KNF

author: miod <> 2014-05-17 19:56:35 +0000
committer: miod <> 2014-05-17 19:56:35 +0000
commit: 0800c7660118a9e5105bd591666d930d899d0b8c (patch)
tree: f2d366a23c3131d80591bf9c5de711d2e70b4b6e /src/lib/libcrypto/ocsp/ocsp_lib.c
parent: e9f9678d1aba19f14521109f545f7847365c2f85 (diff)
download: openbsd-0800c7660118a9e5105bd591666d930d899d0b8c.tar.gz
openbsd-0800c7660118a9e5105bd591666d930d899d0b8c.tar.bz2
openbsd-0800c7660118a9e5105bd591666d930d899d0b8c.zip
1 files changed, 87 insertions, 83 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 514cdabf2d..056bd27665 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -73,102 +73,112 @@
 /* Convert a certificate and its issuer to an OCSP_CERTID */
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
+OCSP_CERTID *
+OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
 {
        X509_NAME *iname;
        ASN1_INTEGER *serial;
        ASN1_BIT_STRING *ikey;
 #ifndef OPENSSL_NO_SHA1
-        if(!dgst) dgst = EVP_sha1();
+        if (!dgst)
+                dgst = EVP_sha1();
 #endif
-        if (subject)
+        if (subject) {
-                {
                iname = X509_get_issuer_name(subject);
                serial = X509_get_serialNumber(subject);
-                }
+        } else {
-        else
-                {
                iname = X509_get_subject_name(issuer);
                serial = NULL;
-                }
+        }
        ikey = X509_get0_pubkey_bitstr(issuer);
        return OCSP_cert_id_new(dgst, iname, ikey, serial);
 }
+OCSP_CERTID *
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
+OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
-                              X509_NAME *issuerName, 
+    ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber)
-                              ASN1_BIT_STRING* issuerKey, 
+{
-                              ASN1_INTEGER *serialNumber)
-        {
        int nid;
-        unsigned int i;
+        unsigned int i;
        X509_ALGOR *alg;
        OCSP_CERTID *cid = NULL;
        unsigned char md[EVP_MAX_MD_SIZE];
-        if (!(cid = OCSP_CERTID_new())) goto err;
+        if (!(cid = OCSP_CERTID_new()))
+                goto err;
        alg = cid->hashAlgorithm;
-        if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
+        if (alg->algorithm != NULL)
-        if ((nid = EVP_MD_type(dgst)) == NID_undef)
+                ASN1_OBJECT_free(alg->algorithm);
-                {
+        if ((nid = EVP_MD_type(dgst)) == NID_undef) {
-                OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
+                OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
+                goto err;
+        }
+        if (!(alg->algorithm=OBJ_nid2obj(nid)))
+                goto err;
+        if ((alg->parameter=ASN1_TYPE_new()) == NULL)
                goto err;
-                }
-        if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
-        if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
        alg->parameter->type=V_ASN1_NULL;
-        if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
+        if (!X509_NAME_digest(issuerName, dgst, md, &i))
-        if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
+                goto digerr;
+        if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))
+                goto err;
        /* Calculate the issuerKey hash, excluding tag and length */
        if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
                goto err;
-        if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
+        if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))
+                goto err;
-        if (serialNumber)
+        if (serialNumber) {
-                {
                ASN1_INTEGER_free(cid->serialNumber);
-                if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
+                if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
-                }
+                        goto err;
+        }
        return cid;
 digerr:
-        OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
+        OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
 err:
-        if (cid) OCSP_CERTID_free(cid);
+        if (cid)
+                OCSP_CERTID_free(cid);
        return NULL;
-        }
+}
-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+int
-        {
+OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+{
        int ret;
        ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
-        if (ret) return ret;
+        if (ret)
+                return ret;
        ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
-        if (ret) return ret;
+        if (ret)
+                return ret;
        return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
-        }
+}
-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+int
-        {
+OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+{
        int ret;
        ret = OCSP_id_issuer_cmp(a, b);
-        if (ret) return ret;
+        if (ret)
+                return ret;
        return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
-        }
+}
 /* Parse a URL and split it up into host, port and path components and whether
 * it is SSL.
