From bc775f6c0bff8ca9dafb0c7a58a2f66de07a0e24 Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 18 May 2014 11:28:41 +0000 Subject: [PATCH] More KNF. --- lib/libcrypto/ocsp/ocsp.h | 6 +- lib/libcrypto/ocsp/ocsp_asn.c | 46 ++++----- lib/libcrypto/ocsp/ocsp_cl.c | 17 ++-- lib/libcrypto/ocsp/ocsp_err.c | 131 +++++++++++++------------- lib/libcrypto/ocsp/ocsp_ext.c | 43 +++++---- lib/libcrypto/ocsp/ocsp_ht.c | 8 +- lib/libcrypto/ocsp/ocsp_lib.c | 11 ++- lib/libcrypto/ocsp/ocsp_prn.c | 100 ++++++++++---------- lib/libcrypto/ocsp/ocsp_srv.c | 15 +-- lib/libcrypto/ocsp/ocsp_vfy.c | 24 ++--- lib/libssl/src/crypto/ocsp/ocsp.h | 6 +- lib/libssl/src/crypto/ocsp/ocsp_asn.c | 46 ++++----- lib/libssl/src/crypto/ocsp/ocsp_cl.c | 17 ++-- lib/libssl/src/crypto/ocsp/ocsp_err.c | 131 +++++++++++++------------- lib/libssl/src/crypto/ocsp/ocsp_ext.c | 43 +++++---- lib/libssl/src/crypto/ocsp/ocsp_ht.c | 8 +- lib/libssl/src/crypto/ocsp/ocsp_lib.c | 11 ++- lib/libssl/src/crypto/ocsp/ocsp_prn.c | 100 ++++++++++---------- lib/libssl/src/crypto/ocsp/ocsp_srv.c | 15 +-- lib/libssl/src/crypto/ocsp/ocsp_vfy.c | 24 ++--- 20 files changed, 416 insertions(+), 386 deletions(-) diff --git a/lib/libcrypto/ocsp/ocsp.h b/lib/libcrypto/ocsp/ocsp.h index 9401f7db2f4..09733aff631 100644 --- a/lib/libcrypto/ocsp/ocsp.h +++ b/lib/libcrypto/ocsp/ocsp.h @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -335,7 +335,7 @@ typedef struct ocsp_service_locator_st { X509_NAME* issuer; STACK_OF(ACCESS_DESCRIPTION) *locator; } OCSP_SERVICELOC; - + #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" @@ -454,7 +454,7 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, int OCSP_request_is_signed(OCSP_REQUEST *req); OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, - int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, + int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, ASN1_TIME *nextupd); int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, diff --git a/lib/libcrypto/ocsp/ocsp_asn.c b/lib/libcrypto/ocsp/ocsp_asn.c index bfe892ac705..2a7ed1a187b 100644 --- a/lib/libcrypto/ocsp/ocsp_asn.c +++ b/lib/libcrypto/ocsp/ocsp_asn.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -102,8 +102,8 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) /* OCSP_RESPONSE templates */ ASN1_SEQUENCE(OCSP_RESPBYTES) = { - ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), - ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) + ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), + ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(OCSP_RESPBYTES) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) @@ -116,15 +116,15 @@ ASN1_SEQUENCE(OCSP_RESPONSE) = { IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) ASN1_CHOICE(OCSP_RESPID) = { - ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), - ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) + ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), + ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) } ASN1_CHOICE_END(OCSP_RESPID) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), - ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) + ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) @@ -138,38 +138,38 @@ ASN1_CHOICE(OCSP_CERTSTATUS) = { IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) ASN1_SEQUENCE(OCSP_SINGLERESP) = { - ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), - ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), - ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), - ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) + ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), + ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), + ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), + ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) } ASN1_SEQUENCE_END(OCSP_SINGLERESP) IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) ASN1_SEQUENCE(OCSP_RESPDATA) = { - ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), - ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), - ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), - ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) + ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), + ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), + ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), + ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) } ASN1_SEQUENCE_END(OCSP_RESPDATA) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) ASN1_SEQUENCE(OCSP_BASICRESP) = { - ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), - ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) + ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), + ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) } ASN1_SEQUENCE_END(OCSP_BASICRESP) IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) ASN1_SEQUENCE(OCSP_CRLID) = { - ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), - ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), - ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) + ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), + ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), + ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) } ASN1_SEQUENCE_END(OCSP_CRLID) IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) diff --git a/lib/libcrypto/ocsp/ocsp_cl.c b/lib/libcrypto/ocsp/ocsp_cl.c index 716513d2f99..aabd497dde1 100644 --- a/lib/libcrypto/ocsp/ocsp_cl.c +++ b/lib/libcrypto/ocsp/ocsp_cl.c @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -75,7 +75,7 @@ * relevant information from the response. */ -/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ +/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ * pointer: useful if we want to add extensions. */ OCSP_ONEREQ * @@ -91,6 +91,7 @@ OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) goto err; return one; + err: OCSP_ONEREQ_free(one); return NULL; @@ -115,7 +116,7 @@ OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) req->tbsRequest->requestorName = gen; return 1; } - + /* Add a certificate to an OCSP request */ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) @@ -132,7 +133,7 @@ OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) if (!sig->certs && !(sig->certs = sk_X509_new_null())) return 0; - if(!sk_X509_push(sig->certs, cert)) + if (!sk_X509_push(sig->certs, cert)) return 0; CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); return 1; @@ -167,7 +168,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, } if (!(flags & OCSP_NOCERTS)) { - if(!OCSP_request_add1_cert(req, signer)) + if (!OCSP_request_add1_cert(req, signer)) goto err; for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); @@ -177,6 +178,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, } return 1; + err: OCSP_SIGNATURE_free(req->optionalSignature); req->optionalSignature = NULL; @@ -257,7 +259,7 @@ OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) } /* Extract status information from an OCSP_SINGLERESP structure. - * Note: the revtime and reason values are only set if the + * Note: the revtime and reason values are only set if the * certificate status is revoked. Returns numerical value of * status. */ @@ -280,7 +282,8 @@ OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, *revtime = rev->revocationTime; if (reason) { if (rev->revocationReason) - *reason = ASN1_ENUMERATED_get(rev->revocationReason); + *reason = ASN1_ENUMERATED_get( + rev->revocationReason); else *reason = -1; } diff --git a/lib/libcrypto/ocsp/ocsp_err.c b/lib/libcrypto/ocsp/ocsp_err.c index 0cedcea6820..8faf35d7c36 100644 --- a/lib/libcrypto/ocsp/ocsp_err.c +++ b/lib/libcrypto/ocsp/ocsp_err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -68,75 +68,72 @@ #define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) -static ERR_STRING_DATA