diff options
| author | tedu <> | 2014-04-18 01:59:00 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-18 01:59:00 +0000 |
| commit | 513bec93d6747369737d3a618ef58a44410059f6 (patch) | |
| tree | 88ee4831e2437f9075e786ffb662bb05fe0e3df6 /src/lib/libcrypto/x509/x509_vpm.c | |
| parent | 1fca82b89342502ff32bda59bd067e303ff9d5ab (diff) | |
| download | openbsd-513bec93d6747369737d3a618ef58a44410059f6.tar.gz openbsd-513bec93d6747369737d3a618ef58a44410059f6.tar.bz2 openbsd-513bec93d6747369737d3a618ef58a44410059f6.zip | |
blunt force knf
Diffstat (limited to 'src/lib/libcrypto/x509/x509_vpm.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vpm.c | 135 |
1 files changed, 62 insertions, 73 deletions
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c index 5e3eba4029..7f0824f75e 100644 --- a/src/lib/libcrypto/x509/x509_vpm.c +++ b/src/lib/libcrypto/x509/x509_vpm.c | |||
| @@ -68,7 +68,7 @@ | |||
| 68 | /* X509_VERIFY_PARAM functions */ | 68 | /* X509_VERIFY_PARAM functions */ |
| 69 | 69 | ||
| 70 | static void x509_verify_param_zero(X509_VERIFY_PARAM *param) | 70 | static void x509_verify_param_zero(X509_VERIFY_PARAM *param) |
| 71 | { | 71 | { |
| 72 | if (!param) | 72 | if (!param) |
| 73 | return; | 73 | return; |
| 74 | param->name = NULL; | 74 | param->name = NULL; |
| @@ -78,27 +78,26 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) | |||
| 78 | param->inh_flags = 0; | 78 | param->inh_flags = 0; |
| 79 | param->flags = 0; | 79 | param->flags = 0; |
| 80 | param->depth = -1; | 80 | param->depth = -1; |
| 81 | if (param->policies) | 81 | if (param->policies) { |
| 82 | { | ||
| 83 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); | 82 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); |
| 84 | param->policies = NULL; | 83 | param->policies = NULL; |
| 85 | } | ||
| 86 | } | 84 | } |
| 85 | } | ||
| 87 | 86 | ||
| 88 | X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) | 87 | X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) |
| 89 | { | 88 | { |
| 90 | X509_VERIFY_PARAM *param; | 89 | X509_VERIFY_PARAM *param; |
| 91 | param = malloc(sizeof(X509_VERIFY_PARAM)); | 90 | param = malloc(sizeof(X509_VERIFY_PARAM)); |
| 92 | memset(param, 0, sizeof(X509_VERIFY_PARAM)); | 91 | memset(param, 0, sizeof(X509_VERIFY_PARAM)); |
| 93 | x509_verify_param_zero(param); | 92 | x509_verify_param_zero(param); |
| 94 | return param; | 93 | return param; |
| 95 | } | 94 | } |
| 96 | 95 | ||
| 97 | void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) | 96 | void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) |
| 98 | { | 97 | { |
| 99 | x509_verify_param_zero(param); | 98 | x509_verify_param_zero(param); |
| 100 | free(param); | 99 | free(param); |
| 101 | } | 100 | } |
| 102 | 101 | ||
| 103 | /* This function determines how parameters are "inherited" from one structure | 102 | /* This function determines how parameters are "inherited" from one structure |
| 104 | * to another. There are several different ways this can happen. | 103 | * to another. There are several different ways this can happen. |
| @@ -146,7 +145,7 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) | |||
| 146 | 145 | ||
| 147 | int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, | 146 | int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, |
| 148 | const X509_VERIFY_PARAM *src) | 147 | const X509_VERIFY_PARAM *src) |
| 149 | { | 148 | { |
| 150 | unsigned long inh_flags; | 149 | unsigned long inh_flags; |
| 151 | int to_default, to_overwrite; | 150 | int to_default, to_overwrite; |
| 152 | if (!src) | 151 | if (!src) |
| @@ -175,104 +174,101 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, | |||
| 175 | 174 | ||
| 176 | /* If overwrite or check time not set, copy across */ | 175 | /* If overwrite or check time not set, copy across */ |
| 177 | 176 | ||
| 178 | if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) | 177 | if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) { |
| 179 | { | ||
