external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

AppleM1: Update openssl to v1.1.1l

Browse source
This commit is contained in:
winlin 2022-08-14 19:05:01 +08:00
parent 1fe12b8e8c
commit b787656eea
990 changed files with 13406 additions and 18710 deletions
Download patch file Download diff file Expand all files Collapse all files

10
trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_dir.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -19,8 +19,8 @@
#endif
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "x509_lcl.h"
#include "crypto/x509.h"
#include "x509_local.h"
struct lookup_dir_hashes_st {
unsigned long hash;
@ -327,10 +327,10 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
/*
* we have added it to the cache so now pull it out again
*/
CRYPTO_THREAD_write_lock(ctx->lock);
X509_STORE_lock(xl->store_ctx);
j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
CRYPTO_THREAD_unlock(ctx->lock);
X509_STORE_unlock(xl->store_ctx);
/* If a CRL, update the last file suffix added for this */

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_file.c vendored
View file

@ -15,7 +15,7 @@
#include <openssl/buffer.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "x509_lcl.h"
#include "x509_local.h"
static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
long argl, char **ret);

6
trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_req.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -127,6 +127,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
ii = 0;
count = X509_ATTRIBUTE_count(a);
if (count == 0) {
X509err(X509_F_X509_REQ_PRINT_EX, X509_R_INVALID_ATTRIBUTES);
return 0;
}
get_next:
at = X509_ATTRIBUTE_get0_type(a, ii);
type = at->type;

8
trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_x509.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,7 +14,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "internal/asn1_int.h"
#include "crypto/asn1.h"
#ifndef OPENSSL_NO_STDIO
int X509_print_fp(FILE *fp, X509 *x)
@ -365,9 +365,9 @@ int X509_aux_print(BIO *out, X509 *x, int indent)
BIO_puts(out, "\n");
} else
BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
alias = X509_alias_get0(x, NULL);
alias = X509_alias_get0(x, &i);
if (alias)
BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);
BIO_printf(out, "%*sAlias: %.*s\n", indent, "", i, alias);
keyid = X509_keyid_get0(x, &keyidlen);
if (keyid) {
BIO_printf(out, "%*sKey Id: ", indent, "");

10
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_att.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -15,7 +15,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "x509_lcl.h"
#include "x509_local.h"
int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
{
@ -149,7 +149,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
return ret;
}
void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x,
const ASN1_OBJECT *obj, int lastpos, int type)
{
int i;
@ -314,7 +314,9 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
if (!ttmp)
return NULL;
if (atrtype != ASN1_TYPE_get(ttmp)) {
if (atrtype == V_ASN1_BOOLEAN
|| atrtype == V_ASN1_NULL
|| atrtype != ASN1_TYPE_get(ttmp)) {
X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
return NULL;
}

35
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_cmp.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -13,7 +13,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
{
@ -39,6 +39,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
if (ctx == NULL)
goto err;
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
if (f == NULL)
goto err;
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
@ -133,14 +135,21 @@ unsigned long X509_subject_name_hash_old(X509 *x)
*/
int X509_cmp(const X509 *a, const X509 *b)
{
int rv;
/* ensure hash is valid */
X509_check_purpose((X509 *)a, -1, 0);
X509_check_purpose((X509 *)b, -1, 0);
int rv = 0;
rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
if (rv)
if (a == b) /* for efficiency */
return 0;
/* try to make sure hash is valid */
(void)X509_check_purpose((X509 *)a, -1, 0);
(void)X509_check_purpose((X509 *)b, -1, 0);
if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0
&& (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0)
rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
if (rv != 0)
return rv;
/* Check for match against stored encoding too */
if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
if (a->cert_info.enc.len < b->cert_info.enc.len)
@ -450,9 +459,17 @@ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
STACK_OF(X509) *ret;
int i;
ret = sk_X509_dup(chain);
if (ret == NULL)
return NULL;
for (i = 0; i < sk_X509_num(ret); i++) {
X509 *x = sk_X509_value(ret, i);
X509_up_ref(x);
if (!X509_up_ref(x))
goto err;
}
return ret;
err:
while (i-- > 0)
X509_free (sk_X509_value(ret, i));
sk_X509_free(ret);
return NULL;
}

5
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_err.c vendored
View file

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -79,6 +79,7 @@ static const ERR_STRING_DATA X509_str_functs[] = {
{ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0),
"x509_pubkey_decode"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET, 0), "X509_PUBKEY_get"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0),
@ -123,6 +124,8 @@ static const ERR_STRING_DATA X509_str_reasons[] = {
{ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE),
"crl verify failure"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_ATTRIBUTES),
"invalid attributes"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME),
"invalid field name"},

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_ext.c vendored
View file

@ -13,7 +13,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
#include <openssl/x509v3.h>
int X509_CRL_get_ext_count(const X509_CRL *x)

4
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lcl.h → trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_local.h vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -145,3 +145,5 @@ DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
const ASN1_STRING *sig);
int x509_likely_issued(X509 *issuer, X509 *subject);
int x509_signing_allowed(const X509 *issuer, const X509 *subject);

128
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lu.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -11,9 +11,9 @@
#include "internal/cryptlib.h"
#include "internal/refcount.h"
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
#include <openssl/x509v3.h>
#include "x509_lcl.h"
#include "x509_local.h"
X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
{
@ -289,21 +289,25 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
X509_NAME *name, X509_OBJECT *ret)
{
X509_STORE *ctx = vs->ctx;
X509_STORE *store = vs->ctx;
X509_LOOKUP *lu;
X509_OBJECT stmp, *tmp;
int i, j;
if (ctx == NULL)
if (store == NULL)
return 0;
CRYPTO_THREAD_write_lock(ctx->lock);
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
CRYPTO_THREAD_unlock(ctx->lock);
stmp.type = X509_LU_NONE;
stmp.data.ptr = NULL;
X509_STORE_lock(store);
tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name);
X509_STORE_unlock(store);
if (tmp == NULL || type == X509_LU_CRL) {
for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
for (i = 0; i < sk_X509_LOOKUP_num(store->get_cert_methods); i++) {
lu = sk_X509_LOOKUP_value(store->get_cert_methods, i);
j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
if (j) {
tmp = &stmp;
@ -314,15 +318,16 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
return 0;
}
if (!X509_OBJECT_up_ref_count(tmp))
return 0;
ret->type = tmp->type;
ret->data.ptr = tmp->data.ptr;
X509_OBJECT_up_ref_count(ret);
return 1;
}
static int x509_store_add(X509_STORE *ctx, void *x, int crl) {
static int x509_store_add(X509_STORE *store, void *x, int crl) {
X509_OBJECT *obj;
int ret = 0, added = 0;
@ -339,18 +344,20 @@ static int x509_store_add(X509_STORE *ctx, void *x, int crl) {
obj->type = X509_LU_X509;
obj->data.x509 = (X509 *)x;
}
X509_OBJECT_up_ref_count(obj);
CRYPTO_THREAD_write_lock(ctx->lock);
if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
ret = 1;
} else {
added = sk_X509_OBJECT_push(ctx->objs, obj);
ret = added != 0;
if (!X509_OBJECT_up_ref_count(obj)) {
obj->type = X509_LU_NONE;
X509_OBJECT_free(obj);
return 0;
}
CRYPTO_THREAD_unlock(ctx->lock);
X509_STORE_lock(store);
if (X509_OBJECT_retrieve_match(store->objs, obj)) {
ret = 1;
} else {
added = sk_X509_OBJECT_push(store->objs, obj);
ret = added != 0;
}
X509_STORE_unlock(store);
if (added == 0) /* obj not pushed */
X509_OBJECT_free(obj);
@ -531,12 +538,13 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
STACK_OF(X509) *sk = NULL;
X509 *x;
X509_OBJECT *obj;
X509_STORE *store = ctx->ctx;
if (ctx->ctx == NULL)
if (store == NULL)
return NULL;
CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
X509_STORE_lock(store);
idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt);
if (idx < 0) {
/*
* Nothing found in cache: do lookup to possibly add new objects to
@ -544,7 +552,8 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
*/
X509_OBJECT *xobj = X509_OBJECT_new();
CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_STORE_unlock(store);
if (xobj == NULL)
return NULL;
if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) {
@ -552,27 +561,31 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
return NULL;
}
X509_OBJECT_free(xobj);
CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
X509_STORE_lock(store);
idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt);
if (idx < 0) {
CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_STORE_unlock(store);
return NULL;
}
}
sk = sk_X509_new_null();
for (i = 0; i < cnt; i++, idx++) {
obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
obj = sk_X509_OBJECT_value(store->objs, idx);
x = obj->data.x509;
X509_up_ref(x);
if (!X509_up_ref(x)) {
X509_STORE_unlock(store);
sk_X509_pop_free(sk, X509_free);
return NULL;
}
if (!sk_X509_push(sk, x)) {
CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_STORE_unlock(store);
X509_free(x);
sk_X509_pop_free(sk, X509_free);
return NULL;
}
}
CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_STORE_unlock(store);
return sk;
}
@ -582,37 +595,42 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null();
X509_CRL *x;
X509_OBJECT *obj, *xobj = X509_OBJECT_new();
X509_STORE *store = ctx->ctx;
/* Always do lookup to possibly add new CRLs to cache */
if (sk == NULL
|| xobj == NULL
|| ctx->ctx == NULL
|| store == NULL
|| !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) {
X509_OBJECT_free(xobj);
sk_X509_CRL_free(sk);
return NULL;
}
X509_OBJECT_free(xobj);
CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
X509_STORE_lock(store);
idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, nm, &cnt);
if (idx < 0) {
CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_STORE_unlock(store);
sk_X509_CRL_free(sk);
return NULL;
}
for (i = 0; i < cnt; i++, idx++) {
obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
obj = sk_X509_OBJECT_value(store->objs, idx);
x = obj->data.crl;
X509_CRL_up_ref(x);
if (!X509_CRL_up_ref(x)) {
X509_STORE_unlock(store);
sk_X509_CRL_pop_free(sk, X509_CRL_free);
return NULL;
}
if (!sk_X509_CRL_push(sk, x)) {
CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_STORE_unlock(store);
X509_CRL_free(x);
sk_X509_CRL_pop_free(sk, X509_CRL_free);
return NULL;
}
}
CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_STORE_unlock(store);
return sk;
}
@ -660,6 +678,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
{
X509_NAME *xn;
X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL;
X509_STORE *store = ctx->ctx;
int i, ok, idx, ret;
if (obj == NULL)
@ -675,25 +694,28 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
if (ctx->check_issued(ctx, x, obj->data.x509)) {
if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
*issuer = obj->data.x509;
X509_up_ref(*issuer);
if (!X509_up_ref(*issuer)) {
*issuer = NULL;
ok = -1;
}
X509_OBJECT_free(obj);
return 1;
return ok;
}
}
X509_OBJECT_free(obj);
if (ctx->ctx == NULL)
if (store == NULL)
return 0;
/* Else find index of first cert accepted by 'check_issued' */
ret = 0;
CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
X509_STORE_lock(store);
idx = X509_OBJECT_idx_by_subject(store->objs, X509_LU_X509, xn);
if (idx != -1) { /* should be true as we've had at least one
* match */
/* Look through all matching certs for suitable issuer */
for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {
pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
for (i = idx; i < sk_X509_OBJECT_num(store->objs); i++) {
pobj = sk_X509_OBJECT_value(store->objs, i);
/* See if we've run past the matches */
if (pobj->type != X509_LU_X509)
break;
@ -714,9 +736,11 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
}
}
}
CRYPTO_THREAD_unlock(ctx->ctx->lock);
if (*issuer)
X509_up_ref(*issuer);
if (*issuer && !X509_up_ref(*issuer)) {
*issuer = NULL;
ret = -1;
}
X509_STORE_unlock(store);
return ret;
}

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_meth.c vendored
View file

@ -15,7 +15,7 @@
#include <openssl/asn1.h>
#include <openssl/x509.h>
#include <openssl/ossl_typ.h>
#include "x509_lcl.h"
#include "x509_local.h"
X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name)
{

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_obj.c vendored
View file

@ -12,7 +12,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/buffer.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
/*
* Limit to ensure we don't overflow: much greater than

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_r2x.c vendored
View file

@ -13,7 +13,7 @@
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
#include <openssl/objects.h>
#include <openssl/buffer.h>

