Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | | - |
39 | | - |
40 | | - |
41 | | - |
42 | | - |
43 | | - |
44 | | - |
45 | | - |
46 | | - |
47 | | - |
48 | | - |
49 | | - |
50 | | - |
51 | | - |
52 | | - |
53 | | - |
54 | | - |
55 | | - |
56 | | - |
57 | | - |
58 | | - |
59 | #include <stdio.h> | - |
60 | #include <string.h> | - |
61 | | - |
62 | #include <openssl/asn1t.h> | - |
63 | #include <openssl/conf.h> | - |
64 | #include <openssl/err.h> | - |
65 | #include <openssl/x509v3.h> | - |
66 | | - |
67 | static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, | - |
68 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | - |
69 | static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, | - |
70 | void *a, BIO *bp, int ind); | - |
71 | static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, | - |
72 | STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name); | - |
73 | static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); | - |
74 | | - |
75 | static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); | - |
76 | static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); | - |
77 | static int nc_dn(X509_NAME *sub, X509_NAME *nm); | - |
78 | static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); | - |
79 | static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); | - |
80 | static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); | - |
81 | | - |
82 | const X509V3_EXT_METHOD v3_name_constraints = { | - |
83 | .ext_nid = NID_name_constraints, | - |
84 | .ext_flags = 0, | - |
85 | .it = &NAME_CONSTRAINTS_it, | - |
86 | .ext_new = NULL, | - |
87 | .ext_free = NULL, | - |
88 | .d2i = NULL, | - |
89 | .i2d = NULL, | - |
90 | .i2s = NULL, | - |
91 | .s2i = NULL, | - |
92 | .i2v = NULL, | - |
93 | .v2i = v2i_NAME_CONSTRAINTS, | - |
94 | .i2r = i2r_NAME_CONSTRAINTS, | - |
95 | .r2i = NULL, | - |
96 | .usr_data = NULL, | - |
97 | }; | - |
98 | | - |
99 | static const ASN1_TEMPLATE GENERAL_SUBTREE_seq_tt[] = { | - |
100 | { | - |
101 | .flags = 0, | - |
102 | .tag = 0, | - |
103 | .offset = offsetof(GENERAL_SUBTREE, base), | - |
104 | .field_name = "base", | - |
105 | .item = &GENERAL_NAME_it, | - |
106 | }, | - |
107 | { | - |
108 | .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, | - |
109 | .tag = 0, | - |
110 | .offset = offsetof(GENERAL_SUBTREE, minimum), | - |
111 | .field_name = "minimum", | - |
112 | .item = &ASN1_INTEGER_it, | - |
113 | }, | - |
114 | { | - |
115 | .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, | - |
116 | .tag = 1, | - |
117 | .offset = offsetof(GENERAL_SUBTREE, maximum), | - |
118 | .field_name = "maximum", | - |
119 | .item = &ASN1_INTEGER_it, | - |
120 | }, | - |
121 | }; | - |
122 | | - |
123 | const ASN1_ITEM GENERAL_SUBTREE_it = { | - |
124 | .itype = ASN1_ITYPE_SEQUENCE, | - |
125 | .utype = V_ASN1_SEQUENCE, | - |
126 | .templates = GENERAL_SUBTREE_seq_tt, | - |
127 | .tcount = sizeof(GENERAL_SUBTREE_seq_tt) / sizeof(ASN1_TEMPLATE), | - |
128 | .funcs = NULL, | - |
129 | .size = sizeof(GENERAL_SUBTREE), | - |
130 | .sname = "GENERAL_SUBTREE", | - |
131 | }; | - |
132 | | - |
133 | static const ASN1_TEMPLATE NAME_CONSTRAINTS_seq_tt[] = { | - |
134 | { | - |
135 | .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, | - |
136 | .tag = 0, | - |
137 | .offset = offsetof(NAME_CONSTRAINTS, permittedSubtrees), | - |
138 | .field_name = "permittedSubtrees", | - |
139 | .item = &GENERAL_SUBTREE_it, | - |
140 | }, | - |
141 | { | - |
142 | .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, | - |
143 | .tag = 1, | - |
144 | .offset = offsetof(NAME_CONSTRAINTS, excludedSubtrees), | - |
145 | .field_name = "excludedSubtrees", | - |
146 | .item = &GENERAL_SUBTREE_it, | - |
147 | }, | - |
148 | }; | - |
149 | | - |
150 | const ASN1_ITEM NAME_CONSTRAINTS_it = { | - |
151 | .itype = ASN1_ITYPE_SEQUENCE, | - |
152 | .utype = V_ASN1_SEQUENCE, | - |
153 | .templates = NAME_CONSTRAINTS_seq_tt, | - |
154 | .tcount = sizeof(NAME_CONSTRAINTS_seq_tt) / sizeof(ASN1_TEMPLATE), | - |
155 | .funcs = NULL, | - |
156 | .size = sizeof(NAME_CONSTRAINTS), | - |
157 | .sname = "NAME_CONSTRAINTS", | - |
158 | }; | - |
159 | | - |
160 | | - |
161 | GENERAL_SUBTREE * | - |
162 | GENERAL_SUBTREE_new(void) | - |
163 | { | - |
164 | return (GENERAL_SUBTREE*)ASN1_item_new(&GENERAL_SUBTREE_it); never executed: return (GENERAL_SUBTREE*)ASN1_item_new(&GENERAL_SUBTREE_it); | 0 |
165 | } | - |
166 | | - |
167 | void | - |
168 | GENERAL_SUBTREE_free(GENERAL_SUBTREE *a) | - |
169 | { | - |
