diff --git a/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch b/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch index 7a54fe5c..aa0934be 100644 --- a/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch +++ b/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch @@ -4176,20 +4176,23 @@ index 4dd8841b1..23ffcd446 100644 #if defined(__cplusplus) } /* extern C */ diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h -index 53aa9b453..2a571c0e6 100644 +index 53aa9b453..eebfb7c8a 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h -@@ -718,6 +718,9 @@ OPENSSL_EXPORT int SSL_version(const SSL *ssl); +@@ -718,6 +718,12 @@ OPENSSL_EXPORT int SSL_version(const SSL *ssl); #define SSL_OP_NO_DTLSv1 SSL_OP_NO_TLSv1 #define SSL_OP_NO_DTLSv1_2 SSL_OP_NO_TLSv1_2 +// SSL_OP_NO_PSK_DHE_KE disables PSK-DHE-KE. +#define SSL_OP_NO_PSK_DHE_KE 0x40000000L ++ ++// SSL_OP_NO_RENEGOTIATION disables renegotiation. This is not recommended. ++#define SSL_OP_NO_RENEGOTIATION 0x80000000L + // SSL_CTX_set_options enables all options set in |options| (which should be one // or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a // bitmask representing the resulting enabled options. -@@ -2378,6 +2381,13 @@ OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); +@@ -2378,6 +2384,13 @@ OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); #define SSL_CURVE_SECP521R1 25 #define SSL_CURVE_X25519 29 #define SSL_CURVE_X25519_KYBER768_DRAFT00 0x6399 @@ -4203,7 +4206,7 @@ index 53aa9b453..2a571c0e6 100644 // SSL_get_curve_id returns the ID of the curve used by |ssl|'s most recently // completed handshake or 0 if not applicable. -@@ -4570,6 +4580,27 @@ OPENSSL_EXPORT void SSL_CTX_set_permute_extensions(SSL_CTX *ctx, int enabled); +@@ -4570,6 +4583,27 @@ OPENSSL_EXPORT void SSL_CTX_set_permute_extensions(SSL_CTX *ctx, int enabled); // permute extensions. For now, this is only implemented for the ClientHello. OPENSSL_EXPORT void SSL_set_permute_extensions(SSL *ssl, int enabled); @@ -4231,7 +4234,7 @@ index 53aa9b453..2a571c0e6 100644 // SSL_max_seal_overhead returns the maximum overhead, in bytes, of sealing a // record with |ssl|. OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl); -@@ -4874,6 +4905,10 @@ OPENSSL_EXPORT int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); +@@ -4874,6 +4908,10 @@ OPENSSL_EXPORT int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); // more convenient to codesearch for specific algorithm values. OPENSSL_EXPORT int SSL_set1_sigalgs_list(SSL *ssl, const char *str); @@ -4242,6 +4245,14 @@ index 53aa9b453..2a571c0e6 100644 #define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)(arg))) #define SSL_get_app_data(s) (SSL_get_ex_data(s, 0)) #define SSL_SESSION_set_app_data(s, a) \ +@@ -4926,7 +4964,6 @@ DEFINE_STACK_OF(SSL_COMP) + #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0 + #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0 + #define SSL_OP_NO_COMPRESSION 0 +-#define SSL_OP_NO_RENEGOTIATION 0 // ssl_renegotiate_never is the default + #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0 + #define SSL_OP_NO_SSLv2 0 + #define SSL_OP_NO_SSLv3 0 diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h index 772fb87a3..511793068 100644 --- a/src/include/openssl/tls1.h @@ -4277,7 +4288,7 @@ index 5c7e881bf..3c0770cf3 100644 crypto/pkcs8/test/no_encryption.p12 crypto/pkcs8/test/nss.p12 diff --git a/src/ssl/extensions.cc b/src/ssl/extensions.cc -index 5ee280221..a291e38d4 100644 +index 5ee280221..3eba40c13 100644 --- a/src/ssl/extensions.cc +++ b/src/ssl/extensions.cc @@ -207,6 +207,10 @@ static bool tls1_check_duplicate_extensions(const CBS *cbs) { @@ -4291,7 +4302,17 @@ index 5ee280221..a291e38d4 100644 return true; default: return false; -@@ -2125,7 +2129,7 @@ bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { +@@ -752,7 +756,8 @@ static bool ext_ri_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out, + const