16
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_req.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,7 +14,7 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
#include <openssl/objects.h>
#include <openssl/buffer.h>
#include <openssl/pem.h>
@ -286,6 +286,18 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
*palg = &req->sig_alg;
}
void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig)
{
if (req->signature)
ASN1_BIT_STRING_free(req->signature);
req->signature = psig;
}
int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg)
{
return X509_ALGOR_copy(&req->sig_alg, palg);
}
int X509_REQ_get_signature_nid(const X509_REQ *req)
{
return OBJ_obj2nid(req->sig_alg.algorithm);

6
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_set.c vendored
View file

@ -15,9 +15,9 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "internal/asn1_int.h"
#include "internal/x509_int.h"
#include "x509_lcl.h"
#include "crypto/asn1.h"
#include "crypto/x509.h"
#include "x509_local.h"
int X509_set_version(X509 *x, long version)
{

9
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_trs.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -10,7 +10,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/x509v3.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
static void trtable_free(X509_TRUST *p);
@ -240,8 +240,9 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
{
/* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(x, -1, 0);
if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && x->ex_flags & EXFLAG_SS)
if (X509_check_purpose(x, -1, 0) != 1)
return X509_TRUST_UNTRUSTED;
if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && (x->ex_flags & EXFLAG_SS))
return X509_TRUST_TRUSTED;
else
return X509_TRUST_UNTRUSTED;

4
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_txt.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -174,6 +174,8 @@ const char *X509_verify_cert_error_string(long n)
return "OCSP verification failed";
case X509_V_ERR_OCSP_CERT_UNKNOWN:
return "OCSP unknown cert";
case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS:
return "Certificate public key has explicit ECC parameters";
default:
/* Printing an error number into a static buffer is not thread-safe */

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_v3.c vendored
View file

@ -15,7 +15,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "x509_lcl.h"
#include "x509_local.h"
int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
{

