From c6cf30ac4b3dd49c0c36e5d1e467400ecaa40771 Mon Sep 17 00:00:00 2001 From: jsing Date: Mon, 21 Apr 2014 14:27:06 +0000 Subject: [PATCH] KNF. --- lib/libcrypto/x509v3/v3_bcons.c | 58 +-- lib/libcrypto/x509v3/v3_bitst.c | 88 +++-- lib/libcrypto/x509v3/v3_conf.c | 501 +++++++++++++----------- lib/libcrypto/x509v3/v3_cpols.c | 311 ++++++++------- lib/libcrypto/x509v3/v3_crld.c | 423 ++++++++++---------- lib/libssl/src/crypto/x509v3/v3_bcons.c | 58 +-- lib/libssl/src/crypto/x509v3/v3_bitst.c | 88 +++-- lib/libssl/src/crypto/x509v3/v3_conf.c | 501 +++++++++++++----------- lib/libssl/src/crypto/x509v3/v3_cpols.c | 311 ++++++++------- lib/libssl/src/crypto/x509v3/v3_crld.c | 423 ++++++++++---------- 10 files changed, 1444 insertions(+), 1318 deletions(-) diff --git a/lib/libcrypto/x509v3/v3_bcons.c b/lib/libcrypto/x509v3/v3_bcons.c index 82aa488f75c..e652b839bd0 100644 --- a/lib/libcrypto/x509v3/v3_bcons.c +++ b/lib/libcrypto/x509v3/v3_bcons.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,18 +64,20 @@ #include #include -static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); -static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); +static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, + BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); +static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); const X509V3_EXT_METHOD v3_bcons = { -NID_basic_constraints, 0, -ASN1_ITEM_ref(BASIC_CONSTRAINTS), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, -(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, -NULL,NULL, -NULL + NID_basic_constraints, 0, + ASN1_ITEM_ref(BASIC_CONSTRAINTS), + 0, 0, 0, 0, + 0, 0, + (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, + (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, + NULL, NULL, + NULL }; ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { @@ -86,39 +88,45 @@ ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) -static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) +static STACK_OF(CONF_VALUE) * +i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, + STACK_OF(CONF_VALUE) *extlist) { X509V3_add_value_bool("CA", bcons->ca, &extlist); X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); return extlist; } -static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +static BASIC_CONSTRAINTS * +v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) { - BASIC_CONSTRAINTS *bcons=NULL; + BASIC_CONSTRAINTS *bcons = NULL; CONF_VALUE *val; int i; - if(!(bcons = BASIC_CONSTRAINTS_new())) { + + if (!(bcons = BASIC_CONSTRAINTS_new())) { X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(values); i++) { + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if(!strcmp(val->name, "CA")) { - if(!X509V3_get_value_bool(val, &bcons->ca)) goto err; - } else if(!strcmp(val->name, "pathlen")) { - if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; + if (!strcmp(val->name, "CA")) { + if (!X509V3_get_value_bool(val, &bcons->ca)) + goto err; + } else if (!strcmp(val->name, "pathlen")) { + if (!X509V3_get_value_int(val, &bcons->pathlen)) + goto err; } else { - X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); + X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, + X509V3_R_INVALID_NAME); X509V3_conf_err(val); goto err; } } return bcons; - err: + +err: BASIC_CONSTRAINTS_free(bcons); return NULL; } - diff --git a/lib/libcrypto/x509v3/v3_bitst.c b/lib/libcrypto/x509v3/v3_bitst.c index 058d0d4dceb..31549cf0034 100644 --- a/lib/libcrypto/x509v3/v3_bitst.c +++ b/lib/libcrypto/x509v3/v3_bitst.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,74 +62,80 @@ #include static BIT_STRING_BITNAME ns_cert_type_table[] = { -{0, "SSL Client", "client"}, -{1, "SSL Server", "server"}, -{2, "S/MIME", "email"}, -{3, "Object Signing", "objsign"}, -{4, "Unused", "reserved"}, -{5, "SSL CA", "sslCA"}, -{6, "S/MIME CA", "emailCA"}, -{7, "Object Signing CA", "objCA"}, -{-1, NULL, NULL} + {0, "SSL Client", "client"}, + {1, "SSL Server", "server"}, + {2, "S/MIME", "email"}, + {3, "Object Signing", "objsign"}, + {4, "Unused", "reserved"}, + {5, "SSL CA", "sslCA"}, + {6, "S/MIME CA", "emailCA"}, + {7, "Object Signing CA", "objCA"}, + {-1, NULL, NULL} }; static BIT_STRING_BITNAME key_usage_type_table[] = { -{0, "Digital Signature", "digitalSignature"}, -{1, "Non Repudiation", "nonRepudiation"}, -{2, "Key Encipherment", "keyEncipherment"}, -{3, "Data Encipherment", "dataEncipherment"}, -{4, "Key Agreement", "keyAgreement"}, -{5, "Certificate Sign", "keyCertSign"}, -{6, "CRL Sign", "cRLSign"}, -{7, "Encipher Only", "encipherOnly"}, -{8, "Decipher Only", "decipherOnly"}, -{-1, NULL, NULL} + {0, "Digital Signature", "digitalSignature"}, + {1, "Non Repudiation", "nonRepudiation"}, + {2, "Key Encipherment", "keyEncipherment"}, + {3, "Data Encipherment", "dataEncipherment"}, + {4, "Key Agreement", "keyAgreement"}, + {5, "Certificate Sign", "keyCertSign"}, + {6, "CRL Sign", "cRLSign"}, + {7, "Encipher Only", "encipherOnly"}, + {8, "Decipher Only", "decipherOnly"}, + {-1, NULL, NULL} }; +const X509V3_EXT_METHOD v3_nscert = + EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); +const X509V3_EXT_METHOD v3_key_usage = + EXT_BITSTRING(NID_key_usage, key_usage_type_table); -const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); -const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); - -STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) +STACK_OF(CONF_VALUE) * +i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *ret) { BIT_STRING_BITNAME *bnam; - for(bnam =method->usr_data; bnam->lname; bnam++) { - if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) + + for (bnam = method->usr_data; bnam->lname; bnam++) { + if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) X509V3_add_value(bnam->lname, NULL, &ret); } return ret; } - -ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + +ASN1_BIT_STRING * +v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { CONF_VALUE *val; ASN1_BIT_STRING *bs; int i; BIT_STRING_BITNAME *bnam; - if(!(bs = M_ASN1_BIT_STRING_new())) { - X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); + + if (!(bs = M_ASN1_BIT_STRING_new())) { + X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - for(bnam = method->usr_data; bnam->lname; bnam++) { - if(!strcmp(bnam->sname, val->name) || - !strcmp(bnam->lname, val->name) ) { - if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { + for (bnam = method->usr_data; bnam->lname; bnam++) { + if (!strcmp(bnam->sname, val->name) || + !strcmp(bnam->lname, val->name) ) { + if (!ASN1_BIT_STRING_set_bit(bs, + bnam->bitnum, 1)) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); M_ASN1_BIT_STRING_free(bs); return NULL; } break; } } - if(!bnam->lname) { + if (!bnam->lname) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, - X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); + X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); X509V3_conf_err(val); M_ASN1_BIT_STRING_free(bs); return NULL; @@ -137,5 +143,3 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, } return bs; } - - diff --git a/lib/libcrypto/x509v3/v3_conf.c b/lib/libcrypto/x509v3/v3_conf.c index 519aefc93cf..daacf8d5df4 100644 --- a/lib/libcrypto/x509v3/v3_conf.c +++ b/lib/libcrypto/x509v3/v3_conf.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,7 +58,6 @@ /* extension creation utilities */ - #include #include #include "cryptlib.h" @@ -68,228 +67,242 @@ static int v3_check_critical(char **value); static int v3_check_generic(char **value); -static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); +static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, + int crit, char *value); +static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, + int crit, int type, X509V3_CTX *ctx); static char *conf_lhash_get_string(void *db, char *section, char *value); static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc); + int crit, void *ext_struc); static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); + /* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, - char *value) - { +X509_EXTENSION * +X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value) +{ int crit; int ext_type; X509_EXTENSION *ret; + crit = v3_check_critical(&value); - if ((ext_type = v3_check_generic(&value))) + if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(name, value, crit, ext_type, ctx); ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); - if (!ret) - { - X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); - ERR_add_error_data(4,"name=", name, ", value=", value); - } - return ret; + if (!ret) { + X509V3err(X509V3_F_X509V3_EXT_NCONF, + X509V3_R_ERROR_IN_EXTENSION); + ERR_add_error_data(4, "name=", name, ", value=", value); } + return ret; +} /* CONF *conf: Config file */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - char *value) - { +X509_EXTENSION * +X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value) +{ int crit; int ext_type; + crit = v3_check_critical(&value); - if ((ext_type = v3_check_generic(&value))) + if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(OBJ_nid2sn(ext_nid), - value, crit, ext_type, ctx); + value, crit, ext_type, ctx); return do_ext_nconf(conf, ctx, ext_nid, crit, value); - } +} /* CONF *conf: Config file */ /* char *value: Value */ -static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value) - { +static X509_EXTENSION * +do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value) +{ const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; - if (ext_nid == NID_undef) - { - X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); + + if (ext_nid == NID_undef) { + X509V3err(X509V3_F_DO_EXT_NCONF, + X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; - } - if (!(method = X509V3_EXT_get_nid(ext_nid))) - { - X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION); + } + if (!(method = X509V3_EXT_get_nid(ext_nid))) { + X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); return NULL; - } + } /* Now get internal extension representation based on type */ - if (method->v2i) - { - if(*value == '@') nval = NCONF_get_section(conf, value + 1); - else nval = X509V3_parse_list(value); - if(sk_CONF_VALUE_num(nval) <= 0) - { - X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); - ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); + if (method->v2i) { + if (*value == '@') + nval = NCONF_get_section(conf, value + 1); + else + nval = X509V3_parse_list(value); + if (sk_CONF_VALUE_num(nval) <= 0) { + X509V3err(X509V3_F_DO_EXT_NCONF, + X509V3_R_INVALID_EXTENSION_STRING); + ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), + ",section=", value); return NULL; - } - ext_struc = method->v2i(method, ctx, nval); - if(*value != '@') sk_CONF_VALUE_pop_free(nval, - X509V3_conf_free); - if(!ext_struc) return NULL; - } - else if(method->s2i) - { - if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; } - else if(method->r2i) - { - if(!ctx->db || !ctx->db_meth) - { - X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); + ext_struc = method->v2i(method, ctx, nval); + if (*value != '@') + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); + if (!ext_struc) + return NULL; + } else if (method->s2i) { + if (!(ext_struc = method->s2i(method, ctx, value))) + return NULL; + } else if (method->r2i) { + if (!ctx->db || !ctx->db_meth) { + X509V3err(X509V3_F_DO_EXT_NCONF, + X509V3_R_NO_CONFIG_DATABASE); return NULL; - } - if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; } - else - { - X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); + if (!(ext_struc = method->r2i(method, ctx, value))) + return NULL; + } else { + X509V3err(X509V3_F_DO_EXT_NCONF, + X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); return NULL; - } + } - ext = do_ext_i2d(method, ext_nid, crit, ext_struc); - if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); - else method->ext_free(ext_struc); + ext = do_ext_i2d(method, ext_nid, crit, ext_struc); + if (method->it) + ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); + else + method->ext_free(ext_struc); return ext; +} - } - -static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc) - { +static X509_EXTENSION * +do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, + void *ext_struc) +{ unsigned char *ext_der; int ext_len; ASN1_OCTET_STRING *ext_oct; X509_EXTENSION *ext; + /* Convert internal representation to DER */ - if (method->it) - { + if (method->it) { ext_der = NULL; - ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); - if (ext_len < 0) goto merr; - } - else - { + ext_len = ASN1_item_i2d(ext_struc, &ext_der, + ASN1_ITEM_ptr(method->it)); + if (ext_len < 0) + goto merr; + } else { unsigned char *p; ext_len = method->i2d(ext_struc, NULL); - if(!(ext_der = malloc(ext_len))) goto merr; + if (!(ext_der = malloc(ext_len))) + goto merr; p = ext_der; method->i2d(ext_struc, &p); - } - if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; + } + if (!