openssl-1.0.0e: resolve conflicts

author: djm <> 2011-11-03 02:34:33 +0000
committer: djm <> 2011-11-03 02:34:33 +0000
commit: fc7396568e61a510b9336d6c220aaa889c03060f (patch)
tree: a8fc08e33aecdd21cb07aa47c8a3a9db715f2ef3 /src/lib/libcrypto/x509v3
parent: 1e8701dd2507fadf6d232d93eb4299a8b79c66d5 (diff)
download: openbsd-fc7396568e61a510b9336d6c220aaa889c03060f.tar.gz
openbsd-fc7396568e61a510b9336d6c220aaa889c03060f.tar.bz2
openbsd-fc7396568e61a510b9336d6c220aaa889c03060f.zip
3 files changed, 22 insertions, 18 deletions
diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c
index 92f6b24556..bb9777348f 100644
--- a/src/lib/libcrypto/x509v3/pcy_tree.c
+++ b/src/lib/libcrypto/x509v3/pcy_tree.c
@@ -341,9 +341,8 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
                                const X509_POLICY_CACHE *cache)
        {
        int i;
-        X509_POLICY_LEVEL *last;
        X509_POLICY_DATA *data;
-        last = curr - 1;
        for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++)
                {
                data = sk_X509_POLICY_DATA_value(cache->data, i);
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
index 9087d66e0a..0d70e8696d 100644
--- a/src/lib/libcrypto/x509v3/v3_addr.c
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
  unsigned char addr[ADDR_RAW_BUF_LEN];
  int i, n;
+  if (bs->length < 0)
+    return 0;
  switch (afi) {
  case IANA_AFI_IPV4:
+    if (bs->length > 4)
+      return 0;
    addr_expand(addr, bs, 4, fill);
    BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
    break;
  case IANA_AFI_IPV6:
+    if (bs->length > 16)
+      return 0;
    addr_expand(addr, bs, 16, fill);
    for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
      ;
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c
index 56702f86b9..3f434c0603 100644
--- a/src/lib/libcrypto/x509v3/v3_asid.c
+++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -61,7 +61,6 @@
 #include <stdio.h>
 #include <string.h>
-#include <assert.h>
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
@@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
 {
  const ASIdOrRange *a = *a_, *b = *b_;
-  assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+  OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
         (a->type == ASIdOrRange_range && a->u.range != NULL &&
          a->u.range->min != NULL && a->u.range->max != NULL));
-  assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+  OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
         (b->type == ASIdOrRange_range && b->u.range != NULL &&
          b->u.range->min != NULL && b->u.range->max != NULL));
@@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
  if (*choice == NULL) {
    if ((*choice = ASIdentifierChoice_new()) == NULL)
      return 0;
-    assert((*choice)->u.inherit == NULL);
+    OPENSSL_assert((*choice)->u.inherit == NULL);
    if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
      return 0;
    (*choice)->type = ASIdentifierChoice_inherit;
@@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
  if (*choice == NULL) {
    if ((*choice = ASIdentifierChoice_new()) == NULL)
      return 0;
-    assert((*choice)->u.asIdsOrRanges == NULL);
+    OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
    (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
    if ((*choice)->u.asIdsOrRanges == NULL)
      return 0;
@@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
                            ASN1_INTEGER **min,
                            ASN1_INTEGER **max)
 {
-  assert(aor != NULL && min != NULL && max != NULL);
+  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
  switch (aor->type) {
  case ASIdOrRange_id:
    *min = aor->u.id;
@@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 int v3_asid_is_canonical(ASIdentifiers *asid)
 {
  return (asid == NULL ||
-          (ASIdentifierChoice_is_canonical(asid->asnum) ||
+          (ASIdentifierChoice_is_canonical(asid->asnum) &&
           ASIdentifierChoice_is_canonical(asid->rdi)));
 }
@@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
  /*
   * We have a list.  Sort it.
   */
-  assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
+  OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
  sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
  /*
@@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
    /*
     * Make sure we're properly sorted (paranoia).
     */
-    assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
    /*
     * Check for overlaps.
@@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
    }
  }
-  assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+  OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
  ret = 1;
@@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
  int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
  X509 *x;
-  assert(chain != NULL && sk_X509_num(chain) > 0);
+  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-  assert(ctx != NULL || ext != NULL);
+  OPENSSL_assert(ctx != NULL || ext != NULL);
-  assert(ctx == NULL || ctx->verify_cb != NULL);
+  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
  /*
   * Figure out where to start.  If we don't have an extension to
@@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
  } else {
    i = 0;
    x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
    if ((ext = x->rfc3779_asid) == NULL)
      goto done;
  }
@@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   */
  for (i++; i < sk_X509_num(chain); i++) {
    x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
    if (x->rfc3779_asid == NULL) {
      if (child_as != NULL || child_rdi != NULL)
        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
  /*
   * Trust anchor can't inherit.
