From 9e7c69c4064f9108566c2fb8dff569816e9b7fae Mon Sep 17 00:00:00 2001 From: jsing Date: Mon, 21 Apr 2014 17:15:24 +0000 Subject: [PATCH] KNF. --- lib/libcrypto/x509v3/v3_ncons.c | 258 +++++++++++------------- lib/libcrypto/x509v3/v3_ocsp.c | 230 ++++++++++++--------- lib/libssl/src/crypto/x509v3/v3_ncons.c | 258 +++++++++++------------- lib/libssl/src/crypto/x509v3/v3_ocsp.c | 230 ++++++++++++--------- 4 files changed, 498 insertions(+), 478 deletions(-) diff --git a/lib/libcrypto/x509v3/v3_ncons.c b/lib/libcrypto/x509v3/v3_ncons.c index a01dc64dd22..695176471bf 100644 --- a/lib/libcrypto/x509v3/v3_ncons.c +++ b/lib/libcrypto/x509v3/v3_ncons.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,12 +64,11 @@ #include static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - void *a, BIO *bp, int ind); + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + void *a, BIO *bp, int ind); static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name); + STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name); static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); @@ -82,10 +81,10 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); const X509V3_EXT_METHOD v3_name_constraints = { NID_name_constraints, 0, ASN1_ITEM_ref(NAME_CONSTRAINTS), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_NAME_CONSTRAINTS, - i2r_NAME_CONSTRAINTS,0, + i2r_NAME_CONSTRAINTS, 0, NULL }; @@ -97,44 +96,41 @@ ASN1_SEQUENCE(GENERAL_SUBTREE) = { ASN1_SEQUENCE(NAME_CONSTRAINTS) = { ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, - GENERAL_SUBTREE, 0), + GENERAL_SUBTREE, 0), ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, - GENERAL_SUBTREE, 1), + GENERAL_SUBTREE, 1), } ASN1_SEQUENCE_END(NAME_CONSTRAINTS) - + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) -static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) - { +static void * +v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ int i; CONF_VALUE tval, *val; STACK_OF(GENERAL_SUBTREE) **ptree = NULL; NAME_CONSTRAINTS *ncons = NULL; GENERAL_SUBTREE *sub = NULL; + ncons = NAME_CONSTRAINTS_new(); if (!ncons) goto memerr; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if (!strncmp(val->name, "permitted", 9) && val->name[9]) - { + if (!strncmp(val->name, "permitted", 9) && val->name[9]) { ptree = &ncons->permittedSubtrees; tval.name = val->name + 10; - } - else if (!strncmp(val->name, "excluded", 8) && val->name[8]) - { + } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { ptree = &ncons->excludedSubtrees; tval.name = val->name + 9; - } - else - { - X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); + } else { + X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, + X509V3_R_INVALID_SYNTAX); goto err; - } + } tval.value = val->value; sub = GENERAL_SUBTREE_new(); if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) @@ -144,45 +140,43 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) goto memerr; sub = NULL; - } + } return ncons; - memerr: +memerr: X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); - err: +err: if (ncons) NAME_CONSTRAINTS_free(ncons); if (sub) GENERAL_SUBTREE_free(sub); return NULL; - } - +} - - -static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, - BIO *bp, int ind) - { +static int +i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind) +{ NAME_CONSTRAINTS *ncons = a; + do_i2r_name_constraints(method, ncons->permittedSubtrees, - bp, ind, "Permitted"); + bp, ind, "Permitted"); do_i2r_name_constraints(method, ncons->excludedSubtrees, - bp, ind, "Excluded"); + bp, ind, "Excluded"); return 1; - } +} -static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name) - { +static int +do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name) +{ GENERAL_SUBTREE *tree; int i; + if (sk_GENERAL_SUBTREE_num(trees) > 0) BIO_printf(bp, "%*s%s:\n", ind, "", name); - for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) - { + for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) { tree = sk_GENERAL_SUBTREE_value(trees, i); BIO_printf(bp, "%*s", ind + 2, ""); if (tree->base->type == GEN_IPADD) @@ -190,39 +184,35 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, else GENERAL_NAME_print(bp, tree->base); BIO_puts(bp, "\n"); - } - return 1; } + return 1; +} -static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) - { +static int +print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) +{ int i, len; unsigned char *p; + p = ip->data; len = ip->length; BIO_puts(bp, "IP:"); - if(len == 8) - { + if (len == 8) { BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", - p[0], p[1], p[2], p[3], - p[4], p[5], p[6], p[7]); - } - else if(len == 32) - { - for (i = 0; i < 16; i++) - { + p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); + } else if (len == 32) { + for (i = 0; i < 16; i++) { BIO_printf(bp, "%X", p[0] << 8 | p[1]); p += 2; if (i == 7) BIO_puts(bp, "/"); else if (i != 