(ext_oct = M_ASN1_OCTET_STRING_new())) + goto merr; ext_oct->data = ext_der; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); - if (!ext) goto merr; + if (!ext) + goto merr; M_ASN1_OCTET_STRING_free(ext_oct); return ext; - merr: - X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); +merr: + X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); return NULL; - } +} /* Given an internal structure, nid and critical flag create an extension */ -X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) - { +X509_EXTENSION * +X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) +{ const X509V3_EXT_METHOD *method; + if (!(method = X509V3_EXT_get_nid(ext_nid))) { - X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); + X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); return NULL; } return do_ext_i2d(method, ext_nid, crit, ext_struc); } /* Check the extension string for critical flag */ -static int v3_check_critical(char **value) +static int +v3_check_critical(char **value) { char *p = *value; - if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; - p+=9; - while(isspace((unsigned char)*p)) p++; - *value = p; + + if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) + return 0; + p += 9; + while (isspace((unsigned char)*p)) p++; + *value = p; return 1; } /* Check extension string for generic extension and return the type */ -static int v3_check_generic(char **value) +static int +v3_check_generic(char **value) { int gen_type = 0; char *p = *value; - if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) - { - p+=4; + + if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { + p += 4; gen_type = 1; - } - else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) - { - p+=5; + } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { + p += 5; gen_type = 2; - } - else + } else return 0; - while (isspace((unsigned char)*p)) p++; + while (isspace((unsigned char)*p)) + p++; *value = p; return gen_type; } /* Create a generic extension: for now just handle DER type */ -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, - int crit, int gen_type, - X509V3_CTX *ctx) - { - unsigned char *ext_der=NULL; +static X509_EXTENSION * +v3_generic_extension(const char *ext, char *value, int crit, int gen_type, + X509V3_CTX *ctx) +{ + unsigned char *ext_der = NULL; long ext_len; - ASN1_OBJECT *obj=NULL; - ASN1_OCTET_STRING *oct=NULL; - X509_EXTENSION *extension=NULL; - if (!(obj = OBJ_txt2obj(ext, 0))) - { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); + ASN1_OBJECT *obj = NULL; + ASN1_OCTET_STRING *oct = NULL; + X509_EXTENSION *extension = NULL; + + if (!(obj = OBJ_txt2obj(ext, 0))) { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION, + X509V3_R_EXTENSION_NAME_ERROR); ERR_add_error_data(2, "name=", ext); goto err; - } + } if (gen_type == 1) ext_der = string_to_hex(value, &ext_len); else if (gen_type == 2) ext_der = generic_asn1(value, ctx, &ext_len); - if (ext_der == NULL) - { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); + if (ext_der == NULL) { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION, + X509V3_R_EXTENSION_VALUE_ERROR); ERR_add_error_data(2, "value=", value); goto err; - } + } - if (!(oct = M_ASN1_OCTET_STRING_new())) - { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); + if (!(oct = M_ASN1_OCTET_STRING_new())) { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); goto err; - } + } oct->data = ext_der; oct->length = ext_len; @@ -297,79 +310,88 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); - err: +err: ASN1_OBJECT_free(obj); M_ASN1_OCTET_STRING_free(oct); - if(ext_der) free(ext_der); + if (ext_der) + free(ext_der); return extension; +} - } - -static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) - { +static unsigned char * +generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) +{ ASN1_TYPE *typ; unsigned char *ext_der = NULL; + typ = ASN1_generate_v3(value, ctx); if (typ == NULL) return NULL; *ext_len = i2d_ASN1_TYPE(typ, &ext_der); ASN1_TYPE_free(typ); return ext_der; - } +} /* This is the main function: add a bunch of extensions based on a config file * section to an extension STACK. */ - -int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, - STACK_OF(X509_EXTENSION) **sk) - { +int +X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, + STACK_OF(X509_EXTENSION) **sk) +{ X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; - CONF_VALUE *val; + CONF_VALUE *val; int i; - if (!(nval = NCONF_get_section(conf, section))) return 0; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + + if (!(nval = NCONF_get_section(conf, section))) + return 0; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) - return 0; - if (sk) X509v3_add_ext(sk, ext, -1); + return 0; + if (sk) + X509v3_add_ext(sk, ext, -1); X509_EXTENSION_free(ext); - } - return 1; } + return 1; +} /* Convenience functions to add extensions to a certificate, CRL and request */ -int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509 *cert) - { +int +X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert) +{ STACK_OF(X509_EXTENSION) **sk = NULL; + if (cert) sk = &cert->cert_info->extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); - } +} /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl) - { +int +X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_CRL *crl) +{ STACK_OF(X509_EXTENSION) **sk = NULL; + if (crl) sk = &crl->crl->extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); - } +} /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_REQ *req) - { +int +X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_REQ *req) +{ STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; int i; + if (req) sk = &extlist; i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); @@ -378,148 +400,171 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, i = X509_REQ_add_extensions(req, extlist); sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); return i; - } +} /* Config database functions */ -char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) - { - if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) - { - X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); +char * +X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) +{ + if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { + X509V3err(X509V3_F_X509V3_GET_STRING, + X509V3_R_OPERATION_NOT_DEFINED); return NULL; - } + } if (ctx->db_meth->get_string) - return ctx->db_meth->get_string(ctx->db, name, section); + return ctx->db_meth->get_string(ctx->db, name, section); return NULL; - } +} -STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) - { - if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) - { - X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); +STACK_OF(CONF_VALUE) * +X509V3_get_section(X509V3_CTX *ctx, char *section) +{ + if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { + X509V3err(X509V3_F_X509V3_GET_SECTION, + X509V3_R_OPERATION_NOT_DEFINED); return NULL; - } + } if (ctx->db_meth->get_section) - return ctx->db_meth->get_section(ctx->db, section); + return ctx->db_meth->get_section(ctx->db, section); return NULL; - } +} -void X509V3_string_free(X509V3_CTX *ctx, char *str) - { - if (!str) return; +void +X509V3_string_free(X509V3_CTX *ctx, char *str) +{ + if (!str) + return; if (ctx->db_meth->free_string) - ctx->db_meth->free_string(ctx->db, str); - } + ctx->db_meth->free_string(ctx->db, str); +} -void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) - { - if (!section) return; +void +X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) +{ + if (!section) + return; if (ctx->db_meth->free_section) - ctx->db_meth->free_section(ctx->db, section); - } + ctx->db_meth->free_section(ctx->db, section); +} -static char *nconf_get_string(void *db, char *section, char *value) - { +static char * +nconf_get_string(void *db, char *section, char *value) +{ return NCONF_get_string(db, section, value); - } +} -static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) - { +static +STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) +{ return NCONF_get_section(db, section); - } +} static X509V3_CONF_METHOD nconf_method = { -nconf_get_string, -nconf_get_section, -NULL, -NULL + nconf_get_string, + nconf_get_section, + NULL, + NULL }; -void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) - { +void +X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) +{ ctx->db_meth = &nconf_method; ctx->db = conf; - } +} -void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, - X509_CRL *crl, int flags) - { +void +X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, + X509_CRL *crl, int flags) +{ ctx->issuer_cert = issuer; ctx->subject_cert = subj; ctx->crl = crl; ctx->subject_req = req; ctx->flags = flags; - } +} /* Old conf compatibility functions */ -X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *name, char *value) - { +X509_EXTENSION * +X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name, + char *value) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_nconf(&ctmp, ctx, name, value); - } +} /* LHASH *conf: Config file */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - int ext_nid, char *value) - { +X509_EXTENSION * +X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, + char *value) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); - } +} -static char *conf_lhash_get_string(void *db, char *section, char *value) - { +static char * +conf_lhash_get_string(void *db, char *section, char *value) +{ return CONF_get_string(db, section, value); - } +} -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) - { +static STACK_OF(CONF_VALUE) * +conf_lhash_get_section(void *db, char *section) +{ return CONF_get_section(db, section); - } +} static X509V3_CONF_METHOD conf_lhash_method = { -conf_lhash_get_string, -conf_lhash_get_section, -NULL, -NULL + conf_lhash_get_string, + conf_lhash_get_section, + NULL, + NULL }; -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) - { +void +X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) +{ ctx->db_meth = &conf_lhash_method; ctx->db = lhash; - } +} -int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509 *cert) - { +int +X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section, + X509 *cert) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); - } +} /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_CRL *crl) - { +int +X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_CRL *crl) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); - } +} /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_REQ *req) - { +int +X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_REQ *req) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); - } +} diff --git a/lib/libcrypto/x509v3/v3_cpols.c b/lib/libcrypto/x509v3/v3_cpols.c index 1a337fa07e9..e00190242b6 100644 --- a/lib/libcrypto/x509v3/v3_cpols.c +++ b/lib/libcrypto/x509v3/v3_cpols.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -67,28 +67,32 @@ /* Certificate policies extension support: this one is a bit complex... */ -static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); -static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); -static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); +static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, + BIO *out, int indent); +static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *value); +static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, + int indent); static void print_notice(BIO *out, USERNOTICE *notice, int indent); static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org); + STACK_OF(CONF_VALUE) *polstrs, int ia5org); static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org); + STACK_OF(CONF_VALUE) *unot, int ia5org); static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); const X509V3_EXT_METHOD v3_cpols = { -NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), -0,0,0,0, -0,0, -0,0, -(X509V3_EXT_I2R)i2r_certpol, -(X509V3_EXT_R2I)r2i_certpol, -NULL + NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES), + 0, 0, 0, 0, + 0, 0, + 0, 0, + (X509V3_EXT_I2R)i2r_certpol, + (X509V3_EXT_R2I)r2i_certpol, + NULL }; -ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) +ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, + POLICYINFO) ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) @@ -100,7 +104,8 @@ ASN1_SEQUENCE(POLICYINFO) = { IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) -ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); +ASN1_ADB_TEMPLATE(policydefault) = + ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); ASN1_ADB(POLICYQUALINFO) = { ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), @@ -128,8 +133,9 @@ ASN1_SEQUENCE(NOTICEREF) = { IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) -static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *value) +static +STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + char *value) { STACK_OF(POLICYINFO) *pols = NULL; char *pstr; @@ -138,43 +144,47 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *vals; CONF_VALUE *cnf; int i, ia5org; + pols = sk_POLICYINFO_new_null(); if (pols == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); return NULL; } - vals = X509V3_parse_list(value); + vals = X509V3_parse_list(value); if (vals == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); goto err; } ia5org = 0; - for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { + for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { cnf = sk_CONF_VALUE_value(vals, i); - if(cnf->value || !cnf->name ) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); + if (cnf->value || !cnf->name ) { + X509V3err(X509V3_F_R2I_CERTPOL, + X509V3_R_INVALID_POLICY_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pstr = cnf->name; - if(!strcmp(pstr,"ia5org")) { + if (!strcmp(pstr, "ia5org")) { ia5org = 1; continue; - } else if(*pstr == '@') { + } else if (*pstr == '@') { STACK_OF(CONF_VALUE) *polsect; polsect = X509V3_get_section(ctx, pstr + 1); - if(!polsect) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); - + if (!polsect) { + X509V3err(X509V3_F_R2I_CERTPOL, + X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); goto err; } pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); - if(!pol) goto err; + if (!pol) + goto err; } else { - if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); + if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { + X509V3err(X509V3_F_R2I_CERTPOL, + X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); goto err; } @@ -189,123 +199,140 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, } sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pols; - err: + +err: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); sk_POLICYINFO_pop_free(pols, POLICYINFO_free); return NULL; } -static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org) +static POLICYINFO * +policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org) { int i; CONF_VALUE *cnf; POLICYINFO *pol; POLICYQUALINFO *qual; - if(!