* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include <openssl/x509v3.h>
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
- void *a, BIO *bp, int ind);
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+ void *a, BIO *bp, int ind);
static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
- STACK_OF(GENERAL_SUBTREE) *trees,
- BIO *bp, int ind, char *name);
+ STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name);
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
const X509V3_EXT_METHOD v3_name_constraints = {
NID_name_constraints, 0,
ASN1_ITEM_ref(NAME_CONSTRAINTS),
- 0,0,0,0,
- 0,0,
+ 0, 0, 0, 0,
+ 0, 0,
0, v2i_NAME_CONSTRAINTS,
- i2r_NAME_CONSTRAINTS,0,
+ i2r_NAME_CONSTRAINTS, 0,
NULL
};
ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
- GENERAL_SUBTREE, 0),
+ GENERAL_SUBTREE, 0),
ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
- GENERAL_SUBTREE, 1),
+ GENERAL_SUBTREE, 1),
} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
-
+
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
-static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
- {
+static void *
+v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
+{
int i;
CONF_VALUE tval, *val;
STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
NAME_CONSTRAINTS *ncons = NULL;
GENERAL_SUBTREE *sub = NULL;
+
ncons = NAME_CONSTRAINTS_new();
if (!ncons)
goto memerr;
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
- {
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
- if (!strncmp(val->name, "permitted", 9) && val->name[9])
- {
+ if (!strncmp(val->name, "permitted", 9) && val->name[9]) {
ptree = &ncons->permittedSubtrees;
tval.name = val->name + 10;
- }
- else if (!strncmp(val->name, "excluded", 8) && val->name[8])
- {
+ } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) {
ptree = &ncons->excludedSubtrees;
tval.name = val->name + 9;
- }
- else
- {
- X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
+ } else {
+ X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS,
+ X509V3_R_INVALID_SYNTAX);
goto err;
- }
+ }
tval.value = val->value;
sub = GENERAL_SUBTREE_new();
if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
goto memerr;
sub = NULL;
- }
+ }
return ncons;
- memerr:
+memerr:
X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
- err:
+err:
if (ncons)
NAME_CONSTRAINTS_free(ncons);
if (sub)
GENERAL_SUBTREE_free(sub);
return NULL;
- }
-
+}
-
-
-static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
- BIO *bp, int ind)
- {
+static int
+i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind)
+{
NAME_CONSTRAINTS *ncons = a;
+
do_i2r_name_constraints(method, ncons->permittedSubtrees,
- bp, ind, "Permitted");
+ bp, ind, "Permitted");
do_i2r_name_constraints(method, ncons->excludedSubtrees,
- bp, ind, "Excluded");
+ bp, ind, "Excluded");
return 1;
- }
+}
-static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
- STACK_OF(GENERAL_SUBTREE) *trees,
- BIO *bp, int ind, char *name)
- {
+static int
+do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+ STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name)
+{
GENERAL_SUBTREE *tree;
int i;
+
if (sk_GENERAL_SUBTREE_num(trees) > 0)
BIO_printf(bp, "%*s%s:\n", ind, "", name);
- for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++)
- {
+ for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) {
tree = sk_GENERAL_SUBTREE_value(trees, i);
BIO_printf(bp, "%*s", ind + 2, "");
if (tree->base->type == GEN_IPADD)
else
GENERAL_NAME_print(bp, tree->base);
BIO_puts(bp, "\n");
- }
- return 1;
}
+ return 1;
+}
-static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
- {
+static int
+print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
+{
int i, len;
unsigned char *p;
+
p = ip->data;
len = ip->length;
BIO_puts(bp, "IP:");
- if(len == 8)
- {
+ if (len == 8) {
BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
- p[0], p[1], p[2], p[3],
- p[4], p[5], p[6], p[7]);
- }
- else if(len == 32)
- {
- for (i = 0; i < 16; i++)
- {
+ p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
+ } else if (len == 32) {
+ for (i = 0; i < 16; i++) {
BIO_printf(bp, "%X", p[0] << 8 | p[1]);
p += 2;
if (i == 7)
BIO_puts(bp, "/");
else if (i != 15)
BIO_puts(bp, ":");
- }
}
- else
+ } else
BIO_printf(bp, "IP Address:<invalid>");
return 1;
- }
+}
/* Check a certificate conforms to a specified set of constraints.
