, &
|
823
|
-
!CBB_add_bytes(&
|
827
|
+
if (!CBB_add_asn1(&seq, &child, kServerRandomTag) ||
|
828
|
+
!CBB_add_bytes(&child, hints->server_random.data(),
|
824
829
|
hints->server_random.size())) {
|
825
830
|
return 0;
|
826
831
|
}
|
@@ -828,13 +833,11 @@ int SSL_serialize_handshake_hints(const SSL *ssl, CBB *out) {
|
|
828
833
|
|
829
834
|
if (hints->key_share_group_id != 0 && !hints->key_share_public_key.empty() &&
|
830
835
|
!hints->key_share_secret.empty()) {
|
831
|
-
if (!CBB_add_asn1(&seq, &
|
832
|
-
!CBB_add_asn1_uint64(&
|
833
|
-
!CBB_add_asn1_octet_string(&
|
834
|
-
hints->key_share_public_key.data(),
|
836
|
+
if (!CBB_add_asn1(&seq, &child, kKeyShareHintTag) ||
|
837
|
+
!CBB_add_asn1_uint64(&child, hints->key_share_group_id) ||
|
838
|
+
!CBB_add_asn1_octet_string(&child, hints->key_share_public_key.data(),
|
835
839
|
hints->key_share_public_key.size()) ||
|
836
|
-
!CBB_add_asn1_octet_string(&
|
837
|
-
hints->key_share_secret.data(),
|
840
|
+
!CBB_add_asn1_octet_string(&child, hints->key_share_secret.data(),
|
838
841
|
hints->key_share_secret.size())) {
|
839
842
|
return 0;
|
840
843
|
}
|
@@ -842,33 +845,45 @@ int SSL_serialize_handshake_hints(const SSL *ssl, CBB *out) {
|
|
842
845
|
|
843
846
|
if (hints->signature_algorithm != 0 && !hints->signature_input.empty() &&
|
844
847
|
!hints->signature.empty()) {
|
845
|
-
if (!CBB_add_asn1(&seq, &
|
846
|
-
!CBB_add_asn1_uint64(&
|
847
|
-
!CBB_add_asn1_octet_string(&
|
848
|
-
|
849
|
-
|
850
|
-
|
851
|
-
|
852
|
-
|
853
|
-
!CBB_add_asn1_octet_string(&signature_hint, hints->signature.data(),
|
854
|
-
hints->signature.size())) {
|
848
|
+
if (!CBB_add_asn1(&seq, &child, kSignatureHintTag) ||
|
849
|
+
!CBB_add_asn1_uint64(&child, hints->signature_algorithm) ||
|
850
|
+
!CBB_add_asn1_octet_string(&child, hints->signature_input.data(),
|
851
|
+
hints->signature_input.size()) ||
|
852
|
+
!CBB_add_asn1_octet_string(&child, hints->signature_spki.data(),
|
853
|
+
hints->signature_spki.size()) ||
|
854
|
+
!CBB_add_asn1_octet_string(&child, hints->signature.data(),
|
855
|
+
hints->signature.size())) {
|
855
856
|
return 0;
|
856
857
|
}
|
857
858
|
}
|
858
859
|
|
859
860
|
if (!hints->decrypted_psk.empty()) {
|
860
|
-
if (!CBB_add_asn1(&seq, &
|
861
|
-
!CBB_add_bytes(&
|
861
|
+
if (!CBB_add_asn1(&seq, &child, kDecryptedPSKTag) ||
|
862
|
+
!CBB_add_bytes(&child, hints->decrypted_psk.data(),
|
862
863
|
hints->decrypted_psk.size())) {
|
863
864
|
return 0;
|
864
865
|
}
|
865
866
|
}
|
866
867
|
|
867
868
|
if (hints->ignore_psk && //
|
868
|
-
!CBB_add_asn1(&seq, &
|
869
|
+
!CBB_add_asn1(&seq, &child, kIgnorePSKTag)) {
|
869
870
|
return 0;
|
870
871
|
}
|
871
872
|
|
873
|
+
if (hints->cert_compression_alg_id != 0 &&
|
874
|
+
!hints->cert_compression_input.empty() &&
|
875
|
+
!hints->cert_compression_output.empty()) {
|
876
|
+
if (!CBB_add_asn1(&seq, &child, kCompressCertificateTag) ||
|
877
|
+
!CBB_add_asn1_uint64(&child, hints->cert_compression_alg_id) ||
|
878
|
+
!CBB_add_asn1_octet_string(&child, hints->cert_compression_input.data(),
|
879
|
+
hints->cert_compression_input.size()) ||
|
880
|
+
!CBB_add_asn1_octet_string(&child,
|
881
|
+
hints->cert_compression_output.data(),
|
882
|
+
hints->cert_compression_output.size())) {
|
883
|
+
return 0;
|
884
|
+
}
|
885
|
+
}
|
886
|
+
|
872
887
|
return CBB_flush(out);
|
873
888
|
}
|
874
889
|
|
@@ -883,9 +898,10 @@ int SSL_set_handshake_hints(SSL *ssl, const uint8_t *hints, size_t hints_len) {