| 180 | dest->check_time = src->check_time; | 178 | dest->check_time = src->check_time; |
| 181 | dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; | 179 | dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; |
| 182 | /* Don't need to copy flag: that is done below */ | 180 | /* Don't need to copy flag: that is done below */ |
| 183 | } | 181 | } |
| 184 | 182 | ||
| 185 | if (inh_flags & X509_VP_FLAG_RESET_FLAGS) | 183 | if (inh_flags & X509_VP_FLAG_RESET_FLAGS) |
| 186 | dest->flags = 0; | 184 | dest->flags = 0; |
| 187 | 185 | ||
| 188 | dest->flags |= src->flags; | 186 | dest->flags |= src->flags; |
| 189 | 187 | ||
| 190 | if (test_x509_verify_param_copy(policies, NULL)) | 188 | if (test_x509_verify_param_copy(policies, NULL)) { |
| 191 | { | ||
| 192 | if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) | 189 | if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) |
| 193 | return 0; | 190 | return 0; |
| 194 | } | 191 | } |
| 195 | 192 | ||
| 196 | return 1; | 193 | return 1; |
| 197 | } | 194 | } |
| 198 | 195 | ||
| 199 | int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, | 196 | int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, |
| 200 | const X509_VERIFY_PARAM *from) | 197 | const X509_VERIFY_PARAM *from) |
| 201 | { | 198 | { |
| 202 | unsigned long save_flags = to->inh_flags; | 199 | unsigned long save_flags = to->inh_flags; |
| 203 | int ret; | 200 | int ret; |
| 204 | to->inh_flags |= X509_VP_FLAG_DEFAULT; | 201 | to->inh_flags |= X509_VP_FLAG_DEFAULT; |
| 205 | ret = X509_VERIFY_PARAM_inherit(to, from); | 202 | ret = X509_VERIFY_PARAM_inherit(to, from); |
| 206 | to->inh_flags = save_flags; | 203 | to->inh_flags = save_flags; |
| 207 | return ret; | 204 | return ret; |
| 208 | } | 205 | } |
| 209 | 206 | ||
| 210 | int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) | 207 | int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) |
| 211 | { | 208 | { |
| 212 | if (param->name) | 209 | if (param->name) |
| 213 | free(param->name); | 210 | free(param->name); |
| 214 | param->name = BUF_strdup(name); | 211 | param->name = BUF_strdup(name); |
| 215 | if (param->name) | 212 | if (param->name) |
| 216 | return 1; | 213 | return 1; |
| 217 | return 0; | 214 | return 0; |
| 218 | } | 215 | } |
| 219 | 216 | ||
| 220 | int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) | 217 | int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) |
| 221 | { | 218 | { |
| 222 | param->flags |= flags; | 219 | param->flags |= flags; |
| 223 | if (flags & X509_V_FLAG_POLICY_MASK) | 220 | if (flags & X509_V_FLAG_POLICY_MASK) |
| 224 | param->flags |= X509_V_FLAG_POLICY_CHECK; | 221 | param->flags |= X509_V_FLAG_POLICY_CHECK; |
| 225 | return 1; | 222 | return 1; |
| 226 | } | 223 | } |
| 227 | 224 | ||
| 228 | int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags) | 225 | int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags) |
| 229 | { | 226 | { |
| 230 | param->flags &= ~flags; | 227 | param->flags &= ~flags; |
| 231 | return 1; | 228 | return 1; |
| 232 | } | 229 | } |
| 233 | 230 | ||
| 234 | unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) | 231 | unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) |
| 235 | { | 232 | { |
| 236 | return param->flags; | 233 | return param->flags; |
| 237 | } | 234 | } |
| 238 | 235 | ||
| 239 | int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) | 236 | int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) |
| 240 | { | 237 | { |
| 241 | return X509_PURPOSE_set(¶m->purpose, purpose); | 238 | return X509_PURPOSE_set(¶m->purpose, purpose); |
| 242 | } | 239 | } |
| 243 | 240 | ||
| 244 | int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) | 241 | int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) |
| 245 | { | 242 | { |
| 246 | return X509_TRUST_set(¶m->trust, trust); | 243 | return X509_TRUST_set(¶m->trust, trust); |
| 247 | } | 244 | } |
| 248 | 245 | ||
| 249 | void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) | 246 | void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) |