(pol = POLICYINFO_new())) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { + + if (!(pol = POLICYINFO_new())) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { cnf = sk_CONF_VALUE_value(polstrs, i); - if(!strcmp(cnf->name, "policyIdentifier")) { + if (!strcmp(cnf->name, "policyIdentifier")) { ASN1_OBJECT *pobj; - if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER); + if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pol->policyid = pobj; - - } else if(!name_cmp(cnf->name, "CPS")) { - if(!pol->qualifiers) pol->qualifiers = - sk_POLICYQUALINFO_new_null(); - if(!(qual = POLICYQUALINFO_new())) goto merr; - if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; + } else if (!name_cmp(cnf->name, "CPS")) { + if (!pol->qualifiers) + pol->qualifiers = sk_POLICYQUALINFO_new_null(); + if (!(qual = POLICYQUALINFO_new())) + goto merr; + if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) + goto merr; qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); qual->d.cpsuri = M_ASN1_IA5STRING_new(); - if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!name_cmp(cnf->name, "userNotice")) { + if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, + strlen(cnf->value))) + goto merr; + } else if (!name_cmp(cnf->name, "userNotice")) { STACK_OF(CONF_VALUE) *unot; - if(*cnf->value != '@') { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); + if (*cnf->value != '@') { + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_EXPECTED_A_SECTION_NAME); X509V3_conf_err(cnf); goto err; } unot = X509V3_get_section(ctx, cnf->value + 1); - if(!unot) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION); - + if (!unot) { + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); goto err; } qual = notice_section(ctx, unot, ia5org); X509V3_section_free(ctx, unot); - if(!qual) goto err; - if(!pol->qualifiers) pol->qualifiers = - sk_POLICYQUALINFO_new_null(); - if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; + if (!qual) + goto err; + if (!pol->qualifiers) pol->qualifiers = + sk_POLICYQUALINFO_new_null(); + if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) + goto merr; } else { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION); - + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_INVALID_OPTION); X509V3_conf_err(cnf); goto err; } } - if(!pol->policyid) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER); + if (!pol->policyid) { + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_NO_POLICY_IDENTIFIER); goto err; } return pol; - merr: - X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); +merr: + X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE); - err: +err: POLICYINFO_free(pol); return NULL; - - } -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org) +static POLICYQUALINFO * +notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) { int i, ret; CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; - if(!(qual = POLICYQUALINFO_new())) goto merr; + + if (!(qual = POLICYQUALINFO_new())) + goto merr; qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); - if(!(not = USERNOTICE_new())) goto merr; + if (!(not = USERNOTICE_new())) + goto merr; qual->d.usernotice = not; - for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { + for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); - if(!strcmp(cnf->name, "explicitText")) { + if (!strcmp(cnf->name, "explicitText")) { not->exptext = M_ASN1_VISIBLESTRING_new(); - if(!ASN1_STRING_set(not->exptext, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!strcmp(cnf->name, "organization")) { + if (!ASN1_STRING_set(not->exptext, cnf->value, + strlen(cnf->value))) + goto merr; + } else if (!strcmp(cnf->name, "organization")) { NOTICEREF *nref; - if(!not->noticeref) { - if(!(nref = NOTICEREF_new())) goto merr; + if (!not->noticeref) { + if (!(nref = NOTICEREF_new())) + goto merr; not->noticeref = nref; - } else nref = not->noticeref; - if(ia5org) nref->organization->type = V_ASN1_IA5STRING; - else nref->organization->type = V_ASN1_VISIBLESTRING; - if(!ASN1_STRING_set(nref->organization, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!strcmp(cnf->name, "noticeNumbers")) { + } else + nref = not->noticeref; + if (ia5org) + nref->organization->type = V_ASN1_IA5STRING; + else + nref->organization->type = V_ASN1_VISIBLESTRING; + if (!ASN1_STRING_set(nref->organization, cnf->value, + strlen(cnf->value))) + goto merr; + } else if (!strcmp(cnf->name, "noticeNumbers")) { NOTICEREF *nref; STACK_OF(CONF_VALUE) *nos; - if(!not->noticeref) { - if(!(nref = NOTICEREF_new())) goto merr; + if (!not->noticeref) { + if (!(nref = NOTICEREF_new())) + goto merr; not->noticeref = nref; } else nref = not->noticeref; - nos = X509V3_parse_list(cnf->value); - if(!nos || !sk_CONF_VALUE_num(nos)) { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); + nos = X509V3_parse_list(cnf->value); + if (!nos || !sk_CONF_VALUE_num(nos)) { + X509V3err(X509V3_F_NOTICE_SECTION, + X509V3_R_INVALID_NUMBERS); X509V3_conf_err(cnf); goto err; } @@ -314,94 +341,98 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if (!ret) goto err; } else { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); + X509V3err(X509V3_F_NOTICE_SECTION, + X509V3_R_INVALID_OPTION); X509V3_conf_err(cnf); goto err; } } - if(not->noticeref && - (!not->noticeref->noticenos || !not->noticeref->organization)) { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); - goto err; + if (not->noticeref && + (!not->noticeref->noticenos || !not->noticeref->organization)) { + X509V3err(X509V3_F_NOTICE_SECTION, + X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); + goto err; } return qual; - merr: - X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); +merr: + X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE); - err: +err: POLICYQUALINFO_free(qual); return NULL; } -static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) +static int +nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) { CONF_VALUE *cnf; ASN1_INTEGER *aint; - int i; - for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); - if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { - X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); + if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { + X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); goto err; } - if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; + if (!sk_ASN1_INTEGER_push(nnums, aint)) + goto merr; } return 1; - merr: - X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE); +merr: + X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); - err: +err: sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); return 0; } - -static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, - BIO *out, int indent) +static int +i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, + int indent) { int i; POLICYINFO *pinfo; + /* First print out the policy OIDs */ - for(i = 0; i < sk_POLICYINFO_num(pol); i++) { + for (i = 0; i < sk_POLICYINFO_num(pol); i++) { pinfo = sk_POLICYINFO_value(pol, i); BIO_printf(out, "%*sPolicy: ", indent, ""); i2a_ASN1_OBJECT(out, pinfo->policyid); BIO_puts(out, "\n"); - if(pinfo->qualifiers) - print_qualifiers(out, pinfo->qualifiers, indent + 2); + if (pinfo->qualifiers) + print_qualifiers(out, pinfo->qualifiers, indent + 2); } return 1; } -static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, - int indent) +static void +print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent) { POLICYQUALINFO *qualinfo; int i; - for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { + + for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { qualinfo = sk_POLICYQUALINFO_value(quals, i); - switch(OBJ_obj2nid(qualinfo->pqualid)) - { - case NID_id_qt_cps: + switch (OBJ_obj2nid(qualinfo->pqualid)) { + case NID_id_qt_cps: BIO_printf(out, "%*sCPS: %s\n", indent, "", - qualinfo->d.cpsuri->data); + qualinfo->d.cpsuri->data); break; - - case NID_id_qt_unotice: + + case NID_id_qt_unotice: BIO_printf(out, "%*sUser Notice:\n", indent, ""); print_notice(out, qualinfo->d.usernotice, indent + 2); break; - default: + default: BIO_printf(out, "%*sUnknown Qualifier: ", - indent + 2, ""); - + indent + 2, ""); + i2a_ASN1_OBJECT(out, qualinfo->pqualid); BIO_puts(out, "\n"); break; @@ -409,49 +440,51 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, } } -static void print_notice(BIO *out, USERNOTICE *notice, int indent) +static void +print_notice(BIO *out, USERNOTICE *notice, int indent) { int i; - if(notice->noticeref) { + + if (notice->noticeref) { NOTICEREF *ref; ref = notice->noticeref; BIO_printf(out, "%*sOrganization: %s\n", indent, "", - ref->organization->data); + ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", - sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); - for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { + sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); + for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { ASN1_INTEGER *num; char *tmp; num = sk_ASN1_INTEGER_value(ref->noticenos, i); - if(i) BIO_puts(out, ", "); + if (i) + BIO_puts(out, ", "); tmp = i2s_ASN1_INTEGER(NULL, num); BIO_puts(out, tmp); free(tmp); } BIO_puts(out, "\n"); } - if(notice->exptext) + if (notice->exptext) BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", - notice->exptext->data); + notice->exptext->data); } -void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) - { +void +X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) +{ const X509_POLICY_DATA *dat = node->data; BIO_printf(out, "%*sPolicy: ", indent, ""); - + i2a_ASN1_OBJECT(out, dat->valid_policy); BIO_puts(out, "\n"); BIO_printf(out, "%*s%s\n", indent + 2, "", - node_data_critical(dat) ? "Critical" : "Non Critical"); + node_data_critical(dat) ? "Critical" : "Non Critical"); if (dat->qualifier_set) print_qualifiers(out, dat->qualifier_set, indent + 2); else BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); - } - +} IMPLEMENT_STACK_OF(X509_POLICY_NODE) IMPLEMENT_STACK_OF(X509_POLICY_DATA) - diff --git a/lib/libcrypto/x509v3/v3_crld.c b/lib/libcrypto/x509v3/v3_crld.c index 790a6dd0328..31956554297 100644 --- a/lib/libcrypto/x509v3/v3_crld.c +++ b/lib/libcrypto/x509v3/v3_crld.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,67 +64,64 @@ #include static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent); + int indent); -const X509V3_EXT_METHOD v3_crld = - { +const X509V3_EXT_METHOD v3_crld = { NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_crld, - i2r_crldp,0, + i2r_crldp, 0, NULL - }; +}; -const X509V3_EXT_METHOD v3_freshest_crl = - { +const X509V3_EXT_METHOD v3_freshest_crl = { NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_crld, - i2r_crldp,0, + i2r_crldp, 0, NULL - }; +}; -static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) - { +static +STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) +{ STACK_OF(CONF_VALUE) *gnsect; STACK_OF(GENERAL_NAME) *gens; + if (*sect == '@') gnsect = X509V3_get_section(ctx, sect + 1); else gnsect = X509V3_parse_list(sect); - if (!gnsect) - { + if (!gnsect) { X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, - X509V3_R_SECTION_NOT_FOUND); + X509V3_R_SECTION_NOT_FOUND); return NULL; - } + } gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); if (*sect == '@') X509V3_section_free(ctx, gnsect); else sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free); return gens; - } +} -static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, - CONF_VALUE *cnf) - { +static int +set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf) +{ STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; - if (!strncmp(cnf->name, "fullname", 9)) - { + + if (!strncmp(cnf->name, "fullname", 9)) { fnm = gnames_from_sectname(ctx, cnf->value); if (!fnm) goto err; - } - else if (!strcmp(cnf->name, "relativename")) - { + } else if (!strcmp(cnf->name, "relativename")) { int ret; STACK_OF(CONF_VALUE) *dnsect; X509_NAME *nm; @@ -132,12 +129,11 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, if (!nm) return -1; dnsect = X509V3_get_section(ctx, cnf->value); - if (!dnsect) - { + if (!dnsect) { X509V3err(X509V3_F_SET_DIST_POINT_NAME, - X509V3_R_SECTION_NOT_FOUND); + X509V3_R_SECTION_NOT_FOUND); return -1; - } + } ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); X509V3_section_free(ctx, dnsect); rnm = nm->entries; @@ -149,135 +145,126 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, * RDNSequence */ if (sk_X509_NAME_ENTRY_value(rnm, - sk_X509_NAME_ENTRY_num(rnm) - 1)->set) - { + sk_X509_NAME_ENTRY_num(rnm) - 1)->set) { X509V3err(X509V3_F_SET_DIST_POINT_NAME, - X509V3_R_INVALID_MULTIPLE_RDNS); + X509V3_R_INVALID_MULTIPLE_RDNS); goto err; - } } - else + } else return 0; - if (*pdp) - { + if (*pdp) { X509V3err(X509V3_F_SET_DIST_POINT_NAME, - X509V3_R_DISTPOINT_ALREADY_SET); + X509V3_R_DISTPOINT_ALREADY_SET); goto err; - } + } *pdp = DIST_POINT_NAME_new(); if (!