oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

remove trailing whitespace

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-09-13 09:21:03 +00:00
parent e172367898
commit 6937d41a02
940 changed files with 23827 additions and 23827 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
lib/hx509/ca.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -236,7 +236,7 @@ hx509_ca_tbs_set_template(hx509_context context,
hx509_name_free(&tbs->subject);
ret = hx509_cert_get_subject(cert, &tbs->subject);
if (ret) {
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"Failed to get subject from template");
return ret;
}
@@ -246,7 +246,7 @@ hx509_ca_tbs_set_template(hx509_context context,
ret = hx509_cert_get_serialnumber(cert, &tbs->serial);
tbs->flags.serial = !ret;
if (ret) {
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"Failed to copy serial number");
return ret;
}
@@ -473,7 +473,7 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
int ret;
memset(&dp, 0, sizeof(dp));
dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint));
{
@@ -488,8 +488,8 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
gn.element = choice_GeneralName_uniformResourceIdentifier;
gn.u.uniformResourceIdentifier = rk_UNCONST(uri);
ASN1_MALLOC_ENCODE(DistributionPointName,
dp.distributionPoint->data,
ASN1_MALLOC_ENCODE(DistributionPointName,
dp.distributionPoint->data,
dp.distributionPoint->length,
&name, &size, ret);
if (ret) {
@@ -509,7 +509,7 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
hx509_set_error_string(context, 0, EINVAL,
"CRLDistributionPoints.name.issuername not yet supported");
return EINVAL;
#else
#else
GeneralNames *crlissuer;
GeneralName gn;
Name n;
@@ -579,7 +579,7 @@ hx509_ca_tbs_add_san_otherName(hx509_context context,
gn.element = choice_GeneralName_otherName;
gn.u.otherName.type_id = *oid;
gn.u.otherName.value = *os;
return add_GeneralNames(&tbs->san, &gn);
}
@@ -621,7 +621,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context,
if(*str=='\\'){
if(str[1] == '\0' || str[1] == '@') {
ret = HX509_PARSING_NAME_FAILED;
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"trailing \\ in principal name");
goto out;
}
@@ -629,7 +629,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context,
} else if(*str == '/')
n++;
}
p.principalName.name_string.val =
p.principalName.name_string.val =
calloc(n, sizeof(*p.principalName.name_string.val));
if (p.principalName.name_string.val == NULL) {
ret = ENOMEM;
@@ -661,7 +661,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context,
*q++ = '\0';
}
}
ASN1_MALLOC_ENCODE(KRB5PrincipalName, os.data, os.length, &p, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "Out of memory");
@@ -669,7 +669,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context,
}
if (size != os.length)
_hx509_abort("internal ASN.1 encoder error");
ret = hx509_ca_tbs_add_san_otherName(context,
tbs,
oid_id_pkinit_san(),
@@ -682,7 +682,7 @@ out:
free(s);
return ret;
}
/*
*
*/
@@ -708,7 +708,7 @@ add_utf8_san(hx509_context context,
}
if (size != os.length)
_hx509_abort("internal ASN.1 encoder error");
ret = hx509_ca_tbs_add_san_otherName(context,
tbs,
oid,
@@ -787,7 +787,7 @@ hx509_ca_tbs_add_san_hostname(hx509_context context,
memset(&gn, 0, sizeof(gn));
gn.element = choice_GeneralName_dNSName;
gn.u.dNSName = rk_UNCONST(dnsname);
return add_GeneralNames(&tbs->san, &gn);
}
@@ -814,7 +814,7 @@ hx509_ca_tbs_add_san_rfc822name(hx509_context context,
memset(&gn, 0, sizeof(gn));
gn.element = choice_GeneralName_rfc822Name;
gn.u.rfc822Name = rk_UNCONST(rfc822Name);
return add_GeneralNames(&tbs->san, &gn);
}
@@ -1005,7 +1005,7 @@ ca_sign(hx509_context context,
return EINVAL;
}
if (hx509_name_is_null_p(tbs->subject) && tbs->san.len == 0) {
hx509_set_error_string(context, 0, EINVAL,
hx509_set_error_string(context, 0, EINVAL,
"NULL subject and no SubjectAltNames");
return EINVAL;
}
@@ -1017,7 +1017,7 @@ ca_sign(hx509_context context,
}
if (tbs->flags.proxy) {
if (tbs->san.len > 0) {
hx509_set_error_string(context, 0, EINVAL,
hx509_set_error_string(context, 0, EINVAL,
"Proxy certificate is not allowed "
"to have SubjectAltNames");
return EINVAL;
@@ -1099,7 +1099,7 @@ ca_sign(hx509_context context,
hx509_set_error_string(context, 0, ret, "Out of memory");
goto out;
}
/* Add the text BMP string Domaincontroller to the cert */
if (tbs->flags.domaincontroller) {
data.data = rk_UNCONST("\x1e\x20\x00\x44\x00\x6f\x00\x6d"
@@ -1137,7 +1137,7 @@ ca_sign(hx509_context context,
/* add ExtendedKeyUsage */
if (tbs->eku.len > 0) {
ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length,
ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length,
&tbs->eku, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "Out of memory");
@@ -1154,7 +1154,7 @@ ca_sign(hx509_context context,
/* add Subject Alternative Name */
if (tbs->san.len > 0) {
ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length,
ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length,
&tbs->san, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "Out of memory");
@@ -1172,7 +1172,7 @@ ca_sign(hx509_context context,
/* Add Authority Key Identifier */
if (ai) {
ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length,
ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length,
ai, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "Out of memory");
@@ -1195,7 +1195,7 @@ ca_sign(hx509_context context,
{
SHA_CTX m;
SHA1_Init(&m);
SHA1_Update(&m, tbs->spki.subjectPublicKey.data,
tbs->spki.subjectPublicKey.length / 8);
@@ -1205,7 +1205,7 @@ ca_sign(hx509_context context,
si.data = hash;
si.length = sizeof(hash);
ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length,
ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length,
&si, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "Out of memory");
@@ -1221,7 +1221,7 @@ ca_sign(hx509_context context,
goto out;
}
/* Add BasicConstraints */
/* Add BasicConstraints */
{
BasicConstraints bc;
int aCA = 1;
@@ -1237,7 +1237,7 @@ ca_sign(hx509_context context,
}
}
ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length,
ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length,
&bc, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "Out of memory");
@@ -1261,7 +1261,7 @@ ca_sign(hx509_context context,
memset(&info, 0, sizeof(info));
if (tbs->pathLenConstraint >= 0) {
info.pCPathLenConstraint =
info.pCPathLenConstraint =
malloc(sizeof(*info.pCPathLenConstraint));
if (info.pCPathLenConstraint == NULL) {
ret = ENOMEM;
@@ -1279,7 +1279,7 @@ ca_sign(hx509_context context,
goto out;
}
ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length,
ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length,
&info, &size, ret);
free_ProxyCertInfo(&info);
if (ret) {
@@ -1377,14 +1377,14 @@ get_AuthorityKeyIdentifier(hx509_context context,
memset(&gns, 0, sizeof(gns));
memset(&name, 0, sizeof(name));
ai->authorityCertIssuer =
ai->authorityCertIssuer =
calloc(1, sizeof(*ai->authorityCertIssuer));
if (ai->authorityCertIssuer == NULL) {
ret = ENOMEM;
hx509_set_error_string(context, 0, ret, "Out of memory");
goto out;
}
ai->authorityCertSerialNumber =
ai->authorityCertSerialNumber =
calloc(1, sizeof(*ai->authorityCertSerialNumber));
if (ai->authorityCertSerialNumber == NULL) {
ret = ENOMEM;
@@ -1392,7 +1392,7 @@ get_AuthorityKeyIdentifier(hx509_context context,
goto out;
}
/*
/*
* XXX unbreak when asn1 compiler handle IMPLICIT
*
* This is so horrible.
