From: beck Date: Fri, 11 Nov 2022 12:02:34 +0000 (+0000) Subject: Start CBS-ifying the name constraints code. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f06436f8f89ac0f304ac1a32314f2adbb2ea3b22;p=openbsd Start CBS-ifying the name constraints code. ok jsing@ tb@ --- diff --git a/lib/libcrypto/x509/x509_alt.c b/lib/libcrypto/x509/x509_alt.c index 8656df82b3f..cf8cbf0ce27 100644 --- a/lib/libcrypto/x509/x509_alt.c +++ b/lib/libcrypto/x509/x509_alt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_alt.c,v 1.12 2022/03/26 16:34:21 tb Exp $ */ +/* $OpenBSD: x509_alt.c,v 1.13 2022/11/11 12:02:34 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -619,6 +619,7 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, GENERAL_NAME *ret; size_t len = 0; int type; + CBS cbs; name = cnf->name; value = cnf->value; @@ -669,9 +670,10 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, } type = x509_constraints_general_to_bytes(ret, &bytes, &len); + CBS_init(&cbs, bytes, len); switch (type) { case GEN_DNS: - if (!x509_constraints_valid_sandns(bytes, len)) { + if (!x509_constraints_valid_sandns(&cbs)) { X509V3error(X509V3_R_BAD_OBJECT); ERR_asprintf_error_data("name=%s value='%.*s'", name, (int)len, bytes); @@ -687,7 +689,7 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, } break; case GEN_EMAIL: - if (!x509_constraints_parse_mailbox(bytes, len, NULL)) { + if (!x509_constraints_parse_mailbox(&cbs, NULL)) { X509V3error(X509V3_R_BAD_OBJECT); ERR_asprintf_error_data("name=%s value='%.*s'", name, (int)len, bytes); diff --git a/lib/libcrypto/x509/x509_constraints.c b/lib/libcrypto/x509/x509_constraints.c index 8cd8413dfae..e0560c15788 100644 --- a/lib/libcrypto/x509/x509_constraints.c +++ b/lib/libcrypto/x509/x509_constraints.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_constraints.c,v 1.28 2022/06/27 15:03:11 beck Exp $ */ +/* $OpenBSD: x509_constraints.c,v 1.29 2022/11/11 12:02:34 beck Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -29,11 +29,33 @@ #include #include +#include "bytestring.h" #include "x509_internal.h" /* RFC 2821 section 4.5.3.1 */ -#define LOCAL_PART_MAX_LEN 64 -#define DOMAIN_PART_MAX_LEN 255 +#define LOCAL_PART_MAX_LEN (size_t)64 +#define DOMAIN_PART_MAX_LEN (size_t)255 +#define MAX_IP_ADDRESS_LENGTH (size_t)46 + +static int +cbs_is_ip_address(CBS *cbs) +{ + struct sockaddr_in6 sin6; + struct sockaddr_in sin4; + char *name = NULL; + int ret = 0; + + if (CBS_len(cbs) > MAX_IP_ADDRESS_LENGTH) + return 0; + if (!CBS_strdup(cbs, &name)) + return 0; + if (inet_pton(AF_INET, name, &sin4) == 1 || + inet_pton(AF_INET6, name, &sin6) == 1) + ret = 1; + + free(name); + return ret; +} struct x509_constraints_name * x509_constraints_name_new(void) @@ -165,7 +187,6 @@ x509_constraints_names_dup(struct x509_constraints_names *names) return NULL; } - /* * Validate that the name contains only a hostname consisting of RFC * 5890 compliant A-labels (see RFC 6066 section 3). This is more @@ -177,19 +198,23 @@ x509_constraints_names_dup(struct x509_constraints_names *names) * component. */ static int -x509_constraints_valid_domain_internal(uint8_t *name, size_t len, int wildcards) +x509_constraints_valid_domain_internal(CBS *cbs, int wildcards) { + int first, component = 0; uint8_t prev, c = 0; - int component = 0; - int first; - size_t i; + size_t i, len; + CBS copy; + + CBS_dup(cbs, ©); + + len = CBS_len(cbs); if (len > DOMAIN_PART_MAX_LEN) return 0; - for (i = 0; i < len; i++) { prev = c; - c = name[i]; + if (!CBS_get_u8(©, &c)) + return 