From 27b7b9b8fab110ef186831220c8eda6eee8f63f0 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 29 Jun 2014 17:05:36 +0000
Subject: KNF.

I just spent too long chasing a bug in here and really should have done
this first. Gem of the day... is it an if test or a for loop? No, it is a
super ifloop!

if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
---
 src/lib/libcrypto/pkcs7/example.c | 402 +++++++++++++++++++-------------------
 1 file changed, 206 insertions(+), 196 deletions(-)

(limited to 'src/lib/libcrypto/pkcs7/example.c')

diff --git a/src/lib/libcrypto/pkcs7/example.c b/src/lib/libcrypto/pkcs7/example.c
index 611c27b113..2dc1b655b1 100644
--- a/src/lib/libcrypto/pkcs7/example.c
+++ b/src/lib/libcrypto/pkcs7/example.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: example.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: example.c,v 1.6 2014/06/29 17:05:36 jsing Exp $ */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -6,325 +6,335 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/x509.h>
 
-int add_signed_time(PKCS7_SIGNER_INFO *si)
-	{
+int
+add_signed_time(PKCS7_SIGNER_INFO *si)
+{
 	ASN1_UTCTIME *sign_time;
 
 	/* The last parameter is the amount to add/subtract from the current
 	 * time (in seconds) */
-	sign_time=X509_gmtime_adj(NULL,0);
-	PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,
-		V_ASN1_UTCTIME,(char *)sign_time);
-	return(1);
-	}
-
-ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)
-	{
+	sign_time = X509_gmtime_adj(NULL, 0);
+	PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
+	    V_ASN1_UTCTIME, (char *)sign_time);
+	return (1);
+}
+
+ASN1_UTCTIME *
+get_signed_time(PKCS7_SIGNER_INFO *si)
+{
 	ASN1_TYPE *so;
 
-	so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);
+	so = PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime);
 	if (so->type == V_ASN1_UTCTIME)
-	    return so->value.utctime;
+		return so->value.utctime;
 	return NULL;
-	}
-	
-static int signed_string_nid= -1;
+}
 
-void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
-	{
+static int signed_string_nid = -1;
+
+void
+add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
+{
 	ASN1_OCTET_STRING *os;
 
 	/* To a an object of OID 1.2.3.4.5, which is an octet string */
 	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
-	os=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
+		signed_string_nid =
+		    OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	os = ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os, (unsigned char*)str, strlen(str));
 	/* When we add, we do not free */
-	PKCS7_add_signed_attribute(si,signed_string_nid,
-		V_ASN1_OCTET_STRING,(char *)os);
-	}
+	PKCS7_add_signed_attribute(si, signed_string_nid,
+	    V_ASN1_OCTET_STRING, (char *)os);
+}
 
-int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
-	{
+int
+get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
+{
 	ASN1_TYPE *so;
 	ASN1_OCTET_STRING *os;
 	int i;
 
 	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+		signed_string_nid =
+		    OBJ_create("1.2.3.4.5","OID_example","Our example OID");
 	/* To retrieve */
-	so=PKCS7_get_signed_attribute(si,signed_string_nid);
-	if (so != NULL)
-		{
-		if (so->type == V_ASN1_OCTET_STRING)
-			{
-			os=so->value.octet_string;
-			i=os->length;
-			if ((i+1) > len)
-				i=len-1;
-			memcpy(buf,os->data,i);
-			return(i);
-			}
+	so = PKCS7_get_signed_attribute(si, signed_string_nid);
+	if (so != NULL) {
+		if (so->type == V_ASN1_OCTET_STRING) {
+			os = so->value.octet_string;
+			i = os->length;
+			if ((i + 1) > len)
+				i = len - 1;
+			memcpy(buf, os->data, i);
+			return (i);
 		}
-	return(0);
 	}
+	return (0);
+}
 
-static int signed_seq2string_nid= -1;
+static int signed_seq2string_nid = -1;
 /* ########################################### */
-int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
-	{
+int
+add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+{
 	/* To add an object of OID 1.9.999, which is a sequence containing
 	 * 2 octet strings */
 	unsigned char *p;
-	ASN1_OCTET_STRING *os1,*os2;
+	ASN1_OCTET_STRING *os1, *os2;
 	ASN1_STRING *seq;
 	unsigned char *data;
-	int i,total;
+	int i, total;
 
