)]}'
{
  "commit": "ba423c9a1bbbc130f376df054ba59a4f0fb031a8",
  "tree": "d0a5d9743cc415edac442d97dcac688d0bc014eb",
  "parents": [
    "ca7ef8c855398302a04cbcdff8c7a943923bf934"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Tue Jun 15 16:26:58 2021 -0400"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Thu Jun 24 18:07:19 2021 +0000"
  },
  "message": "Implement ClientHelloOuter handshakes.\n\nIf a client offers ECH, but the server rejects it, the client completes\nthe handshake with ClientHelloOuter in order to authenticate retry keys.\nImplement this flow. This is largely allowing the existing handshake to\nproceed, but with some changes:\n\n- Certificate verification uses the other name. This CL routes this up to\n  the built-in verifier and adds SSL_get0_ech_name_override for the\n  callback.\n\n- We need to disable False Start to pick up server Finished in TLS 1.2.\n\n- Client certificates, notably in TLS 1.3 where they\u0027re encrypted,\n  should only be revealed to the true server. Fortunately, not sending\n  client certs is always an option, so do that.\n\n  Channel ID has a similar issue. I\u0027ve just omitted the extension in\n  ClientHelloOuter because it\u0027s deprecated and is unlikely to be used\n  with ECH at this point. ALPS may be worth some pondering but, the way\n  it\u0027s currently used, is not sensitive.\n\n  (Possibly we should change the draft to terminate the handshake before\n  even sending that flight...)\n\n- The session is never offered in ClientHelloOuter, but our internal\n  book-keeping doesn\u0027t quite notice.\n\nI had to replace ech_accept with a tri-state ech_status to correctly\nhandle an edge case in SSL_get0_ech_name_override: when ECH + 0-RTT +\nreverify_on_resume are all enabled, the first certificate verification\nis for the 0-RTT session and should be against the true name, yet we\nhave selected_ech_config \u0026\u0026 !ech_accept. A tri-state tracks when ECH is\nactually rejected. I\u0027ve maintained this on the server as well, though\nthe server never actually cares.\n\nBug: 275\nChange-Id: Ie55966ca3dc4ffcc8c381479f0fe9bcacd34d0f8\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48135\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "d3efb735bc095aab918fe0c244371f213b8e8852",
      "old_mode": 33188,
      "old_path": "crypto/err/ssl.errordata",
      "new_id": "2f854109576f9e7f01fd1143ca27b0f3ea43bd92",
      "new_mode": 33188,
      "new_path": "crypto/err/ssl.errordata"
    },
    {
      "type": "modify",
      "old_id": "dc3a79dfbd4b15740b07f3f0536ddc2206a31843",
      "old_mode": 33188,
      "old_path": "include/openssl/ssl.h",
      "new_id": "ed5e64f732f783f66e13788701e980e1ec2d517b",
      "new_mode": 33188,
      "new_path": "include/openssl/ssl.h"
    },
    {
      "type": "modify",
      "old_id": "ac334625ee64cfab06671f94310e53f1471c8dad",
      "old_mode": 33188,
      "old_path": "include/openssl/x509.h",
      "new_id": "beeed9138f36943b95de9cebb54c673bb44b05d4",
      "new_mode": 33188,
      "new_path": "include/openssl/x509.h"
    },
    {
      "type": "modify",
      "old_id": "041c8de02145c6c7af7219a2773a9b66112bc7c1",
      "old_mode": 33188,
      "old_path": "ssl/encrypted_client_hello.cc",
      "new_id": "e5fabd9037cab56eced6044261ba366b05b1f28a",
      "new_mode": 33188,
      "new_path": "ssl/encrypted_client_hello.cc"
    },
    {
      "type": "modify",
      "old_id": "69a2bdc1aab84ef86fba1b5881c4a3545fb3519e",
      "old_mode": 33188,
      "old_path": "ssl/extensions.cc",
      "new_id": "4950d2663be13c292ee051fa885abb054cd85318",
      "new_mode": 33188,
      "new_path": "ssl/extensions.cc"
    },
    {
      "type": "modify",
      "old_id": "07c9e3d9a84a78d09754e7eb2f157b6221cf862b",
      "old_mode": 33188,
      "old_path": "ssl/handshake.cc",
      "new_id": "db4ee710c4a7c665290b1496339df30cba3a51eb",
      "new_mode": 33188,
      "new_path": "ssl/handshake.cc"
    },
    {
      "type": "modify",
      "old_id": "d5ccafc2611c3ef4ba951c4b205ba0f7c5fbc1be",
      "old_mode": 33188,
      "old_path": "ssl/handshake_client.cc",
