diff options
author | Pete Bentley <prb@google.com> | 2019-08-08 12:52:37 +0100 |
---|---|---|
committer | Pete Bentley <prb@google.com> | 2019-08-08 14:43:20 +0100 |
commit | f8d8b73da16aa9f2fdda401a46b4f86a83016712 (patch) | |
tree | 3725c3e206175c177a448c50d41ad2c2589a07fa /src/include | |
parent | cb6fdd2c554b117ce1100249a0f8a91519782c12 (diff) | |
download | boringssl-f8d8b73da16aa9f2fdda401a46b4f86a83016712.tar.gz |
external/boringssl: Sync to 81080a729af568f7b5fde92b9170cc17065027c9.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/c9827e073f64e353c4891ecc2c73721882543ee0..81080a729af568f7b5fde92b9170cc17065027c9
Bug: 134581881
Test: atest CtsLibcoreTestCases
Test: atest CtsLibcoreOkHttpTestCases
Change-Id: Id3a510c9724554a28b6514b892bd15dde305855c
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/openssl/aes.h | 27 | ||||
-rw-r--r-- | src/include/openssl/base.h | 18 | ||||
-rw-r--r-- | src/include/openssl/cpu.h | 2 | ||||
-rw-r--r-- | src/include/openssl/digest.h | 5 | ||||
-rw-r--r-- | src/include/openssl/dsa.h | 1 | ||||
-rw-r--r-- | src/include/openssl/engine.h | 4 | ||||
-rw-r--r-- | src/include/openssl/evp.h | 74 | ||||
-rw-r--r-- | src/include/openssl/nid.h | 3 | ||||
-rw-r--r-- | src/include/openssl/pkcs8.h | 8 | ||||
-rw-r--r-- | src/include/openssl/siphash.h | 37 | ||||
-rw-r--r-- | src/include/openssl/ssl.h | 105 | ||||
-rw-r--r-- | src/include/openssl/tls1.h | 9 | ||||
-rw-r--r-- | src/include/openssl/x509_vfy.h | 2 | ||||
-rw-r--r-- | src/include/openssl/x509v3.h | 6 |
14 files changed, 255 insertions, 46 deletions
diff --git a/src/include/openssl/aes.h b/src/include/openssl/aes.h index 3606bfc4..e5606253 100644 --- a/src/include/openssl/aes.h +++ b/src/include/openssl/aes.h @@ -6,7 +6,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -163,6 +163,31 @@ OPENSSL_EXPORT int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv, size_t in_len); +// AES key wrap with padding. +// +// These functions implement AES Key Wrap with Padding mode, as defined in RFC +// 5649. They should never be used except to interoperate with existing systems +// that use this mode. + +// AES_wrap_key_padded performs a padded AES key wrap on |in| which must be +// between 1 and 2^32-1 bytes. |key| must have been configured for encryption. +// On success it writes at most |max_out| bytes of ciphertext to |out|, sets +// |*out_len| to the number of bytes written, and returns one. On failure it +// returns zero. To ensure success, set |max_out| to at least |in_len| + 15. +OPENSSL_EXPORT int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, + size_t *out_len, size_t max_out, + const uint8_t *in, size_t in_len); + +// AES_unwrap_key_padded performs a padded AES key unwrap on |in| which must be +// a multiple of 8 bytes. |key| must have been configured for decryption. On +// success it writes at most |max_out| bytes to |out|, sets |*out_len| to the +// number of bytes written, and returns one. On failure it returns zero. Setting +// |max_out| to |in_len| is a sensible estimate. +OPENSSL_EXPORT int AES_unwrap_key_padded(const AES_KEY *key, uint8_t *out, + size_t *out_len, size_t max_out, + const uint8_t *in, size_t in_len); + + #if defined(__cplusplus) } // extern C #endif diff --git a/src/include/openssl/base.h b/src/include/openssl/base.h index 7fe232f3..cb1affac 100644 --- a/src/include/openssl/base.h +++ b/src/include/openssl/base.h @@ -291,6 +291,24 @@ extern "C" { #endif #endif // OPENSSL_ASM_INCOMPATIBLE +#if defined(__cplusplus) +// enums can be predeclared, but only in C++ and only if given an explicit type. +// C doesn't support setting an explicit type for enums thus a #define is used +// to do this only for C++. However, the