f6094e05ef
OpenSSL accepts both OID 2.5.8.1.1 and OID 1.2.840.113549.1.1.1 for RSA public keys. The latter comes from RFC 3279 and is widely implemented. The former comes from the ITU-T version of X.509. Interestingly, 2.5.8.1.1 actually has a parameter, which OpenSSL ignores: rsa ALGORITHM ::= { KeySize IDENTIFIED BY id-ea-rsa } KeySize ::= INTEGER Remove support for 2.5.8.1.1 completely. In tests with a self-signed certificate and code inspection: - IE11 on Win8 does not accept the certificate in a TLS handshake at all. Such a certificate is fatal and unbypassable. However Microsoft's libraries do seem to parse it, so Chrome on Windows allows one to click through the error. I'm guessing either the X.509 stack accepts it while the TLS stack doesn't recognize it as RSA or the X.509 stack is able to lightly parse it but not actually understand the key. (The system certificate UI didn't display it as an RSA key, so probably the latter?) - Apple's certificate library on 10.11.2 does not parse the certificate at all. Both Safari and Chrome on Mac treat it as a fatal and unbypassable error. - mozilla::pkix, from code inspection, does not accept such certificates. However, Firefox does allow clicking through the error. This is likely a consequence of mozilla::pkix and NSS having different ASN.1 stacks. I did not test this, but I expect this means Chrome on Linux also accepts it. Given IE and Safari's results, it should be safe to simply remove this. Firefox's data point is weak (perhaps someone is relying on being able to click-through a self-signed 2.5.8.1.1 certificate), but it does further ensure no valid certificate could be doing this. The following is the 2.5.8.1.1 certificate I constructed to test with. The private key is key.pem from ssl/test/runner: -----BEGIN CERTIFICATE----- MIICVTCCAb6gAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGcMAoGBFUIAQECAgQAA4GNADCBiQKBgQDY K8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAj kXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28t Q+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4E FgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6 Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAIZuUICtYv w3cbpCGX6HNCtyI0guOfbytcdwzRkQaCsYNSDrTxrSSWxHwqg3Dl/RlvS+T3Yaua Xkioadstwt7GDP6MwpIpdbjchh0XZd3kjdJWqXSvihUDpRePNjNS2LmJW8GWfB3c F6UVyNK+wcApRY+goREIhyYupAHUexR7FQ== -----END CERTIFICATE----- BUG=522228 Change-Id: I031d03c0f53a16cbc749c4a5d8be6efca50dc863 Reviewed-on: https://boringssl-review.googlesource.com/6852 Reviewed-by: Adam Langley <alangley@gmail.com> |
||
---|---|---|
crypto | ||
decrepit | ||
fuzz | ||
include/openssl | ||
ssl | ||
tool | ||
util | ||
.clang-format | ||
.gitignore | ||
BUILDING.md | ||
CMakeLists.txt | ||
codereview.settings | ||
FUZZING.md | ||
LICENSE | ||
PORTING.md | ||
README.md | ||
STYLE.md |
BoringSSL
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
There are other files in this directory which might be helpful:
- PORTING.md: how to port OpenSSL-using code to BoringSSL.
- BUILDING.md: how to build BoringSSL
- STYLE.md: rules and guidelines for coding style.
- include/openssl: public headers with API documentation in comments. Also available online.
- FUZZING.md: information about fuzzing BoringSSL.