Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge upstream v4.6.0 into libsignal branch #25

Closed
wants to merge 109 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
109 commits
Select commit Hold shift + click to select a range
52307b1
Provide into_ssl() for ConnectConfiguration
eaufavor Aug 15, 2023
6057ab7
Enable P-521 with "kx-safe-default"
cjpatton Sep 18, 2023
a3cdf87
Add new(), connect(), accept() and handshake() to SslStream
eaufavor Aug 15, 2023
602bb6d
Fix clippy lints
nox Oct 6, 2023
f67498c
deps: update to bindgen 0.68
poliorcetics Sep 22, 2023
7b0de93
Introduce ssl::Error::would_block
ghedo Jun 23, 2023
3b88f4e
Panic on error when setting default curves list
nox Sep 14, 2023
3d7ff0a
Introduce setup_accept and setup_connect
nox Aug 3, 2023
0a2013a
Introduce helper module in tokio-boring tests
nox Aug 4, 2023
97e2a8b
Add a few WouldBlock cases
ghedo Jun 23, 2023
1c790f7
Introduce AsyncStreamBridge
nox Aug 4, 2023
61bfbb5
Change signature for set_select_certificate_callback
nox Jul 28, 2023
0ffbdb0
Implement SslContextBuilder::set_private_key_method
nox Aug 2, 2023
907eaf0
Introduce async callbacks
nox Jul 28, 2023
273509c
Introduce Ssl::set_certificate
nox Oct 6, 2023
5f88374
Introduce SslSignatureAlgorithm::RSA_PKCS1_MD5_SHA1
nox Oct 6, 2023
ea96015
Remove futures from ex data slots once they resolve
nox Oct 9, 2023
6c681a4
Remove boring::fips::enable (fixes #150)
nox Oct 9, 2023
2f73d31
Expose SHA512-256
sabjank Feb 17, 2023
ea5b399
Add SHA224, SHA512, SHA512-256 tests
sabjank Feb 17, 2023
ad4239d
Introduce bindings for all X509_V_ERR_* constants
nox Oct 11, 2023
84a80c1
Change X509VerifyResult to Result<(), X509VerifyError>
nox Oct 11, 2023
0d25d74
Introduce struct Config in build script
nox Oct 10, 2023
6b52c1e
Don't use env::current_dir in build script
nox Oct 10, 2023
ebea825
Don't read BORINGSSL_BUILD_DIR anymore
nox Oct 10, 2023
bc09547
Use prefix BORING_BSSL_ for all boringssl env variables
nox Oct 10, 2023
7ddb106
Introduce a new set of env variables for FIPS-like builds
nox Oct 10, 2023
f5f47dd
Remove feature rpk from hyper-boring and tokio-boring
nox Oct 11, 2023
9a0bd94
Replace feature no-patches with BORING_BSSL{,_FIPS}_ASSUME_PATCHED
nox Oct 11, 2023
c48ed2e
Move session tests to their own module
nox Oct 24, 2023
965fde7
Test new session callback on server side
nox Oct 24, 2023
1e2a481
Test set_get_session_callback
nox Oct 24, 2023
8a26577
Allow returning GetSessionPendingError from get session callbacks
nox Oct 12, 2023
1ca7f76
Introduce set_async_get_session_callback
nox Oct 12, 2023
d8c2122
Continue looping if candidate cxx isn't found in verify_fips_clang_ve…
nox Oct 16, 2023
80b97c8
Introduce target-specific env vars
nox Oct 16, 2023
ba0ea33
Check for CMAKE_TOOLCHAIN_FILE when creating cmake config
nox Oct 16, 2023
7434e35
Introduce BORING_BSSL_SYSROOT and BORING_BSSL_EXTERNAL_TOOLCHAIN
nox Oct 16, 2023
0f74ead
Add CI for cross-building from macOS
nox Oct 16, 2023
46d482a
Specify exact versions of dependent crates in the workspace manifest
cbranch Oct 26, 2023
fa155a1
Release 4.0.0-rc.1
cbranch Oct 26, 2023
fdef984
hyper and tokio "full" feature for dev builds only
shahn Oct 26, 2023
7a7de40
Update Cargo.toml
nox Oct 30, 2023
7c5fdfa
Remove Sync trait bounds on callback futures
nox Nov 2, 2023
b5c7643
Add cargo-release metadata
nox Nov 6, 2023
8c90adb
Update release notes
nox Nov 6, 2023
d4518f5
Release 4.0.0-rc.2
nox Nov 6, 2023
cdb76dc
Release 4.0.0
cbranch Nov 10, 2023
7f4dca3
Drop Android 19 feature flag
jrose-signal Nov 10, 2023
2f63b8a
Introduce struct Config in build script
nox Oct 10, 2023
e8e6122
Merge tag 'v4.0.0' into libsignal
jrose-signal Nov 11, 2023
e175863
Drop Android 19 feature flag, part 2
jrose-signal Nov 11, 2023
7c88181
boring-sys: Don't use CMake cross-compilation for macOS->iOS
jrose-signal Nov 11, 2023
d7a13a8
Fix clippy lint
nox Nov 16, 2023
a327833
Properly drop overwritten ex data