15) BIO_puts(bp, ":"); - } } - else + } else BIO_printf(bp, "IP Address:"); return 1; - } +} /* Check a certificate conforms to a specified set of constraints. * Return values: @@ -233,18 +223,17 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) * X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Unsupported constraint type. * X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax. * X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name - */ -int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) - { +int +NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) +{ int r, i; X509_NAME *nm; nm = X509_get_subject_name(x); - if (X509_NAME_entry_count(nm) > 0) - { + if (X509_NAME_entry_count(nm) > 0) { GENERAL_NAME gntmp; gntmp.type = GEN_DIRNAME; gntmp.d.directoryName = nm; @@ -256,15 +245,12 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) gntmp.type = GEN_EMAIL; - /* Process any email address attributes in subject name */ - for (i = -1;;) - { + for (i = -1;;) { X509_NAME_ENTRY *ne; i = X509_NAME_get_index_by_NID(nm, - NID_pkcs9_emailAddress, - i); + NID_pkcs9_emailAddress, i); if (i == -1) break; ne = X509_NAME_get_entry(nm, i); @@ -276,24 +262,23 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) if (r != X509_V_OK) return r; - } - } - for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) - { + } + + for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) { GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i); r = nc_match(gen, nc); if (r != X509_V_OK) return r; - } + } return X509_V_OK; +} - } - -static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) - { +static int +nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) +{ GENERAL_SUBTREE *sub; int i, r, match = 0; @@ -301,8 +286,7 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) * at least one subtree must match. */ - for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) - { + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) { sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); if (gen->type != sub->base->type) continue; @@ -318,15 +302,14 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) match = 2; else if (r != X509_V_ERR_PERMITTED_VIOLATION) return r; - } + } if (match == 1) return X509_V_ERR_PERMITTED_VIOLATION; /* Excluded subtrees: must not match any of these */ - for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) - { + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) { sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); if (gen->type != sub->base->type) continue; @@ -339,42 +322,41 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) else if (r != X509_V_ERR_PERMITTED_VIOLATION) return r; - } + } return X509_V_OK; +} - } - -static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) - { - switch(base->type) - { - case GEN_DIRNAME: +static int +nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) +{ + switch (base->type) { + case GEN_DIRNAME: return nc_dn(gen->d.directoryName, base->d.directoryName); - case GEN_DNS: + case GEN_DNS: return nc_dns(gen->d.dNSName, base->d.dNSName); - case GEN_EMAIL: + case GEN_EMAIL: return nc_email(gen->d.rfc822Name, base->d.rfc822Name); - case GEN_URI: + case GEN_URI: return nc_uri(gen->d.uniformResourceIdentifier, - base->d.uniformResourceIdentifier); + base->d.uniformResourceIdentifier); - default: + default: return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; - } - } +} /* directoryName name constraint matching. * The canonical encoding of X509_NAME makes this comparison easy. It is * matched if the subtree is a subset of the name. */ -static int nc_dn(X509_NAME *nm, X509_NAME *base) - { +static int +nc_dn(X509_NAME *nm, X509_NAME *base) +{ /* Ensure canonical encodings are up to date. */ if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) return X509_V_ERR_OUT_OF_MEM; @@ -385,12 +367,14 @@ static int nc_dn(X509_NAME *nm, X509_NAME *base) if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; - } +} -static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) - { +static int +nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) +{ char *baseptr = (char *)base->data; char *dnsptr = (char *)dns->data; + /* Empty matches everything */ if (!