import openssl-0.9.7d

author: markus <> 2004-04-07 20:42:07 +0000
committer: markus <> 2004-04-07 20:42:07 +0000
commit: 58c08aa241f168c84ce7cc3052454ea59a44eada (patch)
tree: 1806747a3fda66041a998ca63c763fdcf722450e /src/lib/libcrypto/x509v3
parent: 9c1aa44a1eacea897c0432e796b205b8484ff4d2 (diff)
download: openbsd-58c08aa241f168c84ce7cc3052454ea59a44eada.tar.gz
openbsd-58c08aa241f168c84ce7cc3052454ea59a44eada.tar.bz2
openbsd-58c08aa241f168c84ce7cc3052454ea59a44eada.zip
4 files changed, 12 insertions, 9 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 0e9e7dcb4f..58b935a3b6 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -137,7 +137,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                        X509V3_add_value("IP Address","<invalid>", &ret);
                        break;
                }
-                sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+                BIO_snprintf(oline, sizeof oline,
+                             "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
                X509V3_add_value("IP Address",oline, &ret);
                break;
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index 894a8b94d8..f90829c574 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = {
 IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
 ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT)
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
 ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
 IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index e269df1373..53e3f48859 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
                                                STACK_OF(CONF_VALUE) *ret)
 {
        ACCESS_DESCRIPTION *desc;
-        int i;
+        int i,nlen;
        char objtmp[80], *ntmp;
        CONF_VALUE *vtmp;
        for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
@@ -114,15 +114,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
                if(!ret) break;
                vtmp = sk_CONF_VALUE_value(ret, i);
                i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
-                ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
+                nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
+                ntmp = OPENSSL_malloc(nlen);
                if(!ntmp) {
                        X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
                                        ERR_R_MALLOC_FAILURE);
                        return NULL;
                }
-                strcpy(ntmp, objtmp);
+                BUF_strlcpy(ntmp, objtmp, nlen);
-                strcat(ntmp, " - ");
+                BUF_strlcat(ntmp, " - ", nlen);
-                strcat(ntmp, vtmp->name);
+                BUF_strlcat(ntmp, vtmp->name, nlen);
                OPENSSL_free(vtmp->name);
                vtmp->name = ntmp;
                
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index 4d145f71fd..b3d1ae5d1c 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -3,7 +3,7 @@
 * project 2001.
 */
 /* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -415,6 +415,7 @@ static void x509v3_cache_extensions(X509 *x)
 * 1 is a CA
 * 2 basicConstraints absent so "maybe" a CA
 * 3 basicConstraints absent but self signed V1.
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
 */
 #define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
@@ -436,7 +437,7 @@ static int ca_check(const X509 *x)
        } else {
                if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
                /* If key usage present it must have certSign so tolerate it */
-                else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
+                else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
                else return 2;
        }
 }
author	markus <>	2004-04-07 20:42:07 +0000
committer	markus <>	2004-04-07 20:42:07 +0000
commit	58c08aa241f168c84ce7cc3052454ea59a44eada (patch)
tree	1806747a3fda66041a998ca63c763fdcf722450e /src/lib/libcrypto/x509v3
parent	9c1aa44a1eacea897c0432e796b205b8484ff4d2 (diff)
download	openbsd-58c08aa241f168c84ce7cc3052454ea59a44eada.tar.gz openbsd-58c08aa241f168c84ce7cc3052454ea59a44eada.tar.bz2 openbsd-58c08aa241f168c84ce7cc3052454ea59a44eada.zip