1 files changed, 104 insertions, 86 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
index 97e686f97a..ac0548b775 100644
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -68,15 +68,17 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                        X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-X509V3_EXT_METHOD v3_akey_id = {
+const X509V3_EXT_METHOD v3_akey_id =
-NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+        {
-0,0,0,0,
+        NID_authority_key_identifier,
-0,0,
+        X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
-(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
+        0,0,0,0,
-(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+        0,0,
-0,0,
+        (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
-NULL
+        (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
-};
+        0,0,
+        NULL
+        };
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
             AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
@@ -108,83 +110,99 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
-{
+        {
-char keyid=0, issuer=0;
+        char keyid=0, issuer=0;
-int i;
+        int i;
-CONF_VALUE *cnf;
+        CONF_VALUE *cnf;
-ASN1_OCTET_STRING *ikeyid = NULL;
+        ASN1_OCTET_STRING *ikeyid = NULL;
-X509_NAME *isname = NULL;
+        X509_NAME *isname = NULL;
-GENERAL_NAMES * gens = NULL;
+        GENERAL_NAMES * gens = NULL;
-GENERAL_NAME *gen = NULL;
+        GENERAL_NAME *gen = NULL;
-ASN1_INTEGER *serial = NULL;
+        ASN1_INTEGER *serial = NULL;
-X509_EXTENSION *ext;
+        X509_EXTENSION *ext;
-X509 *cert;
+        X509 *cert;
-AUTHORITY_KEYID *akeyid;
+        AUTHORITY_KEYID *akeyid;
-for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
-        cnf = sk_CONF_VALUE_value(values, i);
+        for(i = 0; i < sk_CONF_VALUE_num(values); i++)
-        if(!strcmp(cnf->name, "keyid")) {
+                {
-                keyid = 1;
+                cnf = sk_CONF_VALUE_value(values, i);
-                if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
+                if(!strcmp(cnf->name, "keyid"))
-        } else if(!strcmp(cnf->name, "issuer")) {
+                        {
-                issuer = 1;
+                        keyid = 1;
-                if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
+                        if(cnf->value && !strcmp(cnf->value, "always"))
-        } else {
+                                keyid = 2;
-                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
+                        }
-                ERR_add_error_data(2, "name=", cnf->name);
+                else if(!strcmp(cnf->name, "issuer"))
+                        {
+                        issuer = 1;
+                        if(cnf->value && !strcmp(cnf->value, "always"))
+                                issuer = 2;
+                        }
+                else
+                        {
+                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
+                        ERR_add_error_data(2, "name=", cnf->name);
+                        return NULL;
+                        }
+                }
+        if(!ctx || !ctx->issuer_cert)
+                {
+                if(ctx && (ctx->flags==CTX_TEST))
+                        return AUTHORITY_KEYID_new();
+                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
                return NULL;
-        }
+                }
-}
+        cert = ctx->issuer_cert;
-if(!ctx || !ctx->issuer_cert) {
-        if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
+        if(keyid)
-        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
+                {
+                i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+                if((i >= 0)  && (ext = X509_get_ext(cert, i)))
+                        ikeyid = X509V3_EXT_d2i(ext);
+                if(keyid==2 && !ikeyid)
+                        {
+                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+                        return NULL;
+                        }
+                }
+        if((issuer && !ikeyid) || (issuer == 2))
+                {
+                isname = X509_NAME_dup(X509_get_issuer_name(cert));
