src - OpenBSD base system

diff options


context:
space:
mode:

author	Markus Friedl <markus@cvs.openbsd.org>	2004-04-08 08:13:25 +0000
committer	Markus Friedl <markus@cvs.openbsd.org>	2004-04-08 08:13:25 +0000
commit	a8ded74b07a6ac09d163286b7b4cf6aa35efa00c (patch)
tree	0f8c708eea2ff880861c53a789b21637e475ad07 /lib/libssl
parent	39742baebd0068e2a7d7a0d76c0fec797b61e8a6 (diff)

backout for now

Diffstat (limited to 'lib/libssl')

-rw-r--r--

lib/libssl/src/crypto/evp/digest.c

-rw-r--r--

lib/libssl/src/crypto/x509/x509_txt.c

-rw-r--r--

lib/libssl/src/crypto/x509/x509_vfy.c

3 files changed, 11 insertions, 67 deletions

diff --git a/lib/libssl/src/crypto/evp/digest.c b/lib/libssl/src/crypto/evp/digest.c
index 0623ddf1f05..b22eed44211 100644
--- a/lib/libssl/src/crypto/evp/digest.c
+++ b/lib/libssl/src/crypto/evp/digest.c

@@ -248,7 +248,6 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)

int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)

{

- unsigned char *tmp_buf;

if ((in == NULL) || (in->digest == NULL))

{

EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);

@@ -263,22 +262,15 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)

}

#endif

- if (out->digest == in->digest)

- {

- tmp_buf = out->md_data;

- EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);

- }

- else tmp_buf = NULL;

EVP_MD_CTX_cleanup(out);

memcpy(out,in,sizeof *out);

if (out->digest->ctx_size)

{

- if (tmp_buf) out->md_data = tmp_buf;

- else out->md_data=OPENSSL_malloc(out->digest->ctx_size);

+ out->md_data=OPENSSL_malloc(out->digest->ctx_size);

memcpy(out->md_data,in->md_data,out->digest->ctx_size);

}

if (out->digest->copy)

return out->digest->copy(out,in);

@@ -316,8 +308,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)

if (ctx->digest && ctx->digest->cleanup

&& !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))

ctx->digest->cleanup(ctx);

- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data

- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))

+ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)

{

OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);

OPENSSL_free(ctx->md_data);

diff --git a/lib/libssl/src/crypto/x509/x509_txt.c b/lib/libssl/src/crypto/x509/x509_txt.c
index e31ebc6741a..9d09ae17e82 100644
--- a/lib/libssl/src/crypto/x509/x509_txt.c
+++ b/lib/libssl/src/crypto/x509/x509_txt.c

@@ -147,14 +147,8 @@ const char *X509_verify_cert_error_string(long n)

case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:

return("unhandled critical extension");

- case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:

- return("key usage does not include CRL signing");

- case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:

- return("unhandled critical CRL extension");

default:

- BIO_snprintf(buf,sizeof buf,"error number %ld",n);

+ snprintf(buf,sizeof buf,"error number %ld",n);

return(buf);

}

diff --git a/lib/libssl/src/crypto/x509/x509_vfy.c b/lib/libssl/src/crypto/x509/x509_vfy.c
index 2e4d0b823ab..2bb21b443ec 100644
--- a/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/lib/libssl/src/crypto/x509/x509_vfy.c

@@ -383,7 +383,6 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)

/* Check all untrusted certificates */

for (i = 0; i < ctx->last_untrusted; i++)

{

- int ret;

x = sk_X509_value(ctx->chain, i);

if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)

&& (x->ex_flags & EXFLAG_CRITICAL))

@@ -394,10 +393,7 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)

ok=cb(0,ctx);

if (!ok) goto end;

}

- ret = X509_check_purpose(x, ctx->purpose, i);

- if ((ret == 0)

- || ((ctx->flags & X509_V_FLAG_X509_STRICT)

- && (ret != 1)))

+ if (!X509_check_purpose(x, ctx->purpose, i))

{

if (i)

ctx->error = X509_V_ERR_INVALID_CA;

@@ -541,14 +537,6 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)

if(issuer)

{

- /* Check for cRLSign bit if keyUsage present */

- if ((issuer->ex_flags & EXFLAG_KUSAGE) &&

- !(issuer->ex_kusage & KU_CRL_SIGN))

- {

- ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;

- ok = ctx->verify_cb(0, ctx);

- if(!ok) goto err;

- }

/* Attempt to get issuer certificate public key */

ikey = X509_get_pubkey(issuer);

@@ -623,46 +611,17 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)

{

int idx, ok;

X509_REVOKED rtmp;

- STACK_OF(X509_EXTENSION) *exts;

- X509_EXTENSION *ext;

/* Look for serial number of certificate in CRL */

rtmp.serialNumber = X509_get_serialNumber(x);

idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);

- /* If found assume revoked: want something cleverer than

+ /* Not found: OK */

+ if(idx == -1) return 1;

+ /* Otherwise revoked: want something cleverer than

* this to handle entry extensions in V2 CRLs.

- if(idx >= 0)

- {

- ctx->error = X509_V_ERR_CERT_REVOKED;

- ok = ctx->verify_cb(0, ctx);

- if (!ok) return 0;

- }

- if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)

- return 1;

- /* See if we have any critical CRL extensions: since we

- * currently don't handle any CRL extensions the CRL must be

- * rejected.

- * This code accesses the X509_CRL structure directly: applications

- * shouldn't do this.

- */

- exts = crl->crl->extensions;

- for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)

- {

- ext = sk_X509_EXTENSION_value(exts, idx);

- if (ext->critical > 0)

- {

- ctx->error =

- X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;

- ok = ctx->verify_cb(0, ctx);

- if(!ok) return 0;

- break;

- }

- return 1;

+ ctx->error = X509_V_ERR_CERT_REVOKED;

+ ok = ctx->verify_cb(0, ctx);

+ return ok;

}

static int internal_verify(X509_STORE_CTX *ctx)