*pdp) goto err; - if (fnm) - { + if (fnm) { (*pdp)->type = 0; (*pdp)->name.fullname = fnm; - } - else - { + } else { (*pdp)->type = 1; (*pdp)->name.relativename = rnm; - } + } return 1; - - err: + +err: if (fnm) sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); if (rnm) sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); return -1; - } +} static const BIT_STRING_BITNAME reason_flags[] = { -{0, "Unused", "unused"}, -{1, "Key Compromise", "keyCompromise"}, -{2, "CA Compromise", "CACompromise"}, -{3, "Affiliation Changed", "affiliationChanged"}, -{4, "Superseded", "superseded"}, -{5, "Cessation Of Operation", "cessationOfOperation"}, -{6, "Certificate Hold", "certificateHold"}, -{7, "Privilege Withdrawn", "privilegeWithdrawn"}, -{8, "AA Compromise", "AACompromise"}, -{-1, NULL, NULL} + {0, "Unused", "unused"}, + {1, "Key Compromise", "keyCompromise"}, + {2, "CA Compromise", "CACompromise"}, + {3, "Affiliation Changed", "affiliationChanged"}, + {4, "Superseded", "superseded"}, + {5, "Cessation Of Operation", "cessationOfOperation"}, + {6, "Certificate Hold", "certificateHold"}, + {7, "Privilege Withdrawn", "privilegeWithdrawn"}, + {8, "AA Compromise", "AACompromise"}, + {-1, NULL, NULL} }; -static int set_reasons(ASN1_BIT_STRING **preas, char *value) - { +static int +set_reasons(ASN1_BIT_STRING **preas, char *value) +{ STACK_OF(CONF_VALUE) *rsk = NULL; const BIT_STRING_BITNAME *pbn; const char *bnam; int i, ret = 0; + rsk = X509V3_parse_list(value); if (!rsk) return 0; if (*preas) return 0; - for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { bnam = sk_CONF_VALUE_value(rsk, i)->name; - if (!*preas) - { + if (!*preas) { *preas = ASN1_BIT_STRING_new(); if (!*preas) goto err; - } - for (pbn = reason_flags; pbn->lname; pbn++) - { - if (!strcmp(pbn->sname, bnam)) - { + } + for (pbn = reason_flags; pbn->lname; pbn++) { + if (!strcmp(pbn->sname, bnam)) { if (!ASN1_BIT_STRING_set_bit(*preas, - pbn->bitnum, 1)) + pbn->bitnum, 1)) goto err; break; - } } + } if (!pbn->lname) goto err; - } + } ret = 1; - err: +err: sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); return ret; - } +} -static int print_reasons(BIO *out, const char *rname, - ASN1_BIT_STRING *rflags, int indent) - { +static int +print_reasons(BIO *out, const char *rname, ASN1_BIT_STRING *rflags, int indent) +{ int first = 1; const BIT_STRING_BITNAME *pbn; + BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); - for (pbn = reason_flags; pbn->lname; pbn++) - { - if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) - { + for (pbn = reason_flags; pbn->lname; pbn++) { + if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) { if (first) first = 0; else BIO_puts(out, ", "); BIO_puts(out, pbn->lname); - } } + } if (first) BIO_puts(out, "\n"); else BIO_puts(out, "\n"); return 1; - } +} -static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) - { +static DIST_POINT * +crldp_from_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +{ int i; CONF_VALUE *cnf; DIST_POINT *point = NULL; + point = DIST_POINT_new(); if (!point) goto err; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { int ret; cnf = sk_CONF_VALUE_value(nval, i); ret = set_dist_point_name(&point->distpoint, ctx, cnf); @@ -285,43 +272,42 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (!strcmp(cnf->name, "reasons")) - { + if (!strcmp(cnf->name, "reasons")) { if (!set_reasons(&point->reasons, cnf->value)) goto err; - } - else if (!strcmp(cnf->name, "CRLissuer")) - { + } + else if (!strcmp(cnf->name, "CRLissuer")) { point->CRLissuer = - gnames_from_sectname(ctx, cnf->value); + gnames_from_sectname(ctx, cnf->value); if (!point->CRLissuer) goto err; - } } + } return point; - - err: +err: if (point) DIST_POINT_free(point); return NULL; - } +} -static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) - { +static void * +v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ STACK_OF(DIST_POINT) *crld = NULL; GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; int i; - if(!(crld = sk_DIST_POINT_new_null())) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + + if (!(crld = sk_DIST_POINT_new_null())) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { DIST_POINT *point; cnf = sk_CONF_VALUE_value(nval, i); - if (!cnf->value) - { + if (!cnf->value) { STACK_OF(CONF_VALUE) *dpsect; dpsect = X509V3_get_section(ctx, cnf->name); if (!dpsect) @@ -330,40 +316,36 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_section_free(ctx, dpsect); if (!point) goto err; - if(!sk_DIST_POINT_push(crld, point)) - { + if (!sk_DIST_POINT_push(crld, point)) { DIST_POINT_free(point); goto merr; - } } - else - { - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - if(!(gens = GENERAL_NAMES_new())) + } else { + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; + if (!(gens = GENERAL_NAMES_new())) goto merr; - if(!sk_GENERAL_NAME_push(gens, gen)) + if (!sk_GENERAL_NAME_push(gens, gen)) goto merr; gen = NULL; - if(!(point = DIST_POINT_new())) + if (!(point = DIST_POINT_new())) goto merr; - if(!sk_DIST_POINT_push(crld, point)) - { + if (!sk_DIST_POINT_push(crld, point)) { DIST_POINT_free(point); goto merr; - } - if(!(point->distpoint = DIST_POINT_NAME_new())) + } + if (!(point->distpoint = DIST_POINT_NAME_new())) goto merr; point->distpoint->name.fullname = gens; point->distpoint->type = 0; gens = NULL; - } + } } return crld; - merr: - X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); - err: +merr: + X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE); +err: GENERAL_NAME_free(gen); GENERAL_NAMES_free(gens); sk_DIST_POINT_pop_free(crld, DIST_POINT_free); @@ -373,24 +355,23 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, IMPLEMENT_STACK_OF(DIST_POINT) IMPLEMENT_ASN1_SET_OF(DIST_POINT) -static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) - { +static int +dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +{ DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; - switch(operation) - { - case ASN1_OP_NEW_POST: + switch (operation) { + case ASN1_OP_NEW_POST: dpn->dpname = NULL; break; - case ASN1_OP_FREE_POST: + case ASN1_OP_FREE_POST: if (dpn->dpname) X509_NAME_free(dpn->dpname); break; - } - return 1; } + return 1; +} ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = { @@ -409,8 +390,9 @@ ASN1_SEQUENCE(DIST_POINT) = { IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) -ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) +ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, + DIST_POINT) ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) @@ -427,34 +409,34 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = { IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, - int indent); + int indent); static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + STACK_OF(CONF_VALUE) *nval); -const X509V3_EXT_METHOD v3_idp = - { +const X509V3_EXT_METHOD v3_idp = { NID_issuing_distribution_point, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(ISSUING_DIST_POINT), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_idp, - i2r_idp,0, + i2r_idp, 0, NULL - }; +}; -static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) - { +static void * +v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ ISSUING_DIST_POINT *idp = NULL; CONF_VALUE *cnf; char *name, *val; int i, ret; + idp = ISSUING_DIST_POINT_new(); if (!idp) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); name = cnf->name; val = cnf->value; @@ -463,82 +445,75 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (!strcmp(name, "onlyuser")) - { + if (!strcmp(name, "onlyuser")) { if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) goto err; - } - else if (!strcmp(name, "onlyCA")) - { + } + else if (!strcmp(name, "onlyCA")) { if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) goto err; - } - else if (!strcmp(name, "onlyAA")) - { + } + else if (!strcmp(name, "onlyAA")) { if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) goto err; - } - else if (!strcmp(name, "indirectCRL")) - { + } + else if (!strcmp(name, "indirectCRL")) { if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) goto err; - } - else if (!strcmp(name, "onlysomereasons")) - { + } + else if (!strcmp(name, "onlysomereasons")) { if (!set_reasons(&idp->onlysomereasons, val)) goto err; - } - else - { - X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); - X509V3_conf_err(cnf); - goto err; - } + } else { + X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); + X509V3_conf_err(cnf); + goto err; } + } return idp; - merr: - X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE); - err: +merr: + X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE); +err: ISSUING_DIST_POINT_free(idp); return NULL; - } +} -static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) - { +static int +print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) +{ int i; - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) - { + + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { BIO_printf(out, "%*s", indent + 2, ""); GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i)); BIO_puts(out, "\n"); - } - return 1; } + return 1; +} -static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) - { - if (dpn->type == 0) - { +static int +print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) +{ + if (dpn->type == 0) { BIO_printf(out, "%*sFull Name:\n", indent, ""); print_gens(out, dpn->name.fullname, indent); - } - else - { + } else { X509_NAME ntmp; ntmp.entries = dpn->name.relativename; BIO_printf(out, "%*sRelative Name:\n%*s", - indent, "", indent + 2, ""); + indent, "", indent + 2, ""); X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE); BIO_puts(out, "\n"); - } - return 1; } + return 1; +} -static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, - int indent) - { +static int +i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent) +{ ISSUING_DIST_POINT *idp = pidp; + if (idp->distpoint) print_distpoint(out, idp->distpoint, indent); if (idp->onlyuser > 0) @@ -548,69 +523,67 @@ static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, if (idp->indirectCRL > 0) BIO_printf(out, "%*sIndirect CRL\n", indent, ""); if (idp->onlysomereasons) - print_reasons(out, "Only Some Reasons", - idp->onlysomereasons, indent); + print_reasons(out, "Only Some Reasons", + idp->onlysomereasons, indent); if (idp->onlyattr > 0) BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, ""); - if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) - && (idp->indirectCRL <= 0) && !idp->onlysomereasons - && (idp->onlyattr <= 0)) + if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) && + (idp->indirectCRL <= 0) && !idp->onlysomereasons && + (idp->onlyattr <= 0)) BIO_printf(out, "%*s\n", indent, ""); - + return 1; - } +} -static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent) - { +static int +i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent) +{ STACK_OF(DIST_POINT) *crld = pcrldp; DIST_POINT *point; int i; - for(i = 0; i < sk_DIST_POINT_num(crld); i++) - { + + for (i = 0; i < sk_DIST_POINT_num(crld); i++) { BIO_puts(out, "\n"); point = sk_DIST_POINT_value(crld, i); - if(point->distpoint) + if (point->distpoint) print_distpoint(out, point->distpoint, indent); - if(point->reasons) + if (point->reasons) print_reasons(out, "Reasons", point->reasons, - indent); - if(point->CRLissuer) - { + indent); + if (point->CRLissuer) { BIO_printf(out, "%*sCRL Issuer:\n", indent, ""); print_gens(out, point->CRLissuer, indent); - } } - return 1; } + return 1; +} -int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) - { +int +DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) +{ int i; STACK_OF(X509_NAME_ENTRY) *frag; X509_NAME_ENTRY *ne; + if (!dpn || (dpn->type != 1)) return 1; frag = dpn->name.relativename; dpn->dpname = X509_NAME_dup(iname); if (!dpn->dpname) return 0; - for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) - { + for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) { ne = sk_X509_NAME_ENTRY_value(frag, i); - if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) - { + if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) { X509_NAME_free(dpn->dpname); dpn->dpname = NULL; return 0; - } } + } /* generate cached encoding of name */ - if (i2d_X509_NAME(dpn->dpname, NULL) < 0) - { + if (i2d_X509_NAME(dpn->dpname, NULL) < 0) { X509_NAME_free(dpn->dpname); dpn->dpname = NULL; return 0; - } - return 1; } + return 1; +} diff --git a/lib/libssl/src/crypto/x509v3/v3_bcons.c b/lib/libssl/src/crypto/x509v3/v3_bcons.c index 82aa488f75c..e652b839bd0 100644 --- a/lib/libssl/src/crypto/x509v3/v3_bcons.c +++ b/lib/libssl/src/crypto/x509v3/v3_bcons.