Fix leaks in copy_issuer()

The stack of subject alternative names from the issuer is parsed using
X509V3_EXT_d2i(), so it must be freed with sk_GENERAL_NAME_pop_free().
It's not worth doing complicated ownership handling when the individual
alternative names can be copied with GENERAL_NAME_dup().

Previously, ialt and its remaining members would be leaked when the call
to sk_GENERAL_NAME_push() failed halfway through.

This is only reachable via the issuer:copy x509v3.cnf(5) directive.

ok jsing

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

Hide public symbols in libcrypto/x509 .c files

ok tb@

Start CBS-ifying the name constraints code.

ok jsing@ tb@

name constraints: be more careful with NULs

An IA5STRING is a Pascal string that can have embedded NULs and is
not NUL terminated (except that for legacy reasons it happens to be).

Instead of taking the strlen(), use the already known ASN.1 length and
use strndup() instead of strdup() to generate NUL terminated strings
after some existing code has checked that there are no embedded NULs.

In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not
optimal and might be switched to using strvis() later.

ok beck inoguchi jsing

Rework ownership handling in x509_constraints_validate()

Instead of having the caller allocate and pass in a new
x509_constraints_name struct, handle allocation inside
x509_constraints_validate(). Also make the error optional.
All this is done to simplify the call sites and to make it
more obvious that there are no leaks.

ok jsing

Check name constraints using the proper API

The previous versions were too strict and disallowed leading dots.

From Alex Wilson

ok jsing

style tweak

Fix length check of IP addresses for name constraints

An IP address in a name constraint is actually an IP address concatenated
with a netmask, so it is twice as long as usual.

This fixes a third bug introduced in r1.3 and reported by Volker Schlecht

ok jsing

Add missing error check for a2i_GENERAL_NAME()

Fixes a segfault reported by Volker Schlecht.

ok jsing

Fix a double free in v2i_NAME_CONSTRAINTS()

a2i_GENERAL_NAME() modifies and returns the out argument that was
passed in unless out == NULL, in which case it returns something
freshly allocated. Thus, in v2i_GENERAL_NAME_ex() we must only free
ret if out == NULL so v2i_NAME_CONSTRAINTS() can free correctly.

Issue reported by Volker Schlecht

ok jsing

Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

Hide public symbols in libcrypto/x509 .c files

ok tb@

Start CBS-ifying the name constraints code.

ok jsing@ tb@

name constraints: be more careful with NULs

An IA5STRING is a Pascal string that can have embedded NULs and is
not NUL terminated (except that for legacy reasons it happens to be).

Instead of taking the strlen(), use the already known ASN.1 length and
use strndup() instead of strdup() to generate NUL terminated strings
after some existing code has checked that there are no embedded NULs.

In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not
optimal and might be switched to using strvis() later.

ok beck inoguchi jsing

Rework ownership handling in x509_constraints_validate()

Instead of having the caller allocate and pass in a new
x509_constraints_name struct, handle allocation inside
x509_constraints_validate(). Also make the error optional.
All this is done to simplify the call sites and to make it
more obvious that there are no leaks.

ok jsing

Check name constraints using the proper API

The previous versions were too strict and disallowed leading dots.

From Alex Wilson

ok jsing

style tweak

Fix length check of IP addresses for name constraints

An IP address in a name constraint is actually an IP address concatenated
with a netmask, so it is twice as long as usual.

This fixes a third bug introduced in r1.3 and reported by Volker Schlecht

ok jsing

Add missing error check for a2i_GENERAL_NAME()

Fixes a segfault reported by Volker Schlecht.

ok jsing

Fix a double free in v2i_NAME_CONSTRAINTS()

a2i_GENERAL_NAME() modifies and returns the out argument that was
passed in unless out == NULL, in which case it returns something
freshly allocated. Thus, in v2i_GENERAL_NAME_ex() we must only free
ret if out == NULL so v2i_NAME_CONSTRAINTS() can free correctly.