 	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
-
-	os1=ASN1_OCTET_STRING_new();
-	os2=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
-	ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
-	i =i2d_ASN1_OCTET_STRING(os1,NULL);
-	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
-	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-
-	data=malloc(total);
-	p=data;
-	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_OCTET_STRING(os1,&p);
-	i2d_ASN1_OCTET_STRING(os2,&p);
-
-	seq=ASN1_STRING_new();
-	ASN1_STRING_set(seq,data,total);
+		signed_seq2string_nid =
+		    OBJ_create("1.9.9999","OID_example","Our example OID");
+
+	os1 = ASN1_OCTET_STRING_new();
+	os2 = ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));
+	ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));
+	i = i2d_ASN1_OCTET_STRING(os1, NULL);
+	i += i2d_ASN1_OCTET_STRING(os2, NULL);
+	total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+
+	data = malloc(total);
+	p = data;
+	ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+	i2d_ASN1_OCTET_STRING(os1, &p);
+	i2d_ASN1_OCTET_STRING(os2, &p);
+
+	seq = ASN1_STRING_new();
+	ASN1_STRING_set(seq, data, total);
 	free(data);
 	ASN1_OCTET_STRING_free(os1);
 	ASN1_OCTET_STRING_free(os2);
 
-	PKCS7_add_signed_attribute(si,signed_seq2string_nid,
-		V_ASN1_SEQUENCE,(char *)seq);
-	return(1);
-	}
+	PKCS7_add_signed_attribute(si, signed_seq2string_nid,
+	    V_ASN1_SEQUENCE, (char *)seq);
+	return (1);
+}
 
 /* For this case, I will malloc the return strings */
-int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
-	{
+int
+get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
+{
 	ASN1_TYPE *so;
 
 	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
+		signed_seq2string_nid =
+		    OBJ_create("1.9.9999","OID_example","Our example OID");
 	/* To retrieve */
-	so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
-	if (so && (so->type == V_ASN1_SEQUENCE))
-		{
+	so = PKCS7_get_signed_attribute(si, signed_seq2string_nid);
+	if (so && (so->type == V_ASN1_SEQUENCE)) {
 		ASN1_const_CTX c;
 		ASN1_STRING *s;
 		long length;
-		ASN1_OCTET_STRING *os1,*os2;
+		ASN1_OCTET_STRING *os1, *os2;
 
-		s=so->value.sequence;
-		c.p=ASN1_STRING_data(s);
-		c.max=c.p+ASN1_STRING_length(s);
-		if (!asn1_GetSequence(&c,&length)) goto err;
+		s = so->value.sequence;
+		c.p = ASN1_STRING_data(s);
+		c.max = c.p + ASN1_STRING_length(s);
+		if (!asn1_GetSequence(&c, &length))
+			goto err;
 		/* Length is the length of the seqence */
 
-		c.q=c.p;
-		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+		c.q = c.p;
+		if ((os1 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
 			goto err;
-		c.slen-=(c.p-c.q);
+		c.slen -= (c.p - c.q);
 
-		c.q=c.p;
-		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+		c.q = c.p;
+		if ((os2 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
 			goto err;
-		c.slen-=(c.p-c.q);
+		c.slen -= (c.p - c.q);
 
-		if (!asn1_const_Finish(&c)) goto err;
-		*str1=malloc(os1->length+1);
-		*str2=malloc(os2->length+1);
-		memcpy(*str1,os1->data,os1->length);
-		memcpy(*str2,os2->data,os2->length);
+		if (!asn1_const_Finish(&c))
+			goto err;
+		*str1 = malloc(os1->length + 1);
+		*str2 = malloc(os2->length + 1);
+		memcpy(*str1, os1->data, os1->length);
+		memcpy(*str2, os2->data, os2->length);
 		(*str1)[os1->length]='\0';
 		(*str2)[os2->length]='\0';
 		ASN1_OCTET_STRING_free(os1);
 		ASN1_OCTET_STRING_free(os2);
-		return(1);
-		}
-err:
-	return(0);
+		return (1);
 	}
+err:
+	return (0);
+}
 
