diff options
| author | tedu <> | 2014-04-18 00:58:49 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-18 00:58:49 +0000 |
| commit | a1df5b66c7ad477a535e56a504d8da47e1998cfa (patch) | |
| tree | b216ca6fba673789f2c494699c4cf41d23337bfa /src/lib/libcrypto/asn1/x_crl.c | |
| parent | 07f5c09b19f56c323fa22ebd5efb5a4df9f5dc4d (diff) | |
| download | openbsd-a1df5b66c7ad477a535e56a504d8da47e1998cfa.tar.gz openbsd-a1df5b66c7ad477a535e56a504d8da47e1998cfa.tar.bz2 openbsd-a1df5b66c7ad477a535e56a504d8da47e1998cfa.zip | |
lob a few more knf grenades in here to soften things up.
Diffstat (limited to 'src/lib/libcrypto/asn1/x_crl.c')
| -rw-r--r-- | src/lib/libcrypto/asn1/x_crl.c | 79 |
1 files changed, 28 insertions, 51 deletions
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c index b3a6355795..ea94f026b2 100644 --- a/src/lib/libcrypto/asn1/x_crl.c +++ b/src/lib/libcrypto/asn1/x_crl.c | |||
| @@ -101,10 +101,10 @@ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, | |||
| 101 | /* Just set cmp function here. We don't sort because that | 101 | /* Just set cmp function here. We don't sort because that |
| 102 | * would affect the output of X509_CRL_print(). | 102 | * would affect the output of X509_CRL_print(). |
| 103 | */ | 103 | */ |
| 104 | case ASN1_OP_D2I_POST: | 104 | case ASN1_OP_D2I_POST: |
| 105 | (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); | 105 | (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); |
| 106 | break; | 106 | break; |
| 107 | } | 107 | } |
| 108 | return 1; | 108 | return 1; |
| 109 | } | 109 | } |
| 110 | 110 | ||
| @@ -133,8 +133,7 @@ static int crl_set_issuers(X509_CRL *crl) | |||
| 133 | revoked = X509_CRL_get_REVOKED(crl); | 133 | revoked = X509_CRL_get_REVOKED(crl); |
| 134 | 134 | ||
| 135 | gens = NULL; | 135 | gens = NULL; |
| 136 | for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) | 136 | for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) { |
| 137 | { | ||
| 138 | X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); | 137 | X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); |
| 139 | STACK_OF(X509_EXTENSION) *exts; | 138 | STACK_OF(X509_EXTENSION) *exts; |
| 140 | ASN1_ENUMERATED *reason; | 139 | ASN1_ENUMERATED *reason; |
| @@ -142,17 +141,14 @@ static int crl_set_issuers(X509_CRL *crl) | |||
| 142 | gtmp = X509_REVOKED_get_ext_d2i(rev, | 141 | gtmp = X509_REVOKED_get_ext_d2i(rev, |
| 143 | NID_certificate_issuer, | 142 | NID_certificate_issuer, |
| 144 | &j, NULL); | 143 | &j, NULL); |
| 145 | if (!gtmp && (j != -1)) | 144 | if (!gtmp && (j != -1)) { |
| 146 | { | ||
| 147 | crl->flags |= EXFLAG_INVALID; | 145 | crl->flags |= EXFLAG_INVALID; |
| 148 | return 1; | 146 | return 1; |
| 149 | } | 147 | } |
| 150 | 148 | ||
| 151 | if (gtmp) | 149 | if (gtmp) { |
| 152 | { | ||
| 153 | gens = gtmp; | 150 | gens = gtmp; |
| 154 | if (!crl->issuers) | 151 | if (!crl->issuers) { |
| 155 | { | ||
| 156 | crl->issuers = sk_GENERAL_NAMES_new_null(); | 152 | crl->issuers = sk_GENERAL_NAMES_new_null(); |
| 157 | if (!crl->issuers) | 153 | if (!crl->issuers) |
| 158 | return 0; | 154 | return 0; |
| @@ -164,29 +160,24 @@ static int crl_set_issuers(X509_CRL *crl) | |||
| 164 | 160 | ||
| 165 | reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, | 161 | reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, |
| 166 | &j, NULL); | 162 | &j, NULL); |
| 167 | if (!reason && (j != -1)) | 163 | if (!reason && (j != -1)) { |
| 168 | { | ||
| 169 | crl->flags |= EXFLAG_INVALID; | 164 | crl->flags |= EXFLAG_INVALID; |
| 170 | return 1; | 165 | return 1; |
| 171 | } | 166 | } |
| 172 | 167 | ||
| 173 | if (reason) | 168 | if (reason) { |
| 174 | { | ||
| 175 | rev->reason = ASN1_ENUMERATED_get(reason); | 169 | rev->reason = ASN1_ENUMERATED_get(reason); |
| 176 | ASN1_ENUMERATED_free(reason); | 170 | ASN1_ENUMERATED_free(reason); |
| 177 | } | 171 | } else |
| 178 | else | ||
| 179 | rev->reason = CRL_REASON_NONE; | 172 | rev->reason = CRL_REASON_NONE; |
| 180 | 173 | ||