246
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vfy.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -12,7 +12,7 @@
#include <errno.h>
#include <limits.h>
#include "internal/ctype.h"
#include "crypto/ctype.h"
#include "internal/cryptlib.h"
#include <openssl/crypto.h>
#include <openssl/buffer.h>
@ -22,8 +22,8 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include "internal/dane.h"
#include "internal/x509_int.h"
#include "x509_lcl.h"
#include "crypto/x509.h"
#include "x509_local.h"
/* CRL score values */
@ -80,6 +80,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
static int check_dane_issuer(X509_STORE_CTX *ctx, int depth);
static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert);
static int check_curve(X509 *cert);
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
unsigned int *preasons, X509_CRL *crl, X509 *x);
@ -104,15 +105,16 @@ static int null_callback(int ok, X509_STORE_CTX *e)
return ok;
}
/* Return 1 is a certificate is self signed */
/*
* Return 1 if given cert is considered self-signed, 0 if not or on error.
* This does not verify self-signedness but relies on x509v3_cache_extensions()
* matching issuer and subject names (i.e., the cert being self-issued) and any
* present authority key identifier matching the subject key identifier, etc.
*/
static int cert_self_signed(X509 *x)
{
/*
* FIXME: x509v3_cache_extensions() needs to detect more failures and not
* set EXFLAG_SET when that happens. Especially, if the failures are
* parse errors, rather than memory pressure!
*/
X509_check_purpose(x, -1, 0);
if (X509_check_purpose(x, -1, 0) != 1)
return 0;
if (x->ex_flags & EXFLAG_SS)
return 1;
else
@ -135,10 +137,9 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
xtmp = sk_X509_value(certs, i);
if (!X509_cmp(xtmp, x))
break;
xtmp = NULL;
}
if (i < sk_X509_num(certs))
X509_up_ref(xtmp);
else
if (xtmp != NULL && !X509_up_ref(xtmp))
xtmp = NULL;
sk_X509_pop_free(certs, X509_free);
return xtmp;
@ -271,17 +272,24 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
return -1;
}
if (!X509_up_ref(ctx->cert)) {
X509err(X509_F_X509_VERIFY_CERT, ERR_R_INTERNAL_ERROR);
ctx->error = X509_V_ERR_UNSPECIFIED;
return -1;
}
/*
* first we make sure the chain we are going to build is present and that
* the first entry is in place
*/
if (((ctx->chain = sk_X509_new_null()) == NULL) ||
(!sk_X509_push(ctx->chain, ctx->cert))) {
if ((ctx->chain = sk_X509_new_null()) == NULL
|| !sk_X509_push(ctx->chain, ctx->cert)) {
X509_free(ctx->cert);
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
ctx->error = X509_V_ERR_OUT_OF_MEM;
return -1;
}
X509_up_ref(ctx->cert);
ctx->num_untrusted = 1;
/* If the peer's public key is too weak, we can stop early. */
@ -304,8 +312,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
return ret;
}
static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert)
{
int i, n = sk_X509_num(sk);
for (i = 0; i < n; i++)
if (X509_cmp(sk_X509_value(sk, i), cert) == 0)
return 1;
return 0;
}
/*
* Given a STACK_OF(X509) find the issuer of cert (if any)
* Find in given STACK_OF(X509) sk an issuer cert of given cert x.
* The issuer must not yet be in ctx->chain, where the exceptional case
* that x is self-issued and ctx->chain has just one element is allowed.
* Prefer the first one that is not expired, else take the last expired one.
*/
static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
{
@ -314,7 +335,9 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
for (i = 0; i < sk_X509_num(sk); i++) {
issuer = sk_X509_value(sk, i);
if (ctx->check_issued(ctx, x, issuer)) {
if (ctx->check_issued(ctx, x, issuer)
&& (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
|| !sk_X509_contains(ctx->chain, issuer))) {
rv = issuer;
if (x509_check_cert_time(ctx, rv, -1))
break;
@ -323,42 +346,25 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
return rv;
}
/* Given a possible certificate and issuer check them */
/* Check that the given certificate 'x' is issued by the certificate 'issuer' */
static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
