summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix some KNF issuestb2020-12-161-7/+8
|
* Fix a NULL dereference in GENERAL_NAME_cmp()tb2020-12-081-6/+46
| | | | | | | | | | | | Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing
* Avoid undefined behavior due to memcpy(NULL, NULL, 0)tb2020-11-251-4/+6
| | | | | | | | | This happens if name->der_len == 0. Since we already have a length check, we can malloc and memcpy inside the conditional. This also makes the code easier to read. agreement from millert ok jsing
* Plug leak in x509_verify_chain_dup()tb2020-11-181-2/+2
| | | | | | | | | | | | | | | x509_verify_chain_new() allocates a few members of a certificate chain: an empty stack of certificates, a list of errors encountered while validating the chain, and a list of name constraints. The function to copy a chain would allocate a new chain using x509_verify_chain_new() and then clobber its members by copies of the old chain. Fix this by replacing x509_verify_chain_new() with calloc(). Found by review while investigating the report by Hanno Zysik who found the same leak using valgrind. This is a cleaner version of my initial fix from jsing. ok jsing
* Plug a big memory leak in the new validatortb2020-11-181-1/+6
| | | | | | | | | | | | | | | | | | The legacy validator would only call x509_vfy_check_policy() once at the very end after cobbling together a chain. Therefore it didn't matter that X509_policy_check() always allocates a new tree on top of the one that might have been passed in. This is in stark contrast to other, similar APIs in this code base. The new validator calls this function several times over while building its chains. This adds up to a sizable leak in the new validator. Reported with a reproducer by Hanno Zysik on github, who also bisected this to the commit enabling the new validator. Narrowed down to x509_vfy_check_policy() by jsing. We simultaenously came up with a functionally identical fix. ok jsing
* zap ugly empty line before closing bracetb2020-11-181-2/+1
|
* Move freeing of the verify context to its natural place instead oftb2020-11-181-2/+2
| | | | | | a few lines after. stylistic nit from jsing
* KNF (whitespace)tb2020-11-184-13/+13
|
* Use X509_V_OK instead of 0.jsing2020-11-161-4/+3
| | | | ok beck@ tb@
* Add back an X509_STORE_CTX error code assignment.jsing2020-11-161-2/+3
| | | | | | | | This was inadvertently removed in r1.19. Spotted by tb@ ok beck@ tb@
* Return the specific failure for a "self signed certificate" in the chainbeck2020-11-151-1/+14
| | | | | | | | | in order to be compatible with the openssl error craziness in the legacy verifier case. This will fix a regress problem noticed by znc ok tb@
* Handle additional certificate error cases in new X.509 verifier.jsing2020-11-112-12/+79
| | | | | | | | | | | | | | | | | | | | | | | With the old verifier, the verify callback can always return 1 instructing the verifier to simply continue regardless of a certificate verification failure (e.g. the certificate is expired or revoked). This would result in a chain being built, however the first error encountered would be persisted, which allows the caller to build the chain, have the verification process succeed, yet upon inspecting the error code note that the chain is not valid for some reason. Mimic this behaviour by keeping track of certificate errors while building chains - when we finish verification, find the certificate error closest to the leaf certificate and expose that via the X509_STORE_CTX. There are various corner cases that we also have to handle, like the fact that we keep an certificate error until we find the issuer, at which point we have to clear it. Issue reported by Ilya Shipitcin due to failing haproxy regression tests. With much discussion and input from beck@ and tb@! ok beck@ tb@
* Fix bad indent.jsing2020-11-031-7/+6
|
* Hook X509_STORE_CTX get_issuer() callback from new X509 verifier.jsing2020-11-031-3/+17
| | | | | | | | | | | If we fail to find a parent certificate from either the supplied roots or intermediates and we have a X509_STORE_CTX, call its get_issuer() callback to see if it can supply a suitable certificate. This makes things like certificates by directory (aka by_dir) work correctly. Issue noted by Uwe Werler <uwe@werler.is> ok beck@ tb@
* Add a safety net to ensure that we set an error on the store context.tb2020-10-261-1/+3
| | | | Suggested by and discussed with beck
* If x509_verify() fails, ensure that the error is also set on the storetb2020-10-261-10/+15
| | | | | | | context. This is what is returned in SSL_get_verify_result(). Spotted and initial diff from jeremy; discussed with jsing ok beck
* Make sure that x509_vfy_check_id() failure also sets ctx->error, not onlytb2020-10-261-3/+8
| | | | | | ctx->xsc->error. Will be needed in an upcoming diff. from beck
* Ensure leaf is set up on X509_STORE_CTX before verification.jsing2020-09-261-9/+7
| | | | | | | | | | | | | Previously the leaf certificate was only being set up on the X509_STORE_CTX after two verification steps were performed, however at least one of those steps could result in the verification callback being triggered and existing code breaking. Issue noticed by Raf Czlonka when attempting to connect to talk.google.com using profanity (which does not set SNI and ends up receiving an invalid certificate). ok beck@ deraadt@ tb@
* jumping into the x509 fray with a bunch of whitespace repairderaadt2020-09-261-6/+6
|
* Ensure chain is set on the X509_STORE_CTX before triggering callback.jsing2020-09-231-12/+39
| | | | | | | | | | | | Various software expects the previous behaviour where the certificate chain is available on the X509_STORE_CTX when the verify callback is triggered. Issue hit by bket@ with lastpass-cli which has built in certificate pinning that is checked via the verify callback. Fix confirmed by bket@. ok beck@
* Fix some line wrapping and other whitespace issues.tb2020-09-211-45/+34
| | | | No change in the generated assembly on amd64.