SSL *const ssl = hs->ssl; + // Renegotiation indication is not necessary in TLS 1.3. + if (hs->min_version >= TLS1_3_VERSION || +- type == ssl_client_hello_inner) { ++ type == ssl_client_hello_inner || ++ (SSL_get_options(hs->ssl) & SSL_OP_NO_RENEGOTIATION)) { + return true; + } + +@@ -2125,7 +2130,7 @@ bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { static bool ext_psk_key_exchange_modes_add_clienthello( const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { @@ -4300,7 +4321,7 @@ index 5ee280221..a291e38d4 100644 return true; } -@@ -2273,7 +2277,15 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { +@@ -2273,7 +2278,15 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { SSL *const ssl = hs->ssl; hs->key_shares[0].reset(); hs->key_shares[1].reset(); @@ -4316,7 +4337,7 @@ index 5ee280221..a291e38d4 100644 if (hs->max_version < TLS1_3_VERSION) { return true; -@@ -2295,6 +2307,8 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { +@@ -2295,6 +2308,8 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { uint16_t group_id = override_group_id; uint16_t second_group_id = 0; @@ -4325,7 +4346,7 @@ index 5ee280221..a291e38d4 100644 if (override_group_id == 0) { // Predict the most preferred group. Span groups = tls1_get_grouplist(hs); -@@ -2305,16 +2319,18 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { +@@ -2305,16 +2320,18 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { group_id = groups[0]; @@ -4349,7 +4370,7 @@ index 5ee280221..a291e38d4 100644 CBB key_exchange; hs->key_shares[0] = SSLKeyShare::Create(group_id); if (!hs->key_shares[0] || // -@@ -2334,6 +2350,16 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { +@@ -2334,6 +2351,16 @@ bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) { } } @@ -4366,7 +4387,7 @@ index 5ee280221..a291e38d4 100644 return CBBFinishArray(cbb.get(), &hs->key_share_bytes); } -@@ -2808,9 +2834,30 @@ static bool ext_quic_transport_params_add_serverhello_legacy(SSL_HANDSHAKE *hs, +@@ -2808,9 +2835,30 @@ static bool ext_quic_transport_params_add_serverhello_legacy(SSL_HANDSHAKE *hs, static bool ext_delegated_credential_add_clienthello( const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible, ssl_client_hello_type_t type) { @@ -4397,7 +4418,7 @@ index 5ee280221..a291e38d4 100644 static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { -@@ -3094,6 +3141,39 @@ bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert, +@@ -3094,6 +3142,39 @@ bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert, return true; } @@ -4437,7 +4458,7 @@ index 5ee280221..a291e38d4 100644 // kExtensions contains all the supported extensions. static const struct tls_extension kExtensions[] = { { -@@ -3267,6 +3347,13 @@ static const struct tls_extension kExtensions[] = { +@@ -3267,6 +3348,13 @@ static const struct tls_extension kExtensions[] = { ignore_parse_clienthello, ext_alps_add_serverhello, }, @@ -4451,7 +4472,7 @@ index 5ee280221..a291e38d4 100644 }; #define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension)) -@@ -3280,6 +3367,12 @@ static_assert(kNumExtensions <= +@@ -3280,6 +3368,12 @@ static_assert(kNumExtensions <= bool ssl_setup_extension_permutation(SSL_HANDSHAKE *hs) { if (!hs->config->permute_extensions) { @@ -4464,7 +4485,7 @@ index 5ee280221..a291e38d4 100644 return true; } -@@ -3357,10 +3450,16 @@ static bool ssl_add_clienthello_tlsext_inner(SSL_HANDSHAKE *hs, CBB *out, +@@ -3357,10 +3451,16 @@ static bool ssl_add_clienthello_tlsext_inner(SSL_HANDSHAKE *hs, CBB *out, } } @@ -4482,7 +4503,7 @@ index 5ee280221..a291e38d4 100644 const size_t len_before = CBB_len(&extensions); const size_t len_compressed_before = CBB_len(compressed.get()); if (!kExtensions[i].add_clienthello(hs, &extensions, compressed.get(), -@@ -3466,10 +3565,16 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded, +@@ -3466,10 +3566,16 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded, } bool last_was_empty = false;