170 | ASN1_item_free((ASN1_VALUE *)a, &GENERAL_SUBTREE_it); | - |
171 | }executed 1 time by 1 test: end of block | 1 |
172 | | - |
173 | NAME_CONSTRAINTS * | - |
174 | NAME_CONSTRAINTS_new(void) | - |
175 | { | - |
176 | return (NAME_CONSTRAINTS*)ASN1_item_new(&NAME_CONSTRAINTS_it); never executed: return (NAME_CONSTRAINTS*)ASN1_item_new(&NAME_CONSTRAINTS_it); | 0 |
177 | } | - |
178 | | - |
179 | void | - |
180 | NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *a) | - |
181 | { | - |
182 | ASN1_item_free((ASN1_VALUE *)a, &NAME_CONSTRAINTS_it); | - |
183 | }executed 245 times by 8 tests: end of block Executed by:- asn1test
- freenull
- keypairtest
- libcrypto.so.44.0.1
- servertest
- ssltest
- tlstest
- verifytest
| 245 |
184 | | - |
185 | static void * | - |
186 | v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | - |
187 | STACK_OF(CONF_VALUE) *nval) | - |
188 | { | - |
189 | int i; | - |
190 | CONF_VALUE tval, *val; | - |
191 | STACK_OF(GENERAL_SUBTREE) **ptree = NULL; | - |
192 | NAME_CONSTRAINTS *ncons = NULL; | - |
193 | GENERAL_SUBTREE *sub = NULL; | - |
194 | | - |
195 | ncons = NAME_CONSTRAINTS_new(); | - |
196 | if (!ncons)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
197 | goto memerr; never executed: goto memerr; | 0 |
198 | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
199 | val = sk_CONF_VALUE_value(nval, i); | - |
200 | if (!strncmp(val->name, "permitted", 9) && val->name[9]) { never executed: __result = (((const unsigned char *) (const char *) ( val->name ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "permitted" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
201 | ptree = &ncons->permittedSubtrees; | - |
202 | tval.name = val->name + 10; | - |
203 | } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( val->name ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "excluded" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
204 | ptree = &ncons->excludedSubtrees; | - |
205 | tval.name = val->name + 9; | - |
206 | } else { never executed: end of block | 0 |
207 | X509V3error(X509V3_R_INVALID_SYNTAX); | - |
208 | goto err; never executed: goto err; | 0 |
209 | } | - |
210 | tval.value = val->value; | - |
211 | sub = GENERAL_SUBTREE_new(); | - |
212 | if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
213 | goto err; never executed: goto err; | 0 |
214 | if (!*ptree)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
215 | *ptree = sk_GENERAL_SUBTREE_new_null(); never executed: *ptree = ((struct stack_st_GENERAL_SUBTREE *)sk_new_null()); | 0 |
216 | if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
217 | goto memerr; never executed: goto memerr; | 0 |
218 | sub = NULL; | - |
219 | } never executed: end of block | 0 |
220 | | - |
221 | return ncons; never executed: return ncons; | 0 |
222 | | - |
223 | memerr: | - |
224 | X509V3error(ERR_R_MALLOC_FAILURE); | - |
225 | err: code before this statement never executed: err: | 0 |
226 | NAME_CONSTRAINTS_free(ncons); | - |
227 | GENERAL_SUBTREE_free(sub); | - |
228 | return NULL; never executed: return ((void *)0) ; | 0 |
229 | } | - |
230 | | - |
231 | static int | - |
232 | i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind) | - |
233 | { | - |
234 | NAME_CONSTRAINTS *ncons = a; | - |
235 | | - |
236 | do_i2r_name_constraints(method, ncons->permittedSubtrees, | - |
237 | bp, ind, "Permitted"); | - |
238 | do_i2r_name_constraints(method, ncons->excludedSubtrees, | - |
239 | bp, ind, "Excluded"); | - |
240 | return 1; never executed: return 1; | 0 |
241 | } | - |
242 | | - |
243 | static int | - |
244 | do_i2r_name_constraints(const X509V3_EXT_METHOD *method, | - |
245 | STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name) | - |
246 | { | - |
247 | GENERAL_SUBTREE *tree; | - |
248 | int i; | - |
249 | | - |
250 | if (sk_GENERAL_SUBTREE_num(trees) > 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
251 | BIO_printf(bp, "%*s%s:\n", ind, "", name); never executed: BIO_printf(bp, "%*s%s:\n", ind, "", name); | 0 |
252 | for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
253 | tree = sk_GENERAL_SUBTREE_value(trees, i); | - |
254 | BIO_printf(bp, "%*s", ind + 2, ""); | - |
255 | if (tree->base->type == GEN_IPADD)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
256 | print_nc_ipadd(bp, tree->base->d.ip); never executed: print_nc_ipadd(bp, tree->base->d.ip); | 0 |
257 | else | - |
258 | GENERAL_NAME_print(bp, tree->base); never executed: GENERAL_NAME_print(bp, tree->base); | 0 |
259 | BIO_puts(bp, "\n"); | - |
260 | } never executed: end of block | 0 |
