diff options
author | djm <> | 2010-10-01 22:54:18 +0000 |
---|---|---|
committer | djm <> | 2010-10-01 22:54:18 +0000 |
commit | f6ca1ae73bb9eabfb510df2cffc2599db98d35a9 (patch) | |
tree | def8296400903465cb96345535c0a56935eb05a4 /src/lib/libcrypto/x509v3 | |
parent | 0229f29a33371533962d8b0b8264882afac53d70 (diff) | |
download | openbsd-f6ca1ae73bb9eabfb510df2cffc2599db98d35a9.tar.gz openbsd-f6ca1ae73bb9eabfb510df2cffc2599db98d35a9.tar.bz2 openbsd-f6ca1ae73bb9eabfb510df2cffc2599db98d35a9.zip |
import OpenSSL-1.0.0a
Diffstat (limited to 'src/lib/libcrypto/x509v3')
-rw-r--r-- | src/lib/libcrypto/x509v3/v3_addr.c | 25 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/v3_asid.c | 10 |
2 files changed, 19 insertions, 16 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c index efdf7c3ba7..9087d66e0a 100644 --- a/src/lib/libcrypto/x509v3/v3_addr.c +++ b/src/lib/libcrypto/x509v3/v3_addr.c | |||
@@ -236,7 +236,7 @@ static int i2r_IPAddressOrRanges(BIO *out, | |||
236 | /* | 236 | /* |
237 | * i2r handler for an IPAddrBlocks extension. | 237 | * i2r handler for an IPAddrBlocks extension. |
238 | */ | 238 | */ |
239 | static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, | 239 | static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, |
240 | void *ext, | 240 | void *ext, |
241 | BIO *out, | 241 | BIO *out, |
242 | int indent) | 242 | int indent) |
@@ -315,8 +315,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a, | |||
315 | const int length) | 315 | const int length) |
316 | { | 316 | { |
317 | unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; | 317 | unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; |
318 | int prefixlen_a = 0; | 318 | int prefixlen_a = 0, prefixlen_b = 0; |
319 | int prefixlen_b = 0; | ||
320 | int r; | 319 | int r; |
321 | 320 | ||
322 | switch (a->type) { | 321 | switch (a->type) { |
@@ -596,10 +595,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, | |||
596 | return NULL; | 595 | return NULL; |
597 | switch (afi) { | 596 | switch (afi) { |
598 | case IANA_AFI_IPV4: | 597 | case IANA_AFI_IPV4: |
599 | (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); | 598 | sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); |
600 | break; | 599 | break; |
601 | case IANA_AFI_IPV6: | 600 | case IANA_AFI_IPV6: |
602 | (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); | 601 | sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); |
603 | break; | 602 | break; |
604 | } | 603 | } |
605 | f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; | 604 | f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; |
@@ -856,7 +855,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, | |||
856 | if (!make_addressRange(&merged, a_min, b_max, length)) | 855 | if (!make_addressRange(&merged, a_min, b_max, length)) |
857 | return 0; | 856 | return 0; |
858 | sk_IPAddressOrRange_set(aors, i, merged); | 857 | sk_IPAddressOrRange_set(aors, i, merged); |
859 | (void)sk_IPAddressOrRange_delete(aors, i + 1); | 858 | sk_IPAddressOrRange_delete(aors, i + 1); |
860 | IPAddressOrRange_free(a); | 859 | IPAddressOrRange_free(a); |
861 | IPAddressOrRange_free(b); | 860 | IPAddressOrRange_free(b); |
862 | --i; | 861 | --i; |
@@ -880,7 +879,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) | |||
880 | v3_addr_get_afi(f))) | 879 | v3_addr_get_afi(f))) |
881 | return 0; | 880 | return 0; |
882 | } | 881 | } |
883 | (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); | 882 | sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); |
884 | sk_IPAddressFamily_sort(addr); | 883 | sk_IPAddressFamily_sort(addr); |
885 | OPENSSL_assert(v3_addr_is_canonical(addr)); | 884 | OPENSSL_assert(v3_addr_is_canonical(addr)); |
886 | return 1; | 885 | return 1; |
@@ -889,7 +888,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) | |||
889 | /* | 888 | /* |
890 | * v2i handler for the IPAddrBlocks extension. | 889 | * v2i handler for the IPAddrBlocks extension. |
891 | */ | 890 | */ |
892 | static void *v2i_IPAddrBlocks(struct v3_ext_method *method, | 891 | static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, |
893 | struct v3_ext_ctx *ctx, | 892 | struct v3_ext_ctx *ctx, |
894 | STACK_OF(CONF_VALUE) *values) | 893 | STACK_OF(CONF_VALUE) *values) |
895 | { | 894 | { |
@@ -1125,7 +1124,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) | |||
1125 | return 1; | 1124 | return 1; |
1126 | if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) | 1125 | if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) |
1127 | return 0; | 1126 | return 0; |
1128 | (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); | 1127 | sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); |
1129 | for (i = 0; i < sk_IPAddressFamily_num(a); i++) { | 1128 | for (i = 0; i < sk_IPAddressFamily_num(a); i++) { |
1130 | IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); | 1129 | IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); |
1131 | int j = sk_IPAddressFamily_find(b, fa); | 1130 | int j = sk_IPAddressFamily_find(b, fa); |
@@ -1167,7 +1166,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
1167 | { | 1166 | { |
1168 | IPAddrBlocks *child = NULL; | 1167 | IPAddrBlocks *child = NULL; |
1169 | int i, j, ret = 1; | 1168 | int i, j, ret = 1; |
1170 | X509 *x = NULL; | 1169 | X509 *x; |
1171 | 1170 | ||
1172 | OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); | 1171 | OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); |
