diff --git a/boring-sys/build/config.rs b/boring-sys/build/config.rs index 108a439d8..a88276df5 100644 --- a/boring-sys/build/config.rs +++ b/boring-sys/build/config.rs @@ -107,7 +107,8 @@ impl Config { ); } - let features_with_patches_enabled = self.features.rpk || self.features.underscore_wildcards; + // RPK support is now native to BoringSSL, no patch needed. + let features_with_patches_enabled = self.features.underscore_wildcards; let patches_required = features_with_patches_enabled && !self.env.assume_patched; diff --git a/boring-sys/build/main.rs b/boring-sys/build/main.rs index d192a0f8c..ffa83207d 100644 --- a/boring-sys/build/main.rs +++ b/boring-sys/build/main.rs @@ -443,13 +443,11 @@ fn ensure_patches_applied(config: &Config) -> io::Result<()> { native BoringSSL is expected to have the patches included" ); return Ok(()); - } else if config.env.source_path.is_some() - && (config.features.rpk || config.features.underscore_wildcards) - { + } else if config.env.source_path.is_some() && config.features.underscore_wildcards { panic!( "BORING_BSSL_ASSUME_PATCHED must be set when setting BORING_BSSL_SOURCE_PATH and using any of the following - features: rpk, underscore-wildcards" + features: underscore-wildcards" ); } @@ -467,10 +465,7 @@ fn ensure_patches_applied(config: &Config) -> io::Result<()> { println!("cargo:warning=applying post quantum crypto patch to boringssl"); apply_patch(config, "boring-pq.patch")?; - if config.features.rpk { - println!("cargo:warning=applying RPK patch to boringssl"); - apply_patch(config, "rpk.patch")?; - } + // RPK support is now native to BoringSSL as of 4a3cda40b, no patch needed. if config.features.underscore_wildcards { println!("cargo:warning=applying underscore wildcards patch to boringssl"); diff --git a/boring-sys/deps/boringssl b/boring-sys/deps/boringssl index 91a66a59b..4a3cda40b 160000 --- a/boring-sys/deps/boringssl +++ b/boring-sys/deps/boringssl @@ -1 +1 @@ -Subproject commit 91a66a59b6c1435120ff83e245d7719411294386 +Subproject commit 4a3cda40b965bbda7cebf86e35c1ed6890ebcc34 diff --git a/boring-sys/patches/boring-pq.patch b/boring-sys/patches/boring-pq.patch index f0aa1ea26..258a77cf7 100644 --- a/boring-sys/patches/boring-pq.patch +++ b/boring-sys/patches/boring-pq.patch @@ -1,80 +1,16 @@ -From cb5689e091f515fc8a42ceaff08d702333e505ed Mon Sep 17 00:00:00 2001 -From: Anthony Ramine -Date: Wed, 3 Dec 2025 11:10:16 +0100 -Subject: [PATCH] Add additional post-quantum key agreements - -This patch adds: - -1. Enable X25519MLKEM768 by default. - -2. Supports for P256Kyber768Draft00 under 0xfe32, which we temporarily - need for compliance reasons. (Note that this is not the codepoint - allocated for that exchange in the IANA table.) - Enables by default and in FIPS mode. - -3. Add SSL(_CTX)_use_second_keyshare. By default BoringSSL will send a - non post-quantum and a post-quantum keyshare if available. These - functions allow one to change the behaviour to only send a single - keyshare. ---- - crypto/obj/obj_dat.h | 6 +- - crypto/obj/obj_mac.num | 1 + - crypto/obj/objects.txt | 1 + - include/openssl/nid.h | 3 + - include/openssl/ssl.h | 15 ++++ - ssl/extensions.cc | 26 ++++--- - ssl/internal.h | 12 ++- - ssl/ssl_key_share.cc | 111 +++++++++++++++++++++++++++- - ssl/ssl_lib.cc | 16 +++- - ssl/ssl_test.cc | 19 ++++- - ssl/test/runner/basic_tests.go | 2 + - ssl/test/runner/cbc_tests.go | 3 + - ssl/test/runner/common.go | 2 +- - ssl/test/runner/curve_tests.go | 28 +++---- - ssl/test/runner/ech_tests.go | 24 +++++- - ssl/test/runner/extension_tests.go | 3 +- - ssl/test/runner/key_update_tests.go | 6 +- - tool/client.cc | 9 +++ - 18 files changed, 245 insertions(+), 42 deletions(-) - diff --git a/crypto/obj/obj_dat.h b/crypto/obj/obj_dat.h -index d8b86dcd2..6dd49ec36 100644 +index 10ad9bb14..b5e408cb0 100644 --- a/crypto/obj/obj_dat.h +++ b/crypto/obj/obj_dat.h -@@ -15,7 +15,7 @@ - // This file is generated by crypto/obj/objects.go. +@@ -16,7 +16,7 @@ + BSSL_NAMESPACE_BEGIN -#define NUM_NID 971 +#define NUM_NID 972 static const uint8_t kObjectData[] = { /* NID_rsadsi */ -@@ -8799,6 +8799,8 @@ static const ASN1_OBJECT kObjects[NUM_NID] = { - {"id-ml-dsa-87", "ML-DSA-87", NID_ML_DSA_87, 9, &kObjectData[6223], 0}, - {"id-alg-ml-kem-768", "ML-KEM-768", NID_ML_KEM_768, 9, &kObjectData[6232], - 0}, -+ {"P256Kyber768Draft00", "P256Kyber768Draft00", NID_P256Kyber768Draft00, 0, -+ NULL, 0}, - }; - - static const uint16_t kNIDsInShortNameOrder[] = { -@@ -8931,6 +8933,7 @@ static const uint16_t kNIDsInShortNameOrder[] = { - 18 /* OU */, - 749 /* Oakley-EC2N-3 */, - 750 /* Oakley-EC2N-4 */, -+ 971 /* P256Kyber768Draft00 */, - 9 /* PBE-MD2-DES */, - 168 /* PBE-MD2-RC2-64 */, - 10 /* PBE-MD5-DES */, -@@ -9854,6 +9857,7 @@ static const uint16_t kNIDsInLongNameOrder[] = { - 366 /* OCSP Nonce */, - 371 /* OCSP Service Locator */, - 180 /* OCSP Signing */, -+ 971 /* P256Kyber768Draft00 */, - 161 /* PBES2 */, - 69 /* PBKDF2 */, - 162 /* PBMAC1 */, diff --git a/crypto/obj/obj_mac.num b/crypto/obj/obj_mac.num index ae863e29d..7231b9a58 100644 --- a/crypto/obj/obj_mac.num @@ -111,10 +47,10 @@ index 83a1cf592..7265f15f6 100644 #if defined(__cplusplus) } /* extern C */ diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h -index ff68ba69e..0730e769a 100644 +index 453318b92..2740469fb 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h -@@ -2550,6 +2550,7 @@ OPENSSL_EXPORT size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); +@@ -2582,6 +2582,7 @@ OPENSSL_EXPORT size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); #define SSL_GROUP_X25519_MLKEM768 0x11ec #define SSL_GROUP_X25519_KYBER768_DRAFT00 0x6399 #define SSL_GROUP_MLKEM1024 0x0202 @@ -122,7 +58,7 @@ index ff68ba69e..0730e769a 100644 // SSL_CTX_set1_group_ids sets the preferred groups for |ctx| to |group_ids|. // Each element of |group_ids| should be a unique one of the |SSL_GROUP_*| -@@ -5964,6 +5965,20 @@ OPENSSL_EXPORT int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves); +@@ -6202,6 +6203,20 @@ OPENSSL_EXPORT int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves); // SSL_set1_curves_list calls |SSL_set1_groups_list|. OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); @@ -144,10 +80,10 @@ index ff68ba69e..0730e769a 100644 // |SSL_get_negotiated_group| to return an unrecognized group. BoringSSL never // returns this value, but we define this constant for compatibility. diff --git a/ssl/extensions.cc b/ssl/extensions.cc -index c5f90688c..e0514fed3 100644 +index 50ce434bf..503cb1a22 100644 --- a/ssl/extensions.cc +++ b/ssl/extensions.cc -@@ -101,6 +101,7 @@ static bool tls1_check_duplicate_extensions(const CBS *cbs) { +@@ -106,6 +106,7 @@ static bool tls1_check_duplicate_extensions(const CBS *cbs) { static bool is_post_quantum_group(uint16_t id) { switch (id) { case SSL_GROUP_X25519_KYBER768_DRAFT00: @@ -155,7 +91,7 @@ index c5f90688c..e0514fed3 100644 case SSL_GROUP_X25519_MLKEM768: case SSL_GROUP_MLKEM1024: return true; -@@ -2241,18 +2242,21 