boringssl/crypto/x509
Adam Langley 1902d818ac Tighten and test name-checking functions.
This change follows up from e759a9cd with more extensive changes and
tests:

If a name checking function (like |X509_VERIFY_PARAM_set1_host|) fails,
it now poisons the |X509_VERIFY_PARAM| so that all verifications will
fail. This is because we have observed that some callers are not
checking the return value of these functions.

Using a length of zero for a hostname to mean |strlen| is now an error.
It also an error for email addresses and IP addresses now, and doesn't
end up trying to call |strlen| on a (binary) IP address.

Setting an email address with embedded NULs now fails. So does trying to
configure an empty hostname or email with (NULL, 0).

|X509_check_*| functions in BoringSSL don't accept zero lengths (unlike
OpenSSL). It's now tested that such calls always fail.

Change-Id: I4484176f2aae74e502a09081c7e912c85e8d090b
Update-Note: several behaviour changes. See change description.
Reviewed-on: https://boringssl-review.googlesource.com/26764
Reviewed-by: David Benjamin <davidben@google.com>
2018-03-30 16:50:11 +00:00
..
a_digest.c
a_sign.c
a_strex.c
a_verify.c
algorithm.c
asn1_gen.c
by_dir.c
by_file.c
charmap.h
CMakeLists.txt
i2d_pr.c
internal.h
make_many_constraints.go
many_constraints.pem
many_names1.pem
many_names2.pem
many_names3.pem
rsa_pss.c
some_names1.pem
some_names2.pem
some_names3.pem Fix some issues with name constraints test certs. 2017-09-20 21:06:00 +00:00
t_crl.c
t_req.c
t_x509.c
t_x509a.c
vpm_int.h
x509_att.c
x509_cmp.c
x509_d2.c
x509_def.c
x509_ext.c
x509_lu.c
x509_obj.c
x509_r2x.c
x509_req.c
x509_set.c Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
x509_test.cc
x509_trs.c
x509_txt.c
x509_v3.c
x509_vfy.c
x509_vpm.c
x509.c
x509cset.c
x509name.c
x509rset.c
x509spki.c
x_algor.c
x_all.c
x_attrib.c
x_crl.c
x_exten.c
x_info.c
x_name.c
x_pkey.c
x_pubkey.c Change |EVP_PKEY_up_ref| to return int. 2016-07-12 17:55:41 +00:00
x_req.c
x_sig.c
x_spki.c
x_val.c
x_x509.c
x_x509a.c