grpc 1.4.5 → 1.6.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +1235 -1100
- data/etc/roots.pem +0 -412
- data/include/grpc/byte_buffer.h +10 -25
- data/include/grpc/byte_buffer_reader.h +10 -25
- data/include/grpc/census.h +10 -25
- data/include/grpc/compression.h +10 -25
- data/include/grpc/grpc.h +15 -26
- data/include/grpc/grpc_cronet.h +10 -25
- data/include/grpc/grpc_posix.h +10 -25
- data/include/grpc/grpc_security.h +10 -25
- data/include/grpc/grpc_security_constants.h +10 -25
- data/include/grpc/impl/codegen/atm.h +11 -25
- data/include/grpc/impl/codegen/atm_gcc_atomic.h +10 -25
- data/include/grpc/impl/codegen/atm_gcc_sync.h +10 -25
- data/include/grpc/impl/codegen/atm_windows.h +10 -25
- data/include/grpc/impl/codegen/byte_buffer_reader.h +11 -26
- data/include/grpc/impl/codegen/compression_types.h +12 -27
- data/include/grpc/impl/codegen/connectivity_state.h +10 -25
- data/include/grpc/impl/codegen/exec_ctx_fwd.h +10 -25
- data/include/grpc/impl/codegen/gpr_slice.h +10 -25
- data/include/grpc/impl/codegen/gpr_types.h +10 -25
- data/include/grpc/impl/codegen/grpc_types.h +42 -43
- data/include/grpc/impl/codegen/port_platform.h +10 -25
- data/include/grpc/impl/codegen/propagation_bits.h +10 -25
- data/include/grpc/impl/codegen/slice.h +13 -28
- data/include/grpc/impl/codegen/status.h +10 -25
- data/include/grpc/impl/codegen/sync.h +10 -25
- data/include/grpc/impl/codegen/sync_generic.h +10 -25
- data/include/grpc/impl/codegen/sync_posix.h +10 -25
- data/include/grpc/impl/codegen/sync_windows.h +10 -25
- data/include/grpc/load_reporting.h +10 -25
- data/include/grpc/slice.h +10 -25
- data/include/grpc/slice_buffer.h +10 -25
- data/include/grpc/status.h +10 -25
- data/include/grpc/support/alloc.h +10 -25
- data/include/grpc/support/atm.h +10 -25
- data/include/grpc/support/atm_gcc_atomic.h +10 -25
- data/include/grpc/support/atm_gcc_sync.h +10 -25
- data/include/grpc/support/atm_windows.h +10 -25
- data/include/grpc/support/avl.h +46 -49
- data/include/grpc/support/cmdline.h +10 -25
- data/include/grpc/support/cpu.h +10 -25
- data/include/grpc/support/histogram.h +10 -25
- data/include/grpc/support/host_port.h +10 -25
- data/include/grpc/support/log.h +10 -25
- data/include/grpc/support/log_windows.h +10 -25
- data/include/grpc/support/port_platform.h +10 -25
- data/include/grpc/support/string_util.h +10 -25
- data/include/grpc/support/subprocess.h +10 -25
- data/include/grpc/support/sync.h +10 -25
- data/include/grpc/support/sync_generic.h +10 -25
- data/include/grpc/support/sync_posix.h +10 -25
- data/include/grpc/support/sync_windows.h +10 -25
- data/include/grpc/support/thd.h +10 -25
- data/include/grpc/support/time.h +10 -25
- data/include/grpc/support/tls.h +10 -25
- data/include/grpc/support/tls_gcc.h +10 -25
- data/include/grpc/support/tls_msvc.h +10 -25
- data/include/grpc/support/tls_pthread.h +10 -25
- data/include/grpc/support/useful.h +10 -25
- data/include/grpc/support/workaround_list.h +11 -26
- data/src/boringssl/err_data.c +277 -259
- data/src/core/ext/census/aggregation.h +10 -25
- data/src/core/ext/census/base_resources.c +10 -25
- data/src/core/ext/census/base_resources.h +10 -25
- data/src/core/ext/census/census_interface.h +10 -25
- data/src/core/ext/census/census_rpc_stats.h +10 -25
- data/src/core/ext/census/context.c +10 -25
- data/src/core/ext/census/gen/census.pb.c +10 -25
- data/src/core/ext/census/gen/census.pb.h +10 -25
- data/src/core/ext/census/gen/trace_context.pb.c +10 -25
- data/src/core/ext/census/gen/trace_context.pb.h +10 -25
- data/src/core/ext/census/grpc_context.c +10 -25
- data/src/core/ext/census/grpc_filter.c +11 -26
- data/src/core/ext/census/grpc_filter.h +10 -25
- data/src/core/ext/census/grpc_plugin.c +10 -25
- data/src/core/ext/census/initialize.c +10 -25
- data/src/core/ext/census/intrusive_hash_map.c +10 -25
- data/src/core/ext/census/intrusive_hash_map.h +10 -25
- data/src/core/ext/census/intrusive_hash_map_internal.h +10 -25
- data/src/core/ext/census/mlog.c +10 -25
- data/src/core/ext/census/mlog.h +10 -25
- data/src/core/ext/census/operation.c +10 -25
- data/src/core/ext/census/placeholders.c +10 -25
- data/src/core/ext/census/resource.c +10 -25
- data/src/core/ext/census/resource.h +10 -25
- data/src/core/ext/census/rpc_metric_id.h +10 -25
- data/src/core/ext/census/trace_context.c +10 -25
- data/src/core/ext/census/trace_context.h +10 -25
- data/src/core/ext/census/trace_label.h +10 -25
- data/src/core/ext/census/trace_propagation.h +10 -25
- data/src/core/ext/census/trace_status.h +10 -25
- data/src/core/ext/census/trace_string.h +10 -25
- data/src/core/ext/census/tracing.c +10 -26
- data/src/core/ext/census/tracing.h +10 -25
- data/src/core/ext/filters/client_channel/channel_connectivity.c +20 -33
- data/src/core/ext/filters/client_channel/client_channel.c +617 -520
- data/src/core/ext/filters/client_channel/client_channel.h +15 -28
- data/src/core/ext/filters/client_channel/client_channel_factory.c +13 -31
- data/src/core/ext/filters/client_channel/client_channel_factory.h +10 -25
- data/src/core/ext/filters/client_channel/client_channel_plugin.c +16 -29
- data/src/core/ext/filters/client_channel/connector.c +10 -25
- data/src/core/ext/filters/client_channel/connector.h +10 -25
- data/src/core/ext/filters/client_channel/http_connect_handshaker.c +15 -30
- data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -25
- data/src/core/ext/filters/client_channel/http_proxy.c +112 -38
- data/src/core/ext/filters/client_channel/http_proxy.h +10 -25
- data/src/core/ext/filters/client_channel/lb_policy.c +32 -36
- data/src/core/ext/filters/client_channel/lb_policy.h +24 -27
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.c +14 -30
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +10 -25
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.c +464 -279
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +10 -25
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +15 -28
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.c +40 -48
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.c +65 -49
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +31 -31
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.c +47 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +11 -26
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +13 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +27 -21
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.c +373 -136
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.c +504 -279
- data/src/core/ext/filters/client_channel/lb_policy_factory.c +12 -31
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +12 -27
- data/src/core/ext/filters/client_channel/lb_policy_registry.c +10 -25
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +10 -25
- data/src/core/ext/filters/client_channel/parse_address.c +10 -25
- data/src/core/ext/filters/client_channel/parse_address.h +10 -25
- data/src/core/ext/filters/client_channel/proxy_mapper.c +10 -25
- data/src/core/ext/filters/client_channel/proxy_mapper.h +10 -25
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.c +10 -25
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +10 -25
- data/src/core/ext/filters/client_channel/resolver.c +33 -38
- data/src/core/ext/filters/client_channel/resolver.h +19 -30
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.c +153 -50
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +14 -27
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.c +33 -30
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.c +326 -116
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +35 -36
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.c +60 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.c +19 -34
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.c +254 -0
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +60 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.c +16 -28
- data/src/core/ext/filters/client_channel/resolver_factory.c +10 -25
- data/src/core/ext/filters/client_channel/resolver_factory.h +10 -25
- data/src/core/ext/filters/client_channel/resolver_registry.c +10 -25
- data/src/core/ext/filters/client_channel/resolver_registry.h +10 -25
- data/src/core/ext/filters/client_channel/retry_throttle.c +23 -34
- data/src/core/ext/filters/client_channel/retry_throttle.h +10 -25
- data/src/core/ext/filters/client_channel/subchannel.c +33 -55
- data/src/core/ext/filters/client_channel/subchannel.h +16 -26
- data/src/core/ext/filters/client_channel/subchannel_index.c +55 -92
- data/src/core/ext/filters/client_channel/subchannel_index.h +26 -29
- data/src/core/ext/filters/client_channel/uri_parser.c +10 -25
- data/src/core/ext/filters/client_channel/uri_parser.h +10 -25
- data/src/core/ext/filters/deadline/deadline_filter.c +30 -45
- data/src/core/ext/filters/deadline/deadline_filter.h +10 -25
- data/src/core/ext/filters/http/client/http_client_filter.c +255 -294
- data/src/core/ext/filters/http/client/http_client_filter.h +10 -25
- data/src/core/ext/filters/http/http_filters_plugin.c +11 -26
- data/src/core/ext/filters/http/message_compress/message_compress_filter.c +133 -105
- data/src/core/ext/filters/http/message_compress/message_compress_filter.h +10 -25
- data/src/core/ext/filters/http/server/http_server_filter.c +17 -32
- data/src/core/ext/filters/http/server/http_server_filter.h +10 -25
- data/src/core/ext/filters/load_reporting/load_reporting.c +11 -30
- data/src/core/ext/filters/load_reporting/load_reporting.h +10 -25
- data/src/core/ext/filters/load_reporting/load_reporting_filter.c +11 -26
- data/src/core/ext/filters/load_reporting/load_reporting_filter.h +10 -25
- data/src/core/ext/filters/max_age/max_age_filter.c +28 -43
- data/src/core/ext/filters/max_age/max_age_filter.h +10 -25
- data/src/core/ext/filters/message_size/message_size_filter.c +24 -37
- data/src/core/ext/filters/message_size/message_size_filter.h +10 -25
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.c +16 -31
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +10 -25
- data/src/core/ext/filters/workarounds/workaround_utils.c +12 -26
- data/src/core/ext/filters/workarounds/workaround_utils.h +11 -26
- data/src/core/ext/transport/chttp2/alpn/alpn.c +10 -25
- data/src/core/ext/transport/chttp2/alpn/alpn.h +10 -25
- data/src/core/ext/transport/chttp2/client/chttp2_connector.c +13 -28
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +10 -25
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.c +13 -30
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c +12 -29
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c +13 -30
- data/src/core/ext/transport/chttp2/server/chttp2_server.c +11 -26
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +10 -25
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.c +10 -25
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.c +10 -25
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c +10 -25
- data/src/core/ext/transport/chttp2/transport/bin_decoder.c +11 -25
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +10 -25
- data/src/core/ext/transport/chttp2/transport/bin_encoder.c +10 -25
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +10 -25
- data/src/core/ext/transport/chttp2/transport/chttp2_plugin.c +15 -27
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.c +421 -443
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +14 -25
- data/src/core/ext/transport/chttp2/transport/flow_control.c +500 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_data.c +20 -28
- data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_goaway.c +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_ping.c +11 -26
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +11 -26
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_settings.c +16 -29
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_window_update.c +17 -33
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +10 -25
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.c +18 -31
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +12 -25
- data/src/core/ext/transport/chttp2/transport/hpack_parser.c +15 -30
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -25
- data/src/core/ext/transport/chttp2/transport/hpack_table.c +10 -25
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +10 -25
- data/src/core/ext/transport/chttp2/transport/http2_settings.c +10 -25
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +10 -25
- data/src/core/ext/transport/chttp2/transport/huffsyms.c +10 -25
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +10 -25
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.c +10 -25
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +10 -25
- data/src/core/ext/transport/chttp2/transport/internal.h +191 -179
- data/src/core/ext/transport/chttp2/transport/parsing.c +33 -102
- data/src/core/ext/transport/chttp2/transport/stream_lists.c +26 -28
- data/src/core/ext/transport/chttp2/transport/stream_map.c +10 -25
- data/src/core/ext/transport/chttp2/transport/stream_map.h +10 -25
- data/src/core/ext/transport/chttp2/transport/varint.c +14 -25
- data/src/core/ext/transport/chttp2/transport/varint.h +10 -25
- data/src/core/ext/transport/chttp2/transport/writing.c +164 -106
- data/src/core/ext/transport/inproc/inproc_plugin.c +29 -0
- data/src/core/ext/transport/inproc/inproc_transport.c +1303 -0
- data/src/core/ext/transport/inproc/inproc_transport.h +41 -0
- data/src/core/lib/channel/channel_args.c +52 -27
- data/src/core/lib/channel/channel_args.h +18 -27
- data/src/core/lib/channel/channel_stack.c +11 -26
- data/src/core/lib/channel/channel_stack.h +12 -27
- data/src/core/lib/channel/channel_stack_builder.c +11 -26
- data/src/core/lib/channel/channel_stack_builder.h +10 -25
- data/src/core/lib/channel/connected_channel.c +10 -25
- data/src/core/lib/channel/connected_channel.h +10 -25
- data/src/core/lib/channel/context.h +10 -25
- data/src/core/lib/channel/handshaker.c +14 -29
- data/src/core/lib/channel/handshaker.h +10 -25
- data/src/core/lib/channel/handshaker_factory.c +10 -25
- data/src/core/lib/channel/handshaker_factory.h +10 -25
- data/src/core/lib/channel/handshaker_registry.c +10 -25
- data/src/core/lib/channel/handshaker_registry.h +10 -25
- data/src/core/lib/compression/algorithm_metadata.h +10 -25
- data/src/core/lib/compression/compression.c +10 -25
- data/src/core/lib/compression/message_compress.c +10 -25
- data/src/core/lib/compression/message_compress.h +10 -25
- data/src/core/lib/compression/stream_compression.c +191 -0
- data/src/core/lib/compression/stream_compression.h +90 -0
- data/src/core/lib/debug/trace.c +28 -29
- data/src/core/lib/debug/trace.h +16 -30
- data/src/core/lib/http/format_request.c +10 -25
- data/src/core/lib/http/format_request.h +10 -25
- data/src/core/lib/http/httpcli.c +19 -35
- data/src/core/lib/http/httpcli.h +10 -25
- data/src/core/lib/http/httpcli_security_connector.c +17 -30
- data/src/core/lib/http/parser.c +11 -26
- data/src/core/lib/http/parser.h +10 -25
- data/src/core/lib/iomgr/closure.c +62 -25
- data/src/core/lib/iomgr/closure.h +81 -26
- data/src/core/lib/iomgr/combiner.c +103 -200
- data/src/core/lib/iomgr/combiner.h +14 -32
- data/src/core/lib/iomgr/endpoint.c +10 -29
- data/src/core/lib/iomgr/endpoint.h +10 -29
- data/src/core/lib/iomgr/endpoint_pair.h +10 -25
- data/src/core/lib/iomgr/endpoint_pair_posix.c +10 -25
- data/src/core/lib/iomgr/endpoint_pair_uv.c +10 -25
- data/src/core/lib/iomgr/endpoint_pair_windows.c +10 -25
- data/src/core/lib/iomgr/error.c +45 -46
- data/src/core/lib/iomgr/error.h +21 -34
- data/src/core/lib/iomgr/error_internal.h +10 -25
- data/src/core/lib/iomgr/ev_epoll1_linux.c +279 -179
- data/src/core/lib/iomgr/ev_epoll1_linux.h +10 -25
- data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.c +75 -264
- data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.h +10 -25
- data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.c +44 -199
- data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.h +10 -25
- data/src/core/lib/iomgr/ev_epollex_linux.c +184 -247
- data/src/core/lib/iomgr/ev_epollex_linux.h +10 -25
- data/src/core/lib/iomgr/ev_epollsig_linux.c +116 -323
- data/src/core/lib/iomgr/ev_epollsig_linux.h +10 -25
- data/src/core/lib/iomgr/ev_poll_posix.c +328 -184
- data/src/core/lib/iomgr/ev_poll_posix.h +10 -25
- data/src/core/lib/iomgr/ev_posix.c +25 -56
- data/src/core/lib/iomgr/ev_posix.h +15 -44
- data/src/core/lib/iomgr/ev_windows.c +11 -26
- data/src/core/lib/iomgr/exec_ctx.c +36 -45
- data/src/core/lib/iomgr/exec_ctx.h +10 -25
- data/src/core/lib/iomgr/executor.c +152 -127
- data/src/core/lib/iomgr/executor.h +18 -26
- data/src/core/lib/iomgr/gethostname.h +26 -0
- data/src/core/lib/iomgr/gethostname_fallback.c +27 -0
- data/src/core/lib/iomgr/gethostname_host_name_max.c +37 -0
- data/src/core/lib/iomgr/gethostname_sysconf.c +37 -0
- data/src/core/lib/iomgr/iocp_windows.c +10 -25
- data/src/core/lib/iomgr/iocp_windows.h +10 -25
- data/src/core/lib/iomgr/iomgr.c +17 -28
- data/src/core/lib/iomgr/iomgr.h +12 -27
- data/src/core/lib/iomgr/iomgr_internal.h +10 -25
- data/src/core/lib/iomgr/iomgr_posix.c +11 -26
- data/src/core/lib/iomgr/iomgr_posix.h +10 -25
- data/src/core/lib/iomgr/iomgr_uv.c +19 -26
- data/src/core/lib/iomgr/iomgr_uv.h +37 -0
- data/src/core/lib/iomgr/iomgr_windows.c +10 -25
- data/src/core/lib/iomgr/is_epollexclusive_available.c +10 -25
- data/src/core/lib/iomgr/is_epollexclusive_available.h +10 -25
- data/src/core/lib/iomgr/load_file.c +10 -25
- data/src/core/lib/iomgr/load_file.h +10 -25
- data/src/core/lib/iomgr/lockfree_event.c +22 -35
- data/src/core/lib/iomgr/lockfree_event.h +13 -27
- data/src/core/lib/iomgr/nameser.h +104 -0
- data/src/core/lib/iomgr/network_status_tracker.c +10 -25
- data/src/core/lib/iomgr/network_status_tracker.h +10 -25
- data/src/core/lib/iomgr/polling_entity.c +10 -25
- data/src/core/lib/iomgr/polling_entity.h +14 -34
- data/src/core/lib/iomgr/pollset.h +14 -25
- data/src/core/lib/iomgr/pollset_set.h +10 -25
- data/src/core/lib/iomgr/pollset_set_uv.c +10 -25
- data/src/core/lib/iomgr/pollset_set_windows.c +10 -25
- data/src/core/lib/iomgr/pollset_set_windows.h +10 -25
- data/src/core/lib/iomgr/pollset_uv.c +25 -26
- data/src/core/lib/iomgr/pollset_uv.h +10 -25
- data/src/core/lib/iomgr/pollset_windows.c +17 -27
- data/src/core/lib/iomgr/pollset_windows.h +10 -25
- data/src/core/lib/iomgr/port.h +24 -25
- data/src/core/lib/iomgr/resolve_address.h +10 -25
- data/src/core/lib/iomgr/resolve_address_posix.c +13 -28
- data/src/core/lib/iomgr/resolve_address_uv.c +31 -35
- data/src/core/lib/iomgr/resolve_address_windows.c +13 -28
- data/src/core/lib/iomgr/resource_quota.c +52 -67
- data/src/core/lib/iomgr/resource_quota.h +10 -25
- data/src/core/lib/iomgr/sockaddr.h +10 -25
- data/src/core/lib/iomgr/sockaddr_posix.h +10 -25
- data/src/core/lib/iomgr/sockaddr_utils.c +15 -25
- data/src/core/lib/iomgr/sockaddr_utils.h +12 -25
- data/src/core/lib/iomgr/sockaddr_windows.h +10 -25
- data/src/core/lib/iomgr/socket_factory_posix.c +13 -31
- data/src/core/lib/iomgr/socket_factory_posix.h +10 -25
- data/src/core/lib/iomgr/socket_mutator.c +14 -31
- data/src/core/lib/iomgr/socket_mutator.h +10 -25
- data/src/core/lib/iomgr/socket_utils.h +10 -25
- data/src/core/lib/iomgr/socket_utils_common_posix.c +10 -25
- data/src/core/lib/iomgr/socket_utils_linux.c +10 -25
- data/src/core/lib/iomgr/socket_utils_posix.c +10 -25
- data/src/core/lib/iomgr/socket_utils_posix.h +10 -25
- data/src/core/lib/iomgr/socket_utils_uv.c +10 -25
- data/src/core/lib/iomgr/socket_utils_windows.c +10 -25
- data/src/core/lib/iomgr/socket_windows.c +12 -27
- data/src/core/lib/iomgr/socket_windows.h +10 -25
- data/src/core/lib/iomgr/sys_epoll_wrapper.h +10 -25
- data/src/core/lib/iomgr/tcp_client.h +10 -25
- data/src/core/lib/iomgr/tcp_client_posix.c +21 -34
- data/src/core/lib/iomgr/tcp_client_posix.h +10 -25
- data/src/core/lib/iomgr/tcp_client_uv.c +18 -27
- data/src/core/lib/iomgr/tcp_client_windows.c +14 -29
- data/src/core/lib/iomgr/tcp_posix.c +36 -55
- data/src/core/lib/iomgr/tcp_posix.h +10 -25
- data/src/core/lib/iomgr/tcp_server.h +10 -25
- data/src/core/lib/iomgr/tcp_server_posix.c +16 -31
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +10 -25
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.c +11 -26
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.c +10 -25
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.c +10 -25
- data/src/core/lib/iomgr/tcp_server_uv.c +103 -64
- data/src/core/lib/iomgr/tcp_server_windows.c +14 -29
- data/src/core/lib/iomgr/tcp_uv.c +41 -45
- data/src/core/lib/iomgr/tcp_uv.h +10 -25
- data/src/core/lib/iomgr/tcp_windows.c +39 -53
- data/src/core/lib/iomgr/tcp_windows.h +10 -25
- data/src/core/lib/iomgr/time_averaged_stats.c +10 -25
- data/src/core/lib/iomgr/time_averaged_stats.h +10 -25
- data/src/core/lib/iomgr/timer.h +18 -27
- data/src/core/lib/iomgr/timer_generic.c +91 -87
- data/src/core/lib/iomgr/timer_generic.h +10 -25
- data/src/core/lib/iomgr/timer_heap.c +10 -25
- data/src/core/lib/iomgr/timer_heap.h +10 -25
- data/src/core/lib/iomgr/timer_manager.c +178 -100
- data/src/core/lib/iomgr/timer_manager.h +10 -25
- data/src/core/lib/iomgr/timer_uv.c +23 -33
- data/src/core/lib/iomgr/timer_uv.h +10 -25
- data/src/core/lib/iomgr/udp_server.c +17 -32
- data/src/core/lib/iomgr/udp_server.h +10 -25
- data/src/core/lib/iomgr/unix_sockets_posix.c +10 -25