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { +@@ -2418,18 +2419,21 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { if (!default_key_shares.TryPushBack(supported_group_list[0])) { return false; } @@ -189,10 +125,10 @@ index c5f90688c..e0514fed3 100644 selected_key_shares.emplace(default_key_shares); } diff --git a/ssl/internal.h b/ssl/internal.h -index a69505b47..1f5ce51e6 100644 +index 4d86a6170..1c0d9f2fd 100644 --- a/ssl/internal.h +++ b/ssl/internal.h -@@ -955,7 +955,7 @@ struct NamedGroup { +@@ -913,7 +913,7 @@ struct NamedGroup { Span NamedGroups(); // kNumNamedGroups is the number of supported groups. @@ -201,7 +137,7 @@ index a69505b47..1f5ce51e6 100644 // DefaultSupportedGroupIds returns the list of IDs for the default groups that // are supported when the caller hasn't explicitly configured supported groups. -@@ -3388,6 +3388,11 @@ struct SSL_CONFIG { +@@ -3512,6 +3512,11 @@ struct SSL_CONFIG { // permute_extensions is whether to permute extensions when sending messages. bool permute_extensions : 1; @@ -213,7 +149,7 @@ index a69505b47..1f5ce51e6 100644 // aes_hw_override if set indicates we should override checking for aes // hardware support, and use the value in aes_hw_override_value instead. bool aes_hw_override : 1; -@@ -4015,6 +4020,11 @@ struct ssl_ctx_st : public bssl::RefCounted { +@@ -4149,6 +4154,11 @@ struct ssl_ctx_st : public bssl::RefCounted { // permute_extensions is whether to permute extensions when sending messages. bool permute_extensions : 1; @@ -371,10 +307,10 @@ index d155b5527..4fb08906b 100644 return nullptr; } diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc -index f64b103fb..fe5bb9bc7 100644 +index de4e79efc..4ca2e799d 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc -@@ -397,6 +397,7 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method) +@@ -385,6 +385,7 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method) channel_id_enabled(false), grease_enabled(false), permute_extensions(false), @@ -382,7 +318,7 @@ index f64b103fb..fe5bb9bc7 100644 allow_unknown_alpn_protos(false), false_start_allowed_without_alpn(false), handoff(false), -@@ -527,6 +528,7 @@ SSL *SSL_new(SSL_CTX *ctx) { +@@ -517,6 +518,7 @@ SSL *SSL_new(SSL_CTX *ctx) { ssl->config->retain_only_sha256_of_client_certs = ctx->retain_only_sha256_of_client_certs; ssl->config->permute_extensions = ctx->permute_extensions; @@ -390,7 +326,7 @@ index f64b103fb..fe5bb9bc7 100644 ssl->config->aes_hw_override = ctx->aes_hw_override; ssl->config->aes_hw_override_value = ctx->aes_hw_override_value; ssl->config->compliance_policy = ctx->compliance_policy; -@@ -586,6 +588,7 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg) +@@ -582,6 +584,7 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg) jdk11_workaround(false), quic_use_legacy_codepoint(false), permute_extensions(false), @@ -398,7 +334,7 @@ index f64b103fb..fe5bb9bc7 100644 alps_use_new_codepoint(true) { assert(ssl); } -@@ -3331,6 +3334,15 @@ int SSL_set1_curves_list(SSL *ssl, const char *curves) { +@@ -3372,6 +3375,15 @@ int SSL_set1_curves_list(SSL *ssl, const char *curves) { return SSL_set1_groups_list(ssl, curves); } @@ -414,7 +350,7 @@ index f64b103fb..fe5bb9bc7 100644 namespace fips202205 { // (References are to SP 800-52r2): -@@ -3342,7 +3354,9 @@ namespace fips202205 { +@@ -3383,7 +3395,9 @@ namespace fips202205 { // Section 3.3.1 // "The server shall be configured to only use cipher suites that are // composed entirely of NIST approved algorithms" @@ -426,10 +362,10 @@ index f64b103fb..fe5bb9bc7 100644 static const uint16_t kSigAlgs[] = { SSL_SIGN_RSA_PKCS1_SHA256, diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc -index 779a2c37a..36a0cab3b 100644 +index 7a6da95fc..7e934b854 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc -@@ -506,6 +506,14 @@ static const CurveTest kCurveTests[] = { +@@ -522,6 +522,14 @@ static const CurveTest kCurveTests[] = { "MLKEM1024:X25519MLKEM768", {SSL_GROUP_MLKEM1024, SSL_GROUP_X25519_MLKEM768}, }, @@ -444,7 +380,7 @@ index 779a2c37a..36a0cab3b 100644 { "P-256:P-384:P-521:X25519", -@@ -668,7 +676,9 @@ TEST(SSLTest, CurveRules) { +@@ -683,7 +691,9 @@ TEST(SSLTest, CurveRules) { } TEST(SSLTest, DefaultCurves) { @@ -455,7 +391,7 @@ index 779a2c37a..36a0cab3b 100644 SSL_GROUP_SECP384R1}; // Test the group ID APIs. -@@ -1522,6 +1532,9 @@ static bool GetClientHello(SSL *ssl, std::vector *out) { +@@ -1643,6 +1653,9 @@ static bool GetClientHello(SSL *ssl, std::vector *out) { static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version, size_t ticket_len) { bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); @@ -465,7 +401,7 @@ index 779a2c37a..36a0cab3b 100644 bssl::UniquePtr session = CreateSessionWithTicket(session_version, ticket_len); if (!ctx || !session) { -@@ -6815,7 +6828,9 @@ TEST(SSLTest, ApplyHandoffRemovesUnsupportedCurves) { +@@ -7061,7 +7074,9 @@ TEST(SSLTest, ApplyHandoffRemovesUnsupportedCurves) { // The default list of groups is used before applying the handoff. EXPECT_THAT(server->config->supported_group_list, @@ -477,10 +413,10 @@ index 779a2c37a..36a0cab3b 100644 ASSERT_TRUE(SSL_apply_handoff(server.get(), handoff)); EXPECT_EQ(1u, server->config->supported_group_list.size()); diff --git a/ssl/test/runner/basic_tests.go b/ssl/test/runner/basic_tests.go -index 08de8fa5f..dd945fa49 100644 +index dfd17d5f1..054241404 100644 --- a/ssl/test/runner/basic_tests.go +++ b/ssl/test/runner/basic_tests.go -@@ -129,6 +129,7 @@ read alert 1 0 +@@ -132,6 +132,7 @@ read alert 1 0 `write hs 1 read hs 3 write hs 1 @@ -488,7 +424,7 @@ index 08de8fa5f..dd945fa49 100644 read hs 2 read hs 11 read hs 12 -@@ -1956,6 +1957,7 @@ read alert 1 0 +@@ -1975,6 +1976,7 @@ read alert 1 0 write hs 2 write hs 8 write hs 11 @@ -518,10 +454,10 @@ index 6f49d12af..5e970b2b5 100644 }) } diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go -index 7dbde72c9..9d18d9d45 100644 +index ad8e3f73c..4224f2b89 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go -@@ -2095,7 +2095,7 @@ type ProtocolBugs struct { +@@ -2177,7 +2177,7 @@ type ProtocolBugs struct { FailIfHelloRetryRequested bool // FailIfPostQuantumOffered will cause a server to reject a ClientHello if @@ -531,10 +467,10 @@ index 7dbde72c9..9d18d9d45 100644 // ExpectKeyShares, if not nil, lists (in order) the curves that a ClientHello diff --git a/ssl/test/runner/curve_tests.go b/ssl/test/runner/curve_tests.go -index 8e7b0a45b..556bf314d 100644 +index 9bc13115e..0d11da734 100644 --- a/ssl/test/runner/curve_tests.go +++ b/ssl/test/runner/curve_tests.go -@@ -579,17 +579,6 @@ func addCurveTests() { +@@ -581,17 +581,6 @@ func addCurveTests() { }) } @@ -552,7 +488,7 @@ index 8e7b0a45b..556bf314d 100644 for _, curve := range testCurves { if !isMLKEMGroup(curve.id) { continue -@@ -679,18 +668,19 @@ func addCurveTests() { +@@ -681,18 +670,19 @@ func addCurveTests() { }) } @@ -630,7 +566,7 @@ index 2cd3c10d3..f19d8d20a 100644 clientAndServerHelloInitial += "write ccs\n" } diff --git a/ssl/test/runner/extension_tests.go