|
|
883
898
|
return 0;
|
884
899
|
}
|
885
900
|
|
886
|
-
CBS cbs, seq, server_random, key_share, signature_hint, ticket, ignore_psk
|
901
|
+
CBS cbs, seq, server_random, key_share, signature_hint, ticket, ignore_psk,
|
902
|
+
cert_compression;
|
887
903
|
int has_server_random, has_key_share, has_signature_hint, has_ticket,
|
888
|
-
has_ignore_psk;
|
904
|
+
has_ignore_psk, has_cert_compression;
|
889
905
|
CBS_init(&cbs, hints, hints_len);
|
890
906
|
if (!CBS_get_asn1(&cbs, &seq, CBS_ASN1_SEQUENCE) ||
|
891
907
|
!CBS_get_optional_asn1(&seq, &server_random, &has_server_random,
|
@@ -896,7 +912,9 @@ int SSL_set_handshake_hints(SSL *ssl, const uint8_t *hints, size_t hints_len) {
|
|
896
912
|
kSignatureHintTag) ||
|
897
913
|
!CBS_get_optional_asn1(&seq, &ticket, &has_ticket, kDecryptedPSKTag) ||
|
898
914
|
!CBS_get_optional_asn1(&seq, &ignore_psk, &has_ignore_psk,
|
899
|
-
kIgnorePSKTag)
|
915
|
+
kIgnorePSKTag) ||
|
916
|
+
!CBS_get_optional_asn1(&seq, &cert_compression, &has_cert_compression,
|
917
|
+
kCompressCertificateTag)) {
|
900
918
|
OPENSSL_PUT_ERROR(SSL, SSL_R_COULD_NOT_PARSE_HINTS);
|
901
919
|
return 0;
|
902
920
|
}
|
@@ -948,6 +966,21 @@ int SSL_set_handshake_hints(SSL *ssl, const uint8_t *hints, size_t hints_len) {
|
|
948
966
|
hints_obj->ignore_psk = true;
|
949
967
|
}
|
950
968
|
|
969
|
+
if (has_cert_compression) {
|
970
|
+
uint64_t alg;
|
971
|
+
CBS input, output;
|
972
|
+
if (!CBS_get_asn1_uint64(&cert_compression, &alg) || //
|
973
|
+
alg == 0 || alg > 0xffff ||
|
974
|
+
!CBS_get_asn1(&cert_compression, &input, CBS_ASN1_OCTETSTRING) ||
|
975
|
+
!hints_obj->cert_compression_input.CopyFrom(input) ||
|
976
|
+
!CBS_get_asn1(&cert_compression, &output, CBS_ASN1_OCTETSTRING) ||
|
977
|
+
!hints_obj->cert_compression_output.CopyFrom(output)) {
|
978
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_COULD_NOT_PARSE_HINTS);
|
979
|
+
return 0;
|
980
|
+
}
|
981
|
+
hints_obj->cert_compression_alg_id = static_cast<uint16_t>(alg);
|
982
|
+
}
|
983
|
+
|
951
984
|
ssl->s3->hs->hints = std::move(hints_obj);
|
952
985
|
return 1;
|
953
986
|
}
|
@@ -126,11 +126,9 @@ BSSL_NAMESPACE_BEGIN
|
|
126
126
|
|
127
127
|
SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
|
128
128
|
: ssl(ssl_arg),
|
129
|
-
ech_accept(false),
|
130
129
|
ech_present(false),
|
131
130
|
ech_is_inner_present(false),
|
132
131
|
scts_requested(false),
|
133
|
-
needs_psk_binder(false),
|
134
132
|
handshake_finalized(false),
|
135
133
|
accept_psk_mode(false),
|
136
134
|
cert_request(false),
|
@@ -147,12 +145,19 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
|
|
147
145
|
ticket_expected(false),
|
148
146
|
extended_master_secret(false),
|
149
147
|
pending_private_key_op(false),
|
150
|
-
grease_seeded(false),
|
151
148
|
handback(false),
|
152
149
|
hints_requested(false),
|
153
150
|
cert_compression_negotiated(false),
|
154
|
-
apply_jdk11_workaround(false)
|
151
|
+
apply_jdk11_workaround(false),
|
152
|
+
can_release_private_key(false),
|
153
|
+
channel_id_negotiated(false) {
|
155
154
|
assert(ssl);
|
155
|
+
|
156
|
+
// Draw entropy for all GREASE values at once. This avoids calling
|
157
|
+
// |RAND_bytes| repeatedly and makes the values consistent within a
|
158
|
+
// connection. The latter is so the second ClientHello matches after
|
159
|
+
// HelloRetryRequest and so supported_groups and key_shares are consistent.
