summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509v3')
-rw-r--r--src/lib/libcrypto/x509v3/v3_addr.c25
-rw-r--r--src/lib/libcrypto/x509v3/v3_asid.c10
2 files changed, 19 insertions, 16 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
index efdf7c3ba7..9087d66e0a 100644
--- a/src/lib/libcrypto/x509v3/v3_addr.c
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -236,7 +236,7 @@ static int i2r_IPAddressOrRanges(BIO *out,
236/* 236/*
237 * i2r handler for an IPAddrBlocks extension. 237 * i2r handler for an IPAddrBlocks extension.
238 */ 238 */
239static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, 239static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
240 void *ext, 240 void *ext,
241 BIO *out, 241 BIO *out,
242 int indent) 242 int indent)
@@ -315,8 +315,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
315 const int length) 315 const int length)
316{ 316{
317 unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; 317 unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
318 int prefixlen_a = 0; 318 int prefixlen_a = 0, prefixlen_b = 0;
319 int prefixlen_b = 0;
320 int r; 319 int r;
321 320
322 switch (a->type) { 321 switch (a->type) {
@@ -596,10 +595,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
596 return NULL; 595 return NULL;
597 switch (afi) { 596 switch (afi) {
598 case IANA_AFI_IPV4: 597 case IANA_AFI_IPV4:
599 (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); 598 sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
600 break; 599 break;
601 case IANA_AFI_IPV6: 600 case IANA_AFI_IPV6:
602 (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); 601 sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
603 break; 602 break;
604 } 603 }
605 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; 604 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
@@ -856,7 +855,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
856 if (!make_addressRange(&merged, a_min, b_max, length)) 855 if (!make_addressRange(&merged, a_min, b_max, length))
857 return 0; 856 return 0;
858 sk_IPAddressOrRange_set(aors, i, merged); 857 sk_IPAddressOrRange_set(aors, i, merged);
859 (void)sk_IPAddressOrRange_delete(aors, i + 1); 858 sk_IPAddressOrRange_delete(aors, i + 1);
860 IPAddressOrRange_free(a); 859 IPAddressOrRange_free(a);
861 IPAddressOrRange_free(b); 860 IPAddressOrRange_free(b);
862 --i; 861 --i;
@@ -880,7 +879,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
880 v3_addr_get_afi(f))) 879 v3_addr_get_afi(f)))
881 return 0; 880 return 0;
882 } 881 }
883 (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); 882 sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
884 sk_IPAddressFamily_sort(addr); 883 sk_IPAddressFamily_sort(addr);
885 OPENSSL_assert(v3_addr_is_canonical(addr)); 884 OPENSSL_assert(v3_addr_is_canonical(addr));
886 return 1; 885 return 1;
@@ -889,7 +888,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
889/* 888/*
890 * v2i handler for the IPAddrBlocks extension. 889 * v2i handler for the IPAddrBlocks extension.
891 */ 890 */
892static void *v2i_IPAddrBlocks(struct v3_ext_method *method, 891static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
893 struct v3_ext_ctx *ctx, 892 struct v3_ext_ctx *ctx,
894 STACK_OF(CONF_VALUE) *values) 893 STACK_OF(CONF_VALUE) *values)
895{ 894{
@@ -1125,7 +1124,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
1125 return 1; 1124 return 1;
1126 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) 1125 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
1127 return 0; 1126 return 0;
1128 (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); 1127 sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
1129 for (i = 0; i < sk_IPAddressFamily_num(a); i++) { 1128 for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
1130 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); 1129 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
1131 int j = sk_IPAddressFamily_find(b, fa); 1130 int j = sk_IPAddressFamily_find(b, fa);
@@ -1167,7 +1166,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1167{ 1166{
1168 IPAddrBlocks *child = NULL; 1167 IPAddrBlocks *child = NULL;
1169 int i, j, ret = 1; 1168 int i, j, ret = 1;
1170 X509 *x = NULL; 1169 X509 *x;
1171 1170
1172 OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); 1171 OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
1173 OPENSSL_assert(ctx != NULL || ext != NULL); 1172 OPENSSL_assert(ctx != NULL || ext != NULL);
@@ -1180,6 +1179,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1180 */ 1179 */
1181 if (ext != NULL) { 1180 if (ext != NULL) {
1182 i = -1; 1181 i = -1;
1182 x = NULL;
1183 } else { 1183 } else {
1184 i = 0; 1184 i = 0;
1185 x = sk_X509_value(chain, i); 1185 x = sk_X509_value(chain, i);
@@ -1189,7 +1189,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1189 } 1189 }
1190 if (!v3_addr_is_canonical(ext)) 1190 if (!v3_addr_is_canonical(ext))
1191 validation_err(X509_V_ERR_INVALID_EXTENSION); 1191 validation_err(X509_V_ERR_INVALID_EXTENSION);
1192 (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); 1192 sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
1193 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { 1193 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
1194 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); 1194 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
1195 ret = 0; 1195 ret = 0;
@@ -1215,7 +1215,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1215 } 1215 }
1216 continue; 1216 continue;
1217 } 1217 }
1218 (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); 1218 sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
1219 for (j = 0; j < sk_IPAddressFamily_num(child); j++) { 1219 for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
1220 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); 1220 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
1221 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); 1221 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
@@ -1242,6 +1242,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1242 /* 1242 /*
1243 * Trust anchor can't inherit. 1243 * Trust anchor can't inherit.