@@ -1407,7 +1407,7 @@ get_AuthorityKeyIdentifier(hx509_context context,
memset(&gn, 0, sizeof(gn));
gn.element = choice_GeneralName_directoryName;
gn.u.directoryName.element =
gn.u.directoryName.element =
choice_GeneralName_directoryName_rdnSequence;
gn.u.directoryName.u.rdnSequence = name.u.rdnSequence;
@@ -1436,7 +1436,7 @@ out:
/**
* Sign a to-be-signed certificate object with a issuer certificate.
* Sign a to-be-signed certificate object with a issuer certificate.
*
* The caller needs to at least have called the following functions on the
* to-be-signed certificate object:
@@ -1478,7 +1478,7 @@ hx509_ca_sign(hx509_context context,
goto out;
ret = ca_sign(context,
tbs,
tbs,
_hx509_cert_private_key(signer),
&ai,
&signer_cert->tbsCertificate.subject,
@@ -1510,7 +1510,7 @@ hx509_ca_sign_self(hx509_context context,
hx509_cert *certificate)
{
return ca_sign(context,
tbs,
tbs,
signer,
NULL,
NULL,

226
lib/hx509/cert.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -141,7 +141,7 @@ hx509_context_init(hx509_context *context)
* the existans of a revokation method (OCSP, CRL) or not. Note that
* hx509_verify_path(), hx509_cms_verify_signed(), and other function
* call hx509_revoke_verify().
*
*
* @param context hx509 context to change the flag for.
* @param flag zero, revokation method required, non zero missing
* revokation method ok
@@ -160,7 +160,7 @@ hx509_context_set_missing_revoke(hx509_context context, int flag)
/**
* Free the context allocated by hx509_context_init().
*
*
* @param context context to be freed.
*
* @ingroup hx509
@@ -268,7 +268,7 @@ hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
*/
int
hx509_cert_init_data(hx509_context context,
hx509_cert_init_data(hx509_context context,
const void *ptr,
size_t len,
hx509_cert *cert)
@@ -294,7 +294,7 @@ hx509_cert_init_data(hx509_context context,
}
void
_hx509_cert_set_release(hx509_cert cert,
_hx509_cert_set_release(hx509_cert cert,
_hx509_cert_release_func release,
void *ctx)
{
@@ -383,7 +383,7 @@ hx509_cert_ref(hx509_cert cert)
/**
* Allocate an verification context that is used fo control the
* verification process.
* verification process.
*
* @param context A hx509 context.
* @param ctx returns a pointer to a hx509_verify_ctx object.
@@ -405,7 +405,7 @@ hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx)
c->max_depth = HX509_VERIFY_MAX_DEPTH;
*ctx = c;
return 0;
}
@@ -576,7 +576,7 @@ find_extension(const Certificate *cert, const heim_oid *oid, int *idx)
if (c->version == NULL || *c->version < 2 || c->extensions == NULL)
return NULL;
for (;*idx < c->extensions->len; (*idx)++) {
if (der_heim_oid_cmp(&c->extensions->val[*idx].extnID, oid) == 0)
return &c->extensions->val[(*idx)++];
@@ -585,7 +585,7 @@ find_extension(const Certificate *cert, const heim_oid *oid, int *idx)
}
static int
find_extension_auth_key_id(const Certificate *subject,
find_extension_auth_key_id(const Certificate *subject,
AuthorityKeyIdentifier *ai)
{
const Extension *e;
@@ -597,9 +597,9 @@ find_extension_auth_key_id(const Certificate *subject,
e = find_extension(subject, oid_id_x509_ce_authorityKeyIdentifier(), &i);
if (e == NULL)
return HX509_EXTENSION_NOT_FOUND;
return decode_AuthorityKeyIdentifier(e->extnValue.data,
e->extnValue.length,
return decode_AuthorityKeyIdentifier(e->extnValue.data,
e->extnValue.length,
ai, &size);
}
@@ -616,14 +616,14 @@ _hx509_find_extension_subject_key_id(const Certificate *issuer,
e = find_extension(issuer, oid_id_x509_ce_subjectKeyIdentifier(), &i);
if (e == NULL)
return HX509_EXTENSION_NOT_FOUND;
return decode_SubjectKeyIdentifier(e->extnValue.data,
return decode_SubjectKeyIdentifier(e->extnValue.data,
e->extnValue.length,
si, &size);
}
static int
find_extension_name_constraints(const Certificate *subject,
find_extension_name_constraints(const Certificate *subject,
NameConstraints *nc)
{
const Extension *e;
@@ -635,9 +635,9 @@ find_extension_name_constraints(const Certificate *subject,
e = find_extension(subject, oid_id_x509_ce_nameConstraints(), &i);
if (e == NULL)
return HX509_EXTENSION_NOT_FOUND;
return decode_NameConstraints(e->extnValue.data,
e->extnValue.length,
return decode_NameConstraints(e->extnValue.data,
e->extnValue.length,
nc, &size);
}
@@ -653,8 +653,8 @@ find_extension_subject_alt_name(const Certificate *cert, int *i,
e = find_extension(cert, oid_id_x509_ce_subjectAltName(), i);
if (e == NULL)
return HX509_EXTENSION_NOT_FOUND;
return decode_GeneralNames(e->extnValue.data,
return decode_GeneralNames(e->extnValue.data,
e->extnValue.length,
sa, &size);
}
@@ -671,8 +671,8 @@ find_extension_eku(const Certificate *cert, ExtKeyUsage *eku)
e = find_extension(cert, oid_id_x509_ce_extKeyUsage(), &i);
if (e == NULL)
return HX509_EXTENSION_NOT_FOUND;
return decode_ExtKeyUsage(e->extnValue.data,
return decode_ExtKeyUsage(e->extnValue.data,
e->extnValue.length,
eku, &size);
}
@@ -716,7 +716,7 @@ hx509_free_octet_string_list(hx509_octet_string_list *list)
/**
* Return a list of subjectAltNames specified by oid in the
* certificate. On error the
* certificate. On error the
*
* The returned list of octet string should be freed with
* hx509_free_octet_string_list().