nox Nov 16, 2023
2ab7141
Release 4.1.0
nox Nov 16, 2023
c38ed71
Use replace_ex_data more
nox Nov 17, 2023
9cf03ae
Move async callbacks infra to boring itself
nox Nov 27, 2023
af0c36a
boring-sys: Don't use CMake cross-compilation for macOS->iOS
jrose-signal Nov 11, 2023
4d1b7fc
Fix typos
vuittont60 Dec 7, 2023
bbe8cd1
Add relevant `--target` to `cargo test` in CI
eager-signal May 27, 2022
bccb80b
Refactor check-only and extra-test-args
eager-signal Jun 3, 2022
f558331
Add matrix.apt_packages
eager-signal Jun 3, 2022
08c417a
Make arm and Android builds check-only
eager-signal Jun 3, 2022
1028909
Remove musl test; there's no standard musl C++ setup for us to use
jrose-signal Oct 13, 2023
2f62df4
Build tests even for cross-compiling
eager-signal Jun 3, 2022
16327cf
Add custom environment for ARM Linux cross-compilation
jrose-signal Oct 13, 2023
f82f3fc
Add custom linker for Android cross-compilation
jrose-signal Oct 13, 2023
8b86852
Add arm64-macos cross-compile to CI
jrose-signal Oct 14, 2023
016d5cb
Always run tests in bash
jrose-signal Oct 14, 2023
4d66ada
Use gcc/g++ as the compilers for windows-gnu, not Clang
jrose-signal Oct 14, 2023
5dc531a
boring-sys: Don't check for MSVC with target_env
jrose-signal Oct 14, 2023
44f8f72
boring-sys: Blocklist max_align_t in bindgen
jrose-signal Oct 13, 2023
59ef713
Remove unused target_env from boring-sys build config
eager-signal Nov 13, 2023
dd281f6
Swap build and run order; always build
eager-signal Nov 14, 2023
446b655
Introduce tokio_boring::SslStreamBuilder
nox Dec 14, 2023
6f5f59d
Remove rpk from hyper docsrs features
nox Dec 13, 2023
b97446a
Restore rpk feature in tokio-boring
nox Dec 13, 2023
72f4bf5
Introduce set_custom_verify_callback and set_async_custom_verify_call…
nox Dec 13, 2023
3df4054
Release 4.2.0
nox Dec 14, 2023
a8dea4a
Introduce X509CheckFlags::UNDERSCORE_WILDCARDS
nox Dec 18, 2023
9b0e422
Don't use self-signed certs in hyper-boring tests
nox Dec 20, 2023
3637bfe
Introduce HttpsLayer::set_ssl_callback
nox Dec 20, 2023
1321ded
Rearrange imports in x509 module
nox Jan 2, 2024
9445734
Move x509 tests to a subdirectory
nox Jan 3, 2024
dfd49f4
Introduce X509Flags
nox Jan 3, 2024
f9dfd2c
Release 4.3.0
nox Jan 3, 2024
20f9991
Fix support for fips-link-precompiled
nox Dec 20, 2023
0f5731b
Expose SSL_get_error
evanrittenhouse Jan 8, 2024
e370083
Expose `set_compliance_policy` and `get_ciphers`
jhoyla Jan 16, 2024
3cf8bc4
Release 4.4.0
nox Jan 17, 2024
5aed467
Fix building with non bazel commits of boringssl
rushilmehra Jan 24, 2024
d3a42b0
Fix building with BORING_BSSL_PATH / BORING_BSSL_FIPS_PATH
rushilmehra Feb 2, 2024
7ead83c
Release 4.4.1
rushilmehra Feb 2, 2024
8ab1873
Introduce SslRef::set_private_key
nox Feb 7, 2024
db01409
Release 4.5.0
nox Feb 8, 2024
bc42edc
Introduce and use read_uninit and write_uninit duplicated from openss…
johnhurt Feb 2, 2024
ba85412
Removes vestigial build script
Jan 25, 2024
7135589
Add getters for client hello message
jrouviere Mar 21, 2024
30b3399
Fix clippy lints
nox Mar 23, 2024
b96d2b8
Enable layout tests on iOS target
ldm0 Feb 6, 2024
167f5ae
Remove kx-safe-default gate on SslCurve
rushilmehra Mar 24, 2024
3d9a5e3
add get_curve (#226)
ehaydenr Mar 26, 2024
8db6134
bound session cache
ehaydenr Nov 28, 2022
2cee0af
HttpsLayerSettings
ehaydenr Dec 1, 2023
870ccd9
builder
ehaydenr Dec 4, 2023
87ed6ab
Tweak cliff config to exclude merge and release commits from changelog
nox Apr 9, 2024
b804470
Release 4.6.0
nox Apr 9, 2024
b9a7516
Merge tag 'v4.6.0' into libsignal
jrose-signal Apr 10, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Implement SslContextBuilder::set_private_key_method
  • Loading branch information
nox authored and ghedo committed Oct 10, 2023
commit 0ffbdb030f9faec23f6576fea8f11797951344ae
111 changes: 98 additions & 13 deletions boring/src/ssl/callbacks.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
#![forbid(unsafe_op_in_unsafe_fn)]

