From 909a0009a9f99494f6a65c1ece02cea2efcf5fe9 Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 20 Apr 2014 15:36:20 +0000 Subject: [PATCH] KNF. --- lib/libcrypto/x509/x509_err.c | 162 ++++++------ lib/libcrypto/x509/x509_ext.c | 144 ++++++----- lib/libcrypto/x509/x509_lu.c | 355 +++++++++++++++----------- lib/libcrypto/x509/x509_obj.c | 140 +++++----- lib/libcrypto/x509/x509_r2x.c | 51 ++-- lib/libcrypto/x509/x509_req.c | 210 ++++++++------- lib/libssl/src/crypto/x509/x509_err.c | 162 ++++++------ lib/libssl/src/crypto/x509/x509_ext.c | 144 ++++++----- lib/libssl/src/crypto/x509/x509_lu.c | 355 +++++++++++++++----------- lib/libssl/src/crypto/x509/x509_obj.c | 140 +++++----- lib/libssl/src/crypto/x509/x509_r2x.c | 51 ++-- lib/libssl/src/crypto/x509/x509_req.c | 210 ++++++++------- 12 files changed, 1184 insertions(+), 940 deletions(-) diff --git a/lib/libcrypto/x509/x509_err.c b/lib/libcrypto/x509/x509_err.c index ab5e8aaea2f..4a890a180d2 100644 --- a/lib/libcrypto/x509/x509_err.c +++ b/lib/libcrypto/x509/x509_err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -68,96 +68,94 @@ #define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) -static ERR_STRING_DATA X509_str_functs[]= -{ -{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, -{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, -{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, -{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, -{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, -{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, -{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, -{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, -{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, -{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, -{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, -{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, -{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, -{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, -{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, -{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, -{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, -{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, -{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, -{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, -{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, -{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, -{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, -{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, -{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"}, -{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, -{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, -{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, -{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, -{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, -{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, -{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, -{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, -{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, -{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, -{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, -{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, -{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, -{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, -{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, -{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, -{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, -{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, -{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, -{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, -{0,NULL} +static ERR_STRING_DATA X509_str_functs[] = { + {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, + {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, + {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, + {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, + {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, + {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, + {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, + {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, + {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, + {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, + {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, + {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, + {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, + {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, + {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, + {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, + {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, + {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, + {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, + {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"}, + {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, + {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, + {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, + {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, + {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, + {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, + {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, + {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, + {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, + {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, + {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, + {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, + {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, + {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, + {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, + {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, + {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, + {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, + {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, + {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, + {0, NULL} }; -static ERR_STRING_DATA X509_str_reasons[]= -{ -{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"}, -{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"}, -{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"}, -{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"}, -{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"}, -{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"}, -{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"}, -{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"}, -{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"}, -{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, -{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, -{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, -{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"}, -{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, -{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"}, -{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"}, -{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, -{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"}, -{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"}, -{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"}, -{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"}, -{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"}, -{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"}, -{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"}, -{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"}, -{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"}, -{0,NULL} +static ERR_STRING_DATA X509_str_reasons[] = { + {ERR_REASON(X509_R_BAD_X509_FILETYPE) , "bad x509 filetype"}, + {ERR_REASON(X509_R_BASE64_DECODE_ERROR) , "base64 decode error"}, + {ERR_REASON(X509_R_CANT_CHECK_DH_KEY) , "cant check dh key"}, + {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), "cert already in hash table"}, + {ERR_REASON(X509_R_ERR_ASN1_LIB) , "err asn1 lib"}, + {ERR_REASON(X509_R_INVALID_DIRECTORY) , "invalid directory"}, + {ERR_REASON(X509_R_INVALID_FIELD_NAME) , "invalid field name"}, + {ERR_REASON(X509_R_INVALID_TRUST) , "invalid trust"}, + {ERR_REASON(X509_R_KEY_TYPE_MISMATCH) , "key type mismatch"}, + {ERR_REASON(X509_R_KEY_VALUES_MISMATCH) , "key values mismatch"}, + {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"}, + {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"}, + {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"}, + {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"}, + {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"}, + {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"}, + {ERR_REASON(X509_R_SHOULD_RETRY) , "should retry"}, + {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), "unable to find parameters in chain"}, + {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), "unable to get certs public key"}, + {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) , "unknown key type"}, + {ERR_REASON(X509_R_UNKNOWN_NID) , "unknown nid"}, + {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) , "unknown purpose id"}, + {ERR_REASON(X509_R_UNKNOWN_TRUST_ID) , "unknown trust id"}, + {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, + {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) , "wrong lookup type"}, + {ERR_REASON(X509_R_WRONG_TYPE) , "wrong type"}, + {0, NULL} }; #endif -void ERR_load_X509_strings(void) +void +ERR_load_X509_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(X509_str_functs[0].error) == NULL) { - ERR_load_strings(0,X509_str_functs); - ERR_load_strings(0,X509_str_reasons); + ERR_load_strings(0, X509_str_functs); + ERR_load_strings(0, X509_str_reasons); } #endif } diff --git a/lib/libcrypto/x509/x509_ext.c b/lib/libcrypto/x509/x509_ext.c index bdc489f3674..a2441c2c2c0 100644 --- a/lib/libcrypto/x509/x509_ext.c +++ b/lib/libcrypto/x509/x509_ext.