- data/src/core/lib/iomgr/unix_sockets_posix.h +10 -25
- data/src/core/lib/iomgr/unix_sockets_posix_noop.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_cv.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_cv.h +13 -28
- data/src/core/lib/iomgr/wakeup_fd_eventfd.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_nospecial.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_pipe.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_pipe.h +10 -25
- data/src/core/lib/iomgr/wakeup_fd_posix.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_posix.h +10 -25
- data/src/core/lib/json/json.c +10 -25
- data/src/core/lib/json/json.h +10 -25
- data/src/core/lib/json/json_common.h +10 -25
- data/src/core/lib/json/json_reader.c +11 -25
- data/src/core/lib/json/json_reader.h +10 -25
- data/src/core/lib/json/json_string.c +10 -25
- data/src/core/lib/json/json_writer.c +10 -25
- data/src/core/lib/json/json_writer.h +10 -25
- data/src/core/lib/profiling/basic_timers.c +10 -25
- data/src/core/lib/profiling/stap_timers.c +10 -25
- data/src/core/lib/profiling/timers.h +10 -25
- data/src/core/lib/security/context/security_context.c +32 -40
- data/src/core/lib/security/context/security_context.h +15 -26
- data/src/core/lib/security/credentials/composite/composite_credentials.c +76 -81
- data/src/core/lib/security/credentials/composite/composite_credentials.h +10 -25
- data/src/core/lib/security/credentials/credentials.c +29 -49
- data/src/core/lib/security/credentials/credentials.h +48 -61
- data/src/core/lib/security/credentials/credentials_metadata.c +34 -78
- data/src/core/lib/security/credentials/fake/fake_credentials.c +33 -56
- data/src/core/lib/security/credentials/fake/fake_credentials.h +12 -27
- data/src/core/lib/security/credentials/google_default/credentials_generic.c +10 -25
- data/src/core/lib/security/credentials/google_default/google_default_credentials.c +12 -27
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +10 -25
- data/src/core/lib/security/credentials/iam/iam_credentials.c +40 -40
- data/src/core/lib/security/credentials/iam/iam_credentials.h +11 -26
- data/src/core/lib/security/credentials/jwt/json_token.c +10 -25
- data/src/core/lib/security/credentials/jwt/json_token.h +10 -25
- data/src/core/lib/security/credentials/jwt/jwt_credentials.c +45 -48
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +11 -26
- data/src/core/lib/security/credentials/jwt/jwt_verifier.c +53 -33
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +10 -25
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.c +155 -87
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +24 -28
- data/src/core/lib/security/credentials/plugin/plugin_credentials.c +118 -82
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +24 -27
- data/src/core/lib/security/credentials/ssl/ssl_credentials.c +13 -32
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -25
- data/src/core/lib/security/transport/auth_filters.h +10 -25
- data/src/core/lib/security/transport/client_auth_filter.c +217 -112
- data/src/core/lib/security/transport/lb_targets_info.c +16 -32
- data/src/core/lib/security/transport/lb_targets_info.h +10 -25
- data/src/core/lib/security/transport/secure_endpoint.c +29 -43
- data/src/core/lib/security/transport/secure_endpoint.h +10 -25
- data/src/core/lib/security/transport/security_connector.c +80 -61
- data/src/core/lib/security/transport/security_connector.h +35 -35
- data/src/core/lib/security/transport/security_handshaker.c +18 -33
- data/src/core/lib/security/transport/security_handshaker.h +10 -25
- data/src/core/lib/security/transport/server_auth_filter.c +62 -116
- data/src/core/lib/security/transport/tsi_error.c +10 -25
- data/src/core/lib/security/transport/tsi_error.h +10 -25
- data/src/core/lib/security/util/json_util.c +10 -25
- data/src/core/lib/security/util/json_util.h +10 -25
- data/src/core/lib/slice/b64.c +10 -25
- data/src/core/lib/slice/b64.h +10 -25
- data/src/core/lib/slice/percent_encoding.c +10 -25
- data/src/core/lib/slice/percent_encoding.h +10 -25
- data/src/core/lib/slice/slice.c +10 -25
- data/src/core/lib/slice/slice_buffer.c +10 -25
- data/src/core/lib/slice/slice_hash_table.c +48 -26
- data/src/core/lib/slice/slice_hash_table.h +26 -28
- data/src/core/lib/slice/slice_intern.c +10 -25
- data/src/core/lib/slice/slice_internal.h +10 -25
- data/src/core/lib/slice/slice_string_helpers.c +10 -25
- data/src/core/lib/slice/slice_string_helpers.h +10 -25
- data/src/core/lib/support/alloc.c +10 -25
- data/src/core/lib/support/arena.c +12 -27
- data/src/core/lib/support/arena.h +10 -25
- data/src/core/lib/support/atm.c +17 -32
- data/src/core/lib/support/atomic.h +10 -25
- data/src/core/lib/support/atomic_with_atm.h +10 -25
- data/src/core/lib/support/atomic_with_std.h +10 -25
- data/src/core/lib/support/avl.c +101 -101
- data/src/core/lib/support/backoff.c +10 -25
- data/src/core/lib/support/backoff.h +10 -25
- data/src/core/lib/support/block_annotate.h +10 -25
- data/src/core/lib/support/cmdline.c +10 -25
- data/src/core/lib/support/cpu_iphone.c +10 -25
- data/src/core/lib/support/cpu_linux.c +10 -25
- data/src/core/lib/support/cpu_posix.c +10 -25
- data/src/core/lib/support/cpu_windows.c +10 -25
- data/src/core/lib/support/env.h +16 -25
- data/src/core/lib/support/env_linux.c +30 -37
- data/src/core/lib/support/env_posix.c +15 -25
- data/src/core/lib/support/env_windows.c +15 -25
- data/src/core/lib/support/histogram.c +10 -25
- data/src/core/lib/support/host_port.c +10 -25
- data/src/core/lib/support/log.c +20 -29
- data/src/core/lib/support/log_android.c +10 -25
- data/src/core/lib/support/log_linux.c +13 -26
- data/src/core/lib/support/log_posix.c +10 -25
- data/src/core/lib/support/log_windows.c +10 -25
- data/src/core/lib/support/memory.h +10 -25
- data/src/core/lib/support/mpscq.c +11 -49
- data/src/core/lib/support/mpscq.h +11 -50
- data/src/core/lib/support/murmur_hash.c +12 -25
- data/src/core/lib/support/murmur_hash.h +10 -25
- data/src/core/lib/support/spinlock.h +10 -25
- data/src/core/lib/support/stack_lockfree.c +10 -25
- data/src/core/lib/support/stack_lockfree.h +10 -25
- data/src/core/lib/support/string.c +10 -25
- data/src/core/lib/support/string.h +10 -25
- data/src/core/lib/support/string_posix.c +10 -25
- data/src/core/lib/support/string_util_windows.c +10 -25
- data/src/core/lib/support/string_windows.c +10 -25
- data/src/core/lib/support/string_windows.h +10 -25
- data/src/core/lib/support/subprocess_posix.c +10 -25
- data/src/core/lib/support/subprocess_windows.c +10 -25
- data/src/core/lib/support/sync.c +10 -25
- data/src/core/lib/support/sync_posix.c +10 -25
- data/src/core/lib/support/sync_windows.c +10 -25
- data/src/core/lib/support/thd.c +10 -25
- data/src/core/lib/support/thd_internal.h +10 -25
- data/src/core/lib/support/thd_posix.c +10 -25
- data/src/core/lib/support/thd_windows.c +10 -25
- data/src/core/lib/support/time.c +10 -25
- data/src/core/lib/support/time_posix.c +10 -25
- data/src/core/lib/support/time_precise.c +18 -33
- data/src/core/lib/support/time_precise.h +10 -25
- data/src/core/lib/support/time_windows.c +10 -25
- data/src/core/lib/support/tls_pthread.c +10 -25
- data/src/core/lib/support/tmpfile.h +10 -25
- data/src/core/lib/support/tmpfile_msys.c +10 -25
- data/src/core/lib/support/tmpfile_posix.c +10 -25
- data/src/core/lib/support/tmpfile_windows.c +10 -25
- data/src/core/lib/support/wrap_memcpy.c +10 -25
- data/src/core/lib/surface/alarm.c +78 -35
- data/src/core/lib/surface/alarm_internal.h +40 -0
- data/src/core/lib/surface/api_trace.c +11 -26
- data/src/core/lib/surface/api_trace.h +10 -25
- data/src/core/lib/surface/byte_buffer.c +10 -25
- data/src/core/lib/surface/byte_buffer_reader.c +10 -25
- data/src/core/lib/surface/call.c +64 -84
- data/src/core/lib/surface/call.h +11 -26
- data/src/core/lib/surface/call_details.c +10 -25
- data/src/core/lib/surface/call_log_batch.c +10 -25
- data/src/core/lib/surface/call_test_only.h +10 -25
- data/src/core/lib/surface/channel.c +11 -26
- data/src/core/lib/surface/channel.h +11 -26
- data/src/core/lib/surface/channel_init.c +10 -25
- data/src/core/lib/surface/channel_init.h +10 -25
- data/src/core/lib/surface/channel_ping.c +12 -27
- data/src/core/lib/surface/channel_stack_type.c +10 -25
- data/src/core/lib/surface/channel_stack_type.h +10 -25
- data/src/core/lib/surface/completion_queue.c +442 -331
- data/src/core/lib/surface/completion_queue.h +16 -33
- data/src/core/lib/surface/completion_queue_factory.c +10 -25
- data/src/core/lib/surface/completion_queue_factory.h +10 -25
- data/src/core/lib/surface/event_string.c +10 -25
- data/src/core/lib/surface/event_string.h +10 -25
- data/src/core/lib/surface/init.c +38 -47
- data/src/core/lib/surface/init.h +10 -25
- data/src/core/lib/surface/init_secure.c +20 -27
- data/src/core/lib/surface/lame_client.cc +14 -29
- data/src/core/lib/surface/lame_client.h +10 -25
- data/src/core/lib/surface/metadata_array.c +10 -25
- data/src/core/lib/surface/server.c +128 -81
- data/src/core/lib/surface/server.h +10 -25
- data/src/core/lib/surface/validate_metadata.c +10 -25
- data/src/core/lib/surface/validate_metadata.h +10 -25
- data/src/core/lib/surface/version.c +11 -26
- data/src/core/lib/transport/bdp_estimator.c +19 -29
- data/src/core/lib/transport/bdp_estimator.h +16 -29
- data/src/core/lib/transport/byte_stream.c +127 -36
- data/src/core/lib/transport/byte_stream.h +88 -46
- data/src/core/lib/transport/connectivity_state.c +17 -31
- data/src/core/lib/transport/connectivity_state.h +10 -25
- data/src/core/lib/transport/error_utils.c +10 -25
- data/src/core/lib/transport/error_utils.h +10 -25
- data/src/core/lib/transport/http2_errors.h +10 -25
- data/src/core/lib/transport/metadata.c +87 -85
- data/src/core/lib/transport/metadata.h +15 -28
- data/src/core/lib/transport/metadata_batch.c +10 -25
- data/src/core/lib/transport/metadata_batch.h +10 -25
- data/src/core/lib/transport/pid_controller.c +10 -25
- data/src/core/lib/transport/pid_controller.h +10 -25
- data/src/core/lib/transport/service_config.c +11 -26
- data/src/core/lib/transport/service_config.h +10 -25
- data/src/core/lib/transport/static_metadata.c +12 -26
- data/src/core/lib/transport/static_metadata.h +10 -25
- data/src/core/lib/transport/status_conversion.c +10 -25
- data/src/core/lib/transport/status_conversion.h +10 -25
- data/src/core/lib/transport/timeout_encoding.c +10 -25
- data/src/core/lib/transport/timeout_encoding.h +10 -25
- data/src/core/lib/transport/transport.c +60 -53
- data/src/core/lib/transport/transport.h +36 -34
- data/src/core/lib/transport/transport_impl.h +10 -25
- data/src/core/lib/transport/transport_op_string.c +10 -28
- data/src/core/plugin_registry/grpc_plugin_registry.c +22 -25
- data/src/core/tsi/fake_transport_security.c +199 -94
- data/src/core/tsi/fake_transport_security.h +11 -26
- data/src/core/tsi/gts_transport_security.c +40 -0
- data/src/core/tsi/gts_transport_security.h +37 -0
- data/src/core/tsi/ssl_transport_security.c +13 -32
- data/src/core/tsi/ssl_transport_security.h +10 -25
- data/src/core/tsi/ssl_types.h +10 -25
- data/src/core/tsi/transport_security.c +48 -78
- data/src/core/tsi/transport_security.h +18 -27
- data/src/core/tsi/transport_security_adapter.c +17 -29
- data/src/core/tsi/transport_security_adapter.h +10 -25
- data/src/core/tsi/transport_security_grpc.c +64 -0
- data/src/core/tsi/transport_security_grpc.h +80 -0
- data/src/core/tsi/transport_security_interface.h +21 -27
- data/src/ruby/bin/apis/google/protobuf/empty.rb +10 -25
- data/src/ruby/bin/apis/pubsub_demo.rb +10 -25
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +10 -25
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +10 -25
- data/src/ruby/bin/math_client.rb +10 -25
- data/src/ruby/bin/math_server.rb +10 -25
- data/src/ruby/bin/math_services_pb.rb +10 -25
- data/src/ruby/bin/noproto_client.rb +10 -25
- data/src/ruby/bin/noproto_server.rb +10 -25
- data/src/ruby/ext/grpc/extconf.rb +10 -25
- data/src/ruby/ext/grpc/rb_byte_buffer.c +10 -25
- data/src/ruby/ext/grpc/rb_byte_buffer.h +10 -25
- data/src/ruby/ext/grpc/rb_call.c +44 -25
- data/src/ruby/ext/grpc/rb_call.h +10 -25
- data/src/ruby/ext/grpc/rb_call_credentials.c +10 -25
- data/src/ruby/ext/grpc/rb_call_credentials.h +10 -25
- data/src/ruby/ext/grpc/rb_channel.c +10 -25
- data/src/ruby/ext/grpc/rb_channel.h +10 -25
- data/src/ruby/ext/grpc/rb_channel_args.c +10 -25
- data/src/ruby/ext/grpc/rb_channel_args.h +10 -25
- data/src/ruby/ext/grpc/rb_channel_credentials.c +10 -25
- data/src/ruby/ext/grpc/rb_channel_credentials.h +10 -25
- data/src/ruby/ext/grpc/rb_completion_queue.c +10 -25
- data/src/ruby/ext/grpc/rb_completion_queue.h +10 -25
- data/src/ruby/ext/grpc/rb_compression_options.c +10 -25
- data/src/ruby/ext/grpc/rb_compression_options.h +10 -25
- data/src/ruby/ext/grpc/rb_event_thread.c +10 -25
- data/src/ruby/ext/grpc/rb_event_thread.h +10 -25
- data/src/ruby/ext/grpc/rb_grpc.c +10 -25
- data/src/ruby/ext/grpc/rb_grpc.h +10 -25
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +10 -25
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +16 -31
- data/src/ruby/ext/grpc/rb_loader.c +10 -25
- data/src/ruby/ext/grpc/rb_loader.h +10 -25
- data/src/ruby/ext/grpc/rb_server.c +10 -25
- data/src/ruby/ext/grpc/rb_server.h +10 -25
- data/src/ruby/ext/grpc/rb_server_credentials.c +10 -25
- data/src/ruby/ext/grpc/rb_server_credentials.h +10 -25
- data/src/ruby/lib/grpc.rb +10 -25
- data/src/ruby/lib/grpc/core/time_consts.rb +10 -25
- data/src/ruby/lib/grpc/errors.rb +16 -30
- data/src/ruby/lib/grpc/generic/active_call.rb +25 -27
- data/src/ruby/lib/grpc/generic/bidi_call.rb +17 -27
- data/src/ruby/lib/grpc/generic/client_stub.rb +10 -25
- data/src/ruby/lib/grpc/generic/rpc_desc.rb +10 -25
- data/src/ruby/lib/grpc/generic/rpc_server.rb +10 -25
- data/src/ruby/lib/grpc/generic/service.rb +10 -25
- data/src/ruby/lib/grpc/grpc.rb +10 -25
- data/src/ruby/lib/grpc/logconfig.rb +10 -25
- data/src/ruby/lib/grpc/notifier.rb +10 -25
- data/src/ruby/lib/grpc/version.rb +11 -26
- data/src/ruby/pb/generate_proto_ruby.sh +10 -25
- data/src/ruby/pb/grpc/health/checker.rb +10 -25
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +10 -25
- data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +10 -25
- data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +10 -25
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +10 -25
- data/src/ruby/pb/test/client.rb +10 -25
- data/src/ruby/pb/test/server.rb +10 -25
- data/src/ruby/spec/call_credentials_spec.rb +10 -25
- data/src/ruby/spec/call_spec.rb +43 -25
- data/src/ruby/spec/channel_connection_spec.rb +10 -25
- data/src/ruby/spec/channel_credentials_spec.rb +11 -26
- data/src/ruby/spec/channel_spec.rb +10 -25
- data/src/ruby/spec/client_auth_spec.rb +10 -25
- data/src/ruby/spec/client_server_spec.rb +66 -25
- data/src/ruby/spec/compression_options_spec.rb +10 -25
- data/src/ruby/spec/error_sanity_spec.rb +10 -25
- data/src/ruby/spec/generic/active_call_spec.rb +10 -25
- data/src/ruby/spec/generic/client_stub_spec.rb +146 -35
- data/src/ruby/spec/generic/rpc_desc_spec.rb +10 -25
- data/src/ruby/spec/generic/rpc_server_pool_spec.rb +10 -25
- data/src/ruby/spec/generic/rpc_server_spec.rb +124 -34
- data/src/ruby/spec/generic/service_spec.rb +10 -25
- data/src/ruby/spec/pb/duplicate/codegen_spec.rb +10 -25
- data/src/ruby/spec/pb/health/checker_spec.rb +10 -25
- data/src/ruby/spec/server_credentials_spec.rb +10 -25
- data/src/ruby/spec/server_spec.rb +10 -25
- data/src/ruby/spec/spec_helper.rb +10 -25
- data/src/ruby/spec/time_consts_spec.rb +10 -25
- data/third_party/boringssl/crypto/aes/key_wrap.c +138 -0
- data/third_party/boringssl/crypto/asn1/a_bitstr.c +6 -3
- data/third_party/boringssl/crypto/asn1/a_enum.c +4 -1
- data/third_party/boringssl/crypto/asn1/a_gentm.c +20 -15
- data/third_party/boringssl/crypto/asn1/a_int.c +7 -4
- data/third_party/boringssl/crypto/asn1/a_object.c +5 -2
- data/third_party/boringssl/crypto/asn1/a_time.c +0 -1
- data/third_party/boringssl/crypto/asn1/a_utctm.c +1 -2
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -2
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +35 -0
- data/third_party/boringssl/crypto/asn1/tasn_dec.c +3 -1
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +6 -3
- data/third_party/boringssl/crypto/asn1/tasn_new.c +12 -7
- data/third_party/boringssl/crypto/asn1/tasn_utl.c +22 -8
- data/third_party/boringssl/crypto/{time_support.c → asn1/time_support.c} +1 -1
- data/third_party/boringssl/crypto/asn1/x_long.c +5 -2
- data/third_party/boringssl/crypto/base64/base64.c +7 -5
- data/third_party/boringssl/crypto/bio/bio.c +24 -10
- data/third_party/boringssl/crypto/bio/bio_mem.c +12 -10
- data/third_party/boringssl/crypto/bio/connect.c +7 -18
- data/third_party/boringssl/crypto/bio/fd.c +3 -6
- data/third_party/boringssl/crypto/bio/file.c +6 -6
- data/third_party/boringssl/crypto/bio/hexdump.c +4 -2
- data/third_party/boringssl/crypto/bio/pair.c +30 -344
- data/third_party/boringssl/crypto/bio/socket.c +6 -7
- data/third_party/boringssl/crypto/bio/socket_helper.c +4 -3
- data/third_party/boringssl/crypto/bn/add.c +1 -1
- data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +11 -10
- data/third_party/boringssl/crypto/bn/bn.c +6 -20
- data/third_party/boringssl/crypto/bn/cmp.c +14 -0
- data/third_party/boringssl/crypto/bn/convert.c +73 -2
- data/third_party/boringssl/crypto/bn/ctx.c +3 -1
- data/third_party/boringssl/crypto/bn/div.c +108 -51
- data/third_party/boringssl/crypto/bn/exponentiation.c +15 -33
- data/third_party/boringssl/crypto/bn/gcd.c +29 -22
- data/third_party/boringssl/crypto/bn/generic.c +71 -67
- data/third_party/boringssl/crypto/bn/internal.h +19 -6
- data/third_party/boringssl/crypto/bn/kronecker.c +1 -0
- data/third_party/boringssl/crypto/bn/montgomery.c +9 -10
- data/third_party/boringssl/crypto/bn/montgomery_inv.c +47 -0
- data/third_party/boringssl/crypto/bn/mul.c +11 -9
- data/third_party/boringssl/crypto/bn/random.c +6 -3
- data/third_party/boringssl/crypto/bn/rsaz_exp.c +0 -65
- data/third_party/boringssl/crypto/bn/rsaz_exp.h +0 -3
- data/third_party/boringssl/crypto/bn/shift.c +9 -1
- data/third_party/boringssl/crypto/bn/sqrt.c +3 -1
- data/third_party/boringssl/crypto/buf/buf.c +6 -4
- data/third_party/boringssl/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl/crypto/bytestring/ber.c +2 -1
- data/third_party/boringssl/crypto/bytestring/cbb.c +9 -7
- data/third_party/boringssl/crypto/bytestring/cbs.c +54 -2
- data/third_party/boringssl/crypto/chacha/chacha.c +1 -1
- data/third_party/boringssl/crypto/cipher/aead.c +3 -3
- data/third_party/boringssl/crypto/cipher/cipher.c +18 -13
- data/third_party/boringssl/crypto/cipher/e_aes.c +335 -281
- data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +113 -137
- data/third_party/boringssl/crypto/cipher/e_null.c +2 -1
- data/third_party/boringssl/crypto/cipher/e_rc2.c +54 -49
- data/third_party/boringssl/crypto/cipher/e_ssl3.c +4 -3
- data/third_party/boringssl/crypto/cipher/e_tls.c +5 -5
- data/third_party/boringssl/crypto/cipher/tls_cbc.c +41 -112
- data/third_party/boringssl/crypto/cmac/cmac.c +6 -4
- data/third_party/boringssl/crypto/conf/conf.c +6 -3
- data/third_party/boringssl/crypto/cpu-arm-linux.c +2 -2
- data/third_party/boringssl/crypto/curve25519/curve25519.c +28 -34
- data/third_party/boringssl/crypto/curve25519/spake25519.c +7 -6
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +2 -1
- data/third_party/boringssl/crypto/des/des.c +1 -1
- data/third_party/boringssl/crypto/des/internal.h +58 -46
- data/third_party/boringssl/crypto/dh/dh.c +4 -8
- data/third_party/boringssl/crypto/digest/digest.c +5 -2
- data/third_party/boringssl/crypto/digest/digests.c +70 -33
- data/third_party/boringssl/crypto/digest/md32_common.h +39 -27
- data/third_party/boringssl/crypto/dsa/dsa.c +11 -19
- data/third_party/boringssl/crypto/ec/ec.c +1 -1
- data/third_party/boringssl/crypto/ec/ec_asn1.c +3 -2
- data/third_party/boringssl/crypto/ec/ec_key.c +1 -1
- data/third_party/boringssl/crypto/ec/ec_montgomery.c +6 -11
- data/third_party/boringssl/crypto/ec/oct.c +2 -14
- data/third_party/boringssl/crypto/ec/p224-64.c +78 -122
- data/third_party/boringssl/crypto/ec/p256-64.c +93 -133
- data/third_party/boringssl/crypto/ec/p256-x86_64.c +48 -61
- data/third_party/boringssl/crypto/ec/p256-x86_64.h +113 -0
- data/third_party/boringssl/crypto/ec/simple.c +2 -1
- data/third_party/boringssl/crypto/ec/wnaf.c +52 -43
- data/third_party/boringssl/crypto/ecdh/ecdh.c +4 -2
- data/third_party/boringssl/crypto/ecdsa/ecdsa.c +17 -16
- data/third_party/boringssl/crypto/engine/engine.c +3 -1
- data/third_party/boringssl/crypto/err/err.c +5 -5
- data/third_party/boringssl/crypto/evp/evp.c +1 -1
- data/third_party/boringssl/crypto/evp/evp_asn1.c +1 -1
- data/third_party/boringssl/crypto/evp/evp_ctx.c +23 -29
- data/third_party/boringssl/crypto/evp/p_ec.c +2 -1
- data/third_party/boringssl/crypto/evp/p_rsa.c +9 -3
- data/third_party/boringssl/crypto/evp/pbkdf.c +3 -1
- data/third_party/boringssl/crypto/hkdf/hkdf.c +3 -1
- data/third_party/boringssl/crypto/hmac/hmac.c +4 -2
- data/third_party/boringssl/crypto/internal.h +81 -0
- data/third_party/boringssl/crypto/lhash/lhash.c +7 -13
- data/third_party/boringssl/crypto/md4/md4.c +20 -18
- data/third_party/boringssl/crypto/md5/md5.c +31 -21
- data/third_party/boringssl/crypto/mem.c +4 -10
- data/third_party/boringssl/crypto/modes/cbc.c +2 -6
