summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_constraints.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Allow IP addresses to be specified in a URI.beck2023-09-291-13/+18
| | | | | | | | | | | | Our checking here was a bit too aggressive, and did not permit an IP address in a URI. IP's in a URI are allowed for things like CRLdp's AIA, SAN URI's etc.). The check for this was also slightly flawed as we would permit an IP if memory allocation failed while checking for an IP. Correct both issues. ok tb@
* spelling fixes; from paul tagliamontejmc2022-12-261-7/+7
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Fix NULL dereference in x509_constraints_uri_host()tb2022-11-281-2/+3
| | | | | | | | | When called from v2i, hostpart in x509_constraints_uri_host() is NULL, so add a NULL check before storing the strdup result in it. From Anton Borowka ok jsing miod
* Start CBS-ifying the name constraints code.beck2022-11-111-95/+135
| | | | ok jsing@ tb@
* Correct misleading comment for URI parsingbeck2022-06-271-4/+10
| | | | ok jsing@
* Fix URI name constraints, allow for URI's with no host part.beck2022-06-261-3/+12
| | | | | | | | | | | Such uri's must be parsed and allowed, but then should fail if a name constraint is present. Adds regress testing for this same case. fixes https://github.com/libressl-portable/openbsd/issues/131 ok tb@
* name constraints: be more careful with NULstb2022-03-261-8/+18
| | | | | | | | | | | | | | An IA5STRING is a Pascal string that can have embedded NULs and is not NUL terminated (except that for legacy reasons it happens to be). Instead of taking the strlen(), use the already known ASN.1 length and use strndup() instead of strdup() to generate NUL terminated strings after some existing code has checked that there are no embedded NULs. In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not optimal and might be switched to using strvis() later. ok beck inoguchi jsing
* Allow constraints of the form @domain.comtb2022-03-141-10/+17
| | | | | | | | | | Some things issue and expect that we support a non-standard extension of accepting any email address from a host by prefixing an email name constraint with @. This used to be the case with the old code as well. Pointed out and based on a diff by Alex Wilson. ok jsing
* Rework ownership handling in x509_constraints_validate()tb2022-03-141-30/+42
| | | | | | | | | | Instead of having the caller allocate and pass in a new x509_constraints_name struct, handle allocation inside x509_constraints_validate(). Also make the error optional. All this is done to simplify the call sites and to make it more obvious that there are no leaks. ok jsing
* Relax the check of x509_constraints_dirname()libressl-v3.5.1tb2022-03-131-2/+6
| | | | | | | | | The dirname constraint must be a prefix in DER format, so relax the check from requiring equal-length strings to allow shorter names also. From Alex Wilson ok jsing
* Add missing error check after strdup()tb2022-03-131-2/+5
| | | | | | From Alex Wilson ok jsing
* Pull a len == 0 check up before malloc(len) to avoid implementationtb2022-03-031-5/+5
| | | | | | defined behavior. ok deraadt inoguchi
* Unwrap a linetb2022-03-021-3/+2
|
* zap doubled semicolontb2021-12-261-2/+2
|
* Validate Subject Alternate Names when they are being added to certificates.beck2021-10-261-5/+11
| | | | | | | With this change we will reject adding SAN DNS, EMAIL, and IP addresses that are malformed at certificate creation time. ok jsing@ tb@
* Avoid a potential overread in x509_constraints_parse_mailbox()jsing2021-09-231-5/+9
| | | | | | | | | | The length checks need to be >= rather than > in order to ensure the string remains NUL terminated. While here consistently check wi before using it so we have the same idiom throughout this function. Issue reported by GoldBinocle on GitHub. ok deraadt@ tb@
* Relax SAN DNSname validation and constraints to permit non leading *beck2021-04-271-19/+21
| | | | | | | | | | | wildcards. While we may choose not to support them the standards appear to permit them optionally so we can't declare a certificate containing them invalid. Noticed by jeremy@, and Steffan Ulrich and others. Modify the regression tests to test these cases and not check the SAN DNSnames as "hostnames" anymore (which don't support wildcards). ok jsing@, tb@
* Zap a useless variable.tb2021-03-121-4/+2
| | | | suggested by jsing
* Missing void in function definitiontb2021-03-121-2/+2
| | | | ok jsing
* Fix checks of memory caps of constraints namestb2021-03-121-13/+21
| | | | | | | | | | | | | | | x509_internal.h defines caps on the number of name constraints and other names (such as subjectAltNames) that we want to allocate per cert chain. These limits are checked too late. In a particularly silly cert that jan found on ugos.ugm.ac.id 443, we ended up allocating six times 2048 x509_constraint_name structures before deciding that these are more than 512. Fix this by adding a names_max member to x509_constraints_names which is set on allocation against which each addition of a name is checked. cluebat/ok jsing ok inoguchi on earlier version
* Avoid undefined behavior due to memcpy(NULL, NULL, 0)tb2020-11-251-4/+6
| | | | | | | | | This happens if name->der_len == 0. Since we already have a length check, we can malloc and memcpy inside the conditional. This also makes the code easier to read. agreement from millert ok jsing
* KNF (whitespace)tb2020-11-181-2/+2
|
* Fix some line wrapping and other whitespace issues.tb2020-09-211-45/+34
| | | | No change in the generated assembly on amd64.
* Move freeing and zeroing up to right after the while loop.tb2020-09-211-5/+5
| | | | Requested by jsing
* Avoid memleak caused by shadowingtb2020-09-201-2/+5
| | | | | | | | | | | The outer scope in x509_constraints_extract_names() contains a vname variable which will be freed on error, but an inner scope contains another vname that won't be freed, e.g., if x509_constraints_names_add fails. Found by llvm scan-build. ok beck
* KNF/whitespace nitstb2020-09-201-2/+2
|
* Correct a 1 byte read overflow in x509_contraints_uri and addbeck2020-09-201-4/+9
| | | | | | | | regress to catch it in the future. found by Guido Vranken's cryptofuzzer ok tb@
* Fix a memory leak in x509_constraints_extract_namestb2020-09-201-6/+6
| | | | | | | | | | | | | If the default path of the switch is taken, vname will not be added to the names list and will leak when it is set to NULL. Simplify the logic by eliminating the add Boolean. Instead, free and zero vname in the default case and continue the while loop directly. At the bottom of the switch, add vname to the names list unconditionally zero it out since it's now owned by names. Found by Guido Vranken's cryptofuzzer ok beck
* Fix potential overflow in CN subject line parsing, thanks tobeck2020-09-181-4/+5
| | | | | | | | ASN1_STRING - the gift that keeps on giving. Found by Guido Vranken's cryptofuzzer. ok tb@
* remove unneeded variable "type".beck2020-09-141-6/+5
| | | | | Yak for my shaving pleasure found by llvm static analyzer ok tb@
* Don't leak names on successbeck2020-09-141-1/+2
| | | | | found by llvm static analyzer. ok tb@
* Add x509_constraints.c - a new implementation of x509 name constraints, withbeck2020-09-111-0/+1180
regression tests. The use of the new name constraints is not yet activated in x509_vfy.c and will be activated in a follow on commit ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 16:52:38 +0000