Issue reported by Volker Schlecht

ok jsing

Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

Hide public symbols in libcrypto/x509 .c files

ok tb@

Start CBS-ifying the name constraints code.

ok jsing@ tb@

name constraints: be more careful with NULs

An IA5STRING is a Pascal string that can have embedded NULs and is
not NUL terminated (except that for legacy reasons it happens to be).

Instead of taking the strlen(), use the already known ASN.1 length and
use strndup() instead of strdup() to generate NUL terminated strings
after some existing code has checked that there are no embedded NULs.

In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not
optimal and might be switched to using strvis() later.

ok beck inoguchi jsing

Rework ownership handling in x509_constraints_validate()

Instead of having the caller allocate and pass in a new
x509_constraints_name struct, handle allocation inside
x509_constraints_validate(). Also make the error optional.
All this is done to simplify the call sites and to make it
more obvious that there are no leaks.

ok jsing

Check name constraints using the proper API

The previous versions were too strict and disallowed leading dots.

From Alex Wilson

ok jsing

style tweak

Fix length check of IP addresses for name constraints

An IP address in a name constraint is actually an IP address concatenated
with a netmask, so it is twice as long as usual.

This fixes a third bug introduced in r1.3 and reported by Volker Schlecht

ok jsing

Add missing error check for a2i_GENERAL_NAME()

Fixes a segfault reported by Volker Schlecht.

ok jsing

Fix a double free in v2i_NAME_CONSTRAINTS()

a2i_GENERAL_NAME() modifies and returns the out argument that was
passed in unless out == NULL, in which case it returns something
freshly allocated. Thus, in v2i_GENERAL_NAME_ex() we must only free
ret if out == NULL so v2i_NAME_CONSTRAINTS() can free correctly.

Issue reported by Volker Schlecht

ok jsing

Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

Start CBS-ifying the name constraints code.

ok jsing@ tb@

name constraints: be more careful with NULs

An IA5STRING is a Pascal string that can have embedded NULs and is
not NUL terminated (except that for legacy reasons it happens to be).

Instead of taking the strlen(), use the already known ASN.1 length and
use strndup() instead of strdup() to generate NUL terminated strings
after some existing code has checked that there are no embedded NULs.

In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not
optimal and might be switched to using strvis() later.

ok beck inoguchi jsing

Rework ownership handling in x509_constraints_validate()

Instead of having the caller allocate and pass in a new
x509_constraints_name struct, handle allocation inside
x509_constraints_validate(). Also make the error optional.
All this is done to simplify the call sites and to make it
more obvious that there are no leaks.

ok jsing

Check name constraints using the proper API

The previous versions were too strict and disallowed leading dots.

From Alex Wilson

ok jsing

style tweak

Fix length check of IP addresses for name constraints

An IP address in a name constraint is actually an IP address concatenated
with a netmask, so it is twice as long as usual.

This fixes a third bug introduced in r1.3 and reported by Volker Schlecht

ok jsing

Add missing error check for a2i_GENERAL_NAME()

Fixes a segfault reported by Volker Schlecht.

ok jsing

Fix a double free in v2i_NAME_CONSTRAINTS()

a2i_GENERAL_NAME() modifies and returns the out argument that was
passed in unless out == NULL, in which case it returns something
freshly allocated. Thus, in v2i_GENERAL_NAME_ex() we must only free
ret if out == NULL so v2i_NAME_CONSTRAINTS() can free correctly.

Issue reported by Volker Schlecht

ok jsing

Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

name constraints: be more careful with NULs

An IA5STRING is a Pascal string that can have embedded NULs and is
not NUL terminated (except that for legacy reasons it happens to be).

Instead of taking the strlen(), use the already known ASN.1 length and
use strndup() instead of strdup() to generate NUL terminated strings
after some existing code has checked that there are no embedded NULs.