- data/third_party/boringssl/crypto/modes/cfb.c +2 -2
- data/third_party/boringssl/crypto/modes/ctr.c +1 -1
- data/third_party/boringssl/crypto/modes/gcm.c +117 -334
- data/third_party/boringssl/crypto/modes/internal.h +107 -84
- data/third_party/boringssl/crypto/modes/ofb.c +3 -3
- data/third_party/boringssl/crypto/modes/polyval.c +94 -0
- data/third_party/boringssl/crypto/obj/obj.c +13 -8
- data/third_party/boringssl/crypto/obj/obj_dat.h +6109 -5187
- data/third_party/boringssl/crypto/obj/obj_xref.c +55 -57
- data/third_party/boringssl/crypto/pem/pem_lib.c +6 -3
- data/third_party/boringssl/crypto/pkcs8/internal.h +27 -8
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +137 -352
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +371 -364
- data/third_party/boringssl/crypto/poly1305/poly1305.c +12 -18
- data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +2 -2
- data/third_party/boringssl/crypto/{newhope/reduce.c → pool/internal.h} +24 -21
- data/third_party/boringssl/crypto/pool/pool.c +200 -0
- data/third_party/boringssl/crypto/rand/deterministic.c +6 -5
- data/third_party/boringssl/crypto/rand/fuchsia.c +43 -0
- data/third_party/boringssl/crypto/rand/rand.c +7 -7
- data/third_party/boringssl/crypto/rand/urandom.c +136 -22
- data/third_party/boringssl/crypto/rand/windows.c +2 -2
- data/third_party/boringssl/crypto/rsa/blinding.c +2 -1
- data/third_party/boringssl/crypto/rsa/padding.c +11 -11
- data/third_party/boringssl/crypto/rsa/rsa.c +4 -4
- data/third_party/boringssl/crypto/rsa/rsa_asn1.c +7 -1
- data/third_party/boringssl/crypto/rsa/rsa_impl.c +41 -80
- data/third_party/boringssl/crypto/sha/sha1-altivec.c +346 -0
- data/third_party/boringssl/crypto/sha/sha1.c +60 -42
- data/third_party/boringssl/crypto/sha/sha256.c +4 -2
- data/third_party/boringssl/crypto/sha/sha512.c +9 -7
- data/third_party/boringssl/crypto/stack/stack.c +10 -7
- data/third_party/boringssl/crypto/thread_pthread.c +2 -2
- data/third_party/boringssl/crypto/thread_win.c +2 -2
- data/third_party/boringssl/crypto/x509/a_verify.c +1 -1
- data/third_party/boringssl/crypto/x509/asn1_gen.c +1 -1
- data/third_party/boringssl/crypto/x509/by_dir.c +1 -1
- data/third_party/boringssl/crypto/x509/t_x509.c +78 -38
- data/third_party/boringssl/crypto/x509/x509_cmp.c +8 -5
- data/third_party/boringssl/crypto/x509/x509_lu.c +6 -1
- data/third_party/boringssl/crypto/x509/x509_obj.c +4 -1
- data/third_party/boringssl/crypto/x509/x509_vfy.c +42 -8
- data/third_party/boringssl/crypto/x509/x509_vpm.c +8 -6
- data/third_party/boringssl/crypto/x509/x509name.c +4 -1
- data/third_party/boringssl/crypto/x509/x_crl.c +4 -2
- data/third_party/boringssl/crypto/x509/x_name.c +23 -13
- data/third_party/boringssl/crypto/x509/x_pkey.c +4 -1
- data/third_party/boringssl/crypto/x509/x_x509.c +42 -3
- data/third_party/boringssl/crypto/x509v3/pcy_int.h +2 -2
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +1 -1
- data/third_party/boringssl/crypto/x509v3/v3_ia5.c +4 -1
- data/third_party/boringssl/crypto/x509v3/v3_ncons.c +4 -1
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +6 -3
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +13 -21
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +19 -33
- data/third_party/boringssl/include/openssl/aead.h +9 -20
- data/third_party/boringssl/include/openssl/aes.h +21 -9
- data/third_party/boringssl/include/openssl/asn1.h +9 -1
- data/third_party/boringssl/include/openssl/base.h +33 -6
- data/third_party/boringssl/include/openssl/bio.h +10 -103
- data/third_party/boringssl/include/openssl/bn.h +58 -42
- data/third_party/boringssl/include/openssl/bytestring.h +17 -0
- data/third_party/boringssl/include/openssl/cipher.h +4 -3
- data/third_party/boringssl/include/openssl/conf.h +4 -1
- data/third_party/boringssl/include/openssl/curve25519.h +13 -0
- data/third_party/boringssl/include/openssl/digest.h +5 -3
- data/third_party/boringssl/include/openssl/dsa.h +5 -5
- data/third_party/boringssl/include/openssl/ec.h +2 -2
- data/third_party/boringssl/include/openssl/ecdh.h +3 -4
- data/third_party/boringssl/include/openssl/ecdsa.h +10 -10
- data/third_party/boringssl/include/openssl/err.h +5 -5
- data/third_party/boringssl/include/openssl/evp.h +11 -7
- data/third_party/boringssl/include/openssl/lhash.h +2 -3
- data/third_party/boringssl/include/openssl/lhash_macros.h +56 -14
- data/third_party/boringssl/include/openssl/nid.h +2949 -2916
- data/third_party/boringssl/include/openssl/obj.h +1 -1
- data/third_party/boringssl/include/openssl/pkcs8.h +21 -42
- data/third_party/boringssl/include/openssl/pool.h +87 -0
- data/third_party/boringssl/include/openssl/rand.h +1 -1
- data/third_party/boringssl/include/openssl/rsa.h +4 -2
- data/third_party/boringssl/include/openssl/sha.h +0 -4
- data/third_party/boringssl/include/openssl/ssl.h +327 -662
- data/third_party/boringssl/include/openssl/ssl3.h +1 -21
- data/third_party/boringssl/include/openssl/stack.h +1 -0
- data/third_party/boringssl/include/openssl/stack_macros.h +85 -0
- data/third_party/boringssl/include/openssl/tls1.h +23 -52
- data/third_party/boringssl/include/openssl/type_check.h +4 -0
- data/third_party/boringssl/include/openssl/x509.h +10 -59
- data/third_party/boringssl/include/openssl/x509_vfy.h +7 -1
- data/third_party/boringssl/include/openssl/x509v3.h +4 -4
- data/third_party/boringssl/ssl/bio_ssl.c +175 -0
- data/third_party/boringssl/ssl/custom_extensions.c +24 -21
- data/third_party/boringssl/ssl/d1_both.c +259 -289
- data/third_party/boringssl/ssl/d1_lib.c +8 -20
- data/third_party/boringssl/ssl/d1_pkt.c +6 -15
- data/third_party/boringssl/ssl/dtls_method.c +22 -8
- data/third_party/boringssl/ssl/dtls_record.c +27 -2
- data/third_party/boringssl/ssl/handshake_client.c +460 -579
- data/third_party/boringssl/ssl/handshake_server.c +662 -644
- data/third_party/boringssl/ssl/internal.h +1009 -375
- data/third_party/boringssl/ssl/s3_both.c +312 -162
- data/third_party/boringssl/ssl/s3_lib.c +12 -128
- data/third_party/boringssl/ssl/s3_pkt.c +22 -30
- data/third_party/boringssl/ssl/ssl_aead_ctx.c +28 -22
- data/third_party/boringssl/ssl/ssl_asn1.c +210 -114
- data/third_party/boringssl/ssl/ssl_buffer.c +2 -1
- data/third_party/boringssl/ssl/ssl_cert.c +417 -219
- data/third_party/boringssl/ssl/ssl_cipher.c +191 -393
- data/third_party/boringssl/ssl/ssl_ecdh.c +19 -164
- data/third_party/boringssl/ssl/ssl_file.c +0 -11
- data/third_party/boringssl/ssl/ssl_lib.c +325 -652
- data/third_party/boringssl/ssl/{ssl_rsa.c → ssl_privkey.c} +21 -131
- data/third_party/boringssl/ssl/ssl_privkey_cc.cc +76 -0
- data/third_party/boringssl/ssl/ssl_session.c +206 -95
- data/third_party/boringssl/ssl/ssl_stat.c +18 -84
- data/third_party/boringssl/ssl/{s3_enc.c → ssl_transcript.c} +150 -157
- data/third_party/boringssl/ssl/ssl_x509.c +815 -0
- data/third_party/boringssl/ssl/t1_enc.c +188 -174
- data/third_party/boringssl/ssl/t1_lib.c +1064 -764
- data/third_party/boringssl/ssl/tls13_both.c +290 -96
- data/third_party/boringssl/ssl/tls13_client.c +344 -314
- data/third_party/boringssl/ssl/tls13_enc.c +239 -200
- data/third_party/boringssl/ssl/tls13_server.c +374 -366
- data/third_party/boringssl/ssl/tls_method.c +40 -5
- data/third_party/boringssl/ssl/tls_record.c +166 -71
- metadata +39 -25
- data/src/core/lib/iomgr/workqueue.h +0 -87
- data/src/core/lib/iomgr/workqueue_uv.c +0 -65
- data/src/core/lib/iomgr/workqueue_uv.h +0 -37
- data/src/core/lib/iomgr/workqueue_windows.c +0 -63
- data/src/core/lib/iomgr/workqueue_windows.h +0 -37
- data/third_party/boringssl/crypto/bio/buffer.c +0 -496
- data/third_party/boringssl/crypto/newhope/error_correction.c +0 -131
- data/third_party/boringssl/crypto/newhope/internal.h +0 -71
- data/third_party/boringssl/crypto/newhope/newhope.c +0 -174
- data/third_party/boringssl/crypto/newhope/ntt.c +0 -148
- data/third_party/boringssl/crypto/newhope/poly.c +0 -183
- data/third_party/boringssl/crypto/newhope/precomp.c +0 -306
- data/third_party/boringssl/crypto/obj/obj_xref.h +0 -96
- data/third_party/boringssl/crypto/pkcs8/p5_pbe.c +0 -151
- data/third_party/boringssl/include/openssl/newhope.h +0 -158
- data/third_party/boringssl/include/openssl/time_support.h +0 -91
@@ -127,8 +127,7 @@
|
|
127
127
|
#include "../crypto/internal.h"
|
128
128
|
|
129
129
|
|
130
|
-
static int ssl_check_clienthello_tlsext(
|
131
|
-
static int ssl_check_serverhello_tlsext(SSL *ssl);
|
130
|
+
static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
|
132
131
|
|
133
132
|
static int compare_uint16_t(const void *p1, const void *p2) {
|
134
133
|
uint16_t u1 = *((const uint16_t *)p1);
|
@@ -203,29 +202,29 @@ done:
|
|
203
202
|
return ret;
|
204
203
|
}
|
205
204
|
|
206
|
-
int
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
205
|
+
int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out, const uint8_t *in,
|
206
|
+
size_t in_len) {
|
207
|
+
OPENSSL_memset(out, 0, sizeof(*out));
|
208
|
+
out->ssl = ssl;
|
209
|
+
out->client_hello = in;
|
210
|
+
out->client_hello_len = in_len;
|
212
211
|
|
213
212
|
CBS client_hello, random, session_id;
|
214
|
-
CBS_init(&client_hello,
|
215
|
-
if (!CBS_get_u16(&client_hello, &
|
213
|
+
CBS_init(&client_hello, out->client_hello, out->client_hello_len);
|
214
|
+
if (!CBS_get_u16(&client_hello, &out->version) ||
|
216
215
|
!CBS_get_bytes(&client_hello, &random, SSL3_RANDOM_SIZE) ||
|
217
216
|
!CBS_get_u8_length_prefixed(&client_hello, &session_id) ||
|
218
217
|
CBS_len(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
|
219
218
|
return 0;
|
220
219
|
}
|
221
220
|
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
221
|
+
out->random = CBS_data(&random);
|
222
|
+
out->random_len = CBS_len(&random);
|
223
|
+
out->session_id = CBS_data(&session_id);
|
224
|
+
out->session_id_len = CBS_len(&session_id);
|
226
225
|
|
227
226
|
/* Skip past DTLS cookie */
|
228
|
-
if (SSL_is_dtls(
|
227
|
+
if (SSL_is_dtls(out->ssl)) {
|
229
228
|
CBS cookie;
|
230
229
|
if (!CBS_get_u8_length_prefixed(&client_hello, &cookie) ||
|
231
230
|
CBS_len(&cookie) > DTLS1_COOKIE_LENGTH) {
|
@@ -241,16 +240,16 @@ int ssl_early_callback_init(SSL *ssl, struct ssl_early_callback_ctx *ctx,
|
|
241
240
|
return 0;
|
242
241
|
}
|
243
242
|
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
243
|
+
out->cipher_suites = CBS_data(&cipher_suites);
|
244
|
+
out->cipher_suites_len = CBS_len(&cipher_suites);
|
245
|
+
out->compression_methods = CBS_data(&compression_methods);
|
246
|
+
out->compression_methods_len = CBS_len(&compression_methods);
|
248
247
|
|
249
248
|
/* If the ClientHello ends here then it's valid, but doesn't have any
|
250
249
|
* extensions. (E.g. SSLv3.) */
|
251
250
|
if (CBS_len(&client_hello) == 0) {
|
252
|
-
|
253
|
-
|
251
|
+
out->extensions = NULL;
|
252
|
+
out->extensions_len = 0;
|
254
253
|
return 1;
|
255
254
|
}
|
256
255
|
|
@@ -262,16 +261,16 @@ int ssl_early_callback_init(SSL *ssl, struct ssl_early_callback_ctx *ctx,
|
|
262
261
|
return 0;
|
263
262
|
}
|
264
263
|
|
265
|
-
|
266
|
-
|
264
|
+
out->extensions = CBS_data(&extensions);
|
265
|
+
out->extensions_len = CBS_len(&extensions);
|
267
266
|
|
268
267
|
return 1;
|
269
268
|
}
|
270
269
|
|
271
|
-
int
|
272
|
-
|
270
|
+
int ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
|
271
|
+
CBS *out, uint16_t extension_type) {
|
273
272
|
CBS extensions;
|
274
|
-
CBS_init(&extensions,
|
273
|
+
CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
|
275
274
|
while (CBS_len(&extensions) != 0) {
|
276
275
|
/* Decode the next extension. */
|
277
276
|
uint16_t type;
|
@@ -290,11 +289,12 @@ int ssl_early_callback_get_extension(const struct ssl_early_callback_ctx *ctx,
|
|
290
289
|
return 0;
|
291
290
|
}
|
292
291
|
|
293
|
-
int SSL_early_callback_ctx_extension_get(
|
294
|
-
|
295
|
-
|
292
|
+
int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
|
293
|
+
uint16_t extension_type,
|
294
|
+
const uint8_t **out_data,
|
295
|
+
size_t *out_len) {
|
296
296
|
CBS cbs;
|
297
|
-
if (!
|
297
|
+
if (!ssl_client_hello_get_extension(client_hello, &cbs, extension_type)) {
|
298
298
|
return 0;
|
299
299
|
}
|
300
300
|
|
@@ -307,23 +307,10 @@ static const uint16_t kDefaultGroups[] = {
|
|
307
307
|
SSL_CURVE_X25519,
|
308
308
|
SSL_CURVE_SECP256R1,
|
309
309
|
SSL_CURVE_SECP384R1,
|
310
|
-
#if defined(BORINGSSL_ANDROID_SYSTEM)
|
311
|
-
SSL_CURVE_SECP521R1,
|
312
|
-
#endif
|
313
310
|
};
|
314
311
|
|
315
|
-
void tls1_get_grouplist(SSL *ssl,
|
316
|
-
const uint16_t **out_group_ids,
|
312
|
+
void tls1_get_grouplist(SSL *ssl, const uint16_t **out_group_ids,
|
317
313
|
size_t *out_group_ids_len) {
|
318
|
-
if (get_peer_groups) {
|
319
|
-
/* Only clients send a supported group list, so this function is only
|
320
|
-
* called on the server. */
|
321
|
-
assert(ssl->server);
|
322
|
-
*out_group_ids = ssl->s3->tmp.peer_supported_group_list;
|
323
|
-
*out_group_ids_len = ssl->s3->tmp.peer_supported_group_list_len;
|
324
|
-
return;
|
325
|
-
}
|
326
|
-
|
327
314
|
*out_group_ids = ssl->supported_group_list;
|
328
315
|
*out_group_ids_len = ssl->supported_group_list_len;
|
329
316
|
if (!*out_group_ids) {
|
@@ -332,43 +319,37 @@ void tls1_get_grouplist(SSL *ssl, int get_peer_groups,
|
|
332
319
|
}
|
333
320
|
}
|
334
321
|
|
335
|
-
int tls1_get_shared_group(
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
/* Can't do anything on client side */
|
340
|
-
if (ssl->server == 0) {
|
341
|
-
return 0;
|
342
|
-
}
|
322
|
+
int tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) {
|
323
|
+
SSL *const ssl = hs->ssl;
|
324
|
+
assert(ssl->server);
|
343
325
|
|
344
|
-
|
345
|
-
|
326
|
+
const uint16_t *groups, *pref, *supp;
|
327
|
+
size_t groups_len, pref_len, supp_len;
|
328
|
+
tls1_get_grouplist(ssl, &groups, &groups_len);
|
346
329
|
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
353
|
-
|
354
|
-
|
355
|
-
return 0;
|
356
|
-
}
|
330
|
+
/* Clients are not required to send a supported_groups extension. In this
|
331
|
+
* case, the server is free to pick any group it likes. See RFC 4492,
|
332
|
+
* section 4, paragraph 3.
|
333
|
+
*
|
334
|
+
* However, in the interests of compatibility, we will skip ECDH if the
|
335
|
+
* client didn't send an extension because we can't be sure that they'll
|
336
|
+
* support our favoured group. Thus we do not special-case an emtpy
|
337
|
+
* |peer_supported_group_list|. */
|
357
338
|
|
358
339
|
if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
|
359
340
|
pref = groups;
|
360
341
|
pref_len = groups_len;
|
361
|
-
supp =
|
362
|
-
supp_len =
|
342
|
+
supp = hs->peer_supported_group_list;
|
343
|
+
supp_len = hs->peer_supported_group_list_len;
|
363
344
|
} else {
|
364
|
-
pref =
|
365
|
-
pref_len =
|
345
|
+
pref = hs->peer_supported_group_list;
|
346
|
+
pref_len = hs->peer_supported_group_list_len;
|
366
347
|
supp = groups;
|
367
348
|
supp_len = groups_len;
|
368
349
|
}
|
369
350
|
|
370
|
-
for (i = 0; i < pref_len; i++) {
|
371
|
-
for (j = 0; j < supp_len; j++) {
|
351
|
+
for (size_t i = 0; i < pref_len; i++) {
|
352
|
+
for (size_t j = 0; j < supp_len; j++) {
|
372
353
|
if (pref[i] == supp[j]) {
|
373
354
|
*out_group_id = pref[i];
|
374
355
|
return 1;
|
@@ -402,235 +383,148 @@ int tls1_set_curves(uint16_t **out_group_ids, size_t *out_group_ids_len,
|
|
402
383
|
return 1;
|
403
384
|
}
|
404
385
|
|
405
|
-
|
406
|
-
*
|
407
|
-
*
|
408
|
-
|
409
|
-
uint8_t *out_comp_id, EC_KEY *ec) {
|
410
|
-
int nid;
|
411
|
-
uint16_t id;
|
412
|
-
const EC_GROUP *grp;
|
413
|
-
|
414
|
-
if (ec == NULL) {
|
415
|
-
return 0;
|
416
|
-
}
|
417
|
-
|
418
|
-
grp = EC_KEY_get0_group(ec);
|
419
|
-
if (grp == NULL) {
|
420
|
-
return 0;
|
421
|
-
}
|
386
|
+
int tls1_set_curves_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
|
387
|
+
const char *curves) {
|
388
|
+
uint16_t *group_ids = NULL;
|
389
|
+
size_t ncurves = 0;
|
422
390
|
|
423
|
-
|
424
|
-
|
425
|
-
if (!ssl_nid_to_group_id(&id, nid)) {
|
426
|
-
return 0;
|
427
|
-
}
|
391
|
+
const char *col;
|
392
|
+
const char *ptr = curves;
|
428
393
|
|
429
|
-
|
430
|
-
|
394
|
+
do {
|
395
|
+
col = strchr(ptr, ':');
|
431
396
|
|
432
|
-
|
433
|
-
if (
|
434
|
-
|
435
|
-
|
436
|
-
if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
|
437
|
-
*out_comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
|
438
|
-
} else {
|
439
|
-
*out_comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
|
397
|
+
uint16_t group_id;
|
398
|
+
if (!ssl_name_to_group_id(&group_id, ptr,
|
399
|
+
col ? (size_t)(col - ptr) : strlen(ptr))) {
|
400
|
+
goto err;
|
440
401
|
}
|
441
|
-
}
|
442
402
|
|
443
|
-
|
444
|
-
|
445
|
-
|
446
|
-
|
447
|
-
* and the peer's group preferences. Note: if called as the client, only our
|
448
|
-
* preferences are checked; the peer (the server) does not send preferences. */
|
449
|
-
int tls1_check_group_id(SSL *ssl, uint16_t group_id) {
|
450
|
-
const uint16_t *groups;
|
451
|
-
size_t groups_len, i, get_peer_groups;
|
452
|
-
|
453
|
-
/* Check against our list, then the peer's list. */
|
454
|
-
for (get_peer_groups = 0; get_peer_groups <= 1; get_peer_groups++) {
|
455
|
-
if (get_peer_groups && !ssl->server) {
|
456
|
-
/* Servers do not present a preference list so, if we are a client, only
|
457
|
-
* check our list. */
|
458
|
-
continue;
|
403
|
+
uint16_t *new_group_ids = OPENSSL_realloc(group_ids,
|
404
|
+
(ncurves + 1) * sizeof(uint16_t));
|
405
|
+
if (new_group_ids == NULL) {
|
406
|
+
goto err;
|
459
407
|
}
|
408
|
+
group_ids = new_group_ids;
|
460
409
|
|
461
|
-
|
462
|
-
|
463
|
-
/* Clients are not required to send a supported_groups extension. In this
|
464
|
-
* case, the server is free to pick any group it likes. See RFC 4492,
|
465
|
-
* section 4, paragraph 3. */
|
466
|
-
continue;
|
467
|
-
}
|
468
|
-
for (i = 0; i < groups_len; i++) {
|
469
|
-
if (groups[i] == group_id) {
|
470
|
-
break;
|
471
|
-
}
|
472
|
-
}
|
410
|
+
group_ids[ncurves] = group_id;
|
411
|
+
ncurves++;
|
473
412
|
|
474
|
-
if (
|
475
|
-
|
413
|
+
if (col) {
|
414
|
+
ptr = col + 1;
|
476
415
|
}
|
477
|
-
}
|
416
|
+
} while (col);
|
478
417
|
|
479
|
-
|
480
|
-
|
418
|
+
OPENSSL_free(*out_group_ids);
|
419
|
+
*out_group_ids = group_ids;
|
420
|
+
*out_group_ids_len = ncurves;
|
481
421
|
|
482
|
-
|
483
|
-
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
484
|
-
/* In TLS 1.3, the ECDSA curve is negotiated via signature algorithms. */
|
485
|
-
return 1;
|
486
|
-
}
|
422
|
+
return 1;
|
487
423
|
|
488
|
-
|
489
|
-
|
490
|
-
|
491
|
-
|
424
|
+
err:
|
425
|
+
OPENSSL_free(group_ids);
|
426
|
+
return 0;
|
427
|
+
}
|
492
428
|
|
493
|
-
|
494
|
-
uint16_t
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
|
501
|
-
goto done;
|
429
|
+
int tls1_check_group_id(SSL *ssl, uint16_t group_id) {
|
430
|
+
const uint16_t *groups;
|
431
|
+
size_t groups_len;
|
432
|
+
tls1_get_grouplist(ssl, &groups, &groups_len);
|
433
|
+
for (size_t i = 0; i < groups_len; i++) {
|
434
|
+
if (groups[i] == group_id) {
|
435
|
+
return 1;
|
436
|
+
}
|
502
437
|
}
|
503
438
|
|
504
|
-
|
505
|
-
|
506
|
-
done:
|
507
|
-
EVP_PKEY_free(pkey);
|
508
|
-
return ret;
|
439
|
+
return 0;
|
509
440
|
}
|
510
441
|
|
511
|
-
/*
|
512
|
-
*
|
513
|
-
|
514
|
-
|
515
|
-
|
516
|
-
|
442
|
+
/* kVerifySignatureAlgorithms is the default list of accepted signature
|
443
|
+
* algorithms for verifying.
|
444
|
+
*
|
445
|
+
* For now, RSA-PSS signature algorithms are not enabled on Android's system
|
446
|
+
* BoringSSL. Once the change in Chrome has stuck and the values are finalized,
|
447
|
+
* restore them. */
|
448
|
+
static const uint16_t kVerifySignatureAlgorithms[] = {
|
449
|
+
/* Prefer SHA-256 algorithms. */
|
450
|
+
SSL_SIGN_ECDSA_SECP256R1_SHA256,
|
451
|
+
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
452
|
+
SSL_SIGN_RSA_PSS_SHA256,
|
453
|
+
#endif
|
454
|
+
SSL_SIGN_RSA_PKCS1_SHA256,
|
517
455
|
|
518
|
-
|
456
|
+
/* Larger hashes are acceptable. */
|
519
457
|
SSL_SIGN_ECDSA_SECP384R1_SHA384,
|
458
|
+
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
459
|
+
SSL_SIGN_RSA_PSS_SHA384,
|
460
|
+
#endif
|
461
|
+
SSL_SIGN_RSA_PKCS1_SHA384,
|
520
462
|
|
521
|
-
|
522
|
-
|
463
|
+
/* TODO(davidben): Remove this. */
|
464
|
+
#if defined(BORINGSSL_ANDROID_SYSTEM)
|
465
|
+
SSL_SIGN_ECDSA_SECP521R1_SHA512,
|
466
|
+
#endif
|
467
|
+
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
468
|
+
SSL_SIGN_RSA_PSS_SHA512,
|
469
|
+
#endif
|
470
|
+
SSL_SIGN_RSA_PKCS1_SHA512,
|
523
471
|
|
472
|
+
/* For now, SHA-1 is still accepted but least preferable. */
|
524
473
|
SSL_SIGN_RSA_PKCS1_SHA1,
|
525
|
-
|
474
|
+
|
526
475
|
};
|
527
476
|
|
528
|
-
|
529
|
-
|
530
|
-
|
531
|
-
|
477
|
+
/* kSignSignatureAlgorithms is the default list of supported signature
|
478
|
+
* algorithms for signing.
|
479
|
+
*
|
480
|
+
* For now, RSA-PSS signature algorithms are not enabled on Android's system
|
481
|
+
* BoringSSL. Once the change in Chrome has stuck and the values are finalized,
|
482
|
+
* restore them. */
|
483
|
+
static const uint16_t kSignSignatureAlgorithms[] = {
|
484
|
+
/* Prefer SHA-256 algorithms. */
|
485
|
+
SSL_SIGN_ECDSA_SECP256R1_SHA256,
|
486
|
+
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
487
|
+
SSL_SIGN_RSA_PSS_SHA256,
|
488
|
+
#endif
|
489
|
+
SSL_SIGN_RSA_PKCS1_SHA256,
|
532
490
|
|
491
|
+
/* If needed, sign larger hashes.
