)]}' { "commit": "754d4c99c8fd9dec3e251799d57612ebf9136ac4", "tree": "b87ae57e395662dd0fe1004f6e55e52064e00ae1", "parents": [ "83ea777db54769c8bb95ddd62bf11c3946e6d3bf" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Feb 11 16:27:21 2020 -0500" }, "committer": { "name": "CQ bot account: commit-bot@chromium.org", "email": "commit-bot@chromium.org", "time": "Fri Feb 14 17:20:17 2020 +0000" }, "message": "Fix client handling of 0-RTT rejects with cipher mismatch.\n\nServers can only accept 0-RTT if the ciphers match. If they reject\n0-RTT, however, they may change the cipher suite and even the PRF hash.\nThis is tricky, however, because the 0-RTT accept or reject signal comes\nin EncryptedExtensions, which is *after* the new cipher suite is\ninstalled. (Although a client could infer 0-RTT is rejected based on the\ncipher suite if it wanted.)\n\nWhile we correctly handled the PRF hash switch, we get the cipher suite\nmixed up due to dependency on SSL_get_session and incorrectly decrypt\nEncryptedExtensions. Fix this and add some tests.\n\nChange-Id: Ia20f2ed665cf601d30a38f0c8d4786c4c111019f\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/40005\nReviewed-by: Steven Valdez \u003csvaldez@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "b2a61469f5b14655490b018d784e01d2bdf6407f", "old_mode": 33188, "old_path": "crypto/err/ssl.errordata", "new_id": "27ad65cb20ffa519f3e1302361da47c30e5b2fe3", "new_mode": 33188, "new_path": "crypto/err/ssl.errordata" }, { "type": "modify", "old_id": "9847be17bc88a1e50f4581a0ecf3fcc76c2ca0cd", "old_mode": 33188, "old_path": "include/openssl/ssl.h", "new_id": "1fedaf833b8df3cbd17d2479eee09b2342b9db0d", "new_mode": 33188, "new_path": "include/openssl/ssl.h" }, { "type": "modify", "old_id": "a9da05e3c9829fa268282cf6843a19b61c7d69bb", "old_mode": 33188, "old_path": "ssl/handoff.cc", "new_id": "fdbac18da77758244b329b53ed553977f2d58f79", "new_mode": 33188, "new_path": "ssl/handoff.cc" }, { "type": "modify", "old_id": "a970a3c36a9b04fc93c93e928314be18401cc8b6", "old_mode": 33188, "old_path": "ssl/handshake_client.cc", "new_id": "fa692c51a4826617a898c455a8745239b161cfa2", "new_mode": 33188, "new_path": "ssl/handshake_client.cc" }, { "type": "modify", "old_id": "4a93e15d1a14a0d6912ddcffa8eccf70e5e2dc56", "old_mode": 33188, "old_path": "ssl/internal.h", "new_id": "a6b58c5ea82272231fed6748935ff8d0937ca46a", "new_mode": 33188, "new_path": "ssl/internal.h" }, { "type": "modify", "old_id": "77d3f4c2e65dce1ee4a5f239cd57a2b30ad67971", "old_mode": 33188, "old_path": "ssl/ssl_session.cc", "new_id": "663570311b3d7d9a5ba033d81132f6b1fb1f2206", "new_mode": 33188, "new_path": "ssl/ssl_session.cc" }, { "type": "modify", "old_id": "0bdee884fd17f41ca7b8014254aa5b0cbd23a412", "old_mode": 33188, "old_path": "ssl/test/runner/fuzzer_mode.json", "new_id": "940415db9eea2b3cdc5e0f4b2c9f77baeec49bdb", "new_mode": 33188, "new_path": "ssl/test/runner/fuzzer_mode.json" }, { "type": "modify", "old_id": "4ec8bd88d6a24ff7e36d55f756b15f5ea24968fb", "old_mode": 33188, "old_path": "ssl/test/runner/runner.go", "new_id": "255cd9e18e98dd2a298815c7230c2be596e81e77", "new_mode": 33188, "new_path": "ssl/test/runner/runner.go" }, { "type": "modify", "old_id": "f48d1dafe49b53a2172e7026e7ff40da530be8de", "old_mode": 33188, "old_path": "ssl/tls13_client.cc", "new_id": "e22c1e1447c4f74deaaf59c811e4f5645dadf5c9", "new_mode": 33188, "new_path": "ssl/tls13_client.cc" }, { "type": "modify", "old_id": "1f6ff64433fc1e0081cb451c400a245c6df9b666", "old_mode": 33188, "old_path": "ssl/tls13_enc.cc", "new_id": "d0c27b6b180ee5d20a882bd974baab000072dd77", "new_mode": 33188, "new_path": "ssl/tls13_enc.cc" }, { "type": "modify", "old_id": "fda0bca98f0187f316f3f349ffbf78c13e512640", "old_mode": 33188, "old_path": "ssl/tls13_server.cc", "new_id": "f79626089d6994b8fb23e1562c94d267fde97a1e", "new_mode": 33188, "new_path": "ssl/tls13_server.cc" } ] }