0; first = (i == 0); @@ -234,61 +259,42 @@ x509_constraints_valid_domain_internal(uint8_t *name, size_t len, int wildcards) if (++component > 63) return 0; } + return 1; } int -x509_constraints_valid_domain(uint8_t *name, size_t len) +x509_constraints_valid_host(CBS *cbs) { - if (len == 0) - return 0; - /* - * A domain may not be less than two characters, so you can't - * have a require subdomain name with less than that. - */ - if (len < 3 && name[0] == '.') - return 0; - return x509_constraints_valid_domain_internal(name, len, 0); -} + uint8_t first; -int -x509_constraints_valid_host(uint8_t *name, size_t len) -{ - struct sockaddr_in sin4; - struct sockaddr_in6 sin6; - - if (len == 0) - return 0; - if (name[0] == '.') /* leading . not allowed in a host name*/ + if (!CBS_peek_u8(cbs, &first)) return 0; - if (inet_pton(AF_INET, name, &sin4) == 1) + if (first == '.') + return 0; /* leading . not allowed in a host name */ + if (cbs_is_ip_address(cbs)) return 0; - if (inet_pton(AF_INET6, name, &sin6) == 1) - return 0; - return x509_constraints_valid_domain_internal(name, len, 0); + + return x509_constraints_valid_domain_internal(cbs, 0); } int -x509_constraints_valid_sandns(uint8_t *name, size_t len) +x509_constraints_valid_sandns(CBS *cbs) { - if (len == 0) - return 0; + uint8_t first; - if (name[0] == '.') /* leading . not allowed in a SAN DNS name */ + if (!CBS_peek_u8(cbs, &first)) return 0; + if (first == '.') + return 0; /* leading . not allowed in a SAN DNS name */ /* * A domain may not be less than two characters, so you * can't wildcard a single domain of less than that */ - if (len < 4 && name[0] == '*') - return 0; - /* - * A wildcard may only be followed by a '.' - */ - if (len >= 4 && name[0] == '*' && name[1] != '.') + if (CBS_len(cbs) < 4 && first == '*') return 0; - return x509_constraints_valid_domain_internal(name, len, 1); + return x509_constraints_valid_domain_internal(cbs, 1); } static inline int @@ -297,7 +303,7 @@ local_part_ok(char c) return (('0' <= c && c <= '9') || ('a' <= c && c <= 'z') || ('A' <= c && c <= 'Z') || c == '!' || c == '#' || c == '$' || c == '%' || c == '&' || c == '\'' || c == '*' || c == '+' || - c == '-' || c == '/' || c == '=' || c == '?' || c == '^' || + c == '-' || c == '/' || c == '=' || c == '?' || c == '^' || c == '_' || c == '`' || c == '{' || c == '|' || c == '}' || c == '~' || c == '.'); } @@ -309,25 +315,35 @@ local_part_ok(char c) * local and domain parts of the mailbox to "name->local" and name->name" */ int -x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, +x509_constraints_parse_mailbox(CBS *candidate, struct x509_constraints_name *name) { char working[DOMAIN_PART_MAX_LEN + 1] = { 0 }; char *candidate_local = NULL; char *candidate_domain = NULL; - size_t i, wi = 0; + CBS domain_cbs; + size_t i, len, wi = 0; int accept = 0; int quoted = 0; + CBS copy; + /* XXX This should not be necessary - revisit and remove */ if (candidate == NULL) return 0; + CBS_dup(candidate, ©); + + if ((len = CBS_len(©)) == 0) + return 0; + /* It can't be bigger than the local part, domain part and the '@' */ if (len > LOCAL_PART_MAX_LEN + DOMAIN_PART_MAX_LEN + 1) return 0; for (i = 0; i < len; i++) { - char c = candidate[i]; + char c; + if (!CBS_get_u8(©, &c)) + goto bad; /* non ascii, cr, lf, or nul is never allowed */ if (!isascii(c) || c == '\r' || c == '\n' || c == '\0') goto bad; @@ -372,8 +388,11 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, continue; } if (c == '"' && i != 0) { + uint8_t