From ac499e34042be918cb0f1f53989f22ef20948783 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 21 Apr 2014 14:27:06 +0000 Subject: KNF. --- src/lib/libcrypto/x509v3/v3_crld.c | 423 +++++++++++++++++-------------------- 1 file changed, 198 insertions(+), 225 deletions(-) (limited to 'src/lib/libcrypto/x509v3/v3_crld.c') diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c index 790a6dd032..3195655429 100644 --- a/src/lib/libcrypto/x509v3/v3_crld.c +++ b/src/lib/libcrypto/x509v3/v3_crld.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,67 +64,64 @@ #include static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent); + int indent); -const X509V3_EXT_METHOD v3_crld = - { +const X509V3_EXT_METHOD v3_crld = { NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_crld, - i2r_crldp,0, + i2r_crldp, 0, NULL - }; +}; -const X509V3_EXT_METHOD v3_freshest_crl = - { +const X509V3_EXT_METHOD v3_freshest_crl = { NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_crld, - i2r_crldp,0, + i2r_crldp, 0, NULL - }; +}; -static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) - { +static +STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) +{ STACK_OF(CONF_VALUE) *gnsect; STACK_OF(GENERAL_NAME) *gens; + if (*sect == '@') gnsect = X509V3_get_section(ctx, sect + 1); else gnsect = X509V3_parse_list(sect); - if (!gnsect) - { + if (!gnsect) { X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, - X509V3_R_SECTION_NOT_FOUND); + X509V3_R_SECTION_NOT_FOUND); return NULL; - } + } gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); if (*sect == '@') X509V3_section_free(ctx, gnsect); else sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free); return gens; - } +} -static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, - CONF_VALUE *cnf) - { +static int +set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf) +{ STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; - if (!strncmp(cnf->name, "fullname", 9)) - { + + if (!strncmp(cnf->name, "fullname", 9)) { fnm = gnames_from_sectname(ctx, cnf->value); if (!fnm) goto err; - } - else if (!strcmp(cnf->name, "relativename")) - { + } else if (!strcmp(cnf->name, "relativename")) { int ret; STACK_OF(CONF_VALUE) *dnsect; X509_NAME *nm; @@ -132,12 +129,11 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, if (!nm) return -1; dnsect = X509V3_get_section(ctx, cnf->value); - if (!dnsect) - { + if (!dnsect) { X509V3err(X509V3_F_SET_DIST_POINT_NAME, - X509V3_R_SECTION_NOT_FOUND); + X509V3_R_SECTION_NOT_FOUND); return -1; - } + } ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); X509V3_section_free(ctx, dnsect); rnm = nm->entries; @@ -149,135 +145,126 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, * RDNSequence */ if (sk_X509_NAME_ENTRY_value(rnm, - sk_X509_NAME_ENTRY_num(rnm) - 1)->set) - { + sk_X509_NAME_ENTRY_num(rnm) - 1)->set) { X509V3err(X509V3_F_SET_DIST_POINT_NAME, - X509V3_R_INVALID_MULTIPLE_RDNS); + X509V3_R_INVALID_MULTIPLE_RDNS); goto err; - } } - else + } else return 0; - if (*pdp) - { + if (*pdp) { X509V3err(X509V3_F_SET_DIST_POINT_NAME, - X509V3_R_DISTPOINT_ALREADY_SET); + X509V3_R_DISTPOINT_ALREADY_SET); goto err; - } + } *pdp = DIST_POINT_NAME_new(); if (!*pdp) goto err; - if (fnm) - { + if (fnm) { (*pdp)->type = 0; (*pdp)->name.fullname = fnm; - } - else - { + } else { (*pdp)->type = 1; (*pdp)->name.relativename = rnm; - } + } return 1; - - err: + +err: if (fnm) sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); if (rnm) sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); return -1; - } +} static const BIT_STRING_BITNAME reason_flags[] = { -{0, "Unused", "unused"}, -{1, "Key Compromise", "keyCompromise"}, -{2, "CA Compromise", "CACompromise"}, -{3, "Affiliation Changed", "affiliationChanged"}, -{4, "Superseded", "superseded"}, -{5, "Cessation Of Operation", "cessationOfOperation"}, -{6, "Certificate Hold", "certificateHold"}, -{7, "Privilege