mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/src/crypto
History
Filippo Valsorda 9c0a6cec5b [release-branch.go1.14-security] crypto/x509: respect VerifyOptions.KeyUsages on Windows 
When using the platform verifier on Windows (because Roots is nil) we
were always enforcing server auth EKUs if DNSName was set, and none
otherwise. If an application was setting KeyUsages, they were not being
respected.

Started correctly surfacing IncompatibleUsage errors from the system
verifier, as those are the ones applications will see if they are
affected by this change.

Also refactored verify_test.go to make it easier to add tests for this,
and replaced the EKULeaf chain with a new one that doesn't have a SHA-1
signature.

Thanks to Niall Newman for reporting this.

Fixes #39360
Fixes CVE-2020-14039

Change-Id: If5c00d615f2944f7d57007891aae1307f9571c32
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/774414
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/793511
Reviewed-by: Filippo Valsorda <valsorda@google.com>
 		2020-07-14 12:24:21 +00:00
..
aes crypto/aes,crypto/cipher: add asm implementation for aes-gcm on ppc64le 2019-09-24 16:15:36 +00:00
cipher [release-branch.go1.14] crypto/cipher: require non-zero nonce size for AES-GCM 2020-02-24 20:07:06 +00:00
des cmd/go: further reduce init work 2019-03-31 10:49:55 +00:00
dsa all: fix a bunch of misspellings 2019-11-15 21:04:43 +00:00
ecdsa crypto/ecdsa: remove s390x assembly 2019-10-16 21:57:24 +00:00
ed25519 crypto/ed25519: outline NewKeyFromSeed and Sign 2019-09-24 10:23:40 +00:00
elliptic crypto/elliptic: document the Name and names of each curve 2020-02-11 00:59:47 +00:00
hmac crypto/hmac: rename CheckHMAC to ValidHMAC in package docs 2018-11-17 21:29:23 +00:00
internal crypto: panic on illegal input and output overlap 2018-06-19 21:06:50 +00:00
md5 all: remove nacl (part 3, more amd64p32) 2019-10-10 22:38:38 +00:00
rand all: remove the nacl port (part 1) 2019-10-09 06:14:44 +00:00
rc4 crypto/rc4: remove false guarantees from Reset docs and deprecate it 2019-02-22 17:05:17 +00:00
rsa all: change some function documentation to be more idiomatic 2019-07-28 18:09:57 +00:00
sha1 all: remove nacl (part 3, more amd64p32) 2019-10-10 22:38:38 +00:00
sha256 crypto/sha*: replace putUint{32,64} helpers 2019-05-23 16:16:26 +00:00
sha512 crypto/sha*: replace putUint{32,64} helpers 2019-05-23 16:16:26 +00:00
subtle crypto/subtle: normalize constant time ops docs 2019-01-22 19:40:30 +00:00
tls crypto/tls: stop a timeout timer 2020-01-15 20:29:46 +00:00
x509 [release-branch.go1.14-security] crypto/x509: respect VerifyOptions.KeyUsages on Windows 2020-07-14 12:24:21 +00:00
crypto.go
issue21104_test.go