From 372501ffc23310f25470cf4a0d40082d78d59780 Mon Sep 17 00:00:00 2001
From: 0x676e67 <gngppz@gmail.com>
Date: Sun, 23 Feb 2025 19:34:37 +0800
Subject: [PATCH] fix(patch): Fix alps use new codepoint negotiation (#53)

---
 ...df6f03d85c901767250329c571db405122d5.patch | 134 ++++++++++++++++--
 1 file changed, 126 insertions(+), 8 deletions(-)

diff --git a/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch b/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch
index 6a5a0961..6fc56be4 100644
--- a/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch
+++ b/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch
@@ -4270,7 +4270,7 @@ index 4dd8841b1..23ffcd446 100644
  #if defined(__cplusplus)
  } /* extern C */
 diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h
-index 53aa9b453..1e93efda3 100644
+index 53aa9b453..ea01fd665 100644
 --- a/src/include/openssl/ssl.h
 +++ b/src/include/openssl/ssl.h
 @@ -718,6 +718,12 @@ OPENSSL_EXPORT int SSL_version(const SSL *ssl);
@@ -4357,6 +4357,14 @@ index 53aa9b453..1e93efda3 100644
  #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
  #define SSL_OP_NO_SSLv2 0
  #define SSL_OP_NO_SSLv3 0
+@@ -5779,6 +5819,7 @@ BSSL_NAMESPACE_END
+ #define SSL_R_ECH_REJECTED 319
+ #define SSL_R_INVALID_OUTER_EXTENSION 320
+ #define SSL_R_INCONSISTENT_ECH_NEGOTIATION 321
++#define SSL_R_INVALID_ALPS_CODEPOINT 322
+ #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
+ #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
+ #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
 diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h
 index 772fb87a3..955126a7a 100644
 --- a/src/include/openssl/tls1.h
@@ -4400,7 +4408,7 @@ index 5c7e881bf..3c0770cf3 100644
    crypto/pkcs8/test/no_encryption.p12
    crypto/pkcs8/test/nss.p12
 diff --git a/src/ssl/extensions.cc b/src/ssl/extensions.cc
-index 5ee280221..dbdd8b305 100644
+index 5ee280221..d1ae70aa1 100644
 --- a/src/ssl/extensions.cc
 +++ b/src/ssl/extensions.cc
 @@ -207,6 +207,10 @@ static bool tls1_check_duplicate_extensions(const CBS *cbs) {
@@ -4694,7 +4702,24 @@ index 5ee280221..dbdd8b305 100644
  bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
                          const SSL_CLIENT_HELLO *client_hello) {
    SSL *const ssl = hs->ssl;
-@@ -3094,6 +3211,39 @@ bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+@@ -3052,11 +3169,15 @@ bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+   // If we negotiate ALPN over TLS 1.3, try to negotiate ALPS.
+   CBS alps_contents;
+   Span<const uint8_t> settings;
++  uint16_t extension_type = TLSEXT_TYPE_application_settings;
++  if (hs->config->alps_use_new_codepoint) {
++    extension_type = TLSEXT_TYPE_application_settings_new;
++  }
+   if (ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
+       ssl_get_local_application_settings(hs, &settings,
+                                          ssl->s3->alpn_selected) &&
+       ssl_client_hello_get_extension(client_hello, &alps_contents,
+-                                     TLSEXT_TYPE_application_settings)) {
++                                     extension_type)) {
+     // Check if the client supports ALPS with the selected ALPN.
+     bool found = false;
+     CBS alps_list;
+@@ -3094,6 +3215,39 @@ bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
    return true;
  }
  
@@ -4734,7 +4759,7 @@ index 5ee280221..dbdd8b305 100644
  // kExtensions contains all the supported extensions.
  static const struct tls_extension kExtensions[] = {
    {
-@@ -3267,6 +3417,21 @@ static const struct tls_extension kExtensions[] = {
+@@ -3267,6 +3421,21 @@ static const struct tls_extension kExtensions[] = {
      ignore_parse_clienthello,
      ext_alps_add_serverhello,
    },
@@ -4756,7 +4781,7 @@ index 5ee280221..dbdd8b305 100644
  };
  
  #define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
-@@ -3280,6 +3445,12 @@ static_assert(kNumExtensions <=
+@@ -3280,6 +3449,12 @@ static_assert(kNumExtensions <=
  
  bool ssl_setup_extension_permutation(SSL_HANDSHAKE *hs) {
    if (!hs->config->permute_extensions) {
@@ -4769,7 +4794,7 @@ index 5ee280221..dbdd8b305 100644
      return true;
    }
  
-@@ -3357,10 +3528,16 @@ static bool ssl_add_clienthello_tlsext_inner(SSL_HANDSHAKE *hs, CBB *out,
+@@ -3357,10 +3532,16 @@ static bool ssl_add_clienthello_tlsext_inner(SSL_HANDSHAKE *hs, CBB *out,
      }
    }
  