* Return values:
* X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Unsupported constraint type.
* X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax.
* X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name
-
*/
-int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
- {
+int
+NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
+{
int r, i;
X509_NAME *nm;
nm = X509_get_subject_name(x);
- if (X509_NAME_entry_count(nm) > 0)
- {
+ if (X509_NAME_entry_count(nm) > 0) {
GENERAL_NAME gntmp;
gntmp.type = GEN_DIRNAME;
gntmp.d.directoryName = nm;
gntmp.type = GEN_EMAIL;
-
/* Process any email address attributes in subject name */
- for (i = -1;;)
- {
+ for (i = -1;;) {
X509_NAME_ENTRY *ne;
i = X509_NAME_get_index_by_NID(nm,
- NID_pkcs9_emailAddress,
- i);
+ NID_pkcs9_emailAddress, i);
if (i == -1)
break;
ne = X509_NAME_get_entry(nm, i);
if (r != X509_V_OK)
return r;
- }
-
}
- for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++)
- {
+ }
+
+ for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) {
GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i);
r = nc_match(gen, nc);
if (r != X509_V_OK)
return r;
- }
+ }
return X509_V_OK;
+}
- }
-
-static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
- {
+static int
+nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+{
GENERAL_SUBTREE *sub;
int i, r, match = 0;
* at least one subtree must match.
*/
- for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++)
- {
+ for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {
sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
if (gen->type != sub->base->type)
continue;
match = 2;
else if (r != X509_V_ERR_PERMITTED_VIOLATION)
return r;
- }
+ }
if (match == 1)
return X509_V_ERR_PERMITTED_VIOLATION;
/* Excluded subtrees: must not match any of these */
- for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++)
- {
+ for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {
sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
if (gen->type != sub->base->type)
continue;
else if (r != X509_V_ERR_PERMITTED_VIOLATION)
return r;
- }
+ }
return X509_V_OK;
+}
- }
-
-static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
- {
- switch(base->type)
- {
- case GEN_DIRNAME:
+static int
+nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
+{
+ switch (base->type) {
+ case GEN_DIRNAME:
return nc_dn(gen->d.directoryName, base->d.directoryName);
- case GEN_DNS:
+ case GEN_DNS:
return nc_dns(gen->d.dNSName, base->d.dNSName);
- case GEN_EMAIL:
+ case GEN_EMAIL:
return nc_email(gen->d.rfc822Name, base->d.rfc822Name);
- case GEN_URI:
+ case GEN_URI:
return nc_uri(gen->d.uniformResourceIdentifier,
- base->d.uniformResourceIdentifier);
+ base->d.uniformResourceIdentifier);
- default:
+ default:
return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
- }
-
}
+}
/* directoryName name constraint matching.
* The canonical encoding of X509_NAME makes this comparison easy. It is
* matched if the subtree is a subset of the name.
*/
-static int nc_dn(X509_NAME *nm, X509_NAME *base)
- {
+static int
+nc_dn(X509_NAME *nm, X509_NAME *base)
+{
/* Ensure canonical encodings are up to date. */
if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
return X509_V_ERR_OUT_OF_MEM;
if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
- }
+}
-static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
- {
+static int
+nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
+{
char *baseptr = (char *)base->data;
char *dnsptr = (char *)dns->data;
+
/* Empty matches everything */
if (!*baseptr)
return X509_V_OK;
* compare RHS and if dns is longer and expect '.' as preceding
* character.
*/
- if (dns->length > base->length)
- {
+ if (dns->length > base->length) {
dnsptr += dns->length - base->length;
if (dnsptr[-1] != '.')
return X509_V_ERR_PERMITTED_VIOLATION;
- }
+ }
if (strcasecmp(baseptr, dnsptr))
- return X509_V_ERR_PERMITTED_VIOLATION;
+ return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
+}
- }
-
-static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
- {
+static int
+nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
+{
const char *baseptr = (char *)base->data;
const char *emlptr = (char *)eml->data;
-
const char *baseat = strchr(baseptr, '@');
const char *emlat = strchr(emlptr, '@');
+
if (!emlat)
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
/* Special case: inital '.' is RHS match */
- if (!baseat && (*baseptr == '.'))