+                serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+                if(!isname || !serial)
+                        {
+                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+                        goto err;
+                        }
+                }
+        if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
+        if(isname)
+                {
+                if(!(gens = sk_GENERAL_NAME_new_null())
+                        || !(gen = GENERAL_NAME_new())
+                        || !sk_GENERAL_NAME_push(gens, gen))
+                        {
+                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                gen->type = GEN_DIRNAME;
+                gen->d.dirn = isname;
+                }
+        akeyid->issuer = gens;
+        akeyid->serial = serial;
+        akeyid->keyid = ikeyid;
+        return akeyid;
+ err:
+        X509_NAME_free(isname);
+        M_ASN1_INTEGER_free(serial);
+        M_ASN1_OCTET_STRING_free(ikeyid);
        return NULL;
-}
-cert = ctx->issuer_cert;
-if(keyid) {
-        i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
-        if((i >= 0)  && (ext = X509_get_ext(cert, i)))
-                                                 ikeyid = X509V3_EXT_d2i(ext);
-        if(keyid==2 && !ikeyid) {
-                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
-                return NULL;
-        }
-}
-if((issuer && !ikeyid) || (issuer == 2)) {
-        isname = X509_NAME_dup(X509_get_issuer_name(cert));
-        serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
-        if(!isname || !serial) {
-                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
-                goto err;
        }
-}
-if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
-if(isname) {
-        if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
-                || !sk_GENERAL_NAME_push(gens, gen)) {
-                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        gen->type = GEN_DIRNAME;
-        gen->d.dirn = isname;
-}
-akeyid->issuer = gens;
-akeyid->serial = serial;
-akeyid->keyid = ikeyid;
-return akeyid;
-err:
-X509_NAME_free(isname);
-M_ASN1_INTEGER_free(serial);
-M_ASN1_OCTET_STRING_free(ikeyid);
-return NULL;
-}

diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c index 97e686f97a..ac0548b775 100644 --- a/src/lib/libcrypto/x509v3/v3_akey.c +++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -68,15 +68,17 @@ static STACK_OF(CONF_VALUE) i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
68	static AUTHORITY_KEYID v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD method,	68	static AUTHORITY_KEYID v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
69	X509V3_CTX ctx, STACK_OF(CONF_VALUE) values);	69	X509V3_CTX ctx, STACK_OF(CONF_VALUE) values);
70		70
71	X509V3_EXT_METHOD v3_akey_id = {	71	const X509V3_EXT_METHOD v3_akey_id =
72	NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),	72	{
73	0,0,0,0,	73	NID_authority_key_identifier,
74	0,0,	74	X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
75	(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,	75	0,0,0,0,
76	(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,	76	0,0,
77	0,0,	77	(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
78	NULL	78	(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
79	};	79	0,0,
		80	NULL
		81	};
80		82
81	static STACK_OF(CONF_VALUE) i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD method,	83	static STACK_OF(CONF_VALUE) i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
82	AUTHORITY_KEYID akeyid, STACK_OF(CONF_VALUE) extlist)	84	AUTHORITY_KEYID akeyid, STACK_OF(CONF_VALUE) extlist)
@@ -108,83 +110,99 @@ static STACK_OF(CONF_VALUE) i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
108		110
109	static AUTHORITY_KEYID v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD method,	111	static AUTHORITY_KEYID v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD method,
110	X509V3_CTX ctx, STACK_OF(CONF_VALUE) values)	112	X509V3_CTX ctx, STACK_OF(CONF_VALUE) values)
111	{	113	{
112	char keyid=0, issuer=0;	114	char keyid=0, issuer=0;
113	int i;	115	int i;
114	CONF_VALUE *cnf;	116	CONF_VALUE *cnf;
115	ASN1_OCTET_STRING *ikeyid = NULL;	117	ASN1_OCTET_STRING *ikeyid = NULL;
