boringssl

History

Jesse Selover d7266ecc9b Enforce key usage for RSA keys in TLS 1.2. For now, this is off by default and controlled by SSL_set_enforce_rsa_key_usage. This may be set as late as certificate verification so we may start by enforcing it for known roots. Generalizes ssl_cert_check_digital_signature_key_usage to check any part of the key_usage, and adds a new error KEY_USAGE_BIT_INCORRECT for the generalized method. Bug: chromium:795089 Change-Id: Ifa504c321bec3263a4e74f2dc48513e3b895d3ee Reviewed-on: https://boringssl-review.googlesource.com/c/34604 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>		5 years ago
..
test	Enforce key usage for RSA keys in TLS 1.2.	5 years ago
CMakeLists.txt	Add a CFI tester to CHECK_ABI.	5 years ago
bio_ssl.cc	Switch a number of files to C++.	7 years ago
d1_both.cc	Remove the add_alert hook.	6 years ago
d1_lib.cc	Support symbol prefixes	6 years ago
d1_pkt.cc	Support symbol prefixes	6 years ago
d1_srtp.cc	A bunch more scopers.	6 years ago
dtls_method.cc	Remove the add_alert hook.	6 years ago
dtls_record.cc	Another batch of bools.	6 years ago
handoff.cc	Add initial HRSS support.	5 years ago
handshake.cc	Implement server support for delegated credentials.	5 years ago
handshake_client.cc	Enforce key usage for RSA keys in TLS 1.2.	5 years ago
handshake_server.cc	Update comments around JDK11 workaround.	5 years ago
internal.h	Enforce key usage for RSA keys in TLS 1.2.	5 years ago
s3_both.cc	Allow configuring QUIC method per-connection	5 years ago
s3_lib.cc	Support symbol prefixes	6 years ago
s3_pkt.cc	Allow configuring QUIC method per-connection	5 years ago
span_test.cc	Support symbol prefixes	6 years ago
ssl_aead_ctx.cc	Delete the variants/draft code.	5 years ago
ssl_asn1.cc	Fix thread-safety bug in SSL_get_peer_cert_chain.	5 years ago
ssl_buffer.cc	Support symbol prefixes	6 years ago
ssl_cert.cc	Enforce key usage for RSA keys in TLS 1.2.	5 years ago
ssl_cipher.cc	Serialize SSL configuration in handoff and check it on application.	6 years ago
ssl_file.cc	Avoid modifying stack in sk_find.	6 years ago
ssl_key_share.cc	HRSS: omit reconstruction of ciphertext.	5 years ago
ssl_lib.cc	Enforce key usage for RSA keys in TLS 1.2.	5 years ago
ssl_privkey.cc	Implement server support for delegated credentials.	5 years ago
ssl_session.cc	Support symbol prefixes	6 years ago
ssl_stat.cc	Remove trailing whitespace from ssl/.	6 years ago
ssl_test.cc	Delete the variants/draft code.	5 years ago
ssl_transcript.cc	Support symbol prefixes	6 years ago
ssl_versions.cc	Allow configuring QUIC method per-connection	5 years ago
ssl_x509.cc	Use handshake parameters to decide if cert/key are available	5 years ago
t1_enc.cc	Support symbol prefixes	6 years ago
t1_lib.cc	Implement server support for delegated credentials.	5 years ago
tls13_both.cc	Enforce key usage for RSA keys in TLS 1.2.	5 years ago
tls13_client.cc	Delete the variants/draft code.	5 years ago
tls13_enc.cc	Allow configuring QUIC method per-connection	5 years ago
tls13_server.cc	Make 256-bit ciphers a preference for CECPQ2, not a requirement.	5 years ago
tls_method.cc	Remove the add_alert hook.	6 years ago
tls_record.cc	Another batch of bools.	6 years ago