use super::{
AlpnError, ClientHello, PrivateKeyMethod, PrivateKeyMethodError, SelectCertError, SniError,
Ssl, SslAlert, SslContext, SslContextRef, SslRef, SslSession, SslSessionRef,
SslSignatureAlgorithm, SESSION_CTX_INDEX,
};
use crate::error::ErrorStack;
use crate::ffi;
use crate::x509::{X509StoreContext, X509StoreContextRef};
use foreign_types::ForeignType;
use foreign_types::ForeignTypeRef;
use libc::c_char;
Expand All @@ -12,19 +19,7 @@ use std::slice;
use std::str;
use std::sync::Arc;

use crate::error::ErrorStack;
use crate::ssl::AlpnError;
use crate::ssl::{ClientHello, SelectCertError};
use crate::ssl::{
SniError, Ssl, SslAlert, SslContext, SslContextRef, SslRef, SslSession, SslSessionRef,
SESSION_CTX_INDEX,
};
use crate::x509::{X509StoreContext, X509StoreContextRef};

pub(super) unsafe extern "C" fn raw_verify<F>(
preverify_ok: c_int,
x509_ctx: *mut ffi::X509_STORE_CTX,
) -> c_int
pub extern "C" fn raw_verify<F>(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int
where
F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send,
{
Expand Down Expand Up @@ -372,3 +367,93 @@ where

callback(ssl, line);
}

pub(super) unsafe extern "C" fn raw_sign<M>(
ssl: *mut ffi::SSL,
out: *mut u8,
out_len: *mut usize,
max_out: usize,
signature_algorithm: u16,
in_: *const u8,
in_len: usize,
) -> ffi::ssl_private_key_result_t
where
M: PrivateKeyMethod,
{
// SAFETY: boring provides valid inputs.
let input = unsafe { slice::from_raw_parts(in_, in_len) };

let signature_algorithm = SslSignatureAlgorithm(signature_algorithm);

let callback = |method: &M, ssl: &mut _, output: &mut _| {
method.sign(ssl, input, signature_algorithm, output)
};

// SAFETY: boring provides valid inputs.
unsafe { raw_private_key_callback(ssl, out, out_len, max_out, callback) }
}

pub(super) unsafe extern "C" fn raw_decrypt<M>(
ssl: *mut ffi::SSL,
out: *mut u8,
out_len: *mut usize,
max_out: usize,
in_: *const u8,
in_len: usize,
) -> ffi::ssl_private_key_result_t
where
M: PrivateKeyMethod,
{
// SAFETY: boring provides valid inputs.
let input = unsafe { slice::from_raw_parts(in_, in_len) };

let callback = |method: &M, ssl: &mut _, output: &mut _| method.decrypt(ssl, input, output);