|
160
|
+
RAND_bytes(grease_seed, sizeof(grease_seed));
|
156
161
|
}
|
157
162
|
|
158
163
|
SSL_HANDSHAKE::~SSL_HANDSHAKE() {
|
@@ -434,17 +439,8 @@ enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs,
|
|
434
439
|
return ret;
|
435
440
|
}
|
436
441
|
|
437
|
-
uint16_t
|
438
|
-
|
439
|
-
// Draw entropy for all GREASE values at once. This avoids calling
|
440
|
-
// |RAND_bytes| repeatedly and makes the values consistent within a
|
441
|
-
// connection. The latter is so the second ClientHello matches after
|
442
|
-
// HelloRetryRequest and so supported_groups and key_shares are consistent.
|
443
|
-
if (!hs->grease_seeded) {
|
444
|
-
RAND_bytes(hs->grease_seed, sizeof(hs->grease_seed));
|
445
|
-
hs->grease_seeded = true;
|
446
|
-
}
|
447
|
-
|
442
|
+
static uint16_t grease_index_to_value(const SSL_HANDSHAKE *hs,
|
443
|
+
enum ssl_grease_index_t index) {
|
448
444
|
// This generates a random value of the form 0xωaωa, for all 0 ≤ ω < 16.
|
449
445
|
uint16_t ret = hs->grease_seed[index];
|
450
446
|
ret = (ret & 0xf0) | 0x0a;
|
@@ -452,6 +448,19 @@ uint16_t ssl_get_grease_value(SSL_HANDSHAKE *hs,
|
|
452
448
|
return ret;
|
453
449
|
}
|
454
450
|
|
451
|
+
uint16_t ssl_get_grease_value(const SSL_HANDSHAKE *hs,
|
452
|
+
enum ssl_grease_index_t index) {
|
453
|
+
uint16_t ret = grease_index_to_value(hs, index);
|
454
|
+
if (index == ssl_grease_extension2 &&
|
455
|
+
ret == grease_index_to_value(hs, ssl_grease_extension1)) {
|
456
|
+
// The two fake extensions must not have the same value. GREASE values are
|
457
|
+
// of the form 0x1a1a, 0x2a2a, 0x3a3a, etc., so XOR to generate a different
|
458
|
+
// one.
|
459
|
+
ret ^= 0x1010;
|
460
|
+
}
|
461
|
+
return ret;
|
462
|
+
}
|
463
|
+
|
455
464
|
enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
|
456
465
|
SSL *const ssl = hs->ssl;
|
457
466
|
SSLMessage msg;
|
@@ -682,10 +691,6 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
682
691
|
ssl->s3->rwstate = SSL_ERROR_WANT_X509_LOOKUP;
|
683
692
|
hs->wait = ssl_hs_ok;
|
684
693
|
return -1;
|
685
|
-
case ssl_hs_channel_id_lookup:
|
686
|
-
ssl->s3->rwstate = SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
|
687
|
-
hs->wait = ssl_hs_ok;
|
688
|
-
return -1;
|
689
694
|
case ssl_hs_private_key_operation:
|
690
695
|
ssl->s3->rwstate = SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
|
691
696
|
hs->wait = ssl_hs_ok;
|
@@ -162,6 +162,7 @@
|
|
162
162
|
#include <openssl/ecdsa.h>
|
163
163
|
#include <openssl/err.h>
|
164
164
|
#include <openssl/evp.h>
|
165
|
+
#include <openssl/hpke.h>
|
165
166
|
#include <openssl/md5.h>
|
166
167
|
#include <openssl/mem.h>
|
167
168
|
#include <openssl/rand.h>
|
@@ -201,7 +202,8 @@ enum ssl_client_hs_state_t {
|
|
201
202
|
|
202
203
|
// ssl_get_client_disabled sets |*out_mask_a| and |*out_mask_k| to masks of
|
203
204
|
// disabled algorithms.
