ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

[hopefully] fixed pathlen problem on ARM platforms

This commit is contained in:
Andreas Steffen 2011-02-10 15:51:18 +01:00
parent afddd6a7e8
commit d390b3b901
7 changed files with 39 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libcharon/plugins/stroke/stroke_list.c
View File

@ -754,7 +754,7 @@ static void stroke_list_certs(linked_list_t *list, char *label,
enumerator_t *enumerator;
identification_t *altName;
bool first_altName = TRUE;
int pathlen;
u_int pathlen;
chunk_t serial, authkey;
time_t notBefore, notAfter;
public_key_t *public;
@ -837,7 +837,7 @@ static void stroke_list_certs(linked_list_t *list, char *label,
pathlen = x509->get_constraint(x509, X509_PATH_LEN);
if (pathlen != X509_NO_CONSTRAINT)
{
fprintf(out, " pathlen: %d\n", pathlen);
fprintf(out, " pathlen: %u\n", pathlen);
}
/* list optional ipAddrBlocks */

2
src/libstrongswan/credentials/cert_validator.h
View File

@ -45,7 +45,7 @@ struct cert_validator_t {
* @param auth container for resulting authentication info
*/
bool (*validate)(cert_validator_t *this, certificate_t *subject,
certificate_t *issuer, bool online, int pathlen,
certificate_t *issuer, bool online, u_int pathlen,
bool anchor, auth_cfg_t *auth);
};

5
src/libstrongswan/credentials/certificates/x509.h
View File

@ -24,7 +24,8 @@
#include <utils/enumerator.h>
#include <credentials/certificates/certificate.h>
#define X509_NO_CONSTRAINT -1
/* constraints are currently restricted to the range 0..127 */
#define X509_NO_CONSTRAINT 255
typedef struct x509_t x509_t;
typedef struct x509_cert_policy_t x509_cert_policy_t;
@ -150,7 +151,7 @@ struct x509_t {
* @param type type of constraint to get
* @return constraint, X509_NO_CONSTRAINT if none found
*/
int (*get_constraint)(x509_t *this, x509_constraint_t type);
u_int (*get_constraint)(x509_t *this, x509_constraint_t type);
/**
* Create an enumerator over all subjectAltNames.

9
src/libstrongswan/plugins/constraints/constraints_validator.c
View File

@ -38,7 +38,7 @@ struct private_constraints_validator_t {
*/
static bool check_pathlen(x509_t *issuer, int pathlen)
{
int pathlen_constraint;
u_int pathlen_constraint;
pathlen_constraint = issuer->get_constraint(issuer, X509_PATH_LEN);
if (pathlen_constraint != X509_NO_CONSTRAINT &&
@ -439,7 +439,7 @@ static bool has_no_any_policy(linked_list_t *chain, int len)
/**
* Check requireExplicitPolicy and inhibitPolicyMapping constraints
*/
static bool check_policy_constraints(x509_t *issuer, int pathlen,
static bool check_policy_constraints(x509_t *issuer, u_int pathlen,
auth_cfg_t *auth)
{
certificate_t *subject;
@ -455,7 +455,8 @@ static bool check_policy_constraints(x509_t *issuer, int pathlen,
certificate_t *cert;
auth_rule_t rule;
x509_t *x509;
int len = 0, expl, inh;
int len = 0;
u_int expl, inh;
/* prepare trustchain to validate */
chain = linked_list_create();
@ -524,7 +525,7 @@ static bool check_policy_constraints(x509_t *issuer, int pathlen,
METHOD(cert_validator_t, validate, bool,
private_constraints_validator_t *this, certificate_t *subject,
certificate_t *issuer, bool online, int pathlen, bool anchor,
certificate_t *issuer, bool online, u_int pathlen, bool anchor,
auth_cfg_t *auth)
{
if (issuer->get_type(issuer) == CERT_X509 &&