// SAFETY: boring provides valid inputs.
unsafe { raw_private_key_callback(ssl, out, out_len, max_out, callback) }
}

pub(super) unsafe extern "C" fn raw_complete<M>(
ssl: *mut ffi::SSL,
out: *mut u8,
out_len: *mut usize,
max_out: usize,
) -> ffi::ssl_private_key_result_t
where
M: PrivateKeyMethod,
{
// SAFETY: boring provides valid inputs.
unsafe { raw_private_key_callback::<M>(ssl, out, out_len, max_out, M::complete) }
}

unsafe fn raw_private_key_callback<M>(
ssl: *mut ffi::SSL,
out: *mut u8,
out_len: *mut usize,
max_out: usize,
callback: impl FnOnce(&M, &mut SslRef, &mut [u8]) -> Result<usize, PrivateKeyMethodError>,
) -> ffi::ssl_private_key_result_t
where
M: PrivateKeyMethod,
{
// SAFETY: boring provides valid inputs.
let ssl = unsafe { SslRef::from_ptr_mut(ssl) };
let output = unsafe { slice::from_raw_parts_mut(out, max_out) };
let out_len = unsafe { &mut *out_len };

let ssl_context = ssl.ssl_context().to_owned();
let method = ssl_context
.ex_data(SslContext::cached_ex_index::<M>())
.expect("BUG: private key method missing");

match callback(method, ssl, output) {
Ok(written) => {
assert!(written <= max_out);

*out_len = written;

ffi::ssl_private_key_result_t::ssl_private_key_success
}
Err(err) => err.0,
}
}
96 changes: 96 additions & 0 deletions boring/src/ssl/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1391,6 +1391,31 @@ impl SslContextBuilder {
}
}

/// Configures a custom private key method on the context.
///
/// See [`PrivateKeyMethod`] for more details.
///
/// This corresponds to [`SSL_CTX_set_private_key_method`]
///
/// [`SSL_CTX_set_private_key_method`]: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_CTX_set_private_key_method
pub fn set_private_key_method<M>(&mut self, method: M)
where
M: PrivateKeyMethod,
{
unsafe {
self.set_ex_data(SslContext::cached_ex_index::<M>(), method);

ffi::SSL_CTX_set_private_key_method(
self.as_ptr(),
&ffi::SSL_PRIVATE_KEY_METHOD {
sign: Some(callbacks::raw_sign::<M>),
decrypt: Some(callbacks::raw_decrypt::<M>),
complete: Some(callbacks::raw_complete::<M>),
},
)
}
}

/// Checks for consistency between the private key and certificate.
///
/// This corresponds to [`SSL_CTX_check_private_key`].
Expand Down Expand Up @@ -3790,6 +3815,77 @@ bitflags! {
}
}

/// Describes private key hooks. This is used to off-load signing operations to
/// a custom, potentially asynchronous, backend. Metadata about the key such as
/// the type and size are parsed out of the certificate.
///
/// Corresponds to [`ssl_private_key_method_st`].
///
/// [`ssl_private_key_method_st`]: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#ssl_private_key_method_st
pub trait PrivateKeyMethod: Send + Sync + 'static {
/// Signs the message `input` using the specified signature algorithm.
///
/// On success, it returns `Ok(written)` where `written` is the number of
/// bytes written into `output`. On failure, it returns
/// `Err(PrivateKeyMethodError::FAILURE)`. If the operation has not completed,
/// it returns `Err(PrivateKeyMethodError::RETRY)`.
///
/// The caller should arrange for the high-level operation on `ssl` to be
/// retried when the operation is completed. This will result in a call to
/// [`Self::complete`].
fn sign(
&self,
ssl: &mut SslRef,
input: &[u8],
signature_algorithm: SslSignatureAlgorithm,
output: &mut [u8],
) -> Result<usize, PrivateKeyMethodError>;

/// Decrypts `input`.
///
/// On success, it returns `Ok(written)` where `written` is the number of
/// bytes written into `output`. On failure, it returns
/// `Err(PrivateKeyMethodError::FAILURE)`. If the operation has not completed,
/// it returns `Err(PrivateKeyMethodError::RETRY)`.
///
/// The caller should arrange for the high-level operation on `ssl` to be
/// retried when the operation is completed. This will result in a call to
/// [`Self::complete`].
///
/// This method only works with RSA keys and should perform a raw RSA
/// decryption operation with no padding.
// NOTE(nox): What does it mean that it is an error?
fn decrypt(
&self,
ssl: &mut SslRef,
input: &[u8],
output: &mut [u8],
) -> Result<usize, PrivateKeyMethodError>;

