Import OpenSSL 1.1.0j

2018-12-07 11:30:36 -08:00
parent 6960e8d7c7
commit 697f7e1f24
114 changed files with 9043 additions and 3633 deletions
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -78,7 +78,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
    switch (cmd) {
    case X509_L_ADD_DIR:
        if (argl == X509_FILETYPE_DEFAULT) {
-            dir = (char *)getenv(X509_get_default_cert_dir_env());
+            dir = (char *)ossl_safe_getenv(X509_get_default_cert_dir_env());
+
            if (dir)
                ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
            else
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -47,7 +47,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
    switch (cmd) {
    case X509_L_FILE_LOAD:
        if (argl == X509_FILETYPE_DEFAULT) {
-            file = getenv(X509_get_default_cert_file_env());
+            file = ossl_safe_getenv(X509_get_default_cert_file_env());
            if (file)
                ok = (X509_load_cert_crl_file(ctx, file,
                                              X509_FILETYPE_PEM) != 0);
--- a/crypto/x509/x509_meth.c
+++ b/crypto/x509/x509_meth.c
@@ -58,9 +58,9 @@ int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))

 int X509_LOOKUP_meth_set_free(
    X509_LOOKUP_METHOD *method,
-    void (*free) (X509_LOOKUP *ctx))
+    void (*free_fn) (X509_LOOKUP *ctx))
 {
-    method->free = free;
+    method->free = free_fn;
    return 1;
 }

--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -515,15 +515,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
        /* check_purpose() makes the callback as needed */
        if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
            return 0;
-        /* Check pathlen if not self issued */
-        if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-            && (x->ex_pathlen != -1)
-            && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+        /* Check pathlen */
+        if ((i > 1) && (x->ex_pathlen != -1)
+            && (plen > (x->ex_pathlen + proxy_path_length))) {
            if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
                return 0;
        }
-        /* Increment path length if not self issued */
-        if (!(x->ex_flags & EXFLAG_SI))
+        /* Increment path length if not a self issued intermediate CA */
+        if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
            plen++;
        /*
         * If this certificate is a proxy certificate, the next certificate