- {
- if (eml->length > base->length)
- {
+ if (!baseat && (*baseptr == '.')) {
+ if (eml->length > base->length) {
emlptr += eml->length - base->length;
if (!strcasecmp(baseptr, emlptr))
return X509_V_OK;
- }
- return X509_V_ERR_PERMITTED_VIOLATION;
}
+ return X509_V_ERR_PERMITTED_VIOLATION;
+ }
/* If we have anything before '@' match local part */
- if (baseat)
- {
- if (baseat != baseptr)
- {
+ if (baseat) {
+ if (baseat != baseptr) {
if ((baseat - baseptr) != (emlat - emlptr))
return X509_V_ERR_PERMITTED_VIOLATION;
/* Case sensitive match of local part */
if (strncmp(baseptr, emlptr, emlat - emlptr))
return X509_V_ERR_PERMITTED_VIOLATION;
- }
+ }
/* Position base after '@' */
baseptr = baseat + 1;
- }
+ }
emlptr = emlat + 1;
/* Just have hostname left to match: case insensitive */
if (strcasecmp(baseptr, emlptr))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
+}
- }
-
-static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
- {
+static int
+nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
+{
const char *baseptr = (char *)base->data;
const char *hostptr = (char *)uri->data;
const char *p = strchr(hostptr, ':');
int hostlen;
+
/* Check for foo:// and skip past it */
if (!p || (p[1] != '/') || (p[2] != '/'))
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
/* Special case: inital '.' is RHS match */
- if (*baseptr == '.')
- {
- if (hostlen > base->length)
- {
+ if (*baseptr == '.') {
+ if (hostlen > base->length) {
p = hostptr + hostlen - base->length;
if (!strncasecmp(p, baseptr, base->length))
return X509_V_OK;
- }
- return X509_V_ERR_PERMITTED_VIOLATION;
}
+ return X509_V_ERR_PERMITTED_VIOLATION;
+ }
- if ((base->length != (int)hostlen) || strncasecmp(hostptr, baseptr, hostlen))
+ if ((base->length != (int)hostlen) ||
+ strncasecmp(hostptr, baseptr, hostlen))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
-
- }
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
*/
static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
- BIO *out, int indent);
+ BIO *out, int indent);
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
- BIO *out, int indent);
+ BIO *out, int indent);
static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
- int indent);
+ int indent);
static void *ocsp_nonce_new(void);
static int i2d_ocsp_nonce(void *a, unsigned char **pp);
static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
static void ocsp_nonce_free(void *a);
static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
- BIO *out, int indent);
+ BIO *out, int indent);
static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
- void *nocheck, BIO *out, int indent);
+ void *nocheck, BIO *out, int indent);
static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- const char *str);
+ const char *str);
static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
- BIO *bp, int ind);
+ BIO *bp, int ind);
const X509V3_EXT_METHOD v3_ocsp_crlid = {
NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_crlid,0,
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_crlid, 0,
NULL
};
const X509V3_EXT_METHOD v3_ocsp_acutoff = {
NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_acutoff,0,
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_acutoff, 0,
NULL
};
const X509V3_EXT_METHOD v3_crl_invdate = {
NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_acutoff,0,
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_acutoff, 0,
NULL
};
const X509V3_EXT_METHOD v3_crl_hold = {
NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_object,0,
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_object, 0,
NULL
};
ocsp_nonce_free,
d2i_ocsp_nonce,
i2d_ocsp_nonce,
- 0,0,
- 0,0,
- i2r_ocsp_nonce,0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_nonce, 0,
NULL
};
const X509V3_EXT_METHOD v3_ocsp_nocheck = {
NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
- 0,0,0,0,
- 0,s2i_ocsp_nocheck,
- 0,0,
- i2r_ocsp_nocheck,0,
+ 0, 0, 0, 0,
+ 0, s2i_ocsp_nocheck,
+ 0, 0,
+ i2r_ocsp_nocheck, 0,
NULL
};
const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_serviceloc,0,
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_serviceloc, 0,
NULL
};
-static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
- int ind)
+static int
+i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
{
OCSP_CRLID *a = in;
- if (a->crlUrl)
- {
- if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err;
- if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
- if (BIO_write(bp, "\n", 1) <= 0) goto err;
- }
- if (a->crlNum)
- {
- if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err;
