From 44965ab04cc6d0880bd6033c68fb1db34cb5a0f1 Mon Sep 17 00:00:00 2001 From: Kevin Guthrie Date: Thu, 21 May 2026 18:33:10 -0400 Subject: [PATCH] Bump BoringSSL submodule to 4a3cda40b (API version 40) Update the BoringSSL submodule from 91a66a59b (API version 37) to 4a3cda40b965bbda7cebf86e35c1ed6890ebcc34 (API version 40). This moves the BoringSSL dependency forward by 653 commits. Key addition in this range: ML-DSA support in libssl. Changes: - Update boring-pq.patch to apply cleanly against the new BoringSSL (context changes in crypto/obj/obj_dat.h and tool/client.cc). - Remove rpk.patch: RPK (Raw Public Key) support is now native to BoringSSL at this version, so the patch is no longer needed. The rpk Cargo feature flag is preserved for the Rust API surface. --- boring-sys/build/config.rs | 3 +- boring-sys/build/main.rs | 11 +-- boring-sys/deps/boringssl | 2 +- boring-sys/patches/boring-pq.patch | 147 ++++++++--------------------- boring-sys/src/lib.rs | 2 +- boring/src/ssl/credential.rs | 39 ++------ boring/src/ssl/mod.rs | 106 +++------------------ tokio-boring/tests/rpk.rs | 14 +-- 8 files changed, 76 insertions(+), 248 deletions(-) diff --git a/boring-sys/build/config.rs b/boring-sys/build/config.rs index 108a439d8..a88276df5 100644 --- a/boring-sys/build/config.rs +++ b/boring-sys/build/config.rs @@ -107,7 +107,8 @@ impl Config { ); } - let features_with_patches_enabled = self.features.rpk || self.features.underscore_wildcards; + // RPK support is now native to BoringSSL, no patch needed. + let features_with_patches_enabled = self.features.underscore_wildcards; let patches_required = features_with_patches_enabled && !self.env.assume_patched; diff --git a/boring-sys/build/main.rs b/boring-sys/build/main.rs index d192a0f8c..ffa83207d 100644 --- a/boring-sys/build/main.rs +++ b/boring-sys/build/main.rs @@ -443,13 +443,11 @@ fn ensure_patches_applied(config: &Config) -> io::Result<()> { native BoringSSL is expected to have the patches included" ); return Ok(()); - } else if config.env.source_path.is_some() - && (config.features.rpk || config.features.underscore_wildcards) - { + } else if config.env.source_path.is_some() && config.features.underscore_wildcards { panic!( "BORING_BSSL_ASSUME_PATCHED must be set when setting BORING_BSSL_SOURCE_PATH and using any of the following - features: rpk, underscore-wildcards" + features: underscore-wildcards" ); } @@ -467,10 +465,7 @@ fn ensure_patches_applied(config: &Config) -> io::Result<()> { println!("cargo:warning=applying post quantum crypto patch to boringssl"); apply_patch(config, "boring-pq.patch")?; - if config.features.rpk { - println!("cargo:warning=applying RPK patch to boringssl"); - apply_patch(config, "rpk.patch")?; - } + // RPK support is now native to BoringSSL as of 4a3cda40b, no patch needed. if config.features.underscore_wildcards { println!