diff options
| author | beck <> | 2017-01-29 17:49:23 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-29 17:49:23 +0000 |
| commit | 957b11334a7afb14537322f0e4795b2e368b3f59 (patch) | |
| tree | 1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/x509v3/v3_cpols.c | |
| parent | df96e020e729c6c37a8c7fe311fdd1fe6a8718c5 (diff) | |
| download | openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.tar.gz openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.tar.bz2 openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.zip | |
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
Diffstat (limited to 'src/lib/libcrypto/x509v3/v3_cpols.c')
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_cpols.c | 49 |
1 files changed, 19 insertions, 30 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c index 216e91c040..34d3381d76 100644 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ b/src/lib/libcrypto/x509v3/v3_cpols.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: v3_cpols.c,v 1.24 2016/12/30 15:54:49 jsing Exp $ */ | 1 | /* $OpenBSD: v3_cpols.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -412,20 +412,19 @@ STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | |||
| 412 | 412 | ||
| 413 | pols = sk_POLICYINFO_new_null(); | 413 | pols = sk_POLICYINFO_new_null(); |
| 414 | if (pols == NULL) { | 414 | if (pols == NULL) { |
| 415 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); | 415 | X509V3error(ERR_R_MALLOC_FAILURE); |
| 416 | return NULL; | 416 | return NULL; |
| 417 | } | 417 | } |
| 418 | vals = X509V3_parse_list(value); | 418 | vals = X509V3_parse_list(value); |
| 419 | if (vals == NULL) { | 419 | if (vals == NULL) { |
| 420 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); | 420 | X509V3error(ERR_R_X509V3_LIB); |
| 421 | goto err; | 421 | goto err; |
| 422 | } | 422 | } |
| 423 | ia5org = 0; | 423 | ia5org = 0; |
| 424 | for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { | 424 | for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { |
| 425 | cnf = sk_CONF_VALUE_value(vals, i); | 425 | cnf = sk_CONF_VALUE_value(vals, i); |
| 426 | if (cnf->value || !cnf->name) { | 426 | if (cnf->value || !cnf->name) { |
| 427 | X509V3err(X509V3_F_R2I_CERTPOL, | 427 | X509V3error(X509V3_R_INVALID_POLICY_IDENTIFIER); |
| 428 | X509V3_R_INVALID_POLICY_IDENTIFIER); | ||
| 429 | X509V3_conf_err(cnf); | 428 | X509V3_conf_err(cnf); |
| 430 | goto err; | 429 | goto err; |
| 431 | } | 430 | } |
| @@ -437,8 +436,7 @@ STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | |||
| 437 | STACK_OF(CONF_VALUE) *polsect; | 436 | STACK_OF(CONF_VALUE) *polsect; |
| 438 | polsect = X509V3_get_section(ctx, pstr + 1); | 437 | polsect = X509V3_get_section(ctx, pstr + 1); |
| 439 | if (!polsect) { | 438 | if (!polsect) { |
| 440 | X509V3err(X509V3_F_R2I_CERTPOL, | 439 | X509V3error(X509V3_R_INVALID_SECTION); |
| 441 | X509V3_R_INVALID_SECTION); | ||
| 442 | X509V3_conf_err(cnf); | 440 | X509V3_conf_err(cnf); |
| 443 | goto err; | 441 | goto err; |
| 444 | } | 442 | } |
| @@ -448,8 +446,7 @@ STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | |||
| 448 | goto err; | 446 | goto err; |
| 449 | } else { | 447 | } else { |
| 450 | if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { | 448 | if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { |
| 451 | X509V3err(X509V3_F_R2I_CERTPOL, | 449 | X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER); |
| 452 | X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 453 | X509V3_conf_err(cnf); | 450 | X509V3_conf_err(cnf); |
| 454 | goto err; | 451 | goto err; |
| 455 | } | 452 | } |
| @@ -458,7 +455,7 @@ STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | |||
| 458 | } | 455 | } |
| 459 | if (!sk_POLICYINFO_push(pols, pol)){ | 456 | if (!sk_POLICYINFO_push(pols, pol)){ |
| 460 | POLICYINFO_free(pol); | 457 | POLICYINFO_free(pol); |
| 461 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); | 458 | X509V3error(ERR_R_MALLOC_FAILURE); |
| 462 | goto err; | 459 | goto err; |
| 463 | } | 460 | } |
| 464 | } | 461 | } |
| @@ -487,8 +484,7 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org) | |||
| 487 | ASN1_OBJECT *pobj; | 484 | ASN1_OBJECT *pobj; |
| 488 | 485 | ||
| 489 | if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { | 486 | if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { |
| 490 | X509V3err(X509V3_F_POLICY_SECTION, | 487 | X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER); |
| 491 | X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 492 | X509V3_conf_err(cnf); | 488 | X509V3_conf_err(cnf); |
| 493 | goto err; | 489 | goto err; |
| 494 | } | 490 | } |
| @@ -517,15 +513,13 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org) | |||
| 517 | POLICYQUALINFO *qual; | 513 | POLICYQUALINFO *qual; |
| 518 | 514 | ||
| 519 | if (*cnf->value != '@') { | 515 | if (*cnf->value != '@') { |
| 520 | X509V3err(X509V3_F_POLICY_SECTION, | 516 | X509V3error(X509V3_R_EXPECTED_A_SECTION_NAME); |