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,18 +64,20 @@ #include #include -static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); -static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); +static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, + BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); +static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); const X509V3_EXT_METHOD v3_bcons = { -NID_basic_constraints, 0, -ASN1_ITEM_ref(BASIC_CONSTRAINTS), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, -(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, -NULL,NULL, -NULL + NID_basic_constraints, 0, + ASN1_ITEM_ref(BASIC_CONSTRAINTS), + 0, 0, 0, 0, + 0, 0, + (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, + (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, + NULL, NULL, + NULL }; ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { @@ -86,39 +88,45 @@ ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) -static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) +static STACK_OF(CONF_VALUE) * +i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, + STACK_OF(CONF_VALUE) *extlist) { X509V3_add_value_bool("CA", bcons->ca, &extlist); X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); return extlist; } -static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +static BASIC_CONSTRAINTS * +v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) { - BASIC_CONSTRAINTS *bcons=NULL; + BASIC_CONSTRAINTS *bcons = NULL; CONF_VALUE *val; int i; - if(!(bcons = BASIC_CONSTRAINTS_new())) { + + if (!(bcons = BASIC_CONSTRAINTS_new())) { X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(values); i++) { + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if(!strcmp(val->name, "CA")) { - if(!X509V3_get_value_bool(val, &bcons->ca)) goto err; - } else if(!strcmp(val->name, "pathlen")) { - if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; + if (!strcmp(val->name, "CA")) { + if (!X509V3_get_value_bool(val, &bcons->ca)) + goto err; + } else if (!strcmp(val->name, "pathlen")) { + if (!X509V3_get_value_int(val, &bcons->pathlen)) + goto err; } else { - X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); + X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, + X509V3_R_INVALID_NAME); X509V3_conf_err(val); goto err; } } return bcons; - err: + +err: BASIC_CONSTRAINTS_free(bcons); return NULL; } - diff --git a/lib/libssl/src/crypto/x509v3/v3_bitst.c b/lib/libssl/src/crypto/x509v3/v3_bitst.c index 058d0d4dceb..31549cf0034 100644 --- a/lib/libssl/src/crypto/x509v3/v3_bitst.c +++ b/lib/libssl/src/crypto/x509v3/v3_bitst.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,74 +62,80 @@ #include static BIT_STRING_BITNAME ns_cert_type_table[] = { -{0, "SSL Client", "client"}, -{1, "SSL Server", "server"}, -{2, "S/MIME", "email"}, -{3, "Object Signing", "objsign"}, -{4, "Unused", "reserved"}, -{5, "SSL CA", "sslCA"}, -{6, "S/MIME CA", "emailCA"}, -{7, "Object Signing CA", "objCA"}, -{-1, NULL, NULL} + {0, "SSL Client", "client"}, + {1, "SSL Server", "server"}, + {2, "S/MIME", "email"}, + {3, "Object Signing", "objsign"}, + {4, "Unused", "reserved"}, + {5, "SSL CA", "sslCA"}, + {6, "S/MIME CA", "emailCA"}, + {7, "Object Signing CA", "objCA"}, + {-1, NULL, NULL} }; static BIT_STRING_BITNAME key_usage_type_table[] = { -{0, "Digital Signature", "digitalSignature"}, -{1, "Non Repudiation", "nonRepudiation"}, -{2, "Key Encipherment", "keyEncipherment"}, -{3, "Data Encipherment", "dataEncipherment"}, -{4, "Key Agreement", "keyAgreement"}, -{5, "Certificate Sign", "keyCertSign"}, -{6, "CRL Sign", "cRLSign"}, -{7, "Encipher Only", "encipherOnly"}, -{8, "Decipher Only", "decipherOnly"}, -{-1, NULL, NULL} + {0, "Digital Signature", "digitalSignature"}, + {1, "Non Repudiation", "nonRepudiation"}, + {2, "Key Encipherment", "keyEncipherment"}, + {3, "Data Encipherment", "dataEncipherment"}, + {4, "Key Agreement", "keyAgreement"}, + {5, "Certificate Sign", "keyCertSign"}, + {6, "CRL Sign", "cRLSign"}, + {7, "Encipher Only", "encipherOnly"}, + {8, "Decipher Only", "decipherOnly"}, + {-1, NULL, NULL} }; +const X509V3_EXT_METHOD v3_nscert = + EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); +const X509V3_EXT_METHOD v3_key_usage = + EXT_BITSTRING(NID_key_usage, key_usage_type_table); -const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); -const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); - -STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) +STACK_OF(CONF_VALUE) * +i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *ret) { BIT_STRING_BITNAME *bnam; - for(bnam =method->usr_data; bnam->lname; bnam++) { - if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) + + for (bnam = method->usr_data; bnam->lname; bnam++) { + if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) X509V3_add_value(bnam->lname, NULL, &ret); } return ret; } - -ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + +ASN1_BIT_STRING * +v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { CONF_VALUE *val; ASN1_BIT_STRING *bs; int i; BIT_STRING_BITNAME *bnam; - if(!(bs = M_ASN1_BIT_STRING_new())) { - X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); + + if (!(bs = M_ASN1_BIT_STRING_new())) { + X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - for(bnam = method->usr_data; bnam->lname; bnam++) { - if(!strcmp(bnam->sname, val->name) || - !strcmp(bnam->lname, val->name) ) { - if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { + for (bnam = method->usr_data; bnam->lname; bnam++) { + if (!strcmp(bnam->sname, val->name) || + !strcmp(bnam->lname, val->name) ) { + if (!ASN1_BIT_STRING_set_bit(bs, + bnam->bitnum, 1)) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); M_ASN1_BIT_STRING_free(bs); return NULL; } break; } } - if(!bnam->lname) { + if (!bnam->lname) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, - X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); + X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); X509V3_conf_err(val); M_ASN1_BIT_STRING_free(bs); return NULL; @@ -137,5 +143,3 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, } return bs; } - - diff --git a/lib/libssl/src/crypto/x509v3/v3_conf.c b/lib/libssl/src/crypto/x509v3/v3_conf.c index 519aefc93cf..daacf8d5df4 100644 --- a/lib/libssl/src/crypto/x509v3/v3_conf.c +++ b/lib/libssl/src/crypto/x509v3/v3_conf.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,7 +58,6 @@ /* extension creation utilities */ - #include #include #include "cryptlib.h" @@ -68,228 +67,242 @@ static int v3_check_critical(char **value); static int v3_check_generic(char **value); -static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); +static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, + int crit, char *value); +static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, + int crit, int type, X509V3_CTX *ctx); static char *conf_lhash_get_string(void *db, char *section, char *value); static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc); + int crit, void *ext_struc); static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); + /* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, - char *value) - { +X509_EXTENSION * +X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value) +{ int crit; int ext_type; X509_EXTENSION *ret; + crit = v3_check_critical(&value); - if ((ext_type = v3_check_generic(&value))) + if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(name, value, crit, ext_type, ctx); ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); - if (!ret) - { - X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); - ERR_add_error_data(4,"name=", name, ", value=", value); - } - return ret; + if (!ret) { + X509V3err(X509V3_F_X509V3_EXT_NCONF, + X509V3_R_ERROR_IN_EXTENSION); + ERR_add_error_data(4, "name=", name, ", value=", value); } + return ret; +} /* CONF *conf: Config file */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - char *value) - { +X509_EXTENSION * +X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value) +{ int crit; int ext_type; + crit = v3_check_critical(&value); - if ((ext_type = v3_check_generic(&value))) + if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(OBJ_nid2sn(ext_nid), - value, crit, ext_type, ctx); + value, crit, ext_type, ctx); return do_ext_nconf(conf, ctx, ext_nid, crit, value); - } +} /* CONF *conf: Config file */ /* char *value: Value */ -static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value) - { +static X509_EXTENSION * +do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value) +{ const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; - if (ext_nid == NID_undef) - { - X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); + + if (ext_nid == NID_undef) { + X509V3err(X509V3_F_DO_EXT_NCONF, + X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; - } - if (!(method = X509V3_EXT_get_nid(ext_nid))) - { - X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION); + } + if (!(method = X509V3_EXT_get_nid(ext_nid))) { + X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); return NULL; - } + } /* Now get internal extension representation based on type */ - if (method->v2i) - { - if(*value == '@') nval = NCONF_get_section(conf, value + 1); - else nval = X509V3_parse_list(value); - if(sk_CONF_VALUE_num(nval) <= 0) - { - X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); - ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); + if (method->v2i) { + if (*value == '@') + nval = NCONF_get_section(conf, value + 1); + else + nval = X509V3_parse_list(value); + if (sk_CONF_VALUE_num(nval) <= 0) { + X509V3err(X509V3_F_DO_EXT_NCONF, + X509V3_R_INVALID_EXTENSION_STRING); + ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), + ",section=", value); return NULL; - } - ext_struc = method->v2i(method, ctx, nval); - if(*value != '@') sk_CONF_VALUE_pop_free(nval, - X509V3_conf_free); - if(!ext_struc) return NULL; - } - else if(method->s2i) - { - if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; } - else if(method->r2i) - { - if(!ctx->db || !ctx->db_meth) - { - X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); + ext_struc = method->v2i(method, ctx, nval); + if (*value != '@') + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); + if (!ext_struc) + return NULL; + } else if (method->s2i) { + if (!(ext_struc = method->s2i(method, ctx, value))) + return NULL; + } else if (method->r2i) { + if (!ctx->db || !ctx->db_meth) { + X509V3err(X509V3_F_DO_EXT_NCONF, + X509V3_R_NO_CONFIG_DATABASE); return NULL; - } - if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; } - else - { - X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); + if (!(ext_struc = method->r2i(method, ctx, value))) + return NULL; + } else { + X509V3err(X509V3_F_DO_EXT_NCONF, + X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); return NULL; - } + } - ext = do_ext_i2d(method, ext_nid, crit, ext_struc); - if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); - else method->ext_free(ext_struc); + ext = do_ext_i2d(method, ext_nid, crit, ext_struc); + if (method->it) + ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); + else + method->ext_free(ext_struc); return ext; +} - } - -static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc) - { +static X509_EXTENSION * +do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, + void *ext_struc) +{ unsigned char *ext_der; int ext_len; ASN1_OCTET_STRING *ext_oct; X509_EXTENSION *ext; + /* Convert internal representation to DER */ - if (method->it) - { + if (method->it) { ext_der = NULL; - ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); - if (ext_len < 0) goto merr; - } - else - { + ext_len = ASN1_item_i2d(ext_struc, &ext_der, + ASN1_ITEM_ptr(method->it)); + if (ext_len < 0) + goto merr; + } else { unsigned char *p; ext_len = method->i2d(ext_struc, NULL); - if(!(ext_der = malloc(ext_len))) goto merr; + if (!(ext_der = malloc(ext_len))) + goto merr; p = ext_der; method->i2d(ext_struc, &p); - } - if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; + } + if (!(ext_oct = M_ASN1_OCTET_STRING_new())) + goto merr; ext_oct->data = ext_der; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); - if (!ext) goto merr; + if (!ext) + goto merr; M_ASN1_OCTET_STRING_free(ext_oct); return ext; - merr: - X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); +merr: + X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); return NULL; - } +} /* Given an internal structure, nid and critical flag create an extension */ -X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) - { +X509_EXTENSION * +X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) +{ const X509V3_EXT_METHOD *method; + if (!(method = X509V3_EXT_get_nid(ext_nid))) { - X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); + X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); return NULL; } return do_ext_i2d(method, ext_nid, crit, ext_struc); } /* Check the extension string for critical flag */ -static int v3_check_critical(char **value) +static int +v3_check_critical(char **value) { char *p = *value; - if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; - p+=9; - while(isspace((unsigned char)*p)) p++; - *value = p; + + if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) + return 0; + p += 9; + while (isspace((unsigned char)*p)) p++; + *value = p; return 1; } /* Check extension string for generic extension and return the type */ -static int v3_check_generic(char **value) +static int +v3_check_generic(char **value) { int gen_type = 0; char *p = *value; - if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) - { - p+=4; + + if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { + p += 4; gen_type = 1; - } - else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) - { - p+=5; + } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { + p += 5; gen_type = 2; - } - else + } else return 0; - while (isspace((unsigned char)*p)) p++; + while (isspace((unsigned char)*p)) + p++; *value = p; return gen_type; } /* Create a generic extension: for now just handle DER type */ -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, - int crit, int gen_type, - X509V3_CTX *ctx) - { - unsigned char *ext_der=NULL; +static X509_EXTENSION * +v3_generic_extension(const char *ext, char *value, int crit, int gen_type, + X509V3_CTX *ctx) +{ + unsigned char *ext_der = NULL; long ext_len; - ASN1_OBJECT *obj=NULL; - ASN1_OCTET_STRING *oct=NULL; - X509_EXTENSION *extension=NULL; - if (!(obj = OBJ_txt2obj(ext, 0))) - { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); + ASN1_OBJECT *obj = NULL; + ASN1_OCTET_STRING *oct = NULL; + X509_EXTENSION *extension = NULL; + + if (!(obj = OBJ_txt2obj(ext, 0))) { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION, + X509V3_R_EXTENSION_NAME_ERROR); ERR_add_error_data(2, "name=", ext); goto err; - } + } if (gen_type == 1) ext_der = string_to_hex(value, &ext_len); else if (gen_type == 2) ext_der = generic_asn1(value, ctx, &ext_len); - if (ext_der == NULL) - { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); + if (ext_der == NULL) { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION, + X509V3_R_EXTENSION_VALUE_ERROR); ERR_add_error_data(2, "value=", value); goto err; - } + } - if (!(oct = M_ASN1_OCTET_STRING_new())) - { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); + if (!(oct = M_ASN1_OCTET_STRING_new())) { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); goto err; - } + } oct->data = ext_der; oct->length = ext_len; @@ -297,79 +310,88 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); - err: +err: ASN1_OBJECT_free(obj); M_ASN1_OCTET_STRING_free(oct); - if(ext_der) free(ext_der); + if (ext_der) + free(ext_der); return extension; +} - } - -static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) - { +static unsigned char * +generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) +{ ASN1_TYPE *typ; unsigned char *ext_der = NULL; + typ = ASN1_generate_v3(value, ctx); if (typ == NULL) return NULL; *ext_len = i2d_ASN1_TYPE(typ, &ext_der); ASN1_TYPE_free(typ); return ext_der; - } +} /* This is the main function: add a bunch of extensions based on a config file * section to an extension STACK. */ - -int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, - STACK_OF(X509_EXTENSION) **sk) - { +int +X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, + STACK_OF(X509_EXTENSION) **sk) +{ X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; - CONF_VALUE *val; + CONF_VALUE *val; int i; - if (!(nval = NCONF_get_section(conf, section))) return 0; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + + if (!(nval = NCONF_get_section(conf, section))) + return 0; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) - return 0; - if (sk) X509v3_add_ext(sk, ext, -1); + return 0; + if (sk) + X509v3_add_ext(sk, ext, -1); X509_EXTENSION_free(ext); - } - return 1; } + return 1; +} /* Convenience functions to add extensions to a certificate, CRL and request */ -int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509 *cert) - { +int +X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert) +{ STACK_OF(X509_EXTENSION) **sk = NULL; + if (cert) sk = &cert->cert_info->extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); - } +} /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl) - { +int +X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_CRL *crl) +{ STACK_OF(X509_EXTENSION) **sk = NULL; + if (crl) sk = &crl->crl->extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); - } +} /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_REQ *req) - { +int +X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_REQ *req) +{ STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; int i; + if (req) sk = &extlist; i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); @@ -378,148 +400,171 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, i = X509_REQ_add_extensions(req, extlist); sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); return i; - } +} /* Config database functions */ -char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) - { - if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) - { - X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); +char * +X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) +{ + if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { + X509V3err(X509V3_F_X509V3_GET_STRING, + X509V3_R_OPERATION_NOT_DEFINED); return NULL; - } + } if (ctx->db_meth->get_string) - return ctx->db_meth->get_string(ctx->db, name, section); + return ctx->db_meth->get_string(ctx->db, name, section); return NULL; - } +} -STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) - { - if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) - { - X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); +STACK_OF(CONF_VALUE) * +X509V3_get_section(X509V3_CTX *ctx, char *section) +{ + if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { + X509V3err(X509V3_F_X509V3_GET_SECTION, + X509V3_R_OPERATION_NOT_DEFINED); return NULL; - } + } if (ctx->db_meth->get_section) - return ctx->db_meth->get_section(ctx->db, section); + return ctx->db_meth->get_section(ctx->db, section); return NULL; - } +} -void X509V3_string_free(X509V3_CTX *ctx, char *str) - { - if (!str) return; +void +X509V3_string_free(X509V3_CTX *ctx, char *str) +{ + if (!str) + return; if (ctx->db_meth->free_string) - ctx->db_meth->free_string(ctx->db, str); - } + ctx->db_meth->free_string(ctx->db, str); +} -void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) - { - if (!section) return; +void +X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) +{ + if (!section) + return; if (ctx->db_meth->free_section) - ctx->db_meth->free_section(ctx->db, section); - } + ctx->db_meth->free_section(ctx->db, section); +} -static char *nconf_get_string(void *db, char *section, char *value) - { +static char * +nconf_get_string(void *db, char *section, char *value) +{ return NCONF_get_string(db, section, value); - } +} -static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) - { +static +STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) +{ return NCONF_get_section(db, section); - } +} static X509V3_CONF_METHOD nconf_method = { -nconf_get_string, -nconf_get_section, -NULL, -NULL + nconf_get_string, + nconf_get_section, + NULL, + NULL }; -void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) - { +void +X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) +{ ctx->db_meth = &nconf_method; ctx->db = conf; - } +} -void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, - X509_CRL *crl, int flags) - { +void +X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, + X509_CRL *crl, int flags) +{ ctx->issuer_cert = issuer; ctx->subject_cert = subj; ctx->crl = crl; ctx->subject_req = req; ctx->flags = flags; - } +} /* Old conf compatibility functions */ -X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *name, char *value) - { +X509_EXTENSION * +X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name, + char *value) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_nconf(&ctmp, ctx, name, value); - } +} /* LHASH *conf: Config file */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - int ext_nid, char *value) - { +X509_EXTENSION * +X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, + char *value) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); - } +} -static char *conf_lhash_get_string(void *db, char *section, char *value) - { +static char * +conf_lhash_get_string(void *db, char *section, char *value) +{ return CONF_get_string(db, section, value); - } +} -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) - { +static STACK_OF(CONF_VALUE) * +conf_lhash_get_section(void *db, char *section) +{ return CONF_get_section(db, section); - } +} static X509V3_CONF_METHOD conf_lhash_method = { -conf_lhash_get_string, -conf_lhash_get_section, -NULL, -NULL + conf_lhash_get_string, + conf_lhash_get_section, + NULL, + NULL }; -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) - { +void +X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) +{ ctx->db_meth = &conf_lhash_method; ctx->db = lhash; - } +} -int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509 *cert) - { +int +X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section, + X509 *cert) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); - } +} /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_CRL *crl) - { +int +X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_CRL *crl) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); - } +} /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_REQ *req) - { +int +X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_REQ *req) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); - } +} diff --git a/lib/libssl/src/crypto/x509v3/v3_cpols.c b/lib/libssl/src/crypto/x509v3/v3_cpols.c index 1a337fa07e9..e00190242b6 100644 --- a/lib/libssl/src/crypto/x509v3/v3_cpols.c +++ b/lib/libssl/src/crypto/x509v3/v3_cpols.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -67,28 +67,32 @@ /* Certificate policies extension support: this one is a bit complex... */ -static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); -static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); -static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); +static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, + BIO *out, int indent); +static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *value); +static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, + int indent); static void print_notice(BIO *out, USERNOTICE *notice, int indent); static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org); + STACK_OF(CONF_VALUE) *polstrs, int ia5org); static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org); + STACK_OF(CONF_VALUE) *unot, int ia5org); static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); const X509V3_EXT_METHOD v3_cpols = { -NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), -0,0,0,0, -0,0, -0,0, -(X509V3_EXT_I2R)i2r_certpol, -(X509V3_EXT_R2I)r2i_certpol, -NULL + NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES), + 0, 0, 0, 0, + 0, 0, + 0, 0, + (X509V3_EXT_I2R)i2r_certpol, + (X509V3_EXT_R2I)r2i_certpol, + NULL }; -ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) +ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, + POLICYINFO) ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) @@ -100,7 +104,8 @@ ASN1_SEQUENCE(POLICYINFO) = { IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) -ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); +ASN1_ADB_TEMPLATE(policydefault) = + ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); ASN1_ADB(POLICYQUALINFO) = { ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), @@ -128,8 +133,9 @@ ASN1_SEQUENCE(NOTICEREF) = { IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) -static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *value) +static +STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + char *value) { STACK_OF(POLICYINFO) *pols = NULL; char *pstr; @@ -138,43 +144,47 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *vals; CONF_VALUE *cnf; int i, ia5org; + pols = sk_POLICYINFO_new_null(); if (pols == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); return NULL; } - vals = X509V3_parse_list(value); + vals = X509V3_parse_list(value); if (vals == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); goto err; } ia5org = 0; - for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { + for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { cnf = sk_CONF_VALUE_value(vals, i); - if(cnf->value || !cnf->name ) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); + if (cnf->value || !cnf->name ) { + X509V3err(X509V3_F_R2I_CERTPOL, + X509V3_R_INVALID_POLICY_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pstr = cnf->name; - if(!strcmp(pstr,"ia5org")) { + if (!strcmp(pstr, "ia5org")) { ia5org = 1; continue; - } else if(*pstr == '@') { + } else if (*pstr == '@') { STACK_OF(CONF_VALUE) *polsect; polsect = X509V3_get_section(ctx, pstr + 1); - if(!polsect) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); - + if (!polsect) { + X509V3err(X509V3_F_R2I_CERTPOL, + X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); goto err; } pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); - if(!pol) goto err; + if (!pol) + goto err; } else { - if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); + if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { + X509V3err(X509V3_F_R2I_CERTPOL, + X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); goto err; } @@ -189,123 +199,140 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, } sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pols; - err: + +err: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); sk_POLICYINFO_pop_free(pols, POLICYINFO_free); return NULL; } -static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org) +static POLICYINFO * +policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org) { int i; CONF_VALUE *cnf; POLICYINFO *pol; POLICYQUALINFO *qual; - if(!