boringssl/crypto/err
Jesse Selover d7266ecc9b Enforce key usage for RSA keys in TLS 1.2.
For now, this is off by default and controlled by SSL_set_enforce_rsa_key_usage.
This may be set as late as certificate verification so we may start by enforcing
it for known roots.

Generalizes ssl_cert_check_digital_signature_key_usage to check any part of the
key_usage, and adds a new error KEY_USAGE_BIT_INCORRECT for the generalized
method.

Bug: chromium:795089
Change-Id: Ifa504c321bec3263a4e74f2dc48513e3b895d3ee
Reviewed-on: https://boringssl-review.googlesource.com/c/34604
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2019-01-30 21:28:34 +00:00
..
asn1.errordata Use new encoding functions in ASN1_mbstring_ncopy. 2018-05-11 21:58:47 +00:00
bio.errordata
bn.errordata
cipher.errordata
conf.errordata Fix out-of-memory condition in conf. 2017-03-21 16:19:22 +00:00
dh.errordata
digest.errordata Decouple PKCS#12 hash lookup from the OID table. 2017-03-25 21:22:50 +00:00
dsa.errordata Reimplement DSA parsing logic with crypto/asn1. 2016-02-17 00:26:01 +00:00
ec.errordata
ecdh.errordata Add ECDH_compute_key_fips inside the module. 2018-07-30 22:40:31 +00:00
ecdsa.errordata
engine.errordata
err_data_generate.go Modernize OPENSSL_COMPILE_ASSERT, part 2. 2018-11-14 16:06:37 +00:00
err_test.cc Reland "Fix bssl client/server's error-handling." 2018-05-07 17:19:59 +00:00
err.c Add some more compatibility functions. 2018-05-08 20:51:15 +00:00
evp.errordata
hkdf.errordata
internal.h Support symbol prefixes 2018-09-06 20:07:52 +00:00
obj.errordata
pem.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
pkcs7.errordata
pkcs8.errordata Add PKCS12_create. 2018-05-11 21:59:34 +00:00
rsa.errordata Tweak RSA errors for compatibility. 2018-05-15 23:02:49 +00:00
ssl.errordata Enforce key usage for RSA keys in TLS 1.2. 2019-01-30 21:28:34 +00:00
x509.errordata Push an error on sigalg mismatch in X509_verify. 2018-09-19 03:44:50 +00:00
x509v3.errordata