   */
-  assert(x != NULL);
+  OPENSSL_assert(x != NULL);
  if (x->rfc3779_asid != NULL) {
    if (x->rfc3779_asid->asnum != NULL &&
        x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
author	djm <>	2011-11-03 02:34:33 +0000
committer	djm <>	2011-11-03 02:34:33 +0000
commit	fc7396568e61a510b9336d6c220aaa889c03060f (patch)
tree	a8fc08e33aecdd21cb07aa47c8a3a9db715f2ef3 /src/lib/libcrypto/x509v3
parent	1e8701dd2507fadf6d232d93eb4299a8b79c66d5 (diff)
download	openbsd-fc7396568e61a510b9336d6c220aaa889c03060f.tar.gz openbsd-fc7396568e61a510b9336d6c220aaa889c03060f.tar.bz2 openbsd-fc7396568e61a510b9336d6c220aaa889c03060f.zip

diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c index 92f6b24556..bb9777348f 100644 --- a/src/lib/libcrypto/x509v3/pcy_tree.c +++ b/src/lib/libcrypto/x509v3/pcy_tree.c
@@ -341,9 +341,8 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
341	const X509_POLICY_CACHE *cache)	341	const X509_POLICY_CACHE *cache)
342	{	342	{
343	int i;	343	int i;
344	X509_POLICY_LEVEL *last;
345	X509_POLICY_DATA *data;	344	X509_POLICY_DATA *data;
346	last = curr - 1;	345
347	for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++)	346	for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++)
348	{	347	{
349	data = sk_X509_POLICY_DATA_value(cache->data, i);	348	data = sk_X509_POLICY_DATA_value(cache->data, i);


diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c index 9087d66e0a..0d70e8696d 100644 --- a/src/lib/libcrypto/x509v3/v3_addr.c +++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
177	unsigned char addr[ADDR_RAW_BUF_LEN];	177	unsigned char addr[ADDR_RAW_BUF_LEN];
178	int i, n;	178	int i, n;
179		179
		180	if (bs->length < 0)
		181	return 0;
180	switch (afi) {	182	switch (afi) {
181	case IANA_AFI_IPV4:	183	case IANA_AFI_IPV4:
		184	if (bs->length > 4)
		185	return 0;
182	addr_expand(addr, bs, 4, fill);	186	addr_expand(addr, bs, 4, fill);
183	BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);	187	BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
184	break;	188	break;
185	case IANA_AFI_IPV6:	189	case IANA_AFI_IPV6:
		190	if (bs->length > 16)
		191	return 0;
186	addr_expand(addr, bs, 16, fill);	192	addr_expand(addr, bs, 16, fill);
187	for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)	193	for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
188	;	194	;


diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c index 56702f86b9..3f434c0603 100644 --- a/src/lib/libcrypto/x509v3/v3_asid.c +++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -61,7 +61,6 @@
61		61
62	#include <stdio.h>	62	#include <stdio.h>
63	#include <string.h>	63	#include <string.h>
64	#include <assert.h>
65	#include "cryptlib.h"	64	#include "cryptlib.h"
66	#include <openssl/conf.h>	65	#include <openssl/conf.h>
67	#include <openssl/asn1.h>	66	#include <openssl/asn1.h>
@@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
172	{	171	{
173	const ASIdOrRange a = a_, b = b_;	172	const ASIdOrRange a = a_, b = b_;
174		173
175	assert((a->type == ASIdOrRange_id && a->u.id != NULL) \|\|	174	OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) \|\|
176	(a->type == ASIdOrRange_range && a->u.range != NULL &&	175	(a->type == ASIdOrRange_range && a->u.range != NULL &&
177	a->u.range->min != NULL && a->u.range->max != NULL));	176	a->u.range->min != NULL && a->u.range->max != NULL));
178		177
179	assert((b->type == ASIdOrRange_id && b->u.id != NULL) \|\|	178	OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) \|\|
180	(b->type == ASIdOrRange_range && b->u.range != NULL &&	179	(b->type == ASIdOrRange_range && b->u.range != NULL &&
181	b->u.range->min != NULL && b->u.range->max != NULL));	180	b->u.range->min != NULL && b->u.range->max != NULL));
182		181
@@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
215	if (*choice == NULL) {	214	if (*choice == NULL) {
216	if ((*choice = ASIdentifierChoice_new()) == NULL)	215	if ((*choice = ASIdentifierChoice_new()) == NULL)
217	return 0;	216	return 0;
218	assert((*choice)->u.inherit == NULL);	217	OPENSSL_assert((*choice)->u.inherit == NULL);
219	if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)	218	if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
220	return 0;	219	return 0;
221	(*choice)->type = ASIdentifierChoice_inherit;	220	(*choice)->type = ASIdentifierChoice_inherit;
@@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
250	if (*choice == NULL) {	249	if (*choice == NULL) {
