| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
Per RFC 3779 2.2.3.3, the addressFamily field contains the 2-byte AFI
and an optional 1-byte SAFI. Nothing else. The optional SAFI is nowhere
exposed in the API. It is used expliclty only for pretty printing. There
are implicit uses in a few places, notably for sorting/comparing where
trailing garbage would be erroneously taken into account.
Erroring in this situation will let us avoid this in upcoming revisions.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
The manual byte bashing is performed more safely using this API
which would have avoided the out-of-bounds read that this API had
until a few years back.
The API is somewhat strange in that it uses the reserved AFI 0 as an
in-band error but it doesn't care about the reserved AFI 65535.
ok inoguchi jsing
|
| | |
|
| | |
|
| |
|
|
|
|
| |
as is done for most other X.509 v3 extension methods.
discussed with jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This is reachable from x509_verify(), but all asserts are previously
checked in the caller. Turn them into error checks and make sure
the error is set on the X509_STORE_CTX if present. Change some
stack == NULL || sk_num(stack) == 0 checks into sk_num(stack) <= 0
which is equivalent but simpler.
ok jsing
|
| |
|
|
|
|
|
| |
All internal callers check the return value and future external
callers will be happy not to hit an assert from the library.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This can read a value in an arbitrary base from a string that is
supposed to be followed by whitespace or a colon, so it cannot be
switched to strtonum(). The current checks don't allow a read past
the end, but let's use the standard idiom instead.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch an insufficiently checked strtoul() to strtonum(). This can
be used to trigger a read of a user-controlled size from the stack.
$ openssl req -new -addext 'sbgp-ipAddrBlock = IPv4:192.0.2.0/12341234'
Segmentation fault (core dumped)
The bogus prefix length 12341234 is fed into X509v3_addr_add_prefix() and
used to read (prefixlen + 7) / 8 bytes from the stack variable 'min[16]'
that ends up as 'data' in the memmove in ASN1_STRING_set().
The full fix will add length checks to X509v3_addr_add_prefix() and
make_addressPrefix() and will be dealt with later. The entire
X509v3_{addr,asid}_* API will need a thorough review before it can be
exposed.
This code is only enabled in -current and can only be reached from
openssl.cnf files that contain sbgp-ipAddrBlock or from the openssl(1)
command line.
ok jsing
|
| |
|
|
| |
in OpenSSL commit d2e9e320.
|
| |
|
|
|
|
|
|
| |
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.
ok jsing
|
| | |
|
| |
|
|
| |
Spotted by egcc. ok tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
|
| |
No functional changes.
OK tb@
|
| |
|
|
| |
OK tb@ jsing@ beck@
|
| |
|
|
|
|
| |
The conversion tool didn't handle 'static_ASN1_ITEM_TEMPLATE_END'
OK tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
OK beck@ tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
OK jsing@
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
OK jsing@
|
|
|
Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360).
Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf)
This changeset is a no-op, as there are 10+ issues and at least 2 security issues.
Work will continue in-tree.
OK tb@, discussed with beck@
|