@@ -758,11 +758,11 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context,
for (j = 0; j < sa.len; j++) {
if (sa.val[j].element == choice_GeneralName_otherName &&
der_heim_oid_cmp(&sa.val[j].u.otherName.type_id, oid) == 0)
der_heim_oid_cmp(&sa.val[j].u.otherName.type_id, oid) == 0)
{
ret = add_to_list(list, &sa.val[j].u.otherName.value);
if (ret) {
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"Error adding an exra SAN to "
"return list");
hx509_free_octet_string_list(list);
@@ -778,7 +778,7 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context,
static int
check_key_usage(hx509_context context, const Certificate *cert,
check_key_usage(hx509_context context, const Certificate *cert,
unsigned flags, int req_present)
{
const Extension *e;
@@ -800,7 +800,7 @@ check_key_usage(hx509_context context, const Certificate *cert,
}
return 0;
}
ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, &ku, &size);
if (ret)
return ret;
@@ -827,7 +827,7 @@ check_key_usage(hx509_context context, const Certificate *cert,
*/
int
_hx509_check_key_usage(hx509_context context, hx509_cert cert,
_hx509_check_key_usage(hx509_context context, hx509_cert cert,
unsigned flags, int req_present)
{
return check_key_usage(context, _hx509_get_cert(cert), flags, req_present);
@@ -836,7 +836,7 @@ _hx509_check_key_usage(hx509_context context, hx509_cert cert,
enum certtype { PROXY_CERT, EE_CERT, CA_CERT };
static int
check_basic_constraints(hx509_context context, const Certificate *cert,
check_basic_constraints(hx509_context context, const Certificate *cert,
enum certtype type, int depth)
{
BasicConstraints bc;
@@ -865,8 +865,8 @@ check_basic_constraints(hx509_context context, const Certificate *cert,
}
}
}
ret = decode_BasicConstraints(e->extnValue.data,
ret = decode_BasicConstraints(e->extnValue.data,
e->extnValue.length, &bc,
&size);
if (ret)
@@ -901,14 +901,14 @@ _hx509_cert_is_parent_cmp(const Certificate *subject,
SubjectKeyIdentifier si;
int ret_ai, ret_si, ret;
ret = _hx509_name_cmp(&issuer->tbsCertificate.subject,
ret = _hx509_name_cmp(&issuer->tbsCertificate.subject,
&subject->tbsCertificate.issuer,
&diff);
if (ret)
return ret;
if (diff)
return diff;
memset(&ai, 0, sizeof(ai));
memset(&si, 0, sizeof(si));
@@ -937,7 +937,7 @@ _hx509_cert_is_parent_cmp(const Certificate *subject,
goto out;
}
}
if (ai.keyIdentifier == NULL) {
Name name;
@@ -946,7 +946,7 @@ _hx509_cert_is_parent_cmp(const Certificate *subject,
if (ai.authorityCertSerialNumber == NULL)
return -1;
diff = der_heim_integer_cmp(ai.authorityCertSerialNumber,
diff = der_heim_integer_cmp(ai.authorityCertSerialNumber,
&issuer->tbsCertificate.serialNumber);
if (diff)
return diff;
@@ -955,12 +955,12 @@ _hx509_cert_is_parent_cmp(const Certificate *subject,
if (ai.authorityCertIssuer->val[0].element != choice_GeneralName_directoryName)
return -1;
name.element =
name.element =
ai.authorityCertIssuer->val[0].u.directoryName.element;
name.u.rdnSequence =
name.u.rdnSequence =
ai.authorityCertIssuer->val[0].u.directoryName.u.rdnSequence;
ret = _hx509_name_cmp(&issuer->tbsCertificate.subject,
ret = _hx509_name_cmp(&issuer->tbsCertificate.subject,
&name,
&diff);
if (ret)
@@ -1008,7 +1008,7 @@ certificate_is_self_signed(hx509_context context,
int *self_signed)
{
int ret, diff;
ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
&cert->tbsCertificate.issuer, &diff);
*self_signed = (diff == 0);
if (ret)
@@ -1033,7 +1033,7 @@ find_parent(hx509_context context,
time_t time_now,
hx509_certs trust_anchors,
hx509_path *path,
hx509_certs pool,
hx509_certs pool,
hx509_cert current,
hx509_cert *parent)
{
@@ -1043,7 +1043,7 @@ find_parent(hx509_context context,
*parent = NULL;
memset(&ai, 0, sizeof(ai));
_hx509_query_clear(&q);
if (!subject_null_p(current->data)) {
@@ -1122,8 +1122,8 @@ find_parent(hx509_context context,
*/
static int
is_proxy_cert(hx509_context context,
const Certificate *cert,
is_proxy_cert(hx509_context context,
const Certificate *cert,
ProxyCertInfo *rinfo)
{
ProxyCertInfo info;
@@ -1140,8 +1140,8 @@ is_proxy_cert(hx509_context context,
return HX509_EXTENSION_NOT_FOUND;
}
ret = decode_ProxyCertInfo(e->extnValue.data,
e->extnValue.length,
ret = decode_ProxyCertInfo(e->extnValue.data,
e->extnValue.length,
&info,
&size);
if (ret) {
@@ -1151,7 +1151,7 @@ is_proxy_cert(hx509_context context,
if (size != e->extnValue.length) {
free_ProxyCertInfo(&info);
hx509_clear_error_string(context);
return HX509_EXTRA_DATA_AFTER_STRUCTURE;
return HX509_EXTRA_DATA_AFTER_STRUCTURE;
}
if (rinfo == NULL)
free_ProxyCertInfo(&info);
@@ -1187,7 +1187,7 @@ void
_hx509_path_free(hx509_path *path)
{
unsigned i;
for (i = 0; i < path->len; i++)
hx509_cert_free(path->val[i]);
free(path->val);
@@ -1236,7 +1236,7 @@ _hx509_calculate_path(hx509_context context,
while (!certificate_is_anchor(context, anchors, current)) {
ret = find_parent(context, time_now, anchors, path,
