Tag: Branch: Tree: d0a0750123

2214

2272

2311

2357

2490

2564

2623

2661

2704

2785

2883

2924

2987

3029

3071

3112

3202

3239

3282

3359

3538

3945

chromium-2214

chromium-2272

chromium-2311

chromium-2357

chromium-2490

chromium-2564

chromium-2623

chromium-2661

chromium-2704

chromium-2883

chromium-2924

chromium-2987

chromium-3029

chromium-3071

chromium-3112

chromium-3202

chromium-3239

chromium-3282

chromium-3359

chromium-3538

chromium-3945

chromium-5359

chromium-5414

chromium-stable

chromium-stable-with-bazel

esni

fips-20180730

fips-20220613

fips-20230428

fips-20240407

fips-20240805

fips-20250107

fips-android-20191008

grpc-202302

infra/config

main

main-with-bazel

master

master-with-bazel

0.20240913.0

0.20240930.0

0.20241024.0

0.20241203.0

0.20241209.0

0.20250114.0

0.20250212.0

fips-20170615

fips-20180730

fips-20190808

fips-20210429

fips-20220613

fips-android-20191020

version_for_cocoapods_1.0

version_for_cocoapods_10.0

version_for_cocoapods_2.0

version_for_cocoapods_3.0

version_for_cocoapods_4.0

version_for_cocoapods_5.0

version_for_cocoapods_6.0

version_for_cocoapods_7.0

version_for_cocoapods_8.0

version_for_cocoapods_9.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'd0a0750123'

${ noResults }

Commit Graph

4 Commits (d0a075012306873eac289d0485fe0446c7e89639)

Author	SHA1	Message	Date
David Benjamin	a6d321b11f	Tighten up supported PSS combinations in X.509. ... Matching Chromium, Go, and TLS 1.3, only allow SHA-256, SHA-384, and SHA-512 RSA-PSS signatures, where MGF-1 and message hash match and salt length is hash length. Sadly, we are stuck tolerating an explicit trailerField for now. See the certificates in cl/362617931. This also fixes an overflow bug in handling the salt length. On platforms with 64-bit long and 32-bit int, we would misinterpret, e.g, 2^62 + 32 as 32. Also clean up the error-handling of maskHash. It was previously handled in a very confusing way; syntax errors in maskHash would succeed and only be noticed later, in rsa_mgf1_decode. I haven't done it in this change, but as a followup, we can, like Chromium, reduce X.509 signature algorithms down to a single enum. Update-Note: Unusual RSA-PSS combinations in X.509 are no longer accepted. This same change (actually a slightly stricter version) has already landed in Chrome. Bug: 489 Change-Id: I85ca3a4e14f76358cac13e66163887f6dade1ace Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53865 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com>	3 years ago
David Benjamin	491af10360	Check for trailing data in extensions. ... X509V3_EXT_d2i should notice if an extension has extra data at the end. Update-Note: Some previously accepted invalid certicates may be rejected, either in certificate verification or in X509_get_ext_d2i. Bug: 352 Change-Id: Iacbb74a52d15bf3318b4cb8271d44b0f0a2df137 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50285 Reviewed-by: Adam Langley <agl@google.com>	3 years ago
David Benjamin	ee4af9e94e	Add X509_get_pathlen and X509_REVOKED_get0_extensions. ... Conscrypt will need these functions. Also fix a bug in X509_get_extension_flags's error-handling. While I'm here, add X509_CRL_get0_extensions for completeness. Nothing uses this yet, but this could later be an alternative to avoid Conscrypt's mess with templates. Change-Id: I9393b75fcf53346535e6a4712355be081baa630d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42744 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>	5 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. ... Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago