From e2914375c90aa7d28944718a5862da30fc8f6018 Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Fri, 9 Dec 2022 14:22:45 +0100 Subject: openssl: remove obsolete 1.0.2 patches Change-Id: I858998434b3cd1668c6d9522ce6d57f928802a8f --- ...cb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 | 56 -- .../openssl/openssl-1.0.2k-cve-2020-1971.patch.1 | 578 --------------------- 2 files changed, 634 deletions(-) delete mode 100644 external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 delete mode 100644 external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 diff --git a/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 b/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 deleted file mode 100644 index cf809750ecfb..000000000000 --- a/external/openssl/ccb0a11145ee72b042d10593a64eaf9e8a55ec12.patch.1 +++ /dev/null @@ -1,56 +0,0 @@ -From ccb0a11145ee72b042d10593a64eaf9e8a55ec12 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 17 Aug 2021 14:41:48 +0100 -Subject: [PATCH] Fix a read buffer overrun in X509_CERT_AUX_print() - -This is a backport of commit c5dc9ab965f to 1.0.2. That commit fixed -the same bug but in master/1.1.1 it is in the function X509_aux_print(). -The original commit had the following description: - -Fix a read buffer overrun in X509_aux_print(). - -The ASN1_STRING_get0_data(3) manual explitely cautions the reader -that the data is not necessarily NUL-terminated, and the function -X509_alias_set1(3) does not sanitize the data passed into it in any -way either, so we must assume the return value from X509_alias_get0(3) -is merely a byte array and not necessarily a string in the sense -of the C language. - -I found this bug while writing manual pages for X509_print_ex(3) -and related functions. Theo Buehler checked my -patch to fix the same bug in LibreSSL, see - -http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9 - -As an aside, note that the function still produces incomplete and -misleading results when the data contains a NUL byte in the middle -and that error handling is consistently absent throughout, even -though the function provides an "int" return value obviously intended -to be 1 for success and 0 for failure, and even though this function -is called by another function that also wants to return 1 for success -and 0 for failure and even does so in many of its code paths, though -not in others. But let's stay focussed. Many things would be nice -to have in the wide wild world, but a buffer overflow must not be -allowed to remain in our backyard. - -CVE-2021-3712 - -Reviewed-by: Paul Dale ---- - crypto/asn1/t_x509a.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c -index d1b897a469fd..b1bc9d0cd28b 100644 ---- a/crypto/asn1/t_x509a.c -+++ b/crypto/asn1/t_x509a.c -@@ -104,7 +104,8 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) - } else - BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); - if (aux->alias) -- BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data); -+ BIO_printf(out, "%*sAlias: %.*s\n", indent, "", aux->alias->length, -+ aux->alias->data); - if (aux->keyid) { - BIO_printf(out, "%*sKey Id: ", indent, ""); - for (i = 0; i < aux->keyid->length; i++) diff --git a/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 deleted file mode 100644 index 313f9cd870d7..000000000000 --- a/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 +++ /dev/null @@ -1,578 +0,0 @@ -diff -up openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference openssl-1.0.2k/crypto/asn1/asn1_err.c ---- openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference 2020-12-04 10:08:08.506247597 +0100 -+++ openssl-1.0.2k/crypto/asn1/asn1_err.c 2020-12-04 10:12:31.901956486 +0100 -@@ -1,6 +1,6 @@ - /* crypto/asn1/asn1_err.c */ - /* ==================================================================== -- * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. -+ * Copyright (c) 1999-2020 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -103,6 +103,7 @@ static ERR_STRING_DATA ASN1_str_functs[] - {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, -+ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, -@@ -202,6 +203,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ - {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"}, - {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"}, - {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, -+ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"}, - {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"}, - {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"}, - {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), -diff -up openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference openssl-1.0.2k/crypto/asn1/asn1.h ---- openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference 2020-12-04 11:00:06.896637900 +0100 -+++ openssl-1.0.2k/crypto/asn1/asn1.h 2020-12-04 11:04:47.079562987 +0100 -@@ -1202,6 +1202,7 @@ void ERR_load_ASN1_strings(void); - # define ASN1_F_ASN1_ITEM_DUP 191 - # define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 - # define ASN1_F_ASN1_ITEM_EX_D2I 120 -+# define ASN1_F_ASN1_ITEM_EX_I2D 231 - # define ASN1_F_ASN1_ITEM_I2D_BIO 192 - # define ASN1_F_ASN1_ITEM_I2D_FP 193 - # define ASN1_F_ASN1_ITEM_PACK 198 -@@ -1298,6 +1299,7 @@ void ERR_load_ASN1_strings(void); - # define ASN1_R_AUX_ERROR 100 - # define ASN1_R_BAD_CLASS 101 - # define ASN1_R_BAD_OBJECT_HEADER 102 -+# define ASN1_R_BAD_TEMPLATE 230 - # define ASN1_R_BAD_PASSWORD_READ 103 - # define ASN1_R_BAD_TAG 104 - # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 -diff -up openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_dec.c ---- openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference 2020-12-04 10:12:42.036057323 +0100 -+++ openssl-1.0.2k/crypto/asn1/tasn_dec.c 2020-12-04 10:17:45.685035333 +0100 -@@ -223,6 +223,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE * - break; - - case ASN1_ITYPE_MSTRING: -+ /* -+ * It never makes sense for multi-strings to have implicit tagging, so -+ * if tag != -1, then this looks like an error in the template. -+ */ -+ if (tag != -1) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE); -+ goto err; -+ } -+ - p = *in; - /* Just read in tag and class */ - ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, -@@ -240,6 +249,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE * - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); - goto err; - } -+ - /* Check tag matches bit map */ - if (!(ASN1_tag2bit(otag) & it->utype)) { - /* If OPTIONAL, assume this is OK */ -@@ -316,6 +326,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE * - goto err; - - case ASN1_ITYPE_CHOICE: -+ /* -+ * It never makes sense for CHOICE types to have implicit tagging, so -+ * if tag != -1, then this looks like an error in the template. -+ */ -+ if (tag != -1) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE); -+ goto err; -+ } -+ - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - if (*pval) { -diff -up openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_enc.c ---- openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference 2020-12-04 10:18:30.261472002 +0100 -+++ openssl-1.0.2k/crypto/asn1/tasn_enc.c 2020-12-04 10:21:14.310078987 +0100 -@@ -151,9 +151,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, - break; - - case ASN1_ITYPE_MSTRING: -+ /* -+ * It never makes sense for multi-strings to have implicit tagging, so -+ * if tag != -1, then this looks like an error in the template. -+ */ -+ if (tag != -1) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); -+ return -1; -+ } - return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); - - case ASN1_ITYPE_CHOICE: -+ /* -+ * It never makes sense for CHOICE types to have implicit tagging, so -+ * if tag != -1, then this looks like an error in the template. -+ */ -+ if (tag != -1) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); -+ return -1; -+ } - if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) - return 0; - i = asn1_get_choice_selector(pval, it); -diff -up openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3_genn.c ---- openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference 2020-12-04 10:28:02.374237945 +0100 -+++ openssl-1.0.2k/crypto/x509v3/v3_genn.c 2020-12-04 10:36:51.156138263 +0100 -@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = { - IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) - - ASN1_SEQUENCE(EDIPARTYNAME) = { -- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), -- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) -+ /* DirectoryString is a CHOICE type so use explicit tagging */ -+ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), -+ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) - } ASN1_SEQUENCE_END(EDIPARTYNAME) - - IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) -@@ -107,6 +108,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_N - (char *)a); - } - -+static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) -+{ -+ int res; -+ -+ if (a == NULL || b == NULL) { -+ /* -+ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it -+ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here -+ */ -+ return -1; -+ } -+ if (a->nameAssigner == NULL && b->nameAssigner != NULL) -+ return -1; -+ if (a->nameAssigner != NULL && b->nameAssigner == NULL) -+ return 1; -+ /* If we get here then both have nameAssigner set, or both unset */ -+ if (a->nameAssigner != NULL) { -+ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner); -+ if (res != 0) -+ return res; -+ } -+ /* -+ * partyName is required, so these should never be NULL. We treat it in -+ * the same way as the a == NULL || b == NULL case above -+ */ -+ if (a->partyName == NULL || b->partyName == NULL) -+ return -1; -+ -+ return ASN1_STRING_cmp(a->partyName, b->partyName); -+} -+ - /* Returns 0 if they are equal, != 0 otherwise. */ - int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) - { -@@ -116,8 +148,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE - return -1; - switch (a->type) { - case GEN_X400: -+ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); -+ break; -+ - case GEN_EDIPARTY: -- result = ASN1_TYPE_cmp(a->d.other, b->d.other); -+ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); - break; - - case GEN_OTHERNAME: -@@ -164,8 +199,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAM - { - switch (type) { - case GEN_X400: -+ a->d.x400Address = value; -+ break; -+ - case GEN_EDIPARTY: -- a->d.other = value; -+ a->d.ediPartyName = value; - break; - - case GEN_OTHERNAME: -@@ -199,8 +237,10 @@ void *GENERAL_NAME_get0_value(GENERAL_NA - *ptype = a->type; - switch (a->type) { - case GEN_X400: -+ return a->d.x400Address; -+ - case GEN_EDIPARTY: -- return a->d.other; -+ return a->d.ediPartyName; - - case GEN_OTHERNAME: - return a->d.otherName; -diff -up openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3nametest.c ---- openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference 2020-12-04 10:28:02.374237945 +0100 -+++ openssl-1.0.2k/crypto/x509v3/v3nametest.c 2020-12-04 10:36:51.156138263 +0100 -@@ -321,6 +321,356 @@ static void run_cert(X509 *crt, const ch - } - } - -+struct gennamedata { -+ const unsigned char der[22]; -+ size_t derlen; -+} gennames[] = { -+ { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * SEQUENCE {} -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00 -+ }, -+ 21 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * [APPLICATION 0] {} -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00 -+ }, -+ 21 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61 -+ }, -+ 22 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } -+ * [0] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61 -+ }, -+ 22 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * UTF8String { "b" } -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62 -+ }, -+ 22 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * BOOLEAN { TRUE } -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff -+ }, -+ 22 -+ }, { -+ /* -+ * [0] { -+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ * [0] { -+ * BOOLEAN { FALSE } -+ * } -+ * } -+ */ -+ { -+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00 -+ }, -+ 22 -+ }, { -+ /* [1 PRIMITIVE] { "a" } */ -+ { -+ 0x81, 0x01, 0x61 -+ }, -+ 3 -+ }, { -+ /* [1 PRIMITIVE] { "b" } */ -+ { -+ 0x81, 0x01, 0x62 -+ }, -+ 3 -+ }, { -+ /* [2 PRIMITIVE] { "a" } */ -+ { -+ 0x82, 0x01, 0x61 -+ }, -+ 3 -+ }, { -+ /* [2 PRIMITIVE] { "b" } */ -+ { -+ 0x82, 0x01, 0x62 -+ }, -+ 3 -+ }, { -+ /* -+ * [4] { -+ * SEQUENCE { -+ * SET { -+ * SEQUENCE { -+ * # commonName -+ * OBJECT_IDENTIFIER { 2.5.4.3 } -+ * UTF8String { "a" } -+ * } -+ * } -+ * } -+ * } -+ */ -+ { -+ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, -+ 0x04, 0x03, 0x0c, 0x01, 0x61 -+ }, -+ 16 -+ }, { -+ /* -+ * [4] { -+ * SEQUENCE { -+ * SET { -+ * SEQUENCE { -+ * # commonName -+ * OBJECT_IDENTIFIER { 2.5.4.3 } -+ * UTF8String { "b" } -+ * } -+ * } -+ * } -+ * } -+ */ -+ { -+ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, -+ 0x04, 0x03, 0x0c, 0x01, 0x62 -+ }, -+ 16 -+ }, { -+ /* -+ * [5] { -+ * [1] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61 -+ }, -+ 7 -+ }, { -+ /* -+ * [5] { -+ * [1] { -+ * UTF8String { "b" } -+ * } -+ * } -+ */ -+ { -+ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62 -+ }, -+ 7 -+ }, { -+ /* -+ * [5] { -+ * [0] { -+ * UTF8String {} -+ * } -+ * [1] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61 -+ }, -+ 11 -+ }, { -+ /* -+ * [5] { -+ * [0] { -+ * UTF8String { "a" } -+ * } -+ * [1] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, -+ 0x61 -+ }, -+ 12 -+ }, { -+ /* -+ * [5] { -+ * [0] { -+ * UTF8String { "b" } -+ * } -+ * [1] { -+ * UTF8String { "a" } -+ * } -+ * } -+ */ -+ { -+ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, -+ 0x61 -+ }, -+ 12 -+ }, { -+ /* [6 PRIMITIVE] { "a" } */ -+ { -+ 0x86, 0x01, 0x61 -+ }, -+ 3 -+ }, { -+ /* [6 PRIMITIVE] { "b" } */ -+ { -+ 0x86, 0x01, 0x62 -+ }, -+ 3 -+ }, { -+ /* [7 PRIMITIVE] { `11111111` } */ -+ { -+ 0x87, 0x04, 0x11, 0x11, 0x11, 0x11 -+ }, -+ 6 -+ }, { -+ /* [7 PRIMITIVE] { `22222222`} */ -+ { -+ 0x87, 0x04, 0x22, 0x22, 0x22, 0x22 -+ }, -+ 6 -+ }, { -+ /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */ -+ { -+ 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, -+ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 -+ }, -+ 18 -+ }, { -+ /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */ -+ { -+ 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, -+ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 -+ }, -+ 18 -+ }, { -+ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */ -+ { -+ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, -+ 0xb7, 0x09, 0x02, 0x01 -+ }, -+ 15 -+ }, { -+ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */ -+ { -+ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, -+ 0xb7, 0x09, 0x02, 0x02 -+ }, -+ 15 -+ } -+}; -+ -+#define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) -+ -+static int test_GENERAL_NAME_cmp(void) -+{ -+ size_t i, j; -+ GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa) -+ * OSSL_NELEM(gennames)); -+ GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb) -+ * OSSL_NELEM(gennames)); -+ int testresult = 0; -+ -+ if (namesa == NULL || namesb == NULL) -+ goto end; -+ -+ for (i = 0; i < OSSL_NELEM(gennames); i++) { -+ const unsigned char *derp = gennames[i].der; -+ -+ /* -+ * We create two versions of each GENERAL_NAME so that we ensure when -+ * we compare them they are always different pointers. -+ */ -+ namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); -+ derp = gennames[i].der; -+ namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); -+ if (namesa[i] == NULL || namesb[i] == NULL) -+ goto end; -+ } -+ -+ /* Every name should be equal to itself and not equal to any others. */ -+ for (i = 0; i < OSSL_NELEM(gennames); i++) { -+ for (j = 0; j < OSSL_NELEM(gennames); j++) { -+ if (i == j) { -+ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) != 0) -+ goto end; -+ } else { -+ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) == 0) -+ goto end; -+ } -+ } -+ } -+ testresult = 1; -+ -+ end: -+ for (i = 0; i < OSSL_NELEM(gennames); i++) { -+ if (namesa != NULL) -+ GENERAL_NAME_free(namesa[i]); -+ if (namesb != NULL) -+ GENERAL_NAME_free(namesb[i]); -+ } -+ OPENSSL_free(namesa); -+ OPENSSL_free(namesb); -+ -+ if (!testresult) -+ fprintf(stderr, "test of GENERAL_NAME_cmp failed\n"); -+ -+ return testresult; -+} -+ -+ -+ - int main(void) - { - const struct set_name_fn *pfn = name_fns; -@@ -342,5 +692,8 @@ int main(void) - } - ++pfn; - } -+ -+ errors += !test_GENERAL_NAME_cmp(); -+ - return errors > 0 ? 1 : 0; - } -- cgit v1.2.3