summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3/v3_asid.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509v3/v3_asid.c')
-rw-r--r--src/lib/libcrypto/x509v3/v3_asid.c63
1 files changed, 55 insertions, 8 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c
index 3f434c0603..1587e8ed72 100644
--- a/src/lib/libcrypto/x509v3/v3_asid.c
+++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -358,6 +358,20 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
358 goto done; 358 goto done;
359 } 359 }
360 360
361 /*
362 * Check for inverted range.
363 */
364 i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
365 {
366 ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
367 ASN1_INTEGER *a_min, *a_max;
368 if (a != NULL && a->type == ASIdOrRange_range) {
369 extract_min_max(a, &a_min, &a_max);
370 if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
371 goto done;
372 }
373 }
374
361 ret = 1; 375 ret = 1;
362 376
363 done: 377 done:
@@ -392,9 +406,18 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
392 return 1; 406 return 1;
393 407
394 /* 408 /*
395 * We have a list. Sort it. 409 * If not a list, or if empty list, it's broken.
410 */
411 if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
412 sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
413 X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
414 X509V3_R_EXTENSION_VALUE_ERROR);
415 return 0;
416 }
417
418 /*
419 * We have a non-empty list. Sort it.
396 */ 420 */
397 OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
398 sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); 421 sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
399 422
400 /* 423 /*
@@ -415,6 +438,13 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
415 OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); 438 OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
416 439
417 /* 440 /*
441 * Punt inverted ranges.
442 */
443 if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
444 ASN1_INTEGER_cmp(b_min, b_max) > 0)
445 goto done;
446
447 /*
418 * Check for overlaps. 448 * Check for overlaps.
419 */ 449 */
420 if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) { 450 if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
@@ -465,12 +495,26 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
465 break; 495 break;
466 } 496 }
467 ASIdOrRange_free(b); 497 ASIdOrRange_free(b);
468 sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); 498 (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
469 i--; 499 i--;
470 continue; 500 continue;
471 } 501 }
472 } 502 }
473 503
504 /*
505 * Check for final inverted range.
506 */
507 i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
508 {
509 ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
510 ASN1_INTEGER *a_min, *a_max;
511 if (a != NULL && a->type == ASIdOrRange_range) {
512 extract_min_max(a, &a_min, &a_max);
513 if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
514 goto done;
515 }
516 }
517
474 OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ 518 OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
475 519
476 ret = 1; 520 ret = 1;
@@ -498,6 +542,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
498 struct v3_ext_ctx *ctx, 542 struct v3_ext_ctx *ctx,
499 STACK_OF(CONF_VALUE) *values) 543 STACK_OF(CONF_VALUE) *values)
500{ 544{
545 ASN1_INTEGER *min = NULL, *max = NULL;
501 ASIdentifiers *asid = NULL; 546 ASIdentifiers *asid = NULL;
502 int i; 547 int i;
503 548
@@ -508,7 +553,6 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
508 553
509 for (i = 0; i < sk_CONF_VALUE_num(values); i++) { 554 for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
510 CONF_VALUE *val = sk_CONF_VALUE_value(values, i); 555 CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
511 ASN1_INTEGER *min = NULL, *max = NULL;
512 int i1, i2, i3, is_range, which; 556 int i1, i2, i3, is_range, which;
513 557
514 /* 558 /*
@@ -578,18 +622,19 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
578 max = s2i_ASN1_INTEGER(NULL, s + i2); 622 max = s2i_ASN1_INTEGER(NULL, s + i2);
579 OPENSSL_free(s); 623 OPENSSL_free(s);
580 if (min == NULL || max == NULL) { 624 if (min == NULL || max == NULL) {
581 ASN1_INTEGER_free(min);
582 ASN1_INTEGER_free(max);
583 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); 625 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
584 goto err; 626 goto err;
585 } 627 }
628 if (ASN1_INTEGER_cmp(min, max) > 0) {
629 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);
630 goto err;
631 }
586 } 632 }
587 if (!v3_asid_add_id_or_range(asid, which, min, max)) { 633 if (!v3_asid_add_id_or_range(asid, which, min, max)) {
588 ASN1_INTEGER_free(min);
589 ASN1_INTEGER_free(max);
590 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); 634 X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
591 goto err; 635 goto err;
592 } 636 }
637 min = max = NULL;
593 } 638 }
594 639
595 /* 640 /*
@@ -601,6 +646,8 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
601 646
602 err: 647 err:
603 ASIdentifiers_free(asid); 648 ASIdentifiers_free(asid);
649 ASN1_INTEGER_free(min);
650 ASN1_INTEGER_free(max);
604 return NULL; 651 return NULL;
605} 652}
606 653
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-16 18:25:34 +0000