Imported Upstream version 5.2.0

5 files changed, 28 insertions, 37 deletions

diff --git a/src/libstrongswan/plugins/x509/Makefile.am b/src/libstrongswan/plugins/x509/Makefile.am
index b464d1483..a4160bb32 100644
--- a/src/libstrongswan/plugins/x509/Makefile.am
+++ b/src/libstrongswan/plugins/x509/Makefile.am
@@ -2,7 +2,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-x509.la
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 154fc5ccd..02f2b2b52 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -265,6 +265,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -283,6 +284,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -310,6 +312,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -401,6 +404,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -415,7 +419,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-x509.la
 @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-x509.la
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index 30b871d42..ed58377a6 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -754,17 +754,22 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this)
 /**
  * build an X.509 attribute certificate
  */
-static chunk_t build_ac(private_x509_ac_t *this)
+static bool build_ac(private_x509_ac_t *this)
 {
 	chunk_t signatureValue, attributeCertificateInfo;
 
 	attributeCertificateInfo = build_attr_cert_info(this);
-	this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1,
-						  attributeCertificateInfo, &signatureValue);
-	return asn1_wrap(ASN1_SEQUENCE, "mmm",
-				attributeCertificateInfo,
-				asn1_algorithmIdentifier(OID_SHA1_WITH_RSA),
-				asn1_bitstring("m", signatureValue));
+	if (!this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1,
+							   attributeCertificateInfo, &signatureValue))
+	{
+		free(attributeCertificateInfo.ptr);
+		return FALSE;
+	}
+	this->encoding = asn1_wrap(ASN1_SEQUENCE, "mmm",
+						attributeCertificateInfo,
+						asn1_algorithmIdentifier(OID_SHA1_WITH_RSA),
+						asn1_bitstring("m", signatureValue));
+	return TRUE;
 }
 
 METHOD(ac_t, get_serial, chunk_t,
@@ -1154,8 +1159,10 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args)
 		ac->holderCert->get_type(ac->holderCert) == CERT_X509 &&
 		ac->signerCert->get_type(ac->signerCert) == CERT_X509)
 	{
-		ac->encoding = build_ac(ac);
-		return &ac->public;
+		if (build_ac(ac))
+		{
+			return &ac->public;
+		}
 	}
 	destroy(ac);
 	return NULL;
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 9fd869e77..bdc8234c9 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -217,10 +217,6 @@ struct private_x509_cert_t {
 	refcount_t ref;
 };
 
-static const chunk_t ASN1_subjectAltName_oid = chunk_from_chars(
-	0x06, 0x03, 0x55, 0x1D, 0x11
-);
-
 /**
  * Destroy a CertificateDistributionPoint
  */
@@ -2611,4 +2607,3 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
 	destroy(cert);
 	return NULL;
 }
-
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 1f8929958..ad04c7dea 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -35,6 +35,11 @@
  */
 #define OCSP_DEFAULT_LIFETIME 30
 
+/* defined in wincrypt.h */
+#ifdef OCSP_RESPONSE
+# undef OCSP_RESPONSE
+#endif
+
 typedef struct private_x509_ocsp_response_t private_x509_ocsp_response_t;
 
 /**
@@ -129,25 +134,6 @@ typedef struct {
 /* our OCSP response version implementation */
 #define OCSP_BASIC_RESPONSE_VERSION 1
 
-/* some OCSP specific prefabricated ASN.1 constants */
-static const chunk_t ASN1_nonce_oid = chunk_from_chars(
-	0x06, 0x09,
-		  0x2B, 0x06,
-				0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02
-);
-static const chunk_t ASN1_response_oid = chunk_from_chars(
-	0x06, 0x09,
-		  0x2B, 0x06,
-				0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04
-);
-static const chunk_t ASN1_response_content = chunk_from_chars(
-	0x04, 0x0D,
-		  0x30, 0x0B,
-				0x06, 0x09,
-				0x2B, 0x06,
-				0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01
-);
-
 METHOD(ocsp_response_t, get_status, cert_validation_t,
 	private_x509_ocsp_response_t *this, x509_t *subject, x509_t *issuer,
 	time_t *revocation_time, crl_reason_t *revocation_reason,
@@ -889,4 +875,3 @@ x509_ocsp_response_t *x509_ocsp_response_load(certificate_type_t type,
 	}
 	return NULL;
 }
-