diff options
| author | beck <> | 2023-05-28 09:02:01 +0000 |
|---|---|---|
| committer | beck <> | 2023-05-28 09:02:01 +0000 |
| commit | fa13c61b67163471b62143c6d6c5bf85974c2914 (patch) | |
| tree | 7bfc6527c3c57631f84017c3a82e2c993e8e2077 /src/regress/lib/libtls | |
| parent | a95e36808ea4031670010ec297a8701fa0500aaa (diff) | |
| download | openbsd-fa13c61b67163471b62143c6d6c5bf85974c2914.tar.gz openbsd-fa13c61b67163471b62143c6d6c5bf85974c2914.tar.bz2 openbsd-fa13c61b67163471b62143c6d6c5bf85974c2914.zip | |
Refactor tls_check_common_name to use lower level API.
X509_NAME_get_text_by_NID is kind of a bad interface that
we wish to make safer, and does not give us the visibility
we really want here to detect hostile things.
Instead call the lower level functions to do some better
checking that should be done by X509_NAME_get_text_by_NID,
but is not in the OpenSSL version. Specifically we will treat
the input as hostile and fail if:
1) The certificate contains more than one CN in the subject.
2) The CN does not decode as UTF-8
3) The CN is of invalid length (must be between 1 and 64 bytes)
4) The CN contains a 0 byte
4) matches the existing logic, 1 and 2, and 3 are new checks.
ok tb@
Diffstat (limited to 'src/regress/lib/libtls')
| -rw-r--r-- | src/regress/lib/libtls/verify/verifytest.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/regress/lib/libtls/verify/verifytest.c b/src/regress/lib/libtls/verify/verifytest.c index b41b62fcfb..57aa992149 100644 --- a/src/regress/lib/libtls/verify/verifytest.c +++ b/src/regress/lib/libtls/verify/verifytest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: verifytest.c,v 1.7 2017/04/30 03:53:31 jsing Exp $ */ | 1 | /* $OpenBSD: verifytest.c,v 1.8 2023/05/28 09:02:01 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -40,6 +40,7 @@ struct verify_test { | |||
| 40 | const char name[128]; | 40 | const char name[128]; |
| 41 | int want_return; | 41 | int want_return; |
| 42 | int want_match; | 42 | int want_match; |
| 43 | int name_type; | ||
| 43 | }; | 44 | }; |
| 44 | 45 | ||
| 45 | struct verify_test verify_tests[] = { | 46 | struct verify_test verify_tests[] = { |
| @@ -474,7 +475,8 @@ do_verify_test(int test_no, struct verify_test *vt) | |||
| 474 | if ((name = X509_NAME_new()) == NULL) | 475 | if ((name = X509_NAME_new()) == NULL) |
| 475 | errx(1, "failed to malloc X509_NAME"); | 476 | errx(1, "failed to malloc X509_NAME"); |
| 476 | if (X509_NAME_add_entry_by_NID(name, NID_commonName, | 477 | if (X509_NAME_add_entry_by_NID(name, NID_commonName, |
| 477 | MBSTRING_ASC, (unsigned char *)vt->common_name, | 478 | vt->name_type ? vt->name_type : MBSTRING_ASC, |
| 479 | (unsigned char *)vt->common_name, | ||
| 478 | vt->common_name_len, -1, 0) == 0) | 480 | vt->common_name_len, -1, 0) == 0) |
| 479 | errx(1, "failed to add name entry"); | 481 | errx(1, "failed to add name entry"); |
| 480 | if (X509_set_subject_name(cert, name) == 0) | 482 | if (X509_set_subject_name(cert, name) == 0) |