1173 | OPENSSL_assert(ctx != NULL || ext != NULL); | 1172 | OPENSSL_assert(ctx != NULL || ext != NULL); |
@@ -1180,6 +1179,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
1180 | */ | 1179 | */ |
1181 | if (ext != NULL) { | 1180 | if (ext != NULL) { |
1182 | i = -1; | 1181 | i = -1; |
1182 | x = NULL; | ||
1183 | } else { | 1183 | } else { |
1184 | i = 0; | 1184 | i = 0; |
1185 | x = sk_X509_value(chain, i); | 1185 | x = sk_X509_value(chain, i); |
@@ -1189,7 +1189,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
1189 | } | 1189 | } |
1190 | if (!v3_addr_is_canonical(ext)) | 1190 | if (!v3_addr_is_canonical(ext)) |
1191 | validation_err(X509_V_ERR_INVALID_EXTENSION); | 1191 | validation_err(X509_V_ERR_INVALID_EXTENSION); |
1192 | (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); | 1192 | sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); |
1193 | if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { | 1193 | if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { |
1194 | X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); | 1194 | X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); |
1195 | ret = 0; | 1195 | ret = 0; |
@@ -1215,7 +1215,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
1215 | } | 1215 | } |
1216 | continue; | 1216 | continue; |
1217 | } | 1217 | } |
1218 | (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); | 1218 | sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); |
1219 | for (j = 0; j < sk_IPAddressFamily_num(child); j++) { | 1219 | for (j = 0; j < sk_IPAddressFamily_num(child); j++) { |
1220 | IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); | 1220 | IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); |
1221 | int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); | 1221 | int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); |
@@ -1242,6 +1242,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
1242 | /* | 1242 | /* |
1243 | * Trust anchor can't inherit. | 1243 | * Trust anchor can't inherit. |
1244 | */ | 1244 | */ |
1245 | OPENSSL_assert(x != NULL); | ||
1245 | if (x->rfc3779_addr != NULL) { | 1246 | if (x->rfc3779_addr != NULL) { |
1246 | for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { | 1247 | for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { |
1247 | IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j); | 1248 | IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j); |
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c index abd497ed1f..56702f86b9 100644 --- a/src/lib/libcrypto/x509v3/v3_asid.c +++ b/src/lib/libcrypto/x509v3/v3_asid.c | |||
@@ -152,7 +152,7 @@ static int i2r_ASIdentifierChoice(BIO *out, | |||
152 | /* | 152 | /* |
153 | * i2r method for an ASIdentifier extension. | 153 | * i2r method for an ASIdentifier extension. |
154 | */ | 154 | */ |
155 | static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method, | 155 | static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, |
156 | void *ext, | 156 | void *ext, |
157 | BIO *out, | 157 | BIO *out, |
158 | int indent) | 158 | int indent) |
@@ -466,7 +466,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) | |||
466 | break; | 466 | break; |
467 | } | 467 | } |
468 | ASIdOrRange_free(b); | 468 | ASIdOrRange_free(b); |
469 | (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); | 469 | sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); |
470 | i--; | 470 | i--; |
471 | continue; | 471 | continue; |
472 | } | 472 | } |
@@ -495,7 +495,7 @@ int v3_asid_canonize(ASIdentifiers *asid) | |||
495 | /* | 495 | /* |
496 | * v2i method for an ASIdentifier extension. | 496 | * v2i method for an ASIdentifier extension. |
497 | */ | 497 | */ |
498 | static void *v2i_ASIdentifiers(struct v3_ext_method *method, | 498 | static void *v2i_ASIdentifiers(const struct v3_ext_method *method, |
499 | struct v3_ext_ctx *ctx, | 499 | struct v3_ext_ctx *ctx, |
500 | STACK_OF(CONF_VALUE) *values) | 500 | STACK_OF(CONF_VALUE) *values) |
501 | { | 501 | { |
@@ -707,7 +707,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, | |||
707 | { | 707 | { |
708 | ASIdOrRanges *child_as = NULL, *child_rdi = NULL; | 708 | ASIdOrRanges *child_as = NULL, *child_rdi = NULL; |
709 | int i, ret = 1, inherit_as = 0, inherit_rdi = 0; | 709 | int i, ret = 1, inherit_as = 0, inherit_rdi = 0; |
710 | X509 *x = NULL; | 710 | X509 *x; |
711 | 711 | ||
712 | assert(chain != NULL && sk_X509_num(chain) > 0); | 712 | assert(chain != NULL && sk_X509_num(chain) > 0); |
713 | assert(ctx != NULL || ext != NULL); | 713 | assert(ctx != NULL || ext != NULL); |
@@ -720,6 +720,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, | |||
720 | */ | 720 | */ |
721 | if (ext != NULL) { | 721 | if (ext != NULL) { |
722 | i = -1; | 722 | i = -1; |
723 | x = NULL; | ||
723 | } else { | 724 | } else { |
724 | i = 0; | 725 | i = 0; |
725 | x = sk_X509_value(chain, i); | 726 | x = sk_X509_value(chain, i); |
@@ -799,6 +800,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, | |||
799 | /* | 800 | /* |
800 | * Trust anchor can't inherit. | 801 | * Trust anchor can't inherit. |
801 | */ | 802 | */ |
803 | assert(x != NULL); | ||
802 | if (x->rfc3779_asid != NULL) { | 804 | if (x->rfc3779_asid != NULL) { |
803 | if (x->rfc3779_asid->asnum != NULL && | 805 | if (x->rfc3779_asid->asnum != NULL && |
804 | x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) | 806 | x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) |