("cargo:warning=applying underscore wildcards patch to boringssl"); diff --git a/boring-sys/deps/boringssl b/boring-sys/deps/boringssl index 91a66a59b..4a3cda40b 160000 --- a/boring-sys/deps/boringssl +++ b/boring-sys/deps/boringssl @@ -1 +1 @@ -Subproject commit 91a66a59b6c1435120ff83e245d7719411294386 +Subproject commit 4a3cda40b965bbda7cebf86e35c1ed6890ebcc34 diff --git a/boring-sys/patches/boring-pq.patch b/boring-sys/patches/boring-pq.patch index f0aa1ea26..258a77cf7 100644 --- a/boring-sys/patches/boring-pq.patch +++ b/boring-sys/patches/boring-pq.patch @@ -1,80 +1,16 @@ -From cb5689e091f515fc8a42ceaff08d702333e505ed Mon Sep 17 00:00:00 2001 -From: Anthony Ramine -Date: Wed, 3 Dec 2025 11:10:16 +0100 -Subject: [PATCH] Add additional post-quantum key agreements - -This patch adds: - -1. Enable X25519MLKEM768 by default. - -2. Supports for P256Kyber768Draft00 under 0xfe32, which we temporarily - need for compliance reasons. (Note that this is not the codepoint - allocated for that exchange in the IANA table.) - Enables by default and in FIPS mode. - -3. Add SSL(_CTX)_use_second_keyshare. By default BoringSSL will send a - non post-quantum and a post-quantum keyshare if available. These - functions allow one to change the behaviour to only send a single - keyshare. ---- - crypto/obj/obj_dat.h | 6 +- - crypto/obj/obj_mac.num | 1 + - crypto/obj/objects.txt | 1 + - include/openssl/nid.h | 3 + - include/openssl/ssl.h | 15 ++++ - ssl/extensions.cc | 26 ++++--- - ssl/internal.h | 12 ++- - ssl/ssl_key_share.cc | 111 +++++++++++++++++++++++++++- - ssl/ssl_lib.cc | 16 +++- - ssl/ssl_test.cc | 19 ++++- - ssl/test/runner/basic_tests.go | 2 + - ssl/test/runner/cbc_tests.go | 3 + - ssl/test/runner/common.go | 2 +- - ssl/test/runner/curve_tests.go | 28 +++---- - ssl/test/runner/ech_tests.go | 24 +++++- - ssl/test/runner/extension_tests.go | 3 +- - ssl/test/runner/key_update_tests.go | 6 +- - tool/client.cc | 9 +++ - 18 files changed, 245 insertions(+), 42 deletions(-) - diff --git a/crypto/obj/obj_dat.h b/crypto/obj/obj_dat.h -index d8b86dcd2..6dd49ec36 100644 +index 10ad9bb14..b5e408cb0 100644 --- a/crypto/obj/obj_dat.h +++ b/crypto/obj/obj_dat.h -@@ -15,7 +15,7 @@ - // This file is generated by crypto/obj/objects.go. +@@ -16,7 +16,7 @@ + BSSL_NAMESPACE_BEGIN -#define NUM_NID 971 +#define NUM_NID 972 static const uint8_t kObjectData[] = { /* NID_rsadsi */ -@@ -8799,6 +8799,8 @@ static const ASN1_OBJECT kObjects[NUM_NID] = { - {"id-ml-dsa-87", "ML-DSA-87", NID_ML_DSA_87, 9, &kObjectData[6223], 0}, - {"id-alg-ml-kem-768", "ML-KEM-768", NID_ML_KEM_768, 9, &kObjectData[6232], - 0}, -+ {"P256Kyber768Draft00", "P256Kyber768Draft00", NID_P256Kyber768Draft00, 0, -+ NULL, 0}, - }; - - static const uint16_t kNIDsInShortNameOrder[] = { -@@ -8931,6 +8933,7 @@ static const uint16_t kNIDsInShortNameOrder[] = { - 18 /* OU */, - 749 /* Oakley-EC2N-3 */, - 750 /* Oakley-EC2N-4 */, -+ 971 /* P256Kyber768Draft00 */, - 9 /* PBE-MD2-DES */, - 168 /* PBE-MD2-RC2-64 */, - 10 /* PBE-MD5-DES */, -@@ -9854,6 +9857,7 @@ static const uint16_t kNIDsInLongNameOrder[] = { - 366 /* OCSP Nonce */, - 371 /* OCSP Service Locator */, - 180 /* OCSP Signing */, -+ 971 /* P256Kyber768Draft00 */, - 161 /* PBES2 */, - 69 /* PBKDF2 */, - 162 /* PBMAC1 */, diff --git a/crypto/obj/obj_mac.num b/crypto/obj/obj_mac.num index ae863e29d..7231b9a58 100644 --- a/crypto/obj/obj_mac.num @@ -111,10 +47,10 @@ index 83a1cf592..7265f15f6 100644 #if defined(__cplusplus) } /* extern C */ diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h -index