diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_trs.c | 1 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509type.c | 5 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_conf.c | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_cpols.c | 24 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_lib.c | 1 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_prn.c | 2 |
7 files changed, 22 insertions, 19 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index 17d69ac005..881252608d 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c | |||
| @@ -82,6 +82,7 @@ static X509_TRUST trstandard[] = { | |||
| 82 | {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, | 82 | {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, |
| 83 | {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, | 83 | {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, |
| 84 | {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, | 84 | {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, |
| 85 | {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, | ||
| 85 | {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, | 86 | {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, |
| 86 | {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} | 87 | {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} |
| 87 | }; | 88 | }; |
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 552d1e7251..2bb21b443e 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx) | |||
| 453 | if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) | 453 | if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) |
| 454 | return 1; | 454 | return 1; |
| 455 | if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) | 455 | if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) |
| 456 | last = 0; | ||
| 457 | else | ||
| 458 | last = sk_X509_num(ctx->chain) - 1; | 456 | last = sk_X509_num(ctx->chain) - 1; |
| 457 | else | ||
| 458 | last = 0; | ||
| 459 | for(i = 0; i <= last; i++) | 459 | for(i = 0; i <= last; i++) |
| 460 | { | 460 | { |
| 461 | ctx->error_depth = i; | 461 | ctx->error_depth = i; |
| @@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx) | |||
| 674 | ok=(*cb)(0,ctx); | 674 | ok=(*cb)(0,ctx); |
| 675 | if (!ok) goto end; | 675 | if (!ok) goto end; |
| 676 | } | 676 | } |
| 677 | if (X509_verify(xs,pkey) <= 0) | 677 | else if (X509_verify(xs,pkey) <= 0) |
| 678 | /* XXX For the final trusted self-signed cert, | 678 | /* XXX For the final trusted self-signed cert, |
| 679 | * this is a waste of time. That check should | 679 | * this is a waste of time. That check should |
| 680 | * optional so that e.g. 'openssl x509' can be | 680 | * optional so that e.g. 'openssl x509' can be |
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c index 8e78b34458..f78c2a6b43 100644 --- a/src/lib/libcrypto/x509/x509type.c +++ b/src/lib/libcrypto/x509/x509type.c | |||
| @@ -99,14 +99,15 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) | |||
| 99 | case EVP_PKEY_RSA: | 99 | case EVP_PKEY_RSA: |
| 100 | ret|=EVP_PKS_RSA; | 100 | ret|=EVP_PKS_RSA; |
| 101 | break; | 101 | break; |
| 102 | case EVP_PKS_DSA: | 102 | case EVP_PKEY_DSA: |
| 103 | ret|=EVP_PKS_DSA; | 103 | ret|=EVP_PKS_DSA; |
| 104 | break; | 104 | break; |
| 105 | default: | 105 | default: |
| 106 | break; | 106 | break; |
| 107 | } | 107 | } |
| 108 | 108 | ||
| 109 | if (EVP_PKEY_size(pk) <= 512) | 109 | if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look |
| 110 | for, not bytes */ | ||
| 110 | ret|=EVP_PKT_EXP; | 111 | ret|=EVP_PKT_EXP; |
| 111 | if(pkey==NULL) EVP_PKEY_free(pk); | 112 | if(pkey==NULL) EVP_PKEY_free(pk); |
| 112 | return(ret); | 113 | return(ret); |
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c index 1a3448e121..1284d5aaa5 100644 --- a/src/lib/libcrypto/x509v3/v3_conf.c +++ b/src/lib/libcrypto/x509v3/v3_conf.c | |||
| @@ -236,7 +236,7 @@ static int v3_check_critical(char **value) | |||
| 236 | static int v3_check_generic(char **value) | 236 | static int v3_check_generic(char **value) |
| 237 | { | 237 | { |
| 238 | char *p = *value; | 238 | char *p = *value; |
| 239 | if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; | 239 | if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0; |
| 240 | p+=4; | 240 | p+=4; |
| 241 | while (isspace((unsigned char)*p)) p++; | 241 | while (isspace((unsigned char)*p)) p++; |
| 242 | *value = p; | 242 | *value = p; |
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c index 0d4ab1f680..0d554f3a2c 100644 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ b/src/lib/libcrypto/x509v3/v3_cpols.c | |||
| @@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, | |||
| 73 | STACK_OF(CONF_VALUE) *polstrs, int ia5org); | 73 | STACK_OF(CONF_VALUE) *polstrs, int ia5org); |
| 74 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | 74 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, |
| 75 | STACK_OF(CONF_VALUE) *unot, int ia5org); | 75 | STACK_OF(CONF_VALUE) *unot, int ia5org); |
| 76 | static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos); | 76 | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); |
| 77 | 77 | ||
| 78 | X509V3_EXT_METHOD v3_cpols = { | 78 | X509V3_EXT_METHOD v3_cpols = { |
| 79 | NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), | 79 | NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), |
| @@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, | |||
| 226 | qual = notice_section(ctx, unot, ia5org); | 226 | qual = notice_section(ctx, unot, ia5org); |
| 227 | X509V3_section_free(ctx, unot); | 227 | X509V3_section_free(ctx, unot); |