      "new_id": "ba8f4b74864d3dd6f022e76fd8c2f25f6cb69523",
      "new_mode": 33188,
      "new_path": "ssl/handshake_client.cc"
    },
    {
      "type": "modify",
      "old_id": "74ac1338ec8b816ddcaaadb2e5a23795c0067a0b",
      "old_mode": 33188,
      "old_path": "ssl/handshake_server.cc",
      "new_id": "c8a23a165a6207e6da5ca81a3e642b3c2a36383b",
      "new_mode": 33188,
      "new_path": "ssl/handshake_server.cc"
    },
    {
      "type": "modify",
      "old_id": "ba1dde351fb8f6fe5161ab40be2b744726016937",
      "old_mode": 33188,
      "old_path": "ssl/internal.h",
      "new_id": "3b7326ae99eb812422bf7edf729fc8d92a62f5e3",
      "new_mode": 33188,
      "new_path": "ssl/internal.h"
    },
    {
      "type": "modify",
      "old_id": "454daf853328f97958d647a6dc60c7bd0357e2ef",
      "old_mode": 33188,
      "old_path": "ssl/s3_lib.cc",
      "new_id": "fa73d34a764623fdb01e8378d1fb470157826b73",
      "new_mode": 33188,
      "new_path": "ssl/s3_lib.cc"
    },
    {
      "type": "modify",
      "old_id": "4bb9c32160742e87040d5b29a6fc6b05c4eaa3c8",
      "old_mode": 33188,
      "old_path": "ssl/ssl_test.cc",
      "new_id": "76f88c7a9629e15b0743982b9a18fcc646f76bad",
      "new_mode": 33188,
      "new_path": "ssl/ssl_test.cc"
    },
    {
      "type": "modify",
      "old_id": "cda761171980e24947d66c6be361562cb6169618",
      "old_mode": 33188,
      "old_path": "ssl/ssl_x509.cc",
      "new_id": "98f1f6a877a9c4bd86409fb5b586ffd07725c35d",
      "new_mode": 33188,
      "new_path": "ssl/ssl_x509.cc"
    },
    {
      "type": "modify",
      "old_id": "ef46540d1914b4ab11d1fe263123523d6b679185",
      "old_mode": 33188,
      "old_path": "ssl/test/bssl_shim.cc",
      "new_id": "f4e7fffd6da36b1b367b4ed51495330d1b202c04",
      "new_mode": 33188,
      "new_path": "ssl/test/bssl_shim.cc"
    },
    {
      "type": "modify",
      "old_id": "fbfa6ab1a248a036d89771d65e6ca89b1db66492",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/alert.go",
      "new_id": "561d0c6ebbd150b841ef7e1445beb904e054a381",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/alert.go"
    },
    {
      "type": "modify",
      "old_id": "767f8da29612ce9dcbb6cdeb097930538435fccf",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/common.go",
      "new_id": "782eb36a0b23bea763cf4d3585b20f395d19f3b9",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/common.go"
    },
    {
      "type": "modify",
      "old_id": "1bfc584d66bc56a459728f86c0398ab12f540442",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/handshake_server.go",
      "new_id": "b9d766717355d0b4aa9484ddef615fc2c9894d14",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/handshake_server.go"
    },
    {
      "type": "modify",
      "old_id": "5bdd50cee5bcac8ca77886f73aca3dfd93018cfa",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/runner.go",
      "new_id": "4838eeccedaa426b37b23d6d1c2a8203f92b4ed2",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/runner.go"
    },
    {
      "type": "modify",
      "old_id": "6288da4616bf42d3fffd6bf372a7b1d0963a45c9",
      "old_mode": 33188,
      "old_path": "ssl/test/test_config.cc",
      "new_id": "12a9f7abd262638e1f5e335b542457a1b3a6d17e",
      "new_mode": 33188,
      "new_path": "ssl/test/test_config.cc"
    },
    {
      "type": "modify",
      "old_id": "377a757583e1d99ed034d2ba191abe0e86545eb1",
      "old_mode": 33188,
      "old_path": "ssl/test/test_config.h",
      "new_id": "c9f2a254bec86b31e9d62757525e62bfb38b4f03",
      "new_mode": 33188,
      "new_path": "ssl/test/test_config.h"
    },
    {
      "type": "modify",
      "old_id": "02922919c8b366ac325b751d29b21995b4a1cc30",
      "old_mode": 33188,
      "old_path": "ssl/tls13_client.cc",
      "new_id": "bff7fb91800d4f03e310c7f7058050d424dbf996",
      "new_mode": 33188,
      "new_path": "ssl/tls13_client.cc"
    },
    {
      "type": "modify",
      "old_id": "7f32b6cd1c4077cef8524db6112bf800f9d0e45e",
      "old_mode": 33188,
      "old_path": "ssl/tls13_server.cc",
      "new_id": "501d01fcb0cc33566d72074a61ffa140a76f8672",
      "new_mode": 33188,
      "new_path": "ssl/tls13_server.cc"
    }
  ]
}
