generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update from stable branch.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2009-03-14 12:26:48 +00:00
parent 78625cac82
commit a0b76569b2
1 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
crypto/x509v3/v3_addr.c
View File

@ -61,7 +61,7 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <assert.h>
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>
@ -128,7 +128,7 @@ static int length_from_afi(const unsigned afi)
/* /*
* Extract the AFI from an IPAddressFamily. * Extract the AFI from an IPAddressFamily.
*/ */
unsigned v3_addr_get_afi(const IPAddressFamily *f) unsigned int v3_addr_get_afi(const IPAddressFamily *f)
{ {
return ((f != NULL && return ((f != NULL &&
f->addressFamily != NULL && f->addressFamily != NULL &&
@ -147,7 +147,7 @@ static void addr_expand(unsigned char *addr,
const int length, const int length,
const unsigned char fill) const unsigned char fill)
{ {
assert(bs->length >= 0 && bs->length <= length); OPENSSL_assert(bs->length >= 0 && bs->length <= length);
if (bs->length > 0) { if (bs->length > 0) {
memcpy(addr, bs->data, bs->length); memcpy(addr, bs->data, bs->length);
if ((bs->flags & 7) != 0) { if ((bs->flags & 7) != 0) {
@ -245,7 +245,7 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
int i; int i;
for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
const unsigned afi = v3_addr_get_afi(f); const unsigned int afi = v3_addr_get_afi(f);
switch (afi) { switch (afi) {
case IANA_AFI_IPV4: case IANA_AFI_IPV4:
BIO_printf(out, "%*sIPv4", indent, ""); BIO_printf(out, "%*sIPv4", indent, "");
@ -454,7 +454,7 @@ static int make_addressRange(IPAddressOrRange **result,
if ((aor = IPAddressOrRange_new()) == NULL) if ((aor = IPAddressOrRange_new()) == NULL)
return 0; return 0;
aor->type = IPAddressOrRange_addressRange; aor->type = IPAddressOrRange_addressRange;
assert(aor->u.addressRange == NULL); OPENSSL_assert(aor->u.addressRange == NULL);
if ((aor->u.addressRange = IPAddressRange_new()) == NULL) if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
goto err; goto err;
if (aor->u.addressRange->min == NULL && if (aor->u.addressRange->min == NULL &&
@ -523,7 +523,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
f = sk_IPAddressFamily_value(addr, i); f = sk_IPAddressFamily_value(addr, i);
assert(f->addressFamily->data != NULL); OPENSSL_assert(f->addressFamily->data != NULL);
if (f->addressFamily->length == keylen && if (f->addressFamily->length == keylen &&
!memcmp(f->addressFamily->data, key, keylen)) !memcmp(f->addressFamily->data, key, keylen))
return f; return f;
@ -655,7 +655,7 @@ static void extract_min_max(IPAddressOrRange *aor,
unsigned char *max, unsigned char *max,
int length) int length)
{ {
assert(aor != NULL && min != NULL && max != NULL); OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
switch (aor->type) { switch (aor->type) {
case IPAddressOrRange_addressPrefix: case IPAddressOrRange_addressPrefix:
addr_expand(min, aor->u.addressPrefix, length, 0x00); addr_expand(min, aor->u.addressPrefix, length, 0x00);
@ -881,7 +881,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
} }
sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
sk_IPAddressFamily_sort(addr); sk_IPAddressFamily_sort(addr);
assert(v3_addr_is_canonical(addr)); OPENSSL_assert(v3_addr_is_canonical(addr));
return 1; return 1;
} }
@ -1128,7 +1128,10 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
for (i = 0; i < sk_IPAddressFamily_num(a); i++) { for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
int j = sk_IPAddressFamily_find(b, fa); int j = sk_IPAddressFamily_find(b, fa);
IPAddressFamily *fb = sk_IPAddressFamily_value(b, j); IPAddressFamily *fb;
fb = sk_IPAddressFamily_value(b, j);
if (fb == NULL)
return 0;
if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
fa->ipAddressChoice->u.addressesOrRanges, fa->ipAddressChoice->u.addressesOrRanges,
length_from_afi(v3_addr_get_afi(fb)))) length_from_afi(v3_addr_get_afi(fb))))
@ -1165,9 +1168,9 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
int i, j, ret = 1; int i, j, ret = 1;
X509 *x; X509 *x;
assert(chain != NULL && sk_X509_num(chain) > 0); OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
assert(ctx != NULL || ext != NULL); OPENSSL_assert(ctx != NULL || ext != NULL);
assert(ctx == NULL || ctx->verify_cb != NULL); OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
/* /*
* Figure out where to start. If we don't have an extension to * Figure out where to start. If we don't have an extension to
@ -1180,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
} else { } else {
i = 0; i = 0;
x = sk_X509_value(chain, i); x = sk_X509_value(chain, i);
assert(x != NULL); OPENSSL_assert(x != NULL);
if ((ext = x->rfc3779_addr) == NULL) if ((ext = x->rfc3779_addr) == NULL)
goto done; goto done;
} }
@ -1199,7 +1202,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
*/ */
for (i++; i < sk_X509_num(chain); i++) { for (i++; i < sk_X509_num(chain); i++) {
x = sk_X509_value(chain, i); x = sk_X509_value(chain, i);
assert(x != NULL); OPENSSL_assert(x != NULL);
if (!v3_addr_is_canonical(x->rfc3779_addr)) if (!v3_addr_is_canonical(x->rfc3779_addr))
validation_err(X509_V_ERR_INVALID_EXTENSION); validation_err(X509_V_ERR_INVALID_EXTENSION);
if (x->rfc3779_addr == NULL) { if (x->rfc3779_addr == NULL) {