 
 /* #######################################
  * THE OTHER WAY TO DO THINGS
  * #######################################
  */
-X509_ATTRIBUTE *create_time(void)
-	{
+X509_ATTRIBUTE *
+create_time(void)
+{
 	ASN1_UTCTIME *sign_time;
 	X509_ATTRIBUTE *ret;
 
 	/* The last parameter is the amount to add/subtract from the current
 	 * time (in seconds) */
-	sign_time=X509_gmtime_adj(NULL,0);
-	ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
-		V_ASN1_UTCTIME,(char *)sign_time);
-	return(ret);
-	}
-
-ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
-	{
+	sign_time = X509_gmtime_adj(NULL, 0);
+	ret = X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
+	    V_ASN1_UTCTIME, (char *)sign_time);
+	return (ret);
+}
+
+ASN1_UTCTIME *
+sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
+{
 	ASN1_TYPE *so;
 	PKCS7_SIGNER_INFO si;
 
-	si.auth_attr=sk;
-	so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);
+	si.auth_attr = sk;
+	so = PKCS7_get_signed_attribute(&si, NID_pkcs9_signingTime);
 	if (so->type == V_ASN1_UTCTIME)
-	    return so->value.utctime;
+		return so->value.utctime;
 	return NULL;
-	}
-	
-X509_ATTRIBUTE *create_string(char *str)
-	{
+}
+
+X509_ATTRIBUTE *
+create_string(char *str)
+{
 	ASN1_OCTET_STRING *os;
 	X509_ATTRIBUTE *ret;
 
 	/* To a an object of OID 1.2.3.4.5, which is an octet string */
 	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
-	os=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
+		signed_string_nid =
+		    OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	os = ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os, (unsigned char*)str, strlen(str));
 	/* When we add, we do not free */
-	ret=X509_ATTRIBUTE_create(signed_string_nid,
-		V_ASN1_OCTET_STRING,(char *)os);
-	return(ret);
-	}
-
-int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
-	{
+	ret = X509_ATTRIBUTE_create(signed_string_nid,
+	    V_ASN1_OCTET_STRING, (char *)os);
+	return (ret);
+}
+
+int
+sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
+{
 	ASN1_TYPE *so;
 	ASN1_OCTET_STRING *os;
 	int i;
 	PKCS7_SIGNER_INFO si;
 
-	si.auth_attr=sk;
+	si.auth_attr = sk;
 
 	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+		signed_string_nid =
+		    OBJ_create("1.2.3.4.5","OID_example","Our example OID");
 	/* To retrieve */
-	so=PKCS7_get_signed_attribute(&si,signed_string_nid);
-	if (so != NULL)
-		{
-		if (so->type == V_ASN1_OCTET_STRING)
-			{
-			os=so->value.octet_string;
-			i=os->length;
-			if ((i+1) > len)
-				i=len-1;
-			memcpy(buf,os->data,i);
-			return(i);
-			}
+	so = PKCS7_get_signed_attribute(&si, signed_string_nid);
+	if (so != NULL) {
+		if (so->type == V_ASN1_OCTET_STRING) {
+			os = so->value.octet_string;
+			i = os->length;
+			if ((i + 1) > len)
+				i = len - 1;
+			memcpy(buf, os->data, i);
+			return (i);
 		}
-	return(0);
 	}
+	return (0);
+}
 
-X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
-	{
+X509_ATTRIBUTE *
+add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+{
 	/* To add an object of OID 1.9.999, which is a sequence containing
 	 * 2 octet strings */
 	unsigned char *p;
-	ASN1_OCTET_STRING *os1,*os2;
+	ASN1_OCTET_STRING *os1, *os2;
 	ASN1_STRING *seq;
 	X509_ATTRIBUTE *ret;
 	unsigned char *data;
-	int i,total;
+	int i, total;
 
