boringssl

Histórico

Jesse Selover d7266ecc9b Enforce key usage for RSA keys in TLS 1.2. For now, this is off by default and controlled by SSL_set_enforce_rsa_key_usage. This may be set as late as certificate verification so we may start by enforcing it for known roots. Generalizes ssl_cert_check_digital_signature_key_usage to check any part of the key_usage, and adds a new error KEY_USAGE_BIT_INCORRECT for the generalized method. Bug: chromium:795089 Change-Id: Ifa504c321bec3263a4e74f2dc48513e3b895d3ee Reviewed-on: https://boringssl-review.googlesource.com/c/34604 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>		há 5 anos
..
test	Enforce key usage for RSA keys in TLS 1.2.	há 5 anos
CMakeLists.txt	Add a CFI tester to CHECK_ABI.	há 5 anos
bio_ssl.cc	Switch a number of files to C++.	há 7 anos
d1_both.cc	Remove the add_alert hook.	há 6 anos
d1_lib.cc	Support symbol prefixes	há 6 anos
d1_pkt.cc	Support symbol prefixes	há 6 anos
d1_srtp.cc	A bunch more scopers.	há 6 anos
dtls_method.cc	Remove the add_alert hook.	há 6 anos
dtls_record.cc	Another batch of bools.	há 6 anos
handoff.cc	Add initial HRSS support.	há 5 anos
handshake.cc	Implement server support for delegated credentials.	há 5 anos
handshake_client.cc	Enforce key usage for RSA keys in TLS 1.2.	há 5 anos
handshake_server.cc	Update comments around JDK11 workaround.	há 5 anos
internal.h	Enforce key usage for RSA keys in TLS 1.2.	há 5 anos
s3_both.cc	Allow configuring QUIC method per-connection	há 5 anos
s3_lib.cc	Support symbol prefixes	há 6 anos
s3_pkt.cc	Allow configuring QUIC method per-connection	há 5 anos
span_test.cc	Support symbol prefixes	há 6 anos
ssl_aead_ctx.cc	Delete the variants/draft code.	há 5 anos
ssl_asn1.cc	Fix thread-safety bug in SSL_get_peer_cert_chain.	há 5 anos
ssl_buffer.cc	Support symbol prefixes	há 6 anos
ssl_cert.cc	Enforce key usage for RSA keys in TLS 1.2.	há 5 anos
ssl_cipher.cc	Serialize SSL configuration in handoff and check it on application.	há 6 anos
ssl_file.cc	Avoid modifying stack in sk_find.	há 6 anos
ssl_key_share.cc	HRSS: omit reconstruction of ciphertext.	há 5 anos
ssl_lib.cc	Enforce key usage for RSA keys in TLS 1.2.	há 5 anos
ssl_privkey.cc	Implement server support for delegated credentials.	há 5 anos
ssl_session.cc	Support symbol prefixes	há 6 anos
ssl_stat.cc	Remove trailing whitespace from ssl/.	há 6 anos
ssl_test.cc	Delete the variants/draft code.	há 5 anos
ssl_transcript.cc	Support symbol prefixes	há 6 anos
ssl_versions.cc	Allow configuring QUIC method per-connection	há 5 anos
ssl_x509.cc	Use handshake parameters to decide if cert/key are available	há 5 anos
t1_enc.cc	Support symbol prefixes	há 6 anos
t1_lib.cc	Implement server support for delegated credentials.	há 5 anos
tls13_both.cc	Enforce key usage for RSA keys in TLS 1.2.	há 5 anos
tls13_client.cc	Delete the variants/draft code.	há 5 anos
tls13_enc.cc	Allow configuring QUIC method per-connection	há 5 anos
tls13_server.cc	Make 256-bit ciphers a preference for CECPQ2, not a requirement.	há 5 anos
tls_method.cc	Remove the add_alert hook.	há 6 anos
tls_record.cc	Another batch of bools.	há 6 anos