diff options
| author | beck <> | 2023-04-26 19:00:57 +0000 |
|---|---|---|
| committer | beck <> | 2023-04-26 19:00:57 +0000 |
| commit | 2cddbeb9146f5236aad7baccb59e3bdc4da45da7 (patch) | |
| tree | de12554dec5cc7667ada7f613bdc45b29a11c2d2 /src | |
| parent | 5771c443bbf5cb66b1fbdd92d4c0fbdf7c87527d (diff) | |
| download | openbsd-2cddbeb9146f5236aad7baccb59e3bdc4da45da7.tar.gz openbsd-2cddbeb9146f5236aad7baccb59e3bdc4da45da7.tar.bz2 openbsd-2cddbeb9146f5236aad7baccb59e3bdc4da45da7.zip | |
Fix error code goop
ok tb@ jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_policy.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/lib/libcrypto/x509/x509_policy.c b/src/lib/libcrypto/x509/x509_policy.c index ec98829b98..e4b6ed6011 100644 --- a/src/lib/libcrypto/x509/x509_policy.c +++ b/src/lib/libcrypto/x509/x509_policy.c | |||
| @@ -17,6 +17,7 @@ | |||
| 17 | #include <assert.h> | 17 | #include <assert.h> |
| 18 | #include <string.h> | 18 | #include <string.h> |
| 19 | 19 | ||
| 20 | #include <openssl/err.h> | ||
| 20 | #include <openssl/objects.h> | 21 | #include <openssl/objects.h> |
| 21 | #include <openssl/stack.h> | 22 | #include <openssl/stack.h> |
| 22 | #include <openssl/x509v3.h> | 23 | #include <openssl/x509v3.h> |
| @@ -24,6 +25,8 @@ | |||
| 24 | #include "x509_internal.h" | 25 | #include "x509_internal.h" |
| 25 | #include "x509_local.h" | 26 | #include "x509_local.h" |
| 26 | 27 | ||
| 28 | /* XXX move to proper place */ | ||
| 29 | #define X509_R_INVALID_POLICY_EXTENSION 201 | ||
| 27 | 30 | ||
| 28 | // This file computes the X.509 policy tree, as described in RFC 5280, section | 31 | // This file computes the X.509 policy tree, as described in RFC 5280, section |
| 29 | // 6.1. It differs in that: | 32 | // 6.1. It differs in that: |
| @@ -245,7 +248,7 @@ static int process_certificate_policies(const X509 *x509, | |||
| 245 | // certificatePolicies may not be empty. See RFC 5280, section 4.2.1.4. | 248 | // certificatePolicies may not be empty. See RFC 5280, section 4.2.1.4. |
| 246 | // TODO(https://crbug.com/boringssl/443): Move this check into the parser. | 249 | // TODO(https://crbug.com/boringssl/443): Move this check into the parser. |
| 247 | if (sk_POLICYINFO_num(policies) == 0) { | 250 | if (sk_POLICYINFO_num(policies) == 0) { |
| 248 | OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); | 251 | X509error(X509_R_INVALID_POLICY_EXTENSION); |
| 249 | goto err; | 252 | goto err; |
| 250 | } | 253 | } |
| 251 | 254 | ||
| @@ -260,7 +263,7 @@ static int process_certificate_policies(const X509 *x509, | |||
| 260 | if (i > 0 && OBJ_cmp(sk_POLICYINFO_value(policies, i - 1)->policyid, | 263 | if (i > 0 && OBJ_cmp(sk_POLICYINFO_value(policies, i - 1)->policyid, |
| 261 | policy->policyid) == 0) { | 264 | policy->policyid) == 0) { |
| 262 | // Per RFC 5280, section 4.2.1.4, |policies| may not have duplicates. | 265 | // Per RFC 5280, section 4.2.1.4, |policies| may not have duplicates. |
| 263 | OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); | 266 | X509error(X509_R_INVALID_POLICY_EXTENSION); |
| 264 | goto err; | 267 | goto err; |
| 265 | } | 268 | } |
| 266 | } | 269 | } |
| @@ -369,7 +372,7 @@ static X509_POLICY_LEVEL *process_policy_mappings(const X509 *cert, | |||
| 369 | // PolicyMappings may not be empty. See RFC 5280, section 4.2.1.5. | 372 | // PolicyMappings may not be empty. See RFC 5280, section 4.2.1.5. |
| 370 | // TODO(https://crbug.com/boringssl/443): Move this check into the parser. | 373 | // TODO(https://crbug.com/boringssl/443): Move this check into the parser. |
| 371 | if (sk_POLICY_MAPPING_num(mappings) == 0) { | 374 | if (sk_POLICY_MAPPING_num(mappings) == 0) { |
| 372 | OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); | 375 | X509error(X509_R_INVALID_POLICY_EXTENSION); |
| 373 | goto err; | 376 | goto err; |
| 374 | } | 377 | } |
| 375 | 378 | ||
| @@ -517,7 +520,7 @@ static int apply_skip_certs(const ASN1_INTEGER *skip_certs, size_t *value) { | |||
| 517 | 520 | ||
| 518 | // TODO(https://crbug.com/boringssl/443): Move this check into the parser. | 521 | // TODO(https://crbug.com/boringssl/443): Move this check into the parser. |
| 519 | if (skip_certs->type & V_ASN1_NEG) { | 522 | if (skip_certs->type & V_ASN1_NEG) { |
| 520 | OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); | 523 | X509error(X509_R_INVALID_POLICY_EXTENSION); |
| 521 | return 0; | 524 | return 0; |
| 522 | } | 525 | } |
| 523 | 526 | ||
| @@ -548,7 +551,7 @@ static int process_policy_constraints(const X509 *x509, size_t *explicit_policy, | |||
| 548 | constraints->inhibitPolicyMapping == NULL) { | 551 | constraints->inhibitPolicyMapping == NULL) { |
| 549 | // Per RFC 5280, section 4.2.1.11, at least one of the fields must be | 552 | // Per RFC 5280, section 4.2.1.11, at least one of the fields must be |
| 550 | // present. | 553 | // present. |
| 551 | OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); | 554 | X509error(X509_R_INVALID_POLICY_EXTENSION); |
| 552 | POLICY_CONSTRAINTS_free(constraints); | 555 | POLICY_CONSTRAINTS_free(constraints); |
| 553 | return 0; | 556 | return 0; |
| 554 | } | 557 | } |