ff68ba69e..0730e769a 100644 +index 453318b92..2740469fb 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h -@@ -2550,6 +2550,7 @@ OPENSSL_EXPORT size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); +@@ -2582,6 +2582,7 @@ OPENSSL_EXPORT size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); #define SSL_GROUP_X25519_MLKEM768 0x11ec #define SSL_GROUP_X25519_KYBER768_DRAFT00 0x6399 #define SSL_GROUP_MLKEM1024 0x0202 @@ -122,7 +58,7 @@ index ff68ba69e..0730e769a 100644 // SSL_CTX_set1_group_ids sets the preferred groups for |ctx| to |group_ids|. // Each element of |group_ids| should be a unique one of the |SSL_GROUP_*| -@@ -5964,6 +5965,20 @@ OPENSSL_EXPORT int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves); +@@ -6202,6 +6203,20 @@ OPENSSL_EXPORT int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves); // SSL_set1_curves_list calls |SSL_set1_groups_list|. OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); @@ -144,10 +80,10 @@ index ff68ba69e..0730e769a 100644 // |SSL_get_negotiated_group| to return an unrecognized group. BoringSSL never // returns this value, but we define this constant for compatibility. diff --git a/ssl/extensions.cc b/ssl/extensions.cc -index c5f90688c..e0514fed3 100644 +index 50ce434bf..503cb1a22 100644 --- a/ssl/extensions.cc +++ b/ssl/extensions.cc -@@ -101,6 +101,7 @@ static bool tls1_check_duplicate_extensions(const CBS *cbs) { +@@ -106,6 +106,7 @@ static bool tls1_check_duplicate_extensions(const CBS *cbs) { static bool is_post_quantum_group(uint16_t id) { switch (id) { case SSL_GROUP_X25519_KYBER768_DRAFT00: @@ -155,7 +91,7 @@ index c5f90688c..e0514fed3 100644 case SSL_GROUP_X25519_MLKEM768: case SSL_GROUP_MLKEM1024: return true; -@@ -2241,18 +2242,21 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { +@@ -2418,18 +2419,21 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { if (!default_key_shares.TryPushBack(supported_group_list[0])) { return false; } @@ -189,10 +125,10 @@ index c5f90688c..e0514fed3 100644 selected_key_shares.emplace(default_key_shares); } diff --git a/ssl/internal.h b/ssl/internal.h -index a69505b47..1f5ce51e6 100644 +index 4d86a6170..1c0d9f2fd 100644 --- a/ssl/internal.h +++ b/ssl/internal.h -@@ -955,7 +955,7 @@ struct NamedGroup { +@@ -913,7 +913,7 @@ struct NamedGroup { Span NamedGroups(); // kNumNamedGroups is the number of supported groups. @@ -201,7 +137,7 @@ index a69505b47..1f5ce51e6 100644 // DefaultSupportedGroupIds returns the list of IDs for the default groups that // are supported when the caller hasn't explicitly configured supported groups. -@@ -3388,6 +3388,11 @@ struct SSL_CONFIG { +@@ -3512,6 +3512,11 @@ struct SSL_CONFIG { // permute_extensions is whether to permute extensions when sending messages. bool permute_extensions : 1; @@ -213,7 +149,7 @@ index a69505b47..1f5ce51e6 100644 // aes_hw_override if set indicates we should override checking for aes // hardware support, and use the value in aes_hw_override_value instead. bool aes_hw_override : 1; -@@ -4015,6 +4020,11 @@ struct ssl_ctx_st : public bssl::RefCounted { +@@ -4149,6 +4154,11 @@ struct ssl_ctx_st : public bssl::RefCounted { // permute_extensions is whether to permute extensions when sending