261 | return 1; never executed: return 1; | 0 |
262 | } | - |
263 | | - |
264 | static int | - |
265 | print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) | - |
266 | { | - |
267 | int i, len; | - |
268 | unsigned char *p; | - |
269 | | - |
270 | p = ip->data; | - |
271 | len = ip->length; | - |
272 | BIO_puts(bp, "IP:"); | - |
273 | if (len == 8) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
274 | BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", | - |
275 | p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); | - |
276 | } else if (len == 32) { never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
| 0 |
277 | for (i = 0; i < 16; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
278 | BIO_printf(bp, "%X", p[0] << 8 | p[1]); | - |
279 | p += 2; | - |
280 | if (i == 7)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
281 | BIO_puts(bp, "/"); never executed: BIO_puts(bp, "/"); | 0 |
282 | else if (i != 15)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
283 | BIO_puts(bp, ":"); never executed: BIO_puts(bp, ":"); | 0 |
284 | } never executed: end of block | 0 |
285 | } else never executed: end of block | 0 |
286 | BIO_printf(bp, "IP Address:<invalid>"); never executed: BIO_printf(bp, "IP Address:<invalid>"); | 0 |
287 | return 1; never executed: return 1; | 0 |
288 | } | - |
289 | | - |
290 | | - |
291 | | - |
292 | | - |
293 | | - |
294 | | - |
295 | | - |
296 | | - |
297 | | - |
298 | | - |
299 | | - |
300 | | - |
301 | int | - |
302 | NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) | - |
303 | { | - |
304 | int r, i; | - |
305 | X509_NAME *nm; | - |
306 | | - |
307 | nm = X509_get_subject_name(x); | - |
308 | | - |
309 | if (X509_NAME_entry_count(nm) > 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
310 | GENERAL_NAME gntmp; | - |
311 | gntmp.type = GEN_DIRNAME; | - |
312 | gntmp.d.directoryName = nm; | - |
313 | | - |
314 | r = nc_match(&gntmp, nc); | - |
315 | | - |
316 | if (r != X509_V_OK)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
317 | return r; never executed: return r; | 0 |
318 | | - |
319 | gntmp.type = GEN_EMAIL; | - |
320 | | - |
321 | | - |
322 | | - |
323 | for (i = -1;;) { | - |
324 | X509_NAME_ENTRY *ne; | - |
325 | i = X509_NAME_get_index_by_NID(nm, | - |
326 | NID_pkcs9_emailAddress, i); | - |
327 | if (i == -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
328 | break; never executed: break; | 0 |
329 | ne = X509_NAME_get_entry(nm, i); | - |
330 | gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne); | - |
331 | if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
332 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; never executed: return 53; | 0 |
333 | | - |
334 | r = nc_match(&gntmp, nc); | - |
335 | | - |
336 | if (r != X509_V_OK)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
337 | return r; never executed: return r; | 0 |
338 | } never executed: end of block | 0 |
339 | | - |
340 | } never executed: end of block | 0 |
341 | | - |
342 | for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
343 | GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i); | - |
344 | r = nc_match(gen, nc); | - |
345 | if (r != X509_V_OK)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
346 | return r; never executed: return r; | 0 |
347 | } never executed: end of block | 0 |
348 | | - |
349 | return X509_V_OK; never executed: return 0; | 0 |
350 | } | - |
351 | | - |
352 | static int | - |
353 | nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) | - |
354 | { | - |
355 | GENERAL_SUBTREE *sub; | - |
356 | int i, r, match = 0; | - |
357 | | - |
358 | | - |
359 | | - |
360 | | - |
361 | | - |
362 | for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
363 | sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); | - |
364 | if (gen->type != sub->base->type)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
365 | continue; never executed: continue; | 0 |
366 | if (sub->minimum || sub->maximum)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
367 | return X509_V_ERR_SUBTREE_MINMAX; never executed: return 49; | 0 |
368 | | - |
369 | if (match == 2)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
370 | continue; never executed: continue; | 0 |
371 | if (match == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
372 | match = 1; never executed: match = 1; | 0 |
373 | r = nc_match_single(gen, sub->base); | - |
374 | if (r == X509_V_OK)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
375 | match = 2; never executed: match = 2; | 0 |