|
492
|
+
*
|
493
|
+
* TODO(davidben): Determine which of these may be pruned. */
|
494
|
+
SSL_SIGN_ECDSA_SECP384R1_SHA384,
|
495
|
+
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
533
496
|
SSL_SIGN_RSA_PSS_SHA384,
|
497
|
+
#endif
|
534
498
|
SSL_SIGN_RSA_PKCS1_SHA384,
|
535
|
-
SSL_SIGN_ECDSA_SECP384R1_SHA384,
|
536
499
|
|
537
|
-
|
538
|
-
|
539
|
-
|
500
|
+
SSL_SIGN_ECDSA_SECP521R1_SHA512,
|
501
|
+
#if !defined(BORINGSSL_ANDROID_SYSTEM)
|
502
|
+
SSL_SIGN_RSA_PSS_SHA512,
|
503
|
+
#endif
|
504
|
+
SSL_SIGN_RSA_PKCS1_SHA512,
|
540
505
|
|
541
|
-
|
506
|
+
/* If the peer supports nothing else, sign with SHA-1. */
|
542
507
|
SSL_SIGN_ECDSA_SHA1,
|
508
|
+
SSL_SIGN_RSA_PKCS1_SHA1,
|
543
509
|
};
|
544
510
|
|
545
|
-
size_t
|
546
|
-
|
547
|
-
|
548
|
-
assert(0); /* This should never happen. */
|
549
|
-
|
550
|
-
/* Return an empty list. */
|
551
|
-
ERR_clear_error();
|
552
|
-
*psigs = NULL;
|
553
|
-
return 0;
|
554
|
-
}
|
555
|
-
|
556
|
-
if (max_version >= TLS1_3_VERSION) {
|
557
|
-
*psigs = kDefaultTLS13SignatureAlgorithms;
|
558
|
-
return OPENSSL_ARRAY_SIZE(kDefaultTLS13SignatureAlgorithms);
|
559
|
-
}
|
560
|
-
|
561
|
-
*psigs = kDefaultSignatureAlgorithms;
|
562
|
-
return OPENSSL_ARRAY_SIZE(kDefaultSignatureAlgorithms);
|
511
|
+
size_t tls12_get_verify_sigalgs(const SSL *ssl, const uint16_t **out) {
|
512
|
+
*out = kVerifySignatureAlgorithms;
|
513
|
+
return OPENSSL_ARRAY_SIZE(kVerifySignatureAlgorithms);
|
563
514
|
}
|
564
515
|
|
565
516
|
int tls12_check_peer_sigalg(SSL *ssl, int *out_alert, uint16_t sigalg) {
|
566
|
-
const uint16_t *
|
567
|
-
size_t
|
568
|
-
|
569
|
-
|
570
|
-
|
571
|
-
for (i = 0; i < sent_sigslen; i++) {
|
572
|
-
if (sigalg == sent_sigs[i]) {
|
573
|
-
break;
|
574
|
-
}
|
575
|
-
}
|
576
|
-
|
577
|
-
if (i == sent_sigslen) {
|
578
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
|
579
|
-
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
580
|
-
return 0;
|
581
|
-
}
|
582
|
-
|
583
|
-
return 1;
|
584
|
-
}
|
585
|
-
|
586
|
-
/* Get a mask of disabled algorithms: an algorithm is disabled if it isn't
|
587
|
-
* supported or doesn't appear in supported signature algorithms. Unlike
|
588
|
-
* ssl_cipher_get_disabled this applies to a specific session and not global
|
589
|
-
* settings. */
|
590
|
-
void ssl_set_client_disabled(SSL *ssl) {
|
591
|
-
CERT *c = ssl->cert;
|
592
|
-
int have_rsa = 0, have_ecdsa = 0;
|
593
|
-
c->mask_a = 0;
|
594
|
-
c->mask_k = 0;
|
595
|
-
|
596
|
-
/* Now go through all signature algorithms seeing if we support any for RSA,
|
597
|
-
* DSA, ECDSA. Do this for all versions not just TLS 1.2. */
|
598
|
-
const uint16_t *sigalgs;
|
599
|
-
size_t num_sigalgs = tls12_get_psigalgs(ssl, &sigalgs);
|
600
|
-
for (size_t i = 0; i < num_sigalgs; i++) {
|
601
|
-
switch (sigalgs[i]) {
|
602
|
-
case SSL_SIGN_RSA_PSS_SHA512:
|
603
|
-
case SSL_SIGN_RSA_PSS_SHA384:
|
604
|
-
case SSL_SIGN_RSA_PSS_SHA256:
|
605
|
-
case SSL_SIGN_RSA_PKCS1_SHA512:
|
606
|
-
case SSL_SIGN_RSA_PKCS1_SHA384:
|
607
|
-
case SSL_SIGN_RSA_PKCS1_SHA256:
|
608
|
-
case SSL_SIGN_RSA_PKCS1_SHA1:
|
609
|
-
have_rsa = 1;
|
610
|
-
break;
|
611
|
-
|
612
|
-
case SSL_SIGN_ECDSA_SECP521R1_SHA512:
|
613
|
-
case SSL_SIGN_ECDSA_SECP384R1_SHA384:
|
614
|
-
case SSL_SIGN_ECDSA_SECP256R1_SHA256:
|
615
|
-
case SSL_SIGN_ECDSA_SHA1:
|
616
|
-
have_ecdsa = 1;
|
617
|
-
break;
|
517
|
+
const uint16_t *verify_sigalgs;
|
518
|
+
size_t num_verify_sigalgs = tls12_get_verify_sigalgs(ssl, &verify_sigalgs);
|
519
|
+
for (size_t i = 0; i < num_verify_sigalgs; i++) {
|
520
|
+
if (sigalg == verify_sigalgs[i]) {
|
521
|
+
return 1;
|
618
522
|
}
|
619
523
|
}
|
620
524
|
|
621
|
-
|
622
|
-
|
623
|
-
|
624
|
-
}
|
625
|
-
if (!have_ecdsa) {
|
626
|
-
c->mask_a |= SSL_aECDSA;
|
627
|
-
}
|
628
|
-
|
629
|
-
/* with PSK there must be client callback set */
|
630
|
-
if (!ssl->psk_client_callback) {
|
631
|
-
c->mask_a |= SSL_aPSK;
|
632
|
-
c->mask_k |= SSL_kPSK;
|
633
|
-
}
|
525
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
|
526
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
527
|
+
return 0;
|
634
528
|
}
|
635
529
|
|
636
530
|
/* tls_extension represents a TLS extension that is handled internally. The
|
@@ -650,16 +544,19 @@ void ssl_set_client_disabled(SSL *ssl) {
|
|
650
544
|
* |*out_alert| isn't set, then a |decode_error| alert will be sent. */
|
651
545
|
struct tls_extension {
|
652
546
|
uint16_t value;
|
653
|
-
void (*init)(
|
547
|
+
void (*init)(SSL_HANDSHAKE *hs);
|
654
548
|
|
655
|
-
int (*add_clienthello)(
|
656
|
-
int (*parse_serverhello)(
|
549
|
+
int (*add_clienthello)(SSL_HANDSHAKE *hs, CBB *out);
|
550
|
+
int (*parse_serverhello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
551
|
+
CBS *contents);
|
657
552
|
|
658
|
-
int (*parse_clienthello)(
|
659
|
-
|
553
|
+
int (*parse_clienthello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
554
|
+
CBS *contents);
|
555
|
+
int (*add_serverhello)(SSL_HANDSHAKE *hs, CBB *out);
|
660
556
|
};
|
661
557
|
|
662
|
-
static int forbid_parse_serverhello(
|
558
|
+
static int forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
559
|
+
CBS *contents) {
|
663
560
|
if (contents != NULL) {
|
664
561
|
/* Servers MUST NOT send this extension. */
|
665
562
|
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
@@ -670,12 +567,13 @@ static int forbid_parse_serverhello(SSL *ssl, uint8_t *out_alert, CBS *contents)
|
|
670
567
|
return 1;
|
671
568
|
}
|
672
569
|
|
673
|
-
static int ignore_parse_clienthello(
|
570
|
+
static int ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
571
|
+
CBS *contents) {
|
674
572
|
/* This extension from the client is handled elsewhere. */
|
675
573
|
return 1;
|
676
574
|
}
|
677
575
|
|
678
|
-
static int dont_add_serverhello(
|
576
|
+
static int dont_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
679
577
|
return 1;
|
680
578
|
}
|
681
579
|
|
@@ -683,11 +581,8 @@ static int dont_add_serverhello(SSL *ssl, CBB *out) {
|
|
683
581
|
*
|
684
582
|
* https://tools.ietf.org/html/rfc6066#section-3. */
|
685
583
|
|
686
|
-
static
|
687
|
-
ssl
|
688
|
-
}
|
689
|
-
|
690
|
-
static int ext_sni_add_clienthello(SSL *ssl, CBB *out) {
|
584
|
+
static int ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
585
|
+
SSL *const ssl = hs->ssl;
|
691
586
|
if (ssl->tlsext_hostname == NULL) {
|
692
587
|
return 1;
|
693
588
|
}
|
@@ -707,8 +602,9 @@ static int ext_sni_add_clienthello(SSL *ssl, CBB *out) {
|
|
707
602
|
return 1;
|
708
603
|
}
|
709
604
|
|
710
|
-
static int ext_sni_parse_serverhello(
|
605
|
+
static int ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
711
606
|
CBS *contents) {
|
607
|
+
SSL *const ssl = hs->ssl;
|
712
608
|
if (contents == NULL) {
|
713
609
|
return 1;
|
714
610
|
}
|
@@ -720,9 +616,9 @@ static int ext_sni_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
720
616
|
assert(ssl->tlsext_hostname != NULL);
|
721
617
|
|
722
618
|
if (ssl->session == NULL) {
|
723
|
-
|
724
|
-
|
725
|
-
if (!
|
619
|
+
OPENSSL_free(hs->new_session->tlsext_hostname);
|
620
|
+
hs->new_session->tlsext_hostname = BUF_strdup(ssl->tlsext_hostname);
|
621
|
+
if (!hs->new_session->tlsext_hostname) {
|
726
622
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
727
623
|
return 0;
|
728
624
|
}
|
@@ -731,7 +627,7 @@ static int ext_sni_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
731
627
|
return 1;
|
732
628
|
}
|
733
629
|
|
734
|
-
static int ext_sni_parse_clienthello(
|
630
|
+
static int ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
735
631
|
CBS *contents) {
|
736
632
|
if (contents == NULL) {
|
737
633
|
return 1;
|
@@ -762,28 +658,19 @@ static int ext_sni_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
762
658
|
return 0;
|
763
659
|
}
|
764
660
|
|
765
|
-
/*
|
766
|
-
|
767
|
-
|
768
|
-
|
769
|
-
assert(ssl->s3->new_session->tlsext_hostname == NULL);
|
770
|
-
|
771
|
-
/* Copy the hostname as a string. */
|
772
|
-
if (!CBS_strdup(&host_name, &ssl->s3->new_session->tlsext_hostname)) {
|
773
|
-
*out_alert = SSL_AD_INTERNAL_ERROR;
|
774
|
-
return 0;
|
775
|
-
}
|
776
|
-
|
777
|
-
ssl->s3->tmp.should_ack_sni = 1;
|
661
|
+
/* Copy the hostname as a string. */
|
662
|
+
if (!CBS_strdup(&host_name, &hs->hostname)) {
|
663
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
664
|
+
return 0;
|
778
665
|
}
|
779
666
|
|
667
|
+
hs->should_ack_sni = 1;
|
780
668
|
return 1;
|
781
669
|
}
|
782
670
|
|
783
|
-
static int ext_sni_add_serverhello(
|
784
|
-
if (ssl->
|
785
|
-
!
|
786
|
-
ssl->s3->new_session->tlsext_hostname == NULL) {
|
671
|
+
static int ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
672
|
+
if (hs->ssl->s3->session_reused ||
|
673
|
+
!hs->should_ack_sni) {
|
787
674
|
return 1;
|
788
675
|
}
|
789
676
|
|
@@ -800,7 +687,8 @@ static int ext_sni_add_serverhello(SSL *ssl, CBB *out) {
|
|
800
687
|
*
|
801
688
|
* https://tools.ietf.org/html/rfc5746 */
|
802
689
|
|
803
|
-
static int ext_ri_add_clienthello(
|
690
|
+
static int ext_ri_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
691
|
+
SSL *const ssl = hs->ssl;
|
804
692
|
uint16_t min_version, max_version;
|
805
693
|
if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
|
806
694
|
return 0;
|
@@ -811,6 +699,9 @@ static int ext_ri_add_clienthello(SSL *ssl, CBB *out) {
|
|
811
699
|
return 1;
|
812
700
|
}
|
813
701
|
|
702
|
+
assert(ssl->s3->initial_handshake_complete ==
|
703
|
+
(ssl->s3->previous_client_finished_len != 0));
|
704
|
+
|
814
705
|
CBB contents, prev_finished;
|
815
706
|
if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
|
816
707
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
@@ -824,8 +715,9 @@ static int ext_ri_add_clienthello(SSL *ssl, CBB *out) {
|
|
824
715
|
return 1;
|
825
716
|
}
|
826
717
|
|
827
|
-
static int ext_ri_parse_serverhello(
|
718
|
+
static int ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
828
719
|
CBS *contents) {
|
720
|
+
SSL *const ssl = hs->ssl;
|
829
721
|
if (contents != NULL && ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
830
722
|
return 0;
|
831
723
|
}
|
@@ -856,6 +748,10 @@ static int ext_ri_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
856
748
|
/* Check for logic errors */
|
857
749
|
assert(!expected_len || ssl->s3->previous_client_finished_len);
|
858
750
|
assert(!expected_len || ssl->s3->previous_server_finished_len);
|
751
|
+
assert(ssl->s3->initial_handshake_complete ==
|
752
|
+
(ssl->s3->previous_client_finished_len != 0));
|
753
|
+
assert(ssl->s3->initial_handshake_complete ==
|
754
|
+
(ssl->s3->previous_server_finished_len != 0));
|
859
755
|
|
860
756
|
/* Parse out the extension contents. */
|
861
757
|
CBS renegotiated_connection;
|
@@ -893,8 +789,9 @@ static int ext_ri_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
893
789
|
return 1;
|
894
790
|
}
|
895
791
|
|
896
|
-
static int ext_ri_parse_clienthello(
|
792
|
+
static int ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
897
793
|
CBS *contents) {
|
794
|
+
SSL *const ssl = hs->ssl;
|
898
795
|
/* Renegotiation isn't supported as a server so this function should never be
|
899
796
|
* called after the initial handshake. */
|
900
797
|
assert(!ssl->s3->initial_handshake_complete);
|
@@ -914,10 +811,9 @@ static int ext_ri_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
914
811
|
return 0;
|
915
812
|
}
|
916
813
|
|
917
|
-
/* Check that the extension matches
|
918
|
-
|
919
|
-
|
920
|
-
ssl->s3->previous_client_finished_len)) {
|
814
|
+
/* Check that the extension matches. We do not support renegotiation as a
|
815
|
+
* server, so this must be empty. */
|
816
|
+
if (CBS_len(&renegotiated_connection) != 0) {
|
921
817
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
|
922
818
|
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
|
923
819
|
return 0;
|
@@ -928,20 +824,19 @@ static int ext_ri_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
928
824
|
return 1;
|
929
825
|
}
|
930
826
|
|
931
|
-
static int ext_ri_add_serverhello(
|
827
|
+
static int ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
828
|
+
SSL *const ssl = hs->ssl;
|
829
|
+
/* Renegotiation isn't supported as a server so this function should never be
|
830
|
+
* called after the initial handshake. */
|
831
|
+
assert(!ssl->s3->initial_handshake_complete);
|
832
|
+
|
932
833
|
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
933
834
|
return 1;
|
934
835
|
}
|
935
836
|
|
936
|
-
CBB contents, prev_finished;
|
937
837
|
if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
|
938
|
-
!
|
939
|
-
!
|
940
|
-
!CBB_add_bytes(&prev_finished, ssl->s3->previous_client_finished,
|
941
|
-
ssl->s3->previous_client_finished_len) ||
|
942
|
-
!CBB_add_bytes(&prev_finished, ssl->s3->previous_server_finished,
|
943
|
-
ssl->s3->previous_server_finished_len) ||
|
944
|
-
!CBB_flush(out)) {
|
838
|
+
!CBB_add_u16(out, 1 /* length */) ||
|
839
|
+
!CBB_add_u8(out, 0 /* empty renegotiation info */)) {
|
945
840
|
return 0;
|
946
841
|
}
|
947
842
|
|
@@ -953,9 +848,9 @@ static int ext_ri_add_serverhello(SSL *ssl, CBB *out) {
|
|
953
848
|
*
|
954
849
|
* https://tools.ietf.org/html/rfc7627 */
|
955
850
|
|
956
|
-
static int ext_ems_add_clienthello(
|
851
|
+
static int ext_ems_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
957
852
|
uint16_t min_version, max_version;
|
958
|
-
if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
|
853
|
+
if (!ssl_get_version_range(hs->ssl, &min_version, &max_version)) {
|
959
854
|
return 0;
|
960
855
|
}
|
961
856
|
|
@@ -972,40 +867,37 @@ static int ext_ems_add_clienthello(SSL *ssl, CBB *out) {
|
|
972
867
|
return 1;
|
973
868
|
}
|
974
869
|
|
975
|
-
static int ext_ems_parse_serverhello(
|
870
|
+
static int ext_ems_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
976
871
|
CBS *contents) {
|
977
|
-
|
978
|
-
|
979
|
-
|
980
|
-
|
981
|
-
|
872
|
+
SSL *const ssl = hs->ssl;
|
873
|
+
|
874
|
+
if (contents != NULL) {
|
875
|
+
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
|
876
|
+
ssl->version == SSL3_VERSION ||
|
877
|
+
CBS_len(contents) != 0) {
|
982
878
|
return 0;
|
983
879
|
}
|
984
880
|
|
985
|
-
|
986
|
-
}
|
987
|
-
|
988
|
-
if (contents == NULL) {
|
989
|
-
return 1;
|
990
|
-
}
|
991
|
-
|
992
|
-
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
|
993
|
-
ssl->version == SSL3_VERSION) {
|
994
|
-
return 0;
|
881
|
+
hs->extended_master_secret = 1;
|
995
882
|
}
|
996
883
|
|
997
|
-
|
884
|
+
/* Whether EMS is negotiated may not change on renegotiation. */
|
885
|
+
if (ssl->s3->established_session != NULL &&
|
886
|
+
hs->extended_master_secret !=
|
887
|
+
ssl->s3->established_session->extended_master_secret) {
|
888
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_EMS_MISMATCH);
|
889
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
998
890
|
return 0;
|
999
891
|
}
|
1000
892
|
|
1001
|
-
ssl->s3->tmp.extended_master_secret = 1;
|
1002
893
|
return 1;
|
1003
894
|
}
|
1004
895
|
|
1005
|
-
static int ext_ems_parse_clienthello(
|
896
|
+
static int ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1006
897
|
CBS *contents) {
|
1007
|
-
|
1008
|
-
|
898
|
+
uint16_t version = ssl3_protocol_version(hs->ssl);
|
899
|
+
if (version >= TLS1_3_VERSION ||
|
900
|
+
version == SSL3_VERSION) {
|
1009
901
|
return 1;
|
1010
902
|
}
|
1011
903
|
|
@@ -1017,12 +909,12 @@ static int ext_ems_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
1017
909
|
return 0;
|
1018
910
|
}
|
1019
911
|
|
1020
|
-
|
912
|
+
hs->extended_master_secret = 1;
|
1021
913
|
return 1;
|
1022
914
|
}
|
1023
915
|
|
1024
|
-
static int ext_ems_add_serverhello(
|
1025
|
-
if (!
|
916
|
+
static int ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
917
|
+
if (!hs->extended_master_secret) {
|
1026
918
|
return 1;
|
1027
919
|
}
|
1028
920
|
|
@@ -1039,7 +931,8 @@ static int ext_ems_add_serverhello(SSL *ssl, CBB *out) {
|
|
1039
931
|
*
|
1040
932
|
* https://tools.ietf.org/html/rfc5077 */
|
1041
933
|
|
1042
|
-
static int ext_ticket_add_clienthello(
|
934
|
+
static int ext_ticket_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
935
|
+
SSL *const ssl = hs->ssl;
|
1043
936
|
uint16_t min_version, max_version;
|
1044
937
|
if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
|
1045
938
|
return 0;
|
@@ -1081,10 +974,9 @@ static int ext_ticket_add_clienthello(SSL *ssl, CBB *out) {
|
|
1081
974
|
return 1;
|
1082
975
|
}
|
1083
976
|
|
1084
|
-
static int ext_ticket_parse_serverhello(
|
977
|
+
static int ext_ticket_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1085
978
|
CBS *contents) {
|
1086
|
-
ssl
|
1087
|
-
|
979
|
+
SSL *const ssl = hs->ssl;
|
1088
980
|
if (contents == NULL) {
|
1089
981
|
return 1;
|
1090
982
|
}
|
@@ -1102,18 +994,17 @@ static int ext_ticket_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1102
994
|
return 0;
|
1103
995
|
}
|
1104
996
|
|
1105
|
-
|
997
|
+
hs->ticket_expected = 1;
|
1106
998
|
return 1;
|
1107
999
|
}
|
1108
1000
|
|
1109
|
-
static int ext_ticket_add_serverhello(
|
1110
|
-
if (!
|
1001
|
+
static int ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
1002
|
+
if (!hs->ticket_expected) {
|
1111
1003
|
return 1;
|
1112
1004
|
}
|
1113
1005
|
|
1114
|
-
/* If |SSL_OP_NO_TICKET| is set, |
|
1115
|
-
|
1116
|
-
assert((SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0);
|
1006
|
+
/* If |SSL_OP_NO_TICKET| is set, |ticket_expected| should never be true. */
|
1007
|
+
assert((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) == 0);
|
1117
1008
|
|
1118
1009
|
if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
|
1119
1010
|
!CBB_add_u16(out, 0 /* length */)) {
|
@@ -1128,7 +1019,8 @@ static int ext_ticket_add_serverhello(SSL *ssl, CBB *out) {
|
|
1128
1019
|
*
|
1129
1020
|
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
1130
1021
|
|
1131
|
-
static int ext_sigalgs_add_clienthello(
|
1022
|
+
static int ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1023
|
+
SSL *const ssl = hs->ssl;
|
1132
1024
|
uint16_t min_version, max_version;
|
1133
1025
|
if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
|
1134
1026
|
return 0;
|
@@ -1139,7 +1031,7 @@ static int ext_sigalgs_add_clienthello(SSL *ssl, CBB *out) {
|
|
1139
1031
|
}
|
1140
1032
|
|
1141
1033
|
const uint16_t *sigalgs;
|
1142
|
-
const size_t num_sigalgs =
|
1034
|
+
const size_t num_sigalgs = tls12_get_verify_sigalgs(ssl, &sigalgs);
|
1143
1035
|
|
1144
1036
|
CBB contents, sigalgs_cbb;
|
1145
1037
|
if (!CBB_add_u16(out, TLSEXT_TYPE_signature_algorithms) ||
|
@@ -1161,11 +1053,11 @@ static int ext_sigalgs_add_clienthello(SSL *ssl, CBB *out) {
|
|
1161
1053
|
return 1;
|
1162
1054
|
}
|
1163
1055
|
|
1164
|
-
static int ext_sigalgs_parse_clienthello(
|
1056
|
+
static int ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1165
1057
|
CBS *contents) {
|
1166
|
-
OPENSSL_free(
|
1167
|
-
|
1168
|
-
|
1058
|
+
OPENSSL_free(hs->peer_sigalgs);
|
1059
|
+
hs->peer_sigalgs = NULL;
|
1060
|
+
hs->num_peer_sigalgs = 0;
|
1169
1061
|
|
1170
1062
|
if (contents == NULL) {
|
1171
1063
|
return 1;
|
@@ -1175,7 +1067,7 @@ static int ext_sigalgs_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
1175
1067
|
if (!CBS_get_u16_length_prefixed(contents, &supported_signature_algorithms) ||
|
1176
1068
|
CBS_len(contents) != 0 ||
|
1177
1069
|
CBS_len(&supported_signature_algorithms) == 0 ||
|
1178
|
-
!tls1_parse_peer_sigalgs(
|
1070
|
+
!tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
|
1179
1071
|
return 0;
|
1180
1072
|
}
|
1181
1073
|
|
@@ -1187,12 +1079,8 @@ static int ext_sigalgs_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
1187
1079
|
*
|
1188
1080
|
* https://tools.ietf.org/html/rfc6066#section-8 */
|
1189
1081
|
|
1190
|
-
static
|
1191
|
-
ssl
|
1192
|
-
ssl->tlsext_status_type = -1;
|
1193
|
-
}
|
1194
|
-
|
1195
|
-
static int ext_ocsp_add_clienthello(SSL *ssl, CBB *out) {
|
1082
|
+
static int ext_ocsp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1083
|
+
SSL *const ssl = hs->ssl;
|
1196
1084
|
if (!ssl->ocsp_stapling_enabled) {
|
1197
1085
|
return 1;
|
1198
1086
|
}
|
@@ -1207,50 +1095,36 @@ static int ext_ocsp_add_clienthello(SSL *ssl, CBB *out) {
|
|
1207
1095
|
return 0;
|
1208
1096
|
}
|
1209
1097
|
|
1210
|
-
ssl->tlsext_status_type = TLSEXT_STATUSTYPE_ocsp;
|
1211
1098
|
return 1;
|
1212
1099
|
}
|
1213
1100
|
|
1214
|
-
static int ext_ocsp_parse_serverhello(
|
1101
|
+
static int ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1215
1102
|
CBS *contents) {
|
1103
|
+
SSL *const ssl = hs->ssl;
|
1216
1104
|
if (contents == NULL) {
|
1217
1105
|
return 1;
|
1218
1106
|
}
|
1219
1107
|
|
1220
|
-
/* OCSP
|
1221
|
-
if (
|
1108
|
+
/* TLS 1.3 OCSP responses are included in the Certificate extensions. */
|
1109
|
+
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
1222
1110
|
return 0;
|
1223
1111
|
}
|
1224
1112
|
|
1225
|
-
|
1226
|
-
|
1227
|
-
|
1228
|
-
}
|
1229
|
-
|
1230
|
-
ssl->s3->tmp.certificate_status_expected = 1;
|
1231
|
-
return 1;
|
1232
|
-
}
|
1233
|
-
|
1234
|
-
uint8_t status_type;
|
1235
|
-
CBS ocsp_response;
|
1236
|
-
if (!CBS_get_u8(contents, &status_type) ||
|
1237
|
-
status_type != TLSEXT_STATUSTYPE_ocsp ||
|
1238
|
-
!CBS_get_u24_length_prefixed(contents, &ocsp_response) ||
|
1239
|
-
CBS_len(&ocsp_response) == 0 ||
|
1240
|
-
CBS_len(contents) != 0) {
|
1113
|
+
/* OCSP stapling is forbidden on non-certificate ciphers. */
|
1114
|
+
if (CBS_len(contents) != 0 ||
|
1115
|
+
!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
|
1241
1116
|
return 0;
|
1242
1117
|
}
|
1243
1118
|
|
1244
|
-
|
1245
|
-
|
1246
|
-
|
1247
|
-
return 0;
|
1248
|
-
}
|
1119
|
+
/* Note this does not check for resumption in TLS 1.2. Sending
|
1120
|
+
* status_request here does not make sense, but OpenSSL does so and the
|
1121
|
+
* specification does not say anything. Tolerate it but ignore it. */
|
1249
1122
|
|
1123
|
+
hs->certificate_status_expected = 1;
|
1250
1124
|
return 1;
|
1251
1125
|
}
|
1252
1126
|
|
1253
|
-
static int ext_ocsp_parse_clienthello(
|
1127
|
+
static int ext_ocsp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1254
1128
|
CBS *contents) {
|
1255
1129
|
if (contents == NULL) {
|
1256
1130
|
return 1;
|
@@ -1263,38 +1137,25 @@ static int ext_ocsp_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
1263
1137
|
|
1264
1138
|
/* We cannot decide whether OCSP stapling will occur yet because the correct
|
1265
1139
|
* SSL_CTX might not have been selected. */
|
1266
|
-
|
1140
|
+
hs->ocsp_stapling_requested = status_type == TLSEXT_STATUSTYPE_ocsp;
|
1267
1141
|
|
1268
1142
|
return 1;
|
1269
1143
|
}
|
1270
1144
|
|
1271
|
-
static int ext_ocsp_add_serverhello(
|
1272
|
-
|
1273
|
-
|
1274
|
-
!