messages. bool permute_extensions : 1; @@ -371,10 +307,10 @@ index d155b5527..4fb08906b 100644 return nullptr; } diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc -index f64b103fb..fe5bb9bc7 100644 +index de4e79efc..4ca2e799d 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc -@@ -397,6 +397,7 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method) +@@ -385,6 +385,7 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method) channel_id_enabled(false), grease_enabled(false), permute_extensions(false), @@ -382,7 +318,7 @@ index f64b103fb..fe5bb9bc7 100644 allow_unknown_alpn_protos(false), false_start_allowed_without_alpn(false), handoff(false), -@@ -527,6 +528,7 @@ SSL *SSL_new(SSL_CTX *ctx) { +@@ -517,6 +518,7 @@ SSL *SSL_new(SSL_CTX *ctx) { ssl->config->retain_only_sha256_of_client_certs = ctx->retain_only_sha256_of_client_certs; ssl->config->permute_extensions = ctx->permute_extensions; @@ -390,7 +326,7 @@ index f64b103fb..fe5bb9bc7 100644 ssl->config->aes_hw_override = ctx->aes_hw_override; ssl->config->aes_hw_override_value = ctx->aes_hw_override_value; ssl->config->compliance_policy = ctx->compliance_policy; -@@ -586,6 +588,7 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg) +@@ -582,6 +584,7 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg) jdk11_workaround(false), quic_use_legacy_codepoint(false), permute_extensions(false), @@ -398,7 +334,7 @@ index f64b103fb..fe5bb9bc7 100644 alps_use_new_codepoint(true) { assert(ssl); } -@@ -3331,6 +3334,15 @@ int SSL_set1_curves_list(SSL *ssl, const char *curves) { +@@ -3372,6 +3375,15 @@ int SSL_set1_curves_list(SSL *ssl, const char *curves) { return SSL_set1_groups_list(ssl, curves); } @@ -414,7 +350,7 @@ index f64b103fb..fe5bb9bc7 100644 namespace fips202205 { // (References are to SP 800-52r2): -@@ -3342,7 +3354,9 @@ namespace fips202205 { +@@ -3383,7 +3395,9 @@ namespace fips202205 { // Section 3.3.1 // "The server shall be configured to only use cipher suites that are // composed entirely of NIST approved algorithms" @@ -426,10 +362,10 @@ index f64b103fb..fe5bb9bc7 100644 static const uint16_t kSigAlgs[] = { SSL_SIGN_RSA_PKCS1_SHA256, diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc -index 779a2c37a..36a0cab3b 100644 +index 7a6da95fc..7e934b854 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc -@@ -506,6 +506,14 @@ static const CurveTest kCurveTests[] = { +@@ -522,6 +522,14 @@ static const CurveTest kCurveTests[] = { "MLKEM1024:X25519MLKEM768", {SSL_GROUP_MLKEM1024, SSL_GROUP_X25519_MLKEM768}, }, @@ -444,7 +380,7 @@ index 779a2c37a..36a0cab3b 100644 { "P-256:P-384:P-521:X25519", -@@ -668,7 +676,9 @@ TEST(SSLTest, CurveRules) { +@@ -683,7 +691,9 @@ TEST(SSLTest, CurveRules) { } TEST(SSLTest, DefaultCurves) { @@ -455,7 +391,7 @@ index 779a2c37a..36a0cab3b 100644 SSL_GROUP_SECP384R1}; // Test the group ID APIs. -@@ -1522,6 +1532,9 @@ static bool GetClientHello(SSL *ssl, std::vector *out) { +@@ -1643,6 +1653,9 @@ static bool GetClientHello(SSL *ssl, std::vector *out) { static size_t GetClientHelloLen(uint16_t max_version, uint16_t session_version, size_t ticket_len) { bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); @@ -465,7 +401,7 @@ index 779a2c37a..36a0cab3b 