summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
authormiod <>2014-04-13 15:25:35 +0000
committermiod <>2014-04-13 15:25:35 +0000
commitd2b3c9742a7df4ab87384039c99682d1944f66d7 (patch)
tree74f4ff344980894c7c9ceeab9b81176ac7572566 /src/lib/libcrypto/x509
parentdbf195d7fd4efbe4ee578f1dc5c72e7f3deadf18 (diff)
downloadopenbsd-d2b3c9742a7df4ab87384039c99682d1944f66d7.tar.gz
openbsd-d2b3c9742a7df4ab87384039c99682d1944f66d7.tar.bz2
openbsd-d2b3c9742a7df4ab87384039c99682d1944f66d7.zip
Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r--src/lib/libcrypto/x509/by_dir.c6
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c15
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c20
-rw-r--r--src/lib/libcrypto/x509/x_all.c2
4 files changed, 26 insertions, 17 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 27ca5150c1..c6602dae4f 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
218 218
219 s=dir; 219 s=dir;
220 p=s; 220 p=s;
221 for (;;p++) 221 do
222 { 222 {
223 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) 223 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
224 { 224 {
@@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
264 return 0; 264 return 0;
265 } 265 }
266 } 266 }
267 if (*p == '\0') 267 } while (*p++ != '\0');
268 break;
269 }
270 return 1; 268 return 1;
271 } 269 }
272 270
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 7c2aaee2e9..352aa37434 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -86,10 +86,9 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
86 86
87 EVP_MD_CTX_init(&ctx); 87 EVP_MD_CTX_init(&ctx);
88 f=X509_NAME_oneline(a->cert_info->issuer,NULL,0); 88 f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
89 ret=strlen(f);
90 if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) 89 if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
91 goto err; 90 goto err;
92 if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret)) 91 if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
93 goto err; 92 goto err;
94 OPENSSL_free(f); 93 OPENSSL_free(f);
95 if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, 94 if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
@@ -249,14 +248,14 @@ unsigned long X509_NAME_hash_old(X509_NAME *x)
249 i2d_X509_NAME(x,NULL); 248 i2d_X509_NAME(x,NULL);
250 EVP_MD_CTX_init(&md_ctx); 249 EVP_MD_CTX_init(&md_ctx);
251 EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 250 EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
252 EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); 251 if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
253 EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); 252 && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
254 EVP_DigestFinal_ex(&md_ctx,md,NULL); 253 && EVP_DigestFinal_ex(&md_ctx,md,NULL))
254 ret=(((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
255 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
256 )&0xffffffffL;
255 EVP_MD_CTX_cleanup(&md_ctx); 257 EVP_MD_CTX_cleanup(&md_ctx);
256 258
257 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
258 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
259 )&0xffffffffL;
260 return(ret); 259 return(ret);
261 } 260 }
262#endif 261#endif
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index b0779db023..920066aeba 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -694,6 +694,7 @@ static int check_cert(X509_STORE_CTX *ctx)
694 X509_CRL *crl = NULL, *dcrl = NULL; 694 X509_CRL *crl = NULL, *dcrl = NULL;
695 X509 *x; 695 X509 *x;
696 int ok, cnum; 696 int ok, cnum;
697 unsigned int last_reasons;
697 cnum = ctx->error_depth; 698 cnum = ctx->error_depth;
698 x = sk_X509_value(ctx->chain, cnum); 699 x = sk_X509_value(ctx->chain, cnum);
699 ctx->current_cert = x; 700 ctx->current_cert = x;
@@ -702,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
702 ctx->current_reasons = 0; 703 ctx->current_reasons = 0;
703 while (ctx->current_reasons != CRLDP_ALL_REASONS) 704 while (ctx->current_reasons != CRLDP_ALL_REASONS)
704 { 705 {
706 last_reasons = ctx->current_reasons;
705 /* Try to retrieve relevant CRL */ 707 /* Try to retrieve relevant CRL */
706 if (ctx->get_crl) 708 if (ctx->get_crl)
707 ok = ctx->get_crl(ctx, &crl, x); 709 ok = ctx->get_crl(ctx, &crl, x);
@@ -745,6 +747,15 @@ static int check_cert(X509_STORE_CTX *ctx)
745 X509_CRL_free(dcrl); 747 X509_CRL_free(dcrl);
746 crl = NULL; 748 crl = NULL;
747 dcrl = NULL; 749 dcrl = NULL;
750 /* If reasons not updated we wont get anywhere by
751 * another iteration, so exit loop.
752 */
753 if (last_reasons == ctx->current_reasons)
754 {
755 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
756 ok = ctx->verify_cb(0, ctx);
757 goto err;
758 }
748 } 759 }
749 err: 760 err:
750 X509_CRL_free(crl); 761 X509_CRL_free(crl);
@@ -872,7 +883,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
872 { 883 {
873 ASN1_OCTET_STRING *exta, *extb; 884 ASN1_OCTET_STRING *exta, *extb;
874 int i; 885 int i;
875 i = X509_CRL_get_ext_by_NID(a, nid, 0); 886 i = X509_CRL_get_ext_by_NID(a, nid, -1);
876 if (i >= 0) 887 if (i >= 0)
877 { 888 {
878 /* Can't have multiple occurrences */ 889 /* Can't have multiple occurrences */
@@ -883,7 +894,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
883 else 894 else
884 exta = NULL; 895 exta = NULL;
885 896
886 i = X509_CRL_get_ext_by_NID(b, nid, 0); 897 i = X509_CRL_get_ext_by_NID(b, nid, -1);
887 898
888 if (i >= 0) 899 if (i >= 0)
889 { 900 {
@@ -1451,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
1451 * a certificate was revoked. This has since been changed since 1462 * a certificate was revoked. This has since been changed since
1452 * critical extension can change the meaning of CRL entries. 1463 * critical extension can change the meaning of CRL entries.
1453 */ 1464 */
1454 if (crl->flags & EXFLAG_CRITICAL) 1465 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1466 && (crl->flags & EXFLAG_CRITICAL))
1455 { 1467 {
1456 if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1457 return 1;
1458 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1468 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1459 ok = ctx->verify_cb(0, ctx); 1469 ok = ctx->verify_cb(0, ctx);
1460 if(!ok) 1470 if(!ok)
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index b94aeeb873..e06602d65a 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
97 97
98int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) 98int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
99 { 99 {
100 x->cert_info->enc.modified = 1;
100 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), 101 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
101 x->cert_info->signature, 102 x->cert_info->signature,
102 x->sig_alg, x->signature, x->cert_info, ctx); 103 x->sig_alg, x->signature, x->cert_info, ctx);
@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
123 124
124int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) 125int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
125 { 126 {
127 x->crl->enc.modified = 1;
126 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), 128 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
127 x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx); 129 x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
128 } 130 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-09 16:42:34 +0000