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -66,142 +66,168 @@ #include -int X509_CRL_get_ext_count(X509_CRL *x) +int +X509_CRL_get_ext_count(X509_CRL *x) { - return(X509v3_get_ext_count(x->crl->extensions)); + return (X509v3_get_ext_count(x->crl->extensions)); } -int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) +int +X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) { - return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); + return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos)); } -int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) +int +X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) { - return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); + return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos)); } -int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) +int +X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) { - return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); + return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos)); } -X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) +X509_EXTENSION * +X509_CRL_get_ext(X509_CRL *x, int loc) { - return(X509v3_get_ext(x->crl->extensions,loc)); + return (X509v3_get_ext(x->crl->extensions, loc)); } -X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) +X509_EXTENSION * +X509_CRL_delete_ext(X509_CRL *x, int loc) { - return(X509v3_delete_ext(x->crl->extensions,loc)); + return (X509v3_delete_ext(x->crl->extensions, loc)); } -void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) +void * +X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); } -int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags) +int +X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags) { return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); } -int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) +int +X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) { - return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); + return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL); } -int X509_get_ext_count(X509 *x) +int +X509_get_ext_count(X509 *x) { - return(X509v3_get_ext_count(x->cert_info->extensions)); + return (X509v3_get_ext_count(x->cert_info->extensions)); } -int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) +int +X509_get_ext_by_NID(X509 *x, int nid, int lastpos) { - return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); + return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos)); } -int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) +int +X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) { - return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); + return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos)); } -int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) +int +X509_get_ext_by_critical(X509 *x, int crit, int lastpos) { - return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); + return (X509v3_get_ext_by_critical(x->cert_info->extensions, crit, + lastpos)); } -X509_EXTENSION *X509_get_ext(X509 *x, int loc) +X509_EXTENSION * +X509_get_ext(X509 *x, int loc) { - return(X509v3_get_ext(x->cert_info->extensions,loc)); + return (X509v3_get_ext(x->cert_info->extensions, loc)); } -X509_EXTENSION *X509_delete_ext(X509 *x, int loc) +X509_EXTENSION * +X509_delete_ext(X509 *x, int loc) { - return(X509v3_delete_ext(x->cert_info->extensions,loc)); + return (X509v3_delete_ext(x->cert_info->extensions, loc)); } -int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) +int +X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) { - return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); + return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL); } -void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) +void * +X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); } -int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, - unsigned long flags) +int +X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags) { return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, - flags); + flags); } -int X509_REVOKED_get_ext_count(X509_REVOKED *x) +int +X509_REVOKED_get_ext_count(X509_REVOKED *x) { - return(X509v3_get_ext_count(x->extensions)); + return (X509v3_get_ext_count(x->extensions)); } -int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) +int +X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) { - return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); + return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos)); } -int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, - int lastpos) +int +X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, int lastpos) { - return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); + return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos)); } -int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) +int +X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) { - return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); + return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos)); } -X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) +X509_EXTENSION * +X509_REVOKED_get_ext(X509_REVOKED *x, int loc) { - return(X509v3_get_ext(x->extensions,loc)); + return (X509v3_get_ext(x->extensions, loc)); } -X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) +X509_EXTENSION * +X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) { - return(X509v3_delete_ext(x->extensions,loc)); + return (X509v3_delete_ext(x->extensions, loc)); } -int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) +int +X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) { - return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); + return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); } -void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) +void * +X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->extensions, nid, crit, idx); } -int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - unsigned long flags) +int +X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags) { return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); } diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c index a89cd70313e..aec1121ffb0 100644 --- a/lib/libcrypto/x509/x509_lu.c +++ b/lib/libcrypto/x509/x509_lu.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,18 +62,20 @@ #include #include -X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) +X509_LOOKUP * +X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { X509_LOOKUP *ret; - ret=(X509_LOOKUP *)malloc(sizeof(X509_LOOKUP)); - if (ret == NULL) return NULL; + ret = (X509_LOOKUP *)malloc(sizeof(X509_LOOKUP)); + if (ret == NULL) + return NULL; - ret->init=0; - ret->skip=0; - ret->method=method; - ret->method_data=NULL; - ret->store_ctx=NULL; + ret->init = 0; + ret->skip = 0; + ret->method = method; + ret->method_data = NULL; + ret->store_ctx = NULL; if ((method->new_item != NULL) && !method->new_item(ret)) { free(ret); return NULL; @@ -81,91 +83,104 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) return ret; } -void X509_LOOKUP_free(X509_LOOKUP *ctx) +void +X509_LOOKUP_free(X509_LOOKUP *ctx) { - if (ctx == NULL) return; - if ( (ctx->method != NULL) && - (ctx->method->free != NULL)) + if (ctx == NULL) + return; + if ((ctx->method != NULL) && (ctx->method->free != NULL)) (*ctx->method->free)(ctx); free(ctx); } -int X509_LOOKUP_init(X509_LOOKUP *ctx) +int +X509_LOOKUP_init(X509_LOOKUP *ctx) { - if (ctx->method == NULL) return 0; + if (ctx->method == NULL) + return 0; if (ctx->method->init != NULL) return ctx->method->init(ctx); else return 1; } -int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) +int +X509_LOOKUP_shutdown(X509_LOOKUP *ctx) { - if (ctx->method == NULL) return 0; + if (ctx->method == NULL) + return 0; if (ctx->method->shutdown != NULL) return ctx->method->shutdown(ctx); else return 1; } -int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret) +int +X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret) { - if (ctx->method == NULL) return -1; + if (ctx->method == NULL) + return -1; if (ctx->method->ctrl != NULL) - return ctx->method->ctrl(ctx,cmd,argc,argl,ret); + return ctx->method->ctrl(ctx, cmd, argc, argl, ret); else return 1; } -int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, - X509_OBJECT *ret) - { +int +X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret) +{ if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) return X509_LU_FAIL; - if (ctx->skip) return 0; - return ctx->method->get_by_subject(ctx,type,name,ret); + if (ctx->skip) + return 0; + return ctx->method->get_by_subject(ctx, type, name, ret); } -int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial, X509_OBJECT *ret) +int +X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial, X509_OBJECT *ret) { if ((ctx->method == NULL) || - (ctx->method->get_by_issuer_serial == NULL)) + (ctx->method->get_by_issuer_serial == NULL)) return X509_LU_FAIL; - return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); + return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); } -int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, - unsigned char *bytes, int len, X509_OBJECT *ret) +int +X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, unsigned char *bytes, + int len, X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) return X509_LU_FAIL; - return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); + return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); } -int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, - X509_OBJECT *ret) +int +X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, + X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) return X509_LU_FAIL; - return ctx->method->get_by_alias(ctx,type,str,len,ret); -} - - -static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) - { - int ret; - - ret=((*a)->type - (*b)->type); - if (ret) return ret; - switch ((*a)->type) { - case X509_LU_X509: - ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); - break; - case X509_LU_CRL: - ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); - break; + return ctx->method->get_by_alias(ctx, type, str, len, ret); +} + +static int +x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) +{ + int ret; + + ret = ((*a)->type - (*b)->type); + if (ret) + return ret; + switch ((*a)->type) { + case X509_LU_X509: + ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); + break; + case X509_LU_CRL: + ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); + break; default: /* abort(); */ return 0; @@ -173,23 +188,24 @@ static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * con return ret; } -X509_STORE *X509_STORE_new(void) +X509_STORE * +X509_STORE_new(void) { X509_STORE *ret; - if ((ret=(X509_STORE *)malloc(sizeof(X509_STORE))) == NULL) + if ((ret = (X509_STORE *)malloc(sizeof(X509_STORE))) == NULL) return NULL; ret->objs = sk_X509_OBJECT_new(x509_object_cmp); - ret->cache=1; - ret->get_cert_methods=sk_X509_LOOKUP_new_null(); - ret->verify=0; - ret->verify_cb=0; + ret->cache = 1; + ret->get_cert_methods = sk_X509_LOOKUP_new_null(); + ret->verify = 0; + ret->verify_cb = 0; if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) { sk_X509_OBJECT_free(ret->objs); free(ret); return NULL; -} + } ret->get_issuer = 0; ret->check_issued = 0; @@ -201,17 +217,19 @@ X509_STORE *X509_STORE_new(void) ret->lookup_crls = 0; ret->cleanup = 0; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, + ret, &ret->ex_data)) { sk_X509_OBJECT_free(ret->objs); free(ret); return NULL; } - ret->references=1; + ret->references = 1; return ret; } -static void cleanup(X509_OBJECT *a) +static void +cleanup(X509_OBJECT *a) { if (a->type == X509_LU_X509) { X509_free(a->data.x509); @@ -224,18 +242,19 @@ static void cleanup(X509_OBJECT *a) free(a); } -void X509_STORE_free(X509_STORE *vfy) +void +X509_STORE_free(X509_STORE *vfy) { int i; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; if (vfy == NULL) - return; + return; - sk=vfy->get_cert_methods; - for (i=0; iget_cert_methods; + for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { + lu = sk_X509_LOOKUP_value(sk, i); X509_LOOKUP_shutdown(lu); X509_LOOKUP_free(lu); } @@ -248,26 +267,27 @@ void X509_STORE_free(X509_STORE *vfy) free(vfy); } -X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) +X509_LOOKUP * +X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) { int i; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; - sk=v->get_cert_methods; - for (i=0; iget_cert_methods; + for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { + lu = sk_X509_LOOKUP_value(sk, i); if (m == lu->method) { return lu; } } /* a new one */ - lu=X509_LOOKUP_new(m); + lu = X509_LOOKUP_new(m); if (lu == NULL) return NULL; else { - lu->store_ctx=v; - if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) + lu->store_ctx = v; + if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) return lu; else { X509_LOOKUP_free(lu); @@ -276,31 +296,33 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) } } -int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, - X509_OBJECT *ret) +int +X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, + X509_OBJECT *ret) { - X509_STORE *ctx=vs->ctx; + X509_STORE *ctx = vs->ctx; X509_LOOKUP *lu; - X509_OBJECT stmp,*tmp; - int i,j; + X509_OBJECT stmp, *tmp; + int i, j; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); + tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); if (tmp == NULL || type == X509_LU_CRL) { - for (i=vs->current_method; iget_cert_methods); i++) { - lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); - j=X509_LOOKUP_by_subject(lu,type,name,&stmp); + for (i = vs->current_method; + i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { + lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); + j = X509_LOOKUP_by_subject(lu, type, name, &stmp); if (j < 0) { - vs->current_method=j; + vs->current_method = j; return j; } else if (j) { - tmp= &stmp; + tmp = &stmp; break; } } - vs->current_method=0; + vs->current_method = 0; if (tmp == NULL) return 0; } @@ -308,27 +330,29 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, /* if (ret->data.ptr != NULL) X509_OBJECT_free_contents(ret); */ - ret->type=tmp->type; - ret->data.ptr=tmp->data.ptr; + ret->type = tmp->type; + ret->data.ptr = tmp->data.ptr; X509_OBJECT_up_ref_count(ret); return 1; } -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) +int +X509_STORE_add_cert(X509_STORE *ctx, X509 *x) { X509_OBJECT *obj; - int ret=1; + int ret = 1; - if (x == NULL) return 0; - obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT)); + if (x == NULL) + return 0; + obj = (X509_OBJECT *)malloc(sizeof(X509_OBJECT)); if (obj == NULL) { - X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); + X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); return 0; } - obj->type=X509_LU_X509; - obj->data.x509=x; + obj->type = X509_LU_X509; + obj->data.x509 = x; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); @@ -337,29 +361,32 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { X509_OBJECT_free_contents(obj); free(obj); - X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret=0; - } - else sk_X509_OBJECT_push(ctx->objs, obj); + X509err(X509_F_X509_STORE_ADD_CERT, + X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret = 0; + } else + sk_X509_OBJECT_push(ctx->objs, obj); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); return ret; } -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) +int +X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) { X509_OBJECT *obj; - int ret=1; + int ret = 1; - if (x == NULL) return 0; - obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT)); + if (x == NULL) + return 0; + obj = (X509_OBJECT *)malloc(sizeof(X509_OBJECT)); if (obj == NULL) { - X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); + X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); return 0; } - obj->type=X509_LU_CRL; - obj->data.crl=x; + obj->type = X509_LU_CRL; + obj->data.crl = x; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); @@ -368,8 +395,9 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { X509_OBJECT_free_contents(obj); free(obj); - X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret=0; + X509err(X509_F_X509_STORE_ADD_CRL, + X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret = 0; } else sk_X509_OBJECT_push(ctx->objs, obj); @@ -378,19 +406,21 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) return ret; } -void X509_OBJECT_up_ref_count(X509_OBJECT *a) +void +X509_OBJECT_up_ref_count(X509_OBJECT *a) { switch (a->type) { case X509_LU_X509: - CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509); + CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509); break; case X509_LU_CRL: - CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); + CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); break; } } -void X509_OBJECT_free_contents(X509_OBJECT *a) +void +X509_OBJECT_free_contents(X509_OBJECT *a) { switch (a->type) { case X509_LU_X509: @@ -402,8 +432,9 @@ void X509_OBJECT_free_contents(X509_OBJECT *a) } } -static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name, int *pnmatch) +static int +x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, + int *pnmatch) { X509_OBJECT stmp; X509 x509_s; @@ -412,24 +443,24 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_CRL_INFO crl_info_s; int idx; - stmp.type=type; + stmp.type = type; switch (type) { case X509_LU_X509: - stmp.data.x509= &x509_s; - x509_s.cert_info= &cinf_s; - cinf_s.subject=name; + stmp.data.x509 = &x509_s; + x509_s.cert_info = &cinf_s; + cinf_s.subject = name; break; case X509_LU_CRL: - stmp.data.crl= &crl_s; - crl_s.crl= &crl_info_s; - crl_info_s.issuer=name; + stmp.data.crl = &crl_s; + crl_s.crl = &crl_info_s; + crl_info_s.issuer = name; break; default: /* abort(); */ return -1; } - idx = sk_X509_OBJECT_find(h,&stmp); + idx = sk_X509_OBJECT_find(h, &stmp); if (idx >= 0 && pnmatch) { int tidx; const X509_OBJECT *tobj, *pstmp; @@ -445,28 +476,32 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, return idx; } - -int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name) +int +X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name) { return x509_object_idx_cnt(h, type, name, NULL); } -X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name) +X509_OBJECT * +X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name) { int idx; + idx = X509_OBJECT_idx_by_subject(h, type, name); - if (idx==-1) return NULL; + if (idx == -1) + return NULL; return sk_X509_OBJECT_value(h, idx); } -STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) +STACK_OF(X509) * +X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) { int i, idx, cnt; STACK_OF(X509) *sk; X509 *x; X509_OBJECT *obj; + sk = sk_X509_new_null(); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); @@ -482,7 +517,8 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) } X509_OBJECT_free_contents(&xobj); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt); + idx = x509_object_idx_cnt(ctx->ctx->objs, + X509_LU_X509, nm, &cnt); if (idx < 0) { CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); sk_X509_free(sk); @@ -505,12 +541,14 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) } -STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) +STACK_OF(X509_CRL) * +X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) { int i, idx, cnt; STACK_OF(X509_CRL) *sk; X509_CRL *x; X509_OBJECT *obj, xobj; + sk = sk_X509_CRL_new_null(); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); /* Check cache first */ @@ -525,7 +563,7 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) } X509_OBJECT_free_contents(&xobj); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt); + idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); if (idx < 0) { CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); sk_X509_CRL_free(sk); @@ -547,17 +585,21 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) return sk; } -X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) +X509_OBJECT * +X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) { int idx, i; X509_OBJECT *obj; + idx = sk_X509_OBJECT_find(h, x); - if (idx == -1) return NULL; + if (idx == -1) + return NULL; if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) return sk_X509_OBJECT_value(h, idx); for (i = idx; i < sk_X509_OBJECT_num(h); i++) { obj = sk_X509_OBJECT_value(h, i); - if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) + if (x509_object_cmp((const X509_OBJECT **)&obj, + (const X509_OBJECT **)&x)) return NULL; if (x->type == X509_LU_X509) { if (!X509_cmp(obj->data.x509, x->data.x509)) @@ -583,17 +625,19 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x * 0 certificate not found. * -1 some other error. */ -int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +int +X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { X509_NAME *xn; X509_OBJECT obj, *pobj; int i, ok, idx, ret; - xn=X509_get_issuer_name(x); - ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); + xn = X509_get_issuer_name(x); + ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj); if (ok != X509_LU_X509) { if (ok == X509_LU_RETRY) { X509_OBJECT_free_contents(&obj); - X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY); + X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, + X509_R_SHOULD_RETRY); return -1; } else if (ok != X509_LU_FAIL) { X509_OBJECT_free_contents(&obj); @@ -620,7 +664,8 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) /* See if we've run past the matches */ if (pobj->type != X509_LU_X509) break; - if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) + if (X509_NAME_cmp(xn, + X509_get_subject_name(pobj->data.x509))) break; if (ctx->check_issued(ctx, x, pobj->data.x509)) { *issuer = pobj->data.x509; @@ -634,34 +679,40 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) return ret; } -int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) +int +X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) { return X509_VERIFY_PARAM_set_flags(ctx->param, flags); } -int X509_STORE_set_depth(X509_STORE *ctx, int depth) +int +X509_STORE_set_depth(X509_STORE *ctx, int depth) { X509_VERIFY_PARAM_set_depth(ctx->param, depth); return 1; } -int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) +int +X509_STORE_set_purpose(X509_STORE *ctx, int purpose) { return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); } -int X509_STORE_set_trust(X509_STORE *ctx, int trust) +int +X509_STORE_set_trust(X509_STORE *ctx, int trust) { return X509_VERIFY_PARAM_set_trust(ctx->param, trust); } -int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) +int +X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) { return X509_VERIFY_PARAM_set1(ctx->param, param); } -void X509_STORE_set_verify_cb(X509_STORE *ctx, - int (*verify_cb)(int, X509_STORE_CTX *)) +void +X509_STORE_set_verify_cb(X509_STORE *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)) { ctx->verify_cb = verify_cb; } diff --git a/lib/libcrypto/x509/x509_obj.c b/lib/libcrypto/x509/x509_obj.c index d0c02f833e1..a50b05bb7a1 100644 --- a/lib/libcrypto/x509/x509_obj.c +++ b/lib/libcrypto/x509/x509_obj.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,105 +63,115 @@ #include #include -char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) +char * +X509_NAME_oneline(X509_NAME *a, char *buf, int len) { X509_NAME_ENTRY *ne; -int i; - int n,lold,l,l1,l2,num,j,type; + int i; + int n, lold, l,l1, l2, num, j, type; const char *s; char *p; unsigned char *q; - BUF_MEM *b=NULL; - static const char hex[17]="0123456789ABCDEF"; + BUF_MEM *b = NULL; + static const char hex[17] = "0123456789ABCDEF"; int gs_doit[4]; char tmp_buf[80]; if (buf == NULL) { - if ((b=BUF_MEM_new()) == NULL) goto err; - if (!BUF_MEM_grow(b,200)) goto err; - b->data[0]='\0'; - len=200; + if ((b = BUF_MEM_new()) == NULL) + goto err; + if (!BUF_MEM_grow(b, 200)) + goto err; + b->data[0] = '\0'; + len = 200; } if (a == NULL) { - if(b) { - buf=b->data; + if (b) { + buf = b->data; free(b); } - strlcpy(buf,"NO X509_NAME",len); + strlcpy(buf, "NO X509_NAME", len); return buf; } len--; /* space for '\0' */ - l=0; - for (i=0; ientries); i++) { - ne=sk_X509_NAME_ENTRY_value(a->entries,i); - n=OBJ_obj2nid(ne->object); - if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) { - i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object); - s=tmp_buf; + l = 0; + for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { + ne = sk_X509_NAME_ENTRY_value(a->entries, i); + n = OBJ_obj2nid(ne->object); + if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) { + i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object); + s = tmp_buf; } - l1=strlen(s); + l1 = strlen(s); - type=ne->value->type; - num=ne->value->length; - q=ne->value->data; - if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) { - gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0; - for (j=0; jvalue->type; + num = ne->value->length; + q = ne->value->data; + if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) { + gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0; + for (j = 0; j < num; j++) + if (q[j] != 0) + gs_doit[j & 3] = 1; if (gs_doit[0]|gs_doit[1]|gs_doit[2]) - gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; + gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1; else { - gs_doit[0]=gs_doit[1]=gs_doit[2]=0; - gs_doit[3]=1; + gs_doit[0] = gs_doit[1] = gs_doit[2] = 0; + gs_doit[3] = 1; } } else - gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; + gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1; - for (l2=j=0; j '~')) l2+=3; + if ((q[j] < ' ') || (q[j] > '~')) + l2 += 3; } - lold=l; - l+=1+l1+1+l2; + lold = l; + l += 1 + l1 + 1 + l2; if (b != NULL) { - if (!BUF_MEM_grow(b,l+1)) goto err; - p= &(b->data[lold]); + if (!BUF_MEM_grow(b, l + 1)) + goto err; + p = &(b->data[lold]); } else if (l > len) { break; } else - p= &(buf[lold]); - *(p++)='/'; - memcpy(p,s,(unsigned int)l1); p+=l1; - *(p++)='='; - q=ne->value->data; - for (j=0; jvalue->data; + for (j = 0; j < num; j++) { + if (!gs_doit[j & 3]) + continue; + n = q[j]; if ((n < ' ') || (n > '~')) { - *(p++)='\\'; - *(p++)='x'; - *(p++)=hex[(n>>4)&0x0f]; - *(p++)=hex[n&0x0f]; + *(p++) = '\\'; + *(p++) = 'x'; + *(p++) = hex[(n >> 4) & 0x0f]; + *(p++) = hex[n & 0x0f]; } else - *(p++)=n; + *(p++) = n; } - *p='\0'; + *p = '\0'; } if (b != NULL) { - p=b->data; + p = b->data; free(b); } else - p=buf; + p = buf; if (i == 0) *p = '\0'; - return(p); + return (p); + err: - X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); - if (b != NULL) BUF_MEM_free(b); - return(NULL); + X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE); + if (b != NULL) + BUF_MEM_free(b); + return (NULL); } - diff --git a/lib/libcrypto/x509/x509_r2x.c b/lib/libcrypto/x509/x509_r2x.c index f084447334f..530a214c1d3 100644 --- a/lib/libcrypto/x509/x509_r2x.c +++ b/lib/libcrypto/x509/x509_r2x.