100644 bssl::UniquePtr session = CreateSessionWithTicket(session_version, ticket_len); if (!ctx || !session) { -@@ -6815,7 +6828,9 @@ TEST(SSLTest, ApplyHandoffRemovesUnsupportedCurves) { +@@ -7061,7 +7074,9 @@ TEST(SSLTest, ApplyHandoffRemovesUnsupportedCurves) { // The default list of groups is used before applying the handoff. EXPECT_THAT(server->config->supported_group_list, @@ -477,10 +413,10 @@ index 779a2c37a..36a0cab3b 100644 ASSERT_TRUE(SSL_apply_handoff(server.get(), handoff)); EXPECT_EQ(1u, server->config->supported_group_list.size()); diff --git a/ssl/test/runner/basic_tests.go b/ssl/test/runner/basic_tests.go -index 08de8fa5f..dd945fa49 100644 +index dfd17d5f1..054241404 100644 --- a/ssl/test/runner/basic_tests.go +++ b/ssl/test/runner/basic_tests.go -@@ -129,6 +129,7 @@ read alert 1 0 +@@ -132,6 +132,7 @@ read alert 1 0 `write hs 1 read hs 3 write hs 1 @@ -488,7 +424,7 @@ index 08de8fa5f..dd945fa49 100644 read hs 2 read hs 11 read hs 12 -@@ -1956,6 +1957,7 @@ read alert 1 0 +@@ -1975,6 +1976,7 @@ read alert 1 0 write hs 2 write hs 8 write hs 11 @@ -518,10 +454,10 @@ index 6f49d12af..5e970b2b5 100644 }) } diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go -index 7dbde72c9..9d18d9d45 100644 +index ad8e3f73c..4224f2b89 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go -@@ -2095,7 +2095,7 @@ type ProtocolBugs struct { +@@ -2177,7 +2177,7 @@ type ProtocolBugs struct { FailIfHelloRetryRequested bool // FailIfPostQuantumOffered will cause a server to reject a ClientHello if @@ -531,10 +467,10 @@ index 7dbde72c9..9d18d9d45 100644 // ExpectKeyShares, if not nil, lists (in order) the curves that a ClientHello diff --git a/ssl/test/runner/curve_tests.go b/ssl/test/runner/curve_tests.go -index 8e7b0a45b..556bf314d 100644 +index 9bc13115e..0d11da734 100644 --- a/ssl/test/runner/curve_tests.go +++ b/ssl/test/runner/curve_tests.go -@@ -579,17 +579,6 @@ func addCurveTests() { +@@ -581,17 +581,6 @@ func addCurveTests() { }) } @@ -552,7 +488,7 @@ index 8e7b0a45b..556bf314d 100644 for _, curve := range testCurves { if !isMLKEMGroup(curve.id) { continue -@@ -679,18 +668,19 @@ func addCurveTests() { +@@ -681,18 +670,19 @@ func addCurveTests() { }) } @@ -630,7 +566,7 @@ index 2cd3c10d3..f19d8d20a 100644 clientAndServerHelloInitial += "write ccs\n" } diff --git a/ssl/test/runner/extension_tests.go b/ssl/test/runner/extension_tests.go -index d6adb7759..4eb80aa8e 100644 +index 3087efe37..61a036d8b 100644 --- a/ssl/test/runner/extension_tests.go +++ b/ssl/test/runner/extension_tests.go @@ -16,6 +16,7 @@ package runner @@ -651,7 +587,7 @@ index d6adb7759..4eb80aa8e 100644 // Test that illegal extensions in TLS 1.3 are rejected by the client if diff --git a/ssl/test/runner/key_update_tests.go b/ssl/test/runner/key_update_tests.go -index 0a9053038..5ce709589 100644 +index f98528265..2068b1102 100644 --- a/ssl/test/runner/key_update_tests.go +++ b/ssl/test/runner/key_update_tests.go @@ -14,7 +14,10 @@ @@ -675,10 +611,10 @@ index 0a9053038..5ce709589 100644 // Test that shim responds to KeyUpdate requests. diff --git a/tool/client.cc b/tool/client.cc -index 0839d4880..be9b79259 100644 +index 1653af8da..cab725d40 100644 --- a/tool/client.cc +++ b/tool/client.cc -@@ -125,6 +125,11 @@ static const struct argument kArguments[] = { +@@ -156,6 +156,11 @@ static const struct argument kArguments[] = { kBooleanArgument, "Permute extensions in handshake messages", }, @@ -688,9 +624,9 @@ index 0839d4880..be9b79259 100644 + "Do not send a second keyshare", + }, { - "-test-resumption", kBooleanArgument, - "Connect to the server twice. The first connection is closed once a " -@@ -538,6 +543,10 @@ bool Client(const std::vector &args) { + "-test-resumption", + kBooleanArgument, +@@ -637,6 +642,10 @@ bool Client(const std::vector &args) { SSL_CTX_set_permute_extensions(ctx.get(), 1); } @@ -698,9 +634,6 @@ index 0839d4880..be9b79259 100644 + SSL_CTX_use_second_keyshare(ctx.get(), 0); + } + + // Configure accepted roots. if (args_map.count("-root-certs") != 0) { if (!SSL_CTX_load_verify_locations( - ctx.get(), args_map["-root-certs"].c_str(), nullptr)) { --- -2.40.0 - diff --git a/boring-sys/src/lib.rs b/boring-sys/src/lib.rs index 1810d174c..613d75208 100644 --- a/boring-sys/src/lib.rs +++ b/boring-sys/src/lib.rs @@ -33,7 +33,7 @@ pub use generated::{FIPS_mode, SSL_CTX_set_compliance_policy}; // your include p #[cfg(feature = "mlkem")] pub use generated::{MLKEM768_encap, MLKEM768_private_key_from_seed}; // your include path is incorrect or has a version of boringssl without mlkem support #[cfg(feature = "rpk")] -pub use generated::{SSL_CREDENTIAL_new_raw_public_key, SSL_CREDENTIAL_set1_spki}; // your include path is incorrect or has a version of boringssl without rpk support +pub use generated::SSL_CREDENTIAL_new_raw_public_key; // RPK is now native to BoringSSL pub use generated::*; diff --git a/boring/src/ssl/credential.rs b/boring/src/ssl/credential.rs index df8fb0c30..5f2e492c5 100644 --- a/boring/src/ssl/credential.rs +++ b/boring/src/ssl/credential.rs @@ -29,12 +29,16 @@ foreign_type_and_impl_send_sync! { impl SslCredential { /// Create a credential suitable for a handshake using a raw public key. + /// + /// `pkey` must contain both a private and public key. #[corresponds(SSL_CREDENTIAL_new_raw_public_key)] #[cfg(feature = "rpk")] - pub fn new_raw_public_key() -> Result { + pub fn new_raw_public_key( + pkey: &crate::pkey::PKeyRef, + ) -> Result { unsafe { Ok(SslCredentialBuilder(Self::from_ptr(cvt_p( - ffi::SSL_CREDENTIAL_new_raw_public_key(), + ffi::SSL_CREDENTIAL_new_raw_public_key(pkey.as_ptr()), )?))) } } @@ -172,33 +176,10 @@ impl SslCredentialBuilder { } } - // Sets the SPKI of the raw public key credential. - // - // If `spki` is `None`, the SPKI is extracted from the credential's private key. - #[corresponds(SSL_CREDENTIAL_set1_spki)] - #[cfg(feature = "rpk")] - pub fn set_spki_bytes(&mut self, spki: Option<&[u8]>) -> Result<(), ErrorStack> { - unsafe { - let spki = spki - .map(|spki| { - cvt_p(ffi::CRYPTO_BUFFER_new( - spki.as_ptr(), - spki.len(), - ptr::null_mut(), - )) - }) - .transpose()? - .unwrap_or(ptr::null_mut()); - - let ret = cvt_0i(ffi::SSL_CREDENTIAL_set1_spki(self.0.as_ptr(), spki)).map(|_| ()); - - if !spki.is_null() { - ffi::CRYPTO_BUFFER_free(spki); - } - - ret - } - } + // NOTE: SSL_CREDENTIAL_set1_spki was a Cloudflare-specific addition in the + // old RPK patch. Upstream