|
1145
|
+
static int ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
1146
|
+
SSL *const ssl = hs->ssl;
|
1147
|
+
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
|
1148
|
+
!hs->ocsp_stapling_requested ||
|
1149
|
+
ssl->cert->ocsp_response == NULL ||
|
1150
|
+
ssl->s3->session_reused ||
|
1151
|
+
!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
|
1275
1152
|
return 1;
|
1276
1153
|
}
|
1277
1154
|
|
1278
|
-
|
1279
|
-
/* The extension shouldn't be sent when resuming sessions. */
|
1280
|
-
if (ssl->session != NULL) {
|
1281
|
-
return 1;
|
1282
|
-
}
|
1283
|
-
|
1284
|
-
ssl->s3->tmp.certificate_status_expected = 1;
|
1285
|
-
|
1286
|
-
return CBB_add_u16(out, TLSEXT_TYPE_status_request) &&
|
1287
|
-
CBB_add_u16(out, 0 /* length */);
|
1288
|
-
}
|
1155
|
+
hs->certificate_status_expected = 1;
|
1289
1156
|
|
1290
|
-
CBB body, ocsp_response;
|
1291
1157
|
return CBB_add_u16(out, TLSEXT_TYPE_status_request) &&
|
1292
|
-
|
1293
|
-
CBB_add_u8(&body, TLSEXT_STATUSTYPE_ocsp) &&
|
1294
|
-
CBB_add_u24_length_prefixed(&body, &ocsp_response) &&
|
1295
|
-
CBB_add_bytes(&ocsp_response, ssl->ctx->ocsp_response,
|
1296
|
-
ssl->ctx->ocsp_response_length) &&
|
1297
|
-
CBB_flush(out);
|
1158
|
+
CBB_add_u16(out, 0 /* length */);
|
1298
1159
|
}
|
1299
1160
|
|
1300
1161
|
|
@@ -1302,14 +1163,10 @@ static int ext_ocsp_add_serverhello(SSL *ssl, CBB *out) {
|
|
1302
1163
|
*
|
1303
1164
|
* https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html */
|
1304
1165
|
|
1305
|
-
static
|
1306
|
-
ssl
|
1307
|
-
}
|
1308
|
-
|
1309
|
-
static int ext_npn_add_clienthello(SSL *ssl, CBB *out) {
|
1166
|
+
static int ext_npn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1167
|
+
SSL *const ssl = hs->ssl;
|
1310
1168
|
if (ssl->s3->initial_handshake_complete ||
|
1311
1169
|
ssl->ctx->next_proto_select_cb == NULL ||
|
1312
|
-
(ssl->options & SSL_OP_DISABLE_NPN) ||
|
1313
1170
|
SSL_is_dtls(ssl)) {
|
1314
1171
|
return 1;
|
1315
1172
|
}
|
@@ -1322,8 +1179,9 @@ static int ext_npn_add_clienthello(SSL *ssl, CBB *out) {
|
|
1322
1179
|
return 1;
|
1323
1180
|
}
|
1324
1181
|
|
1325
|
-
static int ext_npn_parse_serverhello(
|
1182
|
+
static int ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1326
1183
|
CBS *contents) {
|
1184
|
+
SSL *const ssl = hs->ssl;
|
1327
1185
|
if (contents == NULL) {
|
1328
1186
|
return 1;
|
1329
1187
|
}
|
@@ -1338,7 +1196,6 @@ static int ext_npn_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1338
1196
|
assert(!ssl->s3->initial_handshake_complete);
|
1339
1197
|
assert(!SSL_is_dtls(ssl));
|
1340
1198
|
assert(ssl->ctx->next_proto_select_cb != NULL);
|
1341
|
-
assert(!(ssl->options & SSL_OP_DISABLE_NPN));
|
1342
1199
|
|
1343
1200
|
if (ssl->s3->alpn_selected != NULL) {
|
1344
1201
|
/* NPN and ALPN may not be negotiated in the same connection. */
|
@@ -1375,13 +1232,14 @@ static int ext_npn_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1375
1232
|
}
|
1376
1233
|
|
1377
1234
|
ssl->s3->next_proto_negotiated_len = selected_len;
|
1378
|
-
|
1235
|
+
hs->next_proto_neg_seen = 1;
|
1379
1236
|
|
1380
1237
|
return 1;
|
1381
1238
|
}
|
1382
1239
|
|
1383
|
-
static int ext_npn_parse_clienthello(
|
1240
|
+
static int ext_npn_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1384
1241
|
CBS *contents) {
|
1242
|
+
SSL *const ssl = hs->ssl;
|
1385
1243
|
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
1386
1244
|
return 1;
|
1387
1245
|
}
|
@@ -1392,23 +1250,20 @@ static int ext_npn_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
1392
1250
|
|
1393
1251
|
if (contents == NULL ||
|
1394
1252
|
ssl->s3->initial_handshake_complete ||
|
1395
|
-
/* If the ALPN extension is seen before NPN, ignore it. (If ALPN is seen
|
1396
|
-
* afterwards, parsing the ALPN extension will clear
|
1397
|
-
* |next_proto_neg_seen|. */
|
1398
|
-
ssl->s3->alpn_selected != NULL ||
|
1399
1253
|
ssl->ctx->next_protos_advertised_cb == NULL ||
|
1400
1254
|
SSL_is_dtls(ssl)) {
|
1401
1255
|
return 1;
|
1402
1256
|
}
|
1403
1257
|
|
1404
|
-
|
1258
|
+
hs->next_proto_neg_seen = 1;
|
1405
1259
|
return 1;
|
1406
1260
|
}
|
1407
1261
|
|
1408
|
-
static int ext_npn_add_serverhello(
|
1262
|
+
static int ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
1263
|
+
SSL *const ssl = hs->ssl;
|
1409
1264
|
/* |next_proto_neg_seen| might have been cleared when an ALPN extension was
|
1410
1265
|
* parsed. */
|
1411
|
-
if (!
|
1266
|
+
if (!hs->next_proto_neg_seen) {
|
1412
1267
|
return 1;
|
1413
1268
|
}
|
1414
1269
|
|
@@ -1418,7 +1273,7 @@ static int ext_npn_add_serverhello(SSL *ssl, CBB *out) {
|
|
1418
1273
|
if (ssl->ctx->next_protos_advertised_cb(
|
1419
1274
|
ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) !=
|
1420
1275
|
SSL_TLSEXT_ERR_OK) {
|
1421
|
-
|
1276
|
+
hs->next_proto_neg_seen = 0;
|
1422
1277
|
return 1;
|
1423
1278
|
}
|
1424
1279
|
|
@@ -1438,7 +1293,8 @@ static int ext_npn_add_serverhello(SSL *ssl, CBB *out) {
|
|
1438
1293
|
*
|
1439
1294
|
* https://tools.ietf.org/html/rfc6962#section-3.3.1 */
|
1440
1295
|
|
1441
|
-
static int ext_sct_add_clienthello(
|
1296
|
+
static int ext_sct_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1297
|
+
SSL *const ssl = hs->ssl;
|
1442
1298
|
if (!ssl->signed_cert_timestamps_enabled) {
|
1443
1299
|
return 1;
|
1444
1300
|
}
|
@@ -1451,27 +1307,36 @@ static int ext_sct_add_clienthello(SSL *ssl, CBB *out) {
|
|
1451
1307
|
return 1;
|
1452
1308
|
}
|
1453
1309
|
|
1454
|
-
static int ext_sct_parse_serverhello(
|
1310
|
+
static int ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1455
1311
|
CBS *contents) {
|
1312
|
+
SSL *const ssl = hs->ssl;
|
1456
1313
|
if (contents == NULL) {
|
1457
1314
|
return 1;
|
1458
1315
|
}
|
1459
1316
|
|
1317
|
+
/* TLS 1.3 SCTs are included in the Certificate extensions. */
|
1318
|
+
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
1319
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
1320
|
+
return 0;
|
1321
|
+
}
|
1322
|
+
|
1460
1323
|
/* If this is false then we should never have sent the SCT extension in the
|
1461
1324
|
* ClientHello and thus this function should never have been called. */
|
1462
1325
|
assert(ssl->signed_cert_timestamps_enabled);
|
1463
1326
|
|
1464
|
-
if (
|
1327
|
+
if (!ssl_is_sct_list_valid(contents)) {
|
1465
1328
|
*out_alert = SSL_AD_DECODE_ERROR;
|
1466
1329
|
return 0;
|
1467
1330
|
}
|
1468
1331
|
|
1469
|
-
/* Session resumption uses the original session information.
|
1332
|
+
/* Session resumption uses the original session information. The extension
|
1333
|
+
* should not be sent on resumption, but RFC 6962 did not make it a
|
1334
|
+
* requirement, so tolerate this.
|
1335
|
+
*
|
1336
|
+
* TODO(davidben): Enforce this anyway. */
|
1470
1337
|
if (!ssl->s3->session_reused &&
|
1471
|
-
!CBS_stow(
|
1472
|
-
|
1473
|
-
&ssl->s3->new_session->tlsext_signed_cert_timestamp_list,
|
1474
|
-
&ssl->s3->new_session->tlsext_signed_cert_timestamp_list_length)) {
|
1338
|
+
!CBS_stow(contents, &hs->new_session->tlsext_signed_cert_timestamp_list,
|
1339
|
+
&hs->new_session->tlsext_signed_cert_timestamp_list_length)) {
|
1475
1340
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
1476
1341
|
return 0;
|
1477
1342
|
}
|
@@ -1479,23 +1344,36 @@ static int ext_sct_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1479
1344
|
return 1;
|
1480
1345
|
}
|
1481
1346
|
|
1482
|
-
static int ext_sct_parse_clienthello(
|
1347
|
+
static int ext_sct_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1483
1348
|
CBS *contents) {
|
1484
|
-
|
1349
|
+
if (contents == NULL) {
|
1350
|
+
return 1;
|
1351
|
+
}
|
1352
|
+
|
1353
|
+
if (CBS_len(contents) != 0) {
|
1354
|
+
return 0;
|
1355
|
+
}
|
1356
|
+
|
1357
|
+
hs->scts_requested = 1;
|
1358
|
+
return 1;
|
1485
1359
|
}
|
1486
1360
|
|
1487
|
-
static int ext_sct_add_serverhello(
|
1361
|
+
static int ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
1362
|
+
SSL *const ssl = hs->ssl;
|
1488
1363
|
/* The extension shouldn't be sent when resuming sessions. */
|
1489
|
-
if (ssl
|
1490
|
-
ssl->
|
1364
|
+
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
|
1365
|
+
ssl->s3->session_reused ||
|
1366
|
+
ssl->cert->signed_cert_timestamp_list == NULL) {
|
1491
1367
|
return 1;
|
1492
1368
|
}
|
1493
1369
|
|
1494
1370
|
CBB contents;
|
1495
1371
|
return CBB_add_u16(out, TLSEXT_TYPE_certificate_timestamp) &&
|
1496
1372
|
CBB_add_u16_length_prefixed(out, &contents) &&
|
1497
|
-
CBB_add_bytes(
|
1498
|
-
|
1373
|
+
CBB_add_bytes(
|
1374
|
+
&contents,
|
1375
|
+
CRYPTO_BUFFER_data(ssl->cert->signed_cert_timestamp_list),
|
1376
|
+
CRYPTO_BUFFER_len(ssl->cert->signed_cert_timestamp_list)) &&
|
1499
1377
|
CBB_flush(out);
|
1500
1378
|
}
|
1501
1379
|
|
@@ -1504,12 +1382,8 @@ static int ext_sct_add_serverhello(SSL *ssl, CBB *out) {
|
|
1504
1382
|
*
|
1505
1383
|
* https://tools.ietf.org/html/rfc7301 */
|
1506
1384
|
|
1507
|
-
static
|
1508
|
-
|
1509
|
-
ssl->s3->alpn_selected = NULL;
|
1510
|
-
}
|
1511
|
-
|
1512
|
-
static int ext_alpn_add_clienthello(SSL *ssl, CBB *out) {
|
1385
|
+
static int ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1386
|
+
SSL *const ssl = hs->ssl;
|
1513
1387
|
if (ssl->alpn_client_proto_list == NULL ||
|
1514
1388
|
ssl->s3->initial_handshake_complete) {
|
1515
1389
|
return 1;
|
@@ -1528,8 +1402,9 @@ static int ext_alpn_add_clienthello(SSL *ssl, CBB *out) {
|
|
1528
1402
|
return 1;
|
1529
1403
|
}
|
1530
1404
|
|
1531
|
-
static int ext_alpn_parse_serverhello(
|
1405
|
+
static int ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1532
1406
|
CBS *contents) {
|
1407
|
+
SSL *const ssl = hs->ssl;
|
1533
1408
|
if (contents == NULL) {
|
1534
1409
|
return 1;
|
1535
1410
|
}
|
@@ -1537,7 +1412,7 @@ static int ext_alpn_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1537
1412
|
assert(!ssl->s3->initial_handshake_complete);
|
1538
1413
|
assert(ssl->alpn_client_proto_list != NULL);
|
1539
1414
|
|
1540
|
-
if (
|
1415
|
+
if (hs->next_proto_neg_seen) {
|
1541
1416
|
/* NPN and ALPN may not be negotiated in the same connection. */
|
1542
1417
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
1543
1418
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
|
@@ -1569,8 +1444,9 @@ static int ext_alpn_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1569
1444
|
}
|
1570
1445
|
|
1571
1446
|
if (CBS_len(&client_protocol_name) == CBS_len(&protocol_name) &&
|
1572
|
-
|
1573
|
-
|
1447
|
+
OPENSSL_memcmp(CBS_data(&client_protocol_name),
|
1448
|
+
CBS_data(&protocol_name),
|
1449
|
+
CBS_len(&protocol_name)) == 0) {
|
1574
1450
|
protocol_ok = 1;
|
1575
1451
|
break;
|
1576
1452
|
}
|
@@ -1591,24 +1467,27 @@ static int ext_alpn_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1591
1467
|
return 1;
|
1592
1468
|
}
|
1593
1469
|
|
1594
|
-
|
1595
|
-
|
1596
|
-
|
1597
|
-
|
1598
|
-
}
|
1599
|
-
|
1470
|
+
int ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1471
|
+
const SSL_CLIENT_HELLO *client_hello) {
|
1472
|
+
SSL *const ssl = hs->ssl;
|
1473
|
+
CBS contents;
|
1600
1474
|
if (ssl->ctx->alpn_select_cb == NULL ||
|
1601
|
-
|
1475
|
+
!ssl_client_hello_get_extension(
|
1476
|
+
client_hello, &contents,
|
1477
|
+
TLSEXT_TYPE_application_layer_protocol_negotiation)) {
|
1478
|
+
/* Ignore ALPN if not configured or no extension was supplied. */
|
1602
1479
|
return 1;
|
1603
1480
|
}
|
1604
1481
|
|
1605
1482
|
/* ALPN takes precedence over NPN. */
|
1606
|
-
|
1483
|
+
hs->next_proto_neg_seen = 0;
|
1607
1484
|
|
1608
1485
|
CBS protocol_name_list;
|
1609
|
-
if (!CBS_get_u16_length_prefixed(contents, &protocol_name_list) ||
|
1610
|
-
CBS_len(contents) != 0 ||
|
1486
|
+
if (!CBS_get_u16_length_prefixed(&contents, &protocol_name_list) ||
|
1487
|
+
CBS_len(&contents) != 0 ||
|
1611
1488
|
CBS_len(&protocol_name_list) < 2) {
|
1489
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
|
1490
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
1612
1491
|
return 0;
|
1613
1492
|
}
|
1614
1493
|
|
@@ -1620,6 +1499,8 @@ static int ext_alpn_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
1620
1499
|
if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) ||
|
1621
1500
|
/* Empty protocol names are forbidden. */
|
1622
1501
|
CBS_len(&protocol_name) == 0) {
|
1502
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
|
1503
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
1623
1504
|
return 0;
|
1624
1505
|
}
|
1625
1506
|
}
|
@@ -1642,7 +1523,8 @@ static int ext_alpn_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
1642
1523
|
return 1;
|
1643
1524
|
}
|
1644
1525
|
|
1645
|
-
static int ext_alpn_add_serverhello(
|
1526
|
+
static int ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
1527
|
+
SSL *const ssl = hs->ssl;
|
1646
1528
|
if (ssl->s3->alpn_selected == NULL) {
|
1647
1529
|
return 1;
|
1648
1530
|
}
|
@@ -1666,11 +1548,12 @@ static int ext_alpn_add_serverhello(SSL *ssl, CBB *out) {
|
|
1666
1548
|
*
|
1667
1549
|
* https://tools.ietf.org/html/draft-balfanz-tls-channelid-01 */
|
1668
1550
|
|
1669
|
-
static void ext_channel_id_init(
|
1670
|
-
ssl->s3->tlsext_channel_id_valid = 0;
|
1551
|
+
static void ext_channel_id_init(SSL_HANDSHAKE *hs) {
|
1552
|
+
hs->ssl->s3->tlsext_channel_id_valid = 0;
|
1671
1553
|
}
|
1672
1554
|
|
1673
|
-
static int ext_channel_id_add_clienthello(
|
1555
|
+
static int ext_channel_id_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1556
|
+
SSL *const ssl = hs->ssl;
|
1674
1557
|
if (!ssl->tlsext_channel_id_enabled ||
|
1675
1558
|
SSL_is_dtls(ssl)) {
|
1676
1559
|
return 1;
|
@@ -1684,16 +1567,13 @@ static int ext_channel_id_add_clienthello(SSL *ssl, CBB *out) {
|
|
1684
1567
|
return 1;
|
1685
1568
|
}
|
1686
1569
|
|
1687
|
-
static int ext_channel_id_parse_serverhello(
|
1688
|
-
CBS *contents) {
|
1570
|
+
static int ext_channel_id_parse_serverhello(SSL_HANDSHAKE *hs,
|
1571
|
+
uint8_t *out_alert, CBS *contents) {
|
1572
|
+
SSL *const ssl = hs->ssl;
|
1689
1573
|
if (contents == NULL) {
|
1690
1574
|
return 1;
|
1691
1575
|
}
|
1692
1576
|
|
1693
|
-
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
1694
|
-
return 0;
|
1695
|
-
}
|
1696
|
-
|
1697
1577
|
assert(!SSL_is_dtls(ssl));
|
1698
1578
|
assert(ssl->tlsext_channel_id_enabled);
|
1699
1579
|
|
@@ -1705,8 +1585,9 @@ static int ext_channel_id_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1705
1585
|
return 1;
|
1706
1586
|
}
|
1707
1587
|
|
1708
|
-
static int ext_channel_id_parse_clienthello(
|
1709
|
-
CBS *contents) {
|
1588
|
+
static int ext_channel_id_parse_clienthello(SSL_HANDSHAKE *hs,
|
1589
|
+
uint8_t *out_alert, CBS *contents) {
|
1590
|
+
SSL *const ssl = hs->ssl;
|
1710
1591
|
if (contents == NULL ||
|
1711
1592
|
!ssl->tlsext_channel_id_enabled ||
|
1712
1593
|
SSL_is_dtls(ssl)) {
|
@@ -1721,11 +1602,8 @@ static int ext_channel_id_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
1721
1602
|
return 1;
|
1722
1603
|
}
|
1723
1604
|
|
1724
|
-
static int ext_channel_id_add_serverhello(
|
1725
|
-
|
1726
|
-
return 1;
|
1727
|
-
}
|
1728
|
-
|
1605
|
+
static int ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
1606
|
+
SSL *const ssl = hs->ssl;
|
1729
1607
|
if (!ssl->s3->tlsext_channel_id_valid) {
|
1730
1608
|
return 1;
|
1731
1609
|
}
|
@@ -1744,11 +1622,12 @@ static int ext_channel_id_add_serverhello(SSL *ssl, CBB *out) {
|
|
1744
1622
|
* https://tools.ietf.org/html/rfc5764 */
|
1745
1623
|
|
1746
1624
|
|
1747
|
-
static void ext_srtp_init(
|
1748
|
-
ssl->srtp_profile = NULL;
|
1625
|
+
static void ext_srtp_init(SSL_HANDSHAKE *hs) {
|
1626
|
+
hs->ssl->srtp_profile = NULL;
|
1749
1627
|
}
|
1750
1628
|
|
1751
|
-
static int ext_srtp_add_clienthello(
|
1629
|
+
static int ext_srtp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1630
|
+
SSL *const ssl = hs->ssl;
|
1752
1631
|
STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
|
1753
1632
|
if (profiles == NULL) {
|
1754
1633
|
return 1;
|
@@ -1780,8 +1659,9 @@ static int ext_srtp_add_clienthello(SSL *ssl, CBB *out) {
|
|
1780
1659
|
return 1;
|
1781
1660
|
}
|
1782
1661
|
|
1783
|
-
static int ext_srtp_parse_serverhello(
|
1662
|
+
static int ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1784
1663
|
CBS *contents) {
|
1664
|
+
SSL *const ssl = hs->ssl;
|
1785
1665
|
if (contents == NULL) {
|
1786
1666
|
return 1;
|
1787
1667
|
}
|
@@ -1827,8 +1707,9 @@ static int ext_srtp_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1827
1707
|
return 0;
|
1828
1708
|
}
|
1829
1709
|
|
1830
|
-
static int ext_srtp_parse_clienthello(
|
1710
|
+
static int ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1831
1711
|
CBS *contents) {
|
1712
|
+
SSL *const ssl = hs->ssl;
|
1832
1713
|
if (contents == NULL) {
|
1833
1714
|
return 1;
|
1834
1715
|
}
|
@@ -1870,7 +1751,8 @@ static int ext_srtp_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
1870
1751
|
return 1;
|
1871
1752
|
}
|
1872
1753
|
|
1873
|
-
static int ext_srtp_add_serverhello(
|
1754
|
+
static int ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
1755
|
+
SSL *const ssl = hs->ssl;
|
1874
1756
|
if (ssl->srtp_profile == NULL) {
|
1875
1757
|
return 1;
|
1876
1758
|
}
|
@@ -1893,27 +1775,7 @@ static int ext_srtp_add_serverhello(SSL *ssl, CBB *out) {
|
|
1893
1775
|
*
|
1894
1776
|
* https://tools.ietf.org/html/rfc4492#section-5.1.2 */
|
1895