next; /* end the quoted part. @ must be next */ - if (i + 1 == len || candidate[i + 1] != '@') + if (!CBS_peek_u8(©, &next)) + goto bad; + if (next != '@') goto bad; quoted = 0; } @@ -401,14 +420,15 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, continue; } if (c == '\\') { + uint8_t next; /* - * RFC 3936 hints these can happen outside of - * quotend string. don't include the \ but + * RFC 2821 hints these can happen outside of + * quoted string. Don't include the \ but * next character must be ok. */ - if (i + 1 == len) + if (!CBS_peek_u8(©, &next)) goto bad; - if (!local_part_ok(candidate[i + 1])) + if (!local_part_ok(next)) goto bad; accept = 1; } @@ -420,8 +440,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, } if (candidate_local == NULL || candidate_domain == NULL) goto bad; - if (!x509_constraints_valid_host(candidate_domain, - strlen(candidate_domain))) + CBS_init(&domain_cbs, candidate_domain, strlen(candidate_domain)); + if (!x509_constraints_valid_host(&domain_cbs)) goto bad; if (name != NULL) { @@ -440,18 +460,24 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, } int -x509_constraints_valid_domain_constraint(uint8_t *constraint, size_t len) +x509_constraints_valid_domain_constraint(CBS *cbs) { - if (len == 0) + uint8_t first; + + if (CBS_len(cbs) == 0) return 1; /* empty constraints match */ /* * A domain may not be less than two characters, so you * can't match a single domain of less than that */ - if (len < 3 && constraint[0] == '.') - return 0; - return x509_constraints_valid_domain_internal(constraint, len, 0); + if (CBS_len(cbs) < 3) { + if (!CBS_peek_u8(cbs, &first)) + return 0; + if (first == '.') + return 0; + } + return x509_constraints_valid_domain_internal(cbs, 0); } /* @@ -480,6 +506,7 @@ x509_constraints_uri_host(uint8_t *uri, size_t len, char **hostpart) size_t i, hostlen = 0; uint8_t *authority = NULL; char *host = NULL; + CBS host_cbs; /* * Find first '//'. there must be at least a '//' and @@ -529,10 +556,11 @@ x509_constraints_uri_host(uint8_t *uri, size_t len, char **hostpart) return 0; if (host == NULL) host = authority; - if (!x509_constraints_valid_host(host, hostlen)) + CBS_init(&host_cbs, host, hostlen); + if (!x509_constraints_valid_host(&host_cbs)) + return 0; + if (hostpart != NULL && !CBS_strdup(&host_cbs, hostpart)) return 0; - if (hostpart != NULL) - *hostpart = strndup(host, hostlen); return 1; } @@ -593,12 +621,15 @@ x509_constraints_domain(char *domain, size_t dlen, char *constraint, size_t len) } int -x509_constraints_uri(uint8_t *uri, size_t ulen, uint8_t *constraint, size_t len, +x509_constraints_uri(uint8_t *uri, size_t ulen, uint8_t *constraint, + size_t len, int *error) { int ret = 0; char *hostpart = NULL; + CBS cbs; + CBS_init(&cbs, constraint, len); if (!x509_constraints_uri_host(uri, ulen, &hostpart)) { *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; goto err; @@ -607,7 +638,7 @@ x509_constraints_uri(uint8_t *uri, size_t ulen, uint8_t *constraint, size_t len, *error = X509_V_ERR_OUT_OF_MEM; goto err; } - if (!x509_constraints_valid_domain_constraint(constraint, len)) { + if (!x509_constraints_valid_domain_constraint(&cbs)) { *error = X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX; goto err; } @@ -714,7 +745,6 @@ x509_constraints_general_to_bytes(GENERAL_NAME *name, uint8_t **bytes, return 0; } - /* * Extract the relevant names for constraint checking from "cert", * validate them, and add them to the list of cert names for "chain". @@ -734,6 +764,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names, while ((name = sk_GENERAL_NAME_value(cert->altname, i++)) != NULL) { uint8_t *bytes = NULL; size_t len = 0; + CBS cbs; if ((vname = x509_constraints_name_new()) == NULL) { *error = X509_V_ERR_OUT_OF_MEM; @@ -742,30 +773,31 @@ x509_constraints_extract_names(struct x509_constraints_names *names, name_type = x509_constraints_general_to_bytes(name, &bytes, &len); - switch(name_type) { + CBS_init(&cbs, bytes, len); + switch (name_type) { case GEN_DNS: - if (!x509_constraints_valid_sandns(bytes, len)) { + if (!x509_constraints_valid_sandns(&cbs)) { *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; goto err; } - if ((vname->name = strndup(bytes, len)) == NULL) { + if (!CBS_strdup(&cbs, &vname->name)) { *error = X509_V_ERR_OUT_OF_MEM; goto err; } vname->type = GEN_DNS; - include_cn = 0; /* don't use cn from subject */ + include_cn = 0; /* Don't use cn from subject */ break; case GEN_EMAIL: - if (!x509_constraints_parse_mailbox(bytes, len, - vname)) { + if (!x509_constraints_parse_mailbox(&cbs, vname)) { *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; goto err; } vname->type = GEN_EMAIL; - include_email = 0; /* don't use email from subject */ + include_email = 0; /* Don't use email from subject */ break; case GEN_URI: - if (!x509_constraints_uri_host(bytes, len, &vname->name)) { + if (!x509_constraints_uri_host(bytes, len, + &vname->name)) { *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; goto err; } @@ -850,19 +882,21 @@ x509_constraints_extract_names(struct x509_constraints_names *names, */ while (include_email && (i = X509_NAME_get_index_by_NID(subject_name, - NID_pkcs9_emailAddress, i)) >= 0) { + NID_pkcs9_emailAddress, i)) >= 0) { ASN1_STRING *aname; - if ((email = X509_NAME_get_entry(subject_name, i)) == NULL || + CBS cbs; + if ((email = X509_NAME_get_entry(subject_name, i)) == + NULL || (aname = X509_NAME_ENTRY_get_data(email)) == NULL) { *error = X509_V_ERR_OUT_OF_MEM; goto err; } + CBS_init(&cbs, aname->data, aname->length); if ((vname = x509_constraints_name_new()) == NULL) { *error = X509_V_ERR_OUT_OF_MEM; goto err; } - if (!x509_constraints_parse_mailbox(aname->data, - aname->length, vname)) { + if (!x509_constraints_parse_mailbox(&cbs, vname)) { *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; goto err; } @@ -879,22 +913,23 @@ x509_constraints_extract_names(struct x509_constraints_names *names, */ while (include_cn && (i = X509_NAME_get_index_by_NID(subject_name, - NID_commonName, i)) >= 0) { + NID_commonName, i)) >= 0) { + CBS cbs; ASN1_STRING *aname; - if ((cn = X509_NAME_get_entry(subject_name, i)) == NULL || + if ((cn = X509_NAME_get_entry(subject_name, i)) == + NULL || (aname = X509_NAME_ENTRY_get_data(cn)) == NULL) { *error = X509_V_ERR_OUT_OF_MEM; goto err; } - if (!x509_constraints_valid_host(aname->data, - aname->length)) + CBS_init(&cbs, aname->data, aname->length); + if (!x509_constraints_valid_host(&cbs)) continue; /* ignore it if not a hostname */ if ((vname = x509_constraints_name_new()) == NULL) { *error = X509_V_ERR_OUT_OF_MEM; goto err; } - if ((vname->name = strndup(aname->data, - aname->length)) == NULL) { + if (!CBS_strdup(&cbs, &vname->name)) { *error = X509_V_ERR_OUT_OF_MEM; goto err; } @@ -923,11 +958,12 @@ int x509_constraints_validate(GENERAL_NAME *constraint, struct x509_constraints_name **out_name, int *out_error) { - uint8_t *bytes = NULL; + uint8_t next, *bytes = NULL; size_t len = 0; struct x509_constraints_name *name; int error = X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX; int name_type; + CBS cbs; if (out_name == NULL || *out_name != NULL) return 0; @@ -941,6 +977,7 @@ x509_constraints_validate(GENERAL_NAME *constraint, } name_type = x509_constraints_general_to_bytes(constraint, &bytes, &len); + CBS_init(&cbs, bytes, len); switch (name_type) { case GEN_DIRNAME: if (len == 0) @@ -954,7 +991,7 @@ x509_constraints_validate(GENERAL_NAME *constraint, name->type = GEN_DIRNAME; break; case GEN_DNS: - if (!x509_constraints_valid_domain_constraint(bytes, len)) + if (!x509_constraints_valid_domain_constraint(&cbs)) goto err; if ((name->name = strndup(bytes, len)) == NULL) { error = X509_V_ERR_OUT_OF_MEM; @@ -964,7 +1001,7 @@ x509_constraints_validate(GENERAL_NAME *constraint, break; case GEN_EMAIL: if (len > 0 && memchr(bytes + 1, '@', len - 1) != NULL) { - if (!x509_constraints_parse_mailbox(bytes, len, name)) + if (!x509_constraints_parse_mailbox(&cbs, name)) goto err; break; } @@ -972,13 +1009,17 @@ x509_constraints_validate(GENERAL_NAME *constraint, * Mail constraints of the form @domain.com are accepted by * OpenSSL and Microsoft. */ - if (len > 0 && bytes[0] == '@') { - bytes++; - len--; + if (CBS_len(&cbs) > 0) { + if (!CBS_peek_u8(&cbs, &next)) + goto err; + if (next == '@') { + if (!CBS_skip(&cbs, 1)) + goto err; + } } - if (!x509_constraints_valid_domain_constraint(bytes, len)) + if (!x509_constraints_valid_domain_constraint(&cbs)) goto err; - if ((name->name = strndup(bytes, len)) == NULL) { + if (!CBS_strdup(&cbs, &name->name)) { error = X509_V_ERR_OUT_OF_MEM; goto err; } @@ -996,7 +1037,7 @@ x509_constraints_validate(GENERAL_NAME *constraint, name->type = GEN_IPADD; break; case GEN_URI: - if (!x509_constraints_valid_domain_constraint(bytes, len)) + if (!x509_constraints_valid_domain_constraint(&cbs)) goto err; if ((name->name = strndup(bytes, len)) == NULL) { error = X509_V_ERR_OUT_OF_MEM; @@ -1035,7 +1076,6 @@ x509_constraints_extract_constraints(X509 *cert, return 1; for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) { - subtree = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); if (subtree->minimum || subtree->maximum) { *error = X509_V_ERR_SUBTREE_MINMAX; diff --git a/lib/libcrypto/x509/x509_internal.h b/lib/libcrypto/x509/x509_internal.h index 030f24c4701..beafd365edb 100644 --- a/lib/libcrypto/x509/x509_internal.h +++ b/lib/libcrypto/x509/x509_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_internal.h,v 1.19 2022/06/27 14:10:22 tb Exp $ */ +/* $OpenBSD: x509_internal.h,v 1.20 2022/11/11 12:02:34 beck Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -22,6 +22,7 @@ #include +#include "bytestring.h" #include "x509_lcl.h" /* Hard limits on structure size and number of signature checks. */ @@ -111,14 +112,13 @@ struct x509_constraints_names *x509_constraints_names_new(size_t names_max); int x509_constraints_general_to_bytes(GENERAL_NAME *name, uint8_t **bytes, size_t *len); void x509_constraints_names_free(struct x509_constraints_names *names); -int x509_constraints_valid_host(uint8_t *name, size_t len); -int x509_constraints_valid_sandns(uint8_t *name, size_t len); +int x509_constraints_valid_host(CBS *cbs); +int x509_constraints_valid_sandns(CBS *cbs); int x509_constraints_domain(char *domain, size_t dlen, char *constraint, size_t len); -int x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, +int x509_constraints_parse_mailbox(CBS *candidate, struct x509_constraints_name *name); -int x509_constraints_valid_domain_constraint(uint8_t *constraint, - size_t