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -65,47 +65,50 @@ #include #include -X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) +X509 * +X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) { - X509 *ret=NULL; - X509_CINF *xi=NULL; + X509 *ret = NULL; + X509_CINF *xi = NULL; X509_NAME *xn; - if ((ret=X509_new()) == NULL) { - X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE); + if ((ret = X509_new()) == NULL) { + X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE); goto err; } /* duplicate the request */ - xi=ret->cert_info; + xi = ret->cert_info; if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { - if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err; - if (!ASN1_INTEGER_set(xi->version,2)) goto err; + if ((xi->version = M_ASN1_INTEGER_new()) == NULL) + goto err; + if (!ASN1_INTEGER_set(xi->version, 2)) + goto err; /* xi->extensions=ri->attributes; <- bad, should not ever be done ri->attributes=NULL; */ } - xn=X509_REQ_get_subject_name(r); - if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0) + xn = X509_REQ_get_subject_name(r); + if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0) goto err; - if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0) + if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0) goto err; - if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) + if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) goto err; - if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL) + if (X509_gmtime_adj(xi->validity->notAfter, + (long)60 * 60 * 24 * days) == NULL) goto err; - X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); + X509_set_pubkey(ret, X509_REQ_get_pubkey(r)); - if (!X509_sign(ret,pkey,EVP_md5())) + if (!X509_sign(ret, pkey, EVP_md5())) goto err; if (0) { err: X509_free(ret); - ret=NULL; + ret = NULL; } - return(ret); + return (ret); } - diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c index 12725ed7e95..ae6fbd7d148 100644 --- a/lib/libcrypto/x509/x509_req.c +++ b/lib/libcrypto/x509/x509_req.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -67,86 +67,97 @@ #include #include -X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) +X509_REQ * +X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { X509_REQ *ret; X509_REQ_INFO *ri; int i; EVP_PKEY *pktmp; - ret=X509_REQ_new(); + ret = X509_REQ_new(); if (ret == NULL) { - X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE); + X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE); goto err; } - ri=ret->req_info; + ri = ret->req_info; - ri->version->length=1; - ri->version->data=(unsigned char *)malloc(1); - if (ri->version->data == NULL) goto err; - ri->version->data[0]=0; /* version == 0 */ + ri->version->length = 1; + ri->version->data = (unsigned char *)malloc(1); + if (ri->version->data == NULL) + goto err; + ri->version->data[0] = 0; /* version == 0 */ - if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) + if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) goto err; pktmp = X509_get_pubkey(x); - i=X509_REQ_set_pubkey(ret,pktmp); + i = X509_REQ_set_pubkey(ret, pktmp); EVP_PKEY_free(pktmp); - if (!i) goto err; + if (!i) + goto err; if (pkey != NULL) { - if (!X509_REQ_sign(ret,pkey,md)) + if (!X509_REQ_sign(ret, pkey, md)) goto err; } - return(ret); + return (ret); + err: X509_REQ_free(ret); - return(NULL); + return (NULL); } -EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) +EVP_PKEY * +X509_REQ_get_pubkey(X509_REQ *req) { if ((req == NULL) || (req->req_info == NULL)) - return(NULL); - return(X509_PUBKEY_get(req->req_info->pubkey)); + return (NULL); + return (X509_PUBKEY_get(req->req_info->pubkey)); } -int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) +int +X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) { - EVP_PKEY *xk=NULL; - int ok=0; + EVP_PKEY *xk = NULL; + int ok = 0; - xk=X509_REQ_get_pubkey(x); + xk = X509_REQ_get_pubkey(x); switch (EVP_PKEY_cmp(xk, k)) { case 1: - ok=1; + ok = 1; break; case 0: - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + X509_R_KEY_VALUES_MISMATCH); break; case -1: - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + X509_R_KEY_TYPE_MISMATCH); break; case -2: #ifndef OPENSSL_NO_EC if (k->type == EVP_PKEY_EC) { - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + ERR_R_EC_LIB); break; } #endif #ifndef OPENSSL_NO_DH if (k->type == EVP_PKEY_DH) { /* No idea */ - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + X509_R_CANT_CHECK_DH_KEY); break; } #endif - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + X509_R_UNKNOWN_KEY_TYPE); } EVP_PKEY_free(xk); - return(ok); + return (ok); } /* It seems several organisations had the same idea of including a list of @@ -154,31 +165,38 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) * used and there may be more: so the list is configurable. */ -static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef}; +static int ext_nid_list[] = {NID_ext_req, NID_ms_ext_req, NID_undef}; static int *ext_nids = ext_nid_list; -int X509_REQ_extension_nid(int req_nid) +int +X509_REQ_extension_nid(int req_nid) { int i, nid; - for(i = 0; ; i++) { + + for (i = 0; ; i++) { nid = ext_nids[i]; - if(nid == NID_undef) return 0; - else if (req_nid == nid) return 1; + if (nid == NID_undef) + return 0; + else if (req_nid == nid) + return 1; } } -int *X509_REQ_get_extension_nids(void) +int * +X509_REQ_get_extension_nids(void) { return ext_nids; } - -void X509_REQ_set_extension_nids(int *nids) + +void +X509_REQ_set_extension_nids(int *nids) { ext_nids = nids; } -STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) +STACK_OF(X509_EXTENSION) * +X509_REQ_get_extensions(X509_REQ *req) { X509_ATTRIBUTE *attr; ASN1_TYPE *ext = NULL; @@ -186,46 +204,50 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) const unsigned char *p; if ((req == NULL) || (req->req_info == NULL) || !ext_nids) - return(NULL); + return (NULL); for (pnid = ext_nids; *pnid != NID_undef; pnid++) { idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); if (idx == -1) continue; attr = X509_REQ_get_attr(req, idx); - if(attr->single) ext = attr->value.single; - else if(sk_ASN1_TYPE_num(attr->value.set)) + if (attr->single) + ext = attr->value.single; + else if (sk_ASN1_TYPE_num(attr->value.set)) ext = sk_ASN1_TYPE_value(attr->value.set, 0); break; } - if(!ext || (ext->type != V_ASN1_SEQUENCE)) + if (!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL; p = ext->value.sequence->data; - return (STACK_OF(X509_EXTENSION) *) - ASN1_item_d2i(NULL, &p, ext->value.sequence->length, - ASN1_ITEM_rptr(X509_EXTENSIONS)); + return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p, + ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS)); } /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs * in case we want to create a non standard one. */ -int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, - int nid) +int +X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid) { ASN1_TYPE *at = NULL; X509_ATTRIBUTE *attr = NULL; - if(!(at = ASN1_TYPE_new()) || - !(at->value.sequence = ASN1_STRING_new())) goto err; + + if (!(at = ASN1_TYPE_new()) || + !(at->value.sequence = ASN1_STRING_new())) + goto err; at->type = V_ASN1_SEQUENCE; /* Generate encoding of extensions */ - at->value.sequence->length = - ASN1_item_i2d((ASN1_VALUE *)exts, - &at->value.sequence->data, - ASN1_ITEM_rptr(X509_EXTENSIONS)); - if(!(attr = X509_ATTRIBUTE_new())) goto err; - if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; - if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; + at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts, + &at->value.sequence->data, ASN1_ITEM_rptr(X509_EXTENSIONS)); + if (!(attr = X509_ATTRIBUTE_new())) + goto err; + if (!(attr->value.set = sk_ASN1_TYPE_new_null())) + goto err; + if (!sk_ASN1_TYPE_push(attr->value.set, at)) + goto err; at = NULL; attr->single = 0; attr->object = OBJ_nid2obj(nid); @@ -233,77 +255,89 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) goto err; } - if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; + if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) + goto err; return 1; - err: + +err: X509_ATTRIBUTE_free(attr); ASN1_TYPE_free(at); return 0; } + /* This is the normal usage: use the "official" OID */ -int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) +int +X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) { return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); } /* Request attribute functions */ -int X509_REQ_get_attr_count(const X509_REQ *req) +int +X509_REQ_get_attr_count(const X509_REQ *req) { return X509at_get_attr_count(req->req_info->attributes); } -int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, - int lastpos) +int +X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos) { return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); } -int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, - int lastpos) +int +X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, int lastpos) { return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); } -X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) +X509_ATTRIBUTE * +X509_REQ_get_attr(const X509_REQ *req, int loc) { return X509at_get_attr(req->req_info->attributes, loc); } -X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) +X509_ATTRIBUTE * +X509_REQ_delete_attr(X509_REQ *req, int loc) { return X509at_delete_attr(req->req_info->attributes, loc); } -int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) +int +X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) { - if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1; + if (X509at_add1_attr(&req->req_info->attributes, attr)) + return 1; return 0; } -int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) +int +X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) { - if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, + type, bytes, len)) + return 1; return 0; } -int X509_REQ_add1_attr_by_NID(X509_REQ *req, - int nid, int type, - const unsigned char *bytes, int len) +int +X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type, + const unsigned char *bytes, int len) { - if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid, + type, bytes, len)) + return 1; return 0; } -int X509_REQ_add1_attr_by_txt(X509_REQ *req, - const