- if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err;
- if (BIO_write(bp, "\n", 1) <= 0) goto err;
- }
- if (a->crlTime)
- {
- if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
- if (BIO_write(bp, "\n", 1) <= 0) goto err;
- }
+ if (a->crlUrl) {
+ if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
+ goto err;
+ if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl))
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (a->crlNum) {
+ if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
+ goto err;
+ if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (a->crlTime) {
+ if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
+ goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
return 1;
- err:
+
+err:
return 0;
}
-static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
- BIO *bp, int ind)
+static int
+i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, BIO *bp,
+ int ind)
{
- if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
- if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
+ if (BIO_printf(bp, "%*s", ind, "") <= 0)
+ return 0;
+ if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
+ return 0;
return 1;
}
-
-static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
- int ind)
+static int
+i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
{
- if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
- if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0;
+ if (BIO_printf(bp, "%*s", ind, "") <= 0)
+ return 0;
+ if (i2a_ASN1_OBJECT(bp, oid) <= 0)
+ return 0;
return 1;
}
* an ASN1 encoding at all: it just contains arbitrary data.
*/
-static void *ocsp_nonce_new(void)
+static void *
+ocsp_nonce_new(void)
{
return ASN1_OCTET_STRING_new();
}
-static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+static int
+i2d_ocsp_nonce(void *a, unsigned char **pp)
{
ASN1_OCTET_STRING *os = a;
- if(pp) {
+
+ if (pp) {
memcpy(*pp, os->data, os->length);
*pp += os->length;
}
return os->length;
}
-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
+static void *
+d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
{
ASN1_OCTET_STRING *os, **pos;
+
pos = a;
- if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
- else os = *pos;
- if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
+ if (!pos || !*pos)
+ os = ASN1_OCTET_STRING_new();
+ else
+ os = *pos;
+ if (!ASN1_OCTET_STRING_set(os, *pp, length))
+ goto err;
*pp += length;
- if(pos) *pos = os;
+ if (pos)
+ *pos = os;
return os;
- err:
- if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
+err:
+ if (os && (!pos || (*pos != os)))
+ M_ASN1_OCTET_STRING_free(os);
OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
return NULL;
}
-static void ocsp_nonce_free(void *a)
+static void
+ocsp_nonce_free(void *a)
{
M_ASN1_OCTET_STRING_free(a);
}
-static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
- BIO *out, int indent)
+static int
+i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, BIO *out,
+ int indent)
{
- if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
- if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
+ if (BIO_printf(out, "%*s", indent, "") <= 0)
+ return 0;
+ if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
+ return 0;
return 1;
}
/* Nocheck is just a single NULL. Don't print anything and always set it */
-static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
- BIO *out, int indent)
+static int
+i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, BIO *out,
+ int indent)
{
return 1;
}
-static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- const char *str)
+static void *
+s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ const char *str)
{
return ASN1_NULL_new();
}
-static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
- BIO *bp, int ind)
- {
+static int
+i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+{
int i;
OCSP_SERVICELOC *a = in;
ACCESS_DESCRIPTION *ad;
- if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
- if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
- {
- ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
- if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0)
- goto err;
- if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
- if(BIO_puts(bp, " - ") <= 0) goto err;
- if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
- }
+ if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
+ goto err;
+ if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
+ goto err;
+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
+ ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