len); +int x509_constraints_valid_domain_constraint(CBS *cbs); int x509_constraints_uri_host(uint8_t *uri, size_t len, char **hostp); int x509_constraints_uri(uint8_t *uri, size_t ulen, uint8_t *constraint, size_t len, int *error); diff --git a/regress/lib/libcrypto/x509/Makefile b/regress/lib/libcrypto/x509/Makefile index 4635d63ed05..a465b37874d 100644 --- a/regress/lib/libcrypto/x509/Makefile +++ b/regress/lib/libcrypto/x509/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.14 2022/06/28 07:56:34 beck Exp $ +# $OpenBSD: Makefile,v 1.15 2022/11/11 12:02:34 beck Exp $ PROGS = constraints verify x509attribute x509name x509req_ext callback PROGS += expirecallback callbackfailures @@ -10,6 +10,7 @@ LDADD_verify = ${CRYPTO_INT} WARNINGS = Yes CFLAGS += -DLIBRESSL_INTERNAL -Wall -Werror -I$(BSDSRCDIR)/lib/libcrypto/x509 +CFLAGS += -I$(BSDSRCDIR)/lib/libcrypto/bytestring SUBDIR += bettertls rfc3779 diff --git a/regress/lib/libcrypto/x509/constraints.c b/regress/lib/libcrypto/x509/constraints.c index 8f7017dd7eb..933c4f47c84 100644 --- a/regress/lib/libcrypto/x509/constraints.c +++ b/regress/lib/libcrypto/x509/constraints.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constraints.c,v 1.12 2022/10/30 13:27:15 kn Exp $ */ +/* $OpenBSD: constraints.c,v 1.13 2022/11/11 12:02:34 beck Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -23,11 +23,10 @@ #include #include "x509_internal.h" - -#define FAIL(msg, ...) \ -do { \ - fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \ - fprintf(stderr, msg, ##__VA_ARGS__); \ +#define FAIL(msg, ...) \ +do { \ + fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \ + fprintf(stderr, msg, ##__VA_ARGS__); \ } while(0) unsigned char *valid_hostnames[] = { @@ -168,15 +167,16 @@ test_valid_hostnames(void) int i, failure = 0; for (i = 0; valid_hostnames[i] != NULL; i++) { - if (!x509_constraints_valid_host(valid_hostnames[i], - strlen(valid_hostnames[i]))) { + CBS cbs; + CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i])); + if (!x509_constraints_valid_host(&cbs)) { FAIL("Valid hostname '%s' rejected\n", valid_hostnames[i]); failure = 1; goto done; } - if (!x509_constraints_valid_sandns(valid_hostnames[i], - strlen(valid_hostnames[i]))) { + CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i])); + if (!x509_constraints_valid_sandns(&cbs)) { FAIL("Valid sandns '%s' rejected\n", valid_hostnames[i]); failure = 1; @@ -192,8 +192,10 @@ test_valid_sandns_names(void) { int i, failure = 0; for (i = 0; valid_sandns_names[i] != NULL; i++) { - if (!x509_constraints_valid_sandns(valid_sandns_names[i], - strlen(valid_sandns_names[i]))) { + CBS cbs; + CBS_init(&cbs, valid_sandns_names[i], + strlen(valid_sandns_names[i])); + if (!x509_constraints_valid_sandns(&cbs)) { FAIL("Valid dnsname '%s' rejected\n", valid_sandns_names[i]); failure = 1; @@ -209,8 +211,10 @@ test_valid_domain_constraints(void) { int i, failure = 0; for (i = 0; valid_domain_constraints[i] != NULL; i++) { - if (!x509_constraints_valid_domain_constraint(valid_domain_constraints[i], - strlen(valid_domain_constraints[i]))) { + CBS cbs; + CBS_init(&cbs, valid_domain_constraints[i], + strlen(valid_domain_constraints[i])); + if (!x509_constraints_valid_domain_constraint(&cbs)) { FAIL("Valid dnsname '%s' rejected\n", valid_domain_constraints[i]); failure = 1; @@ -227,8 +231,10 @@ test_valid_mbox_names(void) struct x509_constraints_name name = {0}; int i, failure = 0; for (i = 0; valid_mbox_names[i] != NULL; i++) { - if (!x509_constraints_parse_mailbox(valid_mbox_names[i], - strlen(valid_mbox_names[i]), &name)) { + CBS cbs; + CBS_init(&cbs, valid_mbox_names[i], + strlen(valid_mbox_names[i])); + if (!x509_constraints_parse_mailbox(&cbs, &name)) { FAIL("Valid mailbox name '%s' rejected\n", valid_mbox_names[i]); failure = 1; @@ -250,22 +256,25 @@ test_invalid_hostnames(void) char *nulhost = "www.openbsd.org\0"; for (i = 0; invalid_hostnames[i] != NULL; i++) { - if (x509_constraints_valid_host(invalid_hostnames[i], - strlen(invalid_hostnames[i]))) { + CBS cbs; + CBS_init(&cbs, invalid_hostnames[i], + strlen(invalid_hostnames[i])); + if (x509_constraints_valid_host(&cbs)) { FAIL("Invalid hostname '%s' accepted\n", invalid_hostnames[i]); failure = 1; goto done; } } - if (x509_constraints_valid_host(nulhost, - strlen(nulhost) + 1)) { + CBS cbs; + CBS_init(&cbs, nulhost, strlen(nulhost) + 1); + if (x509_constraints_valid_host(&cbs)) { FAIL("hostname with NUL byte accepted\n"); failure = 1; goto done; } - if (x509_constraints_valid_sandns(nulhost, - strlen(nulhost) + 1)) { + CBS_init(&cbs, nulhost, strlen(nulhost) + 1); + if (x509_constraints_valid_sandns(&cbs)) { FAIL("sandns with NUL byte accepted\n"); failure = 1; goto done; @@ -279,8 +288,10 @@ test_invalid_sandns_names(void) { int i, failure = 0; for (i = 0; invalid_sandns_names[i] != NULL; i++) { - if (x509_constraints_valid_sandns(invalid_sandns_names[i], - strlen(invalid_sandns_names[i]))) { + CBS cbs; + CBS_init(&cbs, invalid_sandns_names[i], + strlen(invalid_sandns_names[i])); + if (x509_constraints_valid_sandns(&cbs)) { FAIL("Valid dnsname '%s' rejected\n", invalid_sandns_names[i]); failure = 1; @@ -297,8 +308,10 @@ test_invalid_mbox_names(void) int i, failure = 0; struct x509_constraints_name name = {0}; for (i = 0; invalid_mbox_names[i] != NULL; i++) { - if (x509_constraints_parse_mailbox(invalid_mbox_names[i], - strlen(invalid_mbox_names[i]), &name)) { + CBS cbs; + CBS_init(&cbs, invalid_mbox_names[i], + strlen(invalid_mbox_names[i])); + if (x509_constraints_parse_mailbox(&cbs, &name)) { FAIL("invalid mailbox name '%s' accepted\n", invalid_mbox_names[i]); failure = 1; @@ -318,8 +331,10 @@ test_invalid_domain_constraints(void) { int i, failure = 0; for (i = 0; invalid_domain_constraints[i] != NULL; i++) { - if (x509_constraints_valid_domain_constraint(invalid_domain_constraints[i], - strlen(invalid_domain_constraints[i]))) { + CBS cbs; + CBS_init(&cbs, invalid_domain_constraints[i], + strlen(invalid_domain_constraints[i])); + if (x509_constraints_valid_domain_constraint(&cbs)) { FAIL("invalid dnsname '%s' accepted\n", invalid_domain_constraints[i]); failure = 1; @@ -333,12 +348,12 @@ test_invalid_domain_constraints(void) static int test_invalid_uri(void) { - int j, failure=0; + int j, failure = 0; char *hostpart = NULL; for (j = 0; invaliduri[j] != NULL; j++) { if (x509_constraints_uri_host(invaliduri[j], - strlen(invaliduri[j]), &hostpart) != 0) { + strlen(invaliduri[j]), &hostpart) != 0) { FAIL("invalid URI '%s' accepted\n", invaliduri[j]); failure = 1; @@ -355,8 +370,10 @@ test_invalid_uri(void) static int test_constraints1(void) { - char *c; size_t cl; - char *d; size_t dl; + char *c; + size_t cl; + char *d; + size_t dl; int failure = 0; int error = 0; int i, j; @@ -450,7 +467,7 @@ test_constraints1(void) char *hostpart = NULL; error = 0; if (!x509_constraints_uri_host(noauthority[j], - strlen(noauthority[j]), &hostpart)) { + strlen(noauthority[j]), &hostpart)) { FAIL("name '%s' should parse as a URI", noauthority[j]); failure = 1;