kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1fb125c74a
boringssl/ssl
History
David Benjamin 1fb125c74a Enforce ECDSA curve matching in TLS 1.3. 
Implement in both C and Go. To test this, route config into all the
sign.go functions so we can expose bugs to skip the check.

Unfortunately, custom private keys are going to be a little weird since
we can't check their curve type. We may need to muse on what to do here.
Perhaps the key type bit should return an enum that includes the curve?
It's weird because, going forward, hopefully all new key types have
exactly one kind of signature so key type == sig alg == sig alg prefs.

Change-Id: I1f487ec143512ead931e3392e8be2a3172abe3d2
Reviewed-on: https://boringssl-review.googlesource.com/8701
Reviewed-by: David Benjamin <davidben@google.com>
2016-07-12 18:40:08 +00:00
..
test Enforce ECDSA curve matching in TLS 1.3. 2016-07-12 18:40:08 +00:00
CMakeLists.txt Rename (s3,d1)_meth.c. 2016-07-11 17:22:35 +00:00
custom_extensions.c
d1_both.c Simplify ssl_get_message somewhat. 2016-07-11 23:01:32 +00:00
d1_lib.c Stop using the word 'buffer' everywhere. 2016-06-27 22:15:22 +00:00
d1_pkt.c Stop using the word 'buffer' everywhere. 2016-06-27 22:15:22 +00:00
d1_srtp.c Make kSRTPProfiles static. 2016-05-13 14:12:22 +00:00
dtls_method.c Don't use init_buf in DTLS. 2016-07-11 23:01:11 +00:00
dtls_record.c Fix the alias checks in dtls_record.c. 2016-06-09 21:11:22 +00:00
handshake_client.c Move the key type check from tls12_check_peer_sigalg to ssl_verify_*. 2016-07-12 18:25:05 +00:00
handshake_server.c Move the key type check from tls12_check_peer_sigalg to ssl_verify_*. 2016-07-12 18:25:05 +00:00
internal.h Enforce ECDSA curve matching in TLS 1.3. 2016-07-12 18:40:08 +00:00
s3_both.c Simplify ssl_get_message somewhat. 2016-07-11 23:01:32 +00:00
s3_enc.c Don't call tls12_get_hash in the server handshake. 2016-07-12 16:30:10 +00:00
s3_lib.c Disconnect handshake message creation from init_buf. 2016-06-27 22:15:01 +00:00
s3_pkt.c Forbid renegotiation in TLS 1.3. 2016-07-11 18:26:27 +00:00
ssl_aead_ctx.c Fixing iv_length for TLS 1.3. 2016-06-16 17:04:14 +00:00
ssl_asn1.c Disconnect handshake message creation from init_buf. 2016-06-27 22:15:01 +00:00
ssl_buffer.c Remove in-place TLS record assembly for now. 2016-06-09 19:47:44 +00:00
ssl_cert.c Change |EVP_PKEY_up_ref| to return int. 2016-07-12 17:55:41 +00:00
ssl_cipher.c Add TLS 1.3 record layer to go implementation. 2016-06-21 21:43:40 +00:00
ssl_ecdh.c Add SSL_get_curve_id and SSL_get_dhe_group_size. 2016-06-30 23:20:34 +00:00
ssl_file.c
ssl_lib.c Change |EVP_PKEY_up_ref| to return int. 2016-07-12 17:55:41 +00:00
ssl_rsa.c Enforce ECDSA curve matching in TLS 1.3. 2016-07-12 18:40:08 +00:00
ssl_session.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
ssl_stat.c Remove a/b parameters to send_change_cipher_spec. 2016-06-29 18:50:47 +00:00
ssl_test.cc Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
t1_enc.c Move the Digest/Sign split for SignatureAlgorithms to a lower level. 2016-07-01 19:01:33 +00:00
t1_lib.c Enforce ECDSA curve matching in TLS 1.3. 2016-07-12 18:40:08 +00:00
tls_method.c Don't use init_buf in DTLS. 2016-07-11 23:01:11 +00:00
tls_record.c Build up TLS 1.3 record-layer tests. 2016-06-27 17:02:01 +00:00