*baseptr) return X509_V_OK; @@ -398,71 +382,67 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) * compare RHS and if dns is longer and expect '.' as preceding * character. */ - if (dns->length > base->length) - { + if (dns->length > base->length) { dnsptr += dns->length - base->length; if (dnsptr[-1] != '.') return X509_V_ERR_PERMITTED_VIOLATION; - } + } if (strcasecmp(baseptr, dnsptr)) - return X509_V_ERR_PERMITTED_VIOLATION; + return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; +} - } - -static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) - { +static int +nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) +{ const char *baseptr = (char *)base->data; const char *emlptr = (char *)eml->data; - const char *baseat = strchr(baseptr, '@'); const char *emlat = strchr(emlptr, '@'); + if (!emlat) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: inital '.' is RHS match */ - if (!baseat && (*baseptr == '.')) - { - if (eml->length > base->length) - { + if (!baseat && (*baseptr == '.')) { + if (eml->length > base->length) { emlptr += eml->length - base->length; if (!strcasecmp(baseptr, emlptr)) return X509_V_OK; - } - return X509_V_ERR_PERMITTED_VIOLATION; } + return X509_V_ERR_PERMITTED_VIOLATION; + } /* If we have anything before '@' match local part */ - if (baseat) - { - if (baseat != baseptr) - { + if (baseat) { + if (baseat != baseptr) { if ((baseat - baseptr) != (emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; /* Case sensitive match of local part */ if (strncmp(baseptr, emlptr, emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; - } + } /* Position base after '@' */ baseptr = baseat + 1; - } + } emlptr = emlat + 1; /* Just have hostname left to match: case insensitive */ if (strcasecmp(baseptr, emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; +} - } - -static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) - { +static int +nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) +{ const char *baseptr = (char *)base->data; const char *hostptr = (char *)uri->data; const char *p = strchr(hostptr, ':'); int hostlen; + /* Check for foo:// and skip past it */ if (!p || (p[1] != '/') || (p[2] != '/')) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; @@ -486,20 +466,18 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: inital '.' is RHS match */ - if (*baseptr == '.') - { - if (hostlen > base->length) - { + if (*baseptr == '.') { + if (hostlen > base->length) { p = hostptr + hostlen - base->length; if (!strncasecmp(p, baseptr, base->length)) return X509_V_OK; - } - return X509_V_ERR_PERMITTED_VIOLATION; } + return X509_V_ERR_PERMITTED_VIOLATION; + } - if ((base->length != (int)hostlen) || strncasecmp(hostptr, baseptr, hostlen)) + if ((base->length != (int)hostlen) || + strncasecmp(hostptr, baseptr, hostlen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; - - } +} diff --git a/lib/libcrypto/x509v3/v3_ocsp.c b/lib/libcrypto/x509v3/v3_ocsp.c index 0c165af3142..2fef484b9a9 100644 --- a/lib/libcrypto/x509v3/v3_ocsp.c +++ b/lib/libcrypto/x509v3/v3_ocsp.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -69,59 +69,59 @@ */ static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); + BIO *out, int indent); static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); + BIO *out, int indent); static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, - int indent); + int indent); static void *ocsp_nonce_new(void); static int i2d_ocsp_nonce(void *a, unsigned char **pp); static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); static void ocsp_nonce_free(void *a); static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); + BIO *out, int indent); static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, - void *nocheck, BIO *out, int indent); + void *nocheck, BIO *out, int indent); static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - const char *str); + const char *str); static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, - BIO *bp, int ind); + BIO *bp, int ind); const X509V3_EXT_METHOD v3_ocsp_crlid = { NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_crlid,0, + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_crlid, 0, NULL }; const X509V3_EXT_METHOD v3_ocsp_acutoff = { NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_acutoff,0, + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_acutoff, 0, NULL }; const X509V3_EXT_METHOD v3_crl_invdate = { NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_acutoff,0, + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_acutoff, 0, NULL }; const X509V3_EXT_METHOD v3_crl_hold = { NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), - 0,0,0,0, - 0,0, - 0,0, - i2r_object,0, + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_object, 0, NULL }; @@ -131,71 +131,82 @@ const X509V3_EXT_METHOD v3_ocsp_nonce = { ocsp_nonce_free, d2i_ocsp_nonce, i2d_ocsp_nonce, - 0,0, - 0,0, - i2r_ocsp_nonce,0, + 0, 0, + 0, 0, + i2r_ocsp_nonce, 0, NULL }; const X509V3_EXT_METHOD v3_ocsp_nocheck = { NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), - 0,0,0,0, - 0,s2i_ocsp_nocheck, - 0,0, - i2r_ocsp_nocheck,0, + 0, 0, 0, 0, + 0, s2i_ocsp_nocheck, + 0, 0, + i2r_ocsp_nocheck, 0, NULL }; const X509V3_EXT_METHOD v3_ocsp_serviceloc = { NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_serviceloc,0, + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_serviceloc, 0, NULL }; -static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, - int ind) +static int +i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) { OCSP_CRLID *a = in; - if (a->crlUrl) - { - if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err; - if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err; - if (BIO_write(bp, "\n", 1) <= 0) goto err; - } - if (a->crlNum) - { - if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err; - if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err; - if (BIO_write(bp, "\n", 1) <= 0) goto err; - } - if (a->crlTime) - { - if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err; - if (BIO_write(bp, "\n", 1) <= 0) goto err; - } + if (a->crlUrl) { + if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) + goto err; + if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (a->crlNum) { + if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) + goto err; + if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (a->crlTime) { + if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) + goto err; + if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } return 1; - err: + +err: return 0; } -static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, - BIO *bp, int ind) +static int +i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, + int ind) { - if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; - if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0; + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) + return 0; return 1; } - -static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, - int ind) +static int +i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) { - if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; - if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0; + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (i2a_ASN1_OBJECT(bp, oid) <= 0) + return 0; return 1; } @@ -203,87 +214,108 @@ static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, * an ASN1 encoding at all: it just contains arbitrary data. */ -static void *ocsp_nonce_new(void) +static void * +ocsp_nonce_new(void) { return ASN1_OCTET_STRING_new(); } -static int i2d_ocsp_nonce(void *a, unsigned char **pp) +static int +i2d_ocsp_nonce(void *a, unsigned char **pp) { ASN1_OCTET_STRING *os = a; - if(pp) { + + if (pp) { memcpy(*pp, os->data, os->length); *pp += os->length; } return os->length; } -static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) +static void * +d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) { ASN1_OCTET_STRING *os, **pos; + pos = a; - if(!pos || !*pos) os = ASN1_OCTET_STRING_new(); - else os = *pos; - if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err; + if (!pos || !*pos) + os = ASN1_OCTET_STRING_new(); + else + os = *pos; + if (!ASN1_OCTET_STRING_set(os, *pp, length)) + goto err; *pp += length; - if(pos) *pos = os; + if (pos) + *pos = os; return os; - err: - if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os); +err: + if (os && (!pos || (*pos != os))) + M_ASN1_OCTET_STRING_free(os); OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); return NULL; } -static void ocsp_nonce_free(void *a) +static void +ocsp_nonce_free(void *a) { M_ASN1_OCTET_STRING_free(a); } -static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent) +static int +i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, BIO *out, + int indent) { - if(BIO_printf(out, "%*s", indent, "") <= 0) return 0; - if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0; + if (BIO_printf(out, "%*s", indent, "") <= 0) + return 0; + if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) + return 0; return 1; } /* Nocheck is just a single NULL. Don't print anything and always set it */ -static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, - BIO *out, int indent) +static int +i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, BIO *out, + int indent) { return 1; } -static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - const char *str) +static void * +s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + const char *str) { return ASN1_NULL_new(); } -static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, - BIO *bp, int ind) - { +static int +i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) +{ int i; OCSP_SERVICELOC *a = in; ACCESS_DESCRIPTION *ad; - if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err; - if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err; - for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) - { - ad = sk_ACCESS_DESCRIPTION_value(a->locator,i); - if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) - goto err; - if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err; - if(BIO_puts(bp, " - ") <= 0) goto err; - if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err; - } + if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) + goto err; + if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) + goto err; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { + ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); + if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) + goto err; + if (BIO_puts(bp, " - ") <= 0) + goto err; + if (GENERAL_NAME_print(bp, ad->location) <= 0) + goto err; + } return 1; + err: return 0; - } +} #endif diff --git a/lib/libssl/src/crypto/x509v3/v3_ncons.c b/lib/libssl/src/crypto/x509v3/v3_ncons.c index a01dc64dd22..695176471bf 100644 --- a/lib/libssl/src/crypto/x509v3/v3_ncons.c +++ b/lib/libssl/src/crypto/x509v3/v3_ncons.