ret = find_parent(context, time_now, anchors, path,
pool, current, &parent);
hx509_cert_free(current);
if (ret)
@@ -1256,8 +1256,8 @@ _hx509_calculate_path(hx509_context context,
}
}
if ((flags & HX509_CALCULATE_PATH_NO_ANCHOR) &&
path->len > 0 &&
if ((flags & HX509_CALCULATE_PATH_NO_ANCHOR) &&
path->len > 0 &&
certificate_is_anchor(context, anchors, path->val[path->len - 1]))
{
hx509_cert_free(path->val[path->len - 1]);
@@ -1297,7 +1297,7 @@ _hx509_Certificate_cmp(const Certificate *p, const Certificate *q)
diff = der_heim_bit_string_cmp(&p->signatureValue, &q->signatureValue);
if (diff)
return diff;
diff = _hx509_AlgorithmIdentifier_cmp(&p->signatureAlgorithm,
diff = _hx509_AlgorithmIdentifier_cmp(&p->signatureAlgorithm,
&q->signatureAlgorithm);
if (diff)
return diff;
@@ -1481,7 +1481,7 @@ hx509_cert_get_SPKI(hx509_context context, hx509_cert p, SubjectPublicKeyInfo *s
int
hx509_cert_get_SPKI_AlgorithmIdentifier(hx509_context context,
hx509_cert p,
hx509_cert p,
AlgorithmIdentifier *alg)
{
int ret;
@@ -1534,7 +1534,7 @@ _hx509_cert_private_decrypt(hx509_context context,
return _hx509_private_key_private_decrypt(context,
ciphertext,
encryption_oid,
p->private_key,
p->private_key,
cleartext);
}
@@ -1623,7 +1623,7 @@ match_RDN(const RelativeDistinguishedName *c,
if (c->len != n->len)
return HX509_NAME_CONSTRAINT_ERROR;
for (i = 0; i < n->len; i++) {
int diff, ret;
@@ -1654,13 +1654,13 @@ match_X501Name(const Name *c, const Name *n)
return ret;
}
return 0;
}
}
static int
match_general_name(const GeneralName *c, const GeneralName *n, int *match)
{
/*
/*
* Name constraints only apply to the same name type, see RFC3280,
* 4.2.1.11.
*/
@@ -1741,7 +1741,7 @@ match_general_name(const GeneralName *c, const GeneralName *n, int *match)
}
static int
match_alt_name(const GeneralName *n, const Certificate *c,
match_alt_name(const GeneralName *n, const Certificate *c,
int *same, int *match)
{
GeneralNames sa;
@@ -1790,14 +1790,14 @@ match_tree(const GeneralSubtrees *t, const Certificate *c, int *match)
&& !subject_null_p(c))
{
GeneralName certname;
memset(&certname, 0, sizeof(certname));
certname.element = choice_GeneralName_directoryName;
certname.u.directoryName.element =
certname.u.directoryName.element =
c->tbsCertificate.subject.element;
certname.u.directoryName.u.rdnSequence =
certname.u.directoryName.u.rdnSequence =
c->tbsCertificate.subject.u.rdnSequence;
ret = match_general_name(&t->val[i].base, &certname, &name);
}
@@ -1814,7 +1814,7 @@ match_tree(const GeneralSubtrees *t, const Certificate *c, int *match)
}
static int
check_name_constraints(hx509_context context,
check_name_constraints(hx509_context context,
const hx509_name_constraints *nc,
const Certificate *c)
{
@@ -1978,13 +1978,13 @@ hx509_verify_path(hx509_context context,
ret = certificate_is_self_signed(context, c, &selfsigned);
if (ret)
goto out;
if (selfsigned)
if (selfsigned)
selfsigned_depth++;
}
break;
case PROXY_CERT: {
ProxyCertInfo info;
ProxyCertInfo info;
if (is_proxy_cert(context, c, &info) == 0) {
int j;
@@ -2005,7 +2005,7 @@ hx509_verify_path(hx509_context context,
j = 0;
if (find_extension(c, oid_id_x509_ce_subjectAltName(), &j)) {
ret = HX509_PROXY_CERT_INVALID;
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"Proxy certificate have explicity "
"forbidden subjectAltName");
goto out;
@@ -2014,13 +2014,13 @@ hx509_verify_path(hx509_context context,
j = 0;
if (find_extension(c, oid_id_x509_ce_issuerAltName(), &j)) {
ret = HX509_PROXY_CERT_INVALID;
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"Proxy certificate have explicity "
"forbidden issuerAltName");
goto out;
}
/*
/*
* The subject name of the proxy certificate should be
* CN=XXX,<proxy issuer>, prune of CN and check if its
* the same over the whole chain of proxy certs and
@@ -2050,7 +2050,7 @@ hx509_verify_path(hx509_context context,
}
j = proxy_issuer.u.rdnSequence.len;
if (proxy_issuer.u.rdnSequence.len < 2
if (proxy_issuer.u.rdnSequence.len < 2
|| proxy_issuer.u.rdnSequence.val[j - 1].len > 1
|| der_heim_oid_cmp(&proxy_issuer.u.rdnSequence.val[j - 1].val[0].type,
oid_id_at_commonName()))
@@ -2080,7 +2080,7 @@ hx509_verify_path(hx509_context context,
break;
} else {
/*
/*
* Now we are done with the proxy certificates, this
* cert was an EE cert and we we will fall though to
* EE checking below.
@@ -2097,7 +2097,7 @@ hx509_verify_path(hx509_context context,
*/
if (proxy_cert_depth) {
ret = _hx509_name_cmp(&proxy_issuer,
ret = _hx509_name_cmp(&proxy_issuer,
&c->tbsCertificate.subject, &diff);
if (ret) {
hx509_set_error_string(context, 0, ret, "out of memory");
@@ -2121,11 +2121,11 @@ hx509_verify_path(hx509_context context,
break;
}
ret = check_basic_constraints(context, c, type,
ret = check_basic_constraints(context, c, type,
i - proxy_cert_depth - selfsigned_depth);
if (ret)
goto out;
/*
* Don't check the trust anchors expiration time since they
* are transported out of band, from RFC3820.