Withdrawn", "privilegeWithdrawn"}, -{8, "AA Compromise", "AACompromise"}, -{-1, NULL, NULL} + {0, "Unused", "unused"}, + {1, "Key Compromise", "keyCompromise"}, + {2, "CA Compromise", "CACompromise"}, + {3, "Affiliation Changed", "affiliationChanged"}, + {4, "Superseded", "superseded"}, + {5, "Cessation Of Operation", "cessationOfOperation"}, + {6, "Certificate Hold", "certificateHold"}, + {7, "Privilege Withdrawn", "privilegeWithdrawn"}, + {8, "AA Compromise", "AACompromise"}, + {-1, NULL, NULL} }; -static int set_reasons(ASN1_BIT_STRING **preas, char *value) - { +static int +set_reasons(ASN1_BIT_STRING **preas, char *value) +{ STACK_OF(CONF_VALUE) *rsk = NULL; const BIT_STRING_BITNAME *pbn; const char *bnam; int i, ret = 0; + rsk = X509V3_parse_list(value); if (!rsk) return 0; if (*preas) return 0; - for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { bnam = sk_CONF_VALUE_value(rsk, i)->name; - if (!*preas) - { + if (!*preas) { *preas = ASN1_BIT_STRING_new(); if (!*preas) goto err; - } - for (pbn = reason_flags; pbn->lname; pbn++) - { - if (!strcmp(pbn->sname, bnam)) - { + } + for (pbn = reason_flags; pbn->lname; pbn++) { + if (!strcmp(pbn->sname, bnam)) { if (!ASN1_BIT_STRING_set_bit(*preas, - pbn->bitnum, 1)) + pbn->bitnum, 1)) goto err; break; - } } + } if (!pbn->lname) goto err; - } + } ret = 1; - err: +err: sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); return ret; - } +} -static int print_reasons(BIO *out, const char *rname, - ASN1_BIT_STRING *rflags, int indent) - { +static int +print_reasons(BIO *out, const char *rname, ASN1_BIT_STRING *rflags, int indent) +{ int first = 1; const BIT_STRING_BITNAME *pbn; + BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); - for (pbn = reason_flags; pbn->lname; pbn++) - { - if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) - { + for (pbn = reason_flags; pbn->lname; pbn++) { + if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) { if (first) first = 0; else BIO_puts(out, ", "); BIO_puts(out, pbn->lname); - } } + } if (first) BIO_puts(out, "\n"); else BIO_puts(out, "\n"); return 1; - } +} -static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) - { +static DIST_POINT * +crldp_from_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +{ int i; CONF_VALUE *cnf; DIST_POINT *point = NULL; + point = DIST_POINT_new(); if (!point) goto err; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { int ret; cnf = sk_CONF_VALUE_value(nval, i); ret = set_dist_point_name(&point->distpoint, ctx, cnf); @@ -285,43 +272,42 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (!strcmp(cnf->name, "reasons")) - { + if (!strcmp(cnf->name, "reasons")) { if (!set_reasons(&point->reasons, cnf->value)) goto err; - } - else if (!strcmp(cnf->name, "CRLissuer")) - { + } + else if (!strcmp(cnf->name, "CRLissuer")) { point->CRLissuer = - gnames_from_sectname(ctx, cnf->value); + gnames_from_sectname(ctx, cnf->value); if (!point->CRLissuer) goto err; - } } + } return point; - - err: +err: if (point) DIST_POINT_free(point); return NULL; - } +} -static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) - { +static void * +v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ STACK_OF(DIST_POINT) *crld = NULL; GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; int i; - if(!(crld = sk_DIST_POINT_new_null())) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + + if (!(crld = sk_DIST_POINT_new_null())) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { DIST_POINT *point; cnf = sk_CONF_VALUE_value(nval, i); - if (!cnf->value) - { + if (!cnf->value) { STACK_OF(CONF_VALUE) *dpsect; dpsect = X509V3_get_section(ctx, cnf->name); if (!dpsect) @@ -330,40 +316,36 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_section_free(ctx, dpsect); if (!point) goto err; - if(!sk_DIST_POINT_push(crld, point)) - { + if (!sk_DIST_POINT_push(crld, point)) { DIST_POINT_free(point); goto merr; - } } - else - { - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - if(!