(pol = POLICYINFO_new())) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { + + if (!(pol = POLICYINFO_new())) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { cnf = sk_CONF_VALUE_value(polstrs, i); - if(!strcmp(cnf->name, "policyIdentifier")) { + if (!strcmp(cnf->name, "policyIdentifier")) { ASN1_OBJECT *pobj; - if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER); + if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pol->policyid = pobj; - - } else if(!name_cmp(cnf->name, "CPS")) { - if(!pol->qualifiers) pol->qualifiers = - sk_POLICYQUALINFO_new_null(); - if(!(qual = POLICYQUALINFO_new())) goto merr; - if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; + } else if (!name_cmp(cnf->name, "CPS")) { + if (!pol->qualifiers) + pol->qualifiers = sk_POLICYQUALINFO_new_null(); + if (!(qual = POLICYQUALINFO_new())) + goto merr; + if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) + goto merr; qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); qual->d.cpsuri = M_ASN1_IA5STRING_new(); - if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!name_cmp(cnf->name, "userNotice")) { + if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, + strlen(cnf->value))) + goto merr; + } else if (!name_cmp(cnf->name, "userNotice")) { STACK_OF(CONF_VALUE) *unot; - if(*cnf->value != '@') { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); + if (*cnf->value != '@') { + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_EXPECTED_A_SECTION_NAME); X509V3_conf_err(cnf); goto err; } unot = X509V3_get_section(ctx, cnf->value + 1); - if(!unot) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION); - + if (!unot) { + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); goto err; } qual = notice_section(ctx, unot, ia5org); X509V3_section_free(ctx, unot); - if(!qual) goto err; - if(!pol->qualifiers) pol->qualifiers = - sk_POLICYQUALINFO_new_null(); - if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; + if (!qual) + goto err; + if (!pol->qualifiers) pol->qualifiers = + sk_POLICYQUALINFO_new_null(); + if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) + goto merr; } else { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION); - + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_INVALID_OPTION); X509V3_conf_err(cnf); goto err; } } - if(!pol->policyid) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER); + if (!pol->policyid) { + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_NO_POLICY_IDENTIFIER); goto err; } return pol; - merr: - X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); +merr: + X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE); - err: +err: POLICYINFO_free(pol); return NULL; - - } -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org) +static POLICYQUALINFO * +notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) { int i, ret; CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; - if(!(qual = POLICYQUALINFO_new())) goto merr; + + if (!(qual = POLICYQUALINFO_new())) + goto merr; qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); - if(!(not = USERNOTICE_new())) goto merr; + if (!(not = USERNOTICE_new())) + goto merr; qual->d.usernotice = not; - for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { + for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); - if(!strcmp(cnf->name, "explicitText")) { + if (!strcmp(cnf->name, "explicitText")) { not->exptext = M_ASN1_VISIBLESTRING_new(); - if(!ASN1_STRING_set(not->exptext, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!strcmp(cnf->name, "organization")) { + if (!ASN1_STRING_set(not->exptext, cnf->value, + strlen(cnf->value))) + goto merr; + } else if (!strcmp(cnf->name, "organization")) { NOTICEREF *nref; - if(!not->noticeref) { - if(!(nref = NOTICEREF_new())) goto merr; + if (!not->noticeref) { + if (!(nref = NOTICEREF_new())) + goto merr; not->noticeref = nref; - } else nref = not->noticeref; - if(ia5org) nref->organization->type = V_ASN1_IA5STRING; - else nref->organization->type = V_ASN1_VISIBLESTRING; - if(!ASN1_STRING_set(nref->organization, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!strcmp(cnf->name, "noticeNumbers")) { + } else + nref = not->noticeref; + if (ia5org) + nref->organization->type = V_ASN1_IA5STRING; + else + nref->organization->type = V_ASN1_VISIBLESTRING; + if (!ASN1_STRING_set(nref->organization, cnf->value, + strlen(cnf->value))) + goto merr; + } else if (!strcmp(cnf->name, "noticeNumbers")) { NOTICEREF *nref; STACK_OF(CONF_VALUE) *nos; - if(!not->noticeref) { - if(!(nref = NOTICEREF_new())) goto merr; + if (!not->noticeref) { + if (!(nref = NOTICEREF_new())) + goto merr; not->noticeref = nref; } else nref = not->noticeref; - nos = X509V3_parse_list(cnf->value); - if(!nos || !sk_CONF_VALUE_num(nos)) { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); + nos = X509V3_parse_list(cnf->value); + if (!nos || !sk_CONF_VALUE_num(nos)) { + X509V3err(X509V3_F_NOTICE_SECTION, + X509V3_R_INVALID_NUMBERS); X509V3_conf_err(cnf); goto err; } @@ -314,94 +341,98 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if (!ret) goto err; } else { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); + X509V3err(X509V3_F_NOTICE_SECTION, + X509V3_R_INVALID_OPTION); X509V3_conf_err(cnf); goto err; } } - if(not->noticeref && - (!not->noticeref->noticenos || !not->noticeref->organization)) { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); - goto err; + if (not->noticeref && + (!not->noticeref->noticenos || !not->noticeref->organization)) { + X509V3err(X509V3_F_NOTICE_SECTION, + X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); + goto err; } return qual; - merr: - X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); +merr: + X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE); - err: +err: POLICYQUALINFO_free(qual); return NULL; } -static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) +static int +nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) { CONF_VALUE *cnf; ASN1_INTEGER *aint; - int i; - for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); - if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { - X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); + if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { + X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); goto err; } - if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; + if (!sk_ASN1_INTEGER_push(nnums, aint)) + goto merr; } return 1; - merr: - X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE); +merr: + X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); - err: +err: sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); return 0; } - -static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, - BIO *out, int indent) +static int +i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, + int indent) { int i; POLICYINFO *pinfo; + /* First print out the policy OIDs */ - for(i = 0; i < sk_POLICYINFO_num(pol); i++) { + for (i = 0; i < sk_POLICYINFO_num(pol); i++) { pinfo = sk_POLICYINFO_value(pol, i); BIO_printf(out, "%*sPolicy: ", indent, ""); i2a_ASN1_OBJECT(out, pinfo->policyid); BIO_puts(out, "\n"); - if(pinfo->qualifiers) - print_qualifiers(out, pinfo->qualifiers, indent + 2); + if (pinfo->qualifiers) + print_qualifiers(out, pinfo->qualifiers, indent + 2); } return 1; } -static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, - int indent) +static void +print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent) { POLICYQUALINFO *qualinfo; int i; - for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { + + for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { qualinfo = sk_POLICYQUALINFO_value(quals, i); - switch(OBJ_obj2nid(qualinfo->pqualid)) - { - case NID_id_qt_cps: + switch (OBJ_obj2nid(qualinfo->pqualid)) { + case NID_id_qt_cps: BIO_printf(out, "%*sCPS: %s\n", indent, "", - qualinfo->d.cpsuri->data); + qualinfo->d.cpsuri->data); break; - - case NID_id_qt_unotice: + + case NID_id_qt_unotice: BIO_printf(out, "%*sUser Notice:\n", indent, ""); print_notice(out, qualinfo->d.usernotice, indent + 2); break; - default: + default: BIO_printf(out, "%*sUnknown Qualifier: ", - indent + 2, ""); - + indent + 2, ""); + i2a_ASN1_OBJECT(out, qualinfo->pqualid); BIO_puts(out, "\n"); break; @@ -409,49 +440,51 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, } } -static void print_notice(BIO *out, USERNOTICE *notice, int indent) +static void +print_notice(BIO *out, USERNOTICE *notice, int indent) { int i; - if(notice->noticeref) { + + if (notice->noticeref) { NOTICEREF *ref; ref = notice->noticeref; BIO_printf(out, "%*sOrganization: %s\n", indent, "", - ref->organization->data); + ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", - sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); - for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { + sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); + for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { ASN1_INTEGER *num; char *tmp; num = sk_ASN1_INTEGER_value(ref->noticenos, i); - if(i) BIO_puts(out, ", "); + if (i) + BIO_puts(out, ", "); tmp = i2s_ASN1_INTEGER(NULL, num); BIO_puts(out, tmp); free(tmp); } BIO_puts(out, "\n"); } - if(notice->exptext) + if (notice->exptext) BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", - notice->exptext->data); + notice->exptext->data); } -void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) - { +void +X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) +{ const X509_POLICY_DATA *dat = node->data; BIO_printf(out, "%*sPolicy: ", indent, ""); - + i2a_ASN1_OBJECT(out, dat->valid_policy); BIO_puts(out, "\n"); BIO_printf(out, "%*s%s\n", indent + 2, "", - node_data_critical(dat) ? "Critical" : "Non Critical"); + node_data_critical(dat) ? "Critical" : "Non Critical"); if (dat->qualifier_set) print_qualifiers(out, dat->qualifier_set, indent + 2); else BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); - } - +} IMPLEMENT_STACK_OF(X509_POLICY_NODE) IMPLEMENT_STACK_OF(X509_POLICY_DATA) - diff --git a/lib/libssl/src/crypto/x509v3/v3_crld.c b/lib/libssl/src/crypto/x509v3/v3_crld.c index 790a6dd0328..31956554297 100644 --- a/lib/libssl/src/crypto/x509v3/v3_crld.c +++ b/lib/libssl/src/crypto/x509v3/v3_crld.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,67 +64,64 @@ #include static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent); + int indent); -const X509V3_EXT_METHOD v3_crld = - { +const X509V3_EXT_METHOD v3_crld = { NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_crld, - i2r_crldp,0, + i2r_crldp, 0, NULL - }; +}; -const X509V3_EXT_METHOD v3_freshest_crl = - { +const X509V3_EXT_METHOD v3_freshest_crl = { NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_crld, - i2r_crldp,0, + i2r_crldp, 0, NULL - }; +}; -static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) - { +static +STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) +{ STACK_OF(CONF_VALUE) *gnsect; STACK_OF(GENERAL_NAME) *gens; + if (*sect == '@') gnsect = X509V3_get_section(ctx, sect + 1); else gnsect = X509V3_parse_list(sect); - if (!gnsect) - { + if (!gnsect) { X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, - X509V3_R_SECTION_NOT_FOUND); + X509V3_R_SECTION_NOT_FOUND); return NULL; - } + } gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); if (*sect == '@') X509V3_section_free(ctx, gnsect); else sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free); return gens; - } +} -static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, - CONF_VALUE *cnf) - { +static int +set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf) +{ STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; - if (!strncmp(cnf->name, "fullname", 9)) - { + + if (!strncmp(cnf->name, "fullname", 9)) { fnm = gnames_from_sectname(ctx, cnf->value); if (!fnm) goto err; - } - else if (!strcmp(cnf->name, "relativename")) - { + } else if (!strcmp(cnf->name, "relativename")) { int ret; STACK_OF(CONF_VALUE) *dnsect; X509_NAME *nm; @@ -132,12 +129,11 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, if (!nm) return -1; dnsect = X509V3_get_section(ctx, cnf->value); - if (!dnsect) - { + if (!dnsect) { X509V3err(X509V3_F_SET_DIST_POINT_NAME, - X509V3_R_SECTION_NOT_FOUND); + X509V3_R_SECTION_NOT_FOUND); return -1; - } + } ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); X509V3_section_free(ctx, dnsect); rnm = nm->entries; @@ -149,135 +145,126 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, * RDNSequence */ if (sk_X509_NAME_ENTRY_value(rnm, - sk_X509_NAME_ENTRY_num(rnm) - 1)->set) - { + sk_X509_NAME_ENTRY_num(rnm) - 1)->set) { X509V3err(X509V3_F_SET_DIST_POINT_NAME, - X509V3_R_INVALID_MULTIPLE_RDNS); + X509V3_R_INVALID_MULTIPLE_RDNS); goto err; - } } - else + } else return 0; - if (*pdp) - { + if (*pdp) { X509V3err(X509V3_F_SET_DIST_POINT_NAME, - X509V3_R_DISTPOINT_ALREADY_SET); + X509V3_R_DISTPOINT_ALREADY_SET); goto err; - } + } *pdp = DIST_POINT_NAME_new(); if (!