Enforce key usage for RSA keys in TLS 1.2. For now, this is off by default and controlled by SSL_set_enforce_rsa_key_usage. This may be set as late as certificate verification so we may start by enforcing it for known roots. Generalizes ssl_cert_check_digital_signature_key_usage to check any part of the key_usage, and adds a new error KEY_USAGE_BIT_INCORRECT for the generalized method. Bug: chromium:795089 Change-Id: Ifa504c321bec3263a4e74f2dc48513e3b895d3ee Reviewed-on: https://boringssl-review.googlesource.com/c/34604 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>

commit: d7266ecc9bf92ffad277bc39653919da79c8f42b [log] [tgz]
author: Jesse Selover <jselover@google.com> Wed Jan 30 16:06:10 2019 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Jan 30 21:28:34 2019 +0000
tree: b11902db8a834b965947f16f2ad83136e93d3f80
parent: 1a51a5b4a6bdf7ee11b443f21f08dc2ba2de9815 [diff] [blame]
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index eb1c15e..ba5719f 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc

@@ -212,7 +212,8 @@
       }
       // TLS 1.3 always uses certificate keys for signing thus the correct
       // keyUsage is enforced.
-      if (!ssl_cert_check_digital_signature_key_usage(&certificate)) {
+      if (!ssl_cert_check_key_usage(&certificate,
+                                    key_usage_digital_signature)) {
         ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
         return false;
       }
commit	d7266ecc9bf92ffad277bc39653919da79c8f42b	[log] [tgz]
author	Jesse Selover <jselover@google.com>	Wed Jan 30 16:06:10 2019 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Wed Jan 30 21:28:34 2019 +0000
tree	b11902db8a834b965947f16f2ad83136e93d3f80
parent	1a51a5b4a6bdf7ee11b443f21f08dc2ba2de9815 [diff] [blame]