b/ssl/test/runner/extension_tests.go -index d6adb7759..4eb80aa8e 100644 +index 3087efe37..61a036d8b 100644 --- a/ssl/test/runner/extension_tests.go +++ b/ssl/test/runner/extension_tests.go @@ -16,6 +16,7 @@ package runner @@ -651,7 +587,7 @@ index d6adb7759..4eb80aa8e 100644 // Test that illegal extensions in TLS 1.3 are rejected by the client if diff --git a/ssl/test/runner/key_update_tests.go b/ssl/test/runner/key_update_tests.go -index 0a9053038..5ce709589 100644 +index f98528265..2068b1102 100644 --- a/ssl/test/runner/key_update_tests.go +++ b/ssl/test/runner/key_update_tests.go @@ -14,7 +14,10 @@ @@ -675,10 +611,10 @@ index 0a9053038..5ce709589 100644 // Test that shim responds to KeyUpdate requests. diff --git a/tool/client.cc b/tool/client.cc -index 0839d4880..be9b79259 100644 +index 1653af8da..cab725d40 100644 --- a/tool/client.cc +++ b/tool/client.cc -@@ -125,6 +125,11 @@ static const struct argument kArguments[] = { +@@ -156,6 +156,11 @@ static const struct argument kArguments[] = { kBooleanArgument, "Permute extensions in handshake messages", }, @@ -688,9 +624,9 @@ index 0839d4880..be9b79259 100644 + "Do not send a second keyshare", + }, { - "-test-resumption", kBooleanArgument, - "Connect to the server twice. The first connection is closed once a " -@@ -538,6 +543,10 @@ bool Client(const std::vector &args) { + "-test-resumption", + kBooleanArgument, +@@ -637,6 +642,10 @@ bool Client(const std::vector &args) { SSL_CTX_set_permute_extensions(ctx.get(), 1); } @@ -698,9 +634,6 @@ index 0839d4880..be9b79259 100644 + SSL_CTX_use_second_keyshare(ctx.get(), 0); + } + + // Configure accepted roots. if (args_map.count("-root-certs") != 0) { if (!SSL_CTX_load_verify_locations( - ctx.get(), args_map["-root-certs"].c_str(), nullptr)) { --- -2.40.0 - diff --git a/boring-sys/src/lib.rs b/boring-sys/src/lib.rs index 1810d174c..613d75208 100644 --- a/boring-sys/src/lib.rs +++ b/boring-sys/src/lib.rs @@ -33,7 +33,7 @@ pub use generated::{FIPS_mode, SSL_CTX_set_compliance_policy}; // your include p #[cfg(feature = "mlkem")] pub use generated::{MLKEM768_encap, MLKEM768_private_key_from_seed}; // your include path is incorrect or has a version of boringssl without mlkem support #[cfg(feature = "rpk")] -pub use generated::{SSL_CREDENTIAL_new_raw_public_key, SSL_CREDENTIAL_set1_spki}; // your include path is incorrect or has a version of boringssl without rpk support +pub use generated::SSL_CREDENTIAL_new_raw_public_key; // RPK is now native to BoringSSL pub use generated::*; diff --git a/boring/src/ssl/credential.rs b/boring/src/ssl/credential.rs index df8fb0c30..5f2e492c5 100644 --- a/boring/src/ssl/credential.rs +++ b/boring/src/ssl/credential.rs @@ -29,12 +29,16 @@ foreign_type_and_impl_send_sync! { impl SslCredential { /// Create a credential suitable for a handshake using a raw public key. + /// + /// `pkey` must contain both a private and public key. #[corresponds(SSL_CREDENTIAL_new_raw_public_key)] #[cfg(feature = "rpk")] - pub fn new_raw_public_key() -> Result { + pub fn new_raw_public_key( + pkey: &crate::pkey::PKeyRef, + ) -> Result { unsafe { Ok(SslCredentialBuilder(Self::from_ptr(cvt_p( - ffi::SSL_CREDENTIAL_new_raw_public_key(), + ffi::SSL_CREDENTIAL_new_raw_public_key(pkey.as_ptr()), )?))) } } @@ -172,33 +176,10 @@ impl SslCredentialBuilder { } } - // Sets the SPKI of the raw public key credential. - // - // If `spki` is `None`, the SPKI is extracted from the credential's private key. - #[corresponds(SSL_CREDENTIAL_set1_spki)] - #[cfg(feature = "rpk")] - pub fn set_spki_bytes(&mut self, spki: Option<&[u8]>) -> Result<(), ErrorStack> { - unsafe { - let spki = spki - .map(|spki| { - cvt_p(ffi::CRYPTO_BUFFER_new( - spki.as_ptr(), - spki.len(), - ptr::null_mut(), - )) - }) - .transpose()? - .unwrap_or(ptr::null_mut()); - - let ret = cvt_0i(ffi::SSL_CREDENTIAL_set1_spki(self.0.as_ptr(), spki)).map(|_| ()); - - if !spki.is_null() { - ffi::CRYPTO_BUFFER_free(spki); - } - - ret - } - } + // NOTE: SSL_CREDENTIAL_set1_spki was a Cloudflare-specific addition in the + // old RPK patch. Upstream BoringSSL (as of 4a3cda40b) takes the key directly + // via SSL_CREDENTIAL_new_raw_public_key(EVP_PKEY*). The set_spki_bytes method + // has been removed as part of the BoringSSL submodule bump. #[must_use] pub fn build(self) -> SslCredential { diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs index a4575d0c9..85efe1a1a 100644 --- a/boring/src/ssl/mod.rs +++ b/boring/src/ssl/mod.rs @@ -2072,23 +2072,9 @@ impl SslContextBuilder { } } - /// Sets the list of server certificate types that clients attached to this context - /// can process. - #[corresponds(SSL_CTX_set_server_certificate_types)] - #[cfg(feature = "rpk")] - pub fn set_server_certificate_types( - &mut self, - types: &[CertificateType], - ) -> Result<(), ErrorStack> { - unsafe { - cvt_0i(ffi::SSL_CTX_set_server_certificate_types( - self.as_ptr(), - types.as_ptr() as *const u8, - types.len(), - )) - .map(|_| ()) - } - } + // NOTE: SSL_CTX_set_server_certificate_types was removed as it was a + // Cloudflare-specific patch API. Upstream BoringSSL handles certificate type + // negotiation automatically when raw public key credentials are configured. /// Consumes the builder, returning a new `SslContext`. #[must_use] @@ -2376,26 +2362,7 @@ impl SslContextRef { unsafe { cvt(ffi::SSL_CTX_set1_ech_keys(self.as_ptr(), keys.as_ptr())) } } - /// Returns the list of server certificate types. - #[corresponds(SSL_CTX_get0_server_certificate_types)] - #[cfg(feature = "rpk")] - #[must_use] - pub fn server_certificate_types(&self) -> Option<&[CertificateType]> { - let mut types = ptr::null(); - let mut types_len = 0; - unsafe { - ffi::SSL_CTX_get0_server_certificate_types(self.as_ptr(), &mut types, &mut types_len); - - if types_len == 0 { - return None; - } - - Some(slice::from_raw_parts( - types as *const CertificateType, - types_len, - )) - } - } + // NOTE: SSL_CTX_get0_server_certificate_types was removed (Cloudflare-specific patch API). } /// Error returned by the callback to get a session when operation @@ -3865,12 +3832,12 @@ impl SslRef { unsafe { cvt_0i(ffi::SSL_add1_credential(self.as_ptr(), credential.as_ptr())).map(|_| ()) } } - /// Returns the public key sent by the other peer, `None` if there is no ongoing handshake. - #[corresponds(SSL_get0_peer_pubkey)] + /// Returns the raw public key sent by the other peer, `None` if not available. + #[corresponds(SSL_get0_peer_rpk)] #[cfg(feature = "rpk")] pub fn peer_pubkey(&self) -> Option<&PKeyRef> { unsafe { - let pubkey = ffi::SSL_get0_peer_pubkey(self.as_ptr()); + let pubkey = ffi::SSL_get0_peer_rpk(self.as_ptr()); if pubkey.is_null() { return None; @@ -3880,53 +3847,10 @@ impl SslRef { } } - /// Sets the list of server certificate types that clients attached to this `Ssl` - /// can process. - #[corresponds(SSL_set_server_certificate_types)] - #[cfg(feature = "rpk")] - pub fn set_server_certificate_types( - &mut self, - types: &[CertificateType], - ) -> Result<(), ErrorStack> { - unsafe { - cvt_0i(ffi::SSL_set_server_certificate_types( - self.as_ptr(), - types.as_ptr() as *const u8, - types.len(), - )) - .map(|_| ()) - } - } - - /// Returns the list of server certificate types. - #[corresponds(SSL_get0_server_certificate_types)] - #[must_use] - #[cfg(feature = "rpk")] - pub fn server_certificate_types(&self) -> Option<&[CertificateType]> { - let mut types = ptr::null(); - let mut types_len = 0; - unsafe { - ffi::SSL_get0_server_certificate_types(self.as_ptr(), &mut types, &mut types_len); - - if types_len == 0 { - return None; - } - - Some(slice::from_raw_parts( - types as *const CertificateType, - types_len, - )) - } - } - - /// Returns the server certificate type selected by the server, or `CertificateType::X509` - /// if there is no handshake. - #[corresponds(SSL_get_server_certificate_type_selected)] - #[must_use] - #[cfg(feature = "rpk")] - pub fn selected_server_certificate_type(&self) -> CertificateType { - unsafe { CertificateType(ffi::SSL_get_server_certificate_type_selected(self.as_ptr())) } - } + // NOTE: SSL_set_server_certificate_types, SSL_get0_server_certificate_types, + // and SSL_get_server_certificate_type_selected were Cloudflare-specific patch + // APIs. Upstream BoringSSL handles certificate type negotiation automatically + // when raw public key credentials are configured via SSL_CREDENTIAL_new_raw_public_key. } /// An SSL stream midway through the handshake process. @@ -4477,11 +4401,11 @@ pub struct CertificateType(u8); #[cfg(feature = "rpk")] impl CertificateType { - /// A X.509 certificate. - pub const X509: Self = Self(ffi::TLS_CERTIFICATE_TYPE_X509 as u8); + /// A X.509 certificate (RFC 7250, Section 3). + pub const X509: Self = Self(0); - /// A raw public key. - pub const RAW_PUBLIC_KEY: Self = Self(ffi::TLS_CERTIFICATE_TYPE_RAW_PUBLIC_KEY as u8); + /// A raw public key (RFC 7250, Section 3). + pub const RAW_PUBLIC_KEY: Self = Self(2); } /// The result of a shutdown request. diff --git a/tokio-boring/tests/rpk.rs b/tokio-boring/tests/rpk.rs index b39f9d53c..d674e00ae 100644 --- a/tokio-boring/tests/rpk.rs +++ b/tokio-boring/tests/rpk.rs @@ -2,8 +2,7 @@ use boring::pkey::PKey; use boring::ssl::{ - CertificateType, SslAcceptor, SslAlert, SslConnector, SslCredential, SslMethod, SslVerifyError, - SslVerifyMode, + SslAcceptor, SslAlert, SslConnector, SslCredential, SslMethod, SslVerifyError, SslVerifyMode, }; use futures::future; use std::future::Future; @@ -30,14 +29,10 @@ fn create_server() -> ( let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); let private_key = PKey::private_key_from_pem(&std::fs::read("tests/key.pem").unwrap()).unwrap(); - let spki = std::fs::read("tests/pubkey.der").unwrap(); acceptor .add_credential({ - let mut cred = SslCredential::new_raw_public_key().unwrap(); - - cred.set_private_key(&private_key).unwrap(); - cred.set_spki_bytes(Some(&spki)).unwrap(); + let cred = SslCredential::new_raw_public_key(&private_key).unwrap(); &cred.build() }) @@ -62,9 +57,8 @@ async fn connect( let spki = PKey::public_key_from_der(&std::fs::read(spki_path).unwrap()).unwrap(); let is_ok_cell = Arc::clone(is_ok_cell); - connector - .set_server_certificate_types(&[CertificateType::RAW_PUBLIC_KEY]) - .unwrap(); + // Upstream BoringSSL negotiates certificate types automatically when RPK + // credentials are configured. No explicit set_server_certificate_types needed. connector.set_custom_verify_callback(SslVerifyMode::PEER, move |ssl| { let public_key = ssl