ABI type between C and C++ need to have +// equal sizes, which is confirmed in a unittest. +#define BORINGSSL_ENUM_INT : int +enum ssl_early_data_reason_t BORINGSSL_ENUM_INT; +enum ssl_encryption_level_t BORINGSSL_ENUM_INT; +enum ssl_private_key_result_t BORINGSSL_ENUM_INT; +enum ssl_renegotiate_mode_t BORINGSSL_ENUM_INT; +enum ssl_select_cert_result_t BORINGSSL_ENUM_INT; +enum ssl_select_cert_result_t BORINGSSL_ENUM_INT; +enum ssl_ticket_aead_result_t BORINGSSL_ENUM_INT; +enum ssl_verify_result_t BORINGSSL_ENUM_INT; +#else +#define BORINGSSL_ENUM_INT +#endif + // CRYPTO_THREADID is a dummy value. typedef int CRYPTO_THREADID; diff --git a/src/include/openssl/cpu.h b/src/include/openssl/cpu.h index ad5fc949..eb36a57e 100644 --- a/src/include/openssl/cpu.h +++ b/src/include/openssl/cpu.h @@ -93,7 +93,7 @@ extern "C" { // bits in XCR0, so it is not necessary to check those. extern uint32_t OPENSSL_ia32cap_P[4]; -#if defined(BORINGSSL_FIPS) +#if defined(BORINGSSL_FIPS) && !defined(BORINGSSL_SHARED_LIBRARY) const uint32_t *OPENSSL_ia32cap_get(void); #else OPENSSL_INLINE const uint32_t *OPENSSL_ia32cap_get(void) { diff --git a/src/include/openssl/digest.h b/src/include/openssl/digest.h index 1a1ca297..c7c67976 100644 --- a/src/include/openssl/digest.h +++ b/src/include/openssl/digest.h @@ -269,6 +269,11 @@ OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_create(void); // EVP_MD_CTX_destroy calls |EVP_MD_CTX_free|. OPENSSL_EXPORT void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +// EVP_DigestFinalXOF returns zero and adds an error to the error queue. +// BoringSSL does not support any XOF digests. +OPENSSL_EXPORT int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, uint8_t *out, + size_t len); + struct evp_md_pctx_ops; diff --git a/src/include/openssl/dsa.h b/src/include/openssl/dsa.h index bed93c5d..8e3b9b3c 100644 --- a/src/include/openssl/dsa.h +++ b/src/include/openssl/dsa.h @@ -436,5 +436,6 @@ BSSL_NAMESPACE_END #define DSA_R_BAD_VERSION 104 #define DSA_R_DECODE_ERROR 105 #define DSA_R_ENCODE_ERROR 106 +#define DSA_R_INVALID_PARAMETERS 107 #endif // OPENSSL_HEADER_DSA_H diff --git a/src/include/openssl/engine.h b/src/include/openssl/engine.h index 9d459527..ce60de46 100644 --- a/src/include/openssl/engine.h +++ b/src/include/openssl/engine.h @@ -40,8 +40,8 @@ extern "C" { OPENSSL_EXPORT ENGINE *ENGINE_new(void); // ENGINE_free decrements the reference counts for all methods linked from -// |engine| and frees |engine| itself. -OPENSSL_EXPORT void ENGINE_free(ENGINE *engine); +// |engine| and frees |engine| itself. It returns one. +OPENSSL_EXPORT int ENGINE_free(ENGINE *engine); // Method accessors. diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h index c4469841..999e19d8 100644 --- a/src/include/openssl/evp.h +++ b/src/include/openssl/evp.h @@ -170,22 +170,13 @@ OPENSSL_EXPORT int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); OPENSSL_EXPORT EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey); -// EVP_PKEY_new_ed25519_public returns a newly allocated |EVP_PKEY| wrapping an -// Ed25519 public key, or NULL on allocation error. -OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_ed25519_public( - const uint8_t public_key[32]); - -// EVP_PKEY_new_ed25519_private returns a newly allocated |EVP_PKEY| wrapping an -// Ed25519 private key, or NULL on allocation error. -OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_ed25519_private( - const uint8_t private_key[64]); - #define EVP_PKEY_NONE NID_undef #define EVP_PKEY_RSA NID_rsaEncryption #define EVP_PKEY_RSA_PSS NID_rsassaPss #define EVP_PKEY_DSA NID_dsa #define EVP_PKEY_EC NID_X9_62_id_ecPublicKey #define EVP_PKEY_ED25519 NID_ED25519 +#define