diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c index 4ddcdbe6e..25daa2c00 100644 --- a/lib/hx509/crypto.c +++ b/lib/hx509/crypto.c @@ -273,11 +273,11 @@ heim_oid2ecnid(heim_oid *oid) * Now map to openssl OID fun */ - if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp256r1) == 0) + if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP256R1) == 0) return NID_X9_62_prime256v1; - else if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp160r1) == 0) + else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R1) == 0) return NID_secp160r1; - else if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp160r2) == 0) + else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R2) == 0) return NID_secp160r2; return -1; @@ -360,7 +360,7 @@ ecdsa_verify_signature(hx509_context context, /* set up EC KEY */ spi = &signer->tbsCertificate.subjectPublicKeyInfo; - if (der_heim_oid_cmp(&spi->algorithm.algorithm, &asn1_oid_id_ecPublicKey) != 0) + if (der_heim_oid_cmp(&spi->algorithm.algorithm, ASN1_OID_ID_ECPUBLICKEY) != 0) return HX509_CRYPTO_SIG_INVALID_FORMAT; #ifdef HAVE_OPENSSL @@ -421,7 +421,7 @@ ecdsa_create_signature(hx509_context context, unsigned int siglen; int ret; - if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0) + if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0) _hx509_abort("internal error passing private key to wrong ops"); sig_oid = sig_alg->sig_oid; @@ -651,7 +651,7 @@ rsa_create_signature(hx509_context context, size_t size; int ret; - if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) != 0) + if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) return HX509_ALG_NOT_SUPP; if (alg) @@ -659,19 +659,19 @@ rsa_create_signature(hx509_context context, else sig_oid = signer->signature_alg; - if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_sha256WithRSAEncryption) == 0) { + if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION) == 0) { digest_alg = hx509_signature_sha256(); - } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_sha1WithRSAEncryption) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION) == 0) { digest_alg = hx509_signature_sha1(); - } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_md5WithRSAEncryption) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) { digest_alg = hx509_signature_md5(); - } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_md5WithRSAEncryption) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) { digest_alg = hx509_signature_md5(); - } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_dsa_with_sha1) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_DSA_WITH_SHA1) == 0) { digest_alg = hx509_signature_sha1(); - } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) { digest_alg = hx509_signature_sha1(); - } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_heim_rsa_pkcs1_x509) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_HEIM_RSA_PKCS1_X509) == 0) { digest_alg = NULL; } else return HX509_ALG_NOT_SUPP; @@ -757,7 +757,7 @@ rsa_private_key_import(hx509_context context, "Failed to parse RSA key"); return HX509_PARSING_KEY_FAILED; } - private_key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption; + private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; return 0; } @@ -780,7 +780,7 @@ rsa_private_key2SPKI(hx509_context context, } spki->subjectPublicKey.length = len * 8; - ret = set_digest_alg(&spki->algorithm, &asn1_oid_id_pkcs1_rsaEncryption, + ret = set_digest_alg(&spki->algorithm, ASN1_OID_ID_PKCS1_RSAENCRYPTION, "\x05\x00", 2); if (ret) { hx509_set_error_string(context, 0, ret, "malloc - out of memory"); @@ -834,7 +834,7 @@ rsa_generate_private_key(hx509_context context, "Failed to generate RSA key"); return HX509_PARSING_KEY_FAILED; } - private_key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption; + private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; return 0; } @@ -890,7 +890,7 @@ rsa_get_internal(hx509_context context, static hx509_private_key_ops rsa_private_key_ops = { "RSA PRIVATE KEY", - &asn1_oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, NULL, rsa_private_key2SPKI, rsa_private_key_export, @@ -963,7 +963,7 @@ ecdsa_private_key_import(hx509_context context, "Failed to parse EC private key"); return HX509_PARSING_KEY_FAILED; } - private_key->signature_alg = &asn1_oid_id_ecdsa_with_SHA256; + private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256; return 0; } @@ -987,7 +987,7 @@ ecdsa_get_internal(hx509_context context, static hx509_private_key_ops ecdsa_private_key_ops = { "EC PRIVATE KEY", - &asn1_oid_id_ecPublicKey, + ASN1_OID_ID_ECPUBLICKEY, ecdsa_available, ecdsa_private_key2SPKI, ecdsa_private_key_export, @@ -1100,7 +1100,7 @@ dsa_parse_private_key(hx509_context