Final fixes from Christos Zoulas
This commit is contained in:
Love Hornquist Astrand
@@ -327,7 +327,7 @@ _hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key)
|
|||||||
void
|
void
|
||||||
hx509_cert_free(hx509_cert cert)
|
hx509_cert_free(hx509_cert cert)
|
||||||
{
|
{
|
||||||
int i;
|
size_t i;
|
||||||
|
|
||||||
if (cert == NULL)
|
if (cert == NULL)
|
||||||
return;
|
return;
|
||||||
@@ -355,7 +355,7 @@ hx509_cert_free(hx509_cert cert)
|
|||||||
free(cert->friendlyname);
|
free(cert->friendlyname);
|
||||||
if (cert->basename)
|
if (cert->basename)
|
||||||
hx509_name_free(&cert->basename);
|
hx509_name_free(&cert->basename);
|
||||||
memset(cert, 0, sizeof(cert));
|
memset(cert, 0, sizeof(*cert));
|
||||||
free(cert);
|
free(cert);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -584,7 +584,7 @@ hx509_verify_ctx_f_allow_best_before_signature_algs(hx509_context ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static const Extension *
|
static const Extension *
|
||||||
find_extension(const Certificate *cert, const heim_oid *oid, int *idx)
|
find_extension(const Certificate *cert, const heim_oid *oid, size_t *idx)
|
||||||
{
|
{
|
||||||
const TBSCertificate *c = &cert->tbsCertificate;
|
const TBSCertificate *c = &cert->tbsCertificate;
|
||||||
|
|
||||||
@@ -604,7 +604,7 @@ find_extension_auth_key_id(const Certificate *subject,
|
|||||||
{
|
{
|
||||||
const Extension *e;
|
const Extension *e;
|
||||||
size_t size;
|
size_t size;
|
||||||
int i = 0;
|
size_t i = 0;
|
||||||
|
|
||||||
memset(ai, 0, sizeof(*ai));
|
memset(ai, 0, sizeof(*ai));
|
||||||
|
|
||||||
@@ -623,7 +623,7 @@ _hx509_find_extension_subject_key_id(const Certificate *issuer,
|
|||||||
{
|
{
|
||||||
const Extension *e;
|
const Extension *e;
|
||||||
size_t size;
|
size_t size;
|
||||||
int i = 0;
|
size_t i = 0;
|
||||||
|
|
||||||
memset(si, 0, sizeof(*si));
|
memset(si, 0, sizeof(*si));
|
||||||
|
|
||||||
@@ -642,7 +642,7 @@ find_extension_name_constraints(const Certificate *subject,
|
|||||||
{
|
{
|
||||||
const Extension *e;
|
const Extension *e;
|
||||||
size_t size;
|
size_t size;
|
||||||
int i = 0;
|
size_t i = 0;
|
||||||
|
|
||||||
memset(nc, 0, sizeof(*nc));
|
memset(nc, 0, sizeof(*nc));
|
||||||
|
|
||||||
@@ -656,7 +656,7 @@ find_extension_name_constraints(const Certificate *subject,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
find_extension_subject_alt_name(const Certificate *cert, int *i,
|
find_extension_subject_alt_name(const Certificate *cert, size_t *i,
|
||||||
GeneralNames *sa)
|
GeneralNames *sa)
|
||||||
{
|
{
|
||||||
const Extension *e;
|
const Extension *e;
|
||||||
@@ -678,7 +678,7 @@ find_extension_eku(const Certificate *cert, ExtKeyUsage *eku)
|
|||||||
{
|
{
|
||||||
const Extension *e;
|
const Extension *e;
|
||||||
size_t size;
|
size_t size;
|
||||||
int i = 0;
|
size_t i = 0;
|
||||||
|
|
||||||
memset(eku, 0, sizeof(*eku));
|
memset(eku, 0, sizeof(*eku));
|
||||||
|
|
||||||
@@ -720,7 +720,7 @@ add_to_list(hx509_octet_string_list *list, const heim_octet_string *entry)
|
|||||||
void
|
void
|
||||||
hx509_free_octet_string_list(hx509_octet_string_list *list)