 */
+int
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
+OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
-        {
+{
        char *p, *buf;
        char *host, *port;
        *phost = NULL;
@@ -177,26 +187,23 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
        /* dup the buffer since we are going to mess with it */
        buf = BUF_strdup(url);
-        if (!buf) goto mem_err;
+        if (!buf)
+                goto mem_err;
        /* Check for initial colon */
        p = strchr(buf, ':');
+        if (!p)
-        if (!p) goto parse_err;
+                goto parse_err;
        *(p++) = '\0';
-        if (!strcmp(buf, "http"))
+        if (!strcmp(buf, "http")) {
-                {
                *pssl = 0;
                port = "80";
-                }
+        } else if (!strcmp(buf, "https")) {
-        else if (!strcmp(buf, "https"))
-                {
                *pssl = 1;
                port = "443";
-                }
+        } else
-        else
                goto parse_err;
        /* Check for double slash */
@@ -208,59 +215,56 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
        host = p;
        /* Check for trailing part of path */
        p = strchr(p, '/');
        if (!p) 
                *ppath = BUF_strdup("/");
-        else
+        else {
-                {
                *ppath = BUF_strdup(p);
                /* Set start of path to 0 so hostname is valid */
                *p = '\0';
-                }
+        }
-        if (!*ppath) goto mem_err;
+        if (!*ppath)
+                goto mem_err;
        /* Look for optional ':' for port number */
-        if ((p = strchr(host, ':')))
+        if ((p = strchr(host, ':'))) {
-                {
                *p = 0;
                port = p + 1;
-                }
+        } else {
-        else
-                {
                /* Not found: set default port */
-                if (*pssl) port = "443";
+                if (*pssl)
-                else port = "80";
+                        port = "443";
-                }
+                else
+                        port = "80";
+        }
        *pport = BUF_strdup(port);
-        if (!*pport) goto mem_err;
+        if (!*pport)
+                goto mem_err;
        *phost = BUF_strdup(host);
-        if (!*phost) goto mem_err;
+        if (!*phost)
+                goto mem_err;
        free(buf);
        return 1;
-        mem_err:
+mem_err:
        OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
        goto err;
-        parse_err:
+parse_err:
        OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+err:
-        err:
+        free(buf);
-        if (buf) free(buf);
+        free(*ppath);
-        if (*ppath) free(*ppath);
+        free(*pport);
-        if (*pport) free(*pport);
+        free(*phost);
-        if (*phost) free(*phost);
        return 0;
+}
-        }
 IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
author	miod <>	2014-05-17 19:56:35 +0000
committer	miod <>	2014-05-17 19:56:35 +0000
commit	0800c7660118a9e5105bd591666d930d899d0b8c (patch)
tree	f2d366a23c3131d80591bf9c5de711d2e70b4b6e /src/lib/libcrypto/ocsp/ocsp_lib.c
parent	e9f9678d1aba19f14521109f545f7847365c2f85 (diff)
download	openbsd-0800c7660118a9e5105bd591666d930d899d0b8c.tar.gz openbsd-0800c7660118a9e5105bd591666d930d899d0b8c.tar.bz2 openbsd-0800c7660118a9e5105bd591666d930d899d0b8c.zip

diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c index 514cdabf2d..056bd27665 100644 --- a/src/lib/libcrypto/ocsp/ocsp_lib.c +++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -73,102 +73,112 @@
73		73
74	/* Convert a certificate and its issuer to an OCSP_CERTID */	74	/* Convert a certificate and its issuer to an OCSP_CERTID */
75		75
76	OCSP_CERTID OCSP_cert_to_id(const EVP_MD dgst, X509 subject, X509 issuer)	76	OCSP_CERTID *
		77	OCSP_cert_to_id(const EVP_MD dgst, X509 subject, X509 *issuer)
77	{	78	{
78	X509_NAME *iname;	79	X509_NAME *iname;
79	ASN1_INTEGER *serial;	80	ASN1_INTEGER *serial;
80	ASN1_BIT_STRING *ikey;	81	ASN1_BIT_STRING *ikey;
		82
81	#ifndef OPENSSL_NO_SHA1	83	#ifndef OPENSSL_NO_SHA1
82	if(!dgst) dgst = EVP_sha1();	84	if (!dgst)
		85	dgst = EVP_sha1();
83	#endif	86	#endif
84	if (subject)	87	if (subject) {
85	{
86	iname = X509_get_issuer_name(subject);	88	iname = X509_get_issuer_name(subject);
87	serial = X509_get_serialNumber(subject);	89	serial = X509_get_serialNumber(subject);