1777
|
|
1896
|
-
static int
|
1897
|
-
if (ssl->version < TLS1_VERSION && !SSL_is_dtls(ssl)) {
|
1898
|
-
return 0;
|
1899
|
-
}
|
1900
|
-
|
1901
|
-
const STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(ssl);
|
1902
|
-
|
1903
|
-
for (size_t i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
|
1904
|
-
const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(cipher_stack, i);
|
1905
|
-
|
1906
|
-
const uint32_t alg_k = cipher->algorithm_mkey;
|
1907
|
-
const uint32_t alg_a = cipher->algorithm_auth;
|
1908
|
-
if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) {
|
1909
|
-
return 1;
|
1910
|
-
}
|
1911
|
-
}
|
1912
|
-
|
1913
|
-
return 0;
|
1914
|
-
}
|
1915
|
-
|
1916
|
-
static int ext_ec_point_add_extension(SSL *ssl, CBB *out) {
|
1778
|
+
static int ext_ec_point_add_extension(SSL_HANDSHAKE *hs, CBB *out) {
|
1917
1779
|
CBB contents, formats;
|
1918
1780
|
if (!CBB_add_u16(out, TLSEXT_TYPE_ec_point_formats) ||
|
1919
1781
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
@@ -1926,21 +1788,27 @@ static int ext_ec_point_add_extension(SSL *ssl, CBB *out) {
|
|
1926
1788
|
return 1;
|
1927
1789
|
}
|
1928
1790
|
|
1929
|
-
static int ext_ec_point_add_clienthello(
|
1930
|
-
|
1931
|
-
|
1932
|
-
|
1791
|
+
static int ext_ec_point_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1792
|
+
uint16_t min_version, max_version;
|
1793
|
+
if (!ssl_get_version_range(hs->ssl, &min_version, &max_version)) {
|
1794
|
+
return 0;
|
1795
|
+
}
|
1796
|
+
|
1797
|
+
/* The point format extension is unneccessary in TLS 1.3. */
|
1798
|
+
if (min_version >= TLS1_3_VERSION) {
|
1799
|
+
return 1;
|
1800
|
+
}
|
1933
1801
|
|
1934
|
-
return ext_ec_point_add_extension(
|
1802
|
+
return ext_ec_point_add_extension(hs, out);
|
1935
1803
|
}
|
1936
1804
|
|
1937
|
-
static int ext_ec_point_parse_serverhello(
|
1805
|
+
static int ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1938
1806
|
CBS *contents) {
|
1939
1807
|
if (contents == NULL) {
|
1940
1808
|
return 1;
|
1941
1809
|
}
|
1942
1810
|
|
1943
|
-
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
1811
|
+
if (ssl3_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
|
1944
1812
|
return 0;
|
1945
1813
|
}
|
1946
1814
|
|
@@ -1952,8 +1820,9 @@ static int ext_ec_point_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1952
1820
|
|
1953
1821
|
/* Per RFC 4492, section 5.1.2, implementations MUST support the uncompressed
|
1954
1822
|
* point format. */
|
1955
|
-
if (
|
1956
|
-
|
1823
|
+
if (OPENSSL_memchr(CBS_data(&ec_point_format_list),
|
1824
|
+
TLSEXT_ECPOINTFORMAT_uncompressed,
|
1825
|
+
CBS_len(&ec_point_format_list)) == NULL) {
|
1957
1826
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
1958
1827
|
return 0;
|
1959
1828
|
}
|
@@ -1961,36 +1830,64 @@ static int ext_ec_point_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
1961
1830
|
return 1;
|
1962
1831
|
}
|
1963
1832
|
|
1964
|
-
static int ext_ec_point_parse_clienthello(
|
1833
|
+
static int ext_ec_point_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
1965
1834
|
CBS *contents) {
|
1966
|
-
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
1835
|
+
if (ssl3_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
|
1967
1836
|
return 1;
|
1968
1837
|
}
|
1969
1838
|
|
1970
|
-
return ext_ec_point_parse_serverhello(
|
1839
|
+
return ext_ec_point_parse_serverhello(hs, out_alert, contents);
|
1971
1840
|
}
|
1972
1841
|
|
1973
|
-
static int ext_ec_point_add_serverhello(
|
1842
|
+
static int ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
1843
|
+
SSL *const ssl = hs->ssl;
|
1974
1844
|
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
1975
1845
|
return 1;
|
1976
1846
|
}
|
1977
1847
|
|
1978
|
-
const uint32_t alg_k =
|
1979
|
-
const uint32_t alg_a =
|
1848
|
+
const uint32_t alg_k = hs->new_cipher->algorithm_mkey;
|
1849
|
+
const uint32_t alg_a = hs->new_cipher->algorithm_auth;
|
1980
1850
|
const int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
|
1981
1851
|
|
1982
1852
|
if (!using_ecc) {
|
1983
1853
|
return 1;
|
1984
1854
|
}
|
1985
1855
|
|
1986
|
-
return ext_ec_point_add_extension(
|
1856
|
+
return ext_ec_point_add_extension(hs, out);
|
1987
1857
|
}
|
1988
1858
|
|
1859
|
+
|
1989
1860
|
/* Pre Shared Key
|
1990
1861
|
*
|
1991
|
-
* https://tools.ietf.org/html/draft-ietf-tls-tls13-
|
1862
|
+
* https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.6 */
|
1992
1863
|
|
1993
|
-
static
|
1864
|
+
static size_t ext_pre_shared_key_clienthello_length(SSL_HANDSHAKE *hs) {
|
1865
|
+
SSL *const ssl = hs->ssl;
|
1866
|
+
uint16_t min_version, max_version;
|
1867
|
+
if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
|
1868
|
+
return 0;
|
1869
|
+
}
|
1870
|
+
|
1871
|
+
uint16_t session_version;
|
1872
|
+
if (max_version < TLS1_3_VERSION || ssl->session == NULL ||
|
1873
|
+
!ssl->method->version_from_wire(&session_version,
|
1874
|
+
ssl->session->ssl_version) ||
|
1875
|
+
session_version < TLS1_3_VERSION) {
|
1876
|
+
return 0;
|
1877
|
+
}
|
1878
|
+
|
1879
|
+
const EVP_MD *digest = SSL_SESSION_get_digest(ssl->session, ssl);
|
1880
|
+
if (digest == NULL) {
|
1881
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
1882
|
+
return 0;
|
1883
|
+
}
|
1884
|
+
|
1885
|
+
size_t binder_len = EVP_MD_size(digest);
|
1886
|
+
return 15 + ssl->session->tlsext_ticklen + binder_len;
|
1887
|
+
}
|
1888
|
+
|
1889
|
+
static int ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1890
|
+
SSL *const ssl = hs->ssl;
|
1994
1891
|
uint16_t min_version, max_version;
|
1995
1892
|
if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
|
1996
1893
|
return 0;
|
@@ -2004,29 +1901,55 @@ static int ext_pre_shared_key_add_clienthello(SSL *ssl, CBB *out) {
|
|
2004
1901
|
return 1;
|
2005
1902
|
}
|
2006
1903
|
|
2007
|
-
|
1904
|
+
struct timeval now;
|
1905
|
+
ssl_get_current_time(ssl, &now);
|
1906
|
+
uint32_t ticket_age = 1000 * (now.tv_sec - ssl->session->time);
|
1907
|
+
uint32_t obfuscated_ticket_age = ticket_age + ssl->session->ticket_age_add;
|
1908
|
+
|
1909
|
+
/* Fill in a placeholder zero binder of the appropriate length. It will be
|
1910
|
+
* computed and filled in later after length prefixes are computed. */
|
1911
|
+
uint8_t zero_binder[EVP_MAX_MD_SIZE] = {0};
|
1912
|
+
|
1913
|
+
const EVP_MD *digest = SSL_SESSION_get_digest(ssl->session, ssl);
|
1914
|
+
if (digest == NULL) {
|
1915
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
1916
|
+
return 0;
|
1917
|
+
}
|
1918
|
+
|
1919
|
+
size_t binder_len = EVP_MD_size(digest);
|
1920
|
+
|
1921
|
+
CBB contents, identity, ticket, binders, binder;
|
2008
1922
|
if (!CBB_add_u16(out, TLSEXT_TYPE_pre_shared_key) ||
|
2009
1923
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
2010
|
-
!CBB_add_u16_length_prefixed(&contents, &
|
2011
|
-
!CBB_add_u16_length_prefixed(&
|
2012
|
-
!CBB_add_bytes(&
|
2013
|
-
ssl->session->tlsext_ticklen)
|
1924
|
+
!CBB_add_u16_length_prefixed(&contents, &identity) ||
|
1925
|
+
!CBB_add_u16_length_prefixed(&identity, &ticket) ||
|
1926
|
+
!CBB_add_bytes(&ticket, ssl->session->tlsext_tick,
|
1927
|
+
ssl->session->tlsext_ticklen) ||
|
1928
|
+
!CBB_add_u32(&identity, obfuscated_ticket_age) ||
|
1929
|
+
!CBB_add_u16_length_prefixed(&contents, &binders) ||
|
1930
|
+
!CBB_add_u8_length_prefixed(&binders, &binder) ||
|
1931
|
+
!CBB_add_bytes(&binder, zero_binder, binder_len)) {
|
2014
1932
|
return 0;
|
2015
1933
|
}
|
2016
1934
|
|
1935
|
+
hs->needs_psk_binder = 1;
|
2017
1936
|
return CBB_flush(out);
|
2018
1937
|
}
|
2019
1938
|
|
2020
|
-
int ssl_ext_pre_shared_key_parse_serverhello(
|
1939
|
+
int ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
|
1940
|
+
uint8_t *out_alert,
|
2021
1941
|
CBS *contents) {
|
2022
1942
|
uint16_t psk_id;
|
2023
1943
|
if (!CBS_get_u16(contents, &psk_id) ||
|
2024
1944
|
CBS_len(contents) != 0) {
|
1945
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
2025
1946
|
*out_alert = SSL_AD_DECODE_ERROR;
|
2026
1947
|
return 0;
|
2027
1948
|
}
|
2028
1949
|
|
1950
|
+
/* We only advertise one PSK identity, so the only legal index is zero. */
|
2029
1951
|
if (psk_id != 0) {
|
1952
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
|
2030
1953
|
*out_alert = SSL_AD_UNKNOWN_PSK_IDENTITY;
|
2031
1954
|
return 0;
|
2032
1955
|
}
|
@@ -2034,27 +1957,80 @@ int ssl_ext_pre_shared_key_parse_serverhello(SSL *ssl, uint8_t *out_alert,
|
|
2034
1957
|
return 1;
|
2035
1958
|
}
|
2036
1959
|
|
2037
|
-
int ssl_ext_pre_shared_key_parse_clienthello(
|
1960
|
+
int ssl_ext_pre_shared_key_parse_clienthello(SSL_HANDSHAKE *hs,
|
2038
1961
|
SSL_SESSION **out_session,
|
1962
|
+
CBS *out_binders,
|
2039
1963
|
uint8_t *out_alert,
|
2040
1964
|
CBS *contents) {
|
2041
|
-
|
1965
|
+
SSL *const ssl = hs->ssl;
|
1966
|
+
/* We only process the first PSK identity since we don't support pure PSK. */
|
1967
|
+
uint32_t obfuscated_ticket_age;
|
1968
|
+
CBS identities, ticket, binders;
|
2042
1969
|
if (!CBS_get_u16_length_prefixed(contents, &identities) ||
|
2043
|
-
!CBS_get_u16_length_prefixed(&identities, &
|
1970
|
+
!CBS_get_u16_length_prefixed(&identities, &ticket) ||
|
1971
|
+
!CBS_get_u32(&identities, &obfuscated_ticket_age) ||
|
1972
|
+
!CBS_get_u16_length_prefixed(contents, &binders) ||
|
1973
|
+
CBS_len(&binders) == 0 ||
|
2044
1974
|
CBS_len(contents) != 0) {
|
1975
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
2045
1976
|
*out_alert = SSL_AD_DECODE_ERROR;
|
2046
1977
|
return 0;
|
2047
1978
|
}
|
2048
1979
|
|
1980
|
+
*out_binders = binders;
|
1981
|
+
|
1982
|
+
/* Check the syntax of the remaining identities, but do not process them. */
|
1983
|
+
size_t num_identities = 1;
|
1984
|
+
while (CBS_len(&identities) != 0) {
|
1985
|
+
CBS unused_ticket;
|
1986
|
+
uint32_t unused_obfuscated_ticket_age;
|
1987
|
+
if (!CBS_get_u16_length_prefixed(&identities, &unused_ticket) ||
|
1988
|
+
!CBS_get_u32(&identities, &unused_obfuscated_ticket_age)) {
|
1989
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
1990
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
1991
|
+
return 0;
|
1992
|
+
}
|
1993
|
+
|
1994
|
+
num_identities++;
|
1995
|
+
}
|
1996
|
+
|
1997
|
+
/* Check the syntax of the binders. The value will be checked later if
|
1998
|
+
* resuming. */
|
1999
|
+
size_t num_binders = 0;
|
2000
|
+
while (CBS_len(&binders) != 0) {
|
2001
|
+
CBS binder;
|
2002
|
+
if (!CBS_get_u8_length_prefixed(&binders, &binder)) {
|
2003
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
2004
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
2005
|
+
return 0;
|
2006
|
+
}
|
2007
|
+
|
2008
|
+
num_binders++;
|
2009
|
+
}
|
2010
|
+
|
2011
|
+
if (num_identities != num_binders) {
|
2012
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_BINDER_COUNT_MISMATCH);
|
2013
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
2014
|
+
return 0;
|
2015
|
+
}
|
2016
|
+
|
2017
|
+
/* TODO(svaldez): Check that the ticket_age is valid when attempting to use
|
2018
|
+
* the PSK for 0-RTT. http://crbug.com/boringssl/113 */
|
2019
|
+
|
2049
2020
|
/* TLS 1.3 session tickets are renewed separately as part of the
|
2050
2021
|
* NewSessionTicket. */
|
2051
|
-
int
|
2052
|
-
|
2053
|
-
|
2022
|
+
int unused_renew;
|
2023
|
+
if (!tls_process_ticket(ssl, out_session, &unused_renew, CBS_data(&ticket),
|
2024
|
+
CBS_len(&ticket), NULL, 0)) {
|
2025
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
2026
|
+
return 0;
|
2027
|
+
}
|
2028
|
+
|
2029
|
+
return 1;
|
2054
2030
|
}
|
2055
2031
|
|
2056
|
-
int ssl_ext_pre_shared_key_add_serverhello(
|
2057
|
-
if (!ssl->s3->session_reused) {
|
2032
|
+
int ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
2033
|
+
if (!hs->ssl->s3->session_reused) {
|
2058
2034
|
return 1;
|
2059
2035
|
}
|
2060
2036
|
|
@@ -2071,17 +2047,98 @@ int ssl_ext_pre_shared_key_add_serverhello(SSL *ssl, CBB *out) {
|
|
2071
2047
|
}
|
2072
2048
|
|
2073
2049
|
|
2050
|
+
/* Pre-Shared Key Exchange Modes
|
2051
|
+
*
|
2052
|
+
* https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.7 */
|
2053
|
+
|
2054
|
+
static int ext_psk_key_exchange_modes_add_clienthello(SSL_HANDSHAKE *hs,
|
2055
|
+
CBB *out) {
|
2056
|
+
SSL *const ssl = hs->ssl;
|
2057
|
+
uint16_t min_version, max_version;
|
2058
|
+
if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
|
2059
|
+
return 0;
|
2060
|
+
}
|
2061
|
+
|
2062
|
+
if (max_version < TLS1_3_VERSION) {
|
2063
|
+
return 1;
|
2064
|
+
}
|
2065
|
+
|
2066
|
+
CBB contents, ke_modes;
|
2067
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_psk_key_exchange_modes) ||
|
2068
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
2069
|
+
!CBB_add_u8_length_prefixed(&contents, &ke_modes) ||
|
2070
|
+
!CBB_add_u8(&ke_modes, SSL_PSK_DHE_KE)) {
|
2071
|
+
return 0;
|
2072
|
+
}
|
2073
|
+
|
2074
|
+
return CBB_flush(out);
|
2075
|
+
}
|
2076
|
+
|
2077
|
+
static int ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
|
2078
|
+
uint8_t *out_alert,
|
2079
|
+
CBS *contents) {
|
2080
|
+
if (contents == NULL) {
|
2081
|
+
return 1;
|
2082
|
+
}
|
2083
|
+
|
2084
|
+
CBS ke_modes;
|
2085
|
+
if (!CBS_get_u8_length_prefixed(contents, &ke_modes) ||
|
2086
|
+
CBS_len(&ke_modes) == 0 ||
|
2087
|
+
CBS_len(contents) != 0) {
|
2088
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
2089
|
+
return 0;
|
2090
|
+
}
|
2091
|
+
|
2092
|
+
/* We only support tickets with PSK_DHE_KE. */
|
2093
|
+
hs->accept_psk_mode = OPENSSL_memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE,
|
2094
|
+
CBS_len(&ke_modes)) != NULL;
|
2095
|
+
|
2096
|
+
return 1;
|
2097
|
+
}
|
2098
|
+
|
2099
|
+
|
2100
|
+
/* Early Data Indication
|
2101
|
+
*
|
2102
|
+
* https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.8 */
|
2103
|
+
|
2104
|
+
static int ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
2105
|
+
/* TODO(svaldez): Support 0RTT. */
|
2106
|
+
return 1;
|
2107
|
+
}
|
2108
|
+
|
2109
|
+
static int ext_early_data_parse_clienthello(SSL_HANDSHAKE *hs,
|
2110
|
+
uint8_t *out_alert, CBS *contents) {
|
2111
|
+
SSL *const ssl = hs->ssl;
|
2112
|
+
if (contents == NULL) {
|
2113
|
+
return 1;
|
2114
|
+
}
|
2115
|
+
|
2116
|
+
if (CBS_len(contents) != 0) {
|
2117
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
2118
|
+
return 0;
|
2119
|
+
}
|
2120
|
+
|
2121
|
+
/* Since we don't currently accept 0-RTT, we have to skip past any early data
|
2122
|
+
* the client might have sent. */
|
2123
|
+
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
2124
|
+
ssl->s3->skip_early_data = 1;
|
2125
|
+
}
|
2126
|
+
return 1;
|
2127
|
+
}
|
2128
|
+
|
2129
|
+
|
2074
2130
|
/* Key Share
|
2075
2131
|
*
|
2076
|
-
* https://tools.ietf.org/html/draft-ietf-tls-tls13-
|
2132
|
+
* https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.5 */
|
2077
2133
|
|
2078
|
-
static int ext_key_share_add_clienthello(
|
2134
|
+
static int ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
2135
|
+
SSL *const ssl = hs->ssl;
|
2079
2136
|
uint16_t min_version, max_version;
|
2080
2137
|
if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
|
2081
2138
|
return 0;
|
2082
2139
|
}
|
2083
2140
|
|
2084
|
-
if (max_version < TLS1_3_VERSION
|
2141
|
+
if (max_version < TLS1_3_VERSION) {
|
2085
2142
|
return 1;
|
2086
2143
|
}
|
2087
2144
|
|
@@ -2092,18 +2149,21 @@ static int ext_key_share_add_clienthello(SSL *ssl, CBB *out) {
|
|
2092
2149
|
return 0;
|
2093
2150
|
}
|
2094
2151
|
|
2095
|
-
uint16_t group_id;
|
2096
|
-
if (
|
2097
|
-
/*
|
2098
|
-
|
2099
|
-
|
2152
|
+
uint16_t group_id = hs->retry_group;
|
2153
|
+
if (hs->received_hello_retry_request) {
|
2154
|
+
/* We received a HelloRetryRequest without a new curve, so there is no new
|
2155
|
+
* share to append. Leave |ecdh_ctx| as-is. */
|
2156
|
+
if (group_id == 0 &&
|
2157
|
+
!CBB_add_bytes(&kse_bytes, hs->key_share_bytes,
|
2158
|
+
hs->key_share_bytes_len)) {
|
2100
2159
|
return 0;
|
2101
2160
|
}
|
2102
|
-
OPENSSL_free(
|
2103
|
-
|
2104
|
-
|
2105
|
-
|
2106
|
-
|
2161
|
+
OPENSSL_free(hs->key_share_bytes);
|
2162
|
+
hs->key_share_bytes = NULL;
|
2163
|
+
hs->key_share_bytes_len = 0;
|
2164
|
+
if (group_id == 0) {
|
2165
|
+
return CBB_flush(out);
|
2166
|
+
}
|
2107
2167
|
} else {
|
2108
2168
|
/* Add a fake group. See draft-davidben-tls-grease-01. */
|
2109
2169
|
if (ssl->ctx->grease_enabled &&
|
@@ -2117,7 +2177,7 @@ static int ext_key_share_add_clienthello(SSL *ssl, CBB *out) {
|
|
2117
2177
|
/* Predict the most preferred group. */
|
2118
2178
|
const uint16_t *groups;
|
2119
2179
|
size_t groups_len;
|
2120
|
-
tls1_get_grouplist(ssl,
|
2180
|
+
tls1_get_grouplist(ssl, &groups, &groups_len);
|
2121
2181
|
if (groups_len == 0) {
|
2122
2182
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_GROUPS_SPECIFIED);
|
2123
2183
|
return 0;
|
@@ -2129,19 +2189,18 @@ static int ext_key_share_add_clienthello(SSL *ssl, CBB *out) {
|
|
2129
2189
|
CBB key_exchange;
|
2130
2190
|
if (!CBB_add_u16(&kse_bytes, group_id) ||
|
2131
2191
|
!CBB_add_u16_length_prefixed(&kse_bytes, &key_exchange) ||
|
2132
|
-
!SSL_ECDH_CTX_init(&
|
2133
|
-
!SSL_ECDH_CTX_offer(&
|
2192
|
+
!SSL_ECDH_CTX_init(&hs->ecdh_ctx, group_id) ||
|
2193
|
+
!SSL_ECDH_CTX_offer(&hs->ecdh_ctx, &key_exchange) ||
|
2134
2194
|
!CBB_flush(&kse_bytes)) {
|
2135
2195
|
return 0;
|
2136
2196
|
}
|
2137
2197
|
|
2138
|
-
if (!