+ if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
+ goto err;
+ if (BIO_puts(bp, " - ") <= 0)
+ goto err;
+ if (GENERAL_NAME_print(bp, ad->location) <= 0)
+ goto err;
+ }
return 1;
+
err:
return 0;
- }
+}
#endif
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
#include <openssl/x509v3.h>
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
- void *a, BIO *bp, int ind);
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+ void *a, BIO *bp, int ind);
static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
- STACK_OF(GENERAL_SUBTREE) *trees,
- BIO *bp, int ind, char *name);
+ STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name);
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
const X509V3_EXT_METHOD v3_name_constraints = {
NID_name_constraints, 0,
ASN1_ITEM_ref(NAME_CONSTRAINTS),
- 0,0,0,0,
- 0,0,
+ 0, 0, 0, 0,
+ 0, 0,
0, v2i_NAME_CONSTRAINTS,
- i2r_NAME_CONSTRAINTS,0,
+ i2r_NAME_CONSTRAINTS, 0,
NULL
};
ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
- GENERAL_SUBTREE, 0),
+ GENERAL_SUBTREE, 0),
ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
- GENERAL_SUBTREE, 1),
+ GENERAL_SUBTREE, 1),
} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
-
+
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
-static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
- {
+static void *
+v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
+{
int i;
CONF_VALUE tval, *val;
STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
NAME_CONSTRAINTS *ncons = NULL;
GENERAL_SUBTREE *sub = NULL;
+
ncons = NAME_CONSTRAINTS_new();
if (!ncons)
goto memerr;
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
- {
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
- if (!strncmp(val->name, "permitted", 9) && val->name[9])
- {
+ if (!strncmp(val->name, "permitted", 9) && val->name[9]) {
ptree = &ncons->permittedSubtrees;
tval.name = val->name + 10;
- }
- else if (!strncmp(val->name, "excluded", 8) && val->name[8])
- {
+ } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) {
ptree = &ncons->excludedSubtrees;
tval.name = val->name + 9;
- }
- else
- {
- X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
+ } else {
+ X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS,
+ X509V3_R_INVALID_SYNTAX);
goto err;
- }
+ }
tval.value = val->value;
sub = GENERAL_SUBTREE_new();
if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
goto memerr;
sub = NULL;
- }
+ }
return ncons;
- memerr:
+memerr:
X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
- err:
+err:
if (ncons)
NAME_CONSTRAINTS_free(ncons);
if (sub)
GENERAL_SUBTREE_free(sub);
return NULL;
- }
-
+}
-
-
-static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
- BIO *bp, int ind)
- {
+static int
+i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind)
+{
NAME_CONSTRAINTS *ncons = a;
+
do_i2r_name_constraints(method, ncons->permittedSubtrees,
- bp, ind, "Permitted");
+ bp, ind, "Permitted");
do_i2r_name_constraints(method, ncons->excludedSubtrees,
- bp, ind, "Excluded");
+ bp, ind, "Excluded");
return 1;
- }
+}
-static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
- STACK_OF(GENERAL_SUBTREE) *trees,
- BIO *bp, int ind, char *name)
- {
+static int
+do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+ STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name)
+{
GENERAL_SUBTREE *tree;
int i;
+
if (sk_GENERAL_SUBTREE_num(trees) > 0)
BIO_printf(bp, "%*s%s:\n", ind, "", name);
- for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++)
- {
+ for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) {
tree = sk_GENERAL_SUBTREE_value(trees, i);
BIO_printf(bp, "%*s", ind + 2, "");
if (tree->base->type == GEN_IPADD)
else
GENERAL_NAME_print(bp, tree->base);
BIO_puts(bp, "\n");
- }
- return 1;
}
+ return 1;
+}
-static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
- {
+static int
+print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
+{
int i, len;
unsigned char *p;
+
p = ip->data;
len = ip->length;
BIO_puts(bp, "IP:");
- if(len == 8)
- {
+ if (len == 8) {
BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
- p[0], p[1], p[2], p[3],
- p[4], p[5], p[6], p[7]);
- }
- else if(len == 32)
- {
- for (i = 0; i < 16; i++)
- {
+ p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
+ } else if (len == 32) {
+ for (i = 0; i < 16; i++) {
BIO_printf(bp, "%X", p[0] << 8 | p[1]);
p += 2;
if (i == 7)
BIO_puts(bp, "/");
else if (i != 15)
BIO_puts(bp, ":");
- }
}
- else
+ } else
BIO_printf(bp, "IP Address:<invalid>");
return 1;
- }
+}
/* Check a certificate conforms to a specified set of constraints.