*pdp) goto err; - if (fnm) - { + if (fnm) { (*pdp)->type = 0; (*pdp)->name.fullname = fnm; - } - else - { + } else { (*pdp)->type = 1; (*pdp)->name.relativename = rnm; - } + } return 1; - - err: + +err: if (fnm) sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); if (rnm) sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); return -1; - } +} static const BIT_STRING_BITNAME reason_flags[] = { -{0, "Unused", "unused"}, -{1, "Key Compromise", "keyCompromise"}, -{2, "CA Compromise", "CACompromise"}, -{3, "Affiliation Changed", "affiliationChanged"}, -{4, "Superseded", "superseded"}, -{5, "Cessation Of Operation", "cessationOfOperation"}, -{6, "Certificate Hold", "certificateHold"}, -{7, "Privilege Withdrawn", "privilegeWithdrawn"}, -{8, "AA Compromise", "AACompromise"}, -{-1, NULL, NULL} + {0, "Unused", "unused"}, + {1, "Key Compromise", "keyCompromise"}, + {2, "CA Compromise", "CACompromise"}, + {3, "Affiliation Changed", "affiliationChanged"}, + {4, "Superseded", "superseded"}, + {5, "Cessation Of Operation", "cessationOfOperation"}, + {6, "Certificate Hold", "certificateHold"}, + {7, "Privilege Withdrawn", "privilegeWithdrawn"}, + {8, "AA Compromise", "AACompromise"}, + {-1, NULL, NULL} }; -static int set_reasons(ASN1_BIT_STRING **preas, char *value) - { +static int +set_reasons(ASN1_BIT_STRING **preas, char *value) +{ STACK_OF(CONF_VALUE) *rsk = NULL; const BIT_STRING_BITNAME *pbn; const char *bnam; int i, ret = 0; + rsk = X509V3_parse_list(value); if (!rsk) return 0; if (*preas) return 0; - for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { bnam = sk_CONF_VALUE_value(rsk, i)->name; - if (!*preas) - { + if (!*preas) { *preas = ASN1_BIT_STRING_new(); if (!*preas) goto err; - } - for (pbn = reason_flags; pbn->lname; pbn++) - { - if (!strcmp(pbn->sname, bnam)) - { + } + for (pbn = reason_flags; pbn->lname; pbn++) { + if (!strcmp(pbn->sname, bnam)) { if (!ASN1_BIT_STRING_set_bit(*preas, - pbn->bitnum, 1)) + pbn->bitnum, 1)) goto err; break; - } } + } if (!pbn->lname) goto err; - } + } ret = 1; - err: +err: sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); return ret; - } +} -static int print_reasons(BIO *out, const char *rname, - ASN1_BIT_STRING *rflags, int indent) - { +static int +print_reasons(BIO *out, const char *rname, ASN1_BIT_STRING *rflags, int indent) +{ int first = 1; const BIT_STRING_BITNAME *pbn; + BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); - for (pbn = reason_flags; pbn->lname; pbn++) - { - if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) - { + for (pbn = reason_flags; pbn->lname; pbn++) { + if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) { if (first) first = 0; else BIO_puts(out, ", "); BIO_puts(out, pbn->lname); - } } + } if (first) BIO_puts(out, "\n"); else BIO_puts(out, "\n"); return 1; - } +} -static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) - { +static DIST_POINT * +crldp_from_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +{ int i; CONF_VALUE *cnf; DIST_POINT *point = NULL; + point = DIST_POINT_new(); if (!point) goto err; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { int ret; cnf = sk_CONF_VALUE_value(nval, i); ret = set_dist_point_name(&point->distpoint, ctx, cnf); @@ -285,43 +272,42 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (!strcmp(cnf->name, "reasons")) - { + if (!strcmp(cnf->name, "reasons")) { if (!set_reasons(&point->reasons, cnf->value)) goto err; - } - else if (!strcmp(cnf->name, "CRLissuer")) - { + } + else if (!strcmp(cnf->name, "CRLissuer")) { point->CRLissuer = - gnames_from_sectname(ctx, cnf->value); + gnames_from_sectname(ctx, cnf->value); if (!point->CRLissuer) goto err; - } } + } return point; - - err: +err: if (point) DIST_POINT_free(point); return NULL; - } +} -static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) - { +static void * +v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ STACK_OF(DIST_POINT) *crld = NULL; GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; int i; - if(!(crld = sk_DIST_POINT_new_null())) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + + if (!(crld = sk_DIST_POINT_new_null())) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { DIST_POINT *point; cnf = sk_CONF_VALUE_value(nval, i); - if (!cnf->value) - { + if (!cnf->value) { STACK_OF(CONF_VALUE) *dpsect; dpsect = X509V3_get_section(ctx, cnf->name); if (!dpsect) @@ -330,40 +316,36 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_section_free(ctx, dpsect); if (!point) goto err; - if(!sk_DIST_POINT_push(crld, point)) - { + if (!sk_DIST_POINT_push(crld, point)) { DIST_POINT_free(point); goto merr; - } } - else - { - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - if(!(gens = GENERAL_NAMES_new())) + } else { + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; + if (!(gens = GENERAL_NAMES_new())) goto merr; - if(!sk_GENERAL_NAME_push(gens, gen)) + if (!sk_GENERAL_NAME_push(gens, gen)) goto merr; gen = NULL; - if(!(point = DIST_POINT_new())) + if (!(point = DIST_POINT_new())) goto merr; - if(!sk_DIST_POINT_push(crld, point)) - { + if (!sk_DIST_POINT_push(crld, point)) { DIST_POINT_free(point); goto merr; - } - if(!(point->distpoint = DIST_POINT_NAME_new())) + } + if (!(point->distpoint = DIST_POINT_NAME_new())) goto merr; point->distpoint->name.fullname = gens; point->distpoint->type = 0; gens = NULL; - } + } } return crld; - merr: - X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); - err: +merr: + X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE); +err: GENERAL_NAME_free(gen); GENERAL_NAMES_free(gens); sk_DIST_POINT_pop_free(crld, DIST_POINT_free); @@ -373,24 +355,23 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, IMPLEMENT_STACK_OF(DIST_POINT) IMPLEMENT_ASN1_SET_OF(DIST_POINT) -static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) - { +static int +dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +{ DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; - switch(operation) - { - case ASN1_OP_NEW_POST: + switch (operation) { + case ASN1_OP_NEW_POST: dpn->dpname = NULL; break; - case ASN1_OP_FREE_POST: + case ASN1_OP_FREE_POST: if (dpn->dpname) X509_NAME_free(dpn->dpname); break; - } - return 1; } + return 1; +} ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = { @@ -409,8 +390,9 @@ ASN1_SEQUENCE(DIST_POINT) = { IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) -ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) +ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, + DIST_POINT) ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) @@ -427,34 +409,34 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = { IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, - int indent); + int indent); static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + STACK_OF(CONF_VALUE) *nval); -const X509V3_EXT_METHOD v3_idp = - { +const X509V3_EXT_METHOD v3_idp = { NID_issuing_distribution_point, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(ISSUING_DIST_POINT), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_idp, - i2r_idp,0, + i2r_idp, 0, NULL - }; +}; -static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) - { +static void * +v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ ISSUING_DIST_POINT *idp = NULL; CONF_VALUE *cnf; char *name, *val; int i, ret; + idp = ISSUING_DIST_POINT_new(); if (!idp) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); name = cnf->name; val = cnf->value; @@ -463,82 +445,75 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (!strcmp(name, "onlyuser")) - { + if (!strcmp(name, "onlyuser")) { if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) goto err; - } - else if (!strcmp(name, "onlyCA")) - { + } + else if (!strcmp(name, "onlyCA")) { if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) goto err; - } - else if (!strcmp(name, "onlyAA")) - { + } + else if (!strcmp(name, "onlyAA")) { if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) goto err; - } - else if (!strcmp(name, "indirectCRL")) - { + } + else if (!strcmp(name, "indirectCRL")) { if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) goto err; - } - else if (!strcmp(name, "onlysomereasons")) - { + } + else if (!strcmp(name, "onlysomereasons")) { if (!set_reasons(&idp->onlysomereasons, val)) goto err; - } - else - { - X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); - X509V3_conf_err(cnf); - goto err; - } + } else { + X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); + X509V3_conf_err(cnf); + goto err; } + } return idp; - merr: - X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE); - err: +merr: + X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE); +err: ISSUING_DIST_POINT_free(idp); return NULL; - } +} -static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) - { +static int +print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) +{ int i; - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) - { + + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { BIO_printf(out, "%*s", indent + 2, ""); GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i)); BIO_puts(out, "\n"); - } - return 1; } + return 1; +} -static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) - { - if (dpn->type == 0) - { +static int +print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) +{ + if (dpn->type == 0) { BIO_printf(out, "%*sFull Name:\n", indent, ""); print_gens(out, dpn->name.fullname, indent); - } - else - { + } else { X509_NAME ntmp; ntmp.entries = dpn->name.relativename; BIO_printf(out, "%*sRelative Name:\n%*s", - indent, "", indent + 2, ""); + indent, "", indent + 2, ""); X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE); BIO_puts(out, "\n"); - } - return 1; } + return 1; +} -static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, - int indent) - { +static int +i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent) +{ ISSUING_DIST_POINT *idp = pidp; + if (idp->distpoint) print_distpoint(out, idp->distpoint, indent); if (idp->onlyuser > 0) @@ -548,69 +523,67 @@ static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, if (idp->indirectCRL > 0) BIO_printf(out, "%*sIndirect CRL\n", indent, ""); if (idp->onlysomereasons) - print_reasons(out, "Only Some Reasons", - idp->onlysomereasons, indent); + print_reasons(out, "Only Some Reasons", + idp->onlysomereasons, indent); if (idp->onlyattr > 0) BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, ""); - if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) - && (idp->indirectCRL <= 0) && !idp->onlysomereasons - && (idp->onlyattr <= 0)) + if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) && + (idp->indirectCRL <= 0) && !idp->onlysomereasons && + (idp->onlyattr <= 0)) BIO_printf(out, "%*s\n", indent, ""); - + return 1; - } +} -static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent) - { +static int +i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent) +{ STACK_OF(DIST_POINT) *crld = pcrldp; DIST_POINT *point; int i; - for(i = 0; i < sk_DIST_POINT_num(crld); i++) - { + + for (i = 0; i < sk_DIST_POINT_num(crld); i++) { BIO_puts(out, "\n"); point = sk_DIST_POINT_value(crld, i); - if(point->distpoint) + if (point->distpoint) print_distpoint(out, point->distpoint, indent); - if(point->reasons) + if (point->reasons) print_reasons(out, "Reasons", point->reasons, - indent); - if(point->CRLissuer) - { + indent); + if (point->CRLissuer) { BIO_printf(out, "%*sCRL Issuer:\n", indent, ""); print_gens(out, point->CRLissuer, indent); - } } - return 1; } + return 1; +} -int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) - { +int +DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) +{ int i; STACK_OF(X509_NAME_ENTRY) *frag; X509_NAME_ENTRY *ne; + if (!dpn || (dpn->type != 1)) return 1; frag = dpn->name.relativename; dpn->dpname = X509_NAME_dup(iname); if (!dpn->dpname) return 0; - for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) - { + for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) { ne = sk_X509_NAME_ENTRY_value(frag, i); - if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) - { + if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) { X509_NAME_free(dpn->dpname); dpn->dpname = NULL; return 0; - } } + } /* generate cached encoding of name */ - if (i2d_X509_NAME(dpn->dpname, NULL) < 0) - { + if (i2d_X509_NAME(dpn->dpname, NULL) < 0) { X509_NAME_free(dpn->dpname); dpn->dpname = NULL; return 0; - } - return 1; } + return 1; +} -- 2.20.1