(gens = GENERAL_NAMES_new())) + } else { + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; + if (!(gens = GENERAL_NAMES_new())) goto merr; - if(!sk_GENERAL_NAME_push(gens, gen)) + if (!sk_GENERAL_NAME_push(gens, gen)) goto merr; gen = NULL; - if(!(point = DIST_POINT_new())) + if (!(point = DIST_POINT_new())) goto merr; - if(!sk_DIST_POINT_push(crld, point)) - { + if (!sk_DIST_POINT_push(crld, point)) { DIST_POINT_free(point); goto merr; - } - if(!(point->distpoint = DIST_POINT_NAME_new())) + } + if (!(point->distpoint = DIST_POINT_NAME_new())) goto merr; point->distpoint->name.fullname = gens; point->distpoint->type = 0; gens = NULL; - } + } } return crld; - merr: - X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); - err: +merr: + X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE); +err: GENERAL_NAME_free(gen); GENERAL_NAMES_free(gens); sk_DIST_POINT_pop_free(crld, DIST_POINT_free); @@ -373,24 +355,23 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, IMPLEMENT_STACK_OF(DIST_POINT) IMPLEMENT_ASN1_SET_OF(DIST_POINT) -static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) - { +static int +dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +{ DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; - switch(operation) - { - case ASN1_OP_NEW_POST: + switch (operation) { + case ASN1_OP_NEW_POST: dpn->dpname = NULL; break; - case ASN1_OP_FREE_POST: + case ASN1_OP_FREE_POST: if (dpn->dpname) X509_NAME_free(dpn->dpname); break; - } - return 1; } + return 1; +} ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = { @@ -409,8 +390,9 @@ ASN1_SEQUENCE(DIST_POINT) = { IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) -ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) +ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, + DIST_POINT) ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) @@ -427,34 +409,34 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = { IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, - int indent); + int indent); static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + STACK_OF(CONF_VALUE) *nval); -const X509V3_EXT_METHOD v3_idp = - { +const X509V3_EXT_METHOD v3_idp = { NID_issuing_distribution_point, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(ISSUING_DIST_POINT), - 0,0,0,0, - 0,0, + 0, 0, 0, 0, + 0, 0, 0, v2i_idp, - i2r_idp,0, + i2r_idp, 0, NULL - }; +}; -static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) - { +static void * +v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ ISSUING_DIST_POINT *idp = NULL; CONF_VALUE *cnf; char *name, *val; int i, ret; + idp = ISSUING_DIST_POINT_new(); if (!idp) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); name = cnf->name; val = cnf->value; @@ -463,82 +445,75 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (!strcmp(name, "onlyuser")) - { + if (!strcmp(name, "onlyuser")) { if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) goto err; - } - else if (!strcmp(name, "onlyCA")) - { + } + else if (!strcmp(name, "onlyCA")) { if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) goto err; - } - else if (!strcmp(name, "onlyAA")) - { + } + else if (!strcmp(name, "onlyAA")) { if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) goto err; - } - else if (!strcmp(name, "indirectCRL")) - { + } + else if (!strcmp(name, "indirectCRL")) { if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) goto err; - } - else if (!strcmp(name, "onlysomereasons")) - { + } + else if (!strcmp(name, "onlysomereasons")) { if (!set_reasons(&idp->onlysomereasons, val)) goto err; - } - else - { - X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); - X509V3_conf_err(cnf); - goto err; - } + } else { + X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); + X509V3_conf_err(cnf); + goto err; } + } return idp; - merr: - X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE); - err: +merr: + X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE); +err: ISSUING_DIST_POINT_free(idp); return NULL; - } +} -static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) - { +static int +print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) +{ int i; - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) - { + + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { BIO_printf(out, "%*s", indent + 2, ""); GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i)); BIO_puts(out, "\n"); - } - return 1; } + return 1; +} -static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) - { - if (dpn->type == 0) - { +static int +print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) +{ + if (dpn->type == 0) { BIO_printf(out, "%*sFull Name:\n", indent, ""); print_gens(out, dpn->name.fullname, indent); - } - else - { + } else { X509_NAME ntmp; ntmp.entries = dpn->name.relativename; BIO_printf(out, "%*sRelative Name:\n%*s", - indent, "", indent + 2, ""); + indent, "", indent + 2, ""); X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE); BIO_puts(out, "\n"); - } - return 1; } + return 1; +} -static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, - int indent) - { +static int +i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent) +{ ISSUING_DIST_POINT *idp = pidp; + if (idp->distpoint) print_distpoint(out, idp->distpoint, indent); if (idp->onlyuser > 0) @@ -548,69 +523,67 @@ static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, if (idp->indirectCRL > 0) BIO_printf(out, "%*sIndirect CRL\n", indent, ""); if (idp->onlysomereasons) - print_reasons(out, "Only Some Reasons", - idp->onlysomereasons, indent); + print_reasons(out, "Only Some Reasons", + idp->onlysomereasons, indent); if (idp->onlyattr > 0) BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, ""); - if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) - && (idp->indirectCRL <= 0) && !idp->onlysomereasons - && (idp->onlyattr <= 0)) + if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) && + (idp->indirectCRL <= 0) && !idp->onlysomereasons && + (idp->onlyattr <= 0)) BIO_printf(out, "%*s\n", indent, ""); - + return 1; - } +} -static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent) - { +static int +i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent) +{ STACK_OF(DIST_POINT) *crld = pcrldp; DIST_POINT *point; int i; - for(i = 0; i < sk_DIST_POINT_num(crld); i++) - { + + for (i = 0; i < sk_DIST_POINT_num(crld); i++) { BIO_puts(out, "\n"); point = sk_DIST_POINT_value(crld, i); - if(point->distpoint) + if (point->distpoint) print_distpoint(out, point->distpoint, indent); - if(point->reasons) + if (point->reasons) print_reasons(out, "Reasons", point->reasons, - indent); - if(point->CRLissuer) - { + indent); + if (point->CRLissuer) { BIO_printf(out, "%*sCRL Issuer:\n", indent, ""); print_gens(out, point->CRLissuer, indent); - } } - return 1; } + return 1; +} -int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) - { +int +DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) +{ int i; STACK_OF(X509_NAME_ENTRY) *frag; X509_NAME_ENTRY *ne; + if (!dpn || (dpn->type != 1)) return 1; frag = dpn->name.relativename; dpn->dpname = X509_NAME_dup(iname); if (!dpn->dpname) return 0; - for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) - { + for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) { ne = sk_X509_NAME_ENTRY_value(frag, i); - if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) - { + if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) { X509_NAME_free(dpn->dpname); dpn->dpname = NULL; return 0; - } } + } /* generate cached encoding of name */ - if (i2d_X509_NAME(dpn->dpname, NULL) < 0) - { + if (i2d_X509_NAME(dpn->dpname, NULL) < 0) { X509_NAME_free(dpn->dpname); dpn->dpname = NULL; return 0; - } - return 1; } + return 1; +} -- cgit v1.2.3-55-g6feb