Add experimental handshake hints API.
See go/handshake-hints (internal).
CL originally by Bin Wu <wub@google.com>. I just reworked the tests and
tidied it up a bit. This is the start of a replacement for the split
handshakes API. For now, only TLS 1.3 is supported. It starts with an
initial set of hints, but we can add more later. (In particular, we
should probably apply the remote handshaker's extension order to avoid
needing to capability protect such changes.)
Change-Id: I7b6a6dfaa84c6c6e3436d2a4026c3652b8a79f0f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46535
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc
index 8165d1c..326cbe7 100644
--- a/ssl/tls_method.cc
+++ b/ssl/tls_method.cc
@@ -93,7 +93,8 @@
}
if (ssl->quic_method != nullptr) {
- if (!ssl->quic_method->set_read_secret(ssl, level, aead_ctx->cipher(),
+ if ((ssl->s3->hs == nullptr || !ssl->s3->hs->hints_requested) &&
+ !ssl->quic_method->set_read_secret(ssl, level, aead_ctx->cipher(),
secret_for_quic.data(),
secret_for_quic.size())) {
return false;
@@ -121,7 +122,8 @@
}
if (ssl->quic_method != nullptr) {
- if (!ssl->quic_method->set_write_secret(ssl, level, aead_ctx->cipher(),
+ if ((ssl->s3->hs == nullptr || !ssl->s3->hs->hints_requested) &&
+ !ssl->quic_method->set_write_secret(ssl, level, aead_ctx->cipher(),
secret_for_quic.data(),
secret_for_quic.size())) {
return false;
