diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-04-03 11:45:19 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-04-03 11:45:19 +0000 |
commit | 14023fe3521db8c2b984c44eb53ecfe498b1a01e (patch) | |
tree | 5c2dbedad64d42edc95ee876b2ff29ab5c11f75e /crypto | |
parent | b6b0b0d7a593afbb71786bf6bcb8bf54ba8ea48e (diff) |
Merge from 1.0.0-stable branch.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/asn1.h | 4 | ||||
-rw-r--r-- | crypto/asn1/asn1_err.c | 4 | ||||
-rw-r--r-- | crypto/des/enc_read.c | 2 | ||||
-rw-r--r-- | crypto/objects/obj_xref.h | 2 | ||||
-rw-r--r-- | crypto/pkcs12/p12_kiss.c | 163 | ||||
-rw-r--r-- | crypto/stack/safestack.h | 23 | ||||
-rw-r--r-- | crypto/x509v3/pcy_tree.c | 2 |
7 files changed, 91 insertions, 109 deletions
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 6129d0a1cf..8f5b0517e9 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1278,7 +1278,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 -#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 #define ASN1_R_BUFFER_TOO_SMALL 107 @@ -1370,7 +1370,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 -#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 #define ASN1_R_UNKNOWN_FORMAT 160 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index cdee663834..82496b3698 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -176,7 +176,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, -{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_asn1"}, +{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c index e7c853f5cc..edb6620d08 100644 --- a/crypto/des/enc_read.c +++ b/crypto/des/enc_read.c @@ -150,7 +150,7 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, /* first - get the length */ while (net_num < HDRSIZE) { -#ifndef _WIN32 +#ifndef OPENSSL_SYS_WIN32 i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); #else i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index d5b9b8e198..7836f01d95 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -1,4 +1,4 @@ -/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ +/* AUTOGENERATED BY crypto/objects/objxref.pl, DO NOT EDIT */ typedef struct { diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 5c4c6ec988..10ee5e7b94 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -63,16 +63,13 @@ /* Simplified PKCS#12 routines */ static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch); + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, char *keymatch); + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); /* Parse and decrypt a PKCS#12 structure returning user key, user cert * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, @@ -83,24 +80,20 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) { - + STACK_OF(X509) *ocerts = NULL; + X509 *x; /* Check for NULL PKCS12 structure */ - if(!p12) { + if(!p12) + { PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); return 0; - } - - /* Allocate stack for ca certificates if needed */ - if ((ca != NULL) && (*ca == NULL)) { - if (!(*ca = sk_X509_new_null())) { - PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); - return 0; } - } - if(pkey) *pkey = NULL; - if(cert) *cert = NULL; + if(pkey) + *pkey = NULL; + if(cert) + *cert = NULL; /* Check the mac */ @@ -122,19 +115,61 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, goto err; } - if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) + /* Allocate stack for other certificates */ + ocerts = sk_X509_new_null(); + + if (!ocerts) + { + PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) { PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); goto err; } + while ((x = sk_X509_pop(ocerts))) + { + if (pkey && *pkey && cert && !*cert) + { + if (X509_check_private_key(x, *pkey)) + { + *cert = x; + x = NULL; + } + } + + if (ca && x) + { + if (!*ca) + *ca = sk_X509_new_null(); + if (!*ca) + goto err; + if (!sk_X509_push(*ca, x)) + goto err; + x = NULL; + } + if (x) + X509_free(x); + } + + if (ocerts) + sk_X509_pop_free(ocerts, X509_free); + return 1; err: - if (pkey && *pkey) EVP_PKEY_free(*pkey); - if (cert && *cert) X509_free(*cert); - if (ca) sk_X509_pop_free(*ca, X509_free); + if (pkey && *pkey) + EVP_PKEY_free(*pkey); + if (cert && *cert) + X509_free(*cert); + if (x) + X509_free(*cert); + if (ocerts) + sk_X509_pop_free(ocerts, X509_free); return 0; } @@ -142,15 +177,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, /* Parse the outer PKCS#12 structure */ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) + EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { STACK_OF(PKCS7) *asafes; STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; PKCS7 *p7; - ASN1_OCTET_STRING *keyid = NULL; - char keymatch = 