-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add missing validity checks to CSR verification
- SDK's CSR verification (VerifyCertificateSigningRequest) allowed trailing garbage past the end of the buffer if the primary SEQUENCE element is OK and checks-out. This is looser enforcement than some crypto libraries which expect a CSR to be 100% valid ASN.1 DER and have no unnecessary bytes or otherwise unparsable bytes. Fixes #22068 This PR: - Adds validity checks for size and basic format that catches the problem. - Adds unit tests that use externally generated CSRs to validate the `VerifyCertificateSigningRequest` logic, rather than only relying on round-trips with generation. Testing done: - Added new unit tests. Existing unit tests pass - Tested under OpenSSL, BoringSSL and mbedTLS
- Loading branch information
1 parent
a8d12af
commit 5ce2840
Showing
7 changed files
with
211 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters