diff options
| -rw-r--r-- | src/lib/libcrypto/x509/x509_asid.c | 56 |
1 files changed, 19 insertions, 37 deletions
diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c index ecd35b1f1d..c9d3c8d7c0 100644 --- a/src/lib/libcrypto/x509/x509_asid.c +++ b/src/lib/libcrypto/x509/x509_asid.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_asid.c,v 1.41 2023/11/11 09:35:21 tb Exp $ */ | 1 | /* $OpenBSD: x509_asid.c,v 1.42 2024/02/19 15:44:10 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Contributed to the OpenSSL Project by the American Registry for | 3 | * Contributed to the OpenSSL Project by the American Registry for |
| 4 | * Internet Numbers ("ARIN"). | 4 | * Internet Numbers ("ARIN"). |
| @@ -568,6 +568,8 @@ extract_min_max(ASIdOrRange *aor, ASN1_INTEGER **min, ASN1_INTEGER **max) | |||
| 568 | static int | 568 | static int |
| 569 | ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) | 569 | ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) |
| 570 | { | 570 | { |
| 571 | ASIdOrRange *a, *b; | ||
| 572 | ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = NULL; | ||
| 571 | ASN1_INTEGER *a_max_plus_one = NULL; | 573 | ASN1_INTEGER *a_max_plus_one = NULL; |
| 572 | ASN1_INTEGER *orig; | 574 | ASN1_INTEGER *orig; |
| 573 | BIGNUM *bn = NULL; | 575 | BIGNUM *bn = NULL; |
| @@ -590,15 +592,8 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) | |||
| 590 | * It's a list, check it. | 592 | * It's a list, check it. |
| 591 | */ | 593 | */ |
| 592 | for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { | 594 | for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { |
| 593 | ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, | 595 | a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); |
| 594 | i); | 596 | b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); |
| 595 | ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, | ||
| 596 | i + 1); | ||
| 597 | ASN1_INTEGER *a_min = NULL, | ||
| 598 | *a_max = NULL, | ||
| 599 | *b_min = NULL, | ||
| 600 | *b_max = | ||
| 601 | NULL; | ||
| 602 | 597 | ||
| 603 | if (!extract_min_max(a, &a_min, &a_max) || | 598 | if (!extract_min_max(a, &a_min, &a_max) || |
| 604 | !extract_min_max(b, &b_min, &b_max)) | 599 | !extract_min_max(b, &b_min, &b_max)) |
| @@ -640,15 +635,11 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) | |||
| 640 | * Check for inverted range. | 635 | * Check for inverted range. |
| 641 | */ | 636 | */ |
| 642 | i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; | 637 | i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; |
| 643 | { | 638 | a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); |
| 644 | ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, | 639 | if (a != NULL && a->type == ASIdOrRange_range) { |
| 645 | i); | 640 | if (!extract_min_max(a, &a_min, &a_max) || |
| 646 | ASN1_INTEGER *a_min, *a_max; | 641 | ASN1_INTEGER_cmp(a_min, a_max) > 0) |
| 647 | if (a != NULL && a->type == ASIdOrRange_range) { | 642 | goto done; |
| 648 | if (!extract_min_max(a, &a_min, &a_max) || | ||
| 649 | ASN1_INTEGER_cmp(a_min, a_max) > 0) | ||
| 650 | goto done; | ||
| 651 | } | ||
| 652 | } | 643 | } |
| 653 | 644 | ||
| 654 | ret = 1; | 645 | ret = 1; |
| @@ -677,6 +668,8 @@ LCRYPTO_ALIAS(X509v3_asid_is_canonical); | |||
| 677 | static int | 668 | static int |
| 678 | ASIdentifierChoice_canonize(ASIdentifierChoice *choice) | 669 | ASIdentifierChoice_canonize(ASIdentifierChoice *choice) |
| 679 | { | 670 | { |
| 671 | ASIdOrRange *a, *b; | ||
| 672 | ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = NULL; | ||
| 680 | ASN1_INTEGER *a_max_plus_one = NULL; | 673 | ASN1_INTEGER *a_max_plus_one = NULL; |
| 681 | ASN1_INTEGER *orig; | 674 | ASN1_INTEGER *orig; |
| 682 | BIGNUM *bn = NULL; | 675 | BIGNUM *bn = NULL; |
| @@ -707,15 +700,8 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice) | |||
| 707 | * former and fixing the latter. | 700 | * former and fixing the latter. |
| 708 | */ | 701 | */ |
| 709 | for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { | 702 | for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { |
| 710 | ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, | 703 | a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); |
| 711 | i); | 704 | b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); |
| 712 | ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, | ||
| 713 | i + 1); | ||
| 714 | ASN1_INTEGER *a_min = NULL, | ||
| 715 | *a_max = NULL, | ||
| 716 | *b_min = NULL, | ||
| 717 | *b_max = | ||
| 718 | NULL; | ||
| 719 | 705 | ||
| 720 | if (!extract_min_max(a, &a_min, &a_max) || | 706 | if (!extract_min_max(a, &a_min, &a_max) || |
| 721 | !extract_min_max(b, &b_min, &b_max)) | 707 | !extract_min_max(b, &b_min, &b_max)) |
| @@ -800,15 +786,11 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice) | |||
| 800 | * Check for final inverted range. | 786 | * Check for final inverted range. |
| 801 | */ | 787 | */ |
| 802 | i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; | 788 | i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; |
| 803 | { | 789 | a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); |
| 804 | ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, | 790 | if (a != NULL && a->type == ASIdOrRange_range) { |
| 805 | i); | 791 | if (!extract_min_max(a, &a_min, &a_max) || |
| 806 | ASN1_INTEGER *a_min, *a_max; | 792 | ASN1_INTEGER_cmp(a_min, a_max) > 0) |
| 807 | if (a != NULL && a->type == ASIdOrRange_range) { | 793 | goto done; |
| 808 | if (!extract_min_max(a, &a_min, &a_max) || | ||
| 809 | ASN1_INTEGER_cmp(a_min, a_max) > 0) | ||
| 810 | goto done; | ||
| 811 | } | ||
| 812 | } | 794 | } |
| 813 | 795 | ||
| 814 | /* Paranoia */ | 796 | /* Paranoia */ |