-
Notifications
You must be signed in to change notification settings - Fork 161
Add relax-rsa-key-usage feature to restore historical RSA keyUsage
#512
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 | ||
| From: Kevin Bartlett Guthrie <kbg@cloudflare.com> | ||
| Date: Wed, 10 Jun 2026 14:00:00 -0400 | ||
| Subject: [PATCH] Default enforce_rsa_key_usage to off | ||
|
|
||
| BoringSSL starting with BORINGSSL_API_VERSION 19 (see | ||
| include/openssl/base.h) flipped the SSL_CONFIG default for | ||
| enforce_rsa_key_usage to true. As a client, this makes an RSA leaf whose | ||
| keyUsage does not assert the bit required by the cipher suite a fatal | ||
| handshake error (KEY_USAGE_BIT_INCORRECT) instead of the historical | ||
| non-fatal behaviour. | ||
| Many real upstream origins serve such certs; OpenSSL and the prior | ||
| BoringSSL pin accepted them. There is no Rust API to relax this per | ||
| connection. Restore the historical default (off) so RSA keyUsage | ||
| mismatches are non-fatal again; non-RSA keyUsage enforcement is | ||
| unaffected. | ||
| --- | ||
| diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc | ||
| index 89702eaaf..4be64f8a5 100644 | ||
| --- a/ssl/ssl_lib.cc | ||
| +++ b/ssl/ssl_lib.cc | ||
| @@ -575,7 +575,7 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg) | ||
| signed_cert_timestamps_enabled(false), | ||
| ocsp_stapling_enabled(false), | ||
| channel_id_enabled(false), | ||
| - enforce_rsa_key_usage(true), | ||
| + enforce_rsa_key_usage(false), | ||
| retain_only_sha256_of_client_certs(false), | ||
| handoff(false), | ||
| shed_handshake_config(false), | ||
| -- | ||
| 2.39.5 |
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Perhaps move this and the generated certs to a
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That works for me. I didn't originally because the test dir seems like it has all the test data already - https://github.com/johnhurt/boring/tree/b971e5712ed53a5ebc8fde4cd33d47709dee982a/boring/test |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| #!/usr/bin/env bash | ||
| # Generates the certificates used by `boring/src/ssl/test/verify.rs` for the | ||
| # `rsa_key_usage_mismatch` test. | ||
| # | ||
| # The resulting leaf certificate has an RSA key and a keyUsage extension that | ||
| # only asserts keyEncipherment (no digitalSignature). When BoringSSL enforces | ||
| # RSA keyUsage, an ECDHE-RSA cipher suite therefore fails with | ||
| # KEY_USAGE_BIT_INCORRECT. When enforcement is relaxed, the handshake succeeds. | ||
| set -euo pipefail | ||
|
|
||
| cd "$(dirname "$0")" | ||
| NAME=rsa-key-usage-relaxed | ||
|
|
||
| # CA key and self-signed certificate. The CA key is deleted at the end; only | ||
| # the CA certificate is needed by the test. | ||
| openssl genrsa -out "${NAME}-ca-key.pem" 2048 | ||
| openssl req -new -x509 \ | ||
| -key "${NAME}-ca-key.pem" \ | ||