|
hx509_free_octet_string_list(hx509_octet_string_list *list)
|
||||||
{
|
{
|
||||||
int i;
|
size_t i;
|
||||||
for (i = 0; i < list->len; i++)
|
for (i = 0; i < list->len; i++)
|
||||||
der_free_octet_string(&list->val[i]);
|
der_free_octet_string(&list->val[i]);
|
||||||
free(list->val);
|
free(list->val);
|
||||||
@@ -752,7 +752,8 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context,
|
|||||||
hx509_octet_string_list *list)
|
hx509_octet_string_list *list)
|
||||||
{
|
{
|
||||||
GeneralNames sa;
|
GeneralNames sa;
|
||||||
int ret, i, j;
|
int ret;
|
||||||
|
size_t i, j;
|
||||||
|
|
||||||
list->val = NULL;
|
list->val = NULL;
|
||||||
list->len = 0;
|
list->len = 0;
|
||||||
@@ -796,7 +797,8 @@ check_key_usage(hx509_context context, const Certificate *cert,
|
|||||||
const Extension *e;
|
const Extension *e;
|
||||||
KeyUsage ku;
|
KeyUsage ku;
|
||||||
size_t size;
|
size_t size;
|
||||||
int ret, i = 0;
|
int ret;
|
||||||
|
size_t i = 0;
|
||||||
unsigned ku_flags;
|
unsigned ku_flags;
|
||||||
|
|
||||||
if (_hx509_cert_get_version(cert) < 3)
|
if (_hx509_cert_get_version(cert) < 3)
|
||||||
@@ -849,12 +851,13 @@ enum certtype { PROXY_CERT, EE_CERT, CA_CERT };
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
check_basic_constraints(hx509_context context, const Certificate *cert,
|
check_basic_constraints(hx509_context context, const Certificate *cert,
|
||||||
enum certtype type, int depth)
|
enum certtype type, size_t depth)
|
||||||
{
|
{
|
||||||
BasicConstraints bc;
|
BasicConstraints bc;
|
||||||
const Extension *e;
|
const Extension *e;
|
||||||
size_t size;
|
size_t size;
|
||||||
int ret, i = 0;
|
int ret;
|
||||||
|
size_t i = 0;
|
||||||
|
|
||||||
if (_hx509_cert_get_version(cert) < 3)
|
if (_hx509_cert_get_version(cert) < 3)
|
||||||
return 0;
|
return 0;
|
||||||
@@ -1144,7 +1147,8 @@ is_proxy_cert(hx509_context context,
|
|||||||
ProxyCertInfo info;
|
ProxyCertInfo info;
|
||||||
const Extension *e;
|
const Extension *e;
|
||||||
size_t size;
|
size_t size;
|
||||||
int ret, i = 0;
|
int ret;
|
||||||
|
size_t i = 0;
|
||||||
|
|
||||||
if (rinfo)
|
if (rinfo)
|
||||||
memset(rinfo, 0, sizeof(*rinfo));
|
memset(rinfo, 0, sizeof(*rinfo));
|
||||||
@@ -1695,7 +1699,7 @@ static int
|
|||||||
match_RDN(const RelativeDistinguishedName *c,
|
match_RDN(const RelativeDistinguishedName *c,
|
||||||
const RelativeDistinguishedName *n)
|
const RelativeDistinguishedName *n)
|
||||||
{
|
{
|
||||||
int i;
|
size_t i;
|
||||||
|
|
||||||
if (c->len != n->len)
|
if (c->len != n->len)
|
||||||
return HX509_NAME_CONSTRAINT_ERROR;
|
return HX509_NAME_CONSTRAINT_ERROR;
|
||||||
@@ -1717,7 +1721,8 @@ match_RDN(const RelativeDistinguishedName *c,
|
|||||||
static int
|
static int
|
||||||
match_X501Name(const Name *c, const Name *n)
|
match_X501Name(const Name *c, const Name *n)
|
||||||
{
|
{
|
||||||
int i, ret;
|
size_t i;
|
||||||
|
int ret;
|
||||||
|
|
||||||
if (c->element != choice_Name_rdnSequence
|
if (c->element != choice_Name_rdnSequence
|
||||||
|| n->element != choice_Name_rdnSequence)
|
|| n->element != choice_Name_rdnSequence)