* Move freeing and zeroing up to right after the while loop.tb2020-09-211-5/+5
| | | | Requested by jsing
* Avoid memleak caused by shadowingtb2020-09-201-2/+5
| | | | | | | | | | | The outer scope in x509_constraints_extract_names() contains a vname variable which will be freed on error, but an inner scope contains another vname that won't be freed, e.g., if x509_constraints_names_add fails. Found by llvm scan-build. ok beck
* KNF/whitespace nitstb2020-09-202-6/+7
|
* Correct a 1 byte read overflow in x509_contraints_uri and addbeck2020-09-201-4/+9
| | | | | | | | regress to catch it in the future. found by Guido Vranken's cryptofuzzer ok tb@
* Fix a memory leak in x509_constraints_extract_namestb2020-09-201-6/+6
| | | | | | | | | | | | | If the default path of the switch is taken, vname will not be added to the names list and will leak when it is set to NULL. Simplify the logic by eliminating the add Boolean. Instead, free and zero vname in the default case and continue the while loop directly. At the bottom of the switch, add vname to the names list unconditionally zero it out since it's now owned by names. Found by Guido Vranken's cryptofuzzer ok beck
* remove superfluous NULL checkbeck2020-09-191-2/+2
| | | | ok tb@
* Fix potential overflow in CN subject line parsing, thanks tobeck2020-09-181-4/+5
| | | | | | | | ASN1_STRING - the gift that keeps on giving. Found by Guido Vranken's cryptofuzzer. ok tb@
* revert my putting this on a diet. sadly the NAME_CONSTRAINTS_checkbeck2020-09-161-7/+1
| | | | symbol is exposed api and we probably need to deprecate it thoughtfully.
* noop NAME_CONSTRAINTS_check stubinoguchi2020-09-161-4/+5
| | | | | | | | | | | On OSX and Windows platform portable build fails since it can't find NAME_CONSTRAINTS_check. It is still remain in x509v3.h and Symbols.list but '#if 0'ed from x509_ncons.c. In this situation, some platforms appears to get error. Add noop NAME_CONSTRAINTS_check stub to solve this issue. ok beck@
* Make check in x509_verify_ctx_set_max_signatures() consistent with others.jsing2020-09-161-4/+2
| | | | ok beck@
* Dedup code in x509_verify_ctx_new_from_xsc().jsing2020-09-161-14/+7
| | | | | | | Rather than duplicating code, have x509_verify_ctx_new_from_xsc() call x509_verify_ctx_new(), then handle the xsc specific parts. ok beck@
* set error_depth and current_cert to make more legacy callbacks that don't checkbeck2020-09-151-1/+3
| | | | | | happy ok tb@
* Deduplicate the time validation code between the legacy and newbeck2020-09-153-27/+8
| | | | | | verification code. ok jsing@
* ifdef out code that is no longer used in here. once we are certainbeck2020-09-151-2/+5
| | | | | | of staying with the new name constraint code this will be deleted ok jsing@
* Set error if we are given an NULL ctx in x509_verify, and set errorbeck2020-09-141-5/+3
| | | | | | | | to X509_V_ERR_OUT_OF_MEM instead of UNSPECIFIED in chain_append when allocation fails. noticed by ingo@ ok tb@
* nuke a stray spacetb2020-09-141-2/+2
|
* Fix potential leak when tmpext fails to be added tobeck2020-09-141-2/+6
| | | | | | | the extension list. found by llvm static analyzer ok tb@
* remove unneeded variable "type".beck2020-09-141-6/+5
| | | | | Yak for my shaving pleasure found by llvm static analyzer ok tb@
* Don't leak names on successbeck2020-09-141-1/+2
| | | | | found by llvm static analyzer. ok tb@
* remove unneded variable "time1"beck2020-09-141-6/+6
| | | | | noticed by llvm static analyzer ok tb@
* remove unneded variable "time"beck2020-09-141-3/+2
| | | | | noticed by llvm static analyzer ok tb@
* fix bug introduced on review where refactor made it possible tobeck2020-09-141-2/+2
| | | | | | | eat a NULL. found by clang static analyzer ok tb@
* re-enable new x509 chain verifier as the defaultbeck2020-09-141-3/+1
| | | | ok tb@
* Correctly fix double free introduced on review.beck2020-09-142-3/+3
| | | | | | | the roots for a ctx are only freed in the free function, not in the clear function, so that a ctx can be re-used with the same roots. ok tb@
* Fix double free - review moved the pop_free of roots to x509_verify_ctx_freebeck2020-09-141-2/+1
| | | | so we don't need to pop free the roots separately
* revert previous, need to fix a problembeck2020-09-141-1/+3
|
* Enable the use of the new x509 chain validator by default.beck2020-09-141-3/+1
| | | | ok jsing@ tb@
* Add new x509 certificate chain validator in x509_verify.cbeck2020-09-139-57/+1188
| | | | | | | | | | | | | | | | | | | The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
* Change over to use the new x509 name constraints verification.beck2020-09-121-28/+7
| | | | ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 23:36:47 +0000