OCSP_str_functs[]= - { -{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, -{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, -{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, -{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, -{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, -{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, -{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, -{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, -{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, -{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, -{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, -{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, -{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, -{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, -{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, -{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, -{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, -{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, -{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, -{0,NULL} - }; +static ERR_STRING_DATA OCSP_str_functs[]= { + {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, + {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, + {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, + {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, + {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, + {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, + {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, + {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, + {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, + {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, + {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, + {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, + {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, + {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, + {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, + {0, NULL} +}; -static ERR_STRING_DATA OCSP_str_reasons[]= - { -{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"}, -{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, -{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"}, -{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"}, -{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"}, -{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"}, -{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"}, -{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"}, -{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"}, -{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"}, -{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"}, -{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"}, -{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"}, -{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"}, -{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, -{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"}, -{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"}, -{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"}, -{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"}, -{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"}, -{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"}, -{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"}, -{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"}, -{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, -{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"}, -{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"}, -{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"}, -{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"}, -{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"}, -{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"}, -{0,NULL} - }; +static ERR_STRING_DATA OCSP_str_reasons[]= { + {ERR_REASON(OCSP_R_BAD_DATA) , "bad data"}, + {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, + {ERR_REASON(OCSP_R_DIGEST_ERR) , "digest err"}, + {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), "error in nextupdate field"}, + {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), "error in thisupdate field"}, + {ERR_REASON(OCSP_R_ERROR_PARSING_URL) , "error parsing url"}, + {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), "missing ocspsigning usage"}, + {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), "nextupdate before thisupdate"}, + {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) , "not basic response"}, + {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"}, + {ERR_REASON(OCSP_R_NO_CONTENT) , "no content"}, + {ERR_REASON(OCSP_R_NO_PUBLIC_KEY) , "no public key"}, + {ERR_REASON(OCSP_R_NO_RESPONSE_DATA) , "no response data"}, + {ERR_REASON(OCSP_R_NO_REVOKED_TIME) , "no revoked time"}, + {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"}, + {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) , "request not signed"}, + {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), "response contains no revocation data"}, + {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) , "root ca not trusted"}, + {ERR_REASON(OCSP_R_SERVER_READ_ERROR) , "server read error"}, + {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"}, + {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), "server response parse error"}, + {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) , "server write error"}, + {ERR_REASON(OCSP_R_SIGNATURE_FAILURE) , "signature failure"}, + {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"}, + {ERR_REASON(OCSP_R_STATUS_EXPIRED) , "status expired"}, + {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) , "status not yet valid"}, + {ERR_REASON(OCSP_R_STATUS_TOO_OLD) , "status too old"}, + {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"}, + {ERR_REASON(OCSP_R_UNKNOWN_NID) , "unknown nid"}, + {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), "unsupported requestorname type"}, + {0, NULL} +}; #endif -void ERR_load_OCSP_strings(void) - { +void +ERR_load_OCSP_strings(void) +{ #ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) - { - ERR_load_strings(0,OCSP_str_functs); - ERR_load_strings(0,OCSP_str_reasons); - } -#endif + if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) { + ERR_load_strings(0, OCSP_str_functs); + ERR_load_strings(0, OCSP_str_reasons); } +#endif +} diff --git a/lib/libcrypto/ocsp/ocsp_ext.c b/lib/libcrypto/ocsp/ocsp_ext.c index 6ec8ca4adf6..45b072750f0 100644 --- a/lib/libcrypto/ocsp/ocsp_ext.c +++ b/lib/libcrypto/ocsp/ocsp_ext.c @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -129,8 +129,8 @@ OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) { - return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != - NULL; + return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, + loc) != NULL; } /* Single extensions */ @@ -172,7 +172,8 @@ OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) return X509v3_delete_ext(x->singleRequestExtensions, loc); } -void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) +void * +OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); } @@ -203,7 +204,7 @@ int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) { return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions, - nid ,lastpos); + nid, lastpos); } int @@ -216,8 +217,8 @@ OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos) int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) { - return X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions, - crit, lastpos); + return X509v3_get_ext_by_critical( + x->tbsResponseData->responseExtensions, crit, lastpos); } X509_EXTENSION * @@ -329,14 +330,15 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data, if (i2d(data, &p) <= 0) goto err; } else if (sk) { - if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, + if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL, (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE)) <= 0) goto err; if (!