* Return values:
* X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Unsupported constraint type.
* X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax.
* X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name
-
*/
-int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
- {
+int
+NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
+{
int r, i;
X509_NAME *nm;
nm = X509_get_subject_name(x);
- if (X509_NAME_entry_count(nm) > 0)
- {
+ if (X509_NAME_entry_count(nm) > 0) {
GENERAL_NAME gntmp;
gntmp.type = GEN_DIRNAME;
gntmp.d.directoryName = nm;
gntmp.type = GEN_EMAIL;
-
/* Process any email address attributes in subject name */
- for (i = -1;;)
- {
+ for (i = -1;;) {
X509_NAME_ENTRY *ne;
i = X509_NAME_get_index_by_NID(nm,
- NID_pkcs9_emailAddress,
- i);
+ NID_pkcs9_emailAddress, i);
if (i == -1)
break;
ne = X509_NAME_get_entry(nm, i);
if (r != X509_V_OK)
return r;
- }
-
}
- for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++)
- {
+ }
+
+ for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) {
GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i);
r = nc_match(gen, nc);
if (r != X509_V_OK)
return r;
- }
+ }
return X509_V_OK;
+}
- }
-
-static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
- {
+static int
+nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+{
GENERAL_SUBTREE *sub;
int i, r, match = 0;
* at least one subtree must match.
*/
- for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++)
- {
+ for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {
sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
if (gen->type != sub->base->type)
continue;
match = 2;
else if (r != X509_V_ERR_PERMITTED_VIOLATION)
return r;
- }
+ }
if (match == 1)
return X509_V_ERR_PERMITTED_VIOLATION;
/* Excluded subtrees: must not match any of these */
- for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++)
- {
+ for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {
sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
if (gen->type != sub->base->type)
continue;
else if (r != X509_V_ERR_PERMITTED_VIOLATION)
return r;
- }
+ }
return X509_V_OK;
+}
- }
-
-static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
- {
- switch(base->type)
- {
- case GEN_DIRNAME:
+static int
+nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
+{
+ switch (base->type) {
+ case GEN_DIRNAME:
return nc_dn(gen->d.directoryName, base->d.directoryName);
- case GEN_DNS:
+ case GEN_DNS:
return nc_dns(gen->d.dNSName, base->d.dNSName);
- case GEN_EMAIL:
+ case GEN_EMAIL:
return nc_email(gen->d.rfc822Name, base->d.rfc822Name);
- case GEN_URI:
+ case GEN_URI:
return nc_uri(gen->d.uniformResourceIdentifier,
- base->d.uniformResourceIdentifier);
+ base->d.uniformResourceIdentifier);
- default:
+ default:
return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
- }
-
}
+}
/* directoryName name constraint matching.
* The canonical encoding of X509_NAME makes this comparison easy. It is
* matched if the subtree is a subset of the name.
*/
-static int nc_dn(X509_NAME *nm, X509_NAME *base)
- {
+static int
+nc_dn(X509_NAME *nm, X509_NAME *base)
+{
/* Ensure canonical encodings are up to date. */
if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
return X509_V_ERR_OUT_OF_MEM;
if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
- }
+}
-static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
- {
+static int
+nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
+{
char *baseptr = (char *)base->data;
char *dnsptr = (char *)dns->data;
+
/* Empty matches everything */
if (!*baseptr)
return X509_V_OK;
* compare RHS and if dns is longer and expect '.' as preceding
* character.
*/
- if (dns->length > base->length)
- {
+ if (dns->length > base->length) {
dnsptr += dns->length - base->length;
if (dnsptr[-1] != '.')
return X509_V_ERR_PERMITTED_VIOLATION;
- }
+ }
if (strcasecmp(baseptr, dnsptr))
- return X509_V_ERR_PERMITTED_VIOLATION;
+ return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
+}
- }
-
-static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
- {
+static int
+nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
+{
const char *baseptr = (char *)base->data;
const char *emlptr = (char *)eml->data;
-
const char *baseat = strchr(baseptr, '@');
const char *emlat = strchr(emlptr, '@');
+
if (!emlat)
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
/* Special case: inital '.' is RHS match */
- if (!baseat && (*baseptr == '.'))