|
204
|
-
static void ssl_get_client_disabled(SSL_HANDSHAKE *hs,
|
205
|
+
static void ssl_get_client_disabled(const SSL_HANDSHAKE *hs,
|
206
|
+
uint32_t *out_mask_a,
|
205
207
|
uint32_t *out_mask_k) {
|
206
208
|
*out_mask_a = 0;
|
207
209
|
*out_mask_k = 0;
|
@@ -213,8 +215,9 @@ static void ssl_get_client_disabled(SSL_HANDSHAKE *hs, uint32_t *out_mask_a,
|
|
213
215
|
}
|
214
216
|
}
|
215
217
|
|
216
|
-
static bool ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out
|
217
|
-
|
218
|
+
static bool ssl_write_client_cipher_list(const SSL_HANDSHAKE *hs, CBB *out,
|
219
|
+
ssl_client_hello_type_t type) {
|
220
|
+
const SSL *const ssl = hs->ssl;
|
218
221
|
uint32_t mask_a, mask_k;
|
219
222
|
ssl_get_client_disabled(hs, &mask_a, &mask_k);
|
220
223
|
|
@@ -223,7 +226,7 @@ static bool ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) {
|
|
223
226
|
return false;
|
224
227
|
}
|
225
228
|
|
226
|
-
// Add a fake cipher suite. See
|
229
|
+
// Add a fake cipher suite. See RFC 8701.
|
227
230
|
if (ssl->ctx->grease_enabled &&
|
228
231
|
!CBB_add_u16(&child, ssl_get_grease_value(hs, ssl_grease_cipher))) {
|
229
232
|
return false;
|
@@ -246,7 +249,7 @@ static bool ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) {
|
|
246
249
|
}
|
247
250
|
}
|
248
251
|
|
249
|
-
if (hs->min_version < TLS1_3_VERSION) {
|
252
|
+
if (hs->min_version < TLS1_3_VERSION && type != ssl_client_hello_inner) {
|
250
253
|
bool any_enabled = false;
|
251
254
|
for (const SSL_CIPHER *cipher : SSL_get_ciphers(ssl)) {
|
252
255
|
// Skip disabled ciphers
|
@@ -280,53 +283,72 @@ static bool ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) {
|
|
280
283
|
return CBB_flush(out);
|
281
284
|
}
|
282
285
|
|
283
|
-
bool
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
return false;
|
289
|
-
}
|
290
|
-
|
286
|
+
bool ssl_write_client_hello_without_extensions(const SSL_HANDSHAKE *hs,
|
287
|
+
CBB *cbb,
|
288
|
+
ssl_client_hello_type_t type,
|
289
|
+
bool empty_session_id) {
|
290
|
+
const SSL *const ssl = hs->ssl;
|
291
291
|
CBB child;
|
292
|
-
if (!CBB_add_u16(
|
293
|
-
!CBB_add_bytes(
|
294
|
-
|
292
|
+
if (!CBB_add_u16(cbb, hs->client_version) ||
|
293
|
+
!CBB_add_bytes(cbb,
|
294
|
+
type == ssl_client_hello_inner ? hs->inner_client_random
|
295
|
+
: ssl->s3->client_random,
|
296
|
+
SSL3_RANDOM_SIZE) ||
|
297
|
+
!CBB_add_u8_length_prefixed(cbb, &child)) {
|
295
298
|
return false;
|
296
299
|
}
|
297
300
|
|
298
301
|
// Do not send a session ID on renegotiation.
|
299
302
|
if (!ssl->s3->initial_handshake_complete &&
|
303
|
+
!empty_session_id &&
|
300
304
|
!CBB_add_bytes(&child, hs->session_id, hs->session_id_len)) {
|
301
305
|
return false;
|
302
306
|
}
|
303
307
|
|
304
308
|
if (SSL_is_dtls(ssl)) {
|
305
|
-
if (!CBB_add_u8_length_prefixed(
|
309
|
+
if (!CBB_add_u8_length_prefixed(cbb, &child) ||
|
306
310
|
!CBB_add_bytes(&child, ssl->d1->cookie, ssl->d1->cookie_len)) {
|
307
311
|
return false;
|
308
312
|
}
|
309
313
|
}
|
310
314
|
|
311
|
-
|
312
|
-
|
313
|
-
|
314
|
-
!CBB_add_u8(&body, 1 /* one compression method */) ||
|
315
|
-
!CBB_add_u8(&body, 0 /* null compression */) ||
|
316
|
-
!ssl_add_clienthello_tlsext(hs, &body, header_len + CBB_len(&body))) {
|
315
|
+
if (!ssl_write_client_cipher_list(hs, cbb, type) ||
|
316
|
+
!CBB_add_u8(cbb, 1 /* one compression method */) ||
|
317
|
+
!CBB_add_u8(cbb, 0 /* null compression */)) {
|
317
318
|
return false;
|
318
319
|
}
|
320
|
+
return true;
|
321
|
+
}
|
319
322
|
|
323
|
+
bool ssl_add_client_hello(SSL_HANDSHAKE *hs) {
|
324
|
+
SSL *const ssl = hs->ssl;
|
325
|
+
ScopedCBB cbb;
|
326
|
+
CBB body;
|
327
|
+
ssl_client_hello_type_t type = hs->selected_ech_config
|
328
|
+
? ssl_client_hello_outer
|
329
|
+
: ssl_client_hello_unencrypted;
|
330
|
+
bool needs_psk_binder;
|
320
331
|
Array<uint8_t> msg;
|
321
|
-
if (!ssl->method->
|
332
|
+
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CLIENT_HELLO) ||
|
333
|
+
!ssl_write_client_hello_without_extensions(hs, &body, type,
|
334
|
+
/*empty_session_id*/ false) ||
|
335
|
+
!ssl_add_clienthello_tlsext(hs, &body, /*out_encoded=*/nullptr,
|
336
|
+
&needs_psk_binder, type, CBB_len(&body),
|
337
|
+
/*omit_ech_len=*/0) ||
|
338
|
+
!ssl->method->finish_message(ssl, cbb.get(), &msg)) {
|
322
339
|
return false;
|
323
340
|
}
|
324
341
|
|
325
342
|
// Now that the length prefixes have been computed, fill in the placeholder
|
326
343
|
// PSK binder.