char *attrname, int type, - const unsigned char *bytes, int len) +int +X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type, + const unsigned char *bytes, int len) { - if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, + type, bytes, len)) + return 1; return 0; } diff --git a/lib/libssl/src/crypto/x509/x509_err.c b/lib/libssl/src/crypto/x509/x509_err.c index ab5e8aaea2f..4a890a180d2 100644 --- a/lib/libssl/src/crypto/x509/x509_err.c +++ b/lib/libssl/src/crypto/x509/x509_err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -68,96 +68,94 @@ #define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) -static ERR_STRING_DATA X509_str_functs[]= -{ -{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, -{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, -{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, -{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, -{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, -{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, -{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, -{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, -{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, -{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, -{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, -{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, -{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, -{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, -{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, -{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, -{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, -{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, -{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, -{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, -{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, -{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, -{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, -{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, -{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"}, -{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, -{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, -{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, -{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, -{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, -{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, -{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, -{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, -{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, -{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, -{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, -{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, -{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, -{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, -{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, -{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, -{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, -{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, -{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, -{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, -{0,NULL} +static ERR_STRING_DATA X509_str_functs[] = { + {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, + {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, + {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, + {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, + {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, + {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, + {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, + {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, + {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, + {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, + {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, + {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, + {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, + {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, + {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, + {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, + {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, + {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, + {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, + {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, + {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"}, + {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, + {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, + {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, + {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, + {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, + {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, + {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, + {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, + {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, + {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, + {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, + {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, + {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, + {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, + {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, + {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, + {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, + {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, + {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, + {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, + {0, NULL} }; -static ERR_STRING_DATA X509_str_reasons[]= -{ -{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"}, -{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"}, -{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"}, -{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"}, -{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"}, -{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"}, -{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"}, -{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"}, -{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"}, -{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, -{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, -{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, -{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"}, -{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, -{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"}, -{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"}, -{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, -{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"}, -{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"}, -{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"}, -{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"}, -{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"}, -{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"}, -{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"}, -{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"}, -{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"}, -{0,NULL} +static ERR_STRING_DATA X509_str_reasons[] = { + {ERR_REASON(X509_R_BAD_X509_FILETYPE) , "bad x509 filetype"}, + {ERR_REASON(X509_R_BASE64_DECODE_ERROR) , "base64 decode error"}, + {ERR_REASON(X509_R_CANT_CHECK_DH_KEY) , "cant check dh key"}, + {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), "cert already in hash table"}, + {ERR_REASON(X509_R_ERR_ASN1_LIB) , "err asn1 lib"}, + {ERR_REASON(X509_R_INVALID_DIRECTORY) , "invalid directory"}, + {ERR_REASON(X509_R_INVALID_FIELD_NAME) , "invalid field name"}, + {ERR_REASON(X509_R_INVALID_TRUST) , "invalid trust"}, + {ERR_REASON(X509_R_KEY_TYPE_MISMATCH) , "key type mismatch"}, + {ERR_REASON(X509_R_KEY_VALUES_MISMATCH) , "key values mismatch"}, + {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"}, + {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"}, + {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"}, + {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"}, + {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"}, + {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"}, + {ERR_REASON(X509_R_SHOULD_RETRY) , "should retry"}, + {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), "unable to find parameters in chain"}, + {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), "unable to get certs public key"}, + {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) , "unknown key type"}, + {ERR_REASON(X509_R_UNKNOWN_NID) , "unknown nid"}, + {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) , "unknown purpose id"}, + {ERR_REASON(X509_R_UNKNOWN_TRUST_ID) , "unknown trust id"}, + {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, + {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) , "wrong lookup type"}, + {ERR_REASON(X509_R_WRONG_TYPE) , "wrong type"}, + {0, NULL} }; #endif -void ERR_load_X509_strings(void) +void +ERR_load_X509_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(X509_str_functs[0].error) == NULL) { - ERR_load_strings(0,X509_str_functs); - ERR_load_strings(0,X509_str_reasons); + ERR_load_strings(0, X509_str_functs); + ERR_load_strings(0, X509_str_reasons); } #endif } diff --git a/lib/libssl/src/crypto/x509/x509_ext.c b/lib/libssl/src/crypto/x509/x509_ext.c index bdc489f3674..a2441c2c2c0 100644 --- a/lib/libssl/src/crypto/x509/x509_ext.c +++ b/lib/libssl/src/crypto/x509/x509_ext.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -66,142 +66,168 @@ #include -int X509_CRL_get_ext_count(X509_CRL *x) +int +X509_CRL_get_ext_count(X509_CRL *x) { - return(X509v3_get_ext_count(x->crl->extensions)); + return (X509v3_get_ext_count(x->crl->extensions)); } -int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) +int +X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) { - return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); + return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos)); } -int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) +int +X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) { - return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); + return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos)); } -int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) +int +X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) { - return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); + return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos)); } -X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) +X509_EXTENSION * +X509_CRL_get_ext(X509_CRL *x, int loc) { - return(X509v3_get_ext(x->crl->extensions,loc)); + return (X509v3_get_ext(x->crl->extensions, loc)); } -X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) +X509_EXTENSION * +X509_CRL_delete_ext(X509_CRL *x, int loc) { - return(X509v3_delete_ext(x->crl->extensions,loc)); + return (X509v3_delete_ext(x->crl->extensions, loc)); } -void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) +void * +X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); } -int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags) +int +X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags) { return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); } -int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) +int +X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) { - return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); + return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL); } -int X509_get_ext_count(X509 *x) +int +X509_get_ext_count(X509 *x) { - return(X509v3_get_ext_count(x->cert_info->extensions)); + return (X509v3_get_ext_count(x->cert_info->extensions)); } -int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) +int +X509_get_ext_by_NID(X509 *x, int nid, int lastpos) { - return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); + return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos)); } -int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) +int +X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) { - return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); + return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos)); } -int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) +int +X509_get_ext_by_critical(X509 *x, int crit, int lastpos) { - return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); + return (X509v3_get_ext_by_critical(x->cert_info->extensions, crit, + lastpos)); } -X509_EXTENSION *X509_get_ext(X509 *x, int loc) +X509_EXTENSION * +X509_get_ext(X509 *x, int loc) { - return(X509v3_get_ext(x->cert_info->extensions,loc)); + return (X509v3_get_ext(x->cert_info->extensions, loc)); } -X509_EXTENSION *X509_delete_ext(X509 *x, int loc) +X509_EXTENSION * +X509_delete_ext(X509 *x, int loc) { - return(X509v3_delete_ext(x->cert_info->extensions,loc)); + return (X509v3_delete_ext(x->cert_info->extensions, loc)); } -int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) +int +X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) { - return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); + return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL); } -void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) +void * +X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); } -int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, - unsigned long flags) +int +X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags) { return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, - flags); + flags); } -int X509_REVOKED_get_ext_count(X509_REVOKED *x) +int +X509_REVOKED_get_ext_count(X509_REVOKED *x) { - return(X509v3_get_ext_count(x->extensions)); + return (X509v3_get_ext_count(x->extensions)); } -int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) +int +X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) { - return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); + return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos)); } -int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, - int lastpos) +int +X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, int lastpos) { - return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); + return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos)); } -int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) +int +X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) { - return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); + return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos)); } -X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) +X509_EXTENSION * +X509_REVOKED_get_ext(X509_REVOKED *x, int loc) { - return(X509v3_get_ext(x->extensions,loc)); + return (X509v3_get_ext(x->extensions, loc)); } -X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) +X509_EXTENSION * +X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) { - return(X509v3_delete_ext(x->extensions,loc)); + return (X509v3_delete_ext(x->extensions, loc)); } -int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) +int +X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) { - return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); + return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); } -void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) +void * +X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->extensions, nid, crit, idx); } -int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - unsigned long flags) +int +X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags) { return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); } diff --git a/lib/libssl/src/crypto/x509/x509_lu.c b/lib/libssl/src/crypto/x509/x509_lu.c index a89cd70313e..aec1121ffb0 100644 --- a/lib/libssl/src/crypto/x509/x509_lu.c +++ b/lib/libssl/src/crypto/x509/x509_lu.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,18 +62,20 @@ #include #include -X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) +X509_LOOKUP * +X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { X509_LOOKUP *ret; - ret=(X509_LOOKUP *)malloc(sizeof(X509_LOOKUP)); - if (ret == NULL) return NULL; + ret = (X509_LOOKUP *)malloc(sizeof(X509_LOOKUP)); + if (ret == NULL) + return NULL; - ret->init=0; - ret->skip=0; - ret->method=method; - ret->method_data=NULL; - ret->store_ctx=NULL; + ret->init = 0; + ret->skip = 0; + ret->method = method; + ret->method_data = NULL; + ret->store_ctx = NULL; if ((method->new_item != NULL) && !method->new_item(ret)) { free(ret); return NULL; @@ -81,91 +83,104 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) return ret; } -void X509_LOOKUP_free(X509_LOOKUP *ctx) +void +X509_LOOKUP_free(X509_LOOKUP *ctx) { - if (ctx == NULL) return; - if ( (ctx->method != NULL) && - (ctx->method->free != NULL)) + if (ctx == NULL) + return; + if ((ctx->method != NULL) && (ctx->method->free != NULL)) (*ctx->method->free)(ctx); free(ctx); } -int X509_LOOKUP_init(X509_LOOKUP *ctx) +int +X509_LOOKUP_init(X509_LOOKUP *ctx) { - if (ctx->method == NULL) return 0; + if (ctx->method == NULL) + return 0; if (ctx->method->init != NULL) return ctx->method->init(ctx); else return 1; } -int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) +int +X509_LOOKUP_shutdown(X509_LOOKUP *ctx) { - if (ctx->method == NULL) return 0; + if (ctx->method == NULL) + return 0; if (ctx->method->shutdown != NULL) return ctx->method->shutdown(ctx); else return 1; } -int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret) +int +X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret) { - if (ctx->method == NULL) return -1; + if (ctx->method == NULL) + return -1; if (ctx->method->ctrl != NULL) - return ctx->method->ctrl(ctx,cmd,argc,argl,ret); + return ctx->method->ctrl(ctx, cmd, argc, argl, ret); else return 1; } -int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, - X509_OBJECT *ret) - { +int +X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret) +{ if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) return X509_LU_FAIL; - if (ctx->skip) return 0; - return ctx->method->get_by_subject(ctx,type,name,ret); + if (ctx->skip) + return 0; + return ctx->method->get_by_subject(ctx, type, name, ret); } -int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial, X509_OBJECT *ret) +int +X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial, X509_OBJECT *ret) { if ((ctx->method == NULL) || - (ctx->method->get_by_issuer_serial == NULL)) + (ctx->method->get_by_issuer_serial == NULL)) return X509_LU_FAIL; - return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); + return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); } -int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, - unsigned char *bytes, int len, X509_OBJECT *ret) +int +X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, unsigned char *bytes, + int len, X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) return X509_LU_FAIL; - return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); + return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); } -int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, - X509_OBJECT *ret) +int +X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, + X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) return X509_LU_FAIL; - return ctx->method->get_by_alias(ctx,type,str,len,ret); -} - - -static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) - { - int ret; - - ret=((*a)->type - (*b)->type); - if (ret) return ret; - switch ((*a)->type) { - case X509_LU_X509: - ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); - break; - case X509_LU_CRL: - ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); - break; + return ctx->method->get_by_alias(ctx, type, str, len, ret); +} + +static int +x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) +{ + int ret; + + ret = ((*a)->type - (*b)->type); + if (ret) + return ret; + switch ((*a)->type) { + case X509_LU_X509: + ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); + break; + case X509_LU_CRL: + ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); + break; default: /* abort(); */ return 0; @@ -173,23 +188,24 @@ static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * con return ret; } -X509_STORE *X509_STORE_new(void) +X509_STORE * +X509_STORE_new(void) { X509_STORE *ret; - if ((ret=(X509_STORE *)malloc(sizeof(X509_STORE))) == NULL) + if ((ret = (X509_STORE *)malloc(sizeof(X509_STORE))) == NULL) return NULL; ret->objs = sk_X509_OBJECT_new(x509_object_cmp); - ret->cache=1; - ret->get_cert_methods=sk_X509_LOOKUP_new_null(); - ret->verify=0; - ret->verify_cb=0; + ret->cache = 1; + ret->get_cert_methods = sk_X509_LOOKUP_new_null(); + ret->verify = 0; + ret->verify_cb = 0; if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) { sk_X509_OBJECT_free(ret->objs); free(ret); return NULL; -} + } ret->get_issuer = 0; ret->check_issued = 0; @@ -201,17 +217,19 @@ X509_STORE *X509_STORE_new(void) ret->lookup_crls = 0; ret->cleanup = 0; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, + ret, &ret->ex_data)) { sk_X509_OBJECT_free(ret->objs); free(ret); return NULL; } - ret->references=1; + ret->references = 1; return ret; } -static void cleanup(X509_OBJECT *a) +static void +cleanup(X509_OBJECT *a) { if (a->type == X509_LU_X509) { X509_free(a->data.x509); @@ -224,18 +242,19 @@ static void cleanup(X509_OBJECT *a) free(a); } -void X509_STORE_free(X509_STORE *vfy) +void +X509_STORE_free(X509_STORE *vfy) { int i; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; if (vfy == NULL) - return; + return; - sk=vfy->get_cert_methods; - for (i=0; iget_cert_methods; + for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { + lu = sk_X509_LOOKUP_value(sk, i); X509_LOOKUP_shutdown(lu); X509_LOOKUP_free(lu); } @@ -248,26 +267,27 @@ void X509_STORE_free(X509_STORE *vfy) free(vfy); } -X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) +X509_LOOKUP * +X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) { int i; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; - sk=v->get_cert_methods; - for (i=0; iget_cert_methods; + for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { + lu = sk_X509_LOOKUP_value(sk, i); if (m == lu->method) { return lu; } } /* a new one */ - lu=X509_LOOKUP_new(m); + lu = X509_LOOKUP_new(m); if (lu == NULL) return NULL; else { - lu->store_ctx=v; - if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) + lu->store_ctx = v; + if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) return lu; else { X509_LOOKUP_free(lu); @@ -276,31 +296,33 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) } } -int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, - X509_OBJECT *ret) +int +X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, + X509_OBJECT *ret) { - X509_STORE *ctx=vs->ctx; + X509_STORE *ctx = vs->ctx; X509_LOOKUP *lu; - X509_OBJECT stmp,*tmp; - int i,j; + X509_OBJECT stmp, *tmp; + int i, j; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); + tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); if (tmp == NULL || type == X509_LU_CRL) { - for (i=vs->current_method; iget_cert_methods); i++) { - lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); - j=X509_LOOKUP_by_subject(lu,type,name,&stmp); + for (i = vs->current_method; + i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { + lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); + j = X509_LOOKUP_by_subject(lu, type, name, &stmp); if (j < 0) { - vs->current_method=j; + vs->current_method = j; return j; } else if (j) { - tmp= &stmp; + tmp = &stmp; break; } } - vs->current_method=0; + vs->current_method = 0; if (tmp == NULL) return 0; } @@ -308,27 +330,29 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, /* if (ret->data.ptr != NULL) X509_OBJECT_free_contents(ret); */ - ret->type=tmp->type; - ret->data.ptr=tmp->data.ptr; + ret->type = tmp->type; + ret->data.ptr = tmp->data.ptr; X509_OBJECT_up_ref_count(ret); return 1; } -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) +int +X509_STORE_add_cert(X509_STORE *ctx, X509 *x) { X509_OBJECT *obj; - int ret=1; + int ret = 1; - if (x == NULL) return 0; - obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT)); + if (x == NULL) + return 0; + obj = (X509_OBJECT *)malloc(sizeof(X509_OBJECT)); if (obj == NULL) { - X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); + X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); return 0; } - obj->type=X509_LU_X509; - obj->data.x509=x; + obj->type = X509_LU_X509; + obj->data.x509 = x; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); @@ -337,29 +361,32 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { X509_OBJECT_free_contents(obj); free(obj); - X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret=0; - } - else sk_X509_OBJECT_push(ctx->objs, obj); + X509err(X509_F_X509_STORE_ADD_CERT, + X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret = 0; + } else + sk_X509_OBJECT_push(ctx->objs, obj); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); return ret; } -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) +int +X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) { X509_OBJECT *obj; - int ret=1; + int ret = 1; - if (x == NULL) return 0; - obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT)); + if (x == NULL) + return 0; + obj = (X509_OBJECT *)malloc(sizeof(X509_OBJECT)); if (obj == NULL) { - X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); + X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); return 0; } - obj->type=X509_LU_CRL; - obj->data.crl=x; + obj->type = X509_LU_CRL; + obj->data.crl = x; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); @@ -368,8 +395,9 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { X509_OBJECT_free_contents(obj); free(obj); - X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret=0; + X509err(X509_F_X509_STORE_ADD_CRL, + X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret = 0; } else sk_X509_OBJECT_push(ctx->objs, obj); @@ -378,19 +406,21 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) return ret; } -void X509_OBJECT_up_ref_count(X509_OBJECT *a) +void +X509_OBJECT_up_ref_count(X509_OBJECT *a) { switch (a->type) { case X509_LU_X509: - CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509); + CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509); break; case X509_LU_CRL: - CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); + CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); break; } } -void X509_OBJECT_free_contents(X509_OBJECT *a) +void +X509_OBJECT_free_contents(X509_OBJECT *a) { switch (a->type) { case X509_LU_X509: @@ -402,8 +432,9 @@ void X509_OBJECT_free_contents(X509_OBJECT *a) } } -static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name, int *pnmatch) +static int +x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, + int *pnmatch) { X509_OBJECT stmp; X509 x509_s; @@ -412,24 +443,24 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_CRL_INFO crl_info_s; int idx; - stmp.type=type; + stmp.type = type; switch (type) { case X509_LU_X509: - stmp.data.x509= &x509_s; - x509_s.cert_info= &cinf_s; - cinf_s.subject=name; + stmp.data.x509 = &x509_s; + x509_s.cert_info = &cinf_s; + cinf_s.subject = name; break; case X509_LU_CRL: - stmp.data.crl= &crl_s; - crl_s.crl= &crl_info_s; - crl_info_s.issuer=name; + stmp.data.crl = &crl_s; + crl_s.crl = &crl_info_s; + crl_info_s.issuer = name; break; default: /* abort(); */ return -1; } - idx = sk_X509_OBJECT_find(h,&stmp); + idx = sk_X509_OBJECT_find(h, &stmp); if (idx >= 0 && pnmatch) { int tidx; const X509_OBJECT *tobj, *pstmp; @@ -445,28 +476,32 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, return idx; } - -int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name) +int +X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name) { return x509_object_idx_cnt(h, type, name, NULL); } -X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name) +X509_OBJECT * +X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name) { int idx; + idx = X509_OBJECT_idx_by_subject(h, type, name); - if (idx==-1) return NULL; + if (idx == -1) + return NULL; return sk_X509_OBJECT_value(h, idx); } -STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) +STACK_OF(X509) * +X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) { int i, idx, cnt; STACK_OF(X509) *sk; X509 *x; X509_OBJECT *obj; + sk = sk_X509_new_null(); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); @@ -482,7 +517,8 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) } X509_OBJECT_free_contents(&xobj); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt); + idx = x509_object_idx_cnt(ctx->ctx->objs, + X509_LU_X509, nm, &cnt); if (idx < 0) { CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); sk_X509_free(sk); @@ -505,12 +541,14 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) } -STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) +STACK_OF(X509_CRL) * +X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) { int i, idx, cnt; STACK_OF(X509_CRL) *sk; X509_CRL *x; X509_OBJECT *obj, xobj; + sk = sk_X509_CRL_new_null(); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); /* Check cache first */ @@ -525,7 +563,7 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) } X509_OBJECT_free_contents(&xobj); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt); + idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); if (idx < 0) { CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); sk_X509_CRL_free(sk); @@ -547,17 +585,21 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) return sk; } -X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) +X509_OBJECT * +X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) { int idx, i; X509_OBJECT *obj; + idx = sk_X509_OBJECT_find(h, x); - if (idx == -1) return NULL; + if (idx == -1) + return NULL; if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) return sk_X509_OBJECT_value(h, idx); for (i = idx; i < sk_X509_OBJECT_num(h); i++) { obj = sk_X509_OBJECT_value(h, i); - if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) + if (x509_object_cmp((const X509_OBJECT **)&obj, + (const X509_OBJECT **)&x)) return NULL; if (x->type == X509_LU_X509) { if (!X509_cmp(obj->data.x509, x->data.x509)) @@ -583,17 +625,19 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x * 0 certificate not found. * -1 some other error. */ -int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +int +X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { X509_NAME *xn; X509_OBJECT obj, *pobj; int i, ok, idx, ret; - xn=X509_get_issuer_name(x); - ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); + xn = X509_get_issuer_name(x); + ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj); if (ok != X509_LU_X509) { if (ok == X509_LU_RETRY) { X509_OBJECT_free_contents(&obj); - X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY); + X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, + X509_R_SHOULD_RETRY); return -1; } else if (ok != X509_LU_FAIL) { X509_OBJECT_free_contents(&obj); @@ -620,7 +664,8 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) /* See if we've run past the matches */ if (pobj->type != X509_LU_X509) break; - if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) + if (X509_NAME_cmp(xn, + X509_get_subject_name(pobj->data.x509))) break; if (ctx->check_issued(ctx, x, pobj->data.x509)) { *issuer = pobj->data.x509; @@ -634,34 +679,40 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) return ret; } -int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) +int +X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) { return X509_VERIFY_PARAM_set_flags(ctx->param, flags); } -int X509_STORE_set_depth(X509_STORE *ctx, int depth) +int +X509_STORE_set_depth(X509_STORE *ctx, int depth) { X509_VERIFY_PARAM_set_depth(ctx->param, depth); return 1; } -int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) +int +X509_STORE_set_purpose(X509_STORE *ctx, int purpose) { return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); } -int X509_STORE_set_trust(X509_STORE *ctx, int trust) +int +X509_STORE_set_trust(X509_STORE *ctx, int trust) { return X509_VERIFY_PARAM_set_trust(ctx->param, trust); } -int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) +int +X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) { return X509_VERIFY_PARAM_set1(ctx->param, param); } -void X509_STORE_set_verify_cb(X509_STORE *ctx, - int (*verify_cb)(int, X509_STORE_CTX *)) +void +X509_STORE_set_verify_cb(X509_STORE *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)) { ctx->verify_cb = verify_cb; } diff --git a/lib/libssl/src/crypto/x509/x509_obj.c b/lib/libssl/src/crypto/x509/x509_obj.c index d0c02f833e1..a50b05bb7a1 100644 --- a/lib/libssl/src/crypto/x509/x509_obj.c +++ b/lib/libssl/src/crypto/x509/x509_obj.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,105 +63,115 @@ #include #include -char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) +char * +X509_NAME_oneline(X509_NAME *a, char *buf, int len) { X509_NAME_ENTRY *ne; -int i; - int n,lold,l,l1,l2,num,j,type; + int i; + int n, lold, l,l1, l2, num, j, type; const char *s; char *p; unsigned char *q; - BUF_MEM *b=NULL; - static const char hex[17]="0123456789ABCDEF"; + BUF_MEM *b = NULL; + static const char hex[17] = "0123456789ABCDEF"; int gs_doit[4]; char tmp_buf[80]; if (buf == NULL) { - if ((b=BUF_MEM_new()) == NULL) goto err; - if (!BUF_MEM_grow(b,200)) goto err; - b->data[0]='\0'; - len=200; + if ((b = BUF_MEM_new()) == NULL) + goto err; + if (!BUF_MEM_grow(b, 200)) + goto err; + b->data[0] = '\0'; + len = 200; } if (a == NULL) { - if(b) { - buf=b->data; + if (b) { + buf = b->data; free(b); } - strlcpy(buf,"NO X509_NAME",len); + strlcpy(buf, "NO X509_NAME", len); return buf; } len--; /* space for '\0' */ - l=0; - for (i=0; ientries); i++) { - ne=sk_X509_NAME_ENTRY_value(a->entries,i); - n=OBJ_obj2nid(ne->object); - if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) { - i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object); - s=tmp_buf; + l = 0; + for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { + ne = sk_X509_NAME_ENTRY_value(a->entries, i); + n = OBJ_obj2nid(ne->object); + if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) { + i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object); + s = tmp_buf; } - l1=strlen(s); + l1 = strlen(s); - type=ne->value->type; - num=ne->value->length; - q=ne->value->data; - if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) { - gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0; - for (j=0; jvalue->type; + num = ne->value->length; + q = ne->value->data; + if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) { + gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0; + for (j = 0; j < num; j++) + if (q[j] != 0) + gs_doit[j & 3] = 1; if (gs_doit[0]|gs_doit[1]|gs_doit[2]) - gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; + gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1; else { - gs_doit[0]=gs_doit[1]=gs_doit[2]=0; - gs_doit[3]=1; + gs_doit[0] = gs_doit[1] = gs_doit[2] = 0; + gs_doit[3] = 1; } } else - gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; + gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1; - for (l2=j=0; j '~')) l2+=3; + if ((q[j] < ' ') || (q[j] > '~')) + l2 += 3; } - lold=l; - l+=1+l1+1+l2; + lold = l; + l += 1 + l1 + 1 + l2; if (b != NULL) { - if (!BUF_MEM_grow(b,l+1)) goto err; - p= &(b->data[lold]); + if (!BUF_MEM_grow(b, l + 1)) + goto err; + p = &(b->data[lold]); } else if (l > len) { break; } else - p= &(buf[lold]); - *(p++)='/'; - memcpy(p,s,(unsigned int)l1); p+=l1; - *(p++)='='; - q=ne->value->data; - for (j=0; jvalue->data; + for (j = 0; j < num; j++) { + if (!gs_doit[j & 3]) + continue; + n = q[j]; if ((n < ' ') || (n > '~')) { - *(p++)='\\'; - *(p++)='x'; - *(p++)=hex[(n>>4)&0x0f]; - *(p++)=hex[n&0x0f]; + *(p++) = '\\'; + *(p++) = 'x'; + *(p++) = hex[(n >> 4) & 0x0f]; + *(p++) = hex[n & 0x0f]; } else - *(p++)=n; + *(p++) = n; } - *p='\0'; + *p = '\0'; } if (b != NULL) { - p=b->data; + p = b->data; free(b); } else - p=buf; + p = buf; if (i == 0) *p = '\0'; - return(p); + return (p); + err: - X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); - if (b != NULL) BUF_MEM_free(b); - return(NULL); + X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE); + if (b != NULL) + BUF_MEM_free(b); + return (NULL); } - diff --git a/lib/libssl/src/crypto/x509/x509_r2x.c b/lib/libssl/src/crypto/x509/x509_r2x.c index f084447334f..530a214c1d3 100644 --- a/lib/libssl/src/crypto/x509/x509_r2x.c +++ b/lib/libssl/src/crypto/x509/x509_r2x.