116	X509_NAME *isname = NULL;	118	X509_NAME *isname = NULL;
117	GENERAL_NAMES * gens = NULL;	119	GENERAL_NAMES * gens = NULL;
118	GENERAL_NAME *gen = NULL;	120	GENERAL_NAME *gen = NULL;
119	ASN1_INTEGER *serial = NULL;	121	ASN1_INTEGER *serial = NULL;
120	X509_EXTENSION *ext;	122	X509_EXTENSION *ext;
121	X509 *cert;	123	X509 *cert;
122	AUTHORITY_KEYID *akeyid;	124	AUTHORITY_KEYID *akeyid;
123	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {	125
124	cnf = sk_CONF_VALUE_value(values, i);	126	for(i = 0; i < sk_CONF_VALUE_num(values); i++)
125	if(!strcmp(cnf->name, "keyid")) {	127	{
126	keyid = 1;	128	cnf = sk_CONF_VALUE_value(values, i);
127	if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;	129	if(!strcmp(cnf->name, "keyid"))
128	} else if(!strcmp(cnf->name, "issuer")) {	130	{
129	issuer = 1;	131	keyid = 1;
130	if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;	132	if(cnf->value && !strcmp(cnf->value, "always"))
131	} else {	133	keyid = 2;
132	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);	134	}
133	ERR_add_error_data(2, "name=", cnf->name);	135	else if(!strcmp(cnf->name, "issuer"))
		136	{
		137	issuer = 1;
		138	if(cnf->value && !strcmp(cnf->value, "always"))
		139	issuer = 2;
		140	}
		141	else
		142	{
		143	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
		144	ERR_add_error_data(2, "name=", cnf->name);
		145	return NULL;
		146	}
		147	}
		148
		149	if(!ctx \|\| !ctx->issuer_cert)
		150	{
		151	if(ctx && (ctx->flags==CTX_TEST))
		152	return AUTHORITY_KEYID_new();
		153	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
134	return NULL;	154	return NULL;
135	}	155	}
136	}	156
137		157	cert = ctx->issuer_cert;
138	if(!ctx \|\| !ctx->issuer_cert) {	158
139	if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();	159	if(keyid)
140	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);	160	{
		161	i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
		162	if((i >= 0) && (ext = X509_get_ext(cert, i)))
		163	ikeyid = X509V3_EXT_d2i(ext);
		164	if(keyid==2 && !ikeyid)
		165	{
		166	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
		167	return NULL;
		168	}
		169	}
		170
		171	if((issuer && !ikeyid) \|\| (issuer == 2))
		172	{
		173	isname = X509_NAME_dup(X509_get_issuer_name(cert));
		174	serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
		175	if(!isname \|\| !serial)
		176	{
		177	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
		178	goto err;
		179	}
		180	}
		181
		182	if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
		183
		184	if(isname)
		185	{
		186	if(!(gens = sk_GENERAL_NAME_new_null())
		187	\|\| !(gen = GENERAL_NAME_new())
		188	\|\| !sk_GENERAL_NAME_push(gens, gen))
		189	{
		190	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
		191	goto err;
		192	}
		193	gen->type = GEN_DIRNAME;
		194	gen->d.dirn = isname;
		195	}
		196
		197	akeyid->issuer = gens;
		198	akeyid->serial = serial;
		199	akeyid->keyid = ikeyid;
		200
		201	return akeyid;
		202
		203	err:
		204	X509_NAME_free(isname);
		205	M_ASN1_INTEGER_free(serial);
		206	M_ASN1_OCTET_STRING_free(ikeyid);
141	return NULL;	207	return NULL;
142	}
143
144	cert = ctx->issuer_cert;
145
146	if(keyid) {
147	i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
148	if((i >= 0) && (ext = X509_get_ext(cert, i)))
149	ikeyid = X509V3_EXT_d2i(ext);
150	if(keyid==2 && !ikeyid) {
151	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
152	return NULL;
153	}
154	}
155
156	if((issuer && !ikeyid) \|\| (issuer == 2)) {
157	isname = X509_NAME_dup(X509_get_issuer_name(cert));
158	serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
159	if(!isname \|\| !serial) {
160	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
161	goto err;
162	}	208	}
163	}
164
165	if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
166
167	if(isname) {
168	if(!(gens = sk_GENERAL_NAME_new_null()) \|\| !(gen = GENERAL_NAME_new())
169	\|\| !sk_GENERAL_NAME_push(gens, gen)) {
170	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
171	goto err;
172	}
173	gen->type = GEN_DIRNAME;
174	gen->d.dirn = isname;
175	}
176
177	akeyid->issuer = gens;
178	akeyid->serial = serial;
179	akeyid->keyid = ikeyid;
180
181	return akeyid;
182
183	err:
184	X509_NAME_free(isname);
185	M_ASN1_INTEGER_free(serial);
186	M_ASN1_OCTET_STRING_free(ikeyid);
187	return NULL;
188
189	}
190