|
327
|
-
if (
|
328
|
-
|
329
|
-
|
344
|
+
if (needs_psk_binder) {
|
345
|
+
// ClientHelloOuter cannot have a PSK binder. Otherwise the
|
346
|
+
// ClientHellOuterAAD computation would break.
|
347
|
+
assert(type != ssl_client_hello_outer);
|
348
|
+
if (!tls13_write_psk_binder(hs, hs->transcript, MakeSpan(msg),
|
349
|
+
/*out_binder_len=*/0)) {
|
350
|
+
return false;
|
351
|
+
}
|
330
352
|
}
|
331
353
|
|
332
354
|
return ssl->method->add_message(ssl, std::move(msg));
|
@@ -374,6 +396,60 @@ static bool parse_supported_versions(SSL_HANDSHAKE *hs, uint16_t *version,
|
|
374
396
|
return true;
|
375
397
|
}
|
376
398
|
|
399
|
+
// should_offer_early_data returns |ssl_early_data_accepted| if |hs| should
|
400
|
+
// offer early data, and some other reason code otherwise.
|
401
|
+
static ssl_early_data_reason_t should_offer_early_data(
|
402
|
+
const SSL_HANDSHAKE *hs) {
|
403
|
+
const SSL *const ssl = hs->ssl;
|
404
|
+
assert(!ssl->server);
|
405
|
+
if (!ssl->enable_early_data) {
|
406
|
+
return ssl_early_data_disabled;
|
407
|
+
}
|
408
|
+
|
409
|
+
if (hs->max_version < TLS1_3_VERSION) {
|
410
|
+
// We discard inapplicable sessions, so this is redundant with the session
|
411
|
+
// checks below, but reporting that TLS 1.3 was disabled is more useful.
|
412
|
+
return ssl_early_data_protocol_version;
|
413
|
+
}
|
414
|
+
|
415
|
+
if (ssl->session == nullptr) {
|
416
|
+
return ssl_early_data_no_session_offered;
|
417
|
+
}
|
418
|
+
|
419
|
+
if (ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION ||
|
420
|
+
ssl->session->ticket_max_early_data == 0) {
|
421
|
+
return ssl_early_data_unsupported_for_session;
|
422
|
+
}
|
423
|
+
|
424
|
+
if (!ssl->session->early_alpn.empty()) {
|
425
|
+
if (!ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) {
|
426
|
+
// Avoid reporting a confusing value in |SSL_get0_alpn_selected|.
|
427
|
+
return ssl_early_data_alpn_mismatch;
|
428
|
+
}
|
429
|
+
|
430
|
+
// If the previous connection negotiated ALPS, only offer 0-RTT when the
|
431
|
+
// local are settings are consistent with what we'd offer for this
|
432
|
+
// connection.
|
433
|
+
if (ssl->session->has_application_settings) {
|
434
|
+
Span<const uint8_t> settings;
|
435
|
+
if (!ssl_get_local_application_settings(hs, &settings,
|
436
|
+
ssl->session->early_alpn) ||
|
437
|
+
settings != ssl->session->local_application_settings) {
|
438
|
+
return ssl_early_data_alps_mismatch;
|
439
|
+
}
|
440
|
+
}
|
441
|
+
}
|
442
|
+
|
443
|
+
// Early data has not yet been accepted, but we use it as a success code.
