robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[crypto] Validate path length constraint in certificate chain 

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 13 years ago
parent
94cdbd76d6
commit
b1316ef276
1 changed files with 14 additions and 0 deletions
Split View Show Diff Stats
  1. 14
    0
      src/crypto/x509.c

+ 14
- 0
src/crypto/x509.c View File 

@@ -89,6 +89,10 @@ FILE_LICENCE ( GPL2_OR_LATER );
89 89 
 	__einfo_error ( EINFO_EACCES_EXPIRED )
90 90 
 #define EINFO_EACCES_EXPIRED \
91 91 
 	__einfo_uniqify ( EINFO_EACCES, 0x04, "Expired (or not yet valid)" )
92 
+#define EACCES_PATH_LEN \
93 
+	__einfo_error ( EINFO_EACCES_PATH_LEN )
94 
+#define EINFO_EACCES_PATH_LEN \
95 
+	__einfo_uniqify ( EINFO_EACCES, 0x05, "Maximum path length exceeded" )
92 96
93 97 
 /** "commonName" object identifier */
94 98 
 static uint8_t oid_common_name[] = { ASN1_OID_COMMON_NAME };
 
@@ -1187,6 +1191,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
1187 1191 
 	struct x509_certificate *current = &temp[0];
1188 1192 
 	struct x509_certificate *next = &temp[1];
1189 1193 
 	struct x509_certificate *swap;
1194 
+	unsigned int path_len = 0;
1190 1195 
 	int rc;
1191 1196
1192 1197 
 	/* Use default root certificate store if none specified */
 
@@ -1226,6 +1231,15 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
1226 1231 
 		if ( ( rc = x509_validate_issuer ( current, next ) ) != 0 )
1227 1232 
 			return rc;
1228 1233
1234 
+		/* Validate path length constraint */
1235 
+		if ( path_len > next->extensions.basic.path_len ) {
1236 
+			DBGC ( context, "X509 chain %p path length %d exceeds "
1237 
+			       "maximum %d\n", context, path_len,
1238 
+			       next->extensions.basic.path_len );
1239 
+			return -EACCES_PATH_LEN;
1240 
+		}
1241 
+		path_len++;
1242 
+
1229 1243 
 		/* Move to next certificate in chain */
1230 1244 
 		swap = current;
1231 1245 
 		current = next;

Write Preview
Loading…
Cancel
Save