EVP_PKEY_X25519 NID_X25519 // EVP_PKEY_assign sets the underlying key of |pkey| to |key|, which must be of // the given type. It returns one if successful or zero if the |type| argument @@ -241,6 +232,48 @@ OPENSSL_EXPORT EVP_PKEY *EVP_parse_private_key(CBS *cbs); OPENSSL_EXPORT int EVP_marshal_private_key(CBB *cbb, const EVP_PKEY *key); +// Raw keys +// +// Some keys types support a "raw" serialization. Currently the only supported +// raw format is Ed25519, where the public key and private key formats are those +// specified in RFC 8032. Note the RFC 8032 private key format is the 32-byte +// prefix of |ED25519_sign|'s 64-byte private key. + +// EVP_PKEY_new_raw_private_key returns a newly allocated |EVP_PKEY| wrapping a +// private key of the specified type. It returns one on success and zero on +// error. +OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *unused, + const uint8_t *in, + size_t len); + +// EVP_PKEY_new_raw_public_key returns a newly allocated |EVP_PKEY| wrapping a +// public key of the specified type. It returns one on success and zero on +// error. +OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *unused, + const uint8_t *in, + size_t len); + +// EVP_PKEY_get_raw_private_key outputs the private key for |pkey| in raw form. +// If |out| is NULL, it sets |*out_len| to the size of the raw private key. +// Otherwise, it writes at most |*out_len| bytes to |out| and sets |*out_len| to +// the number of bytes written. +// +// It returns one on success and zero if |pkey| has no private key, the key +// type does not support a raw format, or the buffer is too small. +OPENSSL_EXPORT int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, + uint8_t *out, size_t *out_len); + +// EVP_PKEY_get_raw_public_key outputs the public key for |pkey| in raw form. +// If |out| is NULL, it sets |*out_len| to the size of the raw public key. +// Otherwise, it writes at most |*out_len| bytes to |out| and sets |*out_len| to +// the number of bytes written. +// +// It returns one on success and zero if |pkey| has no public key, the key +// type does not support a raw format, or the buffer is too small. +OPENSSL_EXPORT int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, + uint8_t *out, size_t *out_len); + + // Signing // EVP_DigestSignInit sets up |ctx| for a signing operation with |type| and @@ -874,6 +907,26 @@ OPENSSL_EXPORT DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey); OPENSSL_EXPORT int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int encoding); +// EVP_PKEY_set1_tls_encodedpoint replaces |pkey| with a public key encoded by +// |in|. It returns one on success and zero on error. +// +// This function only works on X25519 keys. +OPENSSL_EXPORT int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const uint8_t *in, + size_t len); + +// EVP_PKEY_get1_tls_encodedpoint sets |*out_ptr| to a newly-allocated buffer +// containing the raw encoded public key for |pkey|. The caller must call +// |OPENSSL_free| to release this buffer. The function returns the length of the +// buffer on success and zero on error. +// +// This function only works on X25519 keys. +OPENSSL_EXPORT size_t EVP_PKEY_get1_tls_encodedpoint(const EVP_PKEY *pkey, + uint8_t **out_ptr); + +// EVP_PKEY_base_id calls |EVP_PKEY_id|. +OPENSSL_EXPORT int EVP_PKEY_base_id(const EVP_PKEY *pkey); + // Preprocessor compatibility section (hidden). // @@ -962,5 +1015,6 @@ BSSL_NAMESPACE_END #define EVP_R_INVALID_SIGNATURE 131 #define EVP_R_MEMORY_LIMIT_EXCEEDED 132 #define EVP_R_INVALID_PARAMETERS 133 +#define EVP_R_INVALID_PEER_KEY 134 #endif // OPENSSL_HEADER_EVP_H diff --git a/src/include/openssl/nid.h b/src/include/openssl/nid.h index 270d443a..cea975a3 