update boringssl patches
This commit is contained in:
parent
95ed3238be
commit
7d5cd2051a
4 changed files with 4 additions and 63 deletions
|
@ -1,3 +1,2 @@
|
|||
implement_ssl_get_tlsext_status_type.patch
|
||||
add_ec_group_order_bits_for_openssl_compatibility.patch
|
||||
add_ec_key_key2buf_for_openssl_compatibility.patch
|
||||
|
|
|
@ -9,10 +9,10 @@ Commit-Queue: Adam Langley <agl@google.com>
|
|||
Reviewed-by: Adam Langley <agl@google.com>
|
||||
|
||||
diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c
|
||||
index 908e35e9d04e657c13ba61c8ea5bf4a4519228c5..43e170b9190bf1813216b10863bbaf6402331161 100644
|
||||
index bd0662a703d6285df51735c5d4870d21a82b39cf..90b9d71f61f8d6d7ddf838c47a59729748d0d0f2 100644
|
||||
--- a/crypto/fipsmodule/ec/ec.c
|
||||
+++ b/crypto/fipsmodule/ec/ec.c
|
||||
@@ -605,6 +605,10 @@ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) {
|
||||
@@ -625,6 +625,10 @@ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -24,7 +24,7 @@ index 908e35e9d04e657c13ba61c8ea5bf4a4519228c5..43e170b9190bf1813216b10863bbaf64
|
|||
BN_CTX *ctx) {
|
||||
// All |EC_GROUP|s have cofactor 1.
|
||||
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
|
||||
index 41a9c34c5ad1bbfdff8e37c1e245ac7fac7a3869..e4195fc15a26e61ef1e74ac7054ddabb256ae9a3 100644
|
||||
index 966393ea3b726214aa84a604c8e5a13654dcdf76..c65a1a7519fd80b681d1cf899792ee46aaa8bad6 100644
|
||||
--- a/include/openssl/ec.h
|
||||
+++ b/include/openssl/ec.h
|
||||
@@ -133,6 +133,9 @@ OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
|
||||
|
|
|
@ -9,7 +9,7 @@ Reviewed-by: Adam Langley <agl@google.com>
|
|||
Commit-Queue: Adam Langley <agl@google.com>
|
||||
|
||||
diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c
|
||||
index a6d469767adfad1c9095cc58c567b10c71e95cfa..ba69e83cb8f49c70a98c8fd68fd7fa4b122da5cd 100644
|
||||
index 632dc9b2d902dfba01567f4c02ad7ad6d0c8c3e8..4bc12a073650f66f5ae8ba2beabb9a6fb2b21878 100644
|
||||
--- a/crypto/fipsmodule/ec/ec_key.c
|
||||
+++ b/crypto/fipsmodule/ec/ec_key.c
|
||||
@@ -394,6 +394,33 @@ err:
|
||||
|
|
|
@ -1,58 +0,0 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Apthorp <jeremya@chromium.org>
|
||||
Date: Thu, 18 Oct 2018 14:18:05 -0700
|
||||
Subject: Implement SSL_get_tlsext_status_type
|
||||
|
||||
It's used by Node.js[1], and is simple to implement.
|
||||
|
||||
[1]: https://github.com/nodejs/node/blob/e2f58c71ddf0f91256cc85e6bb226a068256c5eb/src/node_crypto.cc#L2390
|
||||
|
||||
Change-Id: Ie5c76b848623d00f7478aeae0214c25472de523c
|
||||
Reviewed-on: https://boringssl-review.googlesource.com/c/32525
|
||||
Reviewed-by: David Benjamin <davidben@google.com>
|
||||
Commit-Queue: David Benjamin <davidben@google.com>
|
||||
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
|
||||
|
||||
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
|
||||
index c0d44ce2820fb20273b453def0b5bcb5ddcc14e9..f0d9dd45e2c41968a84c8a3f31a8c9e4f621f018 100644
|
||||
--- a/include/openssl/ssl.h
|
||||
+++ b/include/openssl/ssl.h
|
||||
@@ -4268,6 +4268,14 @@ OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts,
|
||||
// Use |SSL_enable_ocsp_stapling| instead.
|
||||
OPENSSL_EXPORT int SSL_set_tlsext_status_type(SSL *ssl, int type);
|
||||
|
||||
+// SSL_get_tlsext_status_type returns |TLSEXT_STATUSTYPE_ocsp| if the client
|
||||
+// requested OCSP stapling and |TLSEXT_STATUSTYPE_nothing| otherwise. On the
|
||||
+// client, this reflects whether OCSP stapling was enabled via, e.g.,
|
||||
+// |SSL_set_tlsext_status_type|. On the server, this is determined during the
|
||||
+// handshake. It may be queried in callbacks set by |SSL_CTX_set_cert_cb|. The
|
||||
+// result is undefined after the handshake completes.
|
||||
+OPENSSL_EXPORT int SSL_get_tlsext_status_type(const SSL *ssl);
|
||||
+
|
||||
// SSL_set_tlsext_status_ocsp_resp sets the OCSP response. It returns one on
|
||||
// success and zero on error. On success, |ssl| takes ownership of |resp|, which
|
||||
// must have been allocated by |OPENSSL_malloc|.
|
||||
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
|
||||
index 9c16de4958ef29d638e05e0f90b9b15b11b15cac..1f648658b8cb6ae7b82132b276b927e8fb11a47a 100644
|
||||
--- a/ssl/ssl_lib.cc
|
||||
+++ b/ssl/ssl_lib.cc
|
||||
@@ -2751,6 +2751,19 @@ int SSL_set_tlsext_status_type(SSL *ssl, int type) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
+int SSL_get_tlsext_status_type(const SSL *ssl) {
|
||||
+ if (ssl->server) {
|
||||
+ SSL_HANDSHAKE *hs = ssl->s3->hs.get();
|
||||
+ return hs != nullptr && hs->ocsp_stapling_requested
|
||||
+ ? TLSEXT_STATUSTYPE_ocsp
|
||||
+ : TLSEXT_STATUSTYPE_nothing;
|
||||
+ }
|
||||
+
|
||||
+ return ssl->config != nullptr && ssl->config->ocsp_stapling_enabled
|
||||
+ ? TLSEXT_STATUSTYPE_ocsp
|
||||
+ : TLSEXT_STATUSTYPE_nothing;
|
||||
+}
|
||||
+
|
||||
int SSL_set_tlsext_status_ocsp_resp(SSL *ssl, uint8_t *resp, size_t resp_len) {
|
||||
if (SSL_set_ocsp_response(ssl, resp, resp_len)) {
|
||||
OPENSSL_free(resp);
|
Loading…
Add table
Add a link
Reference in a new issue