0; if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0; for (i = 0; i < sk_PKCS7_num (asafes); i++) { p7 = sk_PKCS7_value (asafes, i); @@ -164,8 +197,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, sk_PKCS7_pop_free(asafes, PKCS7_free); return 0; } - if (!parse_bags(bags, pass, passlen, pkey, cert, ca, - &keyid, &keymatch)) { + if (!parse_bags(bags, pass, passlen, pkey, ocerts)) { sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); sk_PKCS7_pop_free(asafes, PKCS7_free); return 0; @@ -173,89 +205,65 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); } sk_PKCS7_pop_free(asafes, PKCS7_free); - if (keyid) M_ASN1_OCTET_STRING_free(keyid); return 1; } static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch) + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), - pass, passlen, pkey, cert, ca, keyid, - keymatch)) return 0; + pass, passlen, pkey, ocerts)) + return 0; } return 1; } -#define MATCH_KEY 0x1 -#define MATCH_CERT 0x2 -#define MATCH_ALL 0x3 - static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, - char *keymatch) + EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { PKCS8_PRIV_KEY_INFO *p8; X509 *x509; - ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; ASN1_TYPE *attrib; ASN1_BMPSTRING *fname = NULL; + ASN1_OCTET_STRING *lkid = NULL; if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) fname = attrib->value.bmpstring; - if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) { - lkey = attrib->value.octet_string; - ckid = lkey; - } + if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) + lkid = attrib->value.octet_string; - /* Check for any local key id matching (if needed) */ - if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { - if (*keyid) { - if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; - } else { - if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { - PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE); - return 0; - } - } - } - switch (M_PKCS12_bag_type(bag)) { case NID_keyBag: - if (!lkey || !pkey) return 1; - if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0; - *keymatch |= MATCH_KEY; + if (!pkey || *pkey) + return 1; + if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) + return 0; break; case NID_pkcs8ShroudedKeyBag: - if (!lkey || !pkey) return 1; + if (!pkey || *pkey) + return 1; if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) return 0; *pkey = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); if (!(*pkey)) return 0; - *keymatch |= MATCH_KEY; break; case NID_certBag: if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) - return 1; - if (!(x509 = PKCS12_certbag2x509(bag))) return 0; - if(ckid) + return 1; + if (!(x509 = PKCS12_certbag2x509(bag))) + return 0; + if(lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { - if (!X509_keyid_set1(x509, ckid->data, ckid->length)) - { - X509_free(x509); - return 0; - } + X509_free(x509); + return 0; } if(fname) { int len, r; @@ -272,20 +280,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, } } + if(!sk_X509_push(ocerts, x509)) + { + X509_free(x509); + return 0; + } - if (lkey) { - *keymatch |= MATCH_CERT; - if (cert) *cert = x509; - else X509_free(x509); - } else { - if(ca) sk_X509_push (*ca, x509); - else X509_free(x509); - } break; case NID_safeContentsBag: return parse_bags(bag->value.safes, pass, passlen, - pkey, cert, ca, keyid, keymatch); + pkey, ocerts); break; default: diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 58597c4479..3f565e9efa 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -1967,29 +1967,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void) #define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) #define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) -#define sk_X509_POLICY_REF_new(cmp) SKM_sk_new(X509_POLICY_REF, (cmp)) -#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) -#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) -#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) -#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) -#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) -#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) -#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) -#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) -#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) -#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) - #define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 6dcdf481d9..92f6b24556 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -231,7 +231,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, tree->auth_policies = NULL; tree->user_policies = NULL; - if (!tree) + if (!tree->levels) { OPENSSL_free(tree); return 0; |