diff options
| author | jsing <> | 2014-04-21 17:02:33 +0000 |
|---|---|---|
| committer | jsing <> | 2014-04-21 17:02:33 +0000 |
| commit | 99afdfe5ba7757a5ea5051f8881b3fe1ac016ece (patch) | |
| tree | 643695fdb9ba102ffa4879182b0dd9c297d8c0f3 /src/lib/libcrypto/x509v3/v3_lib.c | |
| parent | 1d74853fd0a51591b1a5915391aee920ef15e5eb (diff) | |
| download | openbsd-99afdfe5ba7757a5ea5051f8881b3fe1ac016ece.tar.gz openbsd-99afdfe5ba7757a5ea5051f8881b3fe1ac016ece.tar.bz2 openbsd-99afdfe5ba7757a5ea5051f8881b3fe1ac016ece.zip | |
KNF.
Diffstat (limited to 'src/lib/libcrypto/x509v3/v3_lib.c')
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_lib.c | 179 |
1 files changed, 108 insertions, 71 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c index 8d5e6ee911..3f610cdaa3 100644 --- a/src/lib/libcrypto/x509v3/v3_lib.c +++ b/src/lib/libcrypto/x509v3/v3_lib.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -67,74 +67,87 @@ | |||
| 67 | static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; | 67 | static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; |
| 68 | 68 | ||
| 69 | static int ext_cmp(const X509V3_EXT_METHOD * const *a, | 69 | static int ext_cmp(const X509V3_EXT_METHOD * const *a, |
| 70 | const X509V3_EXT_METHOD * const *b); | 70 | const X509V3_EXT_METHOD * const *b); |
| 71 | static void ext_list_free(X509V3_EXT_METHOD *ext); | 71 | static void ext_list_free(X509V3_EXT_METHOD *ext); |
| 72 | 72 | ||
| 73 | int X509V3_EXT_add(X509V3_EXT_METHOD *ext) | 73 | int |
| 74 | X509V3_EXT_add(X509V3_EXT_METHOD *ext) | ||
| 74 | { | 75 | { |
| 75 | if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { | 76 | if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { |
| 76 | X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); | 77 | X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); |
| 77 | return 0; | 78 | return 0; |
| 78 | } | 79 | } |
| 79 | if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { | 80 | if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { |
| 80 | X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); | 81 | X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); |
| 81 | return 0; | 82 | return 0; |
| 82 | } | 83 | } |
| 83 | return 1; | 84 | return 1; |
| 84 | } | 85 | } |
| 85 | 86 | ||
| 86 | static int ext_cmp(const X509V3_EXT_METHOD * const *a, | 87 | static int |
| 87 | const X509V3_EXT_METHOD * const *b) | 88 | ext_cmp(const X509V3_EXT_METHOD * const *a, const X509V3_EXT_METHOD * const *b) |
| 88 | { | 89 | { |
| 89 | return ((*a)->ext_nid - (*b)->ext_nid); | 90 | return ((*a)->ext_nid - (*b)->ext_nid); |
| 90 | } | 91 | } |
| 91 | 92 | ||
| 92 | DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *, | 93 | DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, |
| 93 | ext); | 94 | const X509V3_EXT_METHOD *, ext); |
| 94 | IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, | 95 | IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, |
| 95 | const X509V3_EXT_METHOD *, ext); | 96 | const X509V3_EXT_METHOD *, ext); |
| 96 | 97 | ||
| 97 | const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) | 98 | const X509V3_EXT_METHOD * |
| 99 | X509V3_EXT_get_nid(int nid) | ||
| 98 | { | 100 | { |
| 99 | X509V3_EXT_METHOD tmp; | 101 | X509V3_EXT_METHOD tmp; |
| 100 | const X509V3_EXT_METHOD *t = &tmp, * const *ret; | 102 | const X509V3_EXT_METHOD *t = &tmp, * const *ret; |
| 101 | int idx; | 103 | int idx; |
| 102 | if(nid < 0) return NULL; | 104 | |
| 105 | if (nid < 0) | ||
| 106 | return NULL; | ||
| 103 | tmp.ext_nid = nid; | 107 | tmp.ext_nid = nid; |
| 104 | ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT); | 108 | ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT); |
| 105 | if(ret) return *ret; | 109 | if (ret) |
| 106 | if(!ext_list) return NULL; | 110 | return *ret; |
| 111 | if (!ext_list) | ||
| 112 | return NULL; | ||
