Parse non-v1 SCTs less awkwardly.

[openssl.git] / crypto / x509v3 / v3_ncons.c

diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 511fbd73caed7fec636cb2efbb169be459aba6a4..a01dc64dd22e83443f03d883ed765e12d54c162e 100644 (file)
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -1,5 +1,5 @@
 /* v3_ncons.c */
 /* v3_ncons.c */

-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  * project.
  */
 /* ====================================================================
  * project.
  */
 /* ====================================================================


@@ -63,13 +63,13 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 

-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, 
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, 

                                void *a, BIO *bp, int ind);
                                void *a, BIO *bp, int ind);

-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-                               STACK_OF(GENERAL_SUBTREE) *trees,
-                                       BIO *bp, int ind, char *name);
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                  STACK_OF(GENERAL_SUBTREE) *trees,
+                                  BIO *bp, int ind, char *name);

 static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
 
 static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
 static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
 
 static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);


@@ -106,8 +106,8 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
 
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
 

-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

        {
        int i;
        CONF_VALUE tval, *val;
        {
        int i;
        CONF_VALUE tval, *val;


@@ -162,8 +162,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
 
        
 
 
        
 

-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                               void *a, BIO *bp, int ind)
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                               BIO *bp, int ind)

        {
        NAME_CONSTRAINTS *ncons = a;
        do_i2r_name_constraints(method, ncons->permittedSubtrees,
        {
        NAME_CONSTRAINTS *ncons = a;
        do_i2r_name_constraints(method, ncons->permittedSubtrees,


@@ -173,9 +173,9 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
        return 1;
        }
 
        return 1;
        }
 

-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-                               STACK_OF(GENERAL_SUBTREE) *trees,
-                                       BIO *bp, int ind, char *name)
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                  STACK_OF(GENERAL_SUBTREE) *trees,
+                                  BIO *bp, int ind, char *name)

        {
        GENERAL_SUBTREE *tree;
        int i;
        {
        GENERAL_SUBTREE *tree;
        int i;


@@ -189,7 +189,6 @@ static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
                        print_nc_ipadd(bp, tree->base->d.ip);
                else
                        GENERAL_NAME_print(bp, tree->base);
                        print_nc_ipadd(bp, tree->base->d.ip);
                else
                        GENERAL_NAME_print(bp, tree->base);

-               tree = sk_GENERAL_SUBTREE_value(trees, i);

                BIO_puts(bp, "\n");
                }
        return 1;
                BIO_puts(bp, "\n");
                }
        return 1;


@@ -376,6 +375,11 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
 
 static int nc_dn(X509_NAME *nm, X509_NAME *base)
        {
 
 static int nc_dn(X509_NAME *nm, X509_NAME *base)
        {

+       /* Ensure canonical encodings are up to date.  */
+       if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+               return X509_V_ERR_OUT_OF_MEM;
+       if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+               return X509_V_ERR_OUT_OF_MEM;

        if (base->canon_enclen > nm->canon_enclen)
                return X509_V_ERR_PERMITTED_VIOLATION;
        if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
        if (base->canon_enclen > nm->canon_enclen)
                return X509_V_ERR_PERMITTED_VIOLATION;
        if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))


@@ -458,7 +462,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
        const char *baseptr = (char *)base->data;
        const char *hostptr = (char *)uri->data;
        const char *p = strchr(hostptr, ':');
        const char *baseptr = (char *)base->data;
        const char *hostptr = (char *)uri->data;
        const char *p = strchr(hostptr, ':');

-       size_t hostlen;
+       int hostlen;

        /* Check for foo:// and skip past it */
        if (!p || (p[1] != '/') || (p[2] != '/'))
                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
        /* Check for foo:// and skip past it */
        if (!p || (p[1] != '/') || (p[2] != '/'))
                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;


@@ -493,7 +497,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
                return X509_V_ERR_PERMITTED_VIOLATION;
                }
 
                return X509_V_ERR_PERMITTED_VIOLATION;
                }
 

-       if ((base->length != hostlen) || strncasecmp(hostptr, baseptr, hostlen))
+       if ((base->length != (int)hostlen) || strncasecmp(hostptr, baseptr, hostlen))

                return X509_V_ERR_PERMITTED_VIOLATION;
 
        return X509_V_OK;
                return X509_V_ERR_PERMITTED_VIOLATION;
 
        return X509_V_OK;