1244 */ 1244 */
1245 OPENSSL_assert(x != NULL);
1245 if (x->rfc3779_addr != NULL) { 1246 if (x->rfc3779_addr != NULL) {
1246 for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { 1247 for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
1247 IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j); 1248 IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c
index abd497ed1f..56702f86b9 100644
--- a/src/lib/libcrypto/x509v3/v3_asid.c
+++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -152,7 +152,7 @@ static int i2r_ASIdentifierChoice(BIO *out,
152/* 152/*
153 * i2r method for an ASIdentifier extension. 153 * i2r method for an ASIdentifier extension.
154 */ 154 */
155static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method, 155static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method,
156 void *ext, 156 void *ext,
157 BIO *out, 157 BIO *out,
158 int indent) 158 int indent)
@@ -466,7 +466,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
466 break; 466 break;
467 } 467 }
468 ASIdOrRange_free(b); 468 ASIdOrRange_free(b);
469 (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); 469 sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
470 i--; 470 i--;
471 continue; 471 continue;
472 } 472 }
@@ -495,7 +495,7 @@ int v3_asid_canonize(ASIdentifiers *asid)
495/* 495/*
496 * v2i method for an ASIdentifier extension. 496 * v2i method for an ASIdentifier extension.
497 */ 497 */
498static void *v2i_ASIdentifiers(struct v3_ext_method *method, 498static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
499 struct v3_ext_ctx *ctx, 499 struct v3_ext_ctx *ctx,
500 STACK_OF(CONF_VALUE) *values) 500 STACK_OF(CONF_VALUE) *values)
501{ 501{
@@ -707,7 +707,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
707{ 707{
708 ASIdOrRanges *child_as = NULL, *child_rdi = NULL; 708 ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
709 int i, ret = 1, inherit_as = 0, inherit_rdi = 0; 709 int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
710 X509 *x = NULL; 710 X509 *x;
711 711
712 assert(chain != NULL && sk_X509_num(chain) > 0); 712 assert(chain != NULL && sk_X509_num(chain) > 0);
713 assert(ctx != NULL || ext != NULL); 713 assert(ctx != NULL || ext != NULL);
@@ -720,6 +720,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
720 */ 720 */
721 if (ext != NULL) { 721 if (ext != NULL) {
722 i = -1; 722 i = -1;
723 x = NULL;
723 } else { 724 } else {
724 i = 0; 725 i = 0;
725 x = sk_X509_value(chain, i); 726 x = sk_X509_value(chain, i);
@@ -799,6 +800,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
799 /* 800 /*
800 * Trust anchor can't inherit. 801 * Trust anchor can't inherit.
801 */ 802 */
803 assert(x != NULL);
802 if (x->rfc3779_asid != NULL) { 804 if (x->rfc3779_asid != NULL) {
803 if (x->rfc3779_asid->asnum != NULL && 805 if (x->rfc3779_asid->asnum != NULL &&
804 x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) 806 x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)