(b = p = malloc((unsigned int)i))) goto err; - if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) + if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, + (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) goto err; } else { OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); @@ -348,6 +350,7 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data, goto err; free(b); return s; + err: free(b); return NULL; @@ -358,7 +361,7 @@ err: /* Add a nonce to an extension stack. A nonce can be specificed or if NULL * a random nonce will be generated. - * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the + * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the * nonce, previous versions used the raw nonce. */ @@ -390,6 +393,7 @@ ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) X509V3_ADD_REPLACE)) goto err; ret = 1; + err: free(os.data); return ret; @@ -436,7 +440,8 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) X509_EXTENSION *req_ext, *resp_ext; req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); - resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); + resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, + NID_id_pkix_OCSP_Nonce, -1); /* Check both absent */ if (req_idx < 0 && resp_idx < 0) return 2; @@ -454,7 +459,7 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) return 1; } -/* Copy the nonce value (if any) from an OCSP request to +/* Copy the nonce value (if any) from an OCSP request to * a response. */ int @@ -477,7 +482,7 @@ OCSP_crlID_new(char *url, long *n, char *tim) { X509_EXTENSION *x = NULL; OCSP_CRLID *cid = NULL; - + if (!(cid = OCSP_CRLID_new())) goto err; if (url) { @@ -495,10 +500,11 @@ OCSP_crlID_new(char *url, long *n, char *tim) if (tim) { if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; - if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) + if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) goto err; } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); + err: if (cid) OCSP_CRLID_free(cid); @@ -518,11 +524,12 @@ OCSP_accept_responses_new(char **oids) goto err; while (oids && *oids) { if ((nid = OBJ_txt2nid(*oids)) != NID_undef && - (o = OBJ_nid2obj(nid))) + (o = OBJ_nid2obj(nid))) sk_ASN1_OBJECT_push(sk, o); oids++; } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); + err: if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); @@ -541,6 +548,7 @@ OCSP_archive_cutoff_new(char* tim) if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); + err: if (gt) ASN1_GENERALIZEDTIME_free(gt); @@ -558,7 +566,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) ASN1_IA5STRING *ia5 = NULL; OCSP_SERVICELOC *sloc = NULL; ACCESS_DESCRIPTION *ad = NULL; - + if (!(sloc = OCSP_SERVICELOC_new())) goto err; if (!(sloc->issuer = X509_NAME_dup(issuer))) @@ -584,6 +592,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) urls++; } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); + err: if (sloc) OCSP_SERVICELOC_free(sloc); diff --git a/lib/libcrypto/ocsp/ocsp_ht.c b/lib/libcrypto/ocsp/ocsp_ht.c index 7f73a4195cf..f3ee29ccbb0 100644 --- a/lib/libcrypto/ocsp/ocsp_ht.c +++ b/lib/libcrypto/ocsp/ocsp_ht.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -233,7 +233,7 @@ parse_http_line1(char *line) return 0; } - /* Set end of response code and start of message */ + /* Set end of response code and start of message */ *q++ = 0; /* Attempt to parse numeric code */ @@ -290,7 +290,7 @@ next_io: case OHS_ASN1_WRITE: n = BIO_get_mem_data(rctx->mem, &p); i = BIO_write(rctx->io, - p + (n - rctx->asn1_len), rctx->asn1_len); + p + (n - rctx->asn1_len), rctx->asn1_len); if (i <= 0) { if (BIO_should_retry(rctx->io)) return -1; @@ -422,7 +422,7 @@ next_line: rctx->state = OHS_ASN1_CONTENT; /* FALLTHROUGH */ - + case OHS_ASN1_CONTENT: n = BIO_get_mem_data(rctx->mem, &p); if (n < (int)rctx->asn1_len) diff --git a/lib/libcrypto/ocsp/ocsp_lib.c b/lib/libcrypto/ocsp/ocsp_lib.c index 056bd276650..3f6007f40aa 100644 --- a/lib/libcrypto/ocsp/ocsp_lib.c +++ b/lib/libcrypto/ocsp/ocsp_lib.c @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -115,11 +115,11 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); goto err; } - if (!(alg->algorithm=OBJ_nid2obj(nid))) + if (!(alg->algorithm = OBJ_nid2obj(nid))) goto err; - if ((alg->parameter=ASN1_TYPE_new()) == NULL) + if ((alg->parameter = ASN1_TYPE_new()) == NULL) goto err; - alg->parameter->type=V_ASN1_NULL; + alg->parameter->type = V_ASN1_NULL; if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr; @@ -139,6 +139,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, goto err; } return cid; + digerr: OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); err: @@ -216,7 +217,7 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl) /* Check for trailing part of path */ p = strchr(p, '/'); - if (!p) + if (!p) *ppath = BUF_strdup("/"); else { *ppath = BUF_strdup(p); diff --git a/lib/libcrypto/ocsp/ocsp_prn.c b/lib/libcrypto/ocsp/ocsp_prn.c index 9e4b81f0610..b5031cd0914 100644 --- a/lib/libcrypto/ocsp/ocsp_prn.c +++ b/lib/libcrypto/ocsp/ocsp_prn.c @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -93,7 +93,7 @@ table2string(long s, const OCSP_TBLSTR *ts, int len) { const OCSP_TBLSTR *p; - for (p=ts; p < ts + len; p++) + for (p = ts; p < ts + len; p++) if (p->t == s) return p->m; return "(UNKNOWN)"; @@ -103,42 +103,42 @@ const char * OCSP_response_status_str(long s) { static const OCSP_TBLSTR rstat_tbl[] = { - { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, - { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, - { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, - { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, - { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, - { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } + { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, + { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, + { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, + { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, + { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, + { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }; return table2string(s, rstat_tbl, 6); -} +} const char * OCSP_cert_status_str(long s) { static const OCSP_TBLSTR cstat_tbl[] = { - { V_OCSP_CERTSTATUS_GOOD, "good" }, - { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, - { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } + { V_OCSP_CERTSTATUS_GOOD, "good" }, + { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, + { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }; return table2string(s, cstat_tbl, 3); -} +} const char * OCSP_crl_reason_str(long s) { static const OCSP_TBLSTR reason_tbl[] = { - { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, - { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, - { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, - { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, - { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, - { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, - { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, - { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } + { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, + { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, + { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, + { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, + { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, + { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, + { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, + { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } }; return table2string(s, reason_tbl, 8); -} +} int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) @@ -150,17 +150,17 @@ OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) OCSP_REQINFO *inf = o->tbsRequest; OCSP_SIGNATURE *sig = o->optionalSignature; - if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) + if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) goto err; l = ASN1_INTEGER_get(inf->version); - if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) + if (BIO_printf(bp, " Version: %lu (0x%lx)", l+1, l) <= 0) goto err; if (inf->requestorName != NULL) { - if (BIO_write(bp,"\n Requestor Name: ",21) <= 0) + if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0) goto err; GENERAL_NAME_print(bp, inf->requestorName); } - if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) + if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0) goto err; for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { one = sk_OCSP_ONEREQ_value(inf->requestList, i); @@ -176,12 +176,13 @@ OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) if (sig) { X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); - for (i=0; icerts); i++) { - X509_print(bp, sk_X509_value(sig->certs,i)); - PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i)); + for (i = 0; i < sk_X509_num(sig->certs); i++) { + X509_print(bp, sk_X509_value(sig->certs, i)); + PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i)); } } return 1; + err: return 0; } @@ -200,20 +201,20 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) OCSP_SINGLERESP *single = NULL; OCSP_RESPBYTES *rb = o->responseBytes; - if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) + if (BIO_puts(bp, "OCSP Response Data:\n") <= 0) goto err; l = ASN1_ENUMERATED_get(o->responseStatus); - if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", + if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n", OCSP_response_status_str(l), l) <= 0) goto err; if (rb == NULL) return 1; - if (BIO_puts(bp," Response Type: ") <= 0) + if (BIO_puts(bp, " Response Type: ") <= 0) goto err; - if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) + if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) goto err; if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { - BIO_puts(bp," (unknown response type)\n"); + BIO_puts(bp, " (unknown response type)\n"); return 1; } @@ -222,12 +223,12 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) goto err; rd = br->tbsResponseData; l = ASN1_INTEGER_get(rd->version); - if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", l+1,l) <= 0) + if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l+1, l) <= 0) goto err; - if (BIO_puts(bp," Responder Id: ") <= 0) + if (BIO_puts(bp, " Responder Id: ") <= 0) goto err; - rid = rd->responderId; + rid = rd->responderId; switch (rid->type) { case V_OCSP_RESPID_NAME: X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); @@ -237,11 +238,11 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) break; } - if (BIO_printf(bp,"\n Produced At: ")<=0) + if (BIO_printf(bp, "\n Produced At: ")<=0) goto err; if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err; - if (BIO_printf(bp,"\n Responses:\n") <= 0) + if (BIO_printf(bp, "\n Responses:\n") <= 0) goto err; for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) @@ -251,15 +252,15 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) if (ocsp_certid_print(bp, cid, 4) <= 0) goto err; cst = single->certStatus; - if (BIO_printf(bp," Cert Status: %s", + if (BIO_printf(bp, " Cert Status: %s", OCSP_cert_status_str(cst->type)) <= 0) goto err; if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { rev = cst->value.revoked; - if (BIO_printf(bp, "\n Revocation Time: ") <= 0) + if (BIO_printf(bp, "\n Revocation Time: ") <= 0) goto err; if (!ASN1_GENERALIZEDTIME_print(bp, - rev->revocationTime)) + rev->revocationTime)) goto err; if (rev->revocationReason) { l = ASN1_ENUMERATED_get(rev->revocationReason); @@ -269,22 +270,22 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) goto err; } } - if (BIO_printf(bp,"\n This Update: ") <= 0) + if (BIO_printf(bp, "\n This Update: ") <= 0) goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) + if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) goto err; if (single->nextUpdate) { - if (BIO_printf(bp,"\n Next Update: ") <= 0) + if (BIO_printf(bp, "\n Next Update: ") <= 0) goto err; - if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) + if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate)) goto err; } - if (BIO_write(bp,"\n",1) <= 0) + if (BIO_write(bp, "\n", 1) <= 0) goto err; if (!X509V3_extensions_print(bp, "Response Single Extensions", single->singleExtensions, flags, 8)) goto err; - if (BIO_write(bp,"\n",1) <= 0) + if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (!X509V3_extensions_print(bp, "Response Extensions", @@ -296,10 +297,11 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) for (i = 0; i < sk_X509_num(br->certs); i++) { X509_print(bp, sk_X509_value(br->certs, i)); - PEM_write_bio_X509(bp,sk_X509_value(br->certs, i)); + PEM_write_bio_X509(bp, sk_X509_value(br->certs, i)); } ret = 1; + err: OCSP_BASICRESP_free(br); return ret; diff --git a/lib/libcrypto/ocsp/ocsp_srv.c b/lib/libcrypto/ocsp/ocsp_srv.c index c14e8e2bc35..18c8f268527 100644 --- a/lib/libcrypto/ocsp/ocsp_srv.c +++ b/lib/libcrypto/ocsp/ocsp_srv.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -131,6 +131,7 @@ OCSP_response_create(int status, OCSP_BASICRESP *bs) &rsp->responseBytes->response)) goto err; return rsp; + err: if (rsp) OCSP_RESPONSE_free(rsp); @@ -164,7 +165,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, goto err; cs = single->certStatus; - switch(cs->type = status) { + switch (cs->type = status) { case V_OCSP_CERTSTATUS_REVOKED: if (!revtime) { OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, @@ -174,14 +175,14 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err; if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) - goto err; + goto err; if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { - if (!(ri->revocationReason = ASN1_ENUMERATED_new())) + if (!(ri->revocationReason = ASN1_ENUMERATED_new())) goto err; if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason))) - goto err; - } + goto err; + } break; case V_OCSP_CERTSTATUS_GOOD: @@ -198,6 +199,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) goto err; return single; + err: OCSP_SINGLERESP_free(single); return NULL; @@ -268,6 +270,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, goto err; return 1; + err: return 0; } diff --git a/lib/libcrypto/ocsp/ocsp_vfy.c b/lib/libcrypto/ocsp/ocsp_vfy.c index aede155871a..5d8b2eebcf0 100644 --- a/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/lib/libcrypto/ocsp/ocsp_vfy.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,17 +61,17 @@ #include static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, - STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); + STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, - unsigned long flags); + unsigned long flags); static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - STACK_OF(OCSP_SINGLERESP) *sresp); + STACK_OF(OCSP_SINGLERESP) *sresp); static int ocsp_check_delegated(X509 *x, int flags); static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, - unsigned long flags); + X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, + unsigned long flags); /* Verify a basic response message */ int @@ -108,14 +108,14 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, if (!