| 181 | /* Check for critical CRL entry extensions */ | 174 | /* Check for critical CRL entry extensions */ |
| 182 | 175 | ||
| 183 | exts = rev->extensions; | 176 | exts = rev->extensions; |
| 184 | 177 | ||
| 185 | for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) | 178 | for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) { |
| 186 | { | ||
| 187 | ext = sk_X509_EXTENSION_value(exts, j); | 179 | ext = sk_X509_EXTENSION_value(exts, j); |
| 188 | if (ext->critical > 0) | 180 | if (ext->critical > 0) { |
| 189 | { | ||
| 190 | if (OBJ_obj2nid(ext->object) == | 181 | if (OBJ_obj2nid(ext->object) == |
| 191 | NID_certificate_issuer) | 182 | NID_certificate_issuer) |
| 192 | continue; | 183 | continue; |
| @@ -213,9 +204,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, | |||
| 213 | X509_EXTENSION *ext; | 204 | X509_EXTENSION *ext; |
| 214 | int idx; | 205 | int idx; |
| 215 | 206 | ||
| 216 | switch(operation) | 207 | switch(operation) { |
| 217 | { | 208 | case ASN1_OP_NEW_POST: |
| 218 | case ASN1_OP_NEW_POST: | ||
| 219 | crl->idp = NULL; | 209 | crl->idp = NULL; |
| 220 | crl->akid = NULL; | 210 | crl->akid = NULL; |
| 221 | crl->flags = 0; | 211 | crl->flags = 0; |
| @@ -228,7 +218,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, | |||
| 228 | crl->base_crl_number = NULL; | 218 | crl->base_crl_number = NULL; |
| 229 | break; | 219 | break; |
| 230 | 220 | ||
| 231 | case ASN1_OP_D2I_POST: | 221 | case ASN1_OP_D2I_POST: |
| 232 | #ifndef OPENSSL_NO_SHA | 222 | #ifndef OPENSSL_NO_SHA |
| 233 | X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); | 223 | X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); |
| 234 | #endif | 224 | #endif |
| @@ -259,15 +249,13 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, | |||
| 259 | 249 | ||
| 260 | exts = crl->crl->extensions; | 250 | exts = crl->crl->extensions; |
| 261 | 251 | ||
| 262 | for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) | 252 | for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { |
| 263 | { | ||
| 264 | int nid; | 253 | int nid; |
| 265 | ext = sk_X509_EXTENSION_value(exts, idx); | 254 | ext = sk_X509_EXTENSION_value(exts, idx); |
| 266 | nid = OBJ_obj2nid(ext->object); | 255 | nid = OBJ_obj2nid(ext->object); |
| 267 | if (nid == NID_freshest_crl) | 256 | if (nid == NID_freshest_crl) |
| 268 | crl->flags |= EXFLAG_FRESHEST; | 257 | crl->flags |= EXFLAG_FRESHEST; |
| 269 | if (ext->critical > 0) | 258 | if (ext->critical > 0) { |
| 270 | { | ||
| 271 | /* We handle IDP and deltas */ | 259 | /* We handle IDP and deltas */ |
| 272 | if ((nid == NID_issuing_distribution_point) | 260 | if ((nid == NID_issuing_distribution_point) |
| 273 | || (nid == NID_delta_crl)) | 261 | || (nid == NID_delta_crl)) |
| @@ -281,16 +269,14 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, | |||
| 281 | if (!crl_set_issuers(crl)) | 269 | if (!crl_set_issuers(crl)) |
| 282 | return 0; | 270 | return 0; |
| 283 | 271 | ||
| 284 | if (crl->meth->crl_init) | 272 | if (crl->meth->crl_init) { |
| 285 | { | ||
| 286 | if (crl->meth->crl_init(crl) == 0) | 273 | if (crl->meth->crl_init(crl) == 0) |
| 287 | return 0; | 274 | return 0; |
| 288 | } | 275 | } |
| 289 | break; | 276 | break; |
| 290 | 277 | ||
| 291 | case ASN1_OP_FREE_POST: | 278 | case ASN1_OP_FREE_POST: |
| 292 | if (crl->meth->crl_free) | 279 | if (crl->meth->crl_free) { |
| 293 | { | ||
| 294 | if (!crl->meth->crl_free(crl)) | 280 | if (!crl->meth->crl_free(crl)) |
| 295 | return 0; | 281 | return 0; |
| 296 | } | 282 | } |
| @@ -313,18 +299,15 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) | |||
| 313 | int idp_only = 0; | 299 | int idp_only = 0; |
| 314 | /* Set various flags according to IDP */ | 300 | /* Set various flags according to IDP */ |
| 315 | crl->idp_flags |= IDP_PRESENT; | 301 | crl->idp_flags |= IDP_PRESENT; |
| 316 | if (idp->onlyuser > 0) | 302 | if (idp->onlyuser > 0) { |
| 317 | { | ||
| 318 | idp_only++; | 303 | idp_only++; |
| 319 | crl->idp_flags |= IDP_ONLYUSER; | 304 | crl->idp_flags |= IDP_ONLYUSER; |
| 320 | } | 305 | } |
| 321 | if (idp->onlyCA > 0) | 306 | if (idp->onlyCA > 0) { |
| 322 | { | ||
| 323 | idp_only++; | 307 | idp_only++; |
| 324 | crl->idp_flags |= IDP_ONLYCA; | 308 | crl->idp_flags |= IDP_ONLYCA; |
| 325 | } | 309 | } |
| 326 | if (idp->onlyattr > 0) | 310 | if (idp->onlyattr > 0) { |
| 327 | { | ||
| 328 | idp_only++; | 311 | idp_only++; |
| 329 | crl->idp_flags |= IDP_ONLYATTR; | 312 | crl->idp_flags |= IDP_ONLYATTR; |
| 330 | } | 313 | } |
| @@ -335,8 +318,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) | |||
| 335 | if (idp->indirectCRL > 0) | 318 | if (idp->indirectCRL > 0) |
| 336 | crl->idp_flags |= IDP_INDIRECT; | 319 | crl->idp_flags |= IDP_INDIRECT; |
| 337 | 320 | ||
| 338 | if (idp->onlysomereasons) | 321 | if (idp->onlysomereasons) { |
| 339 | { | ||
| 340 | crl->idp_flags |= IDP_REASONS; | 322 | crl->idp_flags |= IDP_REASONS; |
| 341 | if (idp->onlysomereasons->length > 0) | 323 | if (idp->onlysomereasons->length > 0) |
| 342 | crl->idp_reasons = idp->onlysomereasons->data[0]; | 324 | crl->idp_reasons = idp->onlysomereasons->data[0]; |
| @@ -417,8 +399,7 @@ static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, | |||
| 417 | { | 399 | { |
| 418 | int i; | 400 | int i; |
| 419 | 401 | ||
| 420 | if (!rev->issuer) | 402 | if (!rev->issuer) { |
| 421 | { | ||
| 422 | if (!nm) | 403 | if (!nm) |
| 423 | return 1; | 404 | return 1; |
| 424 | if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) | 405 | if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) |
| @@ -429,8 +410,7 @@ static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, | |||
| 429 | if (!nm) | 410 | if (!nm) |
| 430 | nm = X509_CRL_get_issuer(crl); | 411 | nm = X509_CRL_get_issuer(crl); |
| 431 | 412 | ||
| 432 | for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) | 413 | for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) { |
| 433 | { | ||
| 434 | GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); | 414 | GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); |
| 435 | if (gen->type != GEN_DIRNAME) | 415 | if (gen->type != GEN_DIRNAME) |
| 436 | continue; | 416 | continue; |
| @@ -450,8 +430,7 @@ static int def_crl_lookup(X509_CRL *crl, | |||
| 450 | /* Sort revoked into serial number order if not already sorted. | 430 | /* Sort revoked into serial number order if not already sorted. |
| 451 | * Do this under a lock to avoid race condition. | 431 | * Do this under a lock to avoid race condition. |
| 452 | */ | 432 | */ |
| 453 | if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) | 433 | if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { |
| 454 | { | ||
| 455 | CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); | 434 | CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); |
| 456 | sk_X509_REVOKED_sort(crl->crl->revoked); | 435 | sk_X509_REVOKED_sort(crl->crl->revoked); |
| 457 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); | 436 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); |
| @@ -460,13 +439,11 @@ static int def_crl_lookup(X509_CRL *crl, | |||
| 460 | if(idx < 0) | 439 | if(idx < 0) |
| 461 | return 0; | 440 | return 0; |
| 462 | /* Need to look for matching name */ | 441 | /* Need to look for matching name */ |
| 463 | for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) | 442 | for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) { |
| 464 | { | ||
| 465 | rev = sk_X509_REVOKED_value(crl->crl->revoked, idx); | 443 | rev = sk_X509_REVOKED_value(crl->crl->revoked, idx); |
| 466 | if (ASN1_INTEGER_cmp(rev->serialNumber, serial)) | 444 | if (ASN1_INTEGER_cmp(rev->serialNumber, serial)) |
| 467 | return 0; | 445 | return 0; |
| 468 | if (crl_revoked_issuer_match(crl, issuer, rev)) | 446 | if (crl_revoked_issuer_match(crl, issuer, rev)) { |
| 469 | { | ||
| 470 | if (ret) | 447 | if (ret) |
| 471 | *ret = rev; | 448 | *ret = rev; |
| 472 | if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) | 449 | if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) |