{
int ret;
if (x == issuer)
return cert_self_signed(x);
ret = X509_check_issued(issuer, x);
if (ret == X509_V_OK) {
int i;
X509 *ch;
/* Special case: single self signed certificate */
if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1)
return 1;
for (i = 0; i < sk_X509_num(ctx->chain); i++) {
ch = sk_X509_value(ctx->chain, i);
if (ch == issuer || !X509_cmp(ch, issuer)) {
ret = X509_V_ERR_PATH_LOOP;
break;
}
}
}
return (ret == X509_V_OK);
return x509_likely_issued(issuer, x) == X509_V_OK;
}
/* Alternative lookup method: look from a STACK stored in other_ctx */
static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
{
*issuer = find_issuer(ctx, ctx->other_ctx, x);
if (*issuer) {
X509_up_ref(*issuer);
return 1;
} else
return 0;
if (*issuer == NULL || !X509_up_ref(*issuer))
goto err;
return 1;
err:
*issuer = NULL;
return 0;
}
static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
@ -370,15 +376,21 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
x = sk_X509_value(ctx->other_ctx, i);
if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
if (!X509_up_ref(x)) {
sk_X509_pop_free(sk, X509_free);
X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_INTERNAL_ERROR);
ctx->error = X509_V_ERR_UNSPECIFIED;
return NULL;
}
if (sk == NULL)
sk = sk_X509_new_null();
if (sk == NULL || sk_X509_push(sk, x) == 0) {
if (sk == NULL || !sk_X509_push(sk, x)) {
X509_free(x);
sk_X509_pop_free(sk, X509_free);
X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE);
ctx->error = X509_V_ERR_OUT_OF_MEM;
return NULL;
}
X509_up_ref(x);
}
}
return sk;
@ -512,6 +524,24 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
ret = 1;
break;
}
if (ret > 0
&& (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
/* Check for presence of explicit elliptic curve parameters */
ret = check_curve(x);
if (ret < 0) {
ctx->error = X509_V_ERR_UNSPECIFIED;
ret = 0;
} else if (ret == 0) {
ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;
}
}
if (ret > 0
&& (x->ex_flags & EXFLAG_CA) == 0
&& x->ex_pathlen != -1
&& (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
ctx->error = X509_V_ERR_INVALID_EXTENSION;
ret = 0;
}
if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK))
return 0;
/* check_purpose() makes the callback as needed */
@ -1697,6 +1727,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
return 1;
}
/* verify the issuer signatures and cert times of ctx->chain */
static int internal_verify(X509_STORE_CTX *ctx)
{
int n = sk_X509_num(ctx->chain) - 1;
@ -1711,19 +1742,25 @@ static int internal_verify(X509_STORE_CTX *ctx)
if (ctx->bare_ta_signed) {
xs = xi;
xi = NULL;
goto check_cert;
goto check_cert_time;
}
if (ctx->check_issued(ctx, xi, xi))
xs = xi;
xs = xi; /* the typical case: last cert in the chain is self-issued */
else {
if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
xs = xi;
goto check_cert;
goto check_cert_time;
}
if (n <= 0)
return verify_cb_cert(ctx, xi, 0,
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
if (n <= 0) {
if (!verify_cb_cert(ctx, xi, 0,
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
return 0;
xs = xi;
goto check_cert_time;
}
n--;
ctx->error_depth = n;
xs = sk_X509_value(ctx->chain, n);
@ -1734,27 +1771,55 @@ static int internal_verify(X509_STORE_CTX *ctx)
* is allowed to reset errors (at its own peril).
*/
while (n >= 0) {
EVP_PKEY *pkey;
/*
* Skip signature check for self signed certificates unless explicitly
* asked for. It doesn't add any security and just wastes time. If
* the issuer's public key is unusable, report the issuer certificate
* and its depth (rather than the depth of the subject).
* For each iteration of this loop:
* n is the subject depth
* xs is the subject cert, for which the signature is to be checked
* xi is the supposed issuer cert containing the public key to use
* Initially xs == xi if the last cert in the chain is self-issued.
*
* Skip signature check for self-signed certificates unless explicitly
* asked for because it does not add any security and just wastes time.
*/
if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