@@ -4787,7 +4812,7 @@ index 5ee280221..dbdd8b305 100644
      const size_t len_before = CBB_len(&extensions);
      const size_t len_compressed_before = CBB_len(compressed.get());
      if (!kExtensions[i].add_clienthello(hs, &extensions, compressed.get(),
-@@ -3466,10 +3643,16 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded,
+@@ -3466,10 +3647,16 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded,
    }
  
    bool last_was_empty = false;
@@ -4806,7 +4831,7 @@ index 5ee280221..dbdd8b305 100644
      if (!kExtensions[i].add_clienthello(hs, &extensions, &extensions, type)) {
        OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
 diff --git a/src/ssl/handoff.cc b/src/ssl/handoff.cc
-index 6e5cc2da1..6cd3ca430 100644
+index 6e5cc2da1..b1b31f3a7 100644
 --- a/src/ssl/handoff.cc
 +++ b/src/ssl/handoff.cc
 @@ -169,46 +169,46 @@ static bool apply_remote_features(SSL *ssl, CBS *in) {
@@ -4889,6 +4914,62 @@ index 6e5cc2da1..6cd3ca430 100644
        supports_alps = true;
        break;
      }
+@@ -442,6 +445,16 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
+                                    hs->early_traffic_secret().size())) {
+       return false;
+     }
++
++    if (session->has_application_settings) {
++      uint16_t alps_codepoint = TLSEXT_TYPE_application_settings;
++      if (hs->config->alps_use_new_codepoint) {
++        alps_codepoint = TLSEXT_TYPE_application_settings_new;
++      }
++      if (!CBB_add_asn1_uint64(&seq, alps_codepoint)) {
++        return false;
++      }
++    }
+   }
+   return CBB_flush(out);
+ }
+@@ -461,7 +474,8 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
+   }
+ 
+   SSL3_STATE *const s3 = ssl->s3;
+-  uint64_t handback_version, unused_token_binding_param, cipher, type_u64;
++  uint64_t handback_version, unused_token_binding_param, cipher, type_u64,
++           alps_codepoint;
+ 
+   CBS seq, read_seq, write_seq, server_rand, client_rand, read_iv, write_iv,
+       next_proto, alpn, hostname, unused_channel_id, transcript, key_share;
+@@ -561,6 +575,28 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
+         !CBS_get_asn1(&seq, &early_traffic_secret, CBS_ASN1_OCTETSTRING)) {
+       return false;
+     }
++
++    if (session->has_application_settings) {
++      // Making it optional to keep compatibility with older handshakers.
++      // Older handshakers won't send the field.
++      if (CBS_len(&seq) == 0) {
++        hs->config->alps_use_new_codepoint = false;
++      } else {
++        if (!CBS_get_asn1_uint64(&seq, &alps_codepoint)) {
++          return false;
++        }
++
++        if (alps_codepoint == TLSEXT_TYPE_application_settings_new) {
++          hs->config->alps_use_new_codepoint = true;
++        } else if (alps_codepoint == TLSEXT_TYPE_application_settings) {
++          hs->config->alps_use_new_codepoint = false;
++        } else {
++          OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPS_CODEPOINT);
++          return false;
++        }
++      }
++    }
++
+     if (ticket_age_skew > std::numeric_limits<int32_t>::max() ||
+         ticket_age_skew < std::numeric_limits<int32_t>::min()) {
+       return false;
 diff --git a/src/ssl/handshake_client.cc b/src/ssl/handshake_client.cc
 index 971ebd0b1..348fb93dc 100644
 --- a/src/ssl/handshake_client.cc
@@ -6509,6 +6590,43 @@ index ef43a9e98..22178b5f6 100644
    {
      "P-256:P-384:P-521:X25519",
      {
+diff --git a/src/ssl/tls13_client.cc b/src/ssl/tls13_client.cc
+index 1971596c9..fbc273540 100644
+--- a/src/ssl/tls13_client.cc
++++ b/src/ssl/tls13_client.cc
+@@ -812,10 +812,14 @@ static enum ssl_hs_wait_t do_send_client_encrypted_extensions(
+       !ssl->s3->early_data_accepted) {
+     ScopedCBB cbb;
+     CBB body, extensions, extension;
++    uint16_t extension_type = TLSEXT_TYPE_application_settings;
++    if (hs->config->alps_use_new_codepoint) {
++      extension_type = TLSEXT_TYPE_application_settings_new;
++    }
+     if (!ssl->method->init_message(ssl, cbb.get(), &body,
+                                    SSL3_MT_ENCRYPTED_EXTENSIONS) ||
+         !CBB_add_u16_length_prefixed(&body, &extensions) ||
+-        !CBB_add_u16(&extensions, TLSEXT_TYPE_application_settings) ||
++        !CBB_add_u16(&extensions, extension_type) ||
+         !CBB_add_u16_length_prefixed(&extensions, &extension) ||
+         !CBB_add_bytes(&extension,
+                        hs->new_session->local_application_settings.data(),
+diff --git a/src/ssl/tls13_server.cc b/src/ssl/tls13_server.cc
+index 9d26f4e00..4ae95721a 100644
+--- a/src/ssl/tls13_server.cc
++++ b/src/ssl/tls13_server.cc
+@@ -1051,7 +1051,11 @@ static enum ssl_hs_wait_t do_read_client_encrypted_extensions(
+       return ssl_hs_error;
+     }
+ 
+-    SSLExtension application_settings(TLSEXT_TYPE_application_settings);
++    uint16_t extension_type = TLSEXT_TYPE_application_settings;
++    if (hs->config->alps_use_new_codepoint) {
++      extension_type = TLSEXT_TYPE_application_settings_new;
++    }
++    SSLExtension application_settings(extension_type);
+     uint8_t alert = SSL_AD_DECODE_ERROR;
+     if (!ssl_parse_extensions(&extensions, &alert, {&application_settings},
+                               /*ignore_unknown=*/false)) {
 diff --git a/src/tool/speed.cc b/src/tool/speed.cc
 index 5b0205953..6b3c67dab 100644
 --- a/src/tool/speed.cc