Check for trailing data in extensions. X509V3_EXT_d2i should notice if an extension has extra data at the end. Update-Note: Some previously accepted invalid certicates may be rejected, either in certificate verification or in X509_get_ext_d2i. Bug: 352 Change-Id: Iacbb74a52d15bf3318b4cb8271d44b0f0a2df137 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50285 Reviewed-by: Adam Langley <agl@google.com>

commit: 491af10360050f53833290d9ec89583b5b2dd007 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Oct 29 09:05:29 2021 -0400
committer: Adam Langley <agl@google.com> Mon Nov 01 17:09:21 2021 +0000
tree: 020576cbf811e9edc28fd2760f7eed1a2295e900
parent: 16b3af7d22ff4585d1af4a4146f07673af73b6a3 [diff] [blame]
diff --git a/sources.cmake b/sources.cmake
index ef9cac1..3d3465f 100644
--- a/sources.cmake
+++ b/sources.cmake

@@ -104,6 +104,13 @@
   crypto/x509/test/some_names1.pem
   crypto/x509/test/some_names2.pem
   crypto/x509/test/some_names3.pem
+  crypto/x509/test/trailing_data_leaf_authority_key_identifier.pem
+  crypto/x509/test/trailing_data_leaf_basic_constraints.pem
+  crypto/x509/test/trailing_data_leaf_ext_key_usage.pem
+  crypto/x509/test/trailing_data_leaf_key_usage.pem
+  crypto/x509/test/trailing_data_leaf_name_constraints.pem
+  crypto/x509/test/trailing_data_leaf_subject_alt_name.pem
+  crypto/x509/test/trailing_data_leaf_subject_key_identifier.pem
   third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt
   third_party/wycheproof_testvectors/aes_cmac_test.txt
   third_party/wycheproof_testvectors/aes_gcm_siv_test.txt
commit	491af10360050f53833290d9ec89583b5b2dd007	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Oct 29 09:05:29 2021 -0400
committer	Adam Langley <agl@google.com>	Mon Nov 01 17:09:21 2021 +0000
tree	020576cbf811e9edc28fd2760f7eed1a2295e900
parent	16b3af7d22ff4585d1af4a4146f07673af73b6a3 [diff] [blame]