(flags & OCSP_NOVERIFY)) { int init_res; - if(flags & OCSP_NOCHAIN) + if (flags & OCSP_NOCHAIN) init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); else init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); if (!init_res) { ret = -1; - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); goto end; } @@ -131,7 +131,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, X509_verify_cert_error_string(i)); goto end; } - if(flags & OCSP_NOCHECKS) { + if (flags & OCSP_NOCHECKS) { ret = 1; goto end; } @@ -152,7 +152,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, x = sk_X509_value(chain, sk_X509_num(chain) - 1); if (X509_check_trust(x, NID_OCSP_sign, 0) != - X509_TRUST_TRUSTED) { + X509_TRUST_TRUSTED) { OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED); goto end; @@ -411,7 +411,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, init_res = X509_STORE_CTX_init(&ctx, store, signer, req->optionalSignature->certs); if (!init_res) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB); return 0; } @@ -420,7 +420,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, ret = X509_verify_cert(&ctx); X509_STORE_CTX_cleanup(&ctx); if (ret <= 0) { - ret = X509_STORE_CTX_get_error(&ctx); + ret = X509_STORE_CTX_get_error(&ctx); OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_CERTIFICATE_VERIFY_ERROR); ERR_asprintf_error_data("Verify error:%s", diff --git a/lib/libssl/src/crypto/ocsp/ocsp.h b/lib/libssl/src/crypto/ocsp/ocsp.h index 9401f7db2f4..09733aff631 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp.h +++ b/lib/libssl/src/crypto/ocsp/ocsp.h @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -335,7 +335,7 @@ typedef struct ocsp_service_locator_st { X509_NAME* issuer; STACK_OF(ACCESS_DESCRIPTION) *locator; } OCSP_SERVICELOC; - + #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" @@ -454,7 +454,7 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, int OCSP_request_is_signed(OCSP_REQUEST *req); OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, - int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, + int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, ASN1_TIME *nextupd); int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, diff --git a/lib/libssl/src/crypto/ocsp/ocsp_asn.c b/lib/libssl/src/crypto/ocsp/ocsp_asn.c index bfe892ac705..2a7ed1a187b 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_asn.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_asn.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -102,8 +102,8 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) /* OCSP_RESPONSE templates */ ASN1_SEQUENCE(OCSP_RESPBYTES) = { - ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), - ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) + ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), + ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(OCSP_RESPBYTES) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) @@ -116,15 +116,15 @@ ASN1_SEQUENCE(OCSP_RESPONSE) = { IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) ASN1_CHOICE(OCSP_RESPID) = { - ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), - ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) + ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), + ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) } ASN1_CHOICE_END(OCSP_RESPID) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), - ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) + ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) @@ -138,38 +138,38 @@ ASN1_CHOICE(OCSP_CERTSTATUS) = { IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) ASN1_SEQUENCE(OCSP_SINGLERESP) = { - ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), - ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), - ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), - ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) + ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), + ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), + ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), + ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) } ASN1_SEQUENCE_END(OCSP_SINGLERESP) IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) ASN1_SEQUENCE(OCSP_RESPDATA) = { - ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), - ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), - ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), - ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) + ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), + ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), + ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), + ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) } ASN1_SEQUENCE_END(OCSP_RESPDATA) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) ASN1_SEQUENCE(OCSP_BASICRESP) = { - ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), - ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) + ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), + ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) } ASN1_SEQUENCE_END(OCSP_BASICRESP) IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) ASN1_SEQUENCE(OCSP_CRLID) = { - ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), - ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), - ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) + ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), + ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), + ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) } ASN1_SEQUENCE_END(OCSP_CRLID) IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) diff --git a/lib/libssl/src/crypto/ocsp/ocsp_cl.c b/lib/libssl/src/crypto/ocsp/ocsp_cl.c index 716513d2f99..aabd497dde1 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_cl.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_cl.c @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -75,7 +75,7 @@ * relevant information from the response. */ -/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ +/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ * pointer: useful if we want to add extensions. */ OCSP_ONEREQ * @@ -91,6 +91,7 @@ OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) goto err; return one; + err: OCSP_ONEREQ_free(one); return NULL; @@ -115,7 +116,7 @@ OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) req->tbsRequest->requestorName = gen; return 1; } - + /* Add a certificate to an OCSP request */ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) @@ -132,7 +133,7 @@ OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) if (!sig->certs && !(sig->certs = sk_X509_new_null())) return 0; - if(!sk_X509_push(sig->certs, cert)) + if (!sk_X509_push(sig->certs, cert)) return 0; CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); return 1; @@ -167,7 +168,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, } if (!(flags & OCSP_NOCERTS)) { - if(!OCSP_request_add1_cert(req, signer)) + if (!OCSP_request_add1_cert(req, signer)) goto err; for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); @@ -177,6 +178,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, } return 1; + err: OCSP_SIGNATURE_free(req->optionalSignature); req->optionalSignature = NULL; @@ -257,7 +259,7 @@ OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) } /* Extract status information from an OCSP_SINGLERESP structure. - * Note: the revtime and reason values are only set if the + * Note: the revtime and reason values are only set if the * certificate status is revoked. Returns numerical value of * status. */ @@ -280,7 +282,8 @@ OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, *revtime = rev->revocationTime; if (reason) { if (rev->revocationReason) - *reason = ASN1_ENUMERATED_get(rev->revocationReason); + *reason = ASN1_ENUMERATED_get( + rev->revocationReason); else *reason = -1; } diff --git a/lib/libssl/src/crypto/ocsp/ocsp_err.c b/lib/libssl/src/crypto/ocsp/ocsp_err.c index 0cedcea6820..8faf35d7c36 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_err.