10
src/libstrongswan/plugins/openssl/openssl_x509.c
View File

@ -84,7 +84,7 @@ struct private_openssl_x509_t {
/**
* Pathlen constraint
*/
int pathlen;
u_char pathlen;
/**
* certificate subject
@ -250,7 +250,7 @@ METHOD(x509_t, get_authKeyIdentifier, chunk_t,
return chunk_empty;
}
METHOD(x509_t, get_constraint, int,
METHOD(x509_t, get_constraint, u_int,
private_openssl_x509_t *this, x509_constraint_t type)
{
switch (type)
@ -586,6 +586,7 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this,
X509_EXTENSION *ext)
{
BASIC_CONSTRAINTS *constraints;
long pathlen;
constraints = (BASIC_CONSTRAINTS*)X509V3_EXT_d2i(ext);
if (constraints)
@ -596,7 +597,10 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this,
}
if (constraints->pathlen)
{
this->pathlen = ASN1_INTEGER_get(constraints->pathlen);
pathlen = ASN1_INTEGER_get(constraints->pathlen);
this->pathlen = (pathlen >= 0 && pathlen < 128) ?
pathlen : X509_NO_CONSTRAINT;
}
BASIC_CONSTRAINTS_free(constraints);
return TRUE;

2
src/libstrongswan/plugins/revocation/revocation_validator.c
View File

@ -665,7 +665,7 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer,
METHOD(cert_validator_t, validate, bool,
private_revocation_validator_t *this, certificate_t *subject,
certificate_t *issuer, bool online, int pathlen, bool anchor,
certificate_t *issuer, bool online, u_int pathlen, bool anchor,
auth_cfg_t *auth)
{
if (subject->get_type(subject) == CERT_X509 &&

35
src/libstrongswan/plugins/x509/x509_cert.c
View File

@ -174,22 +174,22 @@ struct private_x509_cert_t {
/**
* Path Length Constraint
*/
char pathLenConstraint;
u_char pathLenConstraint;
/**
* requireExplicitPolicy Constraint
*/
char require_explicit;
u_char require_explicit;
/**
* inhibitPolicyMapping Constraint
*/
char inhibit_mapping;
u_char inhibit_mapping;
/**
* inhibitAnyPolicy Constraint
*/
char inhibit_any;
u_char inhibit_any;
/**
* x509 constraints and other flags
@ -255,14 +255,14 @@ static void policy_mapping_destroy(x509_policy_mapping_t *mapping)
/**
* Parse a length constraint from an unwrapped integer
*/
static int parse_constraint(chunk_t object)
static u_int parse_constraint(chunk_t object)
{
switch (object.len)
{
case 0:
return 0;
case 1:
return object.ptr[0];
return (object.ptr[0] & 0x80) ? X509_NO_CONSTRAINT : object.ptr[0];
default:
return X509_NO_CONSTRAINT;
}
@ -1723,7 +1723,7 @@ METHOD(x509_t, get_authKeyIdentifier, chunk_t,
return this->authKeyIdentifier;
}
METHOD(x509_t, get_constraint, int,
METHOD(x509_t, get_constraint, u_int,
private_x509_cert_t *this, x509_constraint_t type)
{
switch (type)
@ -2390,6 +2390,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
certificate_t *sign_cert = NULL;
private_key_t *sign_key = NULL;
hash_algorithm_t digest_alg = HASH_SHA1;
u_int constraint;
cert = create_empty();
while (TRUE)
@ -2464,11 +2465,9 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
continue;
}
case BUILD_PATHLEN:
cert->pathLenConstraint = va_arg(args, int);
if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127)
{
cert->pathLenConstraint = X509_NO_CONSTRAINT;
}
constraint = va_arg(args, u_int);
cert->pathLenConstraint = (constraint < 128) ?
constraint : X509_NO_CONSTRAINT;
continue;
case BUILD_PERMITTED_NAME_CONSTRAINTS:
{
@ -2543,13 +2542,19 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
continue;
}
case BUILD_POLICY_REQUIRE_EXPLICIT:
cert->require_explicit = va_arg(args, int);
constraint = va_arg(args, u_int);
cert->require_explicit = (constraint < 128) ?
constraint : X509_NO_CONSTRAINT;
continue;
case BUILD_POLICY_INHIBIT_MAPPING:
cert->inhibit_mapping = va_arg(args, int);
constraint = va_arg(args, u_int);
cert->inhibit_mapping = (constraint < 128) ?
constraint : X509_NO_CONSTRAINT;
continue;
case BUILD_POLICY_INHIBIT_ANY:
cert->inhibit_any = va_arg(args, int);
constraint = va_arg(args, u_int);
cert->inhibit_any = (constraint < 128) ?
constraint : X509_NO_CONSTRAINT;
continue;
case BUILD_NOT_BEFORE_TIME:
cert->notBefore = va_arg(args, time_t);