376 | else if (r != X509_V_ERR_PERMITTED_VIOLATION)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
377 | return r; never executed: return r; | 0 |
378 | } never executed: end of block | 0 |
379 | | - |
380 | if (match == 1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
381 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
382 | | - |
383 | | - |
384 | | - |
385 | for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
386 | sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); | - |
387 | if (gen->type != sub->base->type)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
388 | continue; never executed: continue; | 0 |
389 | if (sub->minimum || sub->maximum)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
390 | return X509_V_ERR_SUBTREE_MINMAX; never executed: return 49; | 0 |
391 | | - |
392 | r = nc_match_single(gen, sub->base); | - |
393 | if (r == X509_V_OK)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
394 | return X509_V_ERR_EXCLUDED_VIOLATION; never executed: return 48; | 0 |
395 | else if (r != X509_V_ERR_PERMITTED_VIOLATION)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
396 | return r; never executed: return r; | 0 |
397 | | - |
398 | } never executed: end of block | 0 |
399 | | - |
400 | return X509_V_OK; never executed: return 0; | 0 |
401 | } | - |
402 | | - |
403 | static int | - |
404 | nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) | - |
405 | { | - |
406 | switch (base->type) { | - |
407 | case GEN_DIRNAME: never executed: case 4: | 0 |
408 | return nc_dn(gen->d.directoryName, base->d.directoryName); never executed: return nc_dn(gen->d.directoryName, base->d.directoryName); | 0 |
409 | | - |
410 | case GEN_DNS: never executed: case 2: | 0 |
411 | return nc_dns(gen->d.dNSName, base->d.dNSName); never executed: return nc_dns(gen->d.dNSName, base->d.dNSName); | 0 |
412 | | - |
413 | case GEN_EMAIL: never executed: case 1: | 0 |
414 | return nc_email(gen->d.rfc822Name, base->d.rfc822Name); never executed: return nc_email(gen->d.rfc822Name, base->d.rfc822Name); | 0 |
415 | | - |
416 | case GEN_URI: never executed: case 6: | 0 |
417 | return nc_uri(gen->d.uniformResourceIdentifier, never executed: return nc_uri(gen->d.uniformResourceIdentifier, base->d.uniformResourceIdentifier); | 0 |
418 | base->d.uniformResourceIdentifier); never executed: return nc_uri(gen->d.uniformResourceIdentifier, base->d.uniformResourceIdentifier); | 0 |
419 | | - |
420 | default: never executed: default: | 0 |
421 | return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; never executed: return 51; | 0 |
422 | } | - |
423 | } | - |
424 | | - |
425 | | - |
426 | | - |
427 | | - |
428 | | - |
429 | | - |
430 | static int | - |
431 | nc_dn(X509_NAME *nm, X509_NAME *base) | - |
432 | { | - |
433 | | - |
434 | if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
435 | return X509_V_ERR_OUT_OF_MEM; never executed: return 17; | 0 |
436 | if (base->modified && i2d_X509_NAME(base, NULL) < 0)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
437 | return X509_V_ERR_OUT_OF_MEM; never executed: return 17; | 0 |
438 | if (base->canon_enclen > nm->canon_enclen)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
439 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
440 | if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
441 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
442 | return X509_V_OK; never executed: return 0; | 0 |
443 | } | - |
444 | | - |
445 | static int | - |
446 | nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) | - |
447 | { | - |
448 | char *baseptr = (char *)base->data; | - |
449 | char *dnsptr = (char *)dns->data; | - |
450 | | - |
451 | | - |
452 | if (!*baseptr)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
453 | return X509_V_OK; never executed: return 0; | 0 |
454 | | - |
455 | | - |
456 | | - |
457 | | - |
458 | if (dns->length > base->length) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
459 | dnsptr += dns->length - base->length; | - |
460 | if (baseptr[0] != '.' && dnsptr[-1] != '.')TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
461 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
462 | } never executed: end of block | 0 |
463 | | - |
464 | if (strcasecmp(baseptr, dnsptr))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
465 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
466 | | - |
467 | return X509_V_OK; never executed: return 0; | 0 |
468 | } | - |
469 | | - |
470 | static int | - |
471 | nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) | - |
