kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0d62f26c36
boringssl/ssl
History
Steven Valdez 0d62f26c36 Adding more options for signing digest fallback. 
Allow configuring digest preferences for the private key. Some
smartcards have limited support for signing digests, notably Windows
CAPI keys and old Estonian smartcards. Chromium used the supports_digest
hook in SSL_PRIVATE_KEY_METHOD to limit such keys to SHA1. However,
detecting those keys was a heuristic, so some SHA256-capable keys
authenticating to SHA256-only servers regressed in the switch to
BoringSSL. Replace this mechanism with an API to configure digest
preference order. This way heuristically-detected SHA1-only keys may be
configured by Chromium as SHA1-preferring rather than SHA1-requiring.

In doing so, clean up the shared_sigalgs machinery somewhat.

BUG=468076

Change-Id: I996a2df213ae4d8b4062f0ab85b15262ca26f3c6
Reviewed-on: https://boringssl-review.googlesource.com/5755
Reviewed-by: Adam Langley <agl@google.com>
2015-09-23 21:55:01 +00:00
..
pqueue Fix some malloc test crashs. 2015-05-21 18:00:10 +00:00
test Adding more options for signing digest fallback. 2015-09-23 21:55:01 +00:00
CMakeLists.txt Rename ssl_sess.c to ssl_session.c. 2015-09-14 23:37:52 +00:00
custom_extensions.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
d1_both.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
d1_clnt.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
d1_lib.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
d1_meth.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
d1_pkt.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
d1_srtp.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
d1_srvr.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
dtls_record.c Reject empty records of unexpected type. 2015-08-28 22:03:00 +00:00
internal.h Adding more options for signing digest fallback. 2015-09-23 21:55:01 +00:00
s3_both.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
s3_clnt.c Adding more options for signing digest fallback. 2015-09-23 21:55:01 +00:00
s3_enc.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
s3_lib.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
s3_meth.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
s3_pkt.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
s3_srvr.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
ssl_aead_ctx.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
ssl_asn1.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
ssl_buffer.c Fix buffer size computation. 2015-09-01 20:18:21 +00:00
ssl_cert.c Adding more options for signing digest fallback. 2015-09-23 21:55:01 +00:00
ssl_cipher.c Add |SSL_CIPHER_is_RC4|. 2015-09-18 23:03:40 +00:00
ssl_file.c Toss file-related convenience bits of ssl/ into a corner. 2015-09-08 23:34:40 +00:00
ssl_lib.c Group NPN functions in their own section. 2015-09-18 18:39:53 +00:00
ssl_rsa.c Adding more options for signing digest fallback. 2015-09-23 21:55:01 +00:00
ssl_session.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
ssl_stat.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
ssl_test.cc Make SSL_get_client_CA_list slightly more OpenSSL-compatible. 2015-09-11 22:30:55 +00:00
ssl_txt.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
t1_enc.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
t1_lib.c Adding more options for signing digest fallback. 2015-09-23 21:55:01 +00:00
tls_record.c Fix MSVC build. 2015-08-28 22:27:33 +00:00