| -out "${NAME}-ca.pem" \ | ||
| -days 3650 \ | ||
| -subj "/CN=Relax RSA Key Usage Test CA" \ | ||
| -addext "basicConstraints=critical,CA:TRUE" \ | ||
| -addext "keyUsage=critical,keyCertSign,cRLSign" | ||
|
|
||
| # Leaf key and certificate request. | ||
| openssl genrsa -out "${NAME}-key.pem" 2048 | ||
| openssl req -new \ | ||
| -key "${NAME}-key.pem" \ | ||
| -out "${NAME}.csr" \ | ||
| -subj "/CN=localhost" | ||
|
|
||
| # Leaf certificate with keyUsage=keyEncipherment only. The missing | ||
| # digitalSignature bit is what triggers the RSA keyUsage check failure. | ||
| openssl x509 -req \ | ||
| -in "${NAME}.csr" \ | ||
| -CA "${NAME}-ca.pem" \ | ||
| -CAkey "${NAME}-ca-key.pem" \ | ||
| -CAcreateserial \ | ||
| -out "${NAME}.pem" \ | ||
| -days 365 \ | ||
| -extfile <(printf '%s\n' \ | ||
| 'keyUsage=critical,keyEncipherment' \ | ||
| 'extendedKeyUsage=serverAuth' \ | ||
| 'subjectAltName=DNS:localhost') | ||
|
|
||
| rm -f "${NAME}.csr" "${NAME}.srl" "${NAME}-ca-key.pem" |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIDPTCCAiWgAwIBAgIUVyjdxXDX1AIoOdOTwFCvxMZtiikwDQYJKoZIhvcNAQEL | ||
| BQAwJjEkMCIGA1UEAwwbUmVsYXggUlNBIEtleSBVc2FnZSBUZXN0IENBMB4XDTI2 | ||
| MDYyNjE4NDMxMloXDTM2MDYyMzE4NDMxMlowJjEkMCIGA1UEAwwbUmVsYXggUlNB | ||
| IEtleSBVc2FnZSBUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC | ||
| AQEA50Yu0DxDUJZ5G+nGy5QXajf7m6z/IlJgmz8lcmNiRmiIGMMdN9HMyLe4Mljk | ||
| qOl2aNfqLsSFeXg9KamhoScnQatQl5o4cf5kTePOYk9SkYuK86bcfHFJQLcPAjb4 | ||
| XBvEHnpCr2LpPFGVGuOlG7d1I7zJ0Fz9a6hThjN2+1Nl7qnwLZM1f+45oD9bBmno | ||
| MObfLQDIC5Ds0pE0Iv+jPPoQqTzhkwRdsSWiSXojmuWsrS2kW7B/OUHxnB8zlEMZ | ||
| S2GoECKVEugRJUwXayyaJac9ygL895M9S49Ikvth18eyfmSu+A8usMG2PEklGCa2 | ||
| Yz0ij3P5KmgEXnHHuIydsxITbQIDAQABo2MwYTAdBgNVHQ4EFgQUj8ngJAk3fVY/ | ||
| KHlgDC2AFB1Kz5gwHwYDVR0jBBgwFoAUj8ngJAk3fVY/KHlgDC2AFB1Kz5gwDwYD | ||
| VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEB | ||
| AJStEky4C9/28O8MQz7+MaupQn7MORVEWnYm2+afET0O6S+sLmqU6dEuzPXAxZit | ||
| x72Hw+g3i3XHwPtr2+WOpppTSA4fWuQzntcTaJErs4nImP9oVDs7wACaR2ITMuQ9 | ||
| jIwdBhaO3D1RBpKLsKYNyDbhvrprIscZBGxmmqOZJpcejsNCUwAAi3qcmGloZUJb | ||
| kX/+c3mYN5qGw62X2nQhTmm4sGfe4hRloAoaPFmezF+9HIKIYQ92gXRDEgDEImbj | ||
| 39pqNdWfJ6zpWWrqqRH2il93BZ3qFk8904Z+3WBxKYhDJ0f8WBA4ECV4LCWaRL7t | ||
| RMbshIkpD5rfFuIjx1/ApuQ= | ||
| -----END CERTIFICATE----- |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| -----BEGIN PRIVATE KEY----- | ||
| MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCtBcpDMwAouuCD | ||
| SdO4rtWQkT/5IImPGLIX0qofIZq54eur64RPnh7FqbI+G87iD8/xXaEBup84fhT9 | ||
| yvsvxMDFYd06CUsrEcTEy3bfDHtfCo7dnELCj2A7tq5baxru2qASvqYCGEGeBiqM | ||
| qETjAn3BnsU1BHUCGaGA9bVnpwUEoKaBaFplXSonQnphdiXzad3ilIpGcWmJU/8i | ||
| z+NzgJrNmKSJL2F4OwIvvb+LNEJT2IW0U4RCXMIT+SMbgJ1MwRfH/XrU9fviRv9l | ||
| pjaXNlVonPjE1IRwAoZGagdPRso3naCiPWlHyJGpii3qoCd/dcCLk72xYV1tJVji | ||
