openssl/crypto
David Benjamin 8545051c36 Guard against DoS in name constraints handling.
This guards against the name constraints check consuming large amounts
of CPU time when certificates in the presented chain contain an
excessive number of names (specifically subject email names or subject
alternative DNS names) and/or name constraints.

Name constraints checking compares the names presented in a certificate
against the name constraints included in a certificate higher up in the
chain using two nested for loops.

Move the name constraints check so that it happens after signature
verification so peers cannot exploit this using a chain with invalid
signatures. Also impose a hard limit on the number of name constraints
check loop iterations to further mitigate the issue.

Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4393)
2017-09-22 22:00:55 +02:00
..
aes aes/asm/aesni-sha*-x86_64.pl: add SHAEXT performance results. 2017-07-24 23:29:46 +02:00
aria Fix potential null problem. 2017-09-01 09:30:18 +10:00
asn1 Fix overflow in c2i_ASN1_BIT_STRING. 2017-09-19 21:31:30 +02:00
async e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
bf
bio struct timeval include guards 2017-09-01 09:55:43 +10:00
blake2 Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
bn e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
buffer Use OPENSSL_secure_clear_free for secure mem BIOs and X25519 private keys 2017-07-29 19:26:06 +02:00
camellia
cast e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
chacha x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results. 2017-07-21 14:07:32 +02:00
cmac
cms Support CMS decrypt without a certificate for all key types 2017-08-08 18:55:56 +01:00
comp make error tables const and separate header file 2017-06-07 15:12:03 -04:00
conf Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
ct Null pointer used. 2017-09-18 06:52:13 +10:00
des Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
dh Move the REF_PRINT support from e_os.h to internal/refcount.h. 2017-08-30 07:20:44 +10:00
dsa Move the REF_PRINT support from e_os.h to internal/refcount.h. 2017-08-30 07:20:44 +10:00
dso Replace malloc+strcpy with strdup 2017-09-14 16:13:53 -04:00
ec Fix function name in ECerr call 2017-09-14 16:13:29 -04:00
engine Add CRYPTO_thread_glock_new 2017-08-31 19:42:03 -04:00
err Fix function name in ECerr call 2017-09-14 16:13:29 -04:00
evp Add explanatory comment about fitting into a size_t. 2017-09-15 09:02:00 +10:00
hmac Remove OPENSSL_assert() from crypto/hmac 2017-08-21 08:44:44 +01:00
idea
include/internal Support EVP_PKEY_meth_remove and pmeth internal cleanup 2017-09-14 12:41:34 +08:00
kdf More updates following review feedback 2017-08-21 08:44:44 +01:00
lhash coding style: remove extra whitespace charactor 2017-07-12 21:27:35 +02:00
md2
md4
md5 Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
mdc2
modes crypto/cryptlib.c: mask more capability bits upon FXSR bit flip. 2017-09-01 08:48:32 +02:00
objects objects/obj_xref.txt: cross-reference SHA3 and rsaEncryption. 2017-09-11 22:18:14 +02:00
ocsp Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
pem This has been added to avoid the situation where some host ctype.h functions 2017-08-22 09:45:25 +10:00
perlasm perlasm/ppc-xlate.pl: add PowerISA 3.0B instructions. 2017-06-13 18:37:08 +02:00
pkcs7 This has been added to avoid the situation where some host ctype.h functions 2017-08-22 09:45:25 +10:00
pkcs12 Add checks for alloc failing. 2017-09-06 09:52:16 -04:00
poly1305 x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results. 2017-07-21 14:07:32 +02:00
rand Add CRYPTO_thread_glock_new 2017-08-31 19:42:03 -04:00
rc2
rc4 Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
rc5
ripemd
rsa Support key check in EVP interface 2017-09-13 20:38:14 +02:00
seed
sha sha/asm/keccak1600-armv8.pl: fix return value buglet and ... 2017-09-09 19:09:36 +02:00
siphash
srp Remove custom base64 code. 2017-08-22 11:03:32 -04:00
stack
store Fix OSSL_STORE's 'file' loader: make sure peekbuf is initialised 2017-09-05 17:07:20 +02:00
ts struct timeval include guards 2017-09-01 09:55:43 +10:00
txt_db
ui Add UI functions to set result with explicit length and to retrieve the length 2017-09-08 20:06:06 +02:00
whrlpool Fix a read off the end of the input buffer 2017-06-08 16:05:52 -04:00
x509 Guard against DoS in name constraints handling. 2017-09-22 22:00:55 +02:00
x509v3 Guard against DoS in name constraints handling. 2017-09-22 22:00:55 +02:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h
armcap.c Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
armv4cpuid.pl
build.info This has been added to avoid the situation where some host ctype.h functions 2017-08-22 09:45:25 +10:00
c64xpluscpuid.pl
cpt_err.c make error tables const and separate header file 2017-06-07 15:12:03 -04:00
cryptlib.c crypto/cryptlib.c: mask more capability bits upon FXSR bit flip. 2017-09-01 08:48:32 +02:00
ctype.c Check for EOF in ASCII conversions. 2017-08-25 06:42:17 +10:00
cversion.c Undo commit d420ac2 2017-07-05 11:32:35 +10:00
dllmain.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
ebcdic.c
ex_data.c Add CRYPTO_thread_glock_new 2017-08-31 19:42:03 -04:00
ia64cpuid.S Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
init.c Address feedback 2017-08-31 19:42:03 -04:00
LPdir_nyi.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_unix.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_vms.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win32.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_wince.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
mem.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
mem_clr.c
mem_dbg.c Add CRYPTO_thread_glock_new 2017-08-31 19:42:03 -04:00
mem_sec.c Add CRYPTO_thread_glock_new 2017-08-31 19:42:03 -04:00
mips_arch.h
o_dir.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
o_fips.c
o_fopen.c
o_init.c Use "" not <> on e_os.h include 2017-08-22 11:07:56 -04:00
o_str.c Revert "GH614: Use memcpy()/strdup() when possible" 2017-09-14 10:26:54 +10:00
o_time.c Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
pariscid.pl
ppc_arch.h
ppccap.c
ppccpuid.pl
s390xcap.c
s390xcpuid.S
sparc_arch.h
sparccpuid.S
sparcv9cap.c
threads_none.c Remove OPENSSL_assert() from crypto/threads_none.c 2017-08-21 08:44:44 +01:00
threads_pthread.c Put thread-fork-init inside a run-once guard 2017-08-18 11:48:35 -04:00
threads_win.c Add fork handlers, based on pthread_atfork 2017-06-29 16:19:41 -04:00
uid.c
vms_rms.h
x86_64cpuid.pl Fix comment typo. 2017-07-26 23:10:52 -04:00
x86cpuid.pl