diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x509_addr.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_addr.c | 44 | 
1 files changed, 23 insertions, 21 deletions
| diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index b1ff93d4d0..ba5aaff7e6 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_addr.c,v 1.80 2022/04/21 05:06:07 tb Exp $ */ | 1 | /* $OpenBSD: x509_addr.c,v 1.81 2022/05/17 07:50:59 tb Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Contributed to the OpenSSL Project by the American Registry for | 3 | * Contributed to the OpenSSL Project by the American Registry for | 
| 4 | * Internet Numbers ("ARIN"). | 4 | * Internet Numbers ("ARIN"). | 
| @@ -73,6 +73,7 @@ | |||
| 73 | #include <openssl/x509.h> | 73 | #include <openssl/x509.h> | 
| 74 | #include <openssl/x509v3.h> | 74 | #include <openssl/x509v3.h> | 
| 75 | 75 | ||
| 76 | #include "asn1_locl.h" | ||
| 76 | #include "bytestring.h" | 77 | #include "bytestring.h" | 
| 77 | #include "x509_lcl.h" | 78 | #include "x509_lcl.h" | 
| 78 | 79 | ||
| @@ -847,44 +848,45 @@ range_should_be_prefix(const unsigned char *min, const unsigned char *max, | |||
| 847 | } | 848 | } | 
| 848 | 849 | ||
| 849 | /* | 850 | /* | 
| 850 | * Construct a prefix. | 851 | * Fill IPAddressOrRange with bit string encoding of a prefix - RFC 3779, 2.1.1. | 
| 851 | */ | 852 | */ | 
| 852 | static int | 853 | static int | 
| 853 | make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, | 854 | make_addressPrefix(IPAddressOrRange **out_aor, uint8_t *addr, uint32_t afi, | 
| 854 | unsigned int afi, int prefix_len) | 855 | int prefix_len) | 
| 855 | { | 856 | { | 
| 856 | IPAddressOrRange *aor; | 857 | IPAddressOrRange *aor = NULL; | 
| 857 | int afi_len, byte_len, bit_len, max_len; | 858 | int afi_len, max_len, num_bits, num_octets; | 
| 859 | uint8_t unused_bits; | ||
| 858 | 860 | ||
| 859 | if (prefix_len < 0) | 861 | if (prefix_len < 0) | 
| 860 | return 0; | 862 | goto err; | 
| 861 | 863 | ||
| 862 | max_len = 16; | 864 | max_len = 16; | 
| 863 | if ((afi_len = length_from_afi(afi)) > 0) | 865 | if ((afi_len = length_from_afi(afi)) > 0) | 
| 864 | max_len = afi_len; | 866 | max_len = afi_len; | 
| 865 | if (prefix_len > 8 * max_len) | 867 | if (prefix_len > 8 * max_len) | 
| 866 | return 0; | 868 | goto err; | 
| 869 | |||
| 870 | num_octets = (prefix_len + 7) / 8; | ||
| 871 | num_bits = prefix_len % 8; | ||
| 867 | 872 | ||
| 868 | byte_len = (prefix_len + 7) / 8; | 873 | unused_bits = 0; | 
| 869 | bit_len = prefix_len % 8; | 874 | if (num_bits > 0) | 
| 875 | unused_bits = 8 - num_bits; | ||
| 870 | 876 | ||
| 871 | if ((aor = IPAddressOrRange_new()) == NULL) | 877 | if ((aor = IPAddressOrRange_new()) == NULL) | 
| 872 | return 0; | 878 | goto err; | 
| 879 | |||
| 873 | aor->type = IPAddressOrRange_addressPrefix; | 880 | aor->type = IPAddressOrRange_addressPrefix; | 
| 881 | |||
| 874 | if ((aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) | 882 | if ((aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) | 
| 875 | goto err; | 883 | goto err; | 
| 876 | 884 | if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, num_octets)) | |
| 877 | if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, byte_len)) | 885 | goto err; | 
| 886 | if (!asn1_abs_set_unused_bits(aor->u.addressPrefix, unused_bits)) | ||
| 878 | goto err; | 887 | goto err; | 
| 879 | 888 | ||
| 880 | aor->u.addressPrefix->flags &= ~7; | 889 | *out_aor = aor; | 
| 881 | aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT; | ||
| 882 | if (bit_len > 0) { | ||
| 883 | aor->u.addressPrefix->data[byte_len - 1] &= ~(0xff >> bit_len); | ||
| 884 | aor->u.addressPrefix->flags |= 8 - bit_len; | ||
| 885 | } | ||
| 886 | |||
| 887 | *result = aor; | ||
| 888 | return 1; | 890 | return 1; | 
| 889 | 891 | ||
| 890 | err: | 892 | err: | 