BoringSSL (as of 4a3cda40b) takes the key directly + // via SSL_CREDENTIAL_new_raw_public_key(EVP_PKEY*). The set_spki_bytes method + // has been removed as part of the BoringSSL submodule bump. #[must_use] pub fn build(self) -> SslCredential { diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs index a4575d0c9..85efe1a1a 100644 --- a/boring/src/ssl/mod.rs +++ b/boring/src/ssl/mod.rs @@ -2072,23 +2072,9 @@ impl SslContextBuilder { } } - /// Sets the list of server certificate types that clients attached to this context - /// can process. - #[corresponds(SSL_CTX_set_server_certificate_types)] - #[cfg(feature = "rpk")] - pub fn set_server_certificate_types( - &mut self, - types: &[CertificateType], - ) -> Result<(), ErrorStack> { - unsafe { - cvt_0i(ffi::SSL_CTX_set_server_certificate_types( - self.as_ptr(), - types.as_ptr() as *const u8, - types.len(), - )) - .map(|_| ()) - } - } + // NOTE: SSL_CTX_set_server_certificate_types was removed as it was a + // Cloudflare-specific patch API. Upstream BoringSSL handles certificate type + // negotiation automatically when raw public key credentials are configured. /// Consumes the builder, returning a new `SslContext`. #[must_use] @@ -2376,26 +2362,7 @@ impl SslContextRef { unsafe { cvt(ffi::SSL_CTX_set1_ech_keys(self.as_ptr(), keys.as_ptr())) } } - /// Returns the list of server certificate types. - #[corresponds(SSL_CTX_get0_server_certificate_types)] - #[cfg(feature = "rpk")] - #[must_use] - pub fn server_certificate_types(&self) -> Option<&[CertificateType]> { - let mut types = ptr::null(); - let mut types_len = 0; - unsafe { - ffi::SSL_CTX_get0_server_certificate_types(self.as_ptr(), &mut types, &mut types_len); - - if types_len == 0 { - return None; - } - - Some(slice::from_raw_parts( - types as *const CertificateType, - types_len, - )) - } - } + // NOTE: SSL_CTX_get0_server_certificate_types was removed (Cloudflare-specific patch API). } /// Error returned by the callback to get a session when operation @@ -3865,12 +3832,12 @@ impl SslRef { unsafe { cvt_0i(ffi::SSL_add1_credential(self.as_ptr(), credential.as_ptr())).map(|_| ()) } } - /// Returns the public key sent by the other peer, `None` if there is no ongoing handshake. - #[corresponds(SSL_get0_peer_pubkey)] + /// Returns the raw public key sent by the other peer, `None` if not available. + #[corresponds(SSL_get0_peer_rpk)] #[cfg(feature = "rpk")] pub fn peer_pubkey(&self) -> Option<&PKeyRef> { unsafe { - let pubkey = ffi::SSL_get0_peer_pubkey(self.as_ptr()); + let pubkey = ffi::SSL_get0_peer_rpk(self.as_ptr()); if pubkey.is_null() { return None; @@ -3880,53 +3847,10 @@ impl SslRef { } } - /// Sets the list of server certificate types that clients attached to this `Ssl` - /// can process. - #[corresponds(SSL_set_server_certificate_types)] - #[cfg(feature = "rpk")] - pub fn set_server_certificate_types( - &mut self, - types: &[CertificateType], - ) -> Result<(), ErrorStack> { - unsafe { - cvt_0i(ffi::SSL_set_server_certificate_types( - self.as_ptr(), - types.as_ptr() as *const u8, - types.len(), - )) - .map(|_| ()) - } - } - - /// Returns the list of server certificate types. - #[corresponds(SSL_get0_server_certificate_types)] - #[must_use] - #[cfg(feature = "rpk")] - pub fn server_certificate_types(&self) -> Option<&[CertificateType]> { - let mut types = ptr::null(); - let mut types_len = 0; - unsafe { - ffi::SSL_get0_server_certificate_types(self.as_ptr(), &mut types, &mut types_len); - - if types_len == 0 { - return None; - } - - Some(slice::from_raw_parts( - types as *const CertificateType, - types_len, - )) - } - } - - /// Returns the server certificate type selected by the server, or `CertificateType::X509` - /// if there is no handshake. - #[corresponds(SSL_get_server_certificate_type_selected)] - #[must_use] - #[cfg(feature = "rpk")] - pub fn selected_server_certificate_type(&self) -> CertificateType { - unsafe { CertificateType(ffi::SSL_get_server_certificate_type_selected(self.as_ptr())) } - } + // NOTE: SSL_set_server_certificate_types, SSL_get0_server_certificate_types, + // and SSL_get_server_certificate_type_selected were Cloudflare-specific patch + // APIs. Upstream BoringSSL handles certificate type negotiation automatically + // when raw public key credentials are configured via SSL_CREDENTIAL_new_raw_public_key. } /// An SSL stream midway through the handshake process. @@ -4477,11 +4401,11 @@ pub struct CertificateType(u8); #[cfg(feature = "rpk")] impl CertificateType { - /// A X.509 certificate. - pub const X509: Self = Self(ffi::TLS_CERTIFICATE_TYPE_X509 as u8); + /// A X.509 certificate (RFC 7250, Section 3). + pub const X509: Self = Self(0); - /// A raw public key. - pub const RAW_PUBLIC_KEY: Self = Self(ffi::TLS_CERTIFICATE_TYPE_RAW_PUBLIC_KEY as u8); + /// A raw public key (RFC 7250, Section 3). + pub const RAW_PUBLIC_KEY: Self = Self(2); } /// The result of a shutdown request. diff --git a/tokio-boring/tests/rpk.rs b/tokio-boring/tests/rpk.rs index b39f9d53c..d674e00ae 100644 --- a/tokio-boring/tests/rpk.rs +++ b/tokio-boring/tests/rpk.rs @@ -2,8 +2,7 @@ use boring::pkey::PKey; use boring::ssl::{ - CertificateType, SslAcceptor, SslAlert, SslConnector, SslCredential, SslMethod, SslVerifyError, - SslVerifyMode, + SslAcceptor, SslAlert, SslConnector, SslCredential, SslMethod, SslVerifyError, SslVerifyMode, }; use futures::future; use std::future::Future; @@ -30,14 +29,10 @@ fn create_server() -> ( let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); let private_key = PKey::private_key_from_pem(&std::fs::read("tests/key.pem").unwrap()).unwrap(); - let spki = std::fs::read("tests/pubkey.der").unwrap(); acceptor .add_credential({ - let mut cred = SslCredential::new_raw_public_key().unwrap(); - - cred.set_private_key(&private_key).unwrap(); - cred.set_spki_bytes(Some(&spki)).unwrap(); + let cred = SslCredential::new_raw_public_key(&private_key).unwrap(); &cred.build() }) @@ -62,9 +57,8 @@ async fn connect( let spki = PKey::public_key_from_der(&std::fs::read(spki_path).unwrap()).unwrap(); let is_ok_cell = Arc::clone(is_ok_cell); - connector - .set_server_certificate_types(&[CertificateType::RAW_PUBLIC_KEY]) - .unwrap(); + // Upstream BoringSSL negotiates certificate types automatically when RPK + // credentials are configured. No explicit set_server_certificate_types needed. connector.set_custom_verify_callback(SslVerifyMode::PEER, move |ssl| { let public_key = ssl