472 | { | - |
473 | const char *baseptr = (char *)base->data; | - |
474 | const char *emlptr = (char *)eml->data; | - |
475 | const char *baseat = strchr(baseptr, '@');TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
476 | const char *emlat = strchr(emlptr, '@');TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
477 | | - |
478 | if (!emlat)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
479 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; never executed: return 53; | 0 |
480 | | - |
481 | if (!baseat && (*baseptr == '.')) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
482 | if (eml->length > base->length) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
483 | emlptr += eml->length - base->length; | - |
484 | if (!strcasecmp(baseptr, emlptr))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
485 | return X509_V_OK; never executed: return 0; | 0 |
486 | } never executed: end of block | 0 |
487 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
488 | } | - |
489 | | - |
490 | | - |
491 | | - |
492 | if (baseat) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
493 | if (baseat != baseptr) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
494 | if ((baseat - baseptr) != (emlat - emlptr))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
495 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
496 | | - |
497 | if (strncmp(baseptr, emlptr, emlat - emlptr)) never executed: __result = (((const unsigned char *) (const char *) ( baseptr ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( emlptr ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
498 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
499 | } never executed: end of block | 0 |
500 | | - |
501 | baseptr = baseat + 1; | - |
502 | } never executed: end of block | 0 |
503 | emlptr = emlat + 1; | - |
504 | | - |
505 | if (strcasecmp(baseptr, emlptr))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
506 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
507 | | - |
508 | return X509_V_OK; never executed: return 0; | 0 |
509 | } | - |
510 | | - |
511 | static int | - |
512 | nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) | - |
513 | { | - |
514 | const char *baseptr = (char *)base->data; | - |
515 | const char *hostptr = (char *)uri->data; | - |
516 | const char *p = strchr(hostptr, ':');TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
517 | int hostlen; | - |
518 | | - |
519 | | - |
520 | if (!p || (p[1] != '/') || (p[2] != '/'))TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
521 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; never executed: return 53; | 0 |
522 | hostptr = p + 3; | - |
523 | | - |
524 | | - |
525 | | - |
526 | | - |
527 | | - |
528 | p = strchr(hostptr, ':');TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
529 | | - |
530 | if (!p)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
531 | p = strchr(hostptr, '/'); never executed: p = (__extension__ (__builtin_constant_p ( '/' ) && !__builtin_constant_p ( hostptr ) && ( '/' ) == '\0' ? (char *) __rawmemchr ( hostptr , '/' ) : __builtin_strchr ( hostptr , '/' ))) ; TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
532 | | - |
533 | if (!p)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
534 | hostlen = strlen(hostptr); never executed: hostlen = strlen(hostptr); | 0 |
535 | else | - |
536 | hostlen = p - hostptr; never executed: hostlen = p - hostptr; | 0 |
537 | | - |
538 | if (hostlen == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
539 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; never executed: return 53; | 0 |
540 | | - |
541 | | - |
542 | if (*baseptr == '.') {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
543 | if (hostlen > base->length) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
544 | p = hostptr + hostlen - base->length; | - |
545 | if (!strncasecmp(p, baseptr, base->length))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
546 | return X509_V_OK; never executed: return 0; | 0 |
547 | } never executed: end of block | 0 |
548 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
549 | } | - |
550 | | - |
551 | if ((base->length != (int)hostlen) ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
552 | strncasecmp(hostptr, baseptr, hostlen))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
553 | return X509_V_ERR_PERMITTED_VIOLATION; never executed: return 47; | 0 |
554 | | - |
555 | return X509_V_OK; never executed: return 0; | 0 |
556 | } | - |
| | |