summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/lib/libcrypto/cert.pem45
-rw-r--r--src/lib/libcrypto/x509/x509_constraints.c14
2 files changed, 10 insertions, 49 deletions
diff --git a/src/lib/libcrypto/cert.pem b/src/lib/libcrypto/cert.pem
index 104049e9ef..0e50fe639a 100644
--- a/src/lib/libcrypto/cert.pem
+++ b/src/lib/libcrypto/cert.pem
@@ -1,4 +1,4 @@
1# $OpenBSD: cert.pem,v 1.23 2021/06/11 11:40:35 sthen Exp $ 1# $OpenBSD: cert.pem,v 1.24 2021/09/30 18:16:11 deraadt Exp $
2### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 2### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
3 3
4=== /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 4=== /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
@@ -1821,49 +1821,6 @@ r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
1821gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ 1821gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
1822-----END CERTIFICATE----- 1822-----END CERTIFICATE-----
1823 1823
1824### Digital Signature Trust Co.
1825
1826=== /O=Digital Signature Trust Co./CN=DST Root CA X3
1827Certificate:
1828 Data:
1829 Version: 3 (0x2)
1830 Serial Number:
1831 44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
1832 Signature Algorithm: sha1WithRSAEncryption
1833 Validity
1834 Not Before: Sep 30 21:12:19 2000 GMT
1835 Not After : Sep 30 14:01:15 2021 GMT
1836 Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
1837 X509v3 extensions:
1838 X509v3 Basic Constraints: critical
1839 CA:TRUE
1840 X509v3 Key Usage: critical
1841 Certificate Sign, CRL Sign
1842 X509v3 Subject Key Identifier:
1843 C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10
1844SHA1 Fingerprint=DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
1845SHA256 Fingerprint=06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39
1846-----BEGIN CERTIFICATE-----
1847MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
1848MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
1849DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
1850PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
1851Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
1852AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
1853rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
1854OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
1855xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
18567BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
1857aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
1858HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
1859SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
1860ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
1861AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
1862R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
1863JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
1864Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
1865-----END CERTIFICATE-----
1866
1867### Disig a.s. 1824### Disig a.s.
1868 1825
1869=== /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2 1826=== /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index fade58c620..db33bf1aa4 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_constraints.c,v 1.16 2021/04/27 03:35:29 beck Exp $ */ 1/* $OpenBSD: x509_constraints.c,v 1.17 2021/09/23 15:49:48 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -339,16 +339,16 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len,
339 if (c == '.') 339 if (c == '.')
340 goto bad; 340 goto bad;
341 } 341 }
342 if (wi > DOMAIN_PART_MAX_LEN)
343 goto bad;
344 if (accept) { 342 if (accept) {
343 if (wi >= DOMAIN_PART_MAX_LEN)
344 goto bad;
345 working[wi++] = c; 345 working[wi++] = c;
346 accept = 0; 346 accept = 0;
347 continue; 347 continue;
348 } 348 }
349 if (candidate_local != NULL) { 349 if (candidate_local != NULL) {
350 /* We are looking for the domain part */ 350 /* We are looking for the domain part */
351 if (wi > DOMAIN_PART_MAX_LEN) 351 if (wi >= DOMAIN_PART_MAX_LEN)
352 goto bad; 352 goto bad;
353 working[wi++] = c; 353 working[wi++] = c;
354 if (i == len - 1) { 354 if (i == len - 1) {
@@ -363,7 +363,7 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len,
363 continue; 363 continue;
364 } 364 }
365 /* We are looking for the local part */ 365 /* We are looking for the local part */
366 if (wi > LOCAL_PART_MAX_LEN) 366 if (wi >= LOCAL_PART_MAX_LEN)
367 break; 367 break;
368 368
369 if (quoted) { 369 if (quoted) {
@@ -383,6 +383,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len,
383 */ 383 */
384 if (c == 9) 384 if (c == 9)
385 goto bad; 385 goto bad;
386 if (wi >= LOCAL_PART_MAX_LEN)
387 goto bad;
386 working[wi++] = c; 388 working[wi++] = c;
387 continue; /* all's good inside our quoted string */ 389 continue; /* all's good inside our quoted string */
388 } 390 }
@@ -412,6 +414,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len,
412 } 414 }
413 if (!local_part_ok(c)) 415 if (!local_part_ok(c))
414 goto bad; 416 goto bad;
417 if (wi >= LOCAL_PART_MAX_LEN)
418 goto bad;
415 working[wi++] = c; 419 working[wi++] = c;
416 } 420 }
417 if (candidate_local == NULL || candidate_domain == NULL) 421 if (candidate_local == NULL || candidate_domain == NULL)