|
||||||
@@ -1824,7 +1829,8 @@ match_alt_name(const GeneralName *n, const Certificate *c,
|
|||||||
int *same, int *match)
|
int *same, int *match)
|
||||||
{
|
{
|
||||||
GeneralNames sa;
|
GeneralNames sa;
|
||||||
int ret, i, j;
|
int ret;
|
||||||
|
size_t i, j;
|
||||||
|
|
||||||
i = 0;
|
i = 0;
|
||||||
do {
|
do {
|
||||||
@@ -1898,7 +1904,7 @@ check_name_constraints(hx509_context context,
|
|||||||
const Certificate *c)
|
const Certificate *c)
|
||||||
{
|
{
|
||||||
int match, ret;
|
int match, ret;
|
||||||
int i;
|
size_t i;
|
||||||
|
|
||||||
for (i = 0 ; i < nc->len; i++) {
|
for (i = 0 ; i < nc->len; i++) {
|
||||||
GeneralSubtrees gs;
|
GeneralSubtrees gs;
|
||||||
@@ -1941,7 +1947,7 @@ check_name_constraints(hx509_context context,
|
|||||||
static void
|
static void
|
||||||
free_name_constraints(hx509_name_constraints *nc)
|
free_name_constraints(hx509_name_constraints *nc)
|
||||||
{
|
{
|
||||||
int i;
|
size_t i;
|
||||||
|
|
||||||
for (i = 0 ; i < nc->len; i++)
|
for (i = 0 ; i < nc->len; i++)
|
||||||
free_NameConstraints(&nc->val[i]);
|
free_NameConstraints(&nc->val[i]);
|
||||||
@@ -1971,7 +1977,8 @@ hx509_verify_path(hx509_context context,
|
|||||||
{
|
{
|
||||||
hx509_name_constraints nc;
|
hx509_name_constraints nc;
|
||||||
hx509_path path;
|
hx509_path path;
|
||||||
int ret, i, proxy_cert_depth, selfsigned_depth, diff;
|
int ret, proxy_cert_depth, selfsigned_depth, diff;
|
||||||
|
size_t i, k;
|
||||||
enum certtype type;
|
enum certtype type;
|
||||||
Name proxy_issuer;
|
Name proxy_issuer;
|
||||||
hx509_certs anchors = NULL;
|
hx509_certs anchors = NULL;
|
||||||
@@ -2066,7 +2073,7 @@ hx509_verify_path(hx509_context context,
|
|||||||
ProxyCertInfo info;
|
ProxyCertInfo info;
|
||||||
|
|
||||||
if (is_proxy_cert(context, c, &info) == 0) {
|
if (is_proxy_cert(context, c, &info) == 0) {
|
||||||
int j;
|
size_t j;
|
||||||
|
|
||||||
if (info.pCPathLenConstraint != NULL &&
|
if (info.pCPathLenConstraint != NULL &&
|
||||||
*info.pCPathLenConstraint < i)
|
*info.pCPathLenConstraint < i)
|
||||||
@@ -2236,9 +2243,10 @@ hx509_verify_path(hx509_context context,
|
|||||||
* checked in the right order.
|
* checked in the right order.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
for (ret = 0, i = path.len - 1; i >= 0; i--) {
|
for (ret = 0, k = path.len; k > 0; k--) {
|
||||||
Certificate *c;
|
Certificate *c;
|
||||||
int selfsigned;
|
int selfsigned;
|
||||||
|
i = k - 1;
|
||||||
|
|
||||||
c = _hx509_get_cert(path.val[i]);
|
c = _hx509_get_cert(path.val[i]);
|
||||||
|
|
||||||
@@ -2287,7 +2295,7 @@ hx509_verify_path(hx509_context context,
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < path.len - 1; i++) {
|
for (i = 0; i < path.len - 1; i++) {
|
||||||
int parent = (i < path.len - 1) ? i + 1 : i;
|
size_t parent = (i < path.len - 1) ? i + 1 : i;
|
||||||
|
|
||||||
ret = hx509_revoke_verify(context,
|
ret = hx509_revoke_verify(context,
|
||||||
ctx->revoke_ctx,
|
ctx->revoke_ctx,
|
||||||
@@ -2308,9 +2316,10 @@ hx509_verify_path(hx509_context context,
|
|||||||
* parameter is passed up from the anchor up though the chain.
