git.openssl.org Git - openssl.git/commit

author	David Benjamin <davidben@google.com>
	Mon, 18 Sep 2017 20:51:56 +0000 (16:51 -0400)
committer	Andy Polyakov <appro@openssl.org>
	Fri, 22 Sep 2017 20:00:55 +0000 (22:00 +0200)
commit	8545051c3652bce7bb962afcb6879c4a6288bc67
tree	03f47ed1bb5c20496f6ed891540e0490265791df	tree \| snapshot
parent	79b4444d81e2b9f21c60d7bf6511200e3e41d6fd	commit \| diff

Guard against DoS in name constraints handling.

This guards against the name constraints check consuming large amounts
of CPU time when certificates in the presented chain contain an
excessive number of names (specifically subject email names or subject
alternative DNS names) and/or name constraints.

Name constraints checking compares the names presented in a certificate
against the name constraints included in a certificate higher up in the
chain using two nested for loops.

Move the name constraints check so that it happens after signature
verification so peers cannot exploit this using a chain with invalid
signatures. Also impose a hard limit on the number of name constraints
check loop iterations to further mitigate the issue.

Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4393)

crypto/x509/x509_vfy.c		diff \| blob \| history
crypto/x509v3/v3_ncons.c		diff \| blob \| history
test/certs/many-constraints.pem	[new file with mode: 0644]	blob
test/certs/many-names1.pem	[new file with mode: 0644]	blob
test/certs/many-names2.pem	[new file with mode: 0644]	blob
test/certs/many-names3.pem	[new file with mode: 0644]	blob
test/certs/some-names1.pem	[new file with mode: 0644]	blob
test/certs/some-names2.pem	[new file with mode: 0644]	blob
test/certs/some-names3.pem	[new file with mode: 0644]	blob
test/recipes/25-test_verify.t		diff \| blob \| history