| 228 | if(!qual) goto err; | 228 | if(!qual) goto err; |
| 229 | if(!pol->qualifiers) pol->qualifiers = | ||
| 230 | sk_POLICYQUALINFO_new_null(); | ||
| 229 | if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) | 231 | if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) |
| 230 | goto merr; | 232 | goto merr; |
| 231 | } else { | 233 | } else { |
| @@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, | |||
| 255 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | 257 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, |
| 256 | STACK_OF(CONF_VALUE) *unot, int ia5org) | 258 | STACK_OF(CONF_VALUE) *unot, int ia5org) |
| 257 | { | 259 | { |
| 258 | int i; | 260 | int i, ret; |
| 259 | CONF_VALUE *cnf; | 261 | CONF_VALUE *cnf; |
| 260 | USERNOTICE *not; | 262 | USERNOTICE *not; |
| 261 | POLICYQUALINFO *qual; | 263 | POLICYQUALINFO *qual; |
| @@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | |||
| 275 | if(!(nref = NOTICEREF_new())) goto merr; | 277 | if(!(nref = NOTICEREF_new())) goto merr; |
| 276 | not->noticeref = nref; | 278 | not->noticeref = nref; |
| 277 | } else nref = not->noticeref; | 279 | } else nref = not->noticeref; |
| 278 | if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); | 280 | if(ia5org) nref->organization->type = V_ASN1_IA5STRING; |
| 279 | else nref->organization = M_ASN1_VISIBLESTRING_new(); | 281 | else nref->organization->type = V_ASN1_VISIBLESTRING; |
| 280 | if(!ASN1_STRING_set(nref->organization, cnf->value, | 282 | if(!ASN1_STRING_set(nref->organization, cnf->value, |
| 281 | strlen(cnf->value))) goto merr; | 283 | strlen(cnf->value))) goto merr; |
| 282 | } else if(!strcmp(cnf->name, "noticeNumbers")) { | 284 | } else if(!strcmp(cnf->name, "noticeNumbers")) { |
| @@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | |||
| 292 | X509V3_conf_err(cnf); | 294 | X509V3_conf_err(cnf); |
| 293 | goto err; | 295 | goto err; |
| 294 | } | 296 | } |
| 295 | nref->noticenos = nref_nos(nos); | 297 | ret = nref_nos(nref->noticenos, nos); |
| 296 | sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); | 298 | sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); |
| 297 | if(!nref->noticenos) goto err; | 299 | if (!ret) |
| 300 | goto err; | ||
| 298 | } else { | 301 | } else { |
| 299 | X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); | 302 | X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); |
| 300 | |||
| 301 | X509V3_conf_err(cnf); | 303 | X509V3_conf_err(cnf); |
| 302 | goto err; | 304 | goto err; |
| 303 | } | 305 | } |
| @@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | |||
| 319 | return NULL; | 321 | return NULL; |
| 320 | } | 322 | } |
| 321 | 323 | ||
| 322 | static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) | 324 | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) |
| 323 | { | 325 | { |
| 324 | STACK_OF(ASN1_INTEGER) *nnums; | ||
| 325 | CONF_VALUE *cnf; | 326 | CONF_VALUE *cnf; |
| 326 | ASN1_INTEGER *aint; | 327 | ASN1_INTEGER *aint; |
| 327 | 328 | ||
| 328 | int i; | 329 | int i; |
| 329 | 330 | ||
| 330 | if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr; | ||
| 331 | for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { | 331 | for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { |
| 332 | cnf = sk_CONF_VALUE_value(nos, i); | 332 | cnf = sk_CONF_VALUE_value(nos, i); |
| 333 | if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { | 333 | if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { |
| @@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) | |||
| 336 | } | 336 | } |
| 337 | if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; | 337 | if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; |
| 338 | } | 338 | } |
| 339 | return nnums; | 339 | return 1; |
| 340 | 340 | ||
| 341 | merr: | 341 | merr: |
| 342 | X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); | 342 | X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); |
| 343 | 343 | ||
| 344 | err: | 344 | err: |
| 345 | sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); | 345 | sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); |
| 346 | return NULL; | 346 | return 0; |
| 347 | } | 347 | } |
| 348 | 348 | ||
| 349 | 349 | ||
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c index 482ca8ccf5..ca5a4a4a57 100644 --- a/src/lib/libcrypto/x509v3/v3_lib.c +++ b/src/lib/libcrypto/x509v3/v3_lib.c | |||
| @@ -202,6 +202,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) | |||
| 202 | if(OBJ_obj2nid(ex->object) == nid) { | 202 | if(OBJ_obj2nid(ex->object) == nid) { |
| 203 | if(idx) { | 203 | if(idx) { |
| 204 | *idx = i; | 204 | *idx = i; |
| 205 | found_ex = ex; | ||
| 205 | break; | 206 | break; |
| 206 | } else if(found_ex) { | 207 | } else if(found_ex) { |
| 207 | /* Found more than one */ | 208 | /* Found more than one */ |
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c index 754808b625..5d268eb768 100644 --- a/src/lib/libcrypto/x509v3/v3_prn.c +++ b/src/lib/libcrypto/x509v3/v3_prn.c | |||
| @@ -184,7 +184,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts | |||
| 184 | j=X509_EXTENSION_get_critical(ex); | 184 | j=X509_EXTENSION_get_critical(ex); |
| 185 | if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) | 185 | if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) |
| 186 | return 0; | 186 | return 0; |
| 187 | if(!X509V3_EXT_print(bp, ex, flag, 12)) | 187 | if(!X509V3_EXT_print(bp, ex, flag, indent + 4)) |
| 188 | { | 188 | { |
| 189 | BIO_printf(bp, "%*s", indent + 4, ""); | 189 | BIO_printf(bp, "%*s", indent + 4, ""); |
| 190 | M_ASN1_OCTET_STRING_print(bp,ex->value); | 190 | M_ASN1_OCTET_STRING_print(bp,ex->value); |