if (xs != xi || ((ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)
&& (xi->ex_flags & EXFLAG_SS) != 0)) {
EVP_PKEY *pkey;
/*
* If the issuer's public key is not available or its key usage
* does not support issuing the subject cert, report the issuer
* cert and its depth (rather than n, the depth of the subject).
*/
int issuer_depth = n + (xs == xi ? 0 : 1);
/*
* According to https://tools.ietf.org/html/rfc5280#section-6.1.4
* step (n) we must check any given key usage extension in a CA cert
* when preparing the verification of a certificate issued by it.
* According to https://tools.ietf.org/html/rfc5280#section-4.2.1.3
* we must not verify a certifiate signature if the key usage of the
* CA certificate that issued the certificate prohibits signing.
* In case the 'issuing' certificate is the last in the chain and is
* not a CA certificate but a 'self-issued' end-entity cert (i.e.,
* xs == xi && !(xi->ex_flags & EXFLAG_CA)) RFC 5280 does not apply
* (see https://tools.ietf.org/html/rfc6818#section-2) and thus
* we are free to ignore any key usage restrictions on such certs.
*/
int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0
? X509_V_OK : x509_signing_allowed(xi, xs);
if (ret != X509_V_OK && !verify_cb_cert(ctx, xi, issuer_depth, ret))
return 0;
if ((pkey = X509_get0_pubkey(xi)) == NULL) {
if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n,
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY))
ret = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
if (!verify_cb_cert(ctx, xi, issuer_depth, ret))
return 0;
} else if (X509_verify(xs, pkey) <= 0) {
if (!verify_cb_cert(ctx, xs, n,
X509_V_ERR_CERT_SIGNATURE_FAILURE))
ret = X509_V_ERR_CERT_SIGNATURE_FAILURE;
if (!verify_cb_cert(ctx, xs, n, ret))
return 0;
}
}
check_cert:
check_cert_time: /* in addition to RFC 5280, do also for trusted (root) cert */
/* Calls verify callback as needed */
if (!x509_check_cert_time(ctx, xs, n))
return 0;
@ -1788,7 +1853,11 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1;
ASN1_TIME *asn1_cmp_time = NULL;
int i, day, sec, ret = 0;
#ifdef CHARSET_EBCDIC
const char upper_z = 0x5A;
#else
const char upper_z = 'Z';
#endif
/*
* Note that ASN.1 allows much more slack in the time format than RFC5280.
* In RFC5280, the representation is fixed:
@ -1819,10 +1888,10 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
* Digit and date ranges will be verified in the conversion methods.
*/
for (i = 0; i < ctm->length - 1; i++) {
if (!ossl_isdigit(ctm->data[i]))
if (!ascii_isdigit(ctm->data[i]))
return 0;
}
if (ctm->data[ctm->length - 1] != 'Z')
if (ctm->data[ctm->length - 1] != upper_z)
return 0;
/*
@ -3152,7 +3221,16 @@ static int build_chain(X509_STORE_CTX *ctx)
/* Drop this issuer from future consideration */
(void) sk_X509_delete_ptr(sktmp, xtmp);
if (!X509_up_ref(xtmp)) {
X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
trust = X509_TRUST_REJECTED;
ctx->error = X509_V_ERR_UNSPECIFIED;
search = 0;
continue;
}
if (!sk_X509_push(ctx->chain, xtmp)) {
X509_free(xtmp);
X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
trust = X509_TRUST_REJECTED;
ctx->error = X509_V_ERR_OUT_OF_MEM;
@ -3160,7 +3238,7 @@ static int build_chain(X509_STORE_CTX *ctx)
continue;
}
X509_up_ref(x = xtmp);
x = xtmp;
++ctx->num_untrusted;
ss = cert_self_signed(xtmp);
@ -3251,6 +3329,32 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1];
}
/*
* Check whether the public key of ``cert`` does not use explicit params
* for an elliptic curve.
*
* Returns 1 on success, 0 if check fails, -1 for other errors.
*/
static int check_curve(X509 *cert)
{
#ifndef OPENSSL_NO_EC
EVP_PKEY *pkey = X509_get0_pubkey(cert);
/* Unsupported or malformed key */
if (pkey == NULL)
return -1;
if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
int ret;
ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey));
return ret < 0 ? ret : !ret;
}
#endif
return 1;
}
/*
* Check whether the signature digest algorithm of ``cert`` meets the security
* level of ``ctx``. Should not be checked for trust anchors (whether