88	}	90	} else {
89	else
90	{
91	iname = X509_get_subject_name(issuer);	91	iname = X509_get_subject_name(issuer);
92	serial = NULL;	92	serial = NULL;
93	}	93	}
94	ikey = X509_get0_pubkey_bitstr(issuer);	94	ikey = X509_get0_pubkey_bitstr(issuer);
95	return OCSP_cert_id_new(dgst, iname, ikey, serial);	95	return OCSP_cert_id_new(dgst, iname, ikey, serial);
96	}	96	}
97		97
98		98	OCSP_CERTID *
99	OCSP_CERTID OCSP_cert_id_new(const EVP_MD dgst,	99	OCSP_cert_id_new(const EVP_MD dgst, X509_NAME issuerName,
100	X509_NAME *issuerName,	100	ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber)
101	ASN1_BIT_STRING* issuerKey,	101	{
102	ASN1_INTEGER *serialNumber)
103	{
104	int nid;	102	int nid;
105	unsigned int i;	103	unsigned int i;
106	X509_ALGOR *alg;	104	X509_ALGOR *alg;
107	OCSP_CERTID *cid = NULL;	105	OCSP_CERTID *cid = NULL;
108	unsigned char md[EVP_MAX_MD_SIZE];	106	unsigned char md[EVP_MAX_MD_SIZE];
109		107
110	if (!(cid = OCSP_CERTID_new())) goto err;	108	if (!(cid = OCSP_CERTID_new()))
		109	goto err;
111		110
112	alg = cid->hashAlgorithm;	111	alg = cid->hashAlgorithm;
113	if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);	112	if (alg->algorithm != NULL)
114	if ((nid = EVP_MD_type(dgst)) == NID_undef)	113	ASN1_OBJECT_free(alg->algorithm);
115	{	114	if ((nid = EVP_MD_type(dgst)) == NID_undef) {
116	OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);	115	OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
		116	goto err;
		117	}
		118	if (!(alg->algorithm=OBJ_nid2obj(nid)))
		119	goto err;
		120	if ((alg->parameter=ASN1_TYPE_new()) == NULL)
117	goto err;	121	goto err;
118	}
119	if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
120	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
121	alg->parameter->type=V_ASN1_NULL;	122	alg->parameter->type=V_ASN1_NULL;
122		123
123	if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;	124	if (!X509_NAME_digest(issuerName, dgst, md, &i))
124	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;	125	goto digerr;
		126	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))
		127	goto err;
125		128
126	/* Calculate the issuerKey hash, excluding tag and length */	129	/* Calculate the issuerKey hash, excluding tag and length */
127	if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))	130	if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
128	goto err;	131	goto err;
129		132
130	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;	133	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))
		134	goto err;
131		135
132	if (serialNumber)	136	if (serialNumber) {
133	{
134	ASN1_INTEGER_free(cid->serialNumber);	137	ASN1_INTEGER_free(cid->serialNumber);
135	if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;	138	if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
136	}	139	goto err;
		140	}
137	return cid;	141	return cid;
138	digerr:	142	digerr:
139	OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR);	143	OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
140	err:	144	err:
141	if (cid) OCSP_CERTID_free(cid);	145	if (cid)
		146	OCSP_CERTID_free(cid);
142	return NULL;	147	return NULL;
143	}	148	}
144		149
145	int OCSP_id_issuer_cmp(OCSP_CERTID a, OCSP_CERTID b)	150	int
146	{	151	OCSP_id_issuer_cmp(OCSP_CERTID a, OCSP_CERTID b)
		152	{
147	int ret;	153	int ret;
		154
148	ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);	155	ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
149	if (ret) return ret;	156	if (ret)
		157	return ret;
150	ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);	158	ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
151	if (ret) return ret;	159	if (ret)
		160	return ret;
152	return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);	161	return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
153	}	162	}
154		163
155	int OCSP_id_cmp(OCSP_CERTID a, OCSP_CERTID b)	164	int
156	{	165	OCSP_id_cmp(OCSP_CERTID a, OCSP_CERTID b)
		166	{
157	int ret;	167	int ret;
		168
158	ret = OCSP_id_issuer_cmp(a, b);	169	ret = OCSP_id_issuer_cmp(a, b);
159	if (ret) return ret;	170	if (ret)
		171	return ret;
160	return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);	172	return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
161	}	173	}
162
163		174
164	/* Parse a URL and split it up into host, port and path components and whether	175	/* Parse a URL and split it up into host, port and path components and whether
165	* it is SSL.	176	* it is SSL.