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -65,47 +65,50 @@ #include #include -X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) +X509 * +X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) { - X509 *ret=NULL; - X509_CINF *xi=NULL; + X509 *ret = NULL; + X509_CINF *xi = NULL; X509_NAME *xn; - if ((ret=X509_new()) == NULL) { - X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE); + if ((ret = X509_new()) == NULL) { + X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE); goto err; } /* duplicate the request */ - xi=ret->cert_info; + xi = ret->cert_info; if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { - if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err; - if (!ASN1_INTEGER_set(xi->version,2)) goto err; + if ((xi->version = M_ASN1_INTEGER_new()) == NULL) + goto err; + if (!ASN1_INTEGER_set(xi->version, 2)) + goto err; /* xi->extensions=ri->attributes; <- bad, should not ever be done ri->attributes=NULL; */ } - xn=X509_REQ_get_subject_name(r); - if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0) + xn = X509_REQ_get_subject_name(r); + if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0) goto err; - if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0) + if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0) goto err; - if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) + if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) goto err; - if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL) + if (X509_gmtime_adj(xi->validity->notAfter, + (long)60 * 60 * 24 * days) == NULL) goto err; - X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); + X509_set_pubkey(ret, X509_REQ_get_pubkey(r)); - if (!X509_sign(ret,pkey,EVP_md5())) + if (!X509_sign(ret, pkey, EVP_md5())) goto err; if (0) { err: X509_free(ret); - ret=NULL; + ret = NULL; } - return(ret); + return (ret); } - diff --git a/lib/libssl/src/crypto/x509/x509_req.c b/lib/libssl/src/crypto/x509/x509_req.c index 12725ed7e95..ae6fbd7d148 100644 --- a/lib/libssl/src/crypto/x509/x509_req.c +++ b/lib/libssl/src/crypto/x509/x509_req.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -67,86 +67,97 @@ #include #include -X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) +X509_REQ * +X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { X509_REQ *ret; X509_REQ_INFO *ri; int i; EVP_PKEY *pktmp; - ret=X509_REQ_new(); + ret = X509_REQ_new(); if (ret == NULL) { - X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE); + X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE); goto err; } - ri=ret->req_info; + ri = ret->req_info; - ri->version->length=1; - ri->version->data=(unsigned char *)malloc(1); - if (ri->version->data == NULL) goto err; - ri->version->data[0]=0; /* version == 0 */ + ri->version->length = 1; + ri->version->data = (unsigned char *)malloc(1); + if (ri->version->data == NULL) + goto err; + ri->version->data[0] = 0; /* version == 0 */ - if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) + if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) goto err; pktmp = X509_get_pubkey(x); - i=X509_REQ_set_pubkey(ret,pktmp); + i = X509_REQ_set_pubkey(ret, pktmp); EVP_PKEY_free(pktmp); - if (!i) goto err; + if (!i) + goto err; if (pkey != NULL) { - if (!X509_REQ_sign(ret,pkey,md)) + if (!X509_REQ_sign(ret, pkey, md)) goto err; } - return(ret); + return (ret); + err: X509_REQ_free(ret); - return(NULL); + return (NULL); } -EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) +EVP_PKEY * +X509_REQ_get_pubkey(X509_REQ *req) { if ((req == NULL) || (req->req_info == NULL)) - return(NULL); - return(X509_PUBKEY_get(req->req_info->pubkey)); + return (NULL); + return (X509_PUBKEY_get(req->req_info->pubkey)); } -int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) +int +X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) { - EVP_PKEY *xk=NULL; - int ok=0; + EVP_PKEY *xk = NULL; + int ok = 0; - xk=X509_REQ_get_pubkey(x); + xk = X509_REQ_get_pubkey(x); switch (EVP_PKEY_cmp(xk, k)) { case 1: - ok=1; + ok = 1; break; case 0: - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + X509_R_KEY_VALUES_MISMATCH); break; case -1: - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + X509_R_KEY_TYPE_MISMATCH); break; case -2: #ifndef OPENSSL_NO_EC if (k->type == EVP_PKEY_EC) { - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + ERR_R_EC_LIB); break; } #endif #ifndef OPENSSL_NO_DH if (k->type == EVP_PKEY_DH) { /* No idea */ - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + X509_R_CANT_CHECK_DH_KEY); break; } #endif - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + X509_R_UNKNOWN_KEY_TYPE); } EVP_PKEY_free(xk); - return(ok); + return (ok); } /* It seems several organisations had the same idea of including a list of @@ -154,31 +165,38 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) * used and there may be more: so the list is configurable. */ -static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef}; +static int ext_nid_list[] = {NID_ext_req, NID_ms_ext_req, NID_undef}; static int *ext_nids = ext_nid_list; -int X509_REQ_extension_nid(int req_nid) +int +X509_REQ_extension_nid(int req_nid) { int i, nid; - for(i = 0; ; i++) { + + for (i = 0; ; i++) { nid = ext_nids[i]; - if(nid == NID_undef) return 0; - else if (req_nid == nid) return 1; + if (nid == NID_undef) + return 0; + else if (req_nid == nid) + return 1; } } -int *X509_REQ_get_extension_nids(void) +int * +X509_REQ_get_extension_nids(void) { return ext_nids; } - -void X509_REQ_set_extension_nids(int *nids) + +void +X509_REQ_set_extension_nids(int *nids) { ext_nids = nids; } -STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) +STACK_OF(X509_EXTENSION) * +X509_REQ_get_extensions(X509_REQ *req) { X509_ATTRIBUTE *attr; ASN1_TYPE *ext = NULL; @@ -186,46 +204,50 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) const unsigned char *p; if ((req == NULL) || (req->req_info == NULL) || !ext_nids) - return(NULL); + return (NULL); for (pnid = ext_nids; *pnid != NID_undef; pnid++) { idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); if (idx == -1) continue; attr = X509_REQ_get_attr(req, idx); - if(attr->single) ext = attr->value.single; - else if(sk_ASN1_TYPE_num(attr->value.set)) + if (attr->single) + ext = attr->value.single; + else if (sk_ASN1_TYPE_num(attr->value.set)) ext = sk_ASN1_TYPE_value(attr->value.set, 0); break; } - if(!ext || (ext->type != V_ASN1_SEQUENCE)) + if (!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL; p = ext->value.sequence->data; - return (STACK_OF(X509_EXTENSION) *) - ASN1_item_d2i(NULL, &p, ext->value.sequence->length, - ASN1_ITEM_rptr(X509_EXTENSIONS)); + return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p, + ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS)); } /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs * in case we want to create a non standard one. */ -int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, - int nid) +int +X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid) { ASN1_TYPE *at = NULL; X509_ATTRIBUTE *attr = NULL; - if(!(at = ASN1_TYPE_new()) || - !(at->value.sequence = ASN1_STRING_new())) goto err; + + if (!(at = ASN1_TYPE_new()) || + !(at->value.sequence = ASN1_STRING_new())) + goto err; at->type = V_ASN1_SEQUENCE; /* Generate encoding of extensions */ - at->value.sequence->length = - ASN1_item_i2d((ASN1_VALUE *)exts, - &at->value.sequence->data, - ASN1_ITEM_rptr(X509_EXTENSIONS)); - if(!(attr = X509_ATTRIBUTE_new())) goto err; - if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; - if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; + at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts, + &at->value.sequence->data, ASN1_ITEM_rptr(X509_EXTENSIONS)); + if (!(attr = X509_ATTRIBUTE_new())) + goto err; + if (!(attr->value.set = sk_ASN1_TYPE_new_null())) + goto err; + if (!sk_ASN1_TYPE_push(attr->value.set, at)) + goto err; at = NULL; attr->single = 0; attr->object = OBJ_nid2obj(nid); @@ -233,77 +255,89 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) goto err; } - if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; + if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) + goto err; return 1; - err: + +err: X509_ATTRIBUTE_free(attr); ASN1_TYPE_free(at); return 0; } + /* This is the normal usage: use the "official" OID */ -int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) +int +X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) { return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); } /* Request attribute functions */ -int X509_REQ_get_attr_count(const X509_REQ *req) +int +X509_REQ_get_attr_count(const X509_REQ *req) { return X509at_get_attr_count(req->req_info->attributes); } -int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, - int lastpos) +int +X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos) { return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); } -int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, - int lastpos) +int +X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, int lastpos) { return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); } -X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) +X509_ATTRIBUTE * +X509_REQ_get_attr(const X509_REQ *req, int loc) { return X509at_get_attr(req->req_info->attributes, loc); } -X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) +X509_ATTRIBUTE * +X509_REQ_delete_attr(X509_REQ *req, int loc) { return X509at_delete_attr(req->req_info->attributes, loc); } -int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) +int +X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) { - if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1; + if (X509at_add1_attr(&req->req_info->attributes, attr)) + return 1; return 0; } -int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) +int +X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) { - if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, + type, bytes, len)) + return 1; return 0; } -int X509_REQ_add1_attr_by_NID(X509_REQ *req, - int nid, int type, - const unsigned char *bytes, int len) +int +X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type, + const unsigned char *bytes, int len) { - if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid, + type, bytes, len)) + return 1; return 0; } -int X509_REQ_add1_attr_by_txt(X509_REQ *req, - const char *attrname, int type, - const unsigned char *bytes, int len) +int +X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type, + const unsigned char *bytes, int len) { - if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, + type, bytes, len)) + return 1; return 0; } -- 2.20.1