mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
c23e497da7
openssl/crypto
History
Fraser Tweedale c23e497da7 Support GeneralSubtrees with minimum = 0 
The Name Constraints extension contains GeneralSubtree values
indicating included or excluded subtrees.  It is defined as:

  GeneralSubtree ::= SEQUENCE {
    base                    GeneralName,
    minimum         [0]     BaseDistance DEFAULT 0,
    maximum         [1]     BaseDistance OPTIONAL }

RFC 5280 further specifies:

  Within this profile, the minimum and maximum fields are not used with
  any name forms, thus, the minimum MUST be zero, and maximum MUST be
  absent.

Because the minimum fields has DEFAULT 0, and certificates should be
encoded using DER, the situation where minimum = 0 occurs in a
certificate should not arise.  Nevertheless, it does arise.  For
example, I have seen certificates issued by Microsoft programs that
contain GeneralSubtree values encoded thus.

Enhance the Name Constraints matching routine to handle the case
where minimum is specified.  If present, it must be zero.  The
maximum field remains prohibited.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7039)
2018-10-27 12:11:41 +08:00
..
aes Update copyright year 2018-09-11 13:45:17 +01:00
aria
asn1 ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes 2018-09-09 03:39:37 +02:00
async arch/async_posix.h: improve portability. 2018-10-19 10:29:21 +02:00
bf
bio Fix the BIO callback return code handling 2018-10-04 14:16:16 +01:00
blake2
bn crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG 2018-09-21 11:15:25 +02:00
buffer
camellia Update copyright year 2018-09-11 13:45:17 +01:00
cast
chacha
cmac
cms Update copyright year 2018-09-11 13:45:17 +01:00
comp
conf Use secure_getenv(3) when available. 2018-09-24 11:21:18 +10:00
ct Use secure_getenv(3) when available. 2018-09-24 11:21:18 +10:00
des
dh Harmonize the error handling codepath 2018-09-05 15:22:35 +03:00
dsa Update copyright year 2018-09-11 13:45:17 +01:00
dso Extend dladdr() for AIX, consequence from changes for openssl#6368. 2018-08-22 21:50:33 +02:00
ec Deprecate ECDH_KDF_X9_62() 2018-10-17 13:22:14 +03:00
engine /dev/crypto engine: give CIOCFSESSION the actual sess-id 2018-10-05 21:54:49 +02:00
err DRBG: fix reseeding via RAND_add()/RAND_seed() with large input 2018-10-16 22:15:43 +02:00
evp Fix some Coverity warnings 2018-10-02 10:52:57 +01:00
hmac Fix HMAC SHA3-224 and HMAC SHA3-256. 2018-09-04 08:09:12 +10:00
idea
include/internal EVP module documentation pass 2018-10-17 13:22:14 +03:00
kdf hkdf zeroization fix 2018-09-05 05:21:46 +10:00
lhash Update copyright year 2018-09-11 13:45:17 +01:00
md2
md4
md5
mdc2
modes Update copyright year 2018-09-11 13:45:17 +01:00
objects Make OBJ_NAME case insensitive. 2018-09-04 07:35:45 +10:00
ocsp Update copyright year 2018-09-11 13:45:17 +01:00
pem key zeroisation for pvkfmt now done on all branch paths 2018-09-05 05:14:02 +10:00
perlasm Update copyright year 2018-09-11 13:45:17 +01:00
pkcs7 Update copyright year 2018-09-11 13:45:17 +01:00
pkcs12 Use secure_getenv(3) when available. 2018-09-24 11:21:18 +10:00
poly1305 Fix a nit of copyright date range 2018-10-09 13:02:37 +08:00
rand Fix data race in RAND_DRBG_generate 2018-10-26 15:33:37 +02:00
rc2
rc4 Update copyright year 2018-09-11 13:45:17 +01:00
rc5
ripemd
rsa RSA security bits calculation 2018-10-23 08:01:48 +10:00
seed Update copyright year 2018-09-11 13:45:17 +01:00
sha sha/asm/keccak1600-armv8.pl: halve the size of hw-assisted subroutine. 2018-10-19 10:43:02 +02:00
siphash Update copyright year 2018-09-11 13:45:17 +01:00
sm2 EVP module documentation pass 2018-10-17 13:22:14 +03:00
sm3
sm4
srp
stack
store
ts
txt_db
ui crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too 2018-09-20 06:39:07 +02:00
whrlpool
x509 Apply self-imposed path length also to root CAs 2018-10-18 00:07:56 -04:00
x509v3 Support GeneralSubtrees with minimum = 0 2018-10-27 12:11:41 +08:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h
armcap.c
armv4cpuid.pl
build.info Use secure_getenv(3) when available. 2018-09-24 11:21:18 +10:00
c64xpluscpuid.pl
cpt_err.c
cryptlib.c minor fixes for Windows 2018-09-12 09:16:07 +02:00
ctype.c
cversion.c
dllmain.c Update copyright year 2018-09-11 13:45:17 +01:00
ebcdic.c
ex_data.c
getenv.c Use secure_getenv(3) when available. 2018-09-24 11:21:18 +10:00
ia64cpuid.S
init.c crypto/init.c: improve destructor_key's portability. 2018-08-22 21:46:01 +02:00
LPdir_nyi.c
LPdir_unix.c typo-fixes: miscellaneous typo fixes 2018-09-21 23:55:22 +02:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_dbg.c
mem_sec.c test/secmemtest: test secure memory only if it is implemented 2018-10-05 12:19:48 +02:00
mem.c
mips_arch.h
o_dir.c
o_fips.c
o_fopen.c Add missing include file. 2018-09-17 10:40:32 +10:00
o_init.c
o_str.c
o_time.c
pariscid.pl
ppc_arch.h
ppccap.c
ppccpuid.pl
s390x_arch.h s390x assembly pack: add OPENSSL_s390xcap environment variable. 2018-10-17 14:02:34 +02:00
s390xcap.c s390x assembly pack: add OPENSSL_s390xcap environment variable. 2018-10-17 14:02:34 +02:00
s390xcpuid.pl s390x assembly pack: add OPENSSL_s390xcap environment variable. 2018-10-17 14:02:34 +02:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c
threads_none.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
threads_pthread.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
threads_win.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
uid.c Update copyright year 2018-09-11 13:45:17 +01:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl