boringssl

Historique

Jesse Selover d7266ecc9b Enforce key usage for RSA keys in TLS 1.2. For now, this is off by default and controlled by SSL_set_enforce_rsa_key_usage. This may be set as late as certificate verification so we may start by enforcing it for known roots. Generalizes ssl_cert_check_digital_signature_key_usage to check any part of the key_usage, and adds a new error KEY_USAGE_BIT_INCORRECT for the generalized method. Bug: chromium:795089 Change-Id: Ifa504c321bec3263a4e74f2dc48513e3b895d3ee Reviewed-on: https://boringssl-review.googlesource.com/c/34604 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>		il y a 5 ans
..
test	Enforce key usage for RSA keys in TLS 1.2.	il y a 5 ans
CMakeLists.txt	Add a CFI tester to CHECK_ABI.	il y a 5 ans
bio_ssl.cc	Switch a number of files to C++.	il y a 7 ans
d1_both.cc	Remove the add_alert hook.	il y a 6 ans
d1_lib.cc	Support symbol prefixes	il y a 6 ans
d1_pkt.cc	Support symbol prefixes	il y a 6 ans
d1_srtp.cc	A bunch more scopers.	il y a 6 ans
dtls_method.cc	Remove the add_alert hook.	il y a 6 ans
dtls_record.cc	Another batch of bools.	il y a 6 ans
handoff.cc	Add initial HRSS support.	il y a 5 ans
handshake.cc	Implement server support for delegated credentials.	il y a 5 ans
handshake_client.cc	Enforce key usage for RSA keys in TLS 1.2.	il y a 5 ans
handshake_server.cc	Update comments around JDK11 workaround.	il y a 5 ans
internal.h	Enforce key usage for RSA keys in TLS 1.2.	il y a 5 ans
s3_both.cc	Allow configuring QUIC method per-connection	il y a 5 ans
s3_lib.cc	Support symbol prefixes	il y a 6 ans
s3_pkt.cc	Allow configuring QUIC method per-connection	il y a 5 ans
span_test.cc	Support symbol prefixes	il y a 6 ans
ssl_aead_ctx.cc	Delete the variants/draft code.	il y a 5 ans
ssl_asn1.cc	Fix thread-safety bug in SSL_get_peer_cert_chain.	il y a 5 ans
ssl_buffer.cc	Support symbol prefixes	il y a 6 ans
ssl_cert.cc	Enforce key usage for RSA keys in TLS 1.2.	il y a 5 ans
ssl_cipher.cc	Serialize SSL configuration in handoff and check it on application.	il y a 6 ans
ssl_file.cc	Avoid modifying stack in sk_find.	il y a 6 ans
ssl_key_share.cc	HRSS: omit reconstruction of ciphertext.	il y a 5 ans
ssl_lib.cc	Enforce key usage for RSA keys in TLS 1.2.	il y a 5 ans
ssl_privkey.cc	Implement server support for delegated credentials.	il y a 5 ans
ssl_session.cc	Support symbol prefixes	il y a 6 ans
ssl_stat.cc	Remove trailing whitespace from ssl/.	il y a 6 ans
ssl_test.cc	Delete the variants/draft code.	il y a 5 ans
ssl_transcript.cc	Support symbol prefixes	il y a 6 ans
ssl_versions.cc	Allow configuring QUIC method per-connection	il y a 5 ans
ssl_x509.cc	Use handshake parameters to decide if cert/key are available	il y a 5 ans
t1_enc.cc	Support symbol prefixes	il y a 6 ans
t1_lib.cc	Implement server support for delegated credentials.	il y a 5 ans
tls13_both.cc	Enforce key usage for RSA keys in TLS 1.2.	il y a 5 ans
tls13_client.cc	Delete the variants/draft code.	il y a 5 ans
tls13_enc.cc	Allow configuring QUIC method per-connection	il y a 5 ans
tls13_server.cc	Make 256-bit ciphers a preference for CECPQ2, not a requirement.	il y a 5 ans
tls_method.cc	Remove the add_alert hook.	il y a 6 ans
tls_record.cc	Another batch of bools.	il y a 6 ans