- {
- if (eml->length > base->length)
- {
+ if (!baseat && (*baseptr == '.')) {
+ if (eml->length > base->length) {
emlptr += eml->length - base->length;
if (!strcasecmp(baseptr, emlptr))
return X509_V_OK;
- }
- return X509_V_ERR_PERMITTED_VIOLATION;
}
+ return X509_V_ERR_PERMITTED_VIOLATION;
+ }
/* If we have anything before '@' match local part */
- if (baseat)
- {
- if (baseat != baseptr)
- {
+ if (baseat) {
+ if (baseat != baseptr) {
if ((baseat - baseptr) != (emlat - emlptr))
return X509_V_ERR_PERMITTED_VIOLATION;
/* Case sensitive match of local part */
if (strncmp(baseptr, emlptr, emlat - emlptr))
return X509_V_ERR_PERMITTED_VIOLATION;
- }
+ }
/* Position base after '@' */
baseptr = baseat + 1;
- }
+ }
emlptr = emlat + 1;
/* Just have hostname left to match: case insensitive */
if (strcasecmp(baseptr, emlptr))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
+}
- }
-
-static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
- {
+static int
+nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
+{
const char *baseptr = (char *)base->data;
const char *hostptr = (char *)uri->data;
const char *p = strchr(hostptr, ':');
int hostlen;
+
/* Check for foo:// and skip past it */
if (!p || (p[1] != '/') || (p[2] != '/'))
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
/* Special case: inital '.' is RHS match */
- if (*baseptr == '.')
- {
- if (hostlen > base->length)
- {
+ if (*baseptr == '.') {
+ if (hostlen > base->length) {
p = hostptr + hostlen - base->length;
if (!strncasecmp(p, baseptr, base->length))
return X509_V_OK;
- }
- return X509_V_ERR_PERMITTED_VIOLATION;
}
+ return X509_V_ERR_PERMITTED_VIOLATION;
+ }
- if ((base->length != (int)hostlen) || strncasecmp(hostptr, baseptr, hostlen))
+ if ((base->length != (int)hostlen) ||
+ strncasecmp(hostptr, baseptr, hostlen))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
-
- }
+}
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
*/
static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
- BIO *out, int indent);
+ BIO *out, int indent);
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
- BIO *out, int indent);
+ BIO *out, int indent);
static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
- int indent);
+ int indent);
static void *ocsp_nonce_new(void);
static int i2d_ocsp_nonce(void *a, unsigned char **pp);
static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
static void ocsp_nonce_free(void *a);
static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
- BIO *out, int indent);
+ BIO *out, int indent);
static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
- void *nocheck, BIO *out, int indent);
+ void *nocheck, BIO *out, int indent);
static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- const char *str);
+ const char *str);
static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
- BIO *bp, int ind);
+ BIO *bp, int ind);
const X509V3_EXT_METHOD v3_ocsp_crlid = {
NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_crlid,0,
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_crlid, 0,
NULL
};
const X509V3_EXT_METHOD v3_ocsp_acutoff = {
NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_acutoff,0,
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_acutoff, 0,
NULL
};
const X509V3_EXT_METHOD v3_crl_invdate = {
NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_acutoff,0,
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_acutoff, 0,
NULL
};
const X509V3_EXT_METHOD v3_crl_hold = {
NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_object,0,
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_object, 0,
NULL
};
ocsp_nonce_free,
d2i_ocsp_nonce,
i2d_ocsp_nonce,
- 0,0,
- 0,0,
- i2r_ocsp_nonce,0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_nonce, 0,
NULL
};
const X509V3_EXT_METHOD v3_ocsp_nocheck = {
NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
- 0,0,0,0,
- 0,s2i_ocsp_nocheck,
- 0,0,
- i2r_ocsp_nocheck,0,
+ 0, 0, 0, 0,
+ 0, s2i_ocsp_nocheck,
+ 0, 0,
+ i2r_ocsp_nocheck, 0,
NULL
};
const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_serviceloc,0,
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_serviceloc, 0,
NULL
};
-static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
- int ind)
+static int
+i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
{
OCSP_CRLID *a = in;
- if (a->crlUrl)
- {
- if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err;
- if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
- if (BIO_write(bp, "\n", 1) <= 0) goto err;
- }
- if (a->crlNum)
- {
- if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err;
- if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err;
- if (BIO_write(bp, "\n", 1) <= 0) goto err;
- }
- if (a->crlTime)