|
444
|
+
return ssl_early_data_accepted;
|
445
|
+
}
|
446
|
+
|
447
|
+
void ssl_done_writing_client_hello(SSL_HANDSHAKE *hs) {
|
448
|
+
hs->ech_client_bytes.Reset();
|
449
|
+
hs->cookie.Reset();
|
450
|
+
hs->key_share_bytes.Reset();
|
451
|
+
}
|
452
|
+
|
377
453
|
static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
|
378
454
|
SSL *const ssl = hs->ssl;
|
379
455
|
|
@@ -386,6 +462,12 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
|
|
386
462
|
return ssl_hs_error;
|
387
463
|
}
|
388
464
|
|
465
|
+
uint8_t ech_enc[EVP_HPKE_MAX_ENC_LENGTH];
|
466
|
+
size_t ech_enc_len;
|
467
|
+
if (!ssl_select_ech_config(hs, ech_enc, &ech_enc_len)) {
|
468
|
+
return ssl_hs_error;
|
469
|
+
}
|
470
|
+
|
389
471
|
// Always advertise the ClientHello version from the original maximum version,
|
390
472
|
// even on renegotiation. The static RSA key exchange uses this field, and
|
391
473
|
// some servers fail when it changes across handshakes.
|
@@ -397,34 +479,47 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
|
|
397
479
|
hs->max_version >= TLS1_2_VERSION ? TLS1_2_VERSION : hs->max_version;
|
398
480
|
}
|
399
481
|
|
400
|
-
// If the configured session has expired or
|
401
|
-
//
|
402
|
-
if (ssl->session !=
|
482
|
+
// If the configured session has expired or is not usable, drop it. We also do
|
483
|
+
// not offer sessions on renegotiation.
|
484
|
+
if (ssl->session != nullptr) {
|
403
485
|
if (ssl->session->is_server ||
|
404
486
|
!ssl_supports_version(hs, ssl->session->ssl_version) ||
|
405
|
-
|
406
|
-
|
407
|
-
|
487
|
+
// Do not offer TLS 1.2 sessions with ECH. ClientHelloInner does not
|
488
|
+
// offer TLS 1.2, and the cleartext session ID may leak the server
|
489
|
+
// identity.
|
490
|
+
(hs->selected_ech_config &&
|
491
|
+
ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION) ||
|
492
|
+
!SSL_SESSION_is_resumable(ssl->session.get()) ||
|
408
493
|
!ssl_session_is_time_valid(ssl, ssl->session.get()) ||
|
409
|
-
(ssl->quic_method != nullptr) != ssl->session->is_quic
|
410
|
-
|
494
|
+
(ssl->quic_method != nullptr) != ssl->session->is_quic ||
|
495
|
+
ssl->s3->initial_handshake_complete) {
|
496
|
+
ssl_set_session(ssl, nullptr);
|
411
497
|
}
|
412
498
|
}
|
413
499
|
|
414
500
|
if (!RAND_bytes(ssl->s3->client_random, sizeof(ssl->s3->client_random))) {
|
415
501
|
return ssl_hs_error;
|
416
502
|
}
|
503
|
+
if (hs->selected_ech_config &&
|
504
|
+
!RAND_bytes(hs->inner_client_random, sizeof(hs->inner_client_random))) {
|
505
|
+
return ssl_hs_error;
|
506
|
+
}
|
417
507
|
|
418
508
|
// Never send a session ID in QUIC. QUIC uses TLS 1.3 at a minimum and
|
419
509
|
// disables TLS 1.3 middlebox compatibility mode.
|
420
510
|
if (ssl->quic_method == nullptr) {
|
421
|
-
|
422
|
-
|
511
|
+
const bool has_id_session = ssl->session != nullptr &&
|
512
|
+
ssl->session->session_id_length > 0 &&
|
513
|
+
ssl->session->ticket.empty();
|
514
|
+
const bool has_ticket_session =
|
515
|
+
ssl->session != nullptr && !ssl->session->ticket.empty();
|
516
|
+
if (has_id_session) {
|
423
517
|
hs->session_id_len = ssl->session->session_id_length;
|
424
518
|
OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
|
425
519
|
hs->session_id_len);
|
426
|
-
} else if (hs->max_version >= TLS1_3_VERSION) {
|
427
|
-
//
|
520
|
+
} else if (has_ticket_session || hs->max_version >= TLS1_3_VERSION) {
|
521
|
+
// Send a random session ID. TLS 1.3 always sends one, and TLS 1.2 session
|
522
|
+
// tickets require a placeholder value to signal resumption.