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,12 +64,11 @@ #include static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - void *a, BIO *bp, int ind); + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + void *a, BIO *bp, int ind); static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name); + STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name); static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); @@ -82,10 +81,10 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); const X509V3_EXT_METHOD v3_name_constraints = { NID_name_constraints, 0, ASN1_ITEM_ref(NAME_CONSTRAINTS), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_NAME_CONSTRAINTS, - i2r_NAME_CONSTRAINTS,0, + i2r_NAME_CONSTRAINTS, 0, NULL }; @@ -97,44 +96,41 @@ ASN1_SEQUENCE(GENERAL_SUBTREE) = { ASN1_SEQUENCE(NAME_CONSTRAINTS) = { ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, - GENERAL_SUBTREE, 0), + GENERAL_SUBTREE, 0), ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, - GENERAL_SUBTREE, 1), + GENERAL_SUBTREE, 1), } ASN1_SEQUENCE_END(NAME_CONSTRAINTS) - + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) -static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) - { +static void * +v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ int i; CONF_VALUE tval, *val; STACK_OF(GENERAL_SUBTREE) **ptree = NULL; NAME_CONSTRAINTS *ncons = NULL; GENERAL_SUBTREE *sub = NULL; + ncons = NAME_CONSTRAINTS_new(); if (!ncons) goto memerr; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if (!strncmp(val->name, "permitted", 9) && val->name[9]) - { + if (!strncmp(val->name, "permitted", 9) && val->name[9]) { ptree = &ncons->permittedSubtrees; tval.name = val->name + 10; - } - else if (!strncmp(val->name, "excluded", 8) && val->name[8]) - { + } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { ptree = &ncons->excludedSubtrees; tval.name = val->name + 9; - } - else - { - X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); + } else { + X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, + X509V3_R_INVALID_SYNTAX); goto err; - } + } tval.value = val->value; sub = GENERAL_SUBTREE_new(); if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) @@ -144,45 +140,43 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) goto memerr; sub = NULL; - } + } return ncons; - memerr: +memerr: X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); - err: +err: if (ncons) NAME_CONSTRAINTS_free(ncons); if (sub) GENERAL_SUBTREE_free(sub); return NULL; - } - +} - - -static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, - BIO *bp, int ind) - { +static int +i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind) +{ NAME_CONSTRAINTS *ncons = a; + do_i2r_name_constraints(method, ncons->permittedSubtrees, - bp, ind, "Permitted"); + bp, ind, "Permitted"); do_i2r_name_constraints(method, ncons->excludedSubtrees, - bp, ind, "Excluded"); + bp, ind, "Excluded"); return 1; - } +} -static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name) - { +static int +do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name) +{ GENERAL_SUBTREE *tree; int i; + if (sk_GENERAL_SUBTREE_num(trees) > 0) BIO_printf(bp, "%*s%s:\n", ind, "", name); - for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) - { + for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) { tree = sk_GENERAL_SUBTREE_value(trees, i); BIO_printf(bp, "%*s", ind + 2, ""); if (tree->base->type == GEN_IPADD) @@ -190,39 +184,35 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, else GENERAL_NAME_print(bp, tree->base); BIO_puts(bp, "\n"); - } - return 1; } + return 1; +} -static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) - { +static int +print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) +{ int i, len; unsigned char *p; + p = ip->data; len = ip->length; BIO_puts(bp, "IP:"); - if(len == 8) - { + if (len == 8) { BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", - p[0], p[1], p[2], p[3], - p[4], p[5], p[6], p[7]); - } - else if(len == 32) - { - for (i = 0; i < 16; i++) - { + p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); + } else if (len == 32) { + for (i = 0; i < 16; i++) { BIO_printf(bp, "%X", p[0] << 8 | p[1]); p += 2; if (i == 7) BIO_puts(bp, "/"); else if (i != 15) BIO_puts(bp, ":"); - } } - else + } else BIO_printf(bp, "IP Address:"); return 1; - } +} /* Check a certificate conforms to a specified set of constraints. * Return values: @@ -233,18 +223,17 