10
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vpm.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,9 +14,9 @@
#include <openssl/buffer.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
#include "x509_lcl.h"
#include "x509_local.h"
/* X509_VERIFY_PARAM functions */
@ -199,7 +199,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
return 0;
}
/* Copy the host flags if and only if we're copying the host list */
x509_verify_param_copy(hostflags, 0);
if (test_x509_verify_param_copy(hosts, NULL)) {
sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
dest->hosts = NULL;
@ -208,7 +209,6 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
if (dest->hosts == NULL)
return 0;
dest->hostflags = src->hostflags;
}
}

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509cset.c vendored
View file

@ -14,7 +14,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
int X509_CRL_set_version(X509_CRL *x, long version)
{

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509name.c vendored
View file

@ -14,7 +14,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
{

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509rset.c vendored
View file

@ -13,7 +13,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
int X509_REQ_set_version(X509_REQ *x, long version)
{

10
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_all.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -13,7 +13,7 @@
#include <openssl/asn1.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
#include <openssl/ocsp.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
@ -362,7 +362,8 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) {
if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0
&& (data->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) {
/* Asking for SHA1 and we already computed it. */
if (len != NULL)
*len = sizeof(data->sha1_hash);
@ -376,7 +377,8 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
unsigned char *md, unsigned int *len)
{
if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0
&& (data->flags & EXFLAG_INVALID) == 0) {
/* Asking for SHA1; always computed in CRL d2i. */
if (len != NULL)
*len = sizeof(data->sha1_hash);

7
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_attrib.c vendored
View file

@ -12,7 +12,7 @@
#include <openssl/objects.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "x509_lcl.h"
#include "x509_local.h"
/*-
* X509_ATTRIBUTE: this has the following form:
@ -37,10 +37,13 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
{
X509_ATTRIBUTE *ret = NULL;
ASN1_TYPE *val = NULL;
ASN1_OBJECT *oid;
if ((oid = OBJ_nid2obj(nid)) == NULL)
return NULL;
if ((ret = X509_ATTRIBUTE_new()) == NULL)
return NULL;
ret->object = OBJ_nid2obj(nid);
ret->object = oid;
if ((val = ASN1_TYPE_new()) == NULL)
goto err;
if (!sk_ASN1_TYPE_push(ret->set, val))

