Skip to content

Commit

Permalink
Remove sig unique check in boringssl
Browse files Browse the repository at this point in the history
  • Loading branch information
perklet committed Nov 25, 2023
1 parent 9a5d557 commit babcd10
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 13 deletions.
13 changes: 13 additions & 0 deletions chrome/patches/boringssl-old-ciphers.patch
Original file line number Diff line number Diff line change
Expand Up @@ -194,3 +194,16 @@ index fd8cef95d..1d6ffe88b 100644
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 & 0xffff,
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 & 0xffff,
TLS1_CK_RSA_WITH_AES_128_SHA & 0xffff,
diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc
index 57116cd6c..fa1652832 100644
--- a/ssl/ssl_privkey.cc
+++ b/ssl/ssl_privkey.cc
@@ -594,7 +594,7 @@ static bool sigalgs_unique(Span<const uint16_t> in_sigalgs) {

static bool set_sigalg_prefs(Array<uint16_t> *out, Span<const uint16_t> prefs) {
if (!sigalgs_unique(prefs)) {
- return false;
+ // return false;
}

// Check for invalid algorithms, and filter out |SSL_SIGN_RSA_PKCS1_MD5_SHA1|.
5 changes: 4 additions & 1 deletion tests/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,7 @@ For each supported browser, the following tests are performed:

## What's missing
The following tests are still missing:
* Test that `curl-impersonate` sends the same HTTP/2 SETTINGS as the browser.
- [ ] Test that `curl-impersonate` sends the same HTTP/2 SETTINGS as the browser.
- [ ] Capture traffic automatically from different browsers
- [ ] Update safari versions, double `rsa_pss_rsae_sha384`

24 changes: 12 additions & 12 deletions tests/signature.py
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,7 @@ def to_dict(self):
d = super().to_dict()
d["status_request_type"] = self.status_request_type
return d

@classmethod
def from_dict(cls, d):
return TLSExtensionStatusRequest(**d)
Expand Down Expand Up @@ -364,7 +364,7 @@ def to_dict(self):
d = super().to_dict()
d["sig_hash_algs"] = self.sig_hash_algs
return d

@classmethod
def from_dict(cls, d):
return TLSExtensionSignatureAlgorithms(**d)
Expand Down Expand Up @@ -401,7 +401,7 @@ class TLSExtensionPadding(TLSExtensionSignature,
def __init__(self):
# Padding has varying lengths, so don't include in the signature
super().__init__(self.ext_type, length=None)

@classmethod
def from_dict(cls, d):
return TLSExtensionPadding()
Expand All @@ -421,7 +421,7 @@ def to_dict(self):
d = super().to_dict()
d["algorithms"] = self.algorithms
return d

@classmethod
def from_dict(cls, d):
return TLSExtensionCompressCertificate(**d)
Expand All @@ -442,7 +442,7 @@ def to_dict(self):
d = super().to_dict()
d["record_size_limit"] = self.record_size_limit
return d

@classmethod
def from_dict(cls, d):
return TLSExtensionRecordSizeLimit(**d)
Expand All @@ -463,7 +463,7 @@ def to_dict(self):
d = super().to_dict()
d["sig_hash_algs"] = self.sig_hash_algs
return d

@classmethod
def from_dict(cls, d):
return TLSExtensionDelegatedCredentials(**d)
Expand All @@ -487,7 +487,7 @@ def to_dict(self):
self.supported_versions
))
return d

@classmethod
def from_dict(cls, d):
supported_versions = list(map(
Expand All @@ -513,7 +513,7 @@ def to_dict(self):
d = super().to_dict()
d["psk_ke_mode"] = self.psk_ke_mode
return d

@classmethod
def from_dict(cls, d):
return TLSExtensionPSKKeyExchangeModes(**d)
Expand All @@ -524,7 +524,7 @@ def from_bytes(cls, length: int, data: bytes):
if ke_length > 1:
# Unsupported
raise Exception("Failed to parse psk_key_exchange_modes extension")

return TLSExtensionPSKKeyExchangeModes(length, ke_mode)


Expand All @@ -544,7 +544,7 @@ def to_dict(self):
for ks in self.key_shares
]
return d

@classmethod
def from_dict(cls, d):
key_shares = [
Expand Down Expand Up @@ -585,7 +585,7 @@ def to_dict(self):
d = super().to_dict()
d["alps_alpn_list"] = self.alps_alpn_list
return d

@classmethod
def from_dict(cls, d):
return TLSExtensionApplicationSettings(**d)
Expand Down Expand Up @@ -838,7 +838,7 @@ def from_bytes(cls, record: bytes):
f"Got 0x{handshake_header.type:02x}"
)

if (len(record) - off - 4 !=
if (len(record) - off - 4 !=
(handshake_header.length_high << 16) + handshake_header.length_low):
raise Exception("Corrupt handshake length")

Expand Down

0 comments on commit babcd10

Please sign in to comment.