"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "crypto/x509v3/v3_purp.c" between
openssl-1.1.1f.tar.gz and openssl-1.1.1g.tar.gz

About: OpenSSL is a toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. Long Term Support (LTS) version (includes support for TLSv1.3).

v3_purp.c  (openssl-1.1.1f):v3_purp.c  (openssl-1.1.1g)
skipping to change at line 387 skipping to change at line 387
if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL))
x->ex_flags |= EXFLAG_INVALID; x->ex_flags |= EXFLAG_INVALID;
/* V1 should mean no extensions ... */ /* V1 should mean no extensions ... */
if (!X509_get_version(x)) if (!X509_get_version(x))
x->ex_flags |= EXFLAG_V1; x->ex_flags |= EXFLAG_V1;
/* Handle basic constraints */ /* Handle basic constraints */
if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &i, NULL))) { if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &i, NULL))) {
if (bs->ca) if (bs->ca)
x->ex_flags |= EXFLAG_CA; x->ex_flags |= EXFLAG_CA;
if (bs->pathlen) { if (bs->pathlen) {
if ((bs->pathlen->type == V_ASN1_NEG_INTEGER) if (bs->pathlen->type == V_ASN1_NEG_INTEGER) {
|| !bs->ca) {
x->ex_flags |= EXFLAG_INVALID; x->ex_flags |= EXFLAG_INVALID;
x->ex_pathlen = 0; x->ex_pathlen = 0;
} else } else {
x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
if (!bs->ca && x->ex_pathlen != 0) {
x->ex_flags |= EXFLAG_INVALID;
x->ex_pathlen = 0;
}
}
} else } else
x->ex_pathlen = -1; x->ex_pathlen = -1;
BASIC_CONSTRAINTS_free(bs); BASIC_CONSTRAINTS_free(bs);
x->ex_flags |= EXFLAG_BCONS; x->ex_flags |= EXFLAG_BCONS;
} else if (i != -1) { } else if (i != -1) {
x->ex_flags |= EXFLAG_INVALID; x->ex_flags |= EXFLAG_INVALID;
} }
/* Handle proxy certificates */ /* Handle proxy certificates */
if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &i, NULL))) { if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &i, NULL))) {
if (x->ex_flags & EXFLAG_CA if (x->ex_flags & EXFLAG_CA
skipping to change at line 548 skipping to change at line 552
*/ */
#endif #endif
CRYPTO_THREAD_unlock(x->lock); CRYPTO_THREAD_unlock(x->lock);
} }
/*- /*-
* CA checks common to all purposes * CA checks common to all purposes
* return codes: * return codes:
* 0 not a CA * 0 not a CA
* 1 is a CA * 1 is a CA
* 2 basicConstraints absent so "maybe" a CA * 2 Only possible in older versions of openSSL when basicConstraints are absent
* new versions will not return this value. May be a CA
* 3 basicConstraints absent but self signed V1. * 3 basicConstraints absent but self signed V1.
* 4 basicConstraints absent but keyUsage present and keyCertSign asserted. * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
* 5 Netscape specific CA Flags present
*/ */
static int check_ca(const X509 *x) static int check_ca(const X509 *x)
{ {
/* keyUsage if present should allow cert signing */ /* keyUsage if present should allow cert signing */
if (ku_reject(x, KU_KEY_CERT_SIGN)) if (ku_reject(x, KU_KEY_CERT_SIGN))
return 0; return 0;
if (x->ex_flags & EXFLAG_BCONS) { if (x->ex_flags & EXFLAG_BCONS) {
if (x->ex_flags & EXFLAG_CA) if (x->ex_flags & EXFLAG_CA)
return 1; return 1;
 End of changes. 5 change blocks. 
4 lines changed or deleted 10 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)