|
2198
|
+
if (!hs->received_hello_retry_request) {
|
2139
2199
|
/* Save the contents of the extension to repeat it in the second
|
2140
2200
|
* ClientHello. */
|
2141
|
-
|
2142
|
-
|
2143
|
-
|
2144
|
-
if (ssl->s3->hs->key_share_bytes == NULL) {
|
2201
|
+
hs->key_share_bytes_len = CBB_len(&kse_bytes);
|
2202
|
+
hs->key_share_bytes = BUF_memdup(CBB_data(&kse_bytes), CBB_len(&kse_bytes));
|
2203
|
+
if (hs->key_share_bytes == NULL) {
|
2145
2204
|
return 0;
|
2146
2205
|
}
|
2147
2206
|
}
|
@@ -2149,7 +2208,7 @@ static int ext_key_share_add_clienthello(SSL *ssl, CBB *out) {
|
|
2149
2208
|
return CBB_flush(out);
|
2150
2209
|
}
|
2151
2210
|
|
2152
|
-
int ssl_ext_key_share_parse_serverhello(
|
2211
|
+
int ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t **out_secret,
|
2153
2212
|
size_t *out_secret_len,
|
2154
2213
|
uint8_t *out_alert, CBS *contents) {
|
2155
2214
|
CBS peer_key;
|
@@ -2161,32 +2220,36 @@ int ssl_ext_key_share_parse_serverhello(SSL *ssl, uint8_t **out_secret,
|
|
2161
2220
|
return 0;
|
2162
2221
|
}
|
2163
2222
|
|
2164
|
-
if (SSL_ECDH_CTX_get_id(&
|
2223
|
+
if (SSL_ECDH_CTX_get_id(&hs->ecdh_ctx) != group_id) {
|
2165
2224
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
2166
2225
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
|
2167
2226
|
return 0;
|
2168
2227
|
}
|
2169
2228
|
|
2170
|
-
if (!SSL_ECDH_CTX_finish(&
|
2171
|
-
|
2172
|
-
CBS_len(&peer_key))) {
|
2229
|
+
if (!SSL_ECDH_CTX_finish(&hs->ecdh_ctx, out_secret, out_secret_len, out_alert,
|
2230
|
+
CBS_data(&peer_key), CBS_len(&peer_key))) {
|
2173
2231
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
2174
2232
|
return 0;
|
2175
2233
|
}
|
2176
2234
|
|
2177
|
-
|
2178
|
-
SSL_ECDH_CTX_cleanup(&
|
2235
|
+
hs->new_session->group_id = group_id;
|
2236
|
+
SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
|
2179
2237
|
return 1;
|
2180
2238
|
}
|
2181
2239
|
|
2182
|
-
int ssl_ext_key_share_parse_clienthello(
|
2240
|
+
int ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, int *out_found,
|
2183
2241
|
uint8_t **out_secret,
|
2184
2242
|
size_t *out_secret_len,
|
2185
2243
|
uint8_t *out_alert, CBS *contents) {
|
2186
2244
|
uint16_t group_id;
|
2187
2245
|
CBS key_shares;
|
2188
|
-
if (!tls1_get_shared_group(
|
2189
|
-
|
2246
|
+
if (!tls1_get_shared_group(hs, &group_id)) {
|
2247
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_GROUP);
|
2248
|
+
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
|
2249
|
+
return 0;
|
2250
|
+
}
|
2251
|
+
|
2252
|
+
if (!CBS_get_u16_length_prefixed(contents, &key_shares) ||
|
2190
2253
|
CBS_len(contents) != 0) {
|
2191
2254
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
2192
2255
|
return 0;
|
@@ -2228,18 +2291,17 @@ int ssl_ext_key_share_parse_clienthello(SSL *ssl, int *out_found,
|
|
2228
2291
|
uint8_t *secret = NULL;
|
2229
2292
|
size_t secret_len;
|
2230
2293
|
SSL_ECDH_CTX group;
|
2231
|
-
|
2294
|
+
OPENSSL_memset(&group, 0, sizeof(SSL_ECDH_CTX));
|
2232
2295
|
CBB public_key;
|
2233
2296
|
if (!CBB_init(&public_key, 32) ||
|
2234
2297
|
!SSL_ECDH_CTX_init(&group, group_id) ||
|
2235
|
-
!SSL_ECDH_CTX_accept(&group, &public_key, &secret, &secret_len,
|
2236
|
-
|
2237
|
-
|
2238
|
-
!CBB_finish(&public_key, &ssl->s3->hs->public_key,
|
2239
|
-
&ssl->s3->hs->public_key_len)) {
|
2298
|
+
!SSL_ECDH_CTX_accept(&group, &public_key, &secret, &secret_len, out_alert,
|
2299
|
+
CBS_data(&peer_key), CBS_len(&peer_key)) ||
|
2300
|
+
!CBB_finish(&public_key, &hs->public_key, &hs->public_key_len)) {
|
2240
2301
|
OPENSSL_free(secret);
|
2241
2302
|
SSL_ECDH_CTX_cleanup(&group);
|
2242
2303
|
CBB_cleanup(&public_key);
|
2304
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
2243
2305
|
return 0;
|
2244
2306
|
}
|
2245
2307
|
|
@@ -2251,29 +2313,24 @@ int ssl_ext_key_share_parse_clienthello(SSL *ssl, int *out_found,
|
|
2251
2313
|
return 1;
|
2252
2314
|
}
|
2253
2315
|
|
2254
|
-
int ssl_ext_key_share_add_serverhello(
|
2255
|
-
if (ssl->s3->tmp.new_cipher->algorithm_mkey != SSL_kECDHE) {
|
2256
|
-
return 1;
|
2257
|
-
}
|
2258
|
-
|
2316
|
+
int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
2259
2317
|
uint16_t group_id;
|
2260
2318
|
CBB kse_bytes, public_key;
|
2261
|
-
if (!tls1_get_shared_group(
|
2319
|
+
if (!tls1_get_shared_group(hs, &group_id) ||
|
2262
2320
|
!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
|
2263
2321
|
!CBB_add_u16_length_prefixed(out, &kse_bytes) ||
|
2264
2322
|
!CBB_add_u16(&kse_bytes, group_id) ||
|
2265
2323
|
!CBB_add_u16_length_prefixed(&kse_bytes, &public_key) ||
|
2266
|
-
!CBB_add_bytes(&public_key,
|
2267
|
-
ssl->s3->hs->public_key_len) ||
|
2324
|
+
!CBB_add_bytes(&public_key, hs->public_key, hs->public_key_len) ||
|
2268
2325
|
!CBB_flush(out)) {
|
2269
2326
|
return 0;
|
2270
2327
|
}
|
2271
2328
|
|
2272
|
-
OPENSSL_free(
|
2273
|
-
|
2274
|
-
|
2329
|
+
OPENSSL_free(hs->public_key);
|
2330
|
+
hs->public_key = NULL;
|
2331
|
+
hs->public_key_len = 0;
|
2275
2332
|
|
2276
|
-
|
2333
|
+
hs->new_session->group_id = group_id;
|
2277
2334
|
return 1;
|
2278
2335
|
}
|
2279
2336
|
|
@@ -2282,7 +2339,8 @@ int ssl_ext_key_share_add_serverhello(SSL *ssl, CBB *out) {
|
|
2282
2339
|
*
|
2283
2340
|
* https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.1 */
|
2284
2341
|
|
2285
|
-
static int ext_supported_versions_add_clienthello(
|
2342
|
+
static int ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
2343
|
+
SSL *const ssl = hs->ssl;
|
2286
2344
|
uint16_t min_version, max_version;
|
2287
2345
|
if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
|
2288
2346
|
return 0;
|
@@ -2319,22 +2377,79 @@ static int ext_supported_versions_add_clienthello(SSL *ssl, CBB *out) {
|
|
2319
2377
|
}
|
2320
2378
|
|
2321
2379
|
|
2322
|
-
/*
|
2380
|
+
/* Cookie
|
2323
2381
|
*
|
2324
|
-
* https://tools.ietf.org/html/
|
2325
|
-
|
2382
|
+
* https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.2 */
|
2383
|
+
|
2384
|
+
static int ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
2385
|
+
if (hs->cookie == NULL) {
|
2386
|
+
return 1;
|
2387
|
+
}
|
2388
|
+
|
2389
|
+
CBB contents, cookie;
|
2390
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_cookie) ||
|
2391
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
2392
|
+
!CBB_add_u16_length_prefixed(&contents, &cookie) ||
|
2393
|
+
!CBB_add_bytes(&cookie, hs->cookie, hs->cookie_len) ||
|
2394
|
+
!CBB_flush(out)) {
|
2395
|
+
return 0;
|
2396
|
+
}
|
2326
2397
|
|
2327
|
-
|
2328
|
-
OPENSSL_free(
|
2329
|
-
|
2330
|
-
|
2398
|
+
/* The cookie is no longer needed in memory. */
|
2399
|
+
OPENSSL_free(hs->cookie);
|
2400
|
+
hs->cookie = NULL;
|
2401
|
+
hs->cookie_len = 0;
|
2402
|
+
return 1;
|
2331
2403
|
}
|
2332
2404
|
|
2333
|
-
|
2334
|
-
|
2405
|
+
|
2406
|
+
/* Short record headers
|
2407
|
+
*
|
2408
|
+
* This is a non-standard extension which negotiates
|
2409
|
+
* https://github.com/tlswg/tls13-spec/pull/762 for experimenting. */
|
2410
|
+
|
2411
|
+
static int ext_short_header_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
2412
|
+
SSL *const ssl = hs->ssl;
|
2413
|
+
uint16_t min_version, max_version;
|
2414
|
+
if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
|
2415
|
+
return 0;
|
2416
|
+
}
|
2417
|
+
|
2418
|
+
if (max_version < TLS1_3_VERSION ||
|
2419
|
+
!ssl->ctx->short_header_enabled) {
|
2335
2420
|
return 1;
|
2336
2421
|
}
|
2337
2422
|
|
2423
|
+
return CBB_add_u16(out, TLSEXT_TYPE_short_header) &&
|
2424
|
+
CBB_add_u16(out, 0 /* empty extension */);
|
2425
|
+
}
|
2426
|
+
|
2427
|
+
static int ext_short_header_parse_clienthello(SSL_HANDSHAKE *hs,
|
2428
|
+
uint8_t *out_alert,
|
2429
|
+
CBS *contents) {
|
2430
|
+
SSL *const ssl = hs->ssl;
|
2431
|
+
if (contents == NULL ||
|
2432
|
+
!ssl->ctx->short_header_enabled ||
|
2433
|
+
ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
|
2434
|
+
return 1;
|
2435
|
+
}
|
2436
|
+
|
2437
|
+
if (CBS_len(contents) != 0) {
|
2438
|
+
return 0;
|
2439
|
+
}
|
2440
|
+
|
2441
|
+
ssl->s3->short_header = 1;
|
2442
|
+
return 1;
|
2443
|
+
}
|
2444
|
+
|
2445
|
+
|
2446
|
+
/* Negotiated Groups
|
2447
|
+
*
|
2448
|
+
* https://tools.ietf.org/html/rfc4492#section-5.1.2
|
2449
|
+
* https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.4 */
|
2450
|
+
|
2451
|
+
static int ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
2452
|
+
SSL *const ssl = hs->ssl;
|
2338
2453
|
CBB contents, groups_bytes;
|
2339
2454
|
if (!CBB_add_u16(out, TLSEXT_TYPE_supported_groups) ||
|
2340
2455
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
@@ -2351,7 +2466,7 @@ static int ext_supported_groups_add_clienthello(SSL *ssl, CBB *out) {
|
|
2351
2466
|
|
2352
2467
|
const uint16_t *groups;
|
2353
2468
|
size_t groups_len;
|
2354
|
-
tls1_get_grouplist(ssl,
|
2469
|
+
tls1_get_grouplist(ssl, &groups, &groups_len);
|
2355
2470
|
|
2356
2471
|
for (size_t i = 0; i < groups_len; i++) {
|
2357
2472
|
if (!CBB_add_u16(&groups_bytes, groups[i])) {
|
@@ -2362,14 +2477,16 @@ static int ext_supported_groups_add_clienthello(SSL *ssl, CBB *out) {
|
|
2362
2477
|
return CBB_flush(out);
|
2363
2478
|
}
|
2364
2479
|
|
2365
|
-
static int ext_supported_groups_parse_serverhello(
|
2480
|
+
static int ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs,
|
2481
|
+
uint8_t *out_alert,
|
2366
2482
|
CBS *contents) {
|
2367
2483
|
/* This extension is not expected to be echoed by servers in TLS 1.2, but some
|
2368
2484
|
* BigIP servers send it nonetheless, so do not enforce this. */
|
2369
2485
|
return 1;
|
2370
2486
|
}
|
2371
2487
|
|
2372
|
-
static int ext_supported_groups_parse_clienthello(
|
2488
|
+
static int ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs,
|
2489
|
+
uint8_t *out_alert,
|
2373
2490
|
CBS *contents) {
|
2374
2491
|
if (contents == NULL) {
|
2375
2492
|
return 1;
|
@@ -2383,9 +2500,9 @@ static int ext_supported_groups_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
2383
2500
|
return 0;
|
2384
2501
|
}
|
2385
2502
|
|
2386
|
-
|
2387
|
-
CBS_len(&supported_group_list));
|
2388
|
-
if (
|
2503
|
+
hs->peer_supported_group_list =
|
2504
|
+
OPENSSL_malloc(CBS_len(&supported_group_list));
|
2505
|
+
if (hs->peer_supported_group_list == NULL) {
|
2389
2506
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
2390
2507
|
return 0;
|
2391
2508
|
}
|
@@ -2393,24 +2510,24 @@ static int ext_supported_groups_parse_clienthello(SSL *ssl, uint8_t *out_alert,
|
|
2393
2510
|
const size_t num_groups = CBS_len(&supported_group_list) / 2;
|
2394
2511
|
for (size_t i = 0; i < num_groups; i++) {
|
2395
2512
|
if (!CBS_get_u16(&supported_group_list,
|
2396
|
-
&
|
2513
|
+
&hs->peer_supported_group_list[i])) {
|
2397
2514
|
goto err;
|
2398
2515
|
}
|
2399
2516
|
}
|
2400
2517
|
|
2401
2518
|
assert(CBS_len(&supported_group_list) == 0);
|
2402
|
-
|
2519
|
+
hs->peer_supported_group_list_len = num_groups;
|
2403
2520
|
|
2404
2521
|
return 1;
|
2405
2522
|
|
2406
2523
|
err:
|
2407
|
-
OPENSSL_free(
|
2408
|
-
|
2524
|
+
OPENSSL_free(hs->peer_supported_group_list);
|
2525
|
+
hs->peer_supported_group_list = NULL;
|
2409
2526
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
2410
2527
|
return 0;
|
2411
2528
|
}
|
2412
2529
|
|
2413
|
-
static int ext_supported_groups_add_serverhello(
|
2530
|
+
static int ext_supported_groups_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
2414
2531
|
/* Servers don't echo this extension. */
|
2415
2532
|
return 1;
|
2416
2533
|
}
|
@@ -2428,7 +2545,7 @@ static const struct tls_extension kExtensions[] = {
|
|
2428
2545
|
},
|
2429
2546
|
{
|
2430
2547
|
TLSEXT_TYPE_server_name,
|
2431
|
-
|
2548
|
+
NULL,
|
2432
2549
|
ext_sni_add_clienthello,
|
2433
2550
|
ext_sni_parse_serverhello,
|
2434
2551
|
ext_sni_parse_clienthello,
|
@@ -2461,7 +2578,7 @@ static const struct tls_extension kExtensions[] = {
|
|
2461
2578
|
},
|
2462
2579
|
{
|
2463
2580
|
TLSEXT_TYPE_status_request,
|
2464
|
-
|
2581
|
+
NULL,
|
2465
2582
|
ext_ocsp_add_clienthello,
|
2466
2583
|
ext_ocsp_parse_serverhello,
|
2467
2584
|
ext_ocsp_parse_clienthello,
|
@@ -2469,7 +2586,7 @@ static const struct tls_extension kExtensions[] = {
|
|
2469
2586
|
},
|
2470
2587
|
{
|
2471
2588
|
TLSEXT_TYPE_next_proto_neg,
|
2472
|
-
|
2589
|
+
NULL,
|
2473
2590
|
ext_npn_add_clienthello,
|
2474
2591
|
ext_npn_parse_serverhello,
|
2475
2592
|
ext_npn_parse_clienthello,
|
@@ -2485,10 +2602,11 @@ static const struct tls_extension kExtensions[] = {
|
|
2485
2602
|
},
|
2486
2603
|
{
|
2487
2604
|
TLSEXT_TYPE_application_layer_protocol_negotiation,
|
2488
|
-
|
2605
|
+
NULL,
|
2489
2606
|
ext_alpn_add_clienthello,
|
2490
2607
|
ext_alpn_parse_serverhello,
|
2491
|
-
|
2608
|
+
/* ALPN is negotiated late in |ssl_negotiate_alpn|. */
|
2609
|
+
ignore_parse_clienthello,
|
2492
2610
|
ext_alpn_add_serverhello,
|
2493
2611
|
},
|
2494
2612
|
{
|
@@ -2524,11 +2642,19 @@ static const struct tls_extension kExtensions[] = {
|
|
2524
2642
|
dont_add_serverhello,
|
2525
2643
|
},
|
2526
2644
|
{
|
2527
|
-
|
2645
|
+
TLSEXT_TYPE_psk_key_exchange_modes,
|
2528
2646
|
NULL,
|
2529
|
-
|
2647
|
+
ext_psk_key_exchange_modes_add_clienthello,
|
2530
2648
|
forbid_parse_serverhello,
|
2531
|
-
|
2649
|
+
ext_psk_key_exchange_modes_parse_clienthello,
|
2650
|
+
dont_add_serverhello,
|
2651
|
+
},
|
2652
|
+
{
|
2653
|
+
TLSEXT_TYPE_early_data,
|
2654
|
+
NULL,
|
2655
|
+
ext_early_data_add_clienthello,
|
2656
|
+
forbid_parse_serverhello,
|
2657
|
+
ext_early_data_parse_clienthello,
|
2532
2658
|
dont_add_serverhello,
|
2533
2659
|
},
|
2534
2660
|
{
|
@@ -2539,12 +2665,28 @@ static const struct tls_extension kExtensions[] = {
|
|
2539
2665
|
ignore_parse_clienthello,
|
2540
2666
|
dont_add_serverhello,
|
2541
2667
|
},
|
2668
|
+
{
|
2669
|
+
TLSEXT_TYPE_cookie,
|
2670
|
+
NULL,
|
2671
|
+
ext_cookie_add_clienthello,
|
2672
|
+
forbid_parse_serverhello,
|
2673
|
+
ignore_parse_clienthello,
|
2674
|
+
dont_add_serverhello,
|
2675
|
+
},
|
2676
|
+
{
|
2677
|
+
TLSEXT_TYPE_short_header,
|
2678
|
+
NULL,
|
2679
|
+
ext_short_header_add_clienthello,
|
2680
|
+
forbid_parse_serverhello,
|
2681
|
+
ext_short_header_parse_clienthello,
|
2682
|
+
dont_add_serverhello,
|
2683
|
+
},
|
2542
2684
|
/* The final extension must be non-empty. WebSphere Application Server 7.0 is
|
2543
2685
|
* intolerant to the last extension being zero-length. See
|
2544
2686
|
* https://crbug.com/363583. */
|
2545
2687
|
{
|
2546
2688
|
TLSEXT_TYPE_supported_groups,
|
2547
|
-
|
2689
|
+
NULL,
|
2548
2690
|
ext_supported_groups_add_clienthello,
|
2549
2691
|
ext_supported_groups_parse_serverhello,
|
2550
2692
|
ext_supported_groups_parse_clienthello,
|
@@ -2555,12 +2697,11 @@ static const struct tls_extension kExtensions[] = {
|
|
2555
2697
|
#define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
|
2556
2698
|
|
2557
2699
|
OPENSSL_COMPILE_ASSERT(kNumExtensions <=
|
2558
|
-
sizeof(((
|
2700
|
+
sizeof(((SSL_HANDSHAKE *)NULL)->extensions.sent) * 8,
|
2559
2701
|
too_many_extensions_for_sent_bitset);
|
2560
|
-
OPENSSL_COMPILE_ASSERT(
|
2561
|
-
|
2562
|
-
|
2563
|
-
too_many_extensions_for_received_bitset);
|
2702
|
+
OPENSSL_COMPILE_ASSERT(
|
2703
|
+
kNumExtensions <= sizeof(((SSL_HANDSHAKE *)NULL)->extensions.received) * 8,
|
2704
|
+
too_many_extensions_for_received_bitset);
|
2564
2705
|
|
2565
2706
|
static const struct tls_extension *tls_extension_find(uint32_t *out_index,
|
2566
2707
|
uint16_t value) {
|
@@ -2581,9 +2722,10 @@ int SSL_extension_supported(unsigned extension_value) {
|
|
2581
2722
|
tls_extension_find(&index, extension_value) != NULL;
|
2582
2723
|
}
|
2583
2724
|
|
2584
|
-
int ssl_add_clienthello_tlsext(
|
2585
|
-
|
2586
|
-
|
2725
|
+
int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len) {
|
2726
|
+
SSL *const ssl = hs->ssl;
|
2727
|
+
/* Don't add extensions for SSLv3 unless doing secure renegotiation. */
|
2728
|
+
if (hs->client_version == SSL3_VERSION &&
|
2587
2729
|
!ssl->s3->send_connection_binding) {
|
2588
2730
|
return 1;
|
2589
2731
|
}
|
@@ -2593,12 +2735,12 @@ int ssl_add_clienthello_tlsext(SSL *ssl, CBB *out, size_t header_len) {
|
|
2593
2735
|
goto err;
|
2594
2736
|
}
|
2595
2737
|
|
2596
|
-
|
2597
|
-
|
2738
|
+
hs->extensions.sent = 0;
|
2739
|
+
hs->custom_extensions.sent = 0;
|
2598
2740
|
|
2599
2741
|
for (size_t i = 0; i < kNumExtensions; i++) {
|
2600
2742
|
if (kExtensions[i].init != NULL) {
|
2601
|
-
kExtensions[i].init(
|
2743
|
+
kExtensions[i].init(hs);
|
2602
2744
|
}
|
2603
2745
|
}
|
2604
2746
|
|
@@ -2614,18 +2756,18 @@ int ssl_add_clienthello_tlsext(SSL *ssl, CBB *out, size_t header_len) {
|
|
2614
2756
|
|
2615
2757
|
for (size_t i = 0; i < kNumExtensions; i++) {
|
2616
2758
|
const size_t len_before = CBB_len(&extensions);
|
2617
|
-
if (!kExtensions[i].add_clienthello(
|
2759
|
+
if (!kExtensions[i].add_clienthello(hs, &extensions)) {
|
2618
2760
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
|
2619
|
-
ERR_add_error_dataf("extension
|
2761
|
+
ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
|
2620
2762
|
goto err;
|
2621
2763
|
}
|
2622
2764
|
|
2623
2765
|
if (CBB_len(&extensions) != len_before) {
|
2624
|
-
|
2766
|
+
hs->extensions.sent |= (1u << i);
|
2625
2767
|
}
|
2626
2768
|
}
|
2627
2769
|
|
2628
|
-
if (!custom_ext_add_clienthello(
|
2770
|
+
if (!custom_ext_add_clienthello(hs, &extensions)) {
|
2629
2771
|
goto err;
|
2630
2772
|
}
|
2631
2773
|
|
@@ -2648,7 +2790,8 @@ int ssl_add_clienthello_tlsext(SSL *ssl, CBB *out, size_t header_len) {
|
|
2648
2790
|
}
|
2649
2791
|
|
2650
2792
|
if (!SSL_is_dtls(ssl)) {
|
2651
|
-
|
2793
|
+
size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs);
|
2794
|
+
header_len += 2 + CBB_len(&extensions) + psk_extension_len;
|
2652
2795
|
if (header_len > 0xff && header_len < 0x200) {
|
2653
2796
|
/* Add padding to workaround bugs in F5 terminators. See RFC 7685.
