diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_addr.c | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index e66d408ffb..038319087b 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_addr.c,v 1.33 2021/12/28 16:21:59 tb Exp $ */ | 1 | /* $OpenBSD: x509_addr.c,v 1.34 2021/12/28 16:26:53 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Contributed to the OpenSSL Project by the American Registry for | 3 | * Contributed to the OpenSSL Project by the American Registry for |
| 4 | * Internet Numbers ("ARIN"). | 4 | * Internet Numbers ("ARIN"). |
| @@ -362,31 +362,42 @@ X509v3_addr_get_afi(const IPAddressFamily *f) | |||
| 362 | } | 362 | } |
| 363 | 363 | ||
| 364 | /* | 364 | /* |
| 365 | * Expand the bitstring form of an address into a raw byte array. | 365 | * Expand the bitstring form (RFC 3779, section 2.1.2) of an address into |
| 366 | * At the moment this is coded for simplicity, not speed. | 366 | * a raw byte array. At the moment this is coded for simplicity, not speed. |
| 367 | * | ||
| 368 | * Unused bits in the last octet of |bs| and all bits in subsequent bytes | ||
| 369 | * of |addr| are set to 0 or 1 depending on whether |fill| is 0 or not. | ||
| 367 | */ | 370 | */ |
| 368 | static int | 371 | static int |
| 369 | addr_expand(unsigned char *addr, const ASN1_BIT_STRING *bs, const int length, | 372 | addr_expand(unsigned char *addr, const ASN1_BIT_STRING *bs, const int length, |
| 370 | const unsigned char fill) | 373 | uint8_t fill) |
| 371 | { | 374 | { |
| 372 | if (bs->length < 0 || bs->length > length) | 375 | if (bs->length < 0 || bs->length > length) |
| 373 | return 0; | 376 | return 0; |
| 377 | |||
| 378 | if (fill != 0) | ||
| 379 | fill = 0xFF; | ||
| 380 | |||
| 374 | if (bs->length > 0) { | 381 | if (bs->length > 0) { |
| 382 | /* XXX - shouldn't this check ASN1_STRING_FLAG_BITS_LEFT? */ | ||
| 383 | uint8_t unused_bits = bs->flags & 7; | ||
| 384 | uint8_t mask = (1 << unused_bits) - 1; | ||
| 385 | |||
| 375 | memcpy(addr, bs->data, bs->length); | 386 | memcpy(addr, bs->data, bs->length); |
| 376 | if ((bs->flags & 7) != 0) { | 387 | |
| 377 | unsigned char mask = 0xFF >> (8 - (bs->flags & 7)); | 388 | if (fill == 0) |
| 378 | if (fill == 0) | 389 | addr[bs->length - 1] &= ~mask; |
| 379 | addr[bs->length - 1] &= ~mask; | 390 | else |
| 380 | else | 391 | addr[bs->length - 1] |= mask; |
| 381 | addr[bs->length - 1] |= mask; | ||
| 382 | } | ||
| 383 | } | 392 | } |
| 393 | |||
| 384 | memset(addr + bs->length, fill, length - bs->length); | 394 | memset(addr + bs->length, fill, length - bs->length); |
| 395 | |||
| 385 | return 1; | 396 | return 1; |
| 386 | } | 397 | } |
| 387 | 398 | ||
| 388 | /* | 399 | /* |
| 389 | * Extract the prefix length from a bitstring. | 400 | * Extract the prefix length from a bitstring: 8 * length - unused bits. |
| 390 | */ | 401 | */ |
| 391 | #define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) | 402 | #define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) |
| 392 | 403 | ||