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -68,75 +68,72 @@ #define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) -static ERR_STRING_DATA OCSP_str_functs[]= - { -{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, -{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, -{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, -{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, -{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, -{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, -{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, -{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, -{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, -{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, -{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, -{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, -{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, -{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, -{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, -{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, -{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, -{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, -{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, -{0,NULL} - }; +static ERR_STRING_DATA OCSP_str_functs[]= { + {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, + {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, + {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, + {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, + {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, + {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, + {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, + {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, + {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, + {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, + {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, + {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, + {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, + {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, + {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, + {0, NULL} +}; -static ERR_STRING_DATA OCSP_str_reasons[]= - { -{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"}, -{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, -{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"}, -{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"}, -{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"}, -{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"}, -{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"}, -{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"}, -{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"}, -{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"}, -{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"}, -{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"}, -{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"}, -{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"}, -{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, -{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"}, -{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"}, -{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"}, -{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"}, -{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"}, -{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"}, -{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"}, -{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"}, -{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, -{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"}, -{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"}, -{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"}, -{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"}, -{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"}, -{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"}, -{0,NULL} - }; +static ERR_STRING_DATA OCSP_str_reasons[]= { + {ERR_REASON(OCSP_R_BAD_DATA) , "bad data"}, + {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, + {ERR_REASON(OCSP_R_DIGEST_ERR) , "digest err"}, + {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), "error in nextupdate field"}, + {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), "error in thisupdate field"}, + {ERR_REASON(OCSP_R_ERROR_PARSING_URL) , "error parsing url"}, + {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), "missing ocspsigning usage"}, + {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), "nextupdate before thisupdate"}, + {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) , "not basic response"}, + {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"}, + {ERR_REASON(OCSP_R_NO_CONTENT) , "no content"}, + {ERR_REASON(OCSP_R_NO_PUBLIC_KEY) , "no public key"}, + {ERR_REASON(OCSP_R_NO_RESPONSE_DATA) , "no response data"}, + {ERR_REASON(OCSP_R_NO_REVOKED_TIME) , "no revoked time"}, + {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"}, + {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) , "request not signed"}, + {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), "response contains no revocation data"}, + {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) , "root ca not trusted"}, + {ERR_REASON(OCSP_R_SERVER_READ_ERROR) , "server read error"}, + {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"}, + {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), "server response parse error"}, + {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) , "server write error"}, + {ERR_REASON(OCSP_R_SIGNATURE_FAILURE) , "signature failure"}, + {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"}, + {ERR_REASON(OCSP_R_STATUS_EXPIRED) , "status expired"}, + {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) , "status not yet valid"}, + {ERR_REASON(OCSP_R_STATUS_TOO_OLD) , "status too old"}, + {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"}, + {ERR_REASON(OCSP_R_UNKNOWN_NID) , "unknown nid"}, + {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), "unsupported requestorname type"}, + {0, NULL} +}; #endif -void ERR_load_OCSP_strings(void) - { +void +ERR_load_OCSP_strings(void) +{ #ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) - { - ERR_load_strings(0,OCSP_str_functs); - ERR_load_strings(0,OCSP_str_reasons); - } -#endif + if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) { + ERR_load_strings(0, OCSP_str_functs); + ERR_load_strings(0, OCSP_str_reasons); } +#endif +} diff --git a/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/lib/libssl/src/crypto/ocsp/ocsp_ext.c index 6ec8ca4adf6..45b072750f0 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_ext.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_ext.c @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -129,8 +129,8 @@ OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) { - return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != - NULL; + return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, + loc) != NULL; } /* Single extensions */ @@ -172,7 +172,8 @@ OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) return X509v3_delete_ext(x->singleRequestExtensions, loc); } -void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) +void * +OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); } @@ -203,7 +204,7 @@ int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) { return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions, - nid ,lastpos); + nid, lastpos); } int @@ -216,8 +217,8 @@ OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos) int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) { - return X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions, - crit, lastpos); + return X509v3_get_ext_by_critical( + x->tbsResponseData->responseExtensions, crit, lastpos); } X509_EXTENSION * @@ -329,14 +330,15 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data, if (i2d(data, &p) <= 0) goto err; } else if (sk) { - if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, + if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL, (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE)) <= 0) goto err; if (!