|
428
523
|
hs->session_id_len = sizeof(hs->session_id);
|
429
524
|
if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
|
430
525
|
return ssl_hs_error;
|
@@ -432,7 +527,17 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
|
|
432
527
|
}
|
433
528
|
}
|
434
529
|
|
435
|
-
|
530
|
+
ssl_early_data_reason_t reason = should_offer_early_data(hs);
|
531
|
+
if (reason != ssl_early_data_accepted) {
|
532
|
+
ssl->s3->early_data_reason = reason;
|
533
|
+
} else {
|
534
|
+
hs->early_data_offered = true;
|
535
|
+
}
|
536
|
+
|
537
|
+
if (!ssl_setup_key_shares(hs, /*override_group_id=*/0) ||
|
538
|
+
!ssl_setup_extension_permutation(hs) ||
|
539
|
+
!ssl_encrypt_client_hello(hs, MakeConstSpan(ech_enc, ech_enc_len)) ||
|
540
|
+
!ssl_add_client_hello(hs)) {
|
436
541
|
return ssl_hs_error;
|
437
542
|
}
|
438
543
|
|
@@ -458,9 +563,7 @@ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
|
|
458
563
|
return ssl_hs_error;
|
459
564
|
}
|
460
565
|
|
461
|
-
if (!tls13_init_early_key_schedule(
|
462
|
-
hs,
|
463
|
-
MakeConstSpan(ssl->session->secret, ssl->session->secret_length)) ||
|
566
|
+
if (!tls13_init_early_key_schedule(hs, ssl->session.get()) ||
|
464
567
|
!tls13_derive_early_secret(hs)) {
|
465
568
|
return ssl_hs_error;
|
466
569
|
}
|
@@ -511,6 +614,10 @@ static enum ssl_hs_wait_t do_read_hello_verify_request(SSL_HANDSHAKE *hs) {
|
|
511
614
|
|
512
615
|
assert(SSL_is_dtls(ssl));
|
513
616
|
|
617
|
+
// When implementing DTLS 1.3, we need to handle the interactions between
|
618
|
+
// HelloVerifyRequest, DTLS 1.3's HelloVerifyRequest removal, and ECH.
|
619
|
+
assert(hs->max_version < TLS1_3_VERSION);
|
620
|
+
|
514
621
|
SSLMessage msg;
|
515
622
|
if (!ssl->method->get_message(ssl, &msg)) {
|
516
623
|
return ssl_hs_read_message;
|
@@ -542,7 +649,7 @@ static enum ssl_hs_wait_t do_read_hello_verify_request(SSL_HANDSHAKE *hs) {
|
|
542
649
|
return ssl_hs_error;
|
543
650
|
}
|
544
651
|
|
545
|
-
if (!
|
652
|
+
if (!ssl_add_client_hello(hs)) {
|
546
653
|
return ssl_hs_error;
|
547
654
|
}
|
548
655
|
|
@@ -607,17 +714,32 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
607
714
|
// Clear some TLS 1.3 state that no longer needs to be retained.
|
608
715
|
hs->key_shares[0].reset();
|
609
716
|
hs->key_shares[1].reset();
|
610
|
-
hs
|
717
|
+
ssl_done_writing_client_hello(hs);
|
611
718
|
|
612
719
|
// A TLS 1.2 server would not know to skip the early data we offered. Report
|
613
720
|
// an error code sooner. The caller may use this error code to implement the
|
614
721
|
// fallback described in RFC 8446 appendix D.3.
|
615
722
|
if (hs->early_data_offered) {
|
723
|
+
// Disconnect early writes. This ensures subsequent |SSL_write| calls query
|
724
|
+
// the handshake which, in turn, will replay the error code rather than fail
|
725
|
+
// at the |write_shutdown| check. See https://crbug.com/1078515.
|
726
|
+
// TODO(davidben): Should all handshake errors do this? What about record
|
727
|
+
// decryption failures?
|
728
|
+
hs->can_early_write = false;
|
616
729
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_VERSION_ON_EARLY_DATA);
|
617
730
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
|
618
731
|
return ssl_hs_error;
|
619
732
|
}
|
620
733
|
|
734
|
+
// TODO(https://crbug.com/boringssl/275): If the server negotiates TLS 1.2 and
|
735
|
+
// we offer ECH, we handshake with ClientHelloOuter instead of
|
736
|
+
// ClientHelloInner. That path is not yet implemented. For now, terminate the
|
737
|
+
// handshake with a distinguishable error for testing.
|
738
|
+
if (hs->selected_ech_config) {
|
739
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
|
740
|
+
return ssl_hs_error;
|
741
|
+
}
|
742
|
+
|
621
743
|
// Copy over the server random.
|
622
744
|
OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random),
|
623
745
|
SSL3_RANDOM_SIZE);
|
@@ -642,28 +764,29 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
642
764
|
}
|
643
765
|
}
|
644
766
|
|
645
|
-
if (
|
646
|
-
|
647
|
-
|
648
|
-
|
649
|
-
|
650
|
-
|
651
|
-
//
|
652
|
-
// session
|
653
|
-
|
654
|
-
// deterministicly, rather than installing an invalid session into the
|
655
|
-
// session cache. https://crbug.com/796910
|
656
|
-
if (hs->session_id_len != 0 &&
|
657
|
-
CBS_mem_equal(&session_id, hs->session_id, hs->session_id_len)) {
|
767
|
+
if (hs->session_id_len != 0 &&
|
768
|
+
CBS_mem_equal(&session_id, hs->session_id, hs->session_id_len)) {
|
769
|
+
// Echoing the ClientHello session ID in TLS 1.2, whether from the session
|
770
|
+
// or a synthetic one, indicates resumption. If there was no session, this
|
771
|
+
// was the TLS 1.3 compatibility mode session ID. As we know this is not a
|
772
|
+
// session the server knows about, any server resuming it is in error.