251	if ((*choice = ASIdentifierChoice_new()) == NULL)	250	if ((*choice = ASIdentifierChoice_new()) == NULL)
252	return 0;	251	return 0;
253	assert((*choice)->u.asIdsOrRanges == NULL);	252	OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
254	(*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);	253	(*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
255	if ((*choice)->u.asIdsOrRanges == NULL)	254	if ((*choice)->u.asIdsOrRanges == NULL)
256	return 0;	255	return 0;
@@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
286	ASN1_INTEGER **min,	285	ASN1_INTEGER **min,
287	ASN1_INTEGER **max)	286	ASN1_INTEGER **max)
288	{	287	{
289	assert(aor != NULL && min != NULL && max != NULL);	288	OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
290	switch (aor->type) {	289	switch (aor->type) {
291	case ASIdOrRange_id:	290	case ASIdOrRange_id:
292	*min = aor->u.id;	291	*min = aor->u.id;
@@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
373	int v3_asid_is_canonical(ASIdentifiers *asid)	372	int v3_asid_is_canonical(ASIdentifiers *asid)
374	{	373	{
375	return (asid == NULL \|\|	374	return (asid == NULL \|\|
376	(ASIdentifierChoice_is_canonical(asid->asnum) \|\|	375	(ASIdentifierChoice_is_canonical(asid->asnum) &&
377	ASIdentifierChoice_is_canonical(asid->rdi)));	376	ASIdentifierChoice_is_canonical(asid->rdi)));
378	}	377	}
379		378
@@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
395	/*	394	/*
396	* We have a list. Sort it.	395	* We have a list. Sort it.
397	*/	396	*/
398	assert(choice->type == ASIdentifierChoice_asIdsOrRanges);	397	OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
399	sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);	398	sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
400		399
401	/*	400	/*
@@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
413	/*	412	/*
414	* Make sure we're properly sorted (paranoia).	413	* Make sure we're properly sorted (paranoia).
415	*/	414	*/
416	assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);	415	OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
417		416
418	/*	417	/*
419	* Check for overlaps.	418	* Check for overlaps.
@@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
472	}	471	}
473	}	472	}
474		473
475	assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */	474	OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
476		475
477	ret = 1;	476	ret = 1;
478		477
@@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
709	int i, ret = 1, inherit_as = 0, inherit_rdi = 0;	708	int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
710	X509 *x;	709	X509 *x;
711		710
712	assert(chain != NULL && sk_X509_num(chain) > 0);	711	OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
713	assert(ctx != NULL \|\| ext != NULL);	712	OPENSSL_assert(ctx != NULL \|\| ext != NULL);
714	assert(ctx == NULL \|\| ctx->verify_cb != NULL);	713	OPENSSL_assert(ctx == NULL \|\| ctx->verify_cb != NULL);
715		714
716	/*	715	/*
717	* Figure out where to start. If we don't have an extension to	716	* Figure out where to start. If we don't have an extension to
@@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
724	} else {	723	} else {
725	i = 0;	724	i = 0;
726	x = sk_X509_value(chain, i);	725	x = sk_X509_value(chain, i);
727	assert(x != NULL);	726	OPENSSL_assert(x != NULL);
728	if ((ext = x->rfc3779_asid) == NULL)	727	if ((ext = x->rfc3779_asid) == NULL)
729	goto done;	728	goto done;
730	}	729	}
@@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
757	*/	756	*/
758	for (i++; i < sk_X509_num(chain); i++) {	757	for (i++; i < sk_X509_num(chain); i++) {
759	x = sk_X509_value(chain, i);	758	x = sk_X509_value(chain, i);
760	assert(x != NULL);	759	OPENSSL_assert(x != NULL);
761	if (x->rfc3779_asid == NULL) {	760	if (x->rfc3779_asid == NULL) {
762	if (child_as != NULL \|\| child_rdi != NULL)	761	if (child_as != NULL \|\| child_rdi != NULL)
763	validation_err(X509_V_ERR_UNNESTED_RESOURCE);	762	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
800	/*	799	/*
801	* Trust anchor can't inherit.	800	* Trust anchor can't inherit.
802	*/	801	*/
803	assert(x != NULL);	802	OPENSSL_assert(x != NULL);
804	if (x->rfc3779_asid != NULL) {	803	if (x->rfc3779_asid != NULL) {
805	if (x->rfc3779_asid->asnum != NULL &&	804	if (x->rfc3779_asid->asnum != NULL &&
806	x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)	805	x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)