|
2654
2797
|
*
|
@@ -2672,10 +2815,15 @@ int ssl_add_clienthello_tlsext(SSL *ssl, CBB *out, size_t header_len) {
|
|
2672
2815
|
goto err;
|
2673
2816
|
}
|
2674
2817
|
|
2675
|
-
|
2818
|
+
OPENSSL_memset(padding_bytes, 0, padding_len);
|
2676
2819
|
}
|
2677
2820
|
}
|
2678
2821
|
|
2822
|
+
/* The PSK extension must be last, including after the padding. */
|
2823
|
+
if (!ext_pre_shared_key_add_clienthello(hs, &extensions)) {
|
2824
|
+
goto err;
|
2825
|
+
}
|
2826
|
+
|
2679
2827
|
/* Discard empty extensions blocks. */
|
2680
2828
|
if (CBB_len(&extensions) == 0) {
|
2681
2829
|
CBB_discard_child(out);
|
@@ -2688,27 +2836,27 @@ err:
|
|
2688
2836
|
return 0;
|
2689
2837
|
}
|
2690
2838
|
|
2691
|
-
int ssl_add_serverhello_tlsext(
|
2839
|
+
int ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out) {
|
2840
|
+
SSL *const ssl = hs->ssl;
|
2692
2841
|
CBB extensions;
|
2693
2842
|
if (!CBB_add_u16_length_prefixed(out, &extensions)) {
|
2694
2843
|
goto err;
|
2695
2844
|
}
|
2696
2845
|
|
2697
|
-
unsigned i;
|
2698
|
-
|
2699
|
-
if (!(ssl->s3->tmp.extensions.received & (1u << i))) {
|
2846
|
+
for (unsigned i = 0; i < kNumExtensions; i++) {
|
2847
|
+
if (!(hs->extensions.received & (1u << i))) {
|
2700
2848
|
/* Don't send extensions that were not received. */
|
2701
2849
|
continue;
|
2702
2850
|
}
|
2703
2851
|
|
2704
|
-
if (!kExtensions[i].add_serverhello(
|
2852
|
+
if (!kExtensions[i].add_serverhello(hs, &extensions)) {
|
2705
2853
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
|
2706
|
-
ERR_add_error_dataf("extension
|
2854
|
+
ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
|
2707
2855
|
goto err;
|
2708
2856
|
}
|
2709
2857
|
}
|
2710
2858
|
|
2711
|
-
if (!custom_ext_add_serverhello(
|
2859
|
+
if (!custom_ext_add_serverhello(hs, &extensions)) {
|
2712
2860
|
goto err;
|
2713
2861
|
}
|
2714
2862
|
|
@@ -2725,17 +2873,18 @@ err:
|
|
2725
2873
|
return 0;
|
2726
2874
|
}
|
2727
2875
|
|
2728
|
-
static int ssl_scan_clienthello_tlsext(
|
2729
|
-
|
2730
|
-
|
2876
|
+
static int ssl_scan_clienthello_tlsext(SSL_HANDSHAKE *hs,
|
2877
|
+
const SSL_CLIENT_HELLO *client_hello,
|
2878
|
+
int *out_alert) {
|
2879
|
+
SSL *const ssl = hs->ssl;
|
2731
2880
|
for (size_t i = 0; i < kNumExtensions; i++) {
|
2732
2881
|
if (kExtensions[i].init != NULL) {
|
2733
|
-
kExtensions[i].init(
|
2882
|
+
kExtensions[i].init(hs);
|
2734
2883
|
}
|
2735
2884
|
}
|
2736
2885
|
|
2737
|
-
|
2738
|
-
|
2886
|
+
hs->extensions.received = 0;
|
2887
|
+
hs->custom_extensions.received = 0;
|
2739
2888
|
|
2740
2889
|
CBS extensions;
|
2741
2890
|
CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
|
@@ -2761,25 +2910,25 @@ static int ssl_scan_clienthello_tlsext(
|
|
2761
2910
|
tls_extension_find(&ext_index, type);
|
2762
2911
|
|
2763
2912
|
if (ext == NULL) {
|
2764
|
-
if (!custom_ext_parse_clienthello(
|
2913
|
+
if (!custom_ext_parse_clienthello(hs, out_alert, type, &extension)) {
|
2765
2914
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
|
2766
2915
|
return 0;
|
2767
2916
|
}
|
2768
2917
|
continue;
|
2769
2918
|
}
|
2770
2919
|
|
2771
|
-
|
2920
|
+
hs->extensions.received |= (1u << ext_index);
|
2772
2921
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
2773
|
-
if (!ext->parse_clienthello(
|
2922
|
+
if (!ext->parse_clienthello(hs, &alert, &extension)) {
|
2774
2923
|
*out_alert = alert;
|
2775
2924
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
|
2776
|
-
ERR_add_error_dataf("extension
|
2925
|
+
ERR_add_error_dataf("extension %u", (unsigned)type);
|
2777
2926
|
return 0;
|
2778
2927
|
}
|
2779
2928
|
}
|
2780
2929
|
|
2781
2930
|
for (size_t i = 0; i < kNumExtensions; i++) {
|
2782
|
-
if (
|
2931
|
+
if (hs->extensions.received & (1u << i)) {
|
2783
2932
|
continue;
|
2784
2933
|
}
|
2785
2934
|
|
@@ -2793,15 +2942,15 @@ static int ssl_scan_clienthello_tlsext(
|
|
2793
2942
|
CBS_init(&fake_contents, kFakeRenegotiateExtension,
|
2794
2943
|
sizeof(kFakeRenegotiateExtension));
|
2795
2944
|
contents = &fake_contents;
|
2796
|
-
|
2945
|
+
hs->extensions.received |= (1u << i);
|
2797
2946
|
}
|
2798
2947
|
|
2799
2948
|
/* Extension wasn't observed so call the callback with a NULL
|
2800
2949
|
* parameter. */
|
2801
2950
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
2802
|
-
if (!kExtensions[i].parse_clienthello(
|
2951
|
+
if (!kExtensions[i].parse_clienthello(hs, &alert, contents)) {
|
2803
2952
|
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
|
2804
|
-
ERR_add_error_dataf("extension
|
2953
|
+
ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
|
2805
2954
|
*out_alert = alert;
|
2806
2955
|
return 0;
|
2807
2956
|
}
|
@@ -2810,15 +2959,16 @@ static int ssl_scan_clienthello_tlsext(
|
|
2810
2959
|
return 1;
|
2811
2960
|
}
|
2812
2961
|
|
2813
|
-
int ssl_parse_clienthello_tlsext(
|
2814
|
-
|
2815
|
-
|
2816
|
-
|
2962
|
+
int ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
|
2963
|
+
const SSL_CLIENT_HELLO *client_hello) {
|
2964
|
+
SSL *const ssl = hs->ssl;
|
2965
|
+
int alert = SSL_AD_DECODE_ERROR;
|
2966
|
+
if (ssl_scan_clienthello_tlsext(hs, client_hello, &alert) <= 0) {
|
2817
2967
|
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
|
2818
2968
|
return 0;
|
2819
2969
|
}
|
2820
2970
|
|
2821
|
-
if (ssl_check_clienthello_tlsext(
|
2971
|
+
if (ssl_check_clienthello_tlsext(hs) <= 0) {
|
2822
2972
|
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_TLSEXT);
|
2823
2973
|
return 0;
|
2824
2974
|
}
|
@@ -2826,9 +2976,9 @@ int ssl_parse_clienthello_tlsext(
|
|
2826
2976
|
return 1;
|
2827
2977
|
}
|
2828
2978
|
|
2829
|
-
|
2830
|
-
|
2831
|
-
|
2979
|
+
static int ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs,
|
2980
|
+
int *out_alert) {
|
2981
|
+
SSL *const ssl = hs->ssl;
|
2832
2982
|
/* Before TLS 1.3, ServerHello extensions blocks may be omitted if empty. */
|
2833
2983
|
if (CBS_len(cbs) == 0 && ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
|
2834
2984
|
return 1;
|
@@ -2859,13 +3009,16 @@ static int ssl_scan_serverhello_tlsext(SSL *ssl, CBS *cbs, int *out_alert) {
|
|
2859
3009
|
tls_extension_find(&ext_index, type);
|
2860
3010
|
|
2861
3011
|
if (ext == NULL) {
|
2862
|
-
if (!custom_ext_parse_serverhello(
|
3012
|
+
if (!custom_ext_parse_serverhello(hs, out_alert, type, &extension)) {
|
2863
3013
|
return 0;
|
2864
3014
|
}
|
2865
3015
|
continue;
|
2866
3016
|
}
|
2867
3017
|
|
2868
|
-
|
3018
|
+
OPENSSL_COMPILE_ASSERT(kNumExtensions <= sizeof(hs->extensions.sent) * 8,
|
3019
|
+
too_many_bits);
|
3020
|
+
|
3021
|
+
if (!(hs->extensions.sent & (1u << ext_index)) &&
|
2869
3022
|
type != TLSEXT_TYPE_renegotiate) {
|
2870
3023
|
/* If the extension was never sent then it is illegal, except for the
|
2871
3024
|
* renegotiation extension which, in SSL 3.0, is signaled via SCSV. */
|
@@ -2878,9 +3031,9 @@ static int ssl_scan_serverhello_tlsext(SSL *ssl, CBS *cbs, int *out_alert) {
|
|
2878
3031
|
received |= (1u << ext_index);
|
2879
3032
|
|
2880
3033
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
2881
|
-
if (!ext->parse_serverhello(
|
3034
|
+
if (!ext->parse_serverhello(hs, &alert, &extension)) {
|
2882
3035
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
|
2883
|
-
ERR_add_error_dataf("extension
|
3036
|
+
ERR_add_error_dataf("extension %u", (unsigned)type);
|
2884
3037
|
*out_alert = alert;
|
2885
3038
|
return 0;
|
2886
3039
|
}
|
@@ -2891,9 +3044,9 @@ static int ssl_scan_serverhello_tlsext(SSL *ssl, CBS *cbs, int *out_alert) {
|
|
2891
3044
|
/* Extension wasn't observed so call the callback with a NULL
|
2892
3045
|
* parameter. */
|
2893
3046
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
2894
|
-
if (!kExtensions[i].parse_serverhello(
|
3047
|
+
if (!kExtensions[i].parse_serverhello(hs, &alert, NULL)) {
|
2895
3048
|
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
|
2896
|
-
ERR_add_error_dataf("extension
|
3049
|
+
ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
|
2897
3050
|
*out_alert = alert;
|
2898
3051
|
return 0;
|
2899
3052
|
}
|
@@ -2903,7 +3056,8 @@ static int ssl_scan_serverhello_tlsext(SSL *ssl, CBS *cbs, int *out_alert) {
|
|
2903
3056
|
return 1;
|
2904
3057
|
}
|
2905
3058
|
|
2906
|
-
static int ssl_check_clienthello_tlsext(
|
3059
|
+
static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
|
3060
|
+
SSL *const ssl = hs->ssl;
|
2907
3061
|
int ret = SSL_TLSEXT_ERR_NOACK;
|
2908
3062
|
int al = SSL_AD_UNRECOGNIZED_NAME;
|
2909
3063
|
|
@@ -2920,38 +3074,8 @@ static int ssl_check_clienthello_tlsext(SSL *ssl) {
|
|
2920
3074
|
ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
|
2921
3075
|
return -1;
|
2922
3076
|
|
2923
|
-
case SSL_TLSEXT_ERR_ALERT_WARNING:
|
2924
|
-
ssl3_send_alert(ssl, SSL3_AL_WARNING, al);
|
2925
|
-
return 1;
|
2926
|
-
|
2927
3077
|
case SSL_TLSEXT_ERR_NOACK:
|
2928
|
-
|
2929
|
-
return 1;
|
2930
|
-
|
2931
|
-
default:
|
2932
|
-
return 1;
|
2933
|
-
}
|
2934
|
-
}
|
2935
|
-
|
2936
|
-
static int ssl_check_serverhello_tlsext(SSL *ssl) {
|
2937
|
-
int ret = SSL_TLSEXT_ERR_OK;
|
2938
|
-
int al = SSL_AD_UNRECOGNIZED_NAME;
|
2939
|
-
|
2940
|
-
if (ssl->ctx->tlsext_servername_callback != 0) {
|
2941
|
-
ret = ssl->ctx->tlsext_servername_callback(ssl, &al,
|
2942
|
-
ssl->ctx->tlsext_servername_arg);
|
2943
|
-
} else if (ssl->initial_ctx->tlsext_servername_callback != 0) {
|
2944
|
-
ret = ssl->initial_ctx->tlsext_servername_callback(
|
2945
|
-
ssl, &al, ssl->initial_ctx->tlsext_servername_arg);
|
2946
|
-
}
|
2947
|
-
|
2948
|
-
switch (ret) {
|
2949
|
-
case SSL_TLSEXT_ERR_ALERT_FATAL:
|
2950
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
|
2951
|
-
return -1;
|
2952
|
-
|
2953
|
-
case SSL_TLSEXT_ERR_ALERT_WARNING:
|
2954
|
-
ssl3_send_alert(ssl, SSL3_AL_WARNING, al);
|
3078
|
+
hs->should_ack_sni = 0;
|
2955
3079
|
return 1;
|
2956
3080
|
|
2957
3081
|
default:
|
@@ -2959,18 +3083,14 @@ static int ssl_check_serverhello_tlsext(SSL *ssl) {
|
|
2959
3083
|
}
|
2960
3084
|
}
|
2961
3085
|
|
2962
|
-
int ssl_parse_serverhello_tlsext(
|
2963
|
-
|
2964
|
-
|
3086
|
+
int ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
|
3087
|
+
SSL *const ssl = hs->ssl;
|
3088
|
+
int alert = SSL_AD_DECODE_ERROR;
|
3089
|
+
if (ssl_scan_serverhello_tlsext(hs, cbs, &alert) <= 0) {
|
2965
3090
|
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
|
2966
3091
|
return 0;
|
2967
3092
|
}
|
2968
3093
|
|
2969
|
-
if (ssl_check_serverhello_tlsext(ssl) <= 0) {
|
2970
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_SERVERHELLO_TLSEXT);
|
2971
|
-
return 0;
|
2972
|
-
}
|
2973
|
-
|
2974
3094
|
return 1;
|
2975
3095
|
}
|
2976
3096
|
|
@@ -3023,8 +3143,8 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session,
|
|
3023
3143
|
}
|
3024
3144
|
} else {
|
3025
3145
|
/* Check the key name matches. */
|
3026
|
-
if (
|
3027
|
-
|
3146
|
+
if (OPENSSL_memcmp(ticket, ssl_ctx->tlsext_tick_key_name,
|
3147
|
+
SSL_TICKET_KEY_NAME_LEN) != 0) {
|
3028
3148
|
goto done;
|
3029
3149
|
}
|
3030
3150
|
if (!HMAC_Init_ex(&hmac_ctx, ssl_ctx->tlsext_tick_hmac_key,
|
@@ -3067,7 +3187,7 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session,
|
|
3067
3187
|
}
|
3068
3188
|
size_t plaintext_len;
|
3069
3189
|
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
3070
|
-
|
3190
|
+
OPENSSL_memcpy(plaintext, ciphertext, ciphertext_len);
|
3071
3191
|
plaintext_len = ciphertext_len;
|
3072
3192
|
#else
|
3073
3193
|
if (ciphertext_len >= INT_MAX) {
|
@@ -3084,7 +3204,8 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session,
|
|
3084
3204
|
#endif
|
3085
3205
|
|
3086
3206
|
/* Decode the session. */
|
3087
|
-
SSL_SESSION *session =
|
3207
|
+
SSL_SESSION *session =
|
3208
|
+
SSL_SESSION_from_bytes(plaintext, plaintext_len, ssl->ctx);
|
3088
3209
|
if (session == NULL) {
|
3089
3210
|
ERR_clear_error(); /* Don't leave an error on the queue. */
|
3090
3211
|
goto done;
|
@@ -3092,15 +3213,9 @@ int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session,
|
|
3092
3213
|
|
3093
3214
|
/* Copy the client's session ID into the new session, to denote the ticket has
|
3094
3215
|
* been accepted. */
|
3095
|
-
|
3216
|
+
OPENSSL_memcpy(session->session_id, session_id, session_id_len);
|
3096
3217
|
session->session_id_length = session_id_len;
|
3097
3218
|
|
3098
|
-
if (!ssl_session_is_context_valid(ssl, session) ||
|
3099
|
-
!ssl_session_is_time_valid(ssl, session)) {
|
3100
|
-
SSL_SESSION_free(session);
|
3101
|
-
session = NULL;
|
3102
|
-
}
|
3103
|
-
|
3104
3219
|
*out_session = session;
|
3105
3220
|
|
3106
3221
|
done:
|
@@ -3110,13 +3225,12 @@ done:
|
|
3110
3225
|
return ret;
|
3111
3226
|
}
|
3112
3227
|
|
3113
|
-
int tls1_parse_peer_sigalgs(
|
3228
|
+
int tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
|
3114
3229
|
/* Extension ignored for inappropriate versions */
|
3115
|
-
if (ssl3_protocol_version(ssl) < TLS1_2_VERSION) {
|
3230
|
+
if (ssl3_protocol_version(hs->ssl) < TLS1_2_VERSION) {
|
3116
3231
|
return 1;
|
3117
3232
|
}
|
3118
3233
|
|
3119
|
-
SSL_HANDSHAKE *hs = ssl->s3->hs;
|
3120
3234
|
OPENSSL_free(hs->peer_sigalgs);
|
3121
3235
|
hs->peer_sigalgs = NULL;
|
3122
3236
|
hs->num_peer_sigalgs = 0;
|
@@ -3152,9 +3266,9 @@ int tls1_parse_peer_sigalgs(SSL *ssl, const CBS *in_sigalgs) {
|
|
3152
3266
|
return 1;
|
3153
3267
|
}
|
3154
3268
|
|
3155
|
-
int tls1_choose_signature_algorithm(
|
3269
|
+
int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
|
3270
|
+
SSL *const ssl = hs->ssl;
|
3156
3271
|
CERT *cert = ssl->cert;
|
3157
|
-
SSL_HANDSHAKE *hs = ssl->s3->hs;
|
3158
3272
|
|
3159
3273
|
/* Before TLS 1.2, the signature algorithm isn't negotiated as part of the
|
3160
3274
|
* handshake. It is fixed at MD5-SHA1 for RSA and SHA1 for ECDSA. */
|
@@ -3172,11 +3286,11 @@ int tls1_choose_signature_algorithm(SSL *ssl, uint16_t *out) {
|
|
3172
3286
|
return 0;
|
3173
3287
|
}
|
3174
3288
|
|
3175
|
-
const uint16_t *sigalgs;
|
3176
|
-
size_t num_sigalgs =
|
3177
|
-
if (
|
3178
|
-
sigalgs =
|
3179
|
-
num_sigalgs =
|
3289
|
+
const uint16_t *sigalgs = cert->sigalgs;
|
3290
|
+
size_t num_sigalgs = cert->num_sigalgs;
|
3291
|
+
if (sigalgs == NULL) {
|
3292
|
+
sigalgs = kSignSignatureAlgorithms;
|
3293
|
+
num_sigalgs = OPENSSL_ARRAY_SIZE(kSignSignatureAlgorithms);
|
3180
3294
|
}
|
3181
3295
|
|
3182
3296
|
const uint16_t *peer_sigalgs = hs->peer_sigalgs;
|
@@ -3212,52 +3326,193 @@ int tls1_choose_signature_algorithm(SSL *ssl, uint16_t *out) {
|
|
3212
3326
|
return 0;
|
3213
3327
|
}
|
3214
3328
|
|
3215
|
-
int
|
3329
|
+
int tls1_verify_channel_id(SSL_HANDSHAKE *hs) {
|
3330
|
+
SSL *const ssl = hs->ssl;
|
3216
3331
|
int ret = 0;
|
3217
|
-
|
3332
|
+
uint16_t extension_type;
|
3333
|
+
CBS extension, channel_id;
|
3334
|
+
|
3335
|
+
/* A Channel ID handshake message is structured to contain multiple
|
3336
|
+
* extensions, but the only one that can be present is Channel ID. */
|
3337
|
+
CBS_init(&channel_id, ssl->init_msg, ssl->init_num);
|
3338
|
+
if (!CBS_get_u16(&channel_id, &extension_type) ||
|
3339
|
+
!CBS_get_u16_length_prefixed(&channel_id, &extension) ||
|
3340
|
+
CBS_len(&channel_id) != 0 ||
|
3341
|
+
extension_type != TLSEXT_TYPE_channel_id ||
|
3342
|
+
CBS_len(&extension) != TLSEXT_CHANNEL_ID_SIZE) {
|
3343
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
3344
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
3345
|
+
return 0;
|
3346
|
+
}
|
3218
3347
|
|
3219
|
-
|
3220
|
-
if (!
|
3348
|
+
EC_GROUP *p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
|
3349
|
+
if (!p256) {
|
3350
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_P256_SUPPORT);
|
3351
|
+
return 0;
|
3352
|
+
}
|
3353
|
+
|
3354
|
+
EC_KEY *key = NULL;
|
3355
|
+
EC_POINT *point = NULL;
|
3356
|
+
BIGNUM x, y;
|
3357
|
+
ECDSA_SIG sig;
|
3358
|
+
BN_init(&x);
|
3359
|
+
BN_init(&y);
|
3360
|
+
sig.r = BN_new();
|
3361
|
+
sig.s = BN_new();
|
3362
|
+
if (sig.r == NULL || sig.s == NULL) {
|
3221
3363
|
goto err;
|
3222
3364
|
}
|
3223
3365
|
|
3224
|
-
|
3225
|
-
|
3366
|
+
const uint8_t *p = CBS_data(&extension);
|
3367
|
+
if (BN_bin2bn(p + 0, 32, &x) == NULL ||
|
3368
|
+
BN_bin2bn(p + 32, 32, &y) == NULL ||
|
3369
|
+
BN_bin2bn(p + 64, 32, sig.r) == NULL ||
|
3370
|
+
BN_bin2bn(p + 96, 32, sig.s) == NULL) {
|
3371
|
+
goto err;
|
3372
|
+
}
|
3226
3373
|
|
3227
|
-
|
3228
|
-
|
3229
|
-
|
3230
|
-
|
3231
|
-
|
3232
|
-
|
3233
|
-
|
3234
|
-
|
3235
|
-
|
3374
|
+
point = EC_POINT_new(p256);
|
3375
|
+
if (point == NULL ||
|
3376
|
+
!EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL)) {
|
3377
|
+
goto err;
|
3378
|
+
}
|
3379
|
+
|
3380
|
+
key = EC_KEY_new();
|
3381
|
+
if (key == NULL ||
|
3382
|
+
!EC_KEY_set_group(key, p256) ||
|
3383
|
+
!EC_KEY_set_public_key(key, point)) {
|
3384
|
+
goto err;
|
3385
|
+
}
|
3386
|
+
|
3387
|
+
uint8_t digest[EVP_MAX_MD_SIZE];
|
3388
|
+
size_t digest_len;
|
3389
|
+
if (!tls1_channel_id_hash(hs, digest, &digest_len)) {
|
3390
|
+
goto err;
|
3236
3391
|
}
|
3237
3392
|
|
3238
|
-
|
3239
|
-
|
3240
|
-
|
3241
|
-
|
3393
|
+
int sig_ok = ECDSA_do_verify(digest, digest_len, &sig, key);
|
3394
|
+
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
3395
|
+
sig_ok = 1;
|
3396
|
+
#endif
|
3397
|
+
if (!sig_ok) {
|
3398
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
|
3399
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
|
3400
|
+
ssl->s3->tlsext_channel_id_valid = 0;
|
3242
3401
|
goto err;
|
3243
3402
|
}
|
3244
|
-
EVP_DigestUpdate(&ctx, handshake_hash, (size_t)handshake_hash_len);
|
3245
|
-
unsigned len_u;
|
3246
|
-
EVP_DigestFinal_ex(&ctx, out, &len_u);
|
3247
|
-
*out_len = len_u;
|
3248
3403
|
|
3404
|
+
OPENSSL_memcpy(ssl->s3->tlsext_channel_id, p, 64);
|
3249
3405
|
ret = 1;
|
3250
3406
|
|
3251
3407
|
err:
|
3252
|
-
|
3408
|
+
BN_free(&x);
|
3409
|
+
BN_free(&y);
|
3410
|
+
BN_free(sig.r);
|
3411
|
+
BN_free(sig.s);
|
3412
|
+
EC_KEY_free(key);
|
3413
|
+
EC_POINT_free(point);
|
3414
|
+
EC_GROUP_free(p256);
|
3253
3415
|
return ret;
|
3254
3416
|
}
|
3255
3417
|
|
3418
|
+
int tls1_write_channel_id(SSL_HANDSHAKE *hs, CBB *cbb) {
|
3419
|
+
SSL *const ssl = hs->ssl;
|
3420
|
+
uint8_t digest[EVP_MAX_MD_SIZE];
|
3421
|
+
size_t digest_len;
|
3422
|
+
if (!tls1_channel_id_hash(hs, digest, &digest_len)) {
|
3423
|
+
return 0;
|
3424
|
+
}
|
3425
|
+
|
3426
|
+
EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ssl->tlsext_channel_id_private);
|
3427
|
+
if (ec_key == NULL) {
|
3428
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
3429
|
+
return 0;
|
3430
|
+
}
|
3431
|
+
|
3432
|
+
int ret = 0;
|
3433
|
+
BIGNUM *x = BN_new();
|
3434
|
+
BIGNUM *y = BN_new();
|
3435
|
+
ECDSA_SIG *sig = NULL;
|
3436
|
+
if (x == NULL || y == NULL ||
|
3437
|
+
!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key),
|
3438
|
+
EC_KEY_get0_public_key(ec_key),
|
3439
|
+
x, y, NULL)) {
|
3440
|
+
goto err;
|
3441
|
+
}
|
3442
|
+
|
3443
|
+
sig = ECDSA_do_sign(digest, digest_len, ec_key);
|
3444
|
+
if (sig == NULL) {
|
3445
|
+
goto err;
|
3446
|
+
}
|
3447
|
+
|
3448
|
+
CBB child;
|
3449
|
+
if (!CBB_add_u16(cbb, TLSEXT_TYPE_channel_id) ||
|
3450
|
+
!CBB_add_u16_length_prefixed(cbb, &child) ||
|
3451
|
+
!BN_bn2cbb_padded(&child, 32, x) ||
|
3452
|
+
!BN_bn2cbb_padded(&child, 32, y) ||
|
3453
|
+
!BN_bn2cbb_padded(&child, 32, sig->r) ||
|
3454
|
+
!BN_bn2cbb_padded(&child, 32, sig->s) ||
|
3455
|
+
!CBB_flush(cbb)) {
|
3456
|
+
goto err;
|
3457
|
+
}
|
3458
|
+
|
3459
|
+
ret = 1;
|
3460
|
+
|
3461
|
+
err:
|
3462
|
+
BN_free(x);
|
3463
|
+
BN_free(y);
|
3464
|
+
ECDSA_SIG_free(sig);
|
3465
|
+
return ret;
|
3466
|
+
}
|
3467
|
+
|
3468
|
+
int tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) {
|
3469
|
+
SSL *const ssl = hs->ssl;
|
3470
|
+
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
|
3471
|
+
uint8_t *msg;
|
3472
|
+
size_t msg_len;
|
3473
|
+
if (!tls13_get_cert_verify_signature_input(hs, &msg, &msg_len,
|
3474
|
+
ssl_cert_verify_channel_id)) {
|
3475
|
+
return 0;
|
3476
|
+
}
|
3477
|
+
SHA256(msg, msg_len, out);
|
3478
|
+
*out_len = SHA256_DIGEST_LENGTH;
|
3479
|
+
OPENSSL_free(msg);
|
3480
|
+
return 1;
|
3481
|
+
}
|
3482
|
+
|
3483
|
+
SHA256_CTX ctx;
|
3484
|
+
|
3485
|
+
SHA256_Init(&ctx);
|
3486
|
+
static const char kClientIDMagic[] = "TLS Channel ID signature";
|
3487
|
+
SHA256_Update(&ctx, kClientIDMagic, sizeof(kClientIDMagic));
|
3488
|
+
|
3489
|
+
if (ssl->session != NULL) {
|
3490
|
+
static const char kResumptionMagic[] = "Resumption";
|
3491
|
+
SHA256_Update(&ctx, kResumptionMagic, sizeof(kResumptionMagic));
|
3492
|
+
if (ssl->session->original_handshake_hash_len == 0) {
|
3493
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
3494
|
+
return 0;
|
3495
|
+
}
|
3496
|
+
SHA256_Update(&ctx, ssl->session->original_handshake_hash,
|
3497
|
+
ssl->session->original_handshake_hash_len);
|
3498
|
+
}
|
3499
|
+
|
3500
|
+
uint8_t hs_hash[EVP_MAX_MD_SIZE];
|
3501
|
+
size_t hs_hash_len;
|
3502
|
+
if (!SSL_TRANSCRIPT_get_hash(&hs->transcript, hs_hash, &hs_hash_len)) {
|
3503
|
+
return 0;
|
3504
|
+
}
|
3505
|
+
SHA256_Update(&ctx, hs_hash, (size_t)hs_hash_len);
|
3506
|
+
SHA256_Final(out, &ctx);
|
3507
|
+
*out_len = SHA256_DIGEST_LENGTH;
|
3508
|
+
return 1;
|
3509
|
+
}
|
3510
|
+
|
3256
3511
|
/* tls1_record_handshake_hashes_for_channel_id records the current handshake
|
3257
|
-
* hashes in |
|
3512
|
+
* hashes in |hs->new_session| so that Channel ID resumptions can sign that
|
3258
3513
|
* data. */
|
3259
|
-
int tls1_record_handshake_hashes_for_channel_id(
|
3260
|
-
|
3514
|
+
int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) {
|
3515
|
+
SSL *const ssl = hs->ssl;
|
3261
3516
|
/* This function should never be called for a resumed session because the
|
3262
3517
|
* handshake hashes that we wish to record are for the original, full
|
3263
3518
|
* handshake. */
|
@@ -3265,15 +3520,60 @@ int tls1_record_handshake_hashes_for_channel_id(SSL *ssl) {
|
|
3265
3520
|
return -1;
|
3266
3521
|
}
|
3267
3522
|
|
3268
|
-
|
3269
|
-
|
3270
|
-
|
3271
|
-
|
3272
|
-
|
3523
|
+
OPENSSL_COMPILE_ASSERT(
|
3524
|
+
sizeof(hs->new_session->original_handshake_hash) == EVP_MAX_MD_SIZE,
|
3525
|
+
original_handshake_hash_is_too_small);
|
3526
|
+
|
3527
|
+
size_t digest_len;
|
3528
|
+
if (!SSL_TRANSCRIPT_get_hash(&hs->transcript,
|
3529
|
+
hs->new_session->original_handshake_hash,
|
3530
|
+
&digest_len)) {
|
3273
3531
|
return -1;
|
3274
3532
|
}
|
3275
3533
|
|
3276
|
-
|
3534
|
+
OPENSSL_COMPILE_ASSERT(EVP_MAX_MD_SIZE <= 0xff, max_md_size_is_too_large);
|
3535
|
+
hs->new_session->original_handshake_hash_len = (uint8_t)digest_len;
|
3536
|
+
|
3537
|
+
return 1;
|
3538
|
+
}
|
3539
|
+
|
3540
|
+
int ssl_do_channel_id_callback(SSL *ssl) {
|
3541
|
+
if (ssl->tlsext_channel_id_private != NULL ||
|
3542
|
+
ssl->ctx->channel_id_cb == NULL) {
|
3543
|
+
return 1;
|
3544
|
+
}
|
3545
|
+
|
3546
|
+
EVP_PKEY *key = NULL;
|
3547
|
+
ssl->ctx->channel_id_cb(ssl, &key);
|
3548
|
+
if (key == NULL) {
|
3549
|
+
/* The caller should try again later. */
|
3550
|
+
return 1;
|
3551
|
+
}
|
3552
|
+
|
3553
|
+
int ret = SSL_set1_tls_channel_id(ssl, key);
|
3554
|
+
EVP_PKEY_free(key);
|
3555
|
+
return ret;
|
3556
|
+
}
|
3557
|
+
|
3558
|
+
int ssl_is_sct_list_valid(const CBS *contents) {
|
3559
|
+
/* Shallow parse the SCT list for sanity. By the RFC
|
3560
|
+
* (https://tools.ietf.org/html/rfc6962#section-3.3) neither the list nor any
|
3561
|
+
* of the SCTs may be empty. */
|
3562
|
+
CBS copy = *contents;
|
3563
|
+
CBS sct_list;
|
3564
|
+
if (!CBS_get_u16_length_prefixed(©, &sct_list) ||
|
3565
|
+
CBS_len(©) != 0 ||
|
3566
|
+
CBS_len(&sct_list) == 0) {
|
3567
|
+
return 0;
|
3568
|
+
}
|
3569
|
+
|
3570
|
+
while (CBS_len(&sct_list) > 0) {
|
3571
|
+
CBS sct;
|
3572
|
+
if (!CBS_get_u16_length_prefixed(&sct_list, &sct) ||
|
3573
|
+
CBS_len(&sct) == 0) {
|
3574
|
+
return 0;
|
3575
|
+
}
|
3576
|
+
}
|
3277
3577
|
|
3278
3578
|
return 1;
|
3279
3579
|
}
|