| 107 | idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); | 113 | idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); |
| 108 | if(idx == -1) return NULL; | 114 | if (idx == -1) |
| 115 | return NULL; | ||
| 109 | return sk_X509V3_EXT_METHOD_value(ext_list, idx); | 116 | return sk_X509V3_EXT_METHOD_value(ext_list, idx); |
| 110 | } | 117 | } |
| 111 | 118 | ||
| 112 | const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) | 119 | const X509V3_EXT_METHOD * |
| 120 | X509V3_EXT_get(X509_EXTENSION *ext) | ||
| 113 | { | 121 | { |
| 114 | int nid; | 122 | int nid; |
| 115 | if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; | 123 | |
| 124 | if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) | ||
| 125 | return NULL; | ||
| 116 | return X509V3_EXT_get_nid(nid); | 126 | return X509V3_EXT_get_nid(nid); |
| 117 | } | 127 | } |
| 118 | 128 | ||
| 119 | 129 | int | |
| 120 | int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) | 130 | X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) |
| 121 | { | 131 | { |
| 122 | for(;extlist->ext_nid!=-1;extlist++) | 132 | for (; extlist->ext_nid!=-1; extlist++) |
| 123 | if(!X509V3_EXT_add(extlist)) return 0; | 133 | if (!X509V3_EXT_add(extlist)) |
| 134 | return 0; | ||
| 124 | return 1; | 135 | return 1; |
| 125 | } | 136 | } |
| 126 | 137 | ||
| 127 | int X509V3_EXT_add_alias(int nid_to, int nid_from) | 138 | int |
| 139 | X509V3_EXT_add_alias(int nid_to, int nid_from) | ||
| 128 | { | 140 | { |
| 129 | const X509V3_EXT_METHOD *ext; | 141 | const X509V3_EXT_METHOD *ext; |
| 130 | X509V3_EXT_METHOD *tmpext; | 142 | X509V3_EXT_METHOD *tmpext; |
| 131 | 143 | ||
| 132 | if(!(ext = X509V3_EXT_get_nid(nid_from))) { | 144 | if (!(ext = X509V3_EXT_get_nid(nid_from))) { |
| 133 | X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); | 145 | X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, |
| 146 | X509V3_R_EXTENSION_NOT_FOUND); | ||
| 134 | return 0; | 147 | return 0; |
| 135 | } | 148 | } |
| 136 | if(!(tmpext = malloc(sizeof(X509V3_EXT_METHOD)))) { | 149 | if (!(tmpext = malloc(sizeof(X509V3_EXT_METHOD)))) { |
| 137 | X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE); | 150 | X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE); |
| 138 | return 0; | 151 | return 0; |
| 139 | } | 152 | } |
| 140 | *tmpext = *ext; | 153 | *tmpext = *ext; |
| @@ -143,36 +156,44 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) | |||
| 143 | return X509V3_EXT_add(tmpext); | 156 | return X509V3_EXT_add(tmpext); |
| 144 | } | 157 | } |
| 145 | 158 | ||
| 146 | void X509V3_EXT_cleanup(void) | 159 | void |
| 160 | X509V3_EXT_cleanup(void) | ||
| 147 | { | 161 | { |
| 148 | sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); | 162 | sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); |
| 149 | ext_list = NULL; | 163 | ext_list = NULL; |
| 150 | } | 164 | } |
| 151 | 165 | ||
| 152 | static void ext_list_free(X509V3_EXT_METHOD *ext) | 166 | static void |
| 167 | ext_list_free(X509V3_EXT_METHOD *ext) | ||
| 153 | { | 168 | { |
| 154 | if(ext->ext_flags & X509V3_EXT_DYNAMIC) free(ext); | 169 | if (ext->ext_flags & X509V3_EXT_DYNAMIC) |
| 170 | free(ext); | ||
| 155 | } | 171 | } |
| 156 | 172 | ||
| 157 | /* Legacy function: we don't need to add standard extensions | 173 | /* Legacy function: we don't need to add standard extensions |
| 158 | * any more because they are now kept in ext_dat.h. | 174 | * any more because they are now kept in ext_dat.h. |
| 159 | */ | 175 | */ |
| 160 | 176 | ||
| 161 | int X509V3_add_standard_extensions(void) | 177 | int |
| 178 | X509V3_add_standard_extensions(void) | ||
| 162 | { | 179 | { |
| 163 | return 1; | 180 | return 1; |
| 164 | } | 181 | } |
| 165 | 182 | ||
| 166 | /* Return an extension internal structure */ | 183 | /* Return an extension internal structure */ |
| 167 | 184 | ||
| 168 | void *X509V3_EXT_d2i(X509_EXTENSION *ext) | 185 | void * |
