Implement Token Binding
Update-Note: Token Binding can no longer be configured with the custom
extensions API. Instead, use the new built-in implementation. (The
internal repository should be all set.)
Bug: 183
Change-Id: I007523a638dc99582ebd1d177c38619fa7e1ac38
Reviewed-on: https://boringssl-review.googlesource.com/20645
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 8f53dcd..75e438d 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -771,6 +771,7 @@
SSL_CTX_free(ssl->session_ctx);
OPENSSL_free(ssl->supported_group_list);
OPENSSL_free(ssl->alpn_client_proto_list);
+ OPENSSL_free(ssl->token_binding_params);
EVP_PKEY_free(ssl->tlsext_channel_id_private);
OPENSSL_free(ssl->psk_identity_hint);
sk_CRYPTO_BUFFER_pop_free(ssl->client_CA, CRYPTO_BUFFER_free);
@@ -2122,6 +2123,28 @@
return 64;
}
+int SSL_set_token_binding_params(SSL *ssl, const uint8_t *params, size_t len) {
+ if (len > 256) {
+ OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
+ return 0;
+ }
+ OPENSSL_free(ssl->token_binding_params);
+ ssl->token_binding_params = (uint8_t *)BUF_memdup(params, len);
+ if (!ssl->token_binding_params) {
+ return 0;
+ }
+ ssl->token_binding_params_len = len;
+ return 1;
+}
+
+int SSL_is_token_binding_negotiated(const SSL *ssl) {
+ return ssl->token_binding_negotiated;
+}
+
+uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl) {
+ return ssl->negotiated_token_binding_param;
+}
+
size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) {
if (ssl->server || ssl->s3->hs == NULL) {
*out_types = NULL;
