mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/src/crypto
History
Adam Langley 647648bd47 crypto/x509: enforce EKU nesting at chain-construction time. 
crypto/x509 has always enforced EKUs as a chain property (like CAPI, but
unlike the RFC). With this change, EKUs will be checked at
chain-building time rather than in a target-specific way.

Thus mis-nested EKUs will now cause a failure in Verify, irrespective of
the key usages requested in opts. (This mirrors the new behaviour w.r.t.
name constraints, where an illegal name in the leaf will cause a Verify
failure, even if the verified name is permitted.).

Updates #15196

Change-Id: Ib6a15b11a9879a9daf5b1d3638d5ebbbcac506e5
Reviewed-on: https://go-review.googlesource.com/71030
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
 		2017-11-07 23:14:10 +00:00
..
aes crypto/aes: use s390x KMA instruction for AES-GCM if available 2017-11-06 07:58:37 +00:00
cipher crypto/cipher, crypto/rc4: make overlap rules wording consistent 2017-10-31 22:36:43 +00:00
des crypto: revise wording about cryptographically broken algorithms 2017-05-04 12:31:18 +00:00
dsa all: fix article typos 2017-09-15 02:39:16 +00:00
ecdsa crypto/{ecdsa,rsa}: rename argument to PrivateKey.Sign. 2017-10-29 19:45:11 +00:00
elliptic all: change github.com issue links to golang.org 2017-11-04 04:13:41 +00:00
hmac
internal/cipherhw crypto/{cipher,tls,internal/cryptohw}: prioritise AES-GCM when hardware support is present. 2016-11-07 20:01:18 +00:00
md5 crypto, hash: implement BinaryMarshaler, BinaryUnmarshaler in hash implementations 2017-11-01 21:04:12 +00:00
rand crypto/rand: batch large calls to linux getrandom 2017-08-09 19:29:14 +00:00
rc4 crypto/cipher, crypto/rc4: make overlap rules wording consistent 2017-10-31 22:36:43 +00:00
rsa crypto/{ecdsa,rsa}: rename argument to PrivateKey.Sign. 2017-10-29 19:45:11 +00:00
sha1 crypto, hash: implement BinaryMarshaler, BinaryUnmarshaler in hash implementations 2017-11-01 21:04:12 +00:00
sha256 crypto, hash: implement BinaryMarshaler, BinaryUnmarshaler in hash implementations 2017-11-01 21:04:12 +00:00
sha512 crypto, hash: implement BinaryMarshaler, BinaryUnmarshaler in hash implementations 2017-11-01 21:04:12 +00:00
subtle
tls archive/zip, crypto/tls: use rand.Read instead of casting ints to bytes 2017-11-01 05:51:30 +00:00
x509 crypto/x509: enforce EKU nesting at chain-construction time. 2017-11-07 23:14:10 +00:00
crypto.go crypto: add BLAKE2b and BLAKE2s hash constants 2017-03-01 19:26:16 +00:00
issue21104_test.go crypto/{aes,cipher,rc4}: fix out of bounds write in stream ciphers 2017-08-09 04:17:51 +00:00