| 250 | { | 247 | { |
| 251 | param->depth = depth; | 248 | param->depth = depth; |
| 252 | } | 249 | } |
| 253 | 250 | ||
| 254 | void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) | 251 | void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) |
| 255 | { | 252 | { |
| 256 | param->check_time = t; | 253 | param->check_time = t; |
| 257 | param->flags |= X509_V_FLAG_USE_CHECK_TIME; | 254 | param->flags |= X509_V_FLAG_USE_CHECK_TIME; |
| 258 | } | 255 | } |
| 259 | 256 | ||
| 260 | int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) | 257 | int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) |
| 261 | { | 258 | { |
| 262 | if (!param->policies) | 259 | if (!param->policies) { |
| 263 | { | ||
| 264 | param->policies = sk_ASN1_OBJECT_new_null(); | 260 | param->policies = sk_ASN1_OBJECT_new_null(); |
| 265 | if (!param->policies) | 261 | if (!param->policies) |
| 266 | return 0; | 262 | return 0; |
| 267 | } | 263 | } |
| 268 | if (!sk_ASN1_OBJECT_push(param->policies, policy)) | 264 | if (!sk_ASN1_OBJECT_push(param->policies, policy)) |
| 269 | return 0; | 265 | return 0; |
| 270 | return 1; | 266 | return 1; |
| 271 | } | 267 | } |
| 272 | 268 | ||
| 273 | int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, | 269 | int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, |
| 274 | STACK_OF(ASN1_OBJECT) *policies) | 270 | STACK_OF(ASN1_OBJECT) *policies) |
| 275 | { | 271 | { |
| 276 | int i; | 272 | int i; |
| 277 | ASN1_OBJECT *oid, *doid; | 273 | ASN1_OBJECT *oid, *doid; |
| 278 | if (!param) | 274 | if (!param) |
| @@ -280,36 +276,33 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, | |||
| 280 | if (param->policies) | 276 | if (param->policies) |
| 281 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); | 277 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); |
| 282 | 278 | ||
| 283 | if (!policies) | 279 | if (!policies) { |
| 284 | { | ||
| 285 | param->policies = NULL; | 280 | param->policies = NULL; |
| 286 | return 1; | 281 | return 1; |
| 287 | } | 282 | } |
| 288 | 283 | ||
| 289 | param->policies = sk_ASN1_OBJECT_new_null(); | 284 | param->policies = sk_ASN1_OBJECT_new_null(); |
| 290 | if (!param->policies) | 285 | if (!param->policies) |
| 291 | return 0; | 286 | return 0; |
| 292 | 287 | ||
| 293 | for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) | 288 | for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) { |
| 294 | { | ||
| 295 | oid = sk_ASN1_OBJECT_value(policies, i); | 289 | oid = sk_ASN1_OBJECT_value(policies, i); |
| 296 | doid = OBJ_dup(oid); | 290 | doid = OBJ_dup(oid); |
| 297 | if (!doid) | 291 | if (!doid) |
| 298 | return 0; | 292 | return 0; |
| 299 | if (!sk_ASN1_OBJECT_push(param->policies, doid)) | 293 | if (!sk_ASN1_OBJECT_push(param->policies, doid)) { |
| 300 | { | ||
| 301 | ASN1_OBJECT_free(doid); | 294 | ASN1_OBJECT_free(doid); |
| 302 | return 0; | 295 | return 0; |
| 303 | } | ||
| 304 | } | 296 | } |
| 297 | } | ||
| 305 | param->flags |= X509_V_FLAG_POLICY_CHECK; | 298 | param->flags |= X509_V_FLAG_POLICY_CHECK; |
| 306 | return 1; | 299 | return 1; |
| 307 | } | 300 | } |
| 308 | 301 | ||
| 309 | int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) | 302 | int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) |
| 310 | { | 303 | { |
| 311 | return param->depth; | 304 | return param->depth; |
| 312 | } | 305 | } |
| 313 | 306 | ||
| 314 | /* Default verify parameters: these are used for various | 307 | /* Default verify parameters: these are used for various |
| 315 | * applications and can be overridden by the user specified table. | 308 | * applications and can be overridden by the user specified table. |
| @@ -367,15 +360,16 @@ static const X509_VERIFY_PARAM default_table[] = { | |||
| 367 | X509_TRUST_SSL_SERVER, /* trust */ | 360 | X509_TRUST_SSL_SERVER, /* trust */ |
| 368 | -1, /* depth */ | 361 | -1, /* depth */ |
| 369 | NULL /* policies */ | 362 | NULL /* policies */ |