| 186 | X509V3_EXT_d2i(X509_EXTENSION *ext) | ||
| 169 | { | 187 | { |
| 170 | const X509V3_EXT_METHOD *method; | 188 | const X509V3_EXT_METHOD *method; |
| 171 | const unsigned char *p; | 189 | const unsigned char *p; |
| 172 | 190 | ||
| 173 | if(!(method = X509V3_EXT_get(ext))) return NULL; | 191 | if (!(method = X509V3_EXT_get(ext))) |
| 192 | return NULL; | ||
| 174 | p = ext->value->data; | 193 | p = ext->value->data; |
| 175 | if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); | 194 | if (method->it) |
| 195 | return ASN1_item_d2i(NULL, &p, ext->value->length, | ||
| 196 | ASN1_ITEM_ptr(method->it)); | ||
| 176 | return method->d2i(NULL, &p, ext->value->length); | 197 | return method->d2i(NULL, &p, ext->value->length); |
| 177 | } | 198 | } |
| 178 | 199 | ||
| @@ -191,43 +212,53 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) | |||
| 191 | * -2 extension occurs more than once. | 212 | * -2 extension occurs more than once. |
| 192 | */ | 213 | */ |
| 193 | 214 | ||
| 194 | void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) | 215 | void * |
| 216 | X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) | ||
| 195 | { | 217 | { |
| 196 | int lastpos, i; | 218 | int lastpos, i; |
| 197 | X509_EXTENSION *ex, *found_ex = NULL; | 219 | X509_EXTENSION *ex, *found_ex = NULL; |
| 198 | if(!x) { | 220 | |
| 199 | if(idx) *idx = -1; | 221 | if (!x) { |
| 200 | if(crit) *crit = -1; | 222 | if (idx) |
| 223 | *idx = -1; | ||
| 224 | if (crit) | ||
| 225 | *crit = -1; | ||
| 201 | return NULL; | 226 | return NULL; |
| 202 | } | 227 | } |
| 203 | if(idx) lastpos = *idx + 1; | 228 | if (idx) |
| 204 | else lastpos = 0; | 229 | lastpos = *idx + 1; |
| 205 | if(lastpos < 0) lastpos = 0; | 230 | else |
| 206 | for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) | 231 | lastpos = 0; |
| 207 | { | 232 | if (lastpos < 0) |
| 233 | lastpos = 0; | ||
| 234 | for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { | ||
| 208 | ex = sk_X509_EXTENSION_value(x, i); | 235 | ex = sk_X509_EXTENSION_value(x, i); |
| 209 | if(OBJ_obj2nid(ex->object) == nid) { | 236 | if (OBJ_obj2nid(ex->object) == nid) { |
| 210 | if(idx) { | 237 | if (idx) { |
| 211 | *idx = i; | 238 | *idx = i; |
| 212 | found_ex = ex; | 239 | found_ex = ex; |
| 213 | break; | 240 | break; |
| 214 | } else if(found_ex) { | 241 | } else if (found_ex) { |
| 215 | /* Found more than one */ | 242 | /* Found more than one */ |
| 216 | if(crit) *crit = -2; | 243 | if (crit) |
| 244 | *crit = -2; | ||
| 217 | return NULL; | 245 | return NULL; |
| 218 | } | 246 | } |
| 219 | found_ex = ex; | 247 | found_ex = ex; |
| 220 | } | 248 | } |
| 221 | } | 249 | } |
| 222 | if(found_ex) { | 250 | if (found_ex) { |
| 223 | /* Found it */ | 251 | /* Found it */ |
| 224 | if(crit) *crit = X509_EXTENSION_get_critical(found_ex); | 252 | if (crit) |
| 253 | *crit = X509_EXTENSION_get_critical(found_ex); | ||
| 225 | return X509V3_EXT_d2i(found_ex); | 254 | return X509V3_EXT_d2i(found_ex); |
| 226 | } | 255 | } |
| 227 | 256 | ||
| 228 | /* Extension not found */ | 257 | /* Extension not found */ |
| 229 | if(idx) *idx = -1; | 258 | if (idx) |
| 230 | if(crit) *crit = -1; | 259 | *idx = -1; |
| 260 | if (crit) | ||
| 261 | *crit = -1; | ||
| 231 | return NULL; | 262 | return NULL; |
| 232 | } | 263 | } |
| 233 | 264 | ||
| @@ -236,8 +267,9 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) | |||
| 236 | * 'value' arguments (if relevant) are the extensions internal structure. | 267 | * 'value' arguments (if relevant) are the extensions internal structure. |
| 237 | */ | 268 | */ |
| 238 | 269 | ||
| 239 | int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, | 270 | int |
| 240 | int crit, unsigned long flags) | 271 | X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, |
| 272 | int crit, unsigned long flags) | ||
| 241 | { | 273 | { |
| 242 | int extidx = -1; | 274 | int extidx = -1; |
