commit 2a0707210aec2ce3917c343ada43c27f176082d3
author Steven Valdez <svaldez@chromium.org> Sat Mar 25 20:54:16 2017 -0500
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Sun Mar 26 18:13:57 2017 +0000
tree 2f683b850d472d629e08c963cb09b7f5b0655ffc
parent 246eeee61a91edd953b4e58682356ba53eb4e0e0

Prevent Channel ID and Custom Extensions on 0-RTT.

Channel ID is incompatible with 0-RTT, so we gracefully decline 0-RTT
as a server and forbid their combination as a client. We'll keep this
logic around until Channel ID is removed.

Channel ID will be replaced by tokbind which currently uses custom
extensions. Those will need additional logic to work with 0-RTT.
This is not implemented yet so, for now, fail if both are ever
configured together at all. A later change will allow the two to
combine.

BUG=183

Change-Id: I46c5ba883ccd47930349691fb08074a1fab13d5f
Reviewed-on: https://boringssl-review.googlesource.com/14370
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/tls13_server.c

diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index 5211dff..dbb44d2 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c
@@ -359,6 +359,8 @@
           session->ticket_max_early_data != 0 &&
           /* The client must have offered early data. */
           hs->early_data_offered &&
+          /* Channel ID is incompatible with 0-RTT. */
+          !ssl->s3->tlsext_channel_id_valid &&
           /* The negotiated ALPN must match the one in the ticket. */
           ssl->s3->alpn_selected_len == session->early_alpn_len &&
           OPENSSL_memcmp(ssl->s3->alpn_selected, session->early_alpn,