In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not
optimal and might be switched to using strvis() later.

ok beck inoguchi jsing

Rework ownership handling in x509_constraints_validate()

Instead of having the caller allocate and pass in a new
x509_constraints_name struct, handle allocation inside
x509_constraints_validate(). Also make the error optional.
All this is done to simplify the call sites and to make it
more obvious that there are no leaks.

ok jsing

Check name constraints using the proper API

The previous versions were too strict and disallowed leading dots.

From Alex Wilson

ok jsing

style tweak

Fix length check of IP addresses for name constraints

An IP address in a name constraint is actually an IP address concatenated
with a netmask, so it is twice as long as usual.

This fixes a third bug introduced in r1.3 and reported by Volker Schlecht

ok jsing

Add missing error check for a2i_GENERAL_NAME()

Fixes a segfault reported by Volker Schlecht.

ok jsing

Fix a double free in v2i_NAME_CONSTRAINTS()

a2i_GENERAL_NAME() modifies and returns the out argument that was
passed in unless out == NULL, in which case it returns something
freshly allocated. Thus, in v2i_GENERAL_NAME_ex() we must only free
ret if out == NULL so v2i_NAME_CONSTRAINTS() can free correctly.

Issue reported by Volker Schlecht

ok jsing

Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

Rework ownership handling in x509_constraints_validate()

Instead of having the caller allocate and pass in a new
x509_constraints_name struct, handle allocation inside
x509_constraints_validate(). Also make the error optional.
All this is done to simplify the call sites and to make it
more obvious that there are no leaks.

ok jsing

Check name constraints using the proper API

The previous versions were too strict and disallowed leading dots.

From Alex Wilson

ok jsing

style tweak

Fix length check of IP addresses for name constraints

An IP address in a name constraint is actually an IP address concatenated
with a netmask, so it is twice as long as usual.

This fixes a third bug introduced in r1.3 and reported by Volker Schlecht

ok jsing

Add missing error check for a2i_GENERAL_NAME()

Fixes a segfault reported by Volker Schlecht.

ok jsing

Fix a double free in v2i_NAME_CONSTRAINTS()

a2i_GENERAL_NAME() modifies and returns the out argument that was
passed in unless out == NULL, in which case it returns something
freshly allocated. Thus, in v2i_GENERAL_NAME_ex() we must only free
ret if out == NULL so v2i_NAME_CONSTRAINTS() can free correctly.

Issue reported by Volker Schlecht

ok jsing

Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

Check name constraints using the proper API

The previous versions were too strict and disallowed leading dots.

From Alex Wilson

ok jsing

style tweak

Fix length check of IP addresses for name constraints

An IP address in a name constraint is actually an IP address concatenated
with a netmask, so it is twice as long as usual.

This fixes a third bug introduced in r1.3 and reported by Volker Schlecht

ok jsing

Add missing error check for a2i_GENERAL_NAME()

Fixes a segfault reported by Volker Schlecht.

ok jsing

Fix a double free in v2i_NAME_CONSTRAINTS()

a2i_GENERAL_NAME() modifies and returns the out argument that was
passed in unless out == NULL, in which case it returns something
freshly allocated. Thus, in v2i_GENERAL_NAME_ex() we must only free
ret if out == NULL so v2i_NAME_CONSTRAINTS() can free correctly.

Issue reported by Volker Schlecht

ok jsing

Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

Fix length check of IP addresses for name constraints

An IP address in a name constraint is actually an IP address concatenated
with a netmask, so it is twice as long as usual.

This fixes a third bug introduced in r1.3 and reported by Volker Schlecht

ok jsing

Add missing error check for a2i_GENERAL_NAME()

Fixes a segfault reported by Volker Schlecht.

ok jsing

Fix a double free in v2i_NAME_CONSTRAINTS()

a2i_GENERAL_NAME() modifies and returns the out argument that was
passed in unless out == NULL, in which case it returns something
freshly allocated. Thus, in v2i_GENERAL_NAME_ex() we must only free
ret if out == NULL so v2i_NAME_CONSTRAINTS() can free correctly.

Issue reported by Volker Schlecht

ok jsing

Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)