diff options
| author | heretic <heretic@yandex-team.ru> | 2022-02-10 16:45:43 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:45:43 +0300 |
| commit | 397cbe258b9e064f49c4ca575279f02f39fef76e (patch) | |
| tree | a0b0eb3cca6a14e4e8ea715393637672fa651284 /contrib/libs/openssl/crypto/x509v3 | |
| parent | 43f5a35593ebc9f6bcea619bb170394ea7ae468e (diff) | |
| download | ydb-397cbe258b9e064f49c4ca575279f02f39fef76e.tar.gz | |
Restoring authorship annotation for <heretic@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'contrib/libs/openssl/crypto/x509v3')
| -rw-r--r-- | contrib/libs/openssl/crypto/x509v3/pcy_data.c | 4 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/x509v3/v3_akey.c | 68 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/x509v3/v3_alt.c | 18 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/x509v3/v3_cpols.c | 14 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/x509v3/v3_genn.c | 92 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/x509v3/v3_ncons.c | 106 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/x509v3/v3_pci.c | 6 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/x509v3/v3_purp.c | 116 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/x509v3/v3_utl.c | 94 | ||||
| -rw-r--r-- | contrib/libs/openssl/crypto/x509v3/v3err.c | 10 |
10 files changed, 264 insertions, 264 deletions
diff --git a/contrib/libs/openssl/crypto/x509v3/pcy_data.c b/contrib/libs/openssl/crypto/x509v3/pcy_data.c index 8c7bc69576..d8980f8fc3 100644 --- a/contrib/libs/openssl/crypto/x509v3/pcy_data.c +++ b/contrib/libs/openssl/crypto/x509v3/pcy_data.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -52,7 +52,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); - ASN1_OBJECT_free(id); + ASN1_OBJECT_free(id); return NULL; } ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); diff --git a/contrib/libs/openssl/crypto/x509v3/v3_akey.c b/contrib/libs/openssl/crypto/x509v3/v3_akey.c index 33b1933d72..d48b2fccdb 100644 --- a/contrib/libs/openssl/crypto/x509v3/v3_akey.c +++ b/contrib/libs/openssl/crypto/x509v3/v3_akey.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,48 +39,48 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *extlist) { - char *tmp = NULL; - STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist; - + char *tmp = NULL; + STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist; + if (akeyid->keyid) { tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); - if (tmp == NULL) { - X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!X509V3_add_value("keyid", tmp, &extlist)) { - OPENSSL_free(tmp); - X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); - goto err; - } + if (tmp == NULL) { + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (!X509V3_add_value("keyid", tmp, &extlist)) { + OPENSSL_free(tmp); + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); + goto err; + } OPENSSL_free(tmp); } - if (akeyid->issuer) { - tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); - if (tmpextlist == NULL) { - X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); - goto err; - } - extlist = tmpextlist; - } + if (akeyid->issuer) { + tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); + if (tmpextlist == NULL) { + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); + goto err; + } + extlist = tmpextlist; + } if (akeyid->serial) { tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); - if (tmp == NULL) { - X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!X509V3_add_value("serial", tmp, &extlist)) { - OPENSSL_free(tmp); - X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); - goto err; - } + if (tmp == NULL) { + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!X509V3_add_value("serial", tmp, &extlist)) { + OPENSSL_free(tmp); + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); + goto err; + } OPENSSL_free(tmp); } return extlist; - err: - if (origextlist == NULL) - sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); - return NULL; + err: + if (origextlist == NULL) + sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); + return NULL; } /*- diff --git a/contrib/libs/openssl/crypto/x509v3/v3_alt.c b/contrib/libs/openssl/crypto/x509v3/v3_alt.c index 7c32d4031d..160cb5969b 100644 --- a/contrib/libs/openssl/crypto/x509v3/v3_alt.c +++ b/contrib/libs/openssl/crypto/x509v3/v3_alt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ #include <stdio.h> #include "internal/cryptlib.h" -#include "crypto/x509.h" +#include "crypto/x509.h" #include <openssl/conf.h> #include <openssl/x509v3.h> #include "ext_dat.h" @@ -100,20 +100,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, break; case GEN_EMAIL: - if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, - gen->d.ia5->length, &ret)) + if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; case GEN_DNS: - if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, - gen->d.ia5->length, &ret)) + if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; case GEN_URI: - if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, - gen->d.ia5->length, &ret)) + if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; @@ -279,7 +279,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) num = sk_GENERAL_NAME_num(ialt); if (!sk_GENERAL_NAME_reserve(gens, num)) { X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); - sk_GENERAL_NAME_free(ialt); + sk_GENERAL_NAME_free(ialt); goto err; } diff --git a/contrib/libs/openssl/crypto/x509v3/v3_cpols.c b/contrib/libs/openssl/crypto/x509v3/v3_cpols.c index 09804b5848..27d8cc62c0 100644 --- a/contrib/libs/openssl/crypto/x509v3/v3_cpols.c +++ b/contrib/libs/openssl/crypto/x509v3/v3_cpols.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -422,8 +422,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, qualinfo = sk_POLICYQUALINFO_value(quals, i); switch (OBJ_obj2nid(qualinfo->pqualid)) { case NID_id_qt_cps: - BIO_printf(out, "%*sCPS: %.*s\n", indent, "", - qualinfo->d.cpsuri->length, + BIO_printf(out, "%*sCPS: %.*s\n", indent, "", + qualinfo->d.cpsuri->length, qualinfo->d.cpsuri->data); break; @@ -448,8 +448,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) if (notice->noticeref) { NOTICEREF *ref; ref = notice->noticeref; - BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", - ref->organization->length, + BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", + ref->organization->length, ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); @@ -472,8 +472,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) BIO_puts(out, "\n"); } if (notice->exptext) - BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", - notice->exptext->length, + BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", + notice->exptext->length, notice->exptext->data); } diff --git a/contrib/libs/openssl/crypto/x509v3/v3_genn.c b/contrib/libs/openssl/crypto/x509v3/v3_genn.c index 87a5eff47c..85e9fa82c4 100644 --- a/contrib/libs/openssl/crypto/x509v3/v3_genn.c +++ b/contrib/libs/openssl/crypto/x509v3/v3_genn.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,9 +22,9 @@ ASN1_SEQUENCE(OTHERNAME) = { IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) ASN1_SEQUENCE(EDIPARTYNAME) = { - /* DirectoryString is a CHOICE type so use explicit tagging */ - ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), - ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) + /* DirectoryString is a CHOICE type so use explicit tagging */ + ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), + ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) } ASN1_SEQUENCE_END(EDIPARTYNAME) IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) @@ -58,37 +58,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a) (char *)a); } -static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) -{ - int res; - - if (a == NULL || b == NULL) { - /* - * Shouldn't be possible in a valid GENERAL_NAME, but we handle it - * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here - */ - return -1; - } - if (a->nameAssigner == NULL && b->nameAssigner != NULL) - return -1; - if (a->nameAssigner != NULL && b->nameAssigner == NULL) - return 1; - /* If we get here then both have nameAssigner set, or both unset */ - if (a->nameAssigner != NULL) { - res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner); - if (res != 0) - return res; - } - /* - * partyName is required, so these should never be NULL. We treat it in - * the same way as the a == NULL || b == NULL case above - */ - if (a->partyName == NULL || b->partyName == NULL) - return -1; - - return ASN1_STRING_cmp(a->partyName, b->partyName); -} - +static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) +{ + int res; + + if (a == NULL || b == NULL) { + /* + * Shouldn't be possible in a valid GENERAL_NAME, but we handle it + * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here + */ + return -1; + } + if (a->nameAssigner == NULL && b->nameAssigner != NULL) + return -1; + if (a->nameAssigner != NULL && b->nameAssigner == NULL) + return 1; + /* If we get here then both have nameAssigner set, or both unset */ + if (a->nameAssigner != NULL) { + res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner); + if (res != 0) + return res; + } + /* + * partyName is required, so these should never be NULL. We treat it in + * the same way as the a == NULL || b == NULL case above + */ + if (a->partyName == NULL || b->partyName == NULL) + return -1; + + return ASN1_STRING_cmp(a->partyName, b->partyName); +} + /* Returns 0 if they are equal, != 0 otherwise. */ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) { @@ -98,11 +98,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) return -1; switch (a->type) { case GEN_X400: - result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); - break; - + result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); + break; + case GEN_EDIPARTY: - result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); + result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); break; case GEN_OTHERNAME: @@ -149,11 +149,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) { switch (type) { case GEN_X400: - a->d.x400Address = value; - break; - + a->d.x400Address = value; + break; + case GEN_EDIPARTY: - a->d.ediPartyName = value; + a->d.ediPartyName = value; break; case GEN_OTHERNAME: @@ -187,10 +187,10 @@ void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype) *ptype = a->type; switch (a->type) { case GEN_X400: - return a->d.x400Address; - + return a->d.x400Address; + case GEN_EDIPARTY: - return a->d.ediPartyName; + return a->d.ediPartyName; case GEN_OTHERNAME: return a->d.otherName; diff --git a/contrib/libs/openssl/crypto/x509v3/v3_ncons.c b/contrib/libs/openssl/crypto/x509v3/v3_ncons.c index d985aa91da..74fcaed44e 100644 --- a/contrib/libs/openssl/crypto/x509v3/v3_ncons.c +++ b/contrib/libs/openssl/crypto/x509v3/v3_ncons.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,31 +63,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) - -#define IA5_OFFSET_LEN(ia5base, offset) \ - ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) - -/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the - * starting point to search from - */ -# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) - -/* Like memrrchr but for ASN1_IA5STRING */ -static char *ia5memrchr(ASN1_IA5STRING *str, int c) -{ - int i; - - for (i = str->length; i > 0 && str->data[i - 1] != c; i--); - - if (i == 0) - return NULL; - - return (char *)&str->data[i - 1]; -} - + +#define IA5_OFFSET_LEN(ia5base, offset) \ + ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) + +/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the + * starting point to search from + */ +# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) + +/* Like memrrchr but for ASN1_IA5STRING */ +static char *ia5memrchr(ASN1_IA5STRING *str, int c) +{ + int i; + + for (i = str->length; i > 0 && str->data[i - 1] != c; i--); + + if (i == 0) + return NULL; + + return (char *)&str->data[i - 1]; +} + /* - * We cannot use strncasecmp here because that applies locale specific rules. It - * also doesn't work with ASN1_STRINGs that may have embedded NUL characters. + * We cannot use strncasecmp here because that applies locale specific rules. It + * also doesn't work with ASN1_STRINGs that may have embedded NUL characters. * For example in Turkish 'I' is not the uppercase character for 'i'. We need to * do a simple ASCII case comparison ignoring the locale (that is why we use * numeric constants below). @@ -352,7 +352,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) --utf8_length; /* Reject *embedded* NULs */ - if (memchr(utf8_value, 0, utf8_length) != NULL) { + if (memchr(utf8_value, 0, utf8_length) != NULL) { OPENSSL_free(utf8_value); return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; } @@ -551,14 +551,14 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) { char *baseptr = (char *)base->data; char *dnsptr = (char *)dns->data; - + /* Empty matches everything */ - if (base->length == 0) + if (base->length == 0) return X509_V_OK; - - if (dns->length < base->length) - return X509_V_ERR_PERMITTED_VIOLATION; - + + if (dns->length < base->length) + return X509_V_ERR_PERMITTED_VIOLATION; + /* * Otherwise can add zero or more components on the left so compare RHS * and if dns is longer and expect '.' as preceding character. @@ -569,7 +569,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) return X509_V_ERR_PERMITTED_VIOLATION; } - if (ia5ncasecmp(baseptr, dnsptr, base->length)) + if (ia5ncasecmp(baseptr, dnsptr, base->length)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -580,17 +580,17 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) { const char *baseptr = (char *)base->data; const char *emlptr = (char *)eml->data; - const char *baseat = ia5memrchr(base, '@'); - const char *emlat = ia5memrchr(eml, '@'); - size_t basehostlen, emlhostlen; + const char *baseat = ia5memrchr(base, '@'); + const char *emlat = ia5memrchr(eml, '@'); + size_t basehostlen, emlhostlen; if (!emlat) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: initial '.' is RHS match */ - if (!baseat && base->length > 0 && (*baseptr == '.')) { + if (!baseat && base->length > 0 && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (ia5ncasecmp(baseptr, emlptr, base->length) == 0) + if (ia5ncasecmp(baseptr, emlptr, base->length) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -610,10 +610,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) baseptr = baseat + 1; } emlptr = emlat + 1; - basehostlen = IA5_OFFSET_LEN(base, baseptr); - emlhostlen = IA5_OFFSET_LEN(eml, emlptr); + basehostlen = IA5_OFFSET_LEN(base, baseptr); + emlhostlen = IA5_OFFSET_LEN(eml, emlptr); /* Just have hostname left to match: case insensitive */ - if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen)) + if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -624,14 +624,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) { const char *baseptr = (char *)base->data; const char *hostptr = (char *)uri->data; - const char *p = ia5memchr(uri, (char *)uri->data, ':'); + const char *p = ia5memchr(uri, (char *)uri->data, ':'); int hostlen; - + /* Check for foo:// and skip past it */ - if (p == NULL - || IA5_OFFSET_LEN(uri, p) < 3 - || p[1] != '/' - || p[2] != '/') + if (p == NULL + || IA5_OFFSET_LEN(uri, p) < 3 + || p[1] != '/' + || p[2] != '/') return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; hostptr = p + 3; @@ -639,13 +639,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) /* Look for a port indicator as end of hostname first */ - p = ia5memchr(uri, hostptr, ':'); + p = ia5memchr(uri, hostptr, ':'); /* Otherwise look for trailing slash */ - if (p == NULL) - p = ia5memchr(uri, hostptr, '/'); + if (p == NULL) + p = ia5memchr(uri, hostptr, '/'); - if (p == NULL) - hostlen = IA5_OFFSET_LEN(uri, hostptr); + if (p == NULL) + hostlen = IA5_OFFSET_LEN(uri, hostptr); else hostlen = p - hostptr; @@ -653,7 +653,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: initial '.' is RHS match */ - if (base->length > 0 && *baseptr == '.') { + if (base->length > 0 && *baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; if (ia5ncasecmp(p, baseptr, base->length) == 0) diff --git a/contrib/libs/openssl/crypto/x509v3/v3_pci.c b/contrib/libs/openssl/crypto/x509v3/v3_pci.c index 532d4e192f..a4360f47ba 100644 --- a/contrib/libs/openssl/crypto/x509v3/v3_pci.c +++ b/contrib/libs/openssl/crypto/x509v3/v3_pci.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,8 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); BIO_puts(out, "\n"); if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) - BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", - pci->proxyPolicy->policy->length, + BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", + pci->proxyPolicy->policy->length, pci->proxyPolicy->policy->data); return 1; } diff --git a/contrib/libs/openssl/crypto/x509v3/v3_purp.c b/contrib/libs/openssl/crypto/x509v3/v3_purp.c index a1aeb4e4c6..fd42bd6b63 100644 --- a/contrib/libs/openssl/crypto/x509v3/v3_purp.c +++ b/contrib/libs/openssl/crypto/x509v3/v3_purp.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,7 +13,7 @@ #include <openssl/x509v3.h> #include <openssl/x509_vfy.h> #include "crypto/x509.h" -#include "../x509/x509_local.h" /* for x509_signing_allowed() */ +#include "../x509/x509_local.h" /* for x509_signing_allowed() */ #include "internal/tsan_assist.h" static void x509v3_cache_extensions(X509 *x); @@ -345,24 +345,24 @@ static int setup_crldp(X509 *x) return 1; } -/* Check that issuer public key algorithm matches subject signature algorithm */ -static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) -{ - int pkey_sig_nid, subj_sig_nid; - - if (pkey == NULL) - return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; - if (OBJ_find_sigid_algs(EVP_PKEY_base_id(pkey), - NULL, &pkey_sig_nid) == 0) - pkey_sig_nid = EVP_PKEY_base_id(pkey); - if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), - NULL, &subj_sig_nid) == 0) - return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; - if (pkey_sig_nid != EVP_PKEY_type(subj_sig_nid)) - return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; - return X509_V_OK; -} - +/* Check that issuer public key algorithm matches subject signature algorithm */ +static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) +{ + int pkey_sig_nid, subj_sig_nid; + + if (pkey == NULL) + return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; + if (OBJ_find_sigid_algs(EVP_PKEY_base_id(pkey), + NULL, &pkey_sig_nid) == 0) + pkey_sig_nid = EVP_PKEY_base_id(pkey); + if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), + NULL, &subj_sig_nid) == 0) + return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; + if (pkey_sig_nid != EVP_PKEY_type(subj_sig_nid)) + return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; + return X509_V_OK; +} + #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) @@ -394,8 +394,8 @@ static void x509v3_cache_extensions(X509 *x) } if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) - x->ex_flags |= (EXFLAG_NO_FINGERPRINT | EXFLAG_INVALID); - + x->ex_flags |= (EXFLAG_NO_FINGERPRINT | EXFLAG_INVALID); + /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; @@ -516,11 +516,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; /* Does subject name match issuer ? */ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { - x->ex_flags |= EXFLAG_SI; /* cert is self-issued */ - if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */ - /* .. and the signature alg matches the PUBKEY alg: */ - && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) - x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ + x->ex_flags |= EXFLAG_SI; /* cert is self-issued */ + if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */ + /* .. and the signature alg matches the PUBKEY alg: */ + && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) + x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ } x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL); if (x->altname == NULL && i != -1) @@ -813,23 +813,23 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) } /*- - * Check if certificate I<issuer> is allowed to issue certificate I<subject> - * according to the B<keyUsage> field of I<issuer> if present - * depending on any proxyCertInfo extension of I<subject>. - * Returns 0 for OK, or positive for reason for rejection - * where reason codes match those for X509_verify_cert(). - */ -int x509_signing_allowed(const X509 *issuer, const X509 *subject) -{ - if (subject->ex_flags & EXFLAG_PROXY) { - if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) - return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; - } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) - return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; - return X509_V_OK; -} - -/*- + * Check if certificate I<issuer> is allowed to issue certificate I<subject> + * according to the B<keyUsage> field of I<issuer> if present + * depending on any proxyCertInfo extension of I<subject>. + * Returns 0 for OK, or positive for reason for rejection + * where reason codes match those for X509_verify_cert(). + */ +int x509_signing_allowed(const X509 *issuer, const X509 *subject) +{ + if (subject->ex_flags & EXFLAG_PROXY) { + if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) + return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; + } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) + return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; + return X509_V_OK; +} + +/*- * Various checks to see if one certificate issued the second. * This can be used to prune a set of possible issuer certificates * which have been looked up using some simple method such as by @@ -837,24 +837,24 @@ int x509_signing_allowed(const X509 *issuer, const X509 *subject) * These are: * 1. Check issuer_name(subject) == subject_name(issuer) * 2. If akid(subject) exists check it matches issuer - * 3. Check that issuer public key algorithm matches subject signature algorithm - * 4. If key_usage(issuer) exists check it supports certificate signing + * 3. Check that issuer public key algorithm matches subject signature algorithm + * 4. If key_usage(issuer) exists check it supports certificate signing * returns 0 for OK, positive for reason for mismatch, reasons match * codes for X509_verify_cert() */ int X509_check_issued(X509 *issuer, X509 *subject) { - int ret; - - if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK) - return ret; - return x509_signing_allowed(issuer, subject); -} - -/* do the checks 1., 2., and 3. as described above for X509_check_issued() */ -int x509_likely_issued(X509 *issuer, X509 *subject) -{ + int ret; + + if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK) + return ret; + return x509_signing_allowed(issuer, subject); +} + +/* do the checks 1., 2., and 3. as described above for X509_check_issued() */ +int x509_likely_issued(X509 *issuer, X509 *subject) +{ if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; @@ -872,8 +872,8 @@ int x509_likely_issued(X509 *issuer, X509 *subject) return ret; } - /* check if the subject signature alg matches the issuer's PUBKEY alg */ - return check_sig_alg_match(X509_get0_pubkey(issuer), subject); + /* check if the subject signature alg matches the issuer's PUBKEY alg */ + return check_sig_alg_match(X509_get0_pubkey(issuer), subject); } int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) diff --git a/contrib/libs/openssl/crypto/x509v3/v3_utl.c b/contrib/libs/openssl/crypto/x509v3/v3_utl.c index f41c699b5a..421cb3a6f4 100644 --- a/contrib/libs/openssl/crypto/x509v3/v3_utl.c +++ b/contrib/libs/openssl/crypto/x509v3/v3_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ #include "e_os.h" #include "internal/cryptlib.h" #include <stdio.h> -#include <string.h> +#include <string.h> #include "crypto/ctype.h" #include <openssl/conf.h> #include <openssl/crypto.h> @@ -35,26 +35,26 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen); /* Add a CONF_VALUE name value pair to stack */ -static int x509v3_add_len_value(const char *name, const char *value, - size_t vallen, STACK_OF(CONF_VALUE) **extlist) +static int x509v3_add_len_value(const char *name, const char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist) { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; int sk_allocated = (*extlist == NULL); - if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) + if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) goto err; - if (value != NULL && vallen > 0) { - /* - * We tolerate a single trailing NUL character, but otherwise no - * embedded NULs - */ - if (memchr(value, 0, vallen - 1) != NULL) - goto err; - tvalue = OPENSSL_strndup(value, vallen); - if (tvalue == NULL) - goto err; - } + if (value != NULL && vallen > 0) { + /* + * We tolerate a single trailing NUL character, but otherwise no + * embedded NULs + */ + if (memchr(value, 0, vallen - 1) != NULL) + goto err; + tvalue = OPENSSL_strndup(value, vallen); + if (tvalue == NULL) + goto err; + } if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) goto err; if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) @@ -66,7 +66,7 @@ static int x509v3_add_len_value(const char *name, const char *value, goto err; return 1; err: - X509V3err(X509V3_F_X509V3_ADD_LEN_VALUE, ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_X509V3_ADD_LEN_VALUE, ERR_R_MALLOC_FAILURE); if (sk_allocated) { sk_CONF_VALUE_free(*extlist); *extlist = NULL; @@ -77,28 +77,28 @@ static int x509v3_add_len_value(const char *name, const char *value, return 0; } -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) -{ - return x509v3_add_len_value(name, value, - value != NULL ? strlen((const char *)value) : 0, - extlist); -} - +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist) +{ + return x509v3_add_len_value(name, value, + value != NULL ? strlen((const char *)value) : 0, + extlist); +} + int X509V3_add_value_uchar(const char *name, const unsigned char *value, STACK_OF(CONF_VALUE) **extlist) { - return x509v3_add_len_value(name, (const char *)value, - value != NULL ? strlen((const char *)value) : 0, - extlist); -} - -int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, - size_t vallen, STACK_OF(CONF_VALUE) **extlist) -{ - return x509v3_add_len_value(name, (const char *)value, vallen, extlist); + return x509v3_add_len_value(name, (const char *)value, + value != NULL ? strlen((const char *)value) : 0, + extlist); } +int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist) +{ + return x509v3_add_len_value(name, (const char *)value, vallen, extlist); +} + /* Free function for STACK_OF(CONF_VALUE) */ void X509V3_conf_free(CONF_VALUE *conf) @@ -528,26 +528,26 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email /* First some sanity checks */ if (email->type != V_ASN1_IA5STRING) return 1; - if (email->data == NULL || email->length == 0) - return 1; - if (memchr(email->data, 0, email->length) != NULL) + if (email->data == NULL || email->length == 0) return 1; + if (memchr(email->data, 0, email->length) != NULL) + return 1; if (*sk == NULL) *sk = sk_OPENSSL_STRING_new(sk_strcmp); if (*sk == NULL) return 0; - - emtmp = OPENSSL_strndup((char *)email->data, email->length); - if (emtmp == NULL) - return 0; - + + emtmp = OPENSSL_strndup((char *)email->data, email->length); + if (emtmp == NULL) + return 0; + /* Don't add duplicates */ - if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { - OPENSSL_free(emtmp); + if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { + OPENSSL_free(emtmp); return 1; - } - if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { - OPENSSL_free(emtmp); /* free on push failure */ + } + if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { + OPENSSL_free(emtmp); /* free on push failure */ X509_email_free(*sk); *sk = NULL; return 0; diff --git a/contrib/libs/openssl/crypto/x509v3/v3err.c b/contrib/libs/openssl/crypto/x509v3/v3err.c index 8b2918a64f..ce9770aea3 100644 --- a/contrib/libs/openssl/crypto/x509v3/v3err.c +++ b/contrib/libs/openssl/crypto/x509v3/v3err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,8 +39,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = { "i2s_ASN1_INTEGER"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0), "i2v_AUTHORITY_INFO_ACCESS"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_KEYID, 0), - "i2v_AUTHORITY_KEYID"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_KEYID, 0), + "i2v_AUTHORITY_KEYID"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"}, @@ -106,8 +106,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = { {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0), "v3_generic_extension"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"}, - {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_LEN_VALUE, 0), - "x509v3_add_len_value"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_LEN_VALUE, 0), + "x509v3_add_len_value"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0), "X509V3_add_value"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"}, |