@@ -2211,7 +2211,7 @@ hx509_verify_path(hx509_context context,
int parent = (i < path.len - 1) ? i + 1 : i;
ret = hx509_revoke_verify(context,
ctx->revoke_ctx,
ctx->revoke_ctx,
certs,
ctx->time_now,
path.val[i],
@@ -2326,7 +2326,7 @@ hx509_verify_hostname(hx509_context context,
hx509_hostname_type type,
const char *hostname,
const struct sockaddr *sa,
/* XXX krb5_socklen_t */ int sa_size)
/* XXX krb5_socklen_t */ int sa_size)
{
GeneralNames san;
int ret, i, j;
@@ -2397,8 +2397,8 @@ hx509_verify_hostname(hx509_context context,
int
_hx509_set_cert_attribute(hx509_context context,
hx509_cert cert,
const heim_oid *oid,
hx509_cert cert,
const heim_oid *oid,
const heim_octet_string *attr)
{
hx509_cert_attribute a;
@@ -2407,7 +2407,7 @@ _hx509_set_cert_attribute(hx509_context context,
if (hx509_cert_get_attribute(cert, oid) != NULL)
return 0;
d = realloc(cert->attrs.val,
d = realloc(cert->attrs.val,
sizeof(cert->attrs.val[0]) * (cert->attrs.len + 1));
if (d == NULL) {
hx509_clear_error_string(context);
@@ -2421,7 +2421,7 @@ _hx509_set_cert_attribute(hx509_context context,
der_copy_octet_string(attr, &a->data);
der_copy_oid(oid, &a->oid);
cert->attrs.val[cert->attrs.len] = a;
cert->attrs.len++;
@@ -2517,13 +2517,13 @@ hx509_cert_get_friendly_name(hx509_cert cert)
free_PKCS9_friendlyName(&n);
return NULL;
}
cert->friendlyname = malloc(n.val[0].length + 1);
if (cert->friendlyname == NULL) {
free_PKCS9_friendlyName(&n);
return NULL;
}
for (i = 0; i < n.val[0].length; i++) {
if (n.val[0].data[i] <= 0xff)
cert->friendlyname[i] = n.val[0].data[i] & 0xff;
@@ -2611,7 +2611,7 @@ hx509_query_match_option(hx509_query *q, hx509_query_option option)
int
hx509_query_match_issuer_serial(hx509_query *q,
const Name *issuer,
const Name *issuer,
const heim_integer *serialNumber)
{
int ret;
@@ -2840,7 +2840,7 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert
}
if ((q->match & HX509_QUERY_MATCH_ISSUER_ID))
return 0;
if ((q->match & HX509_QUERY_PRIVATE_KEY) &&
if ((q->match & HX509_QUERY_PRIVATE_KEY) &&
_hx509_cert_private_key(cert) == NULL)
return 0;
@@ -2900,7 +2900,7 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert
heim_octet_string os;
os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
os.length =
os.length =
c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
ret = _hx509_verify_signature(context,
@@ -3039,12 +3039,12 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
return;
f = fopen(context->querystat, "r");
if (f == NULL) {
fprintf(out, "No statistic file %s: %s.\n",
fprintf(out, "No statistic file %s: %s.\n",
context->querystat, strerror(errno));
return;
}
rk_cloexec_file(f);
for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) {
stats[i].index = i;
stats[i].stats = 0;
@@ -3075,7 +3075,7 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
errx(1, "out of memory");
rtbl_set_separator (t, " ");
rtbl_add_column_by_id (t, 0, "Name", 0);
rtbl_add_column_by_id (t, 1, "Counter", 0);
@@ -3083,7 +3083,7 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) {
char str[10];
if (stats[i].index < sizeof(statname)/sizeof(statname[0]))
if (stats[i].index < sizeof(statname)/sizeof(statname[0]))
rtbl_add_column_entry_by_id (t, 0, statname[stats[i].index]);
else {
snprintf(str, sizeof(str), "%d", stats[i].index);
@@ -3096,7 +3096,7 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
rtbl_format(t, out);
rtbl_destroy(t);
fprintf(out, "\nQueries: multi %lu total %lu\n",
fprintf(out, "\nQueries: multi %lu total %lu\n",
multiqueries, totalqueries);
}
@@ -3166,7 +3166,7 @@ _hx509_cert_get_keyusage(hx509_context context,
e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i);
if (e == NULL)
return HX509_KU_CERT_MISSING;
ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, ku, &size);
if (ret)
return ret;
@@ -3212,7 +3212,7 @@ hx509_cert_binary(hx509_context context, hx509_cert c, heim_octet_string *os)
os->data = NULL;
os->length = 0;
ASN1_MALLOC_ENCODE(Certificate, os->data, os->length,
ASN1_MALLOC_ENCODE(Certificate, os->data, os->length,
_hx509_get_cert(c), &size, ret);
if (ret) {
os->data = NULL;

14
lib/hx509/cms.c
View File

@@ -38,7 +38,7 @@ RCSID("$Id$");
* @page page_cms CMS/PKCS7 message functions.
*
* CMS is defined in RFC 3369 and is an continuation of the RSA Labs
* standard PKCS7. The basic messages in CMS is
* standard PKCS7. The basic messages in CMS is
*
* - SignedData
* Data signed with private key (RSA, DSA, ECDSA) or secret
@@ -68,7 +68,7 @@ RCSID("$Id$");
* der_free_octet_string().
*
* @return Returns an hx509 error code.
*
*
* @ingroup hx509_cms
*/
@@ -122,7 +122,7 @@ hx509_cms_wrap_ContentInfo(const heim_oid *oid,
* diffrence between no data and the zero length data.
*
* @return Returns an hx509 error code.