|
* parameter is passed up from the anchor up though the chain.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
for (i = path.len - 1; i >= 0; i--) {
|
for (k = path.len; k > 0; k--) {
|
||||||
hx509_cert signer;
|
hx509_cert signer;
|
||||||
Certificate *c;
|
Certificate *c;
|
||||||
|
i = k - 1;
|
||||||
|
|
||||||
c = _hx509_get_cert(path.val[i]);
|
c = _hx509_get_cert(path.val[i]);
|
||||||
|
|
||||||
@@ -2450,7 +2459,8 @@ hx509_verify_hostname(hx509_context context,
|
|||||||
{
|
{
|
||||||
GeneralNames san;
|
GeneralNames san;
|
||||||
const Name *name;
|
const Name *name;
|
||||||
int ret, i, j;
|
int ret;
|
||||||
|
size_t i, j, k;
|
||||||
|
|
||||||
if (sa && sa_size <= 0)
|
if (sa && sa_size <= 0)
|
||||||
return EINVAL;
|
return EINVAL;
|
||||||
@@ -2488,7 +2498,8 @@ hx509_verify_hostname(hx509_context context,
|
|||||||
name = &cert->data->tbsCertificate.subject;
|
name = &cert->data->tbsCertificate.subject;
|
||||||
|
|
||||||
/* Find first CN= in the name, and try to match the hostname on that */
|
/* Find first CN= in the name, and try to match the hostname on that */
|
||||||
for (ret = 0, i = name->u.rdnSequence.len - 1; ret == 0 && i >= 0; i--) {
|
for (ret = 0, k = name->u.rdnSequence.len; ret == 0 && k > 0; k--) {
|
||||||
|
i = k - 1;
|
||||||
for (j = 0; ret == 0 && j < name->u.rdnSequence.val[i].len; j++) {
|
for (j = 0; ret == 0 && j < name->u.rdnSequence.val[i].len; j++) {
|
||||||
AttributeTypeAndValue *n = &name->u.rdnSequence.val[i].val[j];
|
AttributeTypeAndValue *n = &name->u.rdnSequence.val[i].val[j];
|
||||||
|
|
||||||
@@ -2579,7 +2590,7 @@ _hx509_set_cert_attribute(hx509_context context,
|
|||||||
hx509_cert_attribute
|
hx509_cert_attribute
|
||||||
hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid)
|
hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid)
|
||||||
{
|
{
|
||||||
int i;
|
size_t i;
|
||||||
for (i = 0; i < cert->attrs.len; i++)
|
for (i = 0; i < cert->attrs.len; i++)
|
||||||
if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0)
|
if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0)
|
||||||
return cert->attrs.val[i];
|
return cert->attrs.val[i];
|
||||||
@@ -2625,7 +2636,8 @@ hx509_cert_get_friendly_name(hx509_cert cert)
|
|||||||
hx509_cert_attribute a;
|
hx509_cert_attribute a;
|
||||||
PKCS9_friendlyName n;
|
PKCS9_friendlyName n;
|
||||||
size_t sz;
|
size_t sz;
|
||||||
int ret, i;
|
int ret;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
if (cert->friendlyname)
|
if (cert->friendlyname)
|
||||||
return cert->friendlyname;
|
return cert->friendlyname;
|
||||||
@@ -3166,7 +3178,8 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
|
|||||||
{
|
{
|
||||||
rtbl_t t;
|
rtbl_t t;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
int type, mask, i, num;
|
int type, mask, num;
|
||||||
|
size_t i;
|
||||||
unsigned long multiqueries = 0, totalqueries = 0;
|
unsigned long multiqueries = 0, totalqueries = 0;
|
||||||
struct stat_el stats[32];
|
struct stat_el stats[32];
|
||||||
|
|
||||||
@@ -3254,7 +3267,8 @@ hx509_cert_check_eku(hx509_context context, hx509_cert cert,
|
|||||||
const heim_oid *eku, int allow_any_eku)
|
const heim_oid *eku, int allow_any_eku)
|
||||||
{
|
{
|
||||||
ExtKeyUsage e;
|
ExtKeyUsage e;
|
||||||
int ret, i;
|
int ret;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
ret = find_extension_eku(_hx509_get_cert(cert), &e);
|
ret = find_extension_eku(_hx509_get_cert(cert), &e);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
@@ -3289,7 +3303,8 @@ _hx509_cert_get_keyusage(hx509_context context,
|
|||||||
Certificate *cert;
|
Certificate *cert;
|
||||||
const Extension *e;
|
const Extension *e;
|
||||||
size_t size;
|
size_t size;
|
||||||
int ret, i = 0;
|
int ret;
|
||||||
|
size_t i = 0;
|
||||||
|
|
||||||
memset(ku, 0, sizeof(*ku));
|
memset(ku, 0, sizeof(*ku));
|
||||||
|
|
||||||
@@ -3455,7 +3470,7 @@ _hx509_cert_to_env(hx509_context context, hx509_cert cert, hx509_env *env)
|
|||||||
else if (ret != 0)
|
else if (ret != 0)
|
||||||
goto out;
|
goto out;
|
||||||
else {
|
else {
|
||||||
int i;
|
size_t i;
|
||||||
hx509_env enveku = NULL;
|
hx509_env enveku = NULL;
|
||||||
|
|
||||||
for (i = 0; i < eku.len; i++) {
|
for (i = 0; i < eku.len; i++) {
|
||||||
|
|||||||
Reference in New Issue
Block a user