diff options
| author | Adam Langley <agl@chromium.org> | 2015-02-11 12:08:22 -0800 |
|---|---|---|
| committer | Adam Langley <agl@chromium.org> | 2015-02-13 10:51:02 -0800 |
| commit | fcd34624a14a3bfe8b445b57cbfa81b945b3706e (patch) | |
| tree | 1ac859a762d5072beffa1a66f4abb9d287932a19 | |
| parent | c35fb014d9b6dfbb73a08af5d3ccec194ed2ec0c (diff) | |
| download | boringssl-fcd34624a14a3bfe8b445b57cbfa81b945b3706e.zip boringssl-fcd34624a14a3bfe8b445b57cbfa81b945b3706e.tar.gz boringssl-fcd34624a14a3bfe8b445b57cbfa81b945b3706e.tar.bz2 | |
Drop hostlen from X509_VERIFY_PARAM_ID.
Just store NUL-terminated strings. This works better when we add
support for multiple hostnames.
(Imported from upstream's d93edc0aab98377f42dd19312248597a018a7889.)
Change-Id: Ib3bf8a8c654b829b4432782ba21ba55c3d4a0582
| -rw-r--r-- | crypto/x509/vpm_int.h | 1 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.c | 3 | ||||
| -rw-r--r-- | crypto/x509/x509_vpm.c | 8 | ||||
| -rw-r--r-- | crypto/x509v3/v3_utl.c | 2 |
4 files changed, 6 insertions, 8 deletions
diff --git a/crypto/x509/vpm_int.h b/crypto/x509/vpm_int.h index d18a4d4..dd33f88 100644 --- a/crypto/x509/vpm_int.h +++ b/crypto/x509/vpm_int.h @@ -61,7 +61,6 @@ struct X509_VERIFY_PARAM_ID_st { unsigned char *host; /* If not NULL hostname to match */ - size_t hostlen; unsigned int hostflags; /* Flags to control matching features */ unsigned char *email; /* If not NULL email address to match */ size_t emaillen; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 285bcaf..3c492ab 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -709,8 +709,7 @@ static int check_id(X509_STORE_CTX *ctx) X509_VERIFY_PARAM *vpm = ctx->param; X509_VERIFY_PARAM_ID *id = vpm->id; X509 *x = ctx->cert; - if (id->host && !X509_check_host(x, id->host, id->hostlen, - id->hostflags)) + if (id->host && !X509_check_host(x, id->host, strlen((const char*) id->host), id->hostflags)) { if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) return 0; diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 3daaf61..7f646d8 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -88,7 +88,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) { OPENSSL_free(paramid->host); paramid->host = NULL; - paramid->hostlen = 0; } if (paramid->email) { @@ -234,7 +233,7 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, if (test_x509_verify_param_copy_id(host, NULL)) { - if (!X509_VERIFY_PARAM_set1_host(dest, id->host, id->hostlen)) + if (!X509_VERIFY_PARAM_set1_host(dest, id->host, strlen((const char*) id->host))) return 0; dest->id->hostflags = id->hostflags; } @@ -396,8 +395,7 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const unsigned char *name, size_t namelen) { - return int_x509_param_set1(¶m->id->host, ¶m->id->hostlen, - name, namelen); + return int_x509_param_set1(¶m->id->host, NULL, name, namelen); } void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, @@ -441,7 +439,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) return param->name; } -static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0}; +static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0}; #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index d081c1c..8174103 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -971,6 +971,8 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { + if (chk && memchr(chk, '\0', chklen)) + return 0; return do_x509_check(x, chk, chklen, flags, GEN_DNS); } |