/// Completes a pending operation.
///
/// On success, it returns `Ok(written)` where `written` is the number of
/// bytes written into `output`. On failure, it returns
/// `Err(PrivateKeyMethodError::FAILURE)`. If the operation has not completed,
/// it returns `Err(PrivateKeyMethodError::RETRY)`.
///
/// This method may be called arbitrarily many times before completion.
fn complete(&self, ssl: &mut SslRef, output: &mut [u8])
-> Result<usize, PrivateKeyMethodError>;
}

/// An error returned from a private key method.
#[derive(Debug, Copy, Clone, PartialEq, Eq)]
pub struct PrivateKeyMethodError(ffi::ssl_private_key_result_t);

impl PrivateKeyMethodError {
/// A fatal error occured and the handshake should be terminated.
pub const FAILURE: Self = Self(ffi::ssl_private_key_result_t::ssl_private_key_failure);

/// The operation could not be completed and should be retried later.
pub const RETRY: Self = Self(ffi::ssl_private_key_result_t::ssl_private_key_retry);
}

use crate::ffi::{SSL_CTX_up_ref, SSL_SESSION_get_master_key, SSL_SESSION_up_ref, SSL_is_server};

use crate::ffi::{DTLS_method, TLS_client_method, TLS_method, TLS_server_method};
Expand Down
24 changes: 11 additions & 13 deletions boring/src/ssl/test/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ use crate::x509::store::X509StoreBuilder;
use crate::x509::verify::X509CheckFlags;
use crate::x509::{X509Name, X509StoreContext, X509VerifyResult, X509};

mod private_key_method;
mod server;

static ROOT_CERT: &[u8] = include_bytes!("../../../test/root-ca.pem");
Expand All @@ -55,9 +56,7 @@ fn verify_untrusted() {
#[test]
fn verify_trusted() {
let server = Server::builder().build();

let mut client = server.client();
client.ctx().set_ca_file("test/root-ca.pem").unwrap();
let client = server.client_with_root_ca();

client.connect();
}
Expand Down Expand Up @@ -109,9 +108,8 @@ fn verify_untrusted_callback_override_bad() {
#[test]
fn verify_trusted_callback_override_ok() {
let server = Server::builder().build();
let mut client = server.client_with_root_ca();

let mut client = server.client();
client.ctx().set_ca_file("test/root-ca.pem").unwrap();
client
.ctx()
.set_verify_callback(SslVerifyMode::PEER, |_, x509| {
Expand All @@ -125,11 +123,12 @@ fn verify_trusted_callback_override_ok() {
#[test]
fn verify_trusted_callback_override_bad() {
let mut server = Server::builder();

server.should_error();

let server = server.build();
let mut client = server.client_with_root_ca();

let mut client = server.client();
client.ctx().set_ca_file("test/root-ca.pem").unwrap();
client
.ctx()
.set_verify_callback(SslVerifyMode::PEER, |_, _| false);
Expand All @@ -155,9 +154,8 @@ fn verify_callback_load_certs() {
#[test]
fn verify_trusted_get_error_ok() {
let server = Server::builder().build();
let mut client = server.client_with_root_ca();

let mut client = server.client();
client.ctx().set_ca_file("test/root-ca.pem").unwrap();
client
.ctx()
.set_verify_callback(SslVerifyMode::PEER, |_, x509| {
Expand Down Expand Up @@ -697,9 +695,8 @@ fn add_extra_chain_cert() {
#[test]
fn verify_valid_hostname() {
let server = Server::builder().build();
let mut client = server.client_with_root_ca();

let mut client = server.client();
client.ctx().set_ca_file("test/root-ca.pem").unwrap();
client.ctx().set_verify(SslVerifyMode::PEER);

let mut client = client.build().builder();
Expand All @@ -714,11 +711,12 @@ fn verify_valid_hostname() {
#[test]
fn verify_invalid_hostname() {
let mut server = Server::builder();

server.should_error();

let server = server.build();
let mut client = server.client_with_root_ca();

let mut client = server.client();
client.ctx().set_ca_file("test/root-ca.pem").unwrap();
client.ctx().set_verify(SslVerifyMode::PEER);

let mut client = client.build().builder();
Expand Down
Loading