41
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_crl.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -11,13 +11,13 @@
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
#include <openssl/x509v3.h>
#include "x509_lcl.h"
#include "x509_local.h"
static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
const X509_REVOKED *const *b);
static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
ASN1_SEQUENCE(X509_REVOKED) = {
ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER),
@ -155,7 +155,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
X509_CRL *crl = (X509_CRL *)*pval;
STACK_OF(X509_EXTENSION) *exts;
X509_EXTENSION *ext;
int idx;
int idx, i;
switch (operation) {
case ASN1_OP_D2I_PRE:
@ -184,23 +184,35 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
break;
case ASN1_OP_D2I_POST:
X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
if (!X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL))
crl->flags |= EXFLAG_INVALID;
crl->idp = X509_CRL_get_ext_d2i(crl,
NID_issuing_distribution_point, NULL,
NID_issuing_distribution_point, &i,
NULL);
if (crl->idp)
setup_idp(crl, crl->idp);
if (crl->idp != NULL) {
if (!setup_idp(crl, crl->idp))
crl->flags |= EXFLAG_INVALID;
}
else if (i != -1) {
crl->flags |= EXFLAG_INVALID;
}
crl->akid = X509_CRL_get_ext_d2i(crl,
NID_authority_key_identifier, NULL,
NID_authority_key_identifier, &i,
NULL);
if (crl->akid == NULL && i != -1)
crl->flags |= EXFLAG_INVALID;
crl->crl_number = X509_CRL_get_ext_d2i(crl,
NID_crl_number, NULL, NULL);
NID_crl_number, &i, NULL);
if (crl->crl_number == NULL && i != -1)
crl->flags |= EXFLAG_INVALID;
crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
NID_delta_crl, NULL,
NID_delta_crl, &i,
NULL);
if (crl->base_crl_number == NULL && i != -1)
crl->flags |= EXFLAG_INVALID;
/* Delta CRLs must have CRL number */
if (crl->base_crl_number && !crl->crl_number)
crl->flags |= EXFLAG_INVALID;
@ -259,9 +271,10 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
/* Convert IDP into a more convenient form */
static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
{
int idp_only = 0;
/* Set various flags according to IDP */
crl->idp_flags |= IDP_PRESENT;
if (idp->onlyuser > 0) {
@ -292,7 +305,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
crl->idp_reasons &= CRLDP_ALL_REASONS;
}
DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
return DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
}
ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = {

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_exten.c vendored
View file

@ -11,7 +11,7 @@
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include "x509_lcl.h"
#include "x509_local.h"
ASN1_SEQUENCE(X509_EXTENSION) = {
ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),

8
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_name.c vendored
View file

@ -8,13 +8,13 @@
*/
#include <stdio.h>
#include "internal/ctype.h"
#include "crypto/ctype.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "internal/asn1_int.h"
#include "x509_lcl.h"
#include "crypto/x509.h"
#include "crypto/asn1.h"
#include "x509_local.h"
/*
* Maximum length of X509_NAME: much larger than anything we should

15
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_pubkey.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -11,9 +11,9 @@
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "internal/x509_int.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "crypto/x509.h"
#include <openssl/rsa.h>
#include <openssl/dsa.h>
@ -169,8 +169,11 @@ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key)
EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
{
EVP_PKEY *ret = X509_PUBKEY_get0(key);
if (ret != NULL)
EVP_PKEY_up_ref(ret);
if (ret != NULL && !EVP_PKEY_up_ref(ret)) {
X509err(X509_F_X509_PUBKEY_GET, ERR_R_INTERNAL_ERROR);
ret = NULL;
}
return ret;
}

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_req.c vendored
View file

@ -11,7 +11,7 @@
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
/*-
* X509_REQ_INFO is handled in an unusual way to get round

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509.c vendored
View file

@ -13,7 +13,7 @@
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),

2
trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509a.c vendored
View file

@ -12,7 +12,7 @@
#include <openssl/evp.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "crypto/x509.h"
/*
* X509_CERT_AUX routines. These are used to encode additional user