--- google_boringssl/ssl/ssl_lib.cc 2021-02-03 18:29:04.000000000 -0800 +++ boringssl/ssl/ssl_lib.cc 2021-02-03 20:24:49.000000000 -0800 @@ -137,6 +137,25 @@ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ +/* ==================================================================== + * Copyright 2020 Apple Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the “Software”), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom + * the Software is furnished to do so, subject to the following conditions: + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ #include @@ -712,6 +731,11 @@ ssl->config->handoff = ctx->handoff; ssl->quic_method = ctx->quic_method; + ssl->config->server_certificate_type_list.CopyFrom( + ctx->server_certificate_type_list); + ssl->config->server_raw_public_key_certificate.CopyFrom( + ctx->server_raw_public_key_certificate); + if (!ssl->method->ssl_new(ssl.get()) || !ssl->ctx->x509_method->ssl_new(ssl->s3->hs.get())) { return nullptr; @@ -3124,5 +3148,52 @@ ctx->legacy_ocsp_callback_arg = arg; return 1; } + +int SSL_CTX_set_server_raw_public_key_certificate(SSL_CTX *ctx, + const uint8_t *raw_public_key, unsigned raw_public_key_len) { + if (!ctx->server_raw_public_key_certificate.CopyFrom( + MakeConstSpan(raw_public_key, raw_public_key_len))) { + return 0; /* Failure */ + } + + if (!ctx->server_certificate_type_list.Init(1)) { + return 0; + } + ctx->server_certificate_type_list[0] = TLSEXT_CERTIFICATETYPE_RAW_PUBLIC_KEY; + + return 1; /* Success */ +} + +int SSL_CTX_has_server_raw_public_key_certificate(SSL_CTX *ctx) { + return !ctx->server_raw_public_key_certificate.empty(); +} + +int SSL_set_server_raw_public_key_certificate(SSL *ssl, + const uint8_t *raw_public_key, unsigned raw_public_key_len) { + if (!ssl->config) { + return 0; /* Failure */ + } + + if (!ssl->config->server_raw_public_key_certificate.CopyFrom( + MakeConstSpan(raw_public_key, raw_public_key_len))) { + return 0; + } + + if (!ssl->config->server_certificate_type_list.Init(1)) { + return 0; + } + ssl->config->server_certificate_type_list[0] = + TLSEXT_CERTIFICATETYPE_RAW_PUBLIC_KEY; + + return 1; /* Success */ +} + +int SSL_has_server_raw_public_key_certificate(SSL *ssl) { + if (!ssl->config) { + return 0; /* Failure */ + } + + return !ssl->config->server_raw_public_key_certificate.empty(); +} namespace fips202205 {