*
*
* @ingroup hx509_cms
*/
@@ -709,8 +709,8 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
for (i = 0; i < sd->certificates->len; i++) {
hx509_cert c;
ret = hx509_cert_init_data(context,
sd->certificates->val[i].data,
ret = hx509_cert_init_data(context,
sd->certificates->val[i].data,
sd->certificates->val[i].length,
&c);
if (ret)
@@ -838,7 +838,7 @@ hx509_cms_verify_signed(hx509_context context,
continue;
}
ret = find_CMSIdentifier(context, &signer_info->sid, certs,
ret = find_CMSIdentifier(context, &signer_info->sid, certs,
_hx509_verify_get_time(ctx), &cert,
HX509_QUERY_KU_DIGITALSIGNATURE);
if (ret)
@@ -1314,7 +1314,7 @@ hx509_cms_create_signed_1(hx509_context context,
*/
if (pool) {
_hx509_calculate_path(context,
HX509_CALCULATE_PATH_NO_ANCHOR,
HX509_CALCULATE_PATH_NO_ANCHOR,
time(NULL),
anchors,
0,

62
lib/hx509/collector.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -113,7 +113,7 @@ free_private_key(struct private_key *key)
int
_hx509_collector_private_key_add(hx509_context context,
struct hx509_collector *c,
struct hx509_collector *c,
const AlgorithmIdentifier *alg,
hx509_private_key private_key,
const heim_octet_string *key_data,
@@ -153,7 +153,7 @@ _hx509_collector_private_key_add(hx509_context context,
if (localKeyId) {
ret = der_copy_octet_string(localKeyId, &key->localKeyId);
if (ret) {
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"Failed to copy localKeyId");
goto out;
}
@@ -187,9 +187,9 @@ match_localkeyid(hx509_context context,
_hx509_query_clear(&q);
q.match |= HX509_QUERY_MATCH_LOCAL_KEY_ID;
q.local_key_id = &value->localKeyId;
ret = hx509_certs_find(context, certs, &q, &cert);
if (ret == 0) {
@@ -208,7 +208,7 @@ match_keys(hx509_context context, struct private_key *value, hx509_certs certs)
int ret, found = HX509_CERT_NOT_FOUND;
if (value->private_key == NULL) {
hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
"No private key to compare with");
return HX509_PRIVATE_KEY_MISSING;
}
@@ -248,7 +248,7 @@ match_keys(hx509_context context, struct private_key *value, hx509_certs certs)
}
int
_hx509_collector_collect_certs(hx509_context context,
_hx509_collector_collect_certs(hx509_context context,
struct hx509_collector *c,
hx509_certs *ret_certs)
{
@@ -282,7 +282,7 @@ _hx509_collector_collect_certs(hx509_context context,
}
int
_hx509_collector_collect_private_keys(hx509_context context,
_hx509_collector_collect_private_keys(hx509_context context,
struct hx509_collector *c,
hx509_private_key **keys)
{

196
lib/hx509/crypto.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -241,11 +241,11 @@ rsa_verify_signature(hx509_context context,
goto out;
}
retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data,
retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data,
to, rsa, RSA_PKCS1_PADDING);
if (retsize <= 0) {
ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"RSA public decrypt failed: %d", retsize);
free(to);
goto out;
@@ -269,8 +269,8 @@ rsa_verify_signature(hx509_context context,
}
if (sig_alg->digest_oid &&
der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
(*sig_alg->digest_oid)()) != 0)
der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
(*sig_alg->digest_oid)()) != 0)
{
ret = HX509_CRYPTO_OID_MISMATCH;
hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
@@ -323,7 +323,7 @@ rsa_create_signature(hx509_context context,
const heim_oid *sig_oid;
size_t size;
int ret;
if (alg)
sig_oid = &alg->algorithm;
else
@@ -391,8 +391,8 @@ rsa_create_signature(hx509_context context,
return ENOMEM;
}
ret = RSA_private_encrypt(indata.length, indata.data,
sig->data,
ret = RSA_private_encrypt(indata.length, indata.data,
sig->data,
signer->private_key.rsa,
RSA_PKCS1_PADDING);
if (indata.data != data->data)
@@ -407,7 +407,7 @@ rsa_create_signature(hx509_context context,
_hx509_abort("RSA signature prelen longer the output len");
sig->length = ret;
return 0;
}
@@ -419,7 +419,7 @@ rsa_private_key_import(hx509_context context,
{
const unsigned char *p = data;
private_key->private_key.rsa =
private_key->private_key.rsa =
d2i_RSAPrivateKey(NULL, &p, len);
if (private_key->private_key.rsa == NULL) {
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
@@ -449,7 +449,7 @@ rsa_private_key2SPKI(hx509_context context,
}
spki->subjectPublicKey.length = len * 8;
ret = set_digest_alg(&spki->algorithm,oid_id_pkcs1_rsaEncryption(),
ret = set_digest_alg(&spki->algorithm,oid_id_pkcs1_rsaEncryption(),
"\x05\x00", 2);
if (ret) {
hx509_set_error_string(context, 0, ret, "malloc - out of memory");
@@ -468,7 +468,7 @@ rsa_private_key2SPKI(hx509_context context,
}
static int
rsa_generate_private_key(hx509_context context,
rsa_generate_private_key(hx509_context context,
struct hx509_generate_private_context *ctx,
hx509_private_key private_key)
{
@@ -485,7 +485,7 @@ rsa_generate_private_key(hx509_context context,
"Failed to generate RSA key");
return HX509_PARSING_KEY_FAILED;
}
e = BN_new();
BN_set_word(e, default_rsa_e);
@@ -508,7 +508,7 @@ rsa_generate_private_key(hx509_context context,
return 0;
}
static int
static int
rsa_private_key_export(hx509_context context,
const hx509_private_key key,
heim_octet_string *data)
@@ -533,7 +533,7 @@ rsa_private_key_export(hx509_context context,
return ret;
}
data->length = ret;
{
unsigned char *p = data->data;
i2d_RSAPrivateKey(key->private_key.rsa, &p);
@@ -664,7 +664,7 @@ dsa_parse_private_key(hx509_context context,
{
const unsigned char *p = data;
private_key->private_key.dsa =
private_key->private_key.dsa =
d2i_DSAPrivateKey(NULL, &p, len);
if (private_key->private_key.dsa == NULL)
return EINVAL;
@@ -689,7 +689,7 @@ sha1_verify_signature(hx509_context context,
{
unsigned char digest[SHA_DIGEST_LENGTH];
SHA_CTX m;
if (sig->length != SHA_DIGEST_LENGTH) {
hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
"SHA1 sigature have wrong length");
@@ -719,7 +719,7 @@ sha256_create_signature(hx509_context context,
heim_octet_string *sig)
{
SHA256_CTX m;
memset(sig, 0, sizeof(*sig));
if (signatureAlgorithm) {
@@ -729,7 +729,7 @@ sha256_create_signature(hx509_context context,
if (ret)
return ret;
}
sig->data = malloc(SHA256_DIGEST_LENGTH);
if (sig->data == NULL) {
@@ -755,7 +755,7 @@ sha256_verify_signature(hx509_context context,
{
unsigned char digest[SHA256_DIGEST_LENGTH];
SHA256_CTX m;
if (sig->length != SHA256_DIGEST_LENGTH) {
hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