| UFR3b7x3AgMBAAECggEACAyljX012cGGNkDYX/H2TyOKxQNgAKZUi07BUvGWo0B8 | ||
| XPn37cSX7JzuO/0LD2iX6eims0bSAsOX//t/2xoiIXXPlwsdf+o8x1NPDYFJpzEP | ||
| 6Son9BcXEhuKGghAXQSAWqpSXPVMpVZUh7bS6+UFtEqlSVo3Ow1IENnmpq4xku2I | ||
| x03zwXLdCPdleUBr8zPHRWaGNg2x1jpVxHR7N5KHTfhz0ylIMDBfThseHUuMkkY9 | ||
| VlTQNW5jd/9Zr8kxbe6J5/o699QL6I3a/ACmlXbyO6g6PSUl39dYfOQPTCeIFKrc | ||
| FyZvEeVT9ZZwSnKbVr+kM+k/uzdURKOj7IE68yF+VQKBgQDf8TQw4Wn7PVVnZGgw | ||
| PvkAKiKp0OE+NqWu7p+NhRE0x6nUcqXOX1zm1EDu2GcFGSegGb+DcQYVcU7DhWlo | ||
| 7PZEPaH3ddgRBXte/nhP0Meaxz5FRdMGoI4ywv/uB4jOeJbw/gIkfkyBCgpplYbv | ||
| H/BOBjN+4f6HiGlcSwl/bR8KvQKBgQDFyooQb8CrF7vxPAxagU/JWzCp1xVKjtzU | ||
| Z5oRWjNBNH/PzXfDTQWpDefHXJ30Z8cKwHy5TUqIL8g2jW85AXYk8rgbIBtRk/DI | ||
| izHJWqTydrOaeTvbUrao+xIvSOhxgcLt90aadOAk47E+bnbXBGFOEfvM8KF2QVeb | ||
| x8PQ+UTxQwKBgQC53N5dR2kHvYL5egtDJ7DQIyh72sJnOUHP63r/IRcDwEdC7RiS | ||
| LPHVHwr5cSAnyhXqOhSKSi8rcsxVWJABJtLKFoEr+mGm1u7rC7bdP8G6w2z6X5Zi | ||
| pLUAinmRnC0+eDWGtLsggLaMTsIPmavRIaf3igwJXhY7dMtFb33lhbLC3QKBgCY4 | ||
| VSWH8rsdAvxClkCG7FwEewrWvQ6DPLjurB7eRzk6Y9hL4/ChWY6pWTh09TDdPOEf | ||
| APrtrJFUamPgQLXLSoEpRdo4Ag9pfwXBoAVAts8DkQEwnBhti05r9b+dXw1P/dLu | ||
| DX6bRxTZys49mklCV2s2nmmjtg+b4MoBeB1RjbjxAoGAEsxMZu1hZbynDf/j6Q9J | ||
| JvZWzBGbiGbEXJQPB0ZlBDSWXeGyMYv1pw35YRXBa+jk1+fP4IWRF3UABY8tchmt | ||
| M4X9veVRUyznd7GwqhrwgvvUK1EW6qURDVObeMe6/Bdm09lu3G2NhFWZP7DM3F/5 | ||
| /okcZc7DZOZCUlcHgiIg0y0= | ||
| -----END PRIVATE KEY----- |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIDRTCCAi2gAwIBAgIUCmRSuBn+jTOljHtas3Mut6KyiFAwDQYJKoZIhvcNAQEL | ||
| BQAwJjEkMCIGA1UEAwwbUmVsYXggUlNBIEtleSBVc2FnZSBUZXN0IENBMB4XDTI2 | ||
| MDYyNjE4NDMxMloXDTI3MDYyNjE4NDMxMlowFDESMBAGA1UEAwwJbG9jYWxob3N0 | ||
| MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQXKQzMAKLrgg0nTuK7V | ||
| kJE/+SCJjxiyF9KqHyGaueHrq+uET54examyPhvO4g/P8V2hAbqfOH4U/cr7L8TA | ||
| xWHdOglLKxHExMt23wx7XwqO3ZxCwo9gO7auW2sa7tqgEr6mAhhBngYqjKhE4wJ9 | ||
| wZ7FNQR1AhmhgPW1Z6cFBKCmgWhaZV0qJ0J6YXYl82nd4pSKRnFpiVP/Is/jc4Ca | ||
| zZikiS9heDsCL72/izRCU9iFtFOEQlzCE/kjG4CdTMEXx/161PX74kb/ZaY2lzZV | ||
| aJz4xNSEcAKGRmoHT0bKN52goj1pR8iRqYot6qAnf3XAi5O9sWFdbSVY4lBUd2+8 | ||
| dwIDAQABo30wezAOBgNVHQ8BAf8EBAMCBSAwEwYDVR0lBAwwCgYIKwYBBQUHAwEw | ||
| FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQWBBR4WbrbwW1ZzEwF0fRUB+XA | ||
| LF4WGzAfBgNVHSMEGDAWgBSPyeAkCTd9Vj8oeWAMLYAUHUrPmDANBgkqhkiG9w0B | ||
| AQsFAAOCAQEAz336T8K625TdEkvqQ/B/bbkW5zv2y/mu1G+iW7aSfYNdOsH1fVFl | ||
| kFpFJsv2dUoV82fKzk33RcXDlc9o3y4KzTeTPaEZb4ZCe8TleWkjdZYa7/hRj6GR | ||
| bc7mniRawJVtdCKfAvg+SgiPwSt18s1BCMd4B/5XIQivgd+ksYvtIFRdn15OtNZi | ||
| Z91m1rSUHSgJLqHtxSNYwbxz3yw1/gm+Xfvj1+HZe4gTjfqjLIyhRJti1botWMaR | ||
| 4XYy1W/WAbJ1avvKNfjkAoBZAYXguperASS/eZ3d7hH+0RVrBQSp1bde9/utChvE | ||
| 5ls7xa9vwSLCKoXtAXGiaSePA5XDAkTGrg== | ||
| -----END CERTIFICATE----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider a rename that allows us to reuse this for other changes like this.