diff options
Diffstat (limited to 'crypto/x509v3')
-rw-r--r-- | crypto/x509v3/pcy_cache.c | 4 | ||||
-rw-r--r-- | crypto/x509v3/pcy_data.c | 2 | ||||
-rw-r--r-- | crypto/x509v3/pcy_lib.c | 2 | ||||
-rw-r--r-- | crypto/x509v3/pcy_local.h (renamed from crypto/x509v3/pcy_int.h) | 0 | ||||
-rw-r--r-- | crypto/x509v3/pcy_map.c | 4 | ||||
-rw-r--r-- | crypto/x509v3/pcy_node.c | 2 | ||||
-rw-r--r-- | crypto/x509v3/pcy_tree.c | 2 | ||||
-rw-r--r-- | crypto/x509v3/v3_addr.c | 2 | ||||
-rw-r--r-- | crypto/x509v3/v3_admis.h | 4 | ||||
-rw-r--r-- | crypto/x509v3/v3_alt.c | 17 | ||||
-rw-r--r-- | crypto/x509v3/v3_asid.c | 28 | ||||
-rw-r--r-- | crypto/x509v3/v3_conf.c | 4 | ||||
-rw-r--r-- | crypto/x509v3/v3_cpols.c | 2 | ||||
-rw-r--r-- | crypto/x509v3/v3_crld.c | 2 | ||||
-rw-r--r-- | crypto/x509v3/v3_ncons.c | 4 | ||||
-rw-r--r-- | crypto/x509v3/v3_purp.c | 2 | ||||
-rw-r--r-- | crypto/x509v3/v3_skey.c | 2 | ||||
-rw-r--r-- | crypto/x509v3/v3_utl.c | 4 |
18 files changed, 57 insertions, 30 deletions
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index 623870b1f6f5..04401bace8c5 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -10,9 +10,9 @@ #include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "pcy_int.h" +#include "pcy_local.h" static int policy_data_cmp(const X509_POLICY_DATA *const *a, const X509_POLICY_DATA *const *b); diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index bd3bb0e40dfe..073505951322 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -11,7 +11,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -#include "pcy_int.h" +#include "pcy_local.h" /* Policy Node routines */ diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c index 67f7eafc6e8d..2e196b838ca2 100644 --- a/crypto/x509v3/pcy_lib.c +++ b/crypto/x509v3/pcy_lib.c @@ -11,7 +11,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -#include "pcy_int.h" +#include "pcy_local.h" /* accessor functions */ diff --git a/crypto/x509v3/pcy_int.h b/crypto/x509v3/pcy_local.h index 5daf78de4585..5daf78de4585 100644 --- a/crypto/x509v3/pcy_int.h +++ b/crypto/x509v3/pcy_local.h diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c index ab9dd21b7d93..ae2a62c97787 100644 --- a/crypto/x509v3/pcy_map.c +++ b/crypto/x509v3/pcy_map.c @@ -10,9 +10,9 @@ #include "internal/cryptlib.h" #include <openssl/x509.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "pcy_int.h" +#include "pcy_local.h" /* * Set policy mapping entries in cache. Note: this modifies the passed diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c index 1ffe98498bdb..e2d7b1532236 100644 --- a/crypto/x509v3/pcy_node.c +++ b/crypto/x509v3/pcy_node.c @@ -12,7 +12,7 @@ #include <openssl/x509v3.h> #include <openssl/err.h> -#include "pcy_int.h" +#include "pcy_local.h" static int node_cmp(const X509_POLICY_NODE *const *a, const X509_POLICY_NODE *const *b) diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 87f51d001bbb..6e8322cbc5e3 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -11,7 +11,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -#include "pcy_int.h" +#include "pcy_local.h" /* * Enable this to print out the complete policy tree at various point during diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index bb58e0484611..4258dbc40c0f 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -20,7 +20,7 @@ #include <openssl/asn1t.h> #include <openssl/buffer.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" #ifndef OPENSSL_NO_RFC3779 diff --git a/crypto/x509v3/v3_admis.h b/crypto/x509v3/v3_admis.h index fa23fc761759..ea7632b3708d 100644 --- a/crypto/x509v3/v3_admis.h +++ b/crypto/x509v3/v3_admis.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_V3_ADMISSION_H -# define HEADER_V3_ADMISSION_H +#ifndef OSSL_CRYPTO_X509V3_V3_ADMIS_H +# define OSSL_CRYPTO_X509V3_V3_ADMIS_H struct NamingAuthority_st { ASN1_OBJECT* namingAuthorityId; diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index dfcb9094f4fc..7ac2911b91af 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -52,11 +52,24 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, { int i; GENERAL_NAME *gen; + STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret; + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { gen = sk_GENERAL_NAME_value(gens, i); - ret = i2v_GENERAL_NAME(method, gen, ret); + /* + * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes + * wrong we need to free the stack - but only if it was empty when we + * originally entered this function. + */ + tmpret = i2v_GENERAL_NAME(method, gen, ret); + if (tmpret == NULL) { + if (origret == NULL) + sk_CONF_VALUE_pop_free(ret, X509V3_conf_free); + return NULL; + } + ret = tmpret; } - if (!ret) + if (ret == NULL) return sk_CONF_VALUE_new_null(); return ret; } diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 089f2ae29f0c..ac6857267291 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -20,7 +20,7 @@ #include <openssl/asn1t.h> #include <openssl/x509v3.h> #include <openssl/x509.h> -#include "internal/x509_int.h" +#include "crypto/x509.h" #include <openssl/bn.h> #include "ext_dat.h" @@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor, static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) { ASN1_INTEGER *a_max_plus_one = NULL; + ASN1_INTEGER *orig; BIGNUM *bn = NULL; int i, ret = 0; @@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) */ if ((bn == NULL && (bn = BN_new()) == NULL) || ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1) || - (a_max_plus_one = - BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { + !BN_add_word(bn, 1)) { + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, + ERR_R_MALLOC_FAILURE); + goto done; + } + + if ((a_max_plus_one = + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + a_max_plus_one = orig; X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, ERR_R_MALLOC_FAILURE); goto done; @@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid) static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) { ASN1_INTEGER *a_max_plus_one = NULL; + ASN1_INTEGER *orig; BIGNUM *bn = NULL; int i, ret = 0; @@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) */ if ((bn == NULL && (bn = BN_new()) == NULL) || ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1) || - (a_max_plus_one = - BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { + !BN_add_word(bn, 1)) { + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, + ERR_R_MALLOC_FAILURE); + goto done; + } + + if ((a_max_plus_one = + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + a_max_plus_one = orig; X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); goto done; diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 7acaebfa2250..e93de3454604 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -10,11 +10,11 @@ /* extension creation utilities */ #include <stdio.h> -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include <openssl/conf.h> #include <openssl/x509.h> -#include "internal/x509_int.h" +#include "crypto/x509.h" #include <openssl/x509v3.h> static int v3_check_critical(const char **value); diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 7a47fd38b379..1d12c899125c 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -14,7 +14,7 @@ #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "pcy_int.h" +#include "pcy_local.h" #include "ext_dat.h" /* Certificate policies extension support: this one is a bit complex... */ diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 6cba4240abf1..4854748ffb51 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -14,7 +14,7 @@ #include <openssl/asn1t.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static void *v2i_crld(const X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 9a2cd5af00c7..2a7b4f0992a8 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -10,12 +10,12 @@ #include "internal/cryptlib.h" #include "internal/numbers.h" #include <stdio.h> -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #include <openssl/asn1t.h> #include <openssl/conf.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 2f06289d1949..3f60c2ea1da3 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -12,7 +12,7 @@ #include "internal/numbers.h" #include <openssl/x509v3.h> #include <openssl/x509_vfy.h> -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "internal/tsan_assist.h" static void x509v3_cache_extensions(X509 *x); diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 749f51b2f00e..c2e82045682a 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -10,7 +10,7 @@ #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/x509v3.h> -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index c9b40d2c76eb..7281a7b917a8 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -12,11 +12,11 @@ #include "e_os.h" #include "internal/cryptlib.h" #include <stdio.h> -#include "internal/ctype.h" +#include "crypto/ctype.h" #include <openssl/conf.h> #include <openssl/crypto.h> #include <openssl/x509v3.h> -#include "internal/x509_int.h" +#include "crypto/x509.h" #include <openssl/bn.h> #include "ext_dat.h" |