boringssl

Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl

David Benjamin c890ae5195 Make ECH server APIs take EVP_HPKE_KEY. Previously we would extract the KEM ID from the ECHConfig and then parse the private key using the corresponding KEM type. This CL makes it take a pre-pared EVP_HPKE_KEY and checks it matches. This does require the caller pass the key type through externally, which is probably prudent? (On the other hand we are still inferring config from the rest of the ECHConfig... maybe we can add an API to extract the EVP_HPKE_KEM from a serialized ECHConfig if it becomes a problem. I could see runner or tool wanting that out of convenience.) The immediate motivation is to add APIs to programmatically construct ECHConfigs. I'm thinking we can pass a const EVP_HPKE_KEY * to specify the key, at which point it's weird for SSL_ECH_KEYS_add to look different. Bug: 275 Change-Id: I2d424323885103d3fe0a99a9012c160baa8653bd Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48002 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>		3 years ago
..
test	Make ECH server APIs take EVP_HPKE_KEY.	3 years ago
CMakeLists.txt	Add ECH server (draft-ietf-tls-esni-09).	4 years ago
bio_ssl.cc	Fix crash when flushing an SSL BIO.	4 years ago
d1_both.cc	Const-correct message creation hooks.	4 years ago
d1_lib.cc	…
d1_pkt.cc	…
d1_srtp.cc	Const-correct SSL_get_srtp_profiles.	4 years ago
dtls_method.cc	…
dtls_record.cc	…
encrypted_client_hello.cc	Make ECH server APIs take EVP_HPKE_KEY.	3 years ago
handoff.cc	Rename SSL_ECH_SERVER_CONFIG_LIST to SSL_ECH_KEYS.	3 years ago
handshake.cc	Shift some complexity out of ssl_add_clienthello_tlsext.	3 years ago
handshake_client.cc	Move the TLS vs DTLS header length adjustment into ssl_add_clienthello_tlsext.	3 years ago
handshake_server.cc	Rename SSL_ECH_SERVER_CONFIG_LIST to SSL_ECH_KEYS.	3 years ago
internal.h	Make ECH server APIs take EVP_HPKE_KEY.	3 years ago
s3_both.cc	Const-correct message creation hooks.	4 years ago
s3_lib.cc	Add SSL_ech_accepted API and ech_is_required alerts.	4 years ago
s3_pkt.cc	Check hs->early_session, not ssl->session, for the early data limit.	4 years ago
span_test.cc	…
ssl_aead_ctx.cc	…
ssl_asn1.cc	Rename the master_key field in SSL_SESSION to secret.	4 years ago
ssl_buffer.cc	…
ssl_c_test.c	…
ssl_cert.cc	Fix issuerUID and subjectUID parsing in the key usage checker.	4 years ago
ssl_cipher.cc	…
ssl_file.cc	…
ssl_key_share.cc	Rearrange SSLKeyShare::Serialize.	4 years ago
ssl_lib.cc	Move ECH-related APIs to encrypted_client_hello.cc.	4 years ago
ssl_privkey.cc	Add SSL_can_release_private_key.	4 years ago
ssl_session.cc	Remove the Channel ID callback.	4 years ago
ssl_stat.cc	Add SSL_ech_accepted API and ech_is_required alerts.	4 years ago
ssl_test.cc	Make ECH server APIs take EVP_HPKE_KEY.	3 years ago
ssl_transcript.cc	Tidy up the PSK binder logic.	3 years ago
ssl_versions.cc	Make add_clienthello callbacks const.	3 years ago
ssl_x509.cc	…
t1_enc.cc	Rename the master_key field in SSL_SESSION to secret.	4 years ago
t1_lib.cc	Rename SSL_ECH_SERVER_CONFIG_LIST to SSL_ECH_KEYS.	3 years ago
tls13_both.cc	Implement a handshake hint for certificate compression.	3 years ago
tls13_client.cc	Move key_share computation out of ClientHello callbacks.	3 years ago
tls13_enc.cc	Tidy up the PSK binder logic.	3 years ago
tls13_server.cc	Add SSL_ech_accepted API and ech_is_required alerts.	4 years ago
tls_method.cc	Add experimental handshake hints API.	4 years ago
tls_record.cc	…