166	*/	177	*/
167		178	int
168	int OCSP_parse_url(char url, char phost, char pport, char ppath, int pssl)	179	OCSP_parse_url(char url, char phost, char pport, char ppath, int pssl)
169	{	180	{
170	char p, buf;	181	char p, buf;
171
172	char host, port;	182	char host, port;
173		183
174	*phost = NULL;	184	*phost = NULL;
@@ -177,26 +187,23 @@ int OCSP_parse_url(char url, char phost, char pport, char ppath, int pss
177		187
178	/* dup the buffer since we are going to mess with it */	188	/* dup the buffer since we are going to mess with it */
179	buf = BUF_strdup(url);	189	buf = BUF_strdup(url);
180	if (!buf) goto mem_err;	190	if (!buf)
		191	goto mem_err;
181		192
182	/* Check for initial colon */	193	/* Check for initial colon */
183	p = strchr(buf, ':');	194	p = strchr(buf, ':');
184		195	if (!p)
185	if (!p) goto parse_err;	196	goto parse_err;
186		197
187	*(p++) = '\0';	198	*(p++) = '\0';
188		199
189	if (!strcmp(buf, "http"))	200	if (!strcmp(buf, "http")) {
190	{
191	*pssl = 0;	201	*pssl = 0;
192	port = "80";	202	port = "80";
193	}	203	} else if (!strcmp(buf, "https")) {
194	else if (!strcmp(buf, "https"))
195	{
196	*pssl = 1;	204	*pssl = 1;
197	port = "443";	205	port = "443";
198	}	206	} else
199	else
200	goto parse_err;	207	goto parse_err;
201		208
202	/* Check for double slash */	209	/* Check for double slash */
@@ -208,59 +215,56 @@ int OCSP_parse_url(char url, char phost, char pport, char ppath, int pss
208	host = p;	215	host = p;
209		216
210	/* Check for trailing part of path */	217	/* Check for trailing part of path */
211
212	p = strchr(p, '/');	218	p = strchr(p, '/');
213
214	if (!p)	219	if (!p)
215	*ppath = BUF_strdup("/");	220	*ppath = BUF_strdup("/");
216	else	221	else {
217	{
218	*ppath = BUF_strdup(p);	222	*ppath = BUF_strdup(p);
219	/* Set start of path to 0 so hostname is valid */	223	/* Set start of path to 0 so hostname is valid */
220	*p = '\0';	224	*p = '\0';
221	}	225	}
222		226
223	if (!*ppath) goto mem_err;	227	if (!*ppath)
		228	goto mem_err;
224		229
225	/* Look for optional ':' for port number */	230	/* Look for optional ':' for port number */
226	if ((p = strchr(host, ':')))	231	if ((p = strchr(host, ':'))) {
227	{
228	*p = 0;	232	*p = 0;
229	port = p + 1;	233	port = p + 1;
230	}	234	} else {
231	else
232	{
233	/* Not found: set default port */	235	/* Not found: set default port */
234	if (*pssl) port = "443";	236	if (*pssl)
235	else port = "80";	237	port = "443";
236	}	238	else
		239	port = "80";
		240	}
237		241
238	*pport = BUF_strdup(port);	242	*pport = BUF_strdup(port);
239	if (!*pport) goto mem_err;	243	if (!*pport)
		244	goto mem_err;
240		245
241	*phost = BUF_strdup(host);	246	*phost = BUF_strdup(host);
242		247
243	if (!*phost) goto mem_err;	248	if (!*phost)
		249	goto mem_err;
244		250
245	free(buf);	251	free(buf);
246		252
247	return 1;	253	return 1;
248		254
249	mem_err:	255	mem_err:
250	OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);	256	OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
251	goto err;	257	goto err;
252		258
253	parse_err:	259	parse_err:
254	OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);	260	OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
255		261
256		262	err:
257	err:	263	free(buf);
258	if (buf) free(buf);	264	free(*ppath);
259	if (ppath) free(ppath);	265	free(*pport);
260	if (pport) free(pport);	266	free(*phost);
261	if (phost) free(phost);
262	return 0;	267	return 0;
263		268	}
264	}
265		269
266	IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)	270	IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)