| 243 | int errcode; | 275 | int errcode; |
| @@ -247,30 +279,31 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, | |||
| 247 | /* If appending we don't care if it exists, otherwise | 279 | /* If appending we don't care if it exists, otherwise |
| 248 | * look for existing extension. | 280 | * look for existing extension. |
| 249 | */ | 281 | */ |
| 250 | if(ext_op != X509V3_ADD_APPEND) | 282 | if (ext_op != X509V3_ADD_APPEND) |
| 251 | extidx = X509v3_get_ext_by_NID(*x, nid, -1); | 283 | extidx = X509v3_get_ext_by_NID(*x, nid, -1); |
| 252 | 284 | ||
| 253 | /* See if extension exists */ | 285 | /* See if extension exists */ |
| 254 | if(extidx >= 0) { | 286 | if (extidx >= 0) { |
| 255 | /* If keep existing, nothing to do */ | 287 | /* If keep existing, nothing to do */ |
| 256 | if(ext_op == X509V3_ADD_KEEP_EXISTING) | 288 | if (ext_op == X509V3_ADD_KEEP_EXISTING) |
| 257 | return 1; | 289 | return 1; |
| 258 | /* If default then its an error */ | 290 | /* If default then its an error */ |
| 259 | if(ext_op == X509V3_ADD_DEFAULT) { | 291 | if (ext_op == X509V3_ADD_DEFAULT) { |
| 260 | errcode = X509V3_R_EXTENSION_EXISTS; | 292 | errcode = X509V3_R_EXTENSION_EXISTS; |
| 261 | goto err; | 293 | goto err; |
| 262 | } | 294 | } |
| 263 | /* If delete, just delete it */ | 295 | /* If delete, just delete it */ |
| 264 | if(ext_op == X509V3_ADD_DELETE) { | 296 | if (ext_op == X509V3_ADD_DELETE) { |
| 265 | if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1; | 297 | if (!sk_X509_EXTENSION_delete(*x, extidx)) |
| 298 | return -1; | ||
| 266 | return 1; | 299 | return 1; |
| 267 | } | 300 | } |
| 268 | } else { | 301 | } else { |
| 269 | /* If replace existing or delete, error since | 302 | /* If replace existing or delete, error since |
| 270 | * extension must exist | 303 | * extension must exist |
| 271 | */ | 304 | */ |
| 272 | if((ext_op == X509V3_ADD_REPLACE_EXISTING) || | 305 | if ((ext_op == X509V3_ADD_REPLACE_EXISTING) || |
| 273 | (ext_op == X509V3_ADD_DELETE)) { | 306 | (ext_op == X509V3_ADD_DELETE)) { |
| 274 | errcode = X509V3_R_EXTENSION_NOT_FOUND; | 307 | errcode = X509V3_R_EXTENSION_NOT_FOUND; |
| 275 | goto err; | 308 | goto err; |
| 276 | } | 309 | } |
| @@ -282,26 +315,30 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, | |||
| 282 | 315 | ||
| 283 | ext = X509V3_EXT_i2d(nid, crit, value); | 316 | ext = X509V3_EXT_i2d(nid, crit, value); |
| 284 | 317 | ||
| 285 | if(!ext) { | 318 | if (!ext) { |
| 286 | X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION); | 319 | X509V3err(X509V3_F_X509V3_ADD1_I2D, |
| 320 | X509V3_R_ERROR_CREATING_EXTENSION); | ||
| 287 | return 0; | 321 | return 0; |
| 288 | } | 322 | } |
| 289 | 323 | ||
| 290 | /* If extension exists replace it.. */ | 324 | /* If extension exists replace it.. */ |
| 291 | if(extidx >= 0) { | 325 | if (extidx >= 0) { |
| 292 | extmp = sk_X509_EXTENSION_value(*x, extidx); | 326 | extmp = sk_X509_EXTENSION_value(*x, extidx); |
| 293 | X509_EXTENSION_free(extmp); | 327 | X509_EXTENSION_free(extmp); |
| 294 | if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1; | 328 | if (!sk_X509_EXTENSION_set(*x, extidx, ext)) |
| 329 | return -1; | ||
| 295 | return 1; | 330 | return 1; |
| 296 | } | 331 | } |
| 297 | 332 | ||
| 298 | if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1; | 333 | if (!*x && !(*x = sk_X509_EXTENSION_new_null())) |
| 299 | if(!sk_X509_EXTENSION_push(*x, ext)) return -1; | 334 | return -1; |
| 335 | if (!sk_X509_EXTENSION_push(*x, ext)) | ||
| 336 | return -1; | ||
| 300 | 337 | ||
| 301 | return 1; | 338 | return 1; |
| 302 | 339 | ||
| 303 | err: | 340 | err: |
| 304 | if(!(flags & X509V3_ADD_SILENT)) | 341 | if (!(flags & X509V3_ADD_SILENT)) |
| 305 | X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); | 342 | X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); |
| 306 | return 0; | 343 | return 0; |
| 307 | } | 344 | } |