"SHA256 sigature have wrong length");
@@ -785,17 +785,17 @@ sha1_create_signature(hx509_context context,
heim_octet_string *sig)
{
SHA_CTX m;
memset(sig, 0, sizeof(*sig));
if (signatureAlgorithm) {
int ret;
ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
"\x05\x00", 2);
if (ret)
return ret;
}
sig->data = malloc(SHA_DIGEST_LENGTH);
if (sig->data == NULL) {
@@ -821,7 +821,7 @@ md5_verify_signature(hx509_context context,
{
unsigned char digest[MD5_DIGEST_LENGTH];
MD5_CTX m;
if (sig->length != MD5_DIGEST_LENGTH) {
hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
"MD5 sigature have wrong length");
@@ -851,7 +851,7 @@ md2_verify_signature(hx509_context context,
{
unsigned char digest[MD2_DIGEST_LENGTH];
MD2_CTX m;
if (sig->length != MD2_DIGEST_LENGTH) {
hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
"MD2 sigature have wrong length");
@@ -941,7 +941,7 @@ static const struct signature_alg dsa_sha1_alg = {
"dsa-with-sha1",
oid_id_dsa_with_sha1,
NULL,
oid_id_dsa,
oid_id_dsa,
oid_id_secsig_sha_1,
PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
dsa_verify_signature,
@@ -990,7 +990,7 @@ static const struct signature_alg md2_alg = {
md2_verify_signature
};
/*
/*
* Order matter in this structure, "best" first for each "key
* compatible" type (type is RSA, DSA, none, etc)
*/
@@ -1094,7 +1094,7 @@ _hx509_verify_signature_bitstring(hx509_context context,
os.data = sig->data;
os.length = sig->length / 8;
return _hx509_verify_signature(context, signer, alg, data, &os);
}
@@ -1111,7 +1111,7 @@ _hx509_create_signature(hx509_context context,
if (signer && signer->ops && signer->ops->handle_alg &&
(*signer->ops->handle_alg)(signer, alg, COT_SIGN))
{
return (*signer->ops->sign)(context, signer, alg, data,
return (*signer->ops->sign)(context, signer, alg, data,
signatureAlgorithm, sig);
}
@@ -1128,7 +1128,7 @@ _hx509_create_signature(hx509_context context,
return HX509_CRYPTO_SIG_NO_CONF;
}
return (*md->create_signature)(context, md, signer, alg, data,
return (*md->create_signature)(context, md, signer, alg, data,
signatureAlgorithm, sig);
}
@@ -1205,8 +1205,8 @@ _hx509_public_encrypt(hx509_context context,
return ENOMEM;
}
ret = RSA_public_encrypt(cleartext->length,
(unsigned char *)cleartext->data,
ret = RSA_public_encrypt(cleartext->length,
(unsigned char *)cleartext->data,
to, rsa, RSA_PKCS1_PADDING);
RSA_free(rsa);
if (ret <= 0) {
@@ -1331,7 +1331,7 @@ _hx509_generate_private_key_init(hx509_context context,
*ctx = NULL;
if (der_heim_oid_cmp(oid, oid_id_pkcs1_rsaEncryption()) != 0) {
hx509_set_error_string(context, 0, EINVAL,
hx509_set_error_string(context, 0, EINVAL,
"private key not an RSA key");
return EINVAL;
}
@@ -1408,72 +1408,72 @@ _hx509_generate_private_key(hx509_context context,
static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
const AlgorithmIdentifier _hx509_signature_sha512_data = {
const AlgorithmIdentifier _hx509_signature_sha512_data = {
{ 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
};
static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
const AlgorithmIdentifier _hx509_signature_sha384_data = {
const AlgorithmIdentifier _hx509_signature_sha384_data = {
{ 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
};
static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
const AlgorithmIdentifier _hx509_signature_sha256_data = {
const AlgorithmIdentifier _hx509_signature_sha256_data = {
{ 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
};
static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
const AlgorithmIdentifier _hx509_signature_sha1_data = {
const AlgorithmIdentifier _hx509_signature_sha1_data = {
{ 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
};
static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
const AlgorithmIdentifier _hx509_signature_md5_data = {
const AlgorithmIdentifier _hx509_signature_md5_data = {
{ 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
};
static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
const AlgorithmIdentifier _hx509_signature_md2_data = {
const AlgorithmIdentifier _hx509_signature_md2_data = {
{ 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
};
static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = {
const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = {
{ 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
};
static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = {
const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = {
{ 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
};
static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = {
const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = {
{ 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
};
static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
{ 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
};
static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
{ 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
};
static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {
const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {
{ 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
};
static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
const AlgorithmIdentifier _hx509_signature_rsa_data = {
const AlgorithmIdentifier _hx509_signature_rsa_data = {
{ 7, rk_UNCONST(rsa_oid) }, NULL
};
static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 };
const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = {
const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = {
{ 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL
};
@@ -1564,11 +1564,11 @@ hx509_crypto_aes256_cbc(void)
*
*/
const AlgorithmIdentifier * _hx509_crypto_default_sig_alg =
const AlgorithmIdentifier * _hx509_crypto_default_sig_alg =
&_hx509_signature_rsa_with_sha1_data;
const AlgorithmIdentifier * _hx509_crypto_default_digest_alg =
const AlgorithmIdentifier * _hx509_crypto_default_digest_alg =
&_hx509_signature_sha1_data;
const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
&_hx509_crypto_aes128_cbc_data;
/*
@@ -1635,7 +1635,7 @@ _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
key->md = &pkcs1_rsa_sha1_alg;
}
int
int
_hx509_private_key_oid(hx509_context context,
const hx509_private_key key,
heim_oid *data)
@@ -1657,7 +1657,7 @@ _hx509_private_key_exportable(hx509_private_key key)
BIGNUM *