100644 --- a/src/include/openssl/nid.h +++ b/src/include/openssl/nid.h @@ -4237,6 +4237,9 @@ extern "C" { #define SN_CECPQ2 "CECPQ2" #define NID_CECPQ2 959 +#define SN_CECPQ2b "CECPQ2b" +#define NID_CECPQ2b 960 + #if defined(__cplusplus) } /* extern C */ diff --git a/src/include/openssl/pkcs8.h b/src/include/openssl/pkcs8.h index ee48f194..385b9950 100644 --- a/src/include/openssl/pkcs8.h +++ b/src/include/openssl/pkcs8.h @@ -168,12 +168,18 @@ OPENSSL_EXPORT int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12); // PKCS12_parse calls |PKCS12_get_key_and_certs| on the ASN.1 data stored in // |p12|. The |out_pkey| and |out_cert| arguments must not be NULL and, on -// successful exit, the private key and first certificate will be stored in +// successful exit, the private key and matching certificate will be stored in // them. The |out_ca_certs| argument may be NULL but, if not, then any extra // certificates will be appended to |*out_ca_certs|. If |*out_ca_certs| is NULL // then it will be set to a freshly allocated stack containing the extra certs. // +// Note if |p12| does not contain a private key, both |*out_pkey| and +// |*out_cert| will be set to NULL and all certificates will be returned via +// |*out_ca_certs|. +// // It returns one on success and zero on error. +// +// Use |PKCS12_get_key_and_certs| instead. OPENSSL_EXPORT int PKCS12_parse(const PKCS12 *p12, const char *password, EVP_PKEY **out_pkey, X509 **out_cert, STACK_OF(X509) **out_ca_certs); diff --git a/src/include/openssl/siphash.h b/src/include/openssl/siphash.h new file mode 100644 index 00000000..fe08aa72 --- /dev/null +++ b/src/include/openssl/siphash.h @@ -0,0 +1,37 @@ +/* Copyright (c) 2019, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_SIPHASH_H +#define OPENSSL_HEADER_SIPHASH_H + +#include <openssl/base.h> + +#if defined(__cplusplus) +extern "C" { +#endif + + +// SipHash is a fast, secure PRF that is often used for hash tables. + + +// SIPHASH_24 implements SipHash-2-4. See https://131002.net/siphash/siphash.pdf +OPENSSL_EXPORT uint64_t SIPHASH_24(const uint64_t key[2], const uint8_t *input, + size_t input_len); + + +#if defined(__cplusplus) +} // extern C +#endif + +#endif // OPENSSL_HEADER_SIPHASH_H diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index 4240c29a..3d2bc07e 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -1160,7 +1160,7 @@ OPENSSL_EXPORT void *SSL_CTX_get_default_passwd_cb_userdata(const SSL_CTX *ctx); // Custom private keys. -enum ssl_private_key_result_t { +enum ssl_private_key_result_t BORINGSSL_ENUM_INT { ssl_private_key_success, ssl_private_key_retry, ssl_private_key_failure, @@ -1296,7 +1296,8 @@ OPENSSL_EXPORT uint16_t SSL_CIPHER_get_max_version(const SSL_CIPHER *cipher); OPENSSL_EXPORT const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); // SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. For example, -// "ECDHE-RSA-AES128-GCM-SHA256". +// "ECDHE-RSA-AES128-GCM-SHA256". Callers are recommended to use +// |SSL_CIPHER_standard_name| instead. OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); // SSL_CIPHER_get_kx_name returns a string that describes the key-exchange @@ -1399,7 +1400,7 @@ OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, // based on client preferences. An equal-preference is specified with square // brackets, combining multiple selectors separated by |. For example: // -// [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256] +// [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] // // Once an equal-preference group is used, future directives must be // opcode-less. Inside an equal-preference group, spaces are not allowed. @@ -2039,13 +2040,13 @@ OPENSSL_EXPORT