- {
- if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
- if (BIO_write(bp, "\n", 1) <= 0) goto err;
- }
+ if (a->crlUrl) {
+ if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
+ goto err;
+ if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl))
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (a->crlNum) {
+ if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
+ goto err;
+ if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (a->crlTime) {
+ if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
+ goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
return 1;
- err:
+
+err:
return 0;
}
-static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
- BIO *bp, int ind)
+static int
+i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, BIO *bp,
+ int ind)
{
- if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
- if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
+ if (BIO_printf(bp, "%*s", ind, "") <= 0)
+ return 0;
+ if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
+ return 0;
return 1;
}
-
-static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
- int ind)
+static int
+i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
{
- if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
- if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0;
+ if (BIO_printf(bp, "%*s", ind, "") <= 0)
+ return 0;
+ if (i2a_ASN1_OBJECT(bp, oid) <= 0)
+ return 0;
return 1;
}
* an ASN1 encoding at all: it just contains arbitrary data.
*/
-static void *ocsp_nonce_new(void)
+static void *
+ocsp_nonce_new(void)
{
return ASN1_OCTET_STRING_new();
}
-static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+static int
+i2d_ocsp_nonce(void *a, unsigned char **pp)
{
ASN1_OCTET_STRING *os = a;
- if(pp) {
+
+ if (pp) {
memcpy(*pp, os->data, os->length);
*pp += os->length;
}
return os->length;
}
-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
+static void *
+d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
{
ASN1_OCTET_STRING *os, **pos;
+
pos = a;
- if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
- else os = *pos;
- if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
+ if (!pos || !*pos)
+ os = ASN1_OCTET_STRING_new();
+ else
+ os = *pos;
+ if (!ASN1_OCTET_STRING_set(os, *pp, length))
+ goto err;
*pp += length;
- if(pos) *pos = os;
+ if (pos)
+ *pos = os;
return os;
- err:
- if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
+err:
+ if (os && (!pos || (*pos != os)))
+ M_ASN1_OCTET_STRING_free(os);
OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
return NULL;
}
-static void ocsp_nonce_free(void *a)
+static void
+ocsp_nonce_free(void *a)
{
M_ASN1_OCTET_STRING_free(a);
}
-static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
- BIO *out, int indent)
+static int
+i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, BIO *out,
+ int indent)
{
- if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
- if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
+ if (BIO_printf(out, "%*s", indent, "") <= 0)
+ return 0;
+ if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
+ return 0;
return 1;
}
/* Nocheck is just a single NULL. Don't print anything and always set it */
-static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
- BIO *out, int indent)
+static int
+i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, BIO *out,
+ int indent)
{
return 1;
}
-static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- const char *str)
+static void *
+s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ const char *str)
{
return ASN1_NULL_new();
}
-static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
- BIO *bp, int ind)
- {
+static int
+i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+{
int i;
OCSP_SERVICELOC *a = in;
ACCESS_DESCRIPTION *ad;
- if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
- if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
- {
- ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
- if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0)
- goto err;
- if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
- if(BIO_puts(bp, " - ") <= 0) goto err;
- if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
- }
+ if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
+ goto err;
+ if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
+ goto err;
+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
+ ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
+ if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
+ goto err;
+ if (BIO_puts(bp, " - ") <= 0)
+ goto err;
+ if (GENERAL_NAME_print(bp, ad->location) <= 0)
+ goto err;
+ }
return 1;
+
err:
return 0;
- }
+}
#endif
projects / openbsd / commitdiff