context, d2i_DSAPrivateKey(NULL, &p, len); if (private_key->private_key.dsa == NULL) return EINVAL; - private_key->signature_alg = &asn1_oid_id_dsa_with_sha1; + private_key->signature_alg = ASN1_OID_ID_DSA_WITH_SHA1; return 0; /* else */ @@ -1187,9 +1187,9 @@ evp_md_verify_signature(hx509_context context, static const struct signature_alg ecdsa_with_sha256_alg = { "ecdsa-with-sha256", - &asn1_oid_id_ecdsa_with_SHA256, + ASN1_OID_ID_ECDSA_WITH_SHA256, &_hx509_signature_ecdsa_with_sha256_data, - &asn1_oid_id_ecPublicKey, + ASN1_OID_ID_ECPUBLICKEY, &_hx509_signature_sha256_data, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, @@ -1201,9 +1201,9 @@ static const struct signature_alg ecdsa_with_sha256_alg = { static const struct signature_alg ecdsa_with_sha1_alg = { "ecdsa-with-sha1", - &asn1_oid_id_ecdsa_with_SHA1, + ASN1_OID_ID_ECDSA_WITH_SHA1, &_hx509_signature_ecdsa_with_sha1_data, - &asn1_oid_id_ecPublicKey, + ASN1_OID_ID_ECPUBLICKEY, &_hx509_signature_sha1_data, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, @@ -1217,9 +1217,9 @@ static const struct signature_alg ecdsa_with_sha1_alg = { static const struct signature_alg heim_rsa_pkcs1_x509 = { "rsa-pkcs1-x509", - &asn1_oid_id_heim_rsa_pkcs1_x509, + ASN1_OID_ID_HEIM_RSA_PKCS1_X509, &_hx509_signature_rsa_pkcs1_x509_data, - &asn1_oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, NULL, PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, 0, @@ -1230,9 +1230,9 @@ static const struct signature_alg heim_rsa_pkcs1_x509 = { static const struct signature_alg pkcs1_rsa_sha1_alg = { "rsa", - &asn1_oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, &_hx509_signature_rsa_with_sha1_data, - &asn1_oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, NULL, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, @@ -1243,9 +1243,9 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = { static const struct signature_alg rsa_with_sha256_alg = { "rsa-with-sha256", - &asn1_oid_id_pkcs1_sha256WithRSAEncryption, + ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION, &_hx509_signature_rsa_with_sha256_data, - &asn1_oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, &_hx509_signature_sha256_data, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, @@ -1256,9 +1256,9 @@ static const struct signature_alg rsa_with_sha256_alg = { static const struct signature_alg rsa_with_sha1_alg = { "rsa-with-sha1", - &asn1_oid_id_pkcs1_sha1WithRSAEncryption, + ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION, &_hx509_signature_rsa_with_sha1_data, - &asn1_oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, &_hx509_signature_sha1_data, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, @@ -1269,9 +1269,9 @@ static const struct signature_alg rsa_with_sha1_alg = { static const struct signature_alg rsa_with_sha1_alg_secsig = { "rsa-with-sha1", - &asn1_oid_id_secsig_sha_1WithRSAEncryption, + ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION, &_hx509_signature_rsa_with_sha1_data, - &asn1_oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, &_hx509_signature_sha1_data, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 0, @@ -1282,9 +1282,9 @@ static const struct signature_alg rsa_with_sha1_alg_secsig = { static const struct signature_alg rsa_with_md5_alg = { "rsa-with-md5", - &asn1_oid_id_pkcs1_md5WithRSAEncryption, + ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION, &_hx509_signature_rsa_with_md5_data, - &asn1_oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, &_hx509_signature_md5_data, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, 1230739889, @@ -1295,9 +1295,9 @@ static const struct signature_alg rsa_with_md5_alg = { static const struct signature_alg dsa_sha1_alg = { "dsa-with-sha1", - &asn1_oid_id_dsa_with_sha1, + ASN1_OID_ID_DSA_WITH_SHA1, NULL, - &asn1_oid_id_dsa, + ASN1_OID_ID_DSA, &_hx509_signature_sha1_data, PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, 0, @@ -1308,7 +1308,7 @@ static const struct signature_alg dsa_sha1_alg = { static const struct signature_alg sha256_alg = { "sha-256", - &asn1_oid_id_sha256, + ASN1_OID_ID_SHA256, &_hx509_signature_sha256_data, NULL, NULL, @@ -1321,7 +1321,7 @@ static const struct signature_alg sha256_alg = { static const struct signature_alg sha1_alg = { "sha1", - &asn1_oid_id_secsig_sha_1, + ASN1_OID_ID_SECSIG_SHA_1, &_hx509_signature_sha1_data, NULL, NULL, @@ -1334,7 +1334,7 @@ static const struct signature_alg sha1_alg = { static const struct signature_alg md5_alg = { "rsa-md5", - &asn1_oid_id_rsa_digest_md5, + ASN1_OID_ID_RSA_DIGEST_MD5, &_hx509_signature_md5_data, NULL, NULL, @@ -1617,7 +1617,7 @@ _hx509_public_encrypt(hx509_context context, ciphertext->length = ret; ciphertext->data = to; - ret = der_copy_oid(&asn1_oid_id_pkcs1_rsaEncryption, encryption_oid); + ret = der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION, encryption_oid); if (ret) { der_free_octet_string(ciphertext); hx509_set_error_string(context, 0, ENOMEM, "out of memory"); @@ -1726,7 +1726,7 @@ _hx509_generate_private_key_init(hx509_context context, { *ctx = NULL; - if (der_heim_oid_cmp(oid, &asn1_oid_id_pkcs1_rsaEncryption) != 0) { + if (der_heim_oid_cmp(oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) { hx509_set_error_string(context, 0, EINVAL, "private key not an RSA key"); return EINVAL; @@ -1929,11 +1929,11 @@ _hx509_private_key_free(hx509_private_key *key) if (--(*key)->ref > 0) return 0; - if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0) { + if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) { if ((*key)->private_key.rsa) RSA_free((*key)->private_key.rsa); #ifdef HAVE_OPENSSL - } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, &asn1_oid_id_ecPublicKey) == 0) { + } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) { if ((*key)->private_key.ecdsa) EC_KEY_free((*key)->private_key.ecdsa); #endif @@ -1950,7 +1950,7 @@ _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr) if (key->private_key.rsa) RSA_free(key->private_key.rsa); key->private_key.rsa = ptr; - key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption; + key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; key->md = &pkcs1_rsa_sha1_alg; } @@ -2172,7 +2172,7 @@ static const struct hx509cipher ciphers[] = { { "rc2-cbc", CIPHER_WEAK, - &asn1_oid_id_pkcs3_rc2_cbc, + ASN1_OID_ID_PKCS3_RC2_CBC, NULL, EVP_rc2_cbc, CMSRC2CBCParam_get, @@ -2181,7 +2181,7 @@ static const struct hx509cipher ciphers[] = { { "rc2-cbc", CIPHER_WEAK, - &asn1_oid_id_rsadsi_rc2_cbc, + ASN1_OID_ID_RSADSI_RC2_CBC, NULL, EVP_rc2_cbc, CMSRC2CBCParam_get, @@ -2199,7 +2199,7 @@ static const struct hx509cipher ciphers[] = { { "des-ede3-cbc", 0, - &asn1_oid_id_pkcs3_des_ede3_cbc, + ASN1_OID_ID_PKCS3_DES_EDE3_CBC, NULL, EVP_des_ede3_cbc, CMSCBCParam_get, @@ -2208,7 +2208,7 @@ static const struct hx509cipher ciphers[] = { { "des-ede3-cbc", 0, - &asn1_oid_id_rsadsi_des_ede3_cbc, + ASN1_OID_ID_RSADSI_DES_EDE3_CBC, hx509_crypto_des_rsdi_ede3_cbc, EVP_des_ede3_cbc, CMSCBCParam_get, @@ -2217,7 +2217,7 @@ static const struct hx509cipher ciphers[] = { { "aes-128-cbc", 0, - &asn1_oid_id_aes_128_cbc, + ASN1_OID_ID_AES_128_CBC, hx509_crypto_aes128_cbc, EVP_aes_128_cbc, CMSCBCParam_get, @@ -2226,7 +2226,7 @@ static const struct hx509cipher ciphers[] = { { "aes-192-cbc", 0, - &asn1_oid_id_aes_192_cbc, + ASN1_OID_ID_AES_192_CBC, NULL, EVP_aes_192_cbc, CMSCBCParam_get, @@ -2235,7 +2235,7 @@ static const struct hx509cipher ciphers[] = { { "aes-256-cbc", 0, - &asn1_oid_id_aes_256_cbc, + ASN1_OID_ID_AES_256_CBC, hx509_crypto_aes256_cbc, EVP_aes_256_cbc, CMSCBCParam_get, @@ -2672,33 +2672,33 @@ find_string2key(const heim_oid *oid, const EVP_MD **md, PBE_string2key_func *s2k) { - if (der_heim_oid_cmp(oid, &asn1_oid_id_pbewithSHAAnd40BitRC2_CBC) == 0) { + if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC) == 0) { *c = EVP_rc2_40_cbc(); *md = EVP_sha1(); *s2k = PBE_string2key; return &asn1_oid_private_rc2_40; - } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd128BitRC2_CBC) == 0) { + } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC) == 0) { *c = EVP_rc2_cbc(); *md = EVP_sha1(); *s2k = PBE_string2key; - return &asn1_oid_id_pkcs3_rc2_cbc; + return ASN1_OID_ID_PKCS3_RC2_CBC; #if 0 - } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd40BitRC4) == 0) { + } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC4) == 0) { *c = EVP_rc4_40(); *md = EVP_sha1(); *s2k = PBE_string2key; return NULL; - } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd128BitRC4) == 0) { + } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC4) == 0) { *c = EVP_rc4(); *md = EVP_sha1(); *s2k = PBE_string2key; - return &asn1_oid_id_pkcs3_rc4; + return ASN1_OID_ID_PKCS3_RC4; #endif - } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC) == 0) { + } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC) == 0) { *c = EVP_des_ede3_cbc(); *md = EVP_sha1(); *s2k = PBE_string2key; - return &asn1_oid_id_pkcs3_des_ede3_cbc; + return ASN1_OID_ID_PKCS3_DES_EDE3_CBC; } return NULL; @@ -2875,9 +2875,9 @@ match_keys_ec(hx509_cert c, hx509_private_key private_key) int _hx509_match_keys(hx509_cert c, hx509_private_key key) { - if (der_heim_oid_cmp(key->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0) + if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) return match_keys_rsa(c, key); - if (der_heim_oid_cmp(key->ops->key_oid, &asn1_oid_id_ecPublicKey) == 0) + if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) return match_keys_ec(c, key); return 0;