-
Notifications
You must be signed in to change notification settings - Fork 775
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add an SSL_CREDENTIAL API for ECDSA/RSA and delegated credentials
This adds a notion of "credentials" to BoringSSL's API, to support certificate selection by key type (typically ECDSA vs RSA), though the aim is for it to be generalizable to other certificate types and other kinds of selection criteria, such as Trust Expressions, or Merkle Tree Certificates. Since we already had some nascent delegated credentials I've reworked that feature with SSL_CREDENTIALs as well. The model is that you create an SSL_CREDENTIAL object containing all the configuration for what you are authenticating as. An X.509 SSL_CREDENTIAL has a certificate chain, private key, optionally an OCSP response and SCT list. Delegated credentials are similar. In the future, we might use this for raw public keys, other certificate types, etc. Once you set those up, you configure those on the SSL or SSL_CTX in preference order, and BoringSSL will internally pick the first one that is usable. The current implementation ends up redundantly selecting the signature algorithm a couple of times. This works but is a little goofy. A follow-up change will remove this redundancy. The protocol between the runner and shim for tests is also a little weird, but it was the easiest way I could think of for injecting that. Long-term, I think we should just replace that protocol with a JSON structure. (See https://crbug.com/boringssl/704.) As split handshakes are in the process of being replaced with handshake hints, this won't work with split handshakes. It works with handshake hints without any extra work. Update-Note: The delegated credentials API has been revamped. Previously, it worked by configuring an optional delegated credential and key with your normal certificate chain. This has the side effect of forcing your DC issuer and your fallback certificate to be the same. The SSL_CREDENTIAL API lifts this restriction. A delegated credential is now just a different kind of credential. It may use the same certificate chain as an X.509 credential or be completely separate. All the SSL_CREDENTIAL APIs take CRYPTO_BUFFERs, so, if common, the buffers may be shared to reduce memory. The SSL_delegated_credential_used API is also removed, in favor of the more general SSL_get0_selected_credential API. Callers can use ex_data or pointer equality to identify the credential. Bug: 249 Change-Id: Ibc290df3b7b95f148df12625e41cf55c50566602 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66690 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com>
- Loading branch information
Showing
29 changed files
with
2,666 additions
and
1,463 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.