SSL_SESSION *SSL_magic_pending_session_ptr(void); // On the client, ticket-based sessions use the same APIs as ID-based tickets. // Callers do not need to handle them differently. // -// On the server, tickets are encrypted and authenticated with a secret key. By -// default, an |SSL_CTX| generates a key on creation and uses it for the -// lifetime of the |SSL_CTX|. Tickets are minted and processed -// transparently. The following functions may be used to configure a persistent -// key or implement more custom behavior, including key rotation and sharing -// keys between multiple servers in a large deployment. There are three levels -// of customisation possible: +// On the server, tickets are encrypted and authenticated with a secret key. +// By default, an |SSL_CTX| will manage session ticket encryption keys by +// generating them internally and rotating every 48 hours. Tickets are minted +// and processed transparently. The following functions may be used to configure +// a persistent key or implement more custom behavior, including key rotation +// and sharing keys between multiple servers in a large deployment. There are +// three levels of customisation possible: // // 1) One can simply set the keys with |SSL_CTX_set_tlsext_ticket_keys|. // 2) One can configure an |EVP_CIPHER_CTX| and |HMAC_CTX| directly for @@ -2111,7 +2112,7 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( // ssl_ticket_aead_result_t enumerates the possible results from decrypting a // ticket with an |SSL_TICKET_AEAD_METHOD|. -enum ssl_ticket_aead_result_t { +enum ssl_ticket_aead_result_t BORINGSSL_ENUM_INT { // ssl_ticket_aead_success indicates that the ticket was successfully // decrypted. ssl_ticket_aead_success, @@ -2206,6 +2207,7 @@ OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); #define SSL_CURVE_SECP521R1 25 #define SSL_CURVE_X25519 29 #define SSL_CURVE_CECPQ2 16696 +#define SSL_CURVE_CECPQ2b 65074 // SSL_get_curve_id returns the ID of the curve used by |ssl|'s most recently // completed handshake or 0 if not applicable. @@ -2285,7 +2287,7 @@ OPENSSL_EXPORT void SSL_set_verify(SSL *ssl, int mode, int (*callback)(int ok, X509_STORE_CTX *store_ctx)); -enum ssl_verify_result_t { +enum ssl_verify_result_t BORINGSSL_ENUM_INT { ssl_verify_ok, ssl_verify_invalid, ssl_verify_retry, @@ -3033,6 +3035,19 @@ OPENSSL_EXPORT const char *SSL_get_psk_identity_hint(const SSL *ssl); OPENSSL_EXPORT const char *SSL_get_psk_identity(const SSL *ssl); +// Post-quantum experiment signaling extension. +// +// *** EXPERIMENTAL *** +// +// In order to define a control group in an experiment of post-quantum key +// agreements, clients and servers may send a non-IANA defined extension as a +// signaling bit. These functions should not be used without explicit permission +// from BoringSSL-team. + +OPENSSL_EXPORT void SSL_CTX_enable_pq_experiment_signal(SSL_CTX *ctx); +OPENSSL_EXPORT int SSL_pq_experiment_signal_seen(const SSL *ssl); + + // QUIC transport parameters. // // draft-ietf-quic-tls defines a new TLS extension quic_transport_parameters @@ -3099,6 +3114,10 @@ OPENSSL_EXPORT int SSL_set1_delegated_credential( SSL *ssl, CRYPTO_BUFFER *dc, EVP_PKEY *pkey, const SSL_PRIVATE_KEY_METHOD *key_method); +// SSL_delegated_credential_used returns one if a delegated credential was used +// and zero otherwise. +OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl); + // QUIC integration. // @@ -3135,7 +3154,7 @@ OPENSSL_EXPORT int SSL_set1_delegated_credential( // ssl_encryption_level_t represents a specific QUIC encryption level used to // transmit handshake messages. -enum ssl_encryption_level_t { +enum ssl_encryption_level_t BORINGSSL_ENUM_INT { ssl_encryption_initial = 0, ssl_encryption_early_data, ssl_encryption_handshake, @@ -3291,6 +3310,10 @@ OPENSSL_EXPORT void SSL_set_early_data_enabled(SSL *ssl, int enabled); // and |SSL_write| to send half-RTT data. OPENSSL_EXPORT int SSL_in_early_data(const SSL *ssl); +// SSL_SESSION_early_data_capable returns whether early data would have been +// attempted with |session| if enabled. +OPENSSL_EXPORT int SSL_SESSION_early_data_capable(const SSL_SESSION *session); + // SSL_early_data_accepted returns whether early data was accepted on the // handshake performed by |ssl|. OPENSSL_EXPORT int SSL_early_data_accepted(const SSL *ssl); @@ -3304,12 +3327,45 @@ OPENSSL_EXPORT int SSL_early_data_accepted(const SSL *ssl); // |SSL_ERROR_EARLY_DATA_REJECTED|. OPENSSL_EXPORT void SSL_reset_early_data_reject(SSL *ssl); -// SSL_export_early_keying_material behaves like |SSL_export_keying_material|, -// but it uses the early exporter. The operation will fail if |ssl| did not -// negotiate TLS 1.3 or 0-RTT. -OPENSSL_EXPORT int SSL_export_early_keying_material( - SSL *ssl, uint8_t *out, size_t out_len, const char *label, size_t label_len, - const uint8_t *context, size_t context_len); +// SSL_get_ticket_age_skew returns the difference, in seconds, between the +// client-sent ticket age and the server-computed value in TLS 1.3 server +// connections which resumed a session. +OPENSSL_EXPORT int32_t SSL_get_ticket_age_skew(const SSL *ssl); + +enum ssl_early_data_reason_t BORINGSSL_ENUM_INT { + // The handshake has not progressed far enough for the 0-RTT status to be + // known. + ssl_early_data_unknown, + // 0-RTT is disabled for this connection. + ssl_early_data_disabled, + // 0-RTT was accepted. + ssl_early_data_accepted, + // The negotiated protocol version does not support 0-RTT. + ssl_early_data_protocol_version, + // The peer declined to offer or accept 0-RTT for an unknown reason. + ssl_early_data_peer_declined, + // The client did not offer a session. + ssl_early_data_no_session_offered, + // The server declined to resume the session. + ssl_early_data_session_not_resumed, + // The session does not support 0-RTT. + ssl_early_data_unsupported_for_session, + // The server sent a HelloRetryRequest. + ssl_early_data_hello_retry_request, + // The negotiated ALPN protocol did not match the session. + ssl_early_data_alpn_mismatch, + // The connection negotiated Channel ID, which is incompatible with 0-RTT. + ssl_early_data_channel_id, + // The connection negotiated token binding, which is incompatible with 0-RTT. + ssl_early_data_token_binding, + // The client and server ticket age were too far apart. + ssl_early_data_ticket_age_skew, +}; + +// SSL_get_early_data_reason returns details why 0-RTT was accepted or rejected +// on |ssl|. This is primarily useful on the server. +OPENSSL_EXPORT enum ssl_early_data_reason_t SSL_get_early_data_reason( + const SSL *ssl); // Alerts. @@ -3522,7 +3578,7 @@ OPENSSL_EXPORT void SSL_CTX_set_current_time_cb( // such as HTTP/1.1, and not others, such as HTTP/2. OPENSSL_EXPORT void SSL_set_shed_handshake_config(SSL *ssl, int enable); -enum ssl_renegotiate_mode_t { +enum ssl_renegotiate_mode_t BORINGSSL_ENUM_INT { ssl_renegotiate_never = 0, ssl_renegotiate_once, ssl_renegotiate_freely, @@ -3620,7 +3676,7 @@ typedef struct ssl_early_callback_ctx { // ssl_select_cert_result_t enumerates the possible results from selecting a // certificate with |select_certificate_cb|. -enum ssl_select_cert_result_t { +enum ssl_select_cert_result_t BORINGSSL_ENUM_INT { // ssl_select_cert_success indicates that the certificate selection was // successful. ssl_select_cert_success = 1, @@ -3651,6 +3707,8 @@ OPENSSL_EXPORT int SSL_early_callback_ctx_extension_get( // high-level