kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
f9f312af61
boringssl/crypto/x509
History
Steven Valdez f9f312af61 Add some sanity checks when checking CRL scores and tests 
Note: this was accidentally omitted from OpenSSL 1.0.2 branch.
Without this fix any attempt to use CRLs will crash.

CVE-2016-7052

(Imported from upstream's 6e629b5be45face20b4ca71c4fcbfed78b864a2e)

Test CRL Root Key:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3BS/dUBpbrzd1aeFzN
lI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+5R/Du0iCb1tCZIPY
07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWpuRqO6rctN9qUoMlT
IAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n8H922qmvPNA9idmX
9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbLP2o9orxGx7aCtnnB
ZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABAoIBAQCJF9MTHfHGkk+/
DwCXlA0Wg0e6hBuHl10iNobYkMWIl/xXjOknhYiqOqb181py76472SVC5ERprC+r
Lf0PXzqKuA117mnkwT2bYLCL9Skf8WEhoFLQNbVlloF6wYjqXcYgKYKh8HgQbZl4
aLg2YQl2NADTNABsUWj/4H2WEelsODVviqfFs725lFg9KHDI8zxAZXLzDt/M9uVL
GxJiX12tr0AwaeAFZ1oPM/y+LznM3N3+Ht3jHHw3jZ/u8Z1RdAmdpu3bZ6tbwGBr
9edsH5rKkm9aBvMrY7eX5VHqaqyRNFyG152ZOJh4XiiFG7EmgTPCpaHo50Y018Re
grVtk+FBAoGBANY3lY+V8ZOwMxSHes+kTnoimHO5Ob7nxrOC71i27x+4HHsYUeAr
/zOOghiDIn+oNkuiX5CIOWZKx159Bp65CPpCbTb/fh+HYnSgXFgCw7XptycO7LXM
5GwR5jSfpfzBFdYxjxoUzDMFBwTEYRTm0HkUHkH+s+ajjw5wqqbcGLcfAoGBAMM8
DKW6Tb66xsf708f0jonAjKYTLZ+WOcwsBEWSFHoY8dUjvW5gqx5acHTEsc5ZTeh4
BCFLa+Mn9cuJWVJNs09k7Xb2PNl92HQ4GN2vbdkJhExbkT6oLDHg1hVD0w8KLfz1
lTAW6pS+6CdOHMEJpvqx89EgU/1GgIQ1fXYczE75AoGAKeJoXdDFkUjsU+FBhAPu
TDcjc80Nm2QaF9NMFR5/lsYa236f06MGnQAKM9zADBHJu/Qdl1brUjLg1HrBppsr
RDNkw1IlSOjhuUf5hkPUHGd8Jijm440SRIcjabqla8wdBupdvo2+d2NOQgJbsQiI
ToQ+fkzcxAXK3Nnuo/1436UCgYBjLH7UNOZHS8OsVM0I1r8NVKVdu4JCfeJQR8/H
s2P5ffBir+wLRMnH+nMDreMQiibcPxMCArkERAlE4jlgaJ38Z62E76KLbLTmnJRt
EC9Bv+bXjvAiHvWMRMUbOj/ddPNVez7Uld+FvdBaHwDWQlvzHzBWfBCOKSEhh7Z6
qDhUqQKBgQDPMDx2i5rfmQp3imV9xUcCkIRsyYQVf8Eo7NV07IdUy/otmksgn4Zt
Lbf3v2dvxOpTNTONWjp2c+iUQo8QxJCZr5Sfb21oQ9Ktcrmc/CY7LeBVDibXwxdM
vRG8kBzvslFWh7REzC3u06GSVhyKDfW93kN2cKVwGoahRlhj7oHuZQ==
-----END RSA PRIVATE KEY-----

Change-Id: Icc58811c78d4682591f5bb460cdd219bd41566d8
Reviewed-on: https://boringssl-review.googlesource.com/11246
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-09-26 18:06:52 +00:00
..
a_digest.c
a_sign.c
a_strex.c Fix ASN1_STRING_to_UTF8 could not convert NumericString 2016-07-26 22:41:42 +00:00
a_verify.c
algorithm.c Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
asn1_gen.c Fix build when using Visual Studio 2015 Update 1. 2016-03-25 21:39:52 +00:00
by_dir.c Shush a MinGW warning in crypto/x509. 2016-09-20 22:26:27 +00:00
by_file.c
charmap.h
CMakeLists.txt
i2d_pr.c
internal.h
pkcs7_test.c Start assuming MSVC 2015. 2016-05-02 19:46:25 +00:00
pkcs7.c
rsa_pss.c Remove trailing ';' from macros 2016-09-12 19:17:26 +00:00
t_crl.c
t_req.c
t_x509.c Don't shift serial number into sign bit 2016-03-17 18:23:49 +00:00
t_x509a.c
vpm_int.h
x509_att.c Fix an error path leak in int X509_ATTRIBUTE_set1_data() 2016-07-26 19:53:44 +00:00
x509_cmp.c
x509_d2.c
x509_def.c
x509_ext.c
x509_lu.c Finish aligning up_ref functions with OpenSSL 1.1.0. 2016-08-11 16:51:52 +00:00
x509_obj.c Add checks to X509_NAME_oneline() 2016-05-03 16:34:59 +00:00
x509_r2x.c Fix a few leaks in X509_REQ_to_X509. 2016-09-09 20:17:16 +00:00
x509_req.c
x509_set.c Add various 1.1.0 accessors. 2016-08-10 16:52:15 +00:00
x509_test.cc Add some sanity checks when checking CRL scores and tests 2016-09-26 18:06:52 +00:00
x509_trs.c
x509_txt.c Ensure verify error is set when X509_verify_cert() fails. 2016-06-09 17:29:39 +00:00
x509_v3.c
x509_vfy.c Add some sanity checks when checking CRL scores and tests 2016-09-26 18:06:52 +00:00
x509_vpm.c Fix up x509_vpm.c comment. 2016-09-23 18:39:11 +00:00
x509.c Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
x509cset.c Finish aligning up_ref functions with OpenSSL 1.1.0. 2016-08-11 16:51:52 +00:00
x509name.c
x509rset.c
x509spki.c
x509type.c
x_algor.c
x_all.c
x_attrib.c
x_crl.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
x_exten.c
x_info.c
x_name.c Remove ASN.1 print hooks. 2016-06-14 17:38:31 +00:00
x_pkey.c
x_pubkey.c Change |EVP_PKEY_up_ref| to return int. 2016-07-12 17:55:41 +00:00
x_req.c
x_sig.c
x_spki.c
x_val.c
x_x509.c Finish aligning up_ref functions with OpenSSL 1.1.0. 2016-08-11 16:51:52 +00:00
x_x509a.c