(b = p = malloc((unsigned int)i))) goto err; - if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) + if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, + (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) goto err; } else { OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); @@ -348,6 +350,7 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data, goto err; free(b); return s; + err: free(b); return NULL; @@ -358,7 +361,7 @@ err: /* Add a nonce to an extension stack. A nonce can be specificed or if NULL * a random nonce will be generated. - * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the + * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the * nonce, previous versions used the raw nonce. */ @@ -390,6 +393,7 @@ ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) X509V3_ADD_REPLACE)) goto err; ret = 1; + err: free(os.data); return ret; @@ -436,7 +440,8 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) X509_EXTENSION *req_ext, *resp_ext; req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); - resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); + resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, + NID_id_pkix_OCSP_Nonce, -1); /* Check both absent */ if (req_idx < 0 && resp_idx < 0) return 2; @@ -454,7 +459,7 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) return 1; } -/* Copy the nonce value (if any) from an OCSP request to +/* Copy the nonce value (if any) from an OCSP request to * a response. */ int @@ -477,7 +482,7 @@ OCSP_crlID_new(char *url, long *n, char *tim) { X509_EXTENSION *x = NULL; OCSP_CRLID *cid = NULL; - + if (!(cid = OCSP_CRLID_new())) goto err; if (url) { @@ -495,10 +500,11 @@ OCSP_crlID_new(char *url, long *n, char *tim) if (tim) { if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; - if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) + if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) goto err; } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); + err: if (cid) OCSP_CRLID_free(cid); @@ -518,11 +524,12 @@ OCSP_accept_responses_new(char **oids) goto err; while (oids && *oids) { if ((nid = OBJ_txt2nid(*oids)) != NID_undef && - (o = OBJ_nid2obj(nid))) + (o = OBJ_nid2obj(nid))) sk_ASN1_OBJECT_push(sk, o); oids++; } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); + err: if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); @@ -541,6 +548,7 @@ OCSP_archive_cutoff_new(char* tim) if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); + err: if (gt) ASN1_GENERALIZEDTIME_free(gt); @@ -558,7 +566,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) ASN1_IA5STRING *ia5 = NULL; OCSP_SERVICELOC *sloc = NULL; ACCESS_DESCRIPTION *ad = NULL; - + if (!(sloc = OCSP_SERVICELOC_new())) goto err; if (!(sloc->issuer = X509_NAME_dup(issuer))) @@ -584,6 +592,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) urls++; } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); + err: if (sloc) OCSP_SERVICELOC_free(sloc); diff --git a/lib/libssl/src/crypto/ocsp/ocsp_ht.c b/lib/libssl/src/crypto/ocsp/ocsp_ht.c index 7f73a4195cf..f3ee29ccbb0 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_ht.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_ht.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -233,7 +233,7 @@ parse_http_line1(char *line) return 0; } - /* Set end of response code and start of message */ + /* Set end of response code and start of message */ *q++ = 0; /* Attempt to parse numeric code */ @@ -290,7 +290,7 @@ next_io: case OHS_ASN1_WRITE: n = BIO_get_mem_data(rctx->mem, &p); i = BIO_write(rctx->io, - p + (n - rctx->asn1_len), rctx->asn1_len); + p + (n - rctx->asn1_len), rctx->asn1_len); if (i <= 0) { if (BIO_should_retry(rctx->io)) return -1; @@ -422,7 +422,7 @@ next_line: rctx->state = OHS_ASN1_CONTENT; /* FALLTHROUGH */ - + case OHS_ASN1_CONTENT: n = BIO_get_mem_data(rctx->mem, &p); if (n < (int)rctx->asn1_len) diff --git a/lib/libssl/src/crypto/ocsp/ocsp_lib.c b/lib/libssl/src/crypto/ocsp/ocsp_lib.c index 056bd276650..3f6007f40aa 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_lib.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_lib.c @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -115,11 +115,11 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); goto err; } - if (!(alg->algorithm=OBJ_nid2obj(nid))) + if (!(alg->algorithm = OBJ_nid2obj(nid))) goto err; - if ((alg->parameter=ASN1_TYPE_new()) == NULL) + if ((alg->parameter = ASN1_TYPE_new()) == NULL) goto err; - alg->parameter->type=V_ASN1_NULL; + alg->parameter->type = V_ASN1_NULL; if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr; @@ -139,6 +139,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, goto err; } return cid; + digerr: OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); err: @@ -216,7 +217,7 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl) /* Check for trailing part of path */ p = strchr(p, '/'); - if (!p) + if (!p) *ppath = BUF_strdup("/"); else { *ppath = BUF_strdup(p); diff --git a/lib/libssl/src/crypto/ocsp/ocsp_prn.c b/lib/libssl/src/crypto/ocsp/ocsp_prn.c index 9e4b81f0610..b5031cd0914 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_prn.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_prn.c @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -93,7 +93,7 @@ table2string(long s, const OCSP_TBLSTR *ts, int len) { const OCSP_TBLSTR *p; - for (p=ts; p < ts + len; p++) + for (p = ts; p < ts + len; p++) if (p->t == s) return p->m; return "(UNKNOWN)"; @@ -103,42 +103,42 @@ const char * OCSP_response_status_str(long s) { static const OCSP_TBLSTR rstat_tbl[] = { - { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, - { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, - { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, - { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, - { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, - { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } + { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, + { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, + { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, + { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, + { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, + { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }; return table2string(s, rstat_tbl, 6); -} +} const char * OCSP_cert_status_str(long s) { static const OCSP_TBLSTR cstat_tbl[] = { - { V_OCSP_CERTSTATUS_GOOD, "good" }, - { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, - { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } + { V_OCSP_CERTSTATUS_GOOD, "good" }, + { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, + { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }; return table2string(s, cstat_tbl, 3); -} +} const char * OCSP_crl_reason_str(long s) { static const OCSP_TBLSTR reason_tbl[] = { - { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, - { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, - { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, - { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, - { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, - { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, - { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, - { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } + { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, + { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, + { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, + { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, + { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, + { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, + { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, + { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } }; return table2string(s, reason_tbl, 8); -} +} int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) @@ -150,17 +150,17 @@ OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) OCSP_REQINFO *inf = o->tbsRequest; OCSP_SIGNATURE *sig = o->optionalSignature; - if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) + if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) goto err; l = ASN1_INTEGER_get(inf->version); - if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) + if (BIO_printf(bp, " Version: %lu (0x%lx)", l+1, l) <= 0) goto err; if (inf->requestorName != NULL) { - if (BIO_write(bp,"\n Requestor Name: ",21) <= 0) + if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0) goto err; GENERAL_NAME_print(bp, inf->requestorName); } - if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) + if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0) goto err; for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { one = sk_OCSP_ONEREQ_value(inf->requestList, i); @@ -176,12 +176,13 @@ OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) if (sig) { X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); - for (i=0; icerts); i++) { - X509_print(bp, sk_X509_value(sig->certs,i)); - PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i)); + for (i = 0; i < sk_X509_num(sig->certs); i++) { + X509_print(bp, sk_X509_value(sig->certs, i)); + PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i)); } } return 1; + err: return 0; } @@ -200,20 +201,20 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) OCSP_SINGLERESP *single = NULL; OCSP_RESPBYTES *rb = o->responseBytes; - if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) + if (BIO_puts(bp, "OCSP Response Data:\n") <= 0) goto err; l = ASN1_ENUMERATED_get(o->responseStatus); - if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", + if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n", OCSP_response_status_str(l), l) <= 0) goto err; if (rb == NULL) return 1; - if (BIO_puts(bp," Response Type: ") <= 0) + if (BIO_puts(bp, " Response Type: ") <= 0) goto err; - if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) + if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) goto err; if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { - BIO_puts(bp," (unknown response type)\n"); + BIO_puts(bp, " (unknown response type)\n"); return 1; } @@ -222,12 +223,12 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) goto err; rd = br->tbsResponseData; l = ASN1_INTEGER_get(rd->version); - if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", l+1,l) <= 0) + if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l+1, l) <= 0) goto err; - if (BIO_puts(bp," Responder Id: ") <= 0) + if (BIO_puts(bp, " Responder Id: ") <= 0) goto err; - rid = rd->responderId; + rid = rd->responderId; switch (rid->type) { case V_OCSP_RESPID_NAME: X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); @@ -237,11 +238,11 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) break; } - if (BIO_printf(bp,"\n Produced At: ")<=0) + if (BIO_printf(bp, "\n Produced At: ")<=0) goto err; if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err; - if (BIO_printf(bp,"\n Responses:\n") <= 0) + if (BIO_printf(bp, "\n Responses:\n") <= 0) goto err; for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) @@ -251,15 +252,15 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) if (ocsp_certid_print(bp, cid, 4) <= 0) goto err; cst = single->certStatus; - if (BIO_printf(bp," Cert Status: %s", + if (BIO_printf(bp, " Cert Status: %s", OCSP_cert_status_str(cst->type)) <= 0) goto err; if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { rev = cst->value.revoked; - if (BIO_printf(bp, "\n Revocation Time: ") <= 0) + if (BIO_printf(bp, "\n Revocation Time: ") <= 0) goto err; if (!ASN1_GENERALIZEDTIME_print(bp, - rev->revocationTime)) + rev->revocationTime)) goto err; if (rev->revocationReason) { l = ASN1_ENUMERATED_get(rev->revocationReason); @@ -269,22 +270,22 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) goto err; } } - if (BIO_printf(bp,"\n This Update: ") <= 0) + if (BIO_printf(bp, "\n This Update: ") <= 0) goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) + if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) goto err; if (single->nextUpdate) { - if (BIO_printf(bp,"\n Next Update: ") <= 0) + if (BIO_printf(bp, "\n Next Update: ") <= 0) goto err; - if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) + if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate)) goto err; } - if (BIO_write(bp,"\n",1) <= 0) + if (BIO_write(bp, "\n", 1) <= 0) goto err; if (!X509V3_extensions_print(bp, "Response Single Extensions", single->singleExtensions, flags, 8)) goto err; - if (BIO_write(bp,"\n",1) <= 0) + if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (!X509V3_extensions_print(bp, "Response Extensions", @@ -296,10 +297,11 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) for (i = 0; i < sk_X509_num(br->certs); i++) { X509_print(bp, sk_X509_value(br->certs, i)); - PEM_write_bio_X509(bp,sk_X509_value(br->certs, i)); + PEM_write_bio_X509(bp, sk_X509_value(br->certs, i)); } ret = 1; + err: OCSP_BASICRESP_free(br); return ret; diff --git a/lib/libssl/src/crypto/ocsp/ocsp_srv.c b/lib/libssl/src/crypto/ocsp/ocsp_srv.c index c14e8e2bc35..18c8f268527 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_srv.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_srv.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -131,6 +131,7 @@ OCSP_response_create(int status, OCSP_BASICRESP *bs) &rsp->responseBytes->response)) goto err; return rsp; + err: if (rsp) OCSP_RESPONSE_free(rsp); @@ -164,7 +165,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, goto err; cs = single->certStatus; - switch(cs->type = status) { + switch (cs->type = status) { case V_OCSP_CERTSTATUS_REVOKED: if (!revtime) { OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, @@ -174,14 +175,14 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err; if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) - goto err; + goto err; if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { - if (!(ri->revocationReason = ASN1_ENUMERATED_new())) + if (!(ri->revocationReason = ASN1_ENUMERATED_new())) goto err; if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason))) - goto err; - } + goto err; + } break; case V_OCSP_CERTSTATUS_GOOD: @@ -198,6 +199,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) goto err; return single; + err: OCSP_SINGLERESP_free(single); return NULL; @@ -268,6 +270,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, goto err; return 1; + err: return 0; } diff --git a/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/lib/libssl/src/crypto/ocsp/ocsp_vfy.c index aede155871a..5d8b2eebcf0 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_vfy.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_vfy.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,17 +61,17 @@ #include static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, - STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); + STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, - unsigned long flags); + unsigned long flags); static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - STACK_OF(OCSP_SINGLERESP) *sresp); + STACK_OF(OCSP_SINGLERESP) *sresp); static int ocsp_check_delegated(X509 *x, int flags); static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, - unsigned long flags); + X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, + unsigned long flags); /* Verify a basic response message */ int @@ -108,14 +108,14 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, if (!(flags & OCSP_NOVERIFY)) { int init_res; - if(flags & OCSP_NOCHAIN) + if (flags & OCSP_NOCHAIN) init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); else init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); if (!init_res) { ret = -1; - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); goto end; } @@ -131,7 +131,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, X509_verify_cert_error_string(i)); goto end; } - if(flags & OCSP_NOCHECKS) { + if (flags & OCSP_NOCHECKS) { ret = 1; goto end; } @@ -152,7 +152,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, x = sk_X509_value(chain, sk_X509_num(chain) - 1); if (X509_check_trust(x, NID_OCSP_sign, 0) != - X509_TRUST_TRUSTED) { + X509_TRUST_TRUSTED) { OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED); goto end; @@ -411,7 +411,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, init_res = X509_STORE_CTX_init(&ctx, store, signer, req->optionalSignature->certs); if (!init_res) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB); return 0; } @@ -420,7 +420,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, ret = X509_verify_cert(&ctx); X509_STORE_CTX_cleanup(&ctx); if (ret <= 0) { - ret = X509_STORE_CTX_get_error(&ctx); + ret = X509_STORE_CTX_get_error(&ctx); OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_CERTIFICATE_VERIFY_ERROR); ERR_asprintf_error_data("Verify error:%s", -- 2.20.1