| 521 | X509V3_R_EXPECTED_A_SECTION_NAME); | ||
| 522 | X509V3_conf_err(cnf); | 517 | X509V3_conf_err(cnf); |
| 523 | goto err; | 518 | goto err; |
| 524 | } | 519 | } |
| 525 | unot = X509V3_get_section(ctx, cnf->value + 1); | 520 | unot = X509V3_get_section(ctx, cnf->value + 1); |
| 526 | if (unot == NULL) { | 521 | if (unot == NULL) { |
| 527 | X509V3err(X509V3_F_POLICY_SECTION, | 522 | X509V3error(X509V3_R_INVALID_SECTION); |
| 528 | X509V3_R_INVALID_SECTION); | ||
| 529 | X509V3_conf_err(cnf); | 523 | X509V3_conf_err(cnf); |
| 530 | goto err; | 524 | goto err; |
| 531 | } | 525 | } |
| @@ -542,22 +536,20 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org) | |||
| 542 | if (sk_POLICYQUALINFO_push(pol->qualifiers, qual) == 0) | 536 | if (sk_POLICYQUALINFO_push(pol->qualifiers, qual) == 0) |
| 543 | goto merr; | 537 | goto merr; |
| 544 | } else { | 538 | } else { |
| 545 | X509V3err(X509V3_F_POLICY_SECTION, | 539 | X509V3error(X509V3_R_INVALID_OPTION); |
| 546 | X509V3_R_INVALID_OPTION); | ||
| 547 | X509V3_conf_err(cnf); | 540 | X509V3_conf_err(cnf); |
| 548 | goto err; | 541 | goto err; |
| 549 | } | 542 | } |
| 550 | } | 543 | } |
| 551 | if (pol->policyid == NULL) { | 544 | if (pol->policyid == NULL) { |
| 552 | X509V3err(X509V3_F_POLICY_SECTION, | 545 | X509V3error(X509V3_R_NO_POLICY_IDENTIFIER); |
| 553 | X509V3_R_NO_POLICY_IDENTIFIER); | ||
| 554 | goto err; | 546 | goto err; |
| 555 | } | 547 | } |
| 556 | 548 | ||
| 557 | return pol; | 549 | return pol; |
| 558 | 550 | ||
| 559 | merr: | 551 | merr: |
| 560 | X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE); | 552 | X509V3error(ERR_R_MALLOC_FAILURE); |
| 561 | 553 | ||
| 562 | err: | 554 | err: |
| 563 | POLICYQUALINFO_free(nqual); | 555 | POLICYQUALINFO_free(nqual); |
| @@ -616,8 +608,7 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) | |||
| 616 | nref = not->noticeref; | 608 | nref = not->noticeref; |
| 617 | nos = X509V3_parse_list(cnf->value); | 609 | nos = X509V3_parse_list(cnf->value); |
| 618 | if (!nos || !sk_CONF_VALUE_num(nos)) { | 610 | if (!nos || !sk_CONF_VALUE_num(nos)) { |
| 619 | X509V3err(X509V3_F_NOTICE_SECTION, | 611 | X509V3error(X509V3_R_INVALID_NUMBERS); |
| 620 | X509V3_R_INVALID_NUMBERS); | ||
| 621 | X509V3_conf_err(cnf); | 612 | X509V3_conf_err(cnf); |
| 622 | if (nos != NULL) | 613 | if (nos != NULL) |
| 623 | sk_CONF_VALUE_pop_free(nos, | 614 | sk_CONF_VALUE_pop_free(nos, |
| @@ -629,8 +620,7 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) | |||
| 629 | if (!ret) | 620 | if (!ret) |
| 630 | goto err; | 621 | goto err; |
| 631 | } else { | 622 | } else { |
| 632 | X509V3err(X509V3_F_NOTICE_SECTION, | 623 | X509V3error(X509V3_R_INVALID_OPTION); |
| 633 | X509V3_R_INVALID_OPTION); | ||
| 634 | X509V3_conf_err(cnf); | 624 | X509V3_conf_err(cnf); |
| 635 | goto err; | 625 | goto err; |
| 636 | } | 626 | } |
| @@ -638,15 +628,14 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) | |||
| 638 | 628 | ||
| 639 | if (not->noticeref && | 629 | if (not->noticeref && |
| 640 | (!not->noticeref->noticenos || !not->noticeref->organization)) { | 630 | (!not->noticeref->noticenos || !not->noticeref->organization)) { |
| 641 | X509V3err(X509V3_F_NOTICE_SECTION, | 631 | X509V3error(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); |
| 642 | X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); | ||
| 643 | goto err; | 632 | goto err; |
| 644 | } | 633 | } |
| 645 | 634 | ||
| 646 | return qual; | 635 | return qual; |
| 647 | 636 | ||
| 648 | merr: | 637 | merr: |
| 649 | X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE); | 638 | X509V3error(ERR_R_MALLOC_FAILURE); |
| 650 | 639 | ||
| 651 | err: | 640 | err: |
| 652 | POLICYQUALINFO_free(qual); | 641 | POLICYQUALINFO_free(qual); |
| @@ -663,7 +652,7 @@ nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) | |||
| 663 | for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { | 652 | for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { |
| 664 | cnf = sk_CONF_VALUE_value(nos, i); | 653 | cnf = sk_CONF_VALUE_value(nos, i); |
| 665 | if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { | 654 | if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { |
| 666 | X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); | 655 | X509V3error(X509V3_R_INVALID_NUMBER); |
| 667 | goto err; | 656 | goto err; |
| 668 | } | 657 | } |
| 669 | if (!sk_ASN1_INTEGER_push(nnums, aint)) | 658 | if (!sk_ASN1_INTEGER_push(nnums, aint)) |
| @@ -672,7 +661,7 @@ nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) | |||
| 672 | return 1; | 661 | return 1; |
| 673 | 662 | ||
| 674 | merr: | 663 | merr: |
| 675 | X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); | 664 | X509V3error(ERR_R_MALLOC_FAILURE); |
| 676 | 665 | ||
| 677 | err: | 666 | err: |
| 678 | sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); | 667 | sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); |