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) * X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Unsupported constraint type. * X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax. * X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name - */ -int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) - { +int +NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) +{ int r, i; X509_NAME *nm; nm = X509_get_subject_name(x); - if (X509_NAME_entry_count(nm) > 0) - { + if (X509_NAME_entry_count(nm) > 0) { GENERAL_NAME gntmp; gntmp.type = GEN_DIRNAME; gntmp.d.directoryName = nm; @@ -256,15 +245,12 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) gntmp.type = GEN_EMAIL; - /* Process any email address attributes in subject name */ - for (i = -1;;) - { + for (i = -1;;) { X509_NAME_ENTRY *ne; i = X509_NAME_get_index_by_NID(nm, - NID_pkcs9_emailAddress, - i); + NID_pkcs9_emailAddress, i); if (i == -1) break; ne = X509_NAME_get_entry(nm, i); @@ -276,24 +262,23 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) if (r != X509_V_OK) return r; - } - } - for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) - { + } + + for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) { GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i); r = nc_match(gen, nc); if (r != X509_V_OK) return r; - } + } return X509_V_OK; +} - } - -static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) - { +static int +nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) +{ GENERAL_SUBTREE *sub; int i, r, match = 0; @@ -301,8 +286,7 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) * at least one subtree must match. */ - for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) - { + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) { sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); if (gen->type != sub->base->type) continue; @@ -318,15 +302,14 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) match = 2; else if (r != X509_V_ERR_PERMITTED_VIOLATION) return r; - } + } if (match == 1) return X509_V_ERR_PERMITTED_VIOLATION; /* Excluded subtrees: must not match any of these */ - for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) - { + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) { sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); if (gen->type != sub->base->type) continue; @@ -339,42 +322,41 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) else if (r != X509_V_ERR_PERMITTED_VIOLATION) return r; - } + } return X509_V_OK; +} - } - -static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) - { - switch(base->type) - { - case GEN_DIRNAME: +static int +nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) +{ + switch (base->type) { + case GEN_DIRNAME: return nc_dn(gen->d.directoryName, base->d.directoryName); - case GEN_DNS: + case GEN_DNS: return nc_dns(gen->d.dNSName, base->d.dNSName); - case GEN_EMAIL: + case GEN_EMAIL: return nc_email(gen->d.rfc822Name, base->d.rfc822Name); - case GEN_URI: + case GEN_URI: return nc_uri(gen->d.uniformResourceIdentifier, - base->d.uniformResourceIdentifier); + base->d.uniformResourceIdentifier); - default: + default: return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; - } - } +} /* directoryName name constraint matching. * The canonical encoding of X509_NAME makes this comparison easy. It is * matched if the subtree is a subset of the name. */ -static int nc_dn(X509_NAME *nm, X509_NAME *base) - { +static int +nc_dn(X509_NAME *nm, X509_NAME *base) +{ /* Ensure canonical encodings are up to date. */ if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) return X509_V_ERR_OUT_OF_MEM; @@ -385,12 +367,14 @@ static int nc_dn(X509_NAME *nm, X509_NAME *base) if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; - } +} -static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) - { +static int +nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) +{ char *baseptr = (char *)base->data; char *dnsptr = (char *)dns->data; + /* Empty matches everything */ if (!*baseptr) return X509_V_OK; @@ -398,71 +382,67 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) * compare RHS and if dns is longer and expect '.' as preceding * character. */ - if (dns->length > base->length) - { + if (dns->length > base->length) { dnsptr += dns->length - base->length; if (dnsptr[-1] != '.') return X509_V_ERR_PERMITTED_VIOLATION; - } + } if (strcasecmp(baseptr, dnsptr)) - return X509_V_ERR_PERMITTED_VIOLATION; + return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; +} - } - -static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) - { +static int +nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) +{ const char *baseptr = (char *)base->data; const char *emlptr = (char *)eml->data; - const char *baseat = strchr(baseptr, '@'); const char *emlat = strchr(emlptr, '@'); + if (!emlat) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: inital '.' is RHS match */ - if (!baseat && (*baseptr == '.')) - { - if (eml->length > base->length) - { + if (!baseat && (*baseptr == '.')) { + if (eml->length > base->length) { emlptr += eml->length - base->length; if (!strcasecmp(baseptr, emlptr)) return X509_V_OK; - } - return X509_V_ERR_PERMITTED_VIOLATION; } + return X509_V_ERR_PERMITTED_VIOLATION; + } /* If we have anything before '@' match local part */ - if (baseat) - { - if (baseat != baseptr) - { + if (baseat) { + if (baseat != baseptr) { if ((baseat - baseptr) != (emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; /* Case sensitive match of local part */ if (strncmp(baseptr, emlptr, emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; - } + } /* Position base after '@' */ baseptr = baseat + 1; - } + } emlptr = emlat + 1; /* Just have hostname left to match: case insensitive */ if (strcasecmp(baseptr, emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; +} - } - -static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) - { +static int +nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) +{ const char *baseptr = (char *)base->data; const char *hostptr = (char *)uri->data; const char *p = strchr(hostptr, ':'); int hostlen; + /* Check for foo:// and skip past it */ if (!p || (p[1] != '/') || (p[2] != '/')) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; @@ -486,20 +466,18 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: inital '.' is RHS match */ - if (*baseptr == '.') - { - if (hostlen > base->length) - { + if (*baseptr == '.') { + if (hostlen > base->length) { p = hostptr + hostlen - base->length; if (!strncasecmp(p, baseptr, base->length)) return X509_V_OK; - } - return X509_V_ERR_PERMITTED_VIOLATION; } + return X509_V_ERR_PERMITTED_VIOLATION; + } - if ((base->length != (int)hostlen) || strncasecmp(hostptr, baseptr, hostlen)) + if ((base->length != (int)hostlen) || + strncasecmp(hostptr, baseptr, hostlen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; - - } +} diff --git a/lib/libssl/src/crypto/x509v3/v3_ocsp.c b/lib/libssl/src/crypto/x509v3/v3_ocsp.c index 0c165af3142..2fef484b9a9 100644 --- a/lib/libssl/src/crypto/x509v3/v3_ocsp.c +++ b/lib/libssl/src/crypto/x509v3/v3_ocsp.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -69,59 +69,59 @@ */ static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); + BIO *out, int indent); static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); + BIO *out, int indent); static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, - int indent); + int indent); static void *ocsp_nonce_new(void); static int i2d_ocsp_nonce(void *a, unsigned char **pp); static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); static void ocsp_nonce_free(void *a); static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); + BIO *out, int indent); static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, - void *nocheck, BIO *out, int indent); + void *nocheck, BIO *out, int indent); static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - const char *str); + const char *str); static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, - BIO *bp, int ind); + BIO *bp, int ind); const X509V3_EXT_METHOD v3_ocsp_crlid = { NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_crlid,0, + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_crlid, 0, NULL }; const X509V3_EXT_METHOD v3_ocsp_acutoff = { NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_acutoff,0, + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_acutoff, 0, NULL }; const X509V3_EXT_METHOD v3_crl_invdate = { NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_acutoff,0, + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_acutoff, 0, NULL }; const X509V3_EXT_METHOD v3_crl_hold = { NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), - 0,0,0,0, - 0,0, - 0,0, - i2r_object,0, + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_object, 0, NULL }; @@ -131,71 +131,82 @@ const X509V3_EXT_METHOD v3_ocsp_nonce = { ocsp_nonce_free, d2i_ocsp_nonce, i2d_ocsp_nonce, - 0,0, - 0,0, - i2r_ocsp_nonce,0, + 0, 0, + 0, 0, + i2r_ocsp_nonce, 0, NULL }; const X509V3_EXT_METHOD v3_ocsp_nocheck = { NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), - 0,0,0,0, - 0,s2i_ocsp_nocheck, - 0,0, - i2r_ocsp_nocheck,0, + 0, 0, 0, 0, + 0, s2i_ocsp_nocheck, + 0, 0, + i2r_ocsp_nocheck, 0, NULL }; const X509V3_EXT_METHOD v3_ocsp_serviceloc = { NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_serviceloc,0, + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_ocsp_serviceloc, 0, NULL }; -static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, - int ind) +static int +i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) { OCSP_CRLID *a = in; - if (a->crlUrl) - { - if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err; - if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err; - if (BIO_write(bp, "\n", 1) <= 0) goto err; - } - if (a->crlNum) - { - if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err; - if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err; - if (BIO_write(bp, "\n", 1) <= 0) goto err; - } - if (a->crlTime) - { - if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err; - if (BIO_write(bp, "\n", 1) <= 0) goto err; - } + if (a->crlUrl) { + if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) + goto err; + if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (a->crlNum) { + if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) + goto err; + if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (a->crlTime) { + if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) + goto err; + if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } return 1; - err: + +err: return 0; } -static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, - BIO *bp, int ind) +static int +i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, + int ind) { - if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; - if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0; + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) + return 0; return 1; } - -static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, - int ind) +static int +i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) { - if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; - if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0; + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (i2a_ASN1_OBJECT(bp, oid) <= 0) + return 0; return 1; } @@ -203,87 +214,108 @@ static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, * an ASN1 encoding at all: it just contains arbitrary data. */ -static void *ocsp_nonce_new(void) +static void * +ocsp_nonce_new(void) { return ASN1_OCTET_STRING_new(); } -static int i2d_ocsp_nonce(void *a, unsigned char **pp) +static int +i2d_ocsp_nonce(void *a, unsigned char **pp) { ASN1_OCTET_STRING *os = a; - if(pp) { + + if (pp) { memcpy(*pp, os->data, os->length); *pp += os->length; } return os->length; } -static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) +static void * +d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) { ASN1_OCTET_STRING *os, **pos; + pos = a; - if(!pos || !*pos) os = ASN1_OCTET_STRING_new(); - else os = *pos; - if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err; + if (!pos || !*pos) + os = ASN1_OCTET_STRING_new(); + else + os = *pos; + if (!ASN1_OCTET_STRING_set(os, *pp, length)) + goto err; *pp += length; - if(pos) *pos = os; + if (pos) + *pos = os; return os; - err: - if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os); +err: + if (os && (!pos || (*pos != os))) + M_ASN1_OCTET_STRING_free(os); OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); return NULL; } -static void ocsp_nonce_free(void *a) +static void +ocsp_nonce_free(void *a) { M_ASN1_OCTET_STRING_free(a); } -static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent) +static int +i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, BIO *out, + int indent) { - if(BIO_printf(out, "%*s", indent, "") <= 0) return 0; - if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0; + if (BIO_printf(out, "%*s", indent, "") <= 0) + return 0; + if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) + return 0; return 1; } /* Nocheck is just a single NULL. Don't print anything and always set it */ -static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, - BIO *out, int indent) +static int +i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, BIO *out, + int indent) { return 1; } -static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - const char *str) +static void * +s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + const char *str) { return ASN1_NULL_new(); } -static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, - BIO *bp, int ind) - { +static int +i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) +{ int i; OCSP_SERVICELOC *a = in; ACCESS_DESCRIPTION *ad; - if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err; - if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err; - for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) - { - ad = sk_ACCESS_DESCRIPTION_value(a->locator,i); - if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) - goto err; - if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err; - if(BIO_puts(bp, " - ") <= 0) goto err; - if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err; - } + if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) + goto err; + if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) + goto err; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { + ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); + if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) + goto err; + if (BIO_puts(bp, " - ") <= 0) + goto err; + if (GENERAL_NAME_print(bp, ad->location) <= 0) + goto err; + } return 1; + err: return 0; - } +} #endif -- 2.20.1