kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
6443173d03
boringssl/crypto/err
History
Jesse Selover d7266ecc9b Enforce key usage for RSA keys in TLS 1.2. 
For now, this is off by default and controlled by SSL_set_enforce_rsa_key_usage.
This may be set as late as certificate verification so we may start by enforcing
it for known roots.

Generalizes ssl_cert_check_digital_signature_key_usage to check any part of the
key_usage, and adds a new error KEY_USAGE_BIT_INCORRECT for the generalized
method.

Bug: chromium:795089
Change-Id: Ifa504c321bec3263a4e74f2dc48513e3b895d3ee
Reviewed-on: https://boringssl-review.googlesource.com/c/34604
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2019-01-30 21:28:34 +00:00
..
asn1.errordata Use new encoding functions in ASN1_mbstring_ncopy. 2018-05-11 21:58:47 +00:00
bio.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
bn.errordata Update BN_enhanced_miller_rabin_primality_test to enforce preconditions and accept BN_prime_checks. 2017-04-21 22:24:01 +00:00
cipher.errordata Enforce incrementing counter for TLS 1.2 AES-GCM. 2017-05-26 20:06:36 +00:00
conf.errordata Fix out-of-memory condition in conf. 2017-03-21 16:19:22 +00:00
dh.errordata Reimplement PKCS #3 DH parameter parsing with crypto/bytestring. 2016-05-09 19:36:41 +00:00
digest.errordata Decouple PKCS#12 hash lookup from the OID table. 2017-03-25 21:22:50 +00:00
dsa.errordata Reimplement DSA parsing logic with crypto/asn1. 2016-02-17 00:26:01 +00:00
ec.errordata Make ECDSA signing 10% faster and plug some timing leaks. 2017-11-22 22:51:40 +00:00
ecdh.errordata Add ECDH_compute_key_fips inside the module. 2018-07-30 22:40:31 +00:00
ecdsa.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
engine.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
err_data_generate.go Modernize OPENSSL_COMPILE_ASSERT, part 2. 2018-11-14 16:06:37 +00:00
err_test.cc Reland "Fix bssl client/server's error-handling." 2018-05-07 17:19:59 +00:00
err.c Add some more compatibility functions. 2018-05-08 20:51:15 +00:00
evp.errordata Implement scrypt from RFC 7914. 2017-06-12 20:32:21 +00:00
hkdf.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
internal.h Support symbol prefixes 2018-09-06 20:07:52 +00:00
obj.errordata Reimplement OBJ_txt2obj and add a lower-level function. 2017-11-27 21:29:00 +00:00
pem.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
pkcs7.errordata Move PKCS#7 functions into their own directory. 2017-04-19 17:24:51 +00:00
pkcs8.errordata Add PKCS12_create. 2018-05-11 21:59:34 +00:00
rsa.errordata Tweak RSA errors for compatibility. 2018-05-15 23:02:49 +00:00
ssl.errordata Enforce key usage for RSA keys in TLS 1.2. 2019-01-30 21:28:34 +00:00
x509.errordata Push an error on sigalg mismatch in X509_verify. 2018-09-19 03:44:50 +00:00
x509v3.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00