 	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
-
-	os1=ASN1_OCTET_STRING_new();
-	os2=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
-	ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
-	i =i2d_ASN1_OCTET_STRING(os1,NULL);
-	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
-	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-
-	data=malloc(total);
-	p=data;
-	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_OCTET_STRING(os1,&p);
-	i2d_ASN1_OCTET_STRING(os2,&p);
-
-	seq=ASN1_STRING_new();
-	ASN1_STRING_set(seq,data,total);
+		signed_seq2string_nid =
+		    OBJ_create("1.9.9999","OID_example","Our example OID");
+
+	os1 = ASN1_OCTET_STRING_new();
+	os2 = ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));
+	ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));
+	i = i2d_ASN1_OCTET_STRING(os1, NULL);
+	i += i2d_ASN1_OCTET_STRING(os2, NULL);
+	total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+
+	data = malloc(total);
+	p = data;
+	ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+	i2d_ASN1_OCTET_STRING(os1, &p);
+	i2d_ASN1_OCTET_STRING(os2, &p);
+
+	seq = ASN1_STRING_new();
+	ASN1_STRING_set(seq, data, total);
 	free(data);
 	ASN1_OCTET_STRING_free(os1);
 	ASN1_OCTET_STRING_free(os2);
 
-	ret=X509_ATTRIBUTE_create(signed_seq2string_nid,
-		V_ASN1_SEQUENCE,(char *)seq);
-	return(ret);
-	}
+	ret = X509_ATTRIBUTE_create(signed_seq2string_nid,
+	    V_ASN1_SEQUENCE, (char *)seq);
+	return (ret);
+}
 
 /* For this case, I will malloc the return strings */
-int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
-	{
+int
+sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
+{
 	ASN1_TYPE *so;
 	PKCS7_SIGNER_INFO si;
 
 	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
+		signed_seq2string_nid =
+		    OBJ_create("1.9.9999","OID_example","Our example OID");
 
-	si.auth_attr=sk;
+	si.auth_attr = sk;
 	/* To retrieve */
-	so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);
-	if (so->type == V_ASN1_SEQUENCE)
-		{
+	so = PKCS7_get_signed_attribute(&si, signed_seq2string_nid);
+	if (so->type == V_ASN1_SEQUENCE) {
 		ASN1_const_CTX c;
 		ASN1_STRING *s;
 		long length;
-		ASN1_OCTET_STRING *os1,*os2;
+		ASN1_OCTET_STRING *os1, *os2;
 
-		s=so->value.sequence;
-		c.p=ASN1_STRING_data(s);
-		c.max=c.p+ASN1_STRING_length(s);
-		if (!asn1_GetSequence(&c,&length)) goto err;
+		s = so->value.sequence;
+		c.p = ASN1_STRING_data(s);
+		c.max = c.p + ASN1_STRING_length(s);
+		if (!asn1_GetSequence(&c, &length))
+			goto err;
 		/* Length is the length of the seqence */
 
-		c.q=c.p;
-		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+		c.q = c.p;
+		if ((os1 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
 			goto err;
-		c.slen-=(c.p-c.q);
+		c.slen -= (c.p - c.q);
 
-		c.q=c.p;
-		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+		c.q = c.p;
+		if ((os2 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
 			goto err;
-		c.slen-=(c.p-c.q);
+		c.slen -= (c.p - c.q);
 
-		if (!asn1_const_Finish(&c)) goto err;
-		*str1=malloc(os1->length+1);
-		*str2=malloc(os2->length+1);
-		memcpy(*str1,os1->data,os1->length);
-		memcpy(*str2,os2->data,os2->length);
+		if (!asn1_const_Finish(&c))
+			goto err;
+		*str1 = malloc(os1->length + 1);
+		*str2 = malloc(os2->length + 1);
+		memcpy(*str1, os1->data, os1->length);
+		memcpy(*str2, os2->data, os2->length);
 		(*str1)[os1->length]='\0';
 		(*str2)[os2->length]='\0';
 		ASN1_OCTET_STRING_free(os1);
 		ASN1_OCTET_STRING_free(os2);
-		return(1);
-		}
-err:
-	return(0);
+		return (1);
 	}
+err:
+	return (0);
+}
 
 
-- 
cgit v1.2.3-55-g6feb