| 370 | }}; | 363 | } |
| 364 | }; | ||
| 371 | 365 | ||
| 372 | static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; | 366 | static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; |
| 373 | 367 | ||
| 374 | static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b) | 368 | static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b) |
| 375 | 369 | ||
| 376 | { | 370 | { |
| 377 | return strcmp(a->name, b->name); | 371 | return strcmp(a->name, b->name); |
| 378 | } | 372 | } |
| 379 | 373 | ||
| 380 | DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, | 374 | DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, |
| 381 | table); | 375 | table); |
| @@ -384,55 +378,50 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, | |||
| 384 | 378 | ||
| 385 | static int param_cmp(const X509_VERIFY_PARAM * const *a, | 379 | static int param_cmp(const X509_VERIFY_PARAM * const *a, |
| 386 | const X509_VERIFY_PARAM * const *b) | 380 | const X509_VERIFY_PARAM * const *b) |
| 387 | { | 381 | { |
| 388 | return strcmp((*a)->name, (*b)->name); | 382 | return strcmp((*a)->name, (*b)->name); |
| 389 | } | 383 | } |
| 390 | 384 | ||
| 391 | int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) | 385 | int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) |
| 392 | { | 386 | { |
| 393 | int idx; | 387 | int idx; |
| 394 | X509_VERIFY_PARAM *ptmp; | 388 | X509_VERIFY_PARAM *ptmp; |
| 395 | if (!param_table) | 389 | if (!param_table) { |
| 396 | { | ||
| 397 | param_table = sk_X509_VERIFY_PARAM_new(param_cmp); | 390 | param_table = sk_X509_VERIFY_PARAM_new(param_cmp); |
| 398 | if (!param_table) | 391 | if (!param_table) |
| 399 | return 0; | 392 | return 0; |
| 400 | } | 393 | } else { |
| 401 | else | ||
| 402 | { | ||
| 403 | idx = sk_X509_VERIFY_PARAM_find(param_table, param); | 394 | idx = sk_X509_VERIFY_PARAM_find(param_table, param); |
| 404 | if (idx != -1) | 395 | if (idx != -1) { |
| 405 | { | ||
| 406 | ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); | 396 | ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); |
| 407 | X509_VERIFY_PARAM_free(ptmp); | 397 | X509_VERIFY_PARAM_free(ptmp); |
| 408 | (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); | 398 | (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); |
| 409 | } | ||
| 410 | } | 399 | } |
| 400 | } | ||
| 411 | if (!sk_X509_VERIFY_PARAM_push(param_table, param)) | 401 | if (!sk_X509_VERIFY_PARAM_push(param_table, param)) |
| 412 | return 0; | 402 | return 0; |
| 413 | return 1; | 403 | return 1; |
| 414 | } | 404 | } |
| 415 | 405 | ||
| 416 | const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) | 406 | const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) |
| 417 | { | 407 | { |
| 418 | int idx; | 408 | int idx; |
| 419 | X509_VERIFY_PARAM pm; | 409 | X509_VERIFY_PARAM pm; |
| 420 | 410 | ||
| 421 | pm.name = (char *)name; | 411 | pm.name = (char *)name; |
| 422 | if (param_table) | 412 | if (param_table) { |
| 423 | { | ||
| 424 | idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); | 413 | idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); |
| 425 | if (idx != -1) | 414 | if (idx != -1) |
| 426 | return sk_X509_VERIFY_PARAM_value(param_table, idx); | 415 | return sk_X509_VERIFY_PARAM_value(param_table, idx); |
| 427 | } | 416 | } |
| 428 | return OBJ_bsearch_table(&pm, default_table, | 417 | return OBJ_bsearch_table(&pm, default_table, |
| 429 | sizeof(default_table)/sizeof(X509_VERIFY_PARAM)); | 418 | sizeof(default_table)/sizeof(X509_VERIFY_PARAM)); |
| 430 | } | 419 | } |
| 431 | 420 | ||
| 432 | void X509_VERIFY_PARAM_table_cleanup(void) | 421 | void X509_VERIFY_PARAM_table_cleanup(void) |
| 433 | { | 422 | { |
| 434 | if (param_table) | 423 | if (param_table) |
| 435 | sk_X509_VERIFY_PARAM_pop_free(param_table, | 424 | sk_X509_VERIFY_PARAM_pop_free(param_table, |
| 436 | X509_VERIFY_PARAM_free); | 425 | X509_VERIFY_PARAM_free); |
| 437 | param_table = NULL; | 426 | param_table = NULL; |
| 438 | } | 427 | } |