projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Parse non-v1 SCTs less awkwardly.
[openssl.git]
/
crypto
/
x509v3
/
v3_ncons.c
diff --git
a/crypto/x509v3/v3_ncons.c
b/crypto/x509v3/v3_ncons.c
index 511fbd73caed7fec636cb2efbb169be459aba6a4..a01dc64dd22e83443f03d883ed765e12d54c162e 100644
(file)
--- a/
crypto/x509v3/v3_ncons.c
+++ b/
crypto/x509v3/v3_ncons.c
@@
-1,5
+1,5
@@
/* v3_ncons.c */
/* v3_ncons.c */
-/* Written by Dr Stephen N Henson (s
henson@bigfoot.com
) for the OpenSSL
+/* Written by Dr Stephen N Henson (s
teve@openssl.org
) for the OpenSSL
* project.
*/
/* ====================================================================
* project.
*/
/* ====================================================================
@@
-63,13
+63,13
@@
#include <openssl/conf.h>
#include <openssl/x509v3.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
+static void *v2i_NAME_CONSTRAINTS(
const
X509V3_EXT_METHOD *method,
+
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(
const
X509V3_EXT_METHOD *method,
void *a, BIO *bp, int ind);
void *a, BIO *bp, int ind);
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
- STACK_OF(GENERAL_SUBTREE) *trees,
-
BIO *bp, int ind, char *name);
+static int do_i2r_name_constraints(
const
X509V3_EXT_METHOD *method,
+
STACK_OF(GENERAL_SUBTREE) *trees,
+ BIO *bp, int ind, char *name);
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
@@
-106,8
+106,8
@@
ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_NAME_CONSTRAINTS(
const
X509V3_EXT_METHOD *method,
+
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
int i;
CONF_VALUE tval, *val;
{
int i;
CONF_VALUE tval, *val;
@@
-162,8
+162,8
@@
static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-static int i2r_NAME_CONSTRAINTS(
X509V3_EXT_METHOD *method
,
-
void *a,
BIO *bp, int ind)
+static int i2r_NAME_CONSTRAINTS(
const X509V3_EXT_METHOD *method, void *a
,
+ BIO *bp, int ind)
{
NAME_CONSTRAINTS *ncons = a;
do_i2r_name_constraints(method, ncons->permittedSubtrees,
{
NAME_CONSTRAINTS *ncons = a;
do_i2r_name_constraints(method, ncons->permittedSubtrees,
@@
-173,9
+173,9
@@
static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
return 1;
}
return 1;
}
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
- STACK_OF(GENERAL_SUBTREE) *trees,
-
BIO *bp, int ind, char *name)
+static int do_i2r_name_constraints(
const
X509V3_EXT_METHOD *method,
+
STACK_OF(GENERAL_SUBTREE) *trees,
+ BIO *bp, int ind, char *name)
{
GENERAL_SUBTREE *tree;
int i;
{
GENERAL_SUBTREE *tree;
int i;
@@
-189,7
+189,6
@@
static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
print_nc_ipadd(bp, tree->base->d.ip);
else
GENERAL_NAME_print(bp, tree->base);
print_nc_ipadd(bp, tree->base->d.ip);
else
GENERAL_NAME_print(bp, tree->base);
- tree = sk_GENERAL_SUBTREE_value(trees, i);
BIO_puts(bp, "\n");
}
return 1;
BIO_puts(bp, "\n");
}
return 1;
@@
-376,6
+375,11
@@
static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
static int nc_dn(X509_NAME *nm, X509_NAME *base)
{
static int nc_dn(X509_NAME *nm, X509_NAME *base)
{
+ /* Ensure canonical encodings are up to date. */
+ if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+ return X509_V_ERR_OUT_OF_MEM;
+ if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+ return X509_V_ERR_OUT_OF_MEM;
if (base->canon_enclen > nm->canon_enclen)
return X509_V_ERR_PERMITTED_VIOLATION;
if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
if (base->canon_enclen > nm->canon_enclen)
return X509_V_ERR_PERMITTED_VIOLATION;
if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
@@
-458,7
+462,7
@@
static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
const char *baseptr = (char *)base->data;
const char *hostptr = (char *)uri->data;
const char *p = strchr(hostptr, ':');
const char *baseptr = (char *)base->data;
const char *hostptr = (char *)uri->data;
const char *p = strchr(hostptr, ':');
-
size_
t hostlen;
+
in
t hostlen;
/* Check for foo:// and skip past it */
if (!p || (p[1] != '/') || (p[2] != '/'))
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
/* Check for foo:// and skip past it */
if (!p || (p[1] != '/') || (p[2] != '/'))
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
@@
-493,7
+497,7
@@
static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
return X509_V_ERR_PERMITTED_VIOLATION;
}
return X509_V_ERR_PERMITTED_VIOLATION;
}
- if ((base->length != hostlen) || strncasecmp(hostptr, baseptr, hostlen))
+ if ((base->length !=
(int)
hostlen) || strncasecmp(hostptr, baseptr, hostlen))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;