operation on |ssl| to be retried at a later time, which will // result in another call to |cb|. // +// |SSL_get_servername| may be used during this callback. +// // Note: The |SSL_CLIENT_HELLO| is only valid for the duration of the callback // and is not valid while the handshake is paused. OPENSSL_EXPORT void SSL_CTX_set_select_certificate_cb( @@ -3815,11 +3873,6 @@ OPENSSL_EXPORT void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled); // record with |ssl|. OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl); -// SSL_get_ticket_age_skew returns the difference, in seconds, between the -// client-sent ticket age and the server-computed value in TLS 1.3 server -// connections which resumed a session. -OPENSSL_EXPORT int32_t SSL_get_ticket_age_skew(const SSL *ssl); - // SSL_CTX_set_false_start_allowed_without_alpn configures whether connections // on |ctx| may use False Start (if |SSL_MODE_ENABLE_FALSE_START| is enabled) // without negotiating ALPN. diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h index 384d102b..e3209b6f 100644 --- a/src/include/openssl/tls1.h +++ b/src/include/openssl/tls1.h @@ -244,6 +244,9 @@ extern "C" { // This is not an IANA defined extension number #define TLSEXT_TYPE_channel_id 30032 +// This is not an IANA defined extension number +#define TLSEXT_TYPE_pq_experiment_signal 54538 + // status request value from RFC 3546 #define TLSEXT_STATUSTYPE_nothing (-1) #define TLSEXT_STATUSTYPE_ocsp 1 @@ -608,9 +611,9 @@ extern "C" { "ECDHE-PSK-CHACHA20-POLY1305" // TLS 1.3 ciphersuites from RFC 8446. -#define TLS1_TXT_AES_128_GCM_SHA256 "AEAD-AES128-GCM-SHA256" -#define TLS1_TXT_AES_256_GCM_SHA384 "AEAD-AES256-GCM-SHA384" -#define TLS1_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256" +#define TLS1_TXT_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +#define TLS1_TXT_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +#define TLS1_TXT_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" #define TLS_CT_RSA_SIGN 1 diff --git a/src/include/openssl/x509_vfy.h b/src/include/openssl/x509_vfy.h index 86aa5469..f2623349 100644 --- a/src/include/openssl/x509_vfy.h +++ b/src/include/openssl/x509_vfy.h @@ -370,6 +370,8 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Issuer lookup error */ #define X509_V_ERR_STORE_LOOKUP 66 +#define X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS 67 + /* Certificate verify flags */ /* Send issuer+subject checks to verify_cb */ diff --git a/src/include/openssl/x509v3.h b/src/include/openssl/x509v3.h index d2d39f8e..b5db7157 100644 --- a/src/include/openssl/x509v3.h +++ b/src/include/openssl/x509v3.h @@ -703,8 +703,8 @@ OPENSSL_EXPORT void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); /* Flags for X509_check_* functions */ -/* Always check subject name for host match even if subject alt names present */ -#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Deprecated: this flag does nothing */ +#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0 /* Disable wildcard matching for dnsName fields and common name. */ #define X509_CHECK_FLAG_NO_WILDCARDS 0x2 /* Wildcards must not match a partial label. */ @@ -713,6 +713,8 @@ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); #define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 /* Constraint verifier subdomain patterns to match a single labels. */ #define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Skip the subject common name fallback if subjectAltNames is missing. */ +#define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 /* * Match reference identifiers starting with "." to any sub-domain. * This is a non-public flag, turned on implicitly when the subject |