Google Git
Sign in
boringssl / boringssl.git / 851943277fcbc6597d0d9d06f897e20b88afc32b^! / . / ssl / ssl_asn1.cc
commit851943277fcbc6597d0d9d06f897e20b88afc32b[log] [tgz]
authorNick Harper <nharper@chromium.org>Wed May 20 16:59:29 2020 -0700
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Tue May 26 16:31:02 2020 +0000
tree693379a7483ab5666856d0ccb71093bfb0d0c4a7
parent9701e84eff26d0110d21f024debbab88d97e9c81 [diff] [blame]
Modify how QUIC 0-RTT go/no-go decision is made.

The previous implementation was too strict in its byte-for-byte equality
check including Transport Parameters, because the Transport Parameters
contain a field that QUIC requires be different on each connection. This
change still has BoringSSL do a byte-for-byte check, but now it is only
done over the quic_early_data_context. An additional requirement is
imposed that the quic_early_data_context must be set for early data
capable tickets to be issued.

Bug: 295
Change-Id: I5145c10752b41908b6807c3a3c967653b0c13f37
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41427
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/ssl_asn1.cc b/ssl/ssl_asn1.cc
index 7401d09..e6274f1 100644
--- a/ssl/ssl_asn1.cc
+++ b/ssl/ssl_asn1.cc

@@ -192,7 +192,7 @@
     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 26;
 static const unsigned kIsQuicTag =
     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 27;
-static const unsigned kQuicEarlyDataHashTag =
+static const unsigned kQuicEarlyDataContextTag =
     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 28;
 
 static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
@@ -402,10 +402,10 @@
     }
   }
 
-  if (!in->quic_early_data_hash.empty()) {
-    if (!CBB_add_asn1(&session, &child, kQuicEarlyDataHashTag) ||
-        !CBB_add_asn1_octet_string(&child, in->quic_early_data_hash.data(),
-                                   in->quic_early_data_hash.size())) {
+  if (!in->quic_early_data_context.empty()) {
+    if (!CBB_add_asn1(&session, &child, kQuicEarlyDataContextTag) ||
+        !CBB_add_asn1_octet_string(&child, in->quic_early_data_context.data(),
+                                   in->quic_early_data_context.size())) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
@@ -752,8 +752,8 @@
                                       kEarlyALPNTag) ||
       !CBS_get_optional_asn1_bool(&session, &is_quic, kIsQuicTag,
                                   /*default_value=*/false) ||
-      !SSL_SESSION_parse_octet_string(&session, &ret->quic_early_data_hash,
-                                      kQuicEarlyDataHashTag) ||
+      !SSL_SESSION_parse_octet_string(&session, &ret->quic_early_data_context,
+                                      kQuicEarlyDataContextTag) ||
       CBS_len(&session) != 0) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
     return nullptr;