|
773
|
+
// Reject the first connection deterministicly, rather than installing an
|
774
|
+
// invalid session into the session cache. https://crbug.com/796910
|
775
|
+
if (ssl->session == nullptr) {
|
658
776
|
OPENSSL_PUT_ERROR(SSL, SSL_R_SERVER_ECHOED_INVALID_SESSION_ID);
|
659
777
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
660
778
|
return ssl_hs_error;
|
661
779
|
}
|
662
|
-
|
663
|
-
|
664
|
-
|
780
|
+
// We never offer sessions on renegotiation.
|
781
|
+
assert(!ssl->s3->initial_handshake_complete);
|
782
|
+
ssl->s3->session_reused = true;
|
783
|
+
// Note |ssl->session| may be a TLS 1.3 session, offered in a separate
|
784
|
+
// extension altogether. In that case, the version check below will fail the
|
785
|
+
// connection.
|
786
|
+
} else {
|
787
|
+
// The session wasn't resumed. Create a fresh SSL_SESSION to fill out.
|
665
788
|
ssl_set_session(ssl, NULL);
|
666
|
-
if (!ssl_get_new_session(hs
|
789
|
+
if (!ssl_get_new_session(hs)) {
|
667
790
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
668
791
|
return ssl_hs_error;
|
669
792
|
}
|
@@ -675,7 +798,6 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
675
798
|
|
676
799
|
const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
|
677
800
|
if (cipher == NULL) {
|
678
|
-
// unknown cipher
|
679
801
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_RETURNED);
|
680
802
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
681
803
|
return ssl_hs_error;
|
@@ -764,13 +886,6 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
764
886
|
return ssl_hs_error;
|
765
887
|
}
|
766
888
|
|
767
|
-
if (ssl->s3->token_binding_negotiated &&
|
768
|
-
(!hs->extended_master_secret || !ssl->s3->send_connection_binding)) {
|
769
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI);
|
770
|
-
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
|
771
|
-
return ssl_hs_error;
|
772
|
-
}
|
773
|
-
|
774
889
|
ssl->method->next_message(ssl);
|
775
890
|
|
776
891
|
if (ssl->session != NULL) {
|
@@ -1482,18 +1597,7 @@ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) {
|
|
1482
1597
|
|
1483
1598
|
static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
|
1484
1599
|
SSL *const ssl = hs->ssl;
|
1485
|
-
|
1486
|
-
if (ssl->s3->channel_id_valid) {
|
1487
|
-
if (!ssl_do_channel_id_callback(hs)) {
|
1488
|
-
return ssl_hs_error;
|
1489
|
-
}
|
1490
|
-
|
1491
|
-
if (hs->config->channel_id_private == NULL) {
|
1492
|
-
hs->state = state_send_client_finished;
|
1493
|
-
return ssl_hs_channel_id_lookup;
|
1494
|
-
}
|
1495
|
-
}
|
1496
|
-
|
1600
|
+
hs->can_release_private_key = true;
|
1497
1601
|
if (!ssl->method->add_change_cipher_spec(ssl) ||
|
1498
1602
|
!tls1_change_cipher_state(hs, evp_aead_seal)) {
|
1499
1603
|
return ssl_hs_error;
|
@@ -1518,7 +1622,7 @@ static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
|
|
1518
1622
|
}
|
1519
1623
|
}
|
1520
1624
|
|
1521
|
-
if (
|
1625
|
+
if (hs->channel_id_negotiated) {
|
1522
1626
|
ScopedCBB cbb;
|
1523
1627
|
CBB body;
|
1524
1628
|
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CHANNEL_ID) ||
|
@@ -1659,9 +1763,8 @@ static enum ssl_hs_wait_t do_read_session_ticket(SSL_HANDSHAKE *hs) {
|
|
1659
1763
|
}
|
1660
1764
|
session->ticket_lifetime_hint = ticket_lifetime_hint;
|
1661
1765
|
|
1662
|
-
//
|
1663
|
-
//
|
1664
|
-
// resumption.
|
1766
|
+
// Historically, OpenSSL filled in fake session IDs for ticket-based sessions.
|
1767
|
+
// TODO(davidben): Are external callers relying on this? Try removing this.
|
1665
1768
|
SHA256(CBS_data(&ticket), CBS_len(&ticket), session->session_id);
|
1666
1769
|
session->session_id_length = SHA256_DIGEST_LENGTH;
|
1667
1770
|
|