Google Git
Sign in
boringssl/boringssl.git/7c522995d1ea5386b3223a19b0f62e73c1f76b17^!/./ssl/ssl_lib.cc
commit
7c522995d1ea5386b3223a19b0f62e73c1f76b17
[log]
author
Nick Harper <nharper@chromium.org>
Thu Apr 30 14:15:49 2020 -0700
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Fri May 08 15:08:00 2020 +0000
tree
8129b0f406b65b207e28017c46b49957eea41869
parent
e32549edf945287cb799c8deb5c2524eee527779 [diff] [blame]
Restrict when 0-RTT will be accepted in QUIC.

QUIC imposes additional restrictions on when 0-RTT data can be accepted.
With this change, a QUIC server configured to support 0-RTT will only
accept early data if the transport parameters and application protocol
specific context are a byte-for-byte match from the original connection
to the 0-RTT resumption attempt.

Bug: 295
Change-Id: Ie5d4688d1c9076b49f2131bb66b27c87e2ba041a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41145
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 3cebfe0..625f733 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc

@@ -1248,6 +1248,12 @@
   *out_params_len = ssl->s3->peer_quic_transport_params.size();
 }
 
+int SSL_set_quic_early_data_context(SSL *ssl, const uint8_t *context,
+                                    size_t context_len) {
+  return ssl->config && ssl->config->quic_early_data_context.CopyFrom(
+                            MakeConstSpan(context, context_len));
+}
+
 void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
   ctx->enable_early_data = !!enabled;
 }