_hx509_private_key_get_internal(hx509_context context,
hx509_private_key key,
hx509_private_key key,
const char *type)
{
if (key->ops->get_internal == NULL)
@@ -1665,7 +1665,7 @@ _hx509_private_key_get_internal(hx509_context context,
return (*key->ops->get_internal)(context, key, type);
}
int
int
_hx509_private_key_export(hx509_context context,
const hx509_private_key key,
heim_octet_string *data)
@@ -1688,7 +1688,7 @@ struct hx509cipher {
const EVP_CIPHER *(*evp_func)(void);
int (*get_params)(hx509_context, const hx509_crypto,
const heim_octet_string *, heim_octet_string *);
int (*set_params)(hx509_context, const heim_octet_string *,
int (*set_params)(hx509_context, const heim_octet_string *,
hx509_crypto, heim_octet_string *);
};
@@ -2063,7 +2063,7 @@ hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
int
hx509_crypto_set_params(hx509_context context,
hx509_crypto crypto,
hx509_crypto crypto,
const heim_octet_string *param,
heim_octet_string *ivec)
{
@@ -2072,7 +2072,7 @@ hx509_crypto_set_params(hx509_context context,
int
hx509_crypto_get_params(hx509_context context,
hx509_crypto crypto,
hx509_crypto crypto,
const heim_octet_string *ivec,
heim_octet_string *param)
{
@@ -2128,7 +2128,7 @@ hx509_crypto_encrypt(hx509_crypto crypto,
ret = ENOMEM;
goto out;
}
if (EVP_CIPHER_block_size(crypto->c) == 1) {
padsize = 0;
} else {
@@ -2222,7 +2222,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
if (EVP_CIPHER_block_size(crypto->c) > 1) {
int padsize;
unsigned char *p;
unsigned char *p;
int j, bsize = EVP_CIPHER_block_size(crypto->c);
if (clear->length < bsize) {
@@ -2259,7 +2259,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
typedef int (*PBE_string2key_func)(hx509_context,
const char *,
const heim_octet_string *,
hx509_crypto *, heim_octet_string *,
hx509_crypto *, heim_octet_string *,
heim_octet_string *,
const heim_oid *, const EVP_MD *);
@@ -2267,7 +2267,7 @@ static int
PBE_string2key(hx509_context context,
const char *password,
const heim_octet_string *parameters,
hx509_crypto *crypto,
hx509_crypto *crypto,
heim_octet_string *key, heim_octet_string *iv,
const heim_oid *enc_oid,
const EVP_MD *md)
@@ -2296,13 +2296,13 @@ PBE_string2key(hx509_context context,
salt = p12params.salt.data;
saltlen = p12params.salt.length;
if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
PKCS12_KEY_ID, iter, key->length, key->data, md)) {
ret = HX509_CRYPTO_INTERNAL_ERROR;
goto out;
}
if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
ret = HX509_CRYPTO_INTERNAL_ERROR;
goto out;
@@ -2325,8 +2325,8 @@ out:
}
static const heim_oid *
find_string2key(const heim_oid *oid,
const EVP_CIPHER **c,
find_string2key(const heim_oid *oid,
const EVP_CIPHER **c,
const EVP_MD **md,
PBE_string2key_func *s2k)
{
@@ -2439,7 +2439,7 @@ _hx509_pbe_decrypt(hx509_context context,
else
password = NULL;
ret = (*s2k)(context, password, ai->parameters, &crypto,
ret = (*s2k)(context, password, ai->parameters, &crypto,
&key, &iv, enc_oid, md);
if (ret)
goto out;
@@ -2452,7 +2452,7 @@ _hx509_pbe_decrypt(hx509_context context,
hx509_crypto_destroy(crypto);
if (ret == 0)
goto out;
}
out:
if (key.data)
@@ -2510,7 +2510,7 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
if (rsa->n == NULL || rsa->e == NULL ||
if (rsa->n == NULL || rsa->e == NULL ||
rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
RSA_free(rsa);
@@ -2562,7 +2562,7 @@ hx509_crypto_select(const hx509_context context,
bits = SIG_SECRET;
def = _hx509_crypto_default_secret_alg;
} else {
hx509_set_error_string(context, 0, EINVAL,
hx509_set_error_string(context, 0, EINVAL,
"Unknown type %d of selection", type);
return EINVAL;
}
@@ -2576,10 +2576,10 @@ hx509_crypto_select(const hx509_context context,
for (j = 0; sig_algs[j]; j++) {
if ((sig_algs[j]->flags & bits) != bits)
continue;
if (der_heim_oid_cmp((*sig_algs[j]->sig_oid)(),
if (der_heim_oid_cmp((*sig_algs[j]->sig_oid)(),
&peer->val[i].algorithm) != 0)
continue;
if (keytype && sig_algs[j]->key_oid &&
if (keytype && sig_algs[j]->key_oid &&
der_heim_oid_cmp(keytype, (*sig_algs[j]->key_oid)()))
continue;
@@ -2633,7 +2633,7 @@ hx509_crypto_available(hx509_context context,
} else if (type == HX509_SELECT_PUBLIC_SIG) {
bits = SIG_PUBLIC_SIG;
} else {
hx509_set_error_string(context, 0, EINVAL,
hx509_set_error_string(context, 0, EINVAL,
"Unknown type %d of available", type);
return EINVAL;
}
@@ -2647,7 +2647,7 @@ hx509_crypto_available(hx509_context context,
continue;
if (sig_algs[i]->sig_alg == NULL)
continue;
if (keytype && sig_algs[i]->key_oid &&
if (keytype && sig_algs[i]->key_oid &&
der_heim_oid_cmp((*sig_algs[i]->key_oid)(), keytype))
continue;
@@ -2675,7 +2675,7 @@ hx509_crypto_available(hx509_context context,
if (ptr == NULL)
goto out;
*val = ptr;
ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
if (ret)
goto out;
@@ -2703,4 +2703,4 @@ hx509_crypto_free_algs(AlgorithmIdentifier *val,
for (i = 0; i < len; i++)
free_AlgorithmIdentifier(&val[i]);
free(val);
}
}

52
lib/hx509/doxygen.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/** @mainpage Heimdal PKIX/X.509 library
@@ -37,7 +37,7 @@
*
* Heimdal libhx509 library is a implementation of the PKIX/X.509 and
* related protocols.
*
*
* PKIX/X.509 is ...
*
*
@@ -70,7 +70,7 @@
* See the @ref page_cms for description and examples. */
/** @defgroup hx509_crypto hx509 crypto functions */
/** @defgroup hx509_misc hx509 misc functions */
/** @defgroup hx509_name hx509 name functions
/** @defgroup hx509_name hx509 name functions
* See the @ref page_name for description and examples. */
/** @defgroup hx509_revoke hx509 revokation checking functions
* See the @ref page_revoke for description and examples. */

56
lib/hx509/env.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2007 - 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -54,7 +54,7 @@ RCSID("$Id$");
*/
int
hx509_env_add(hx509_context context, hx509_env *env,
hx509_env_add(hx509_context context, hx509_env *env,
const char *key, const char *value)
{
hx509_env n;
@@ -105,7 +105,7 @@ hx509_env_add(hx509_context context, hx509_env *env,
*/
int
hx509_env_add_binding(hx509_context context, hx509_env *env,
hx509_env_add_binding(hx509_context context, hx509_env *env,
const char *key, hx509_env list)
{
hx509_env n;
@@ -157,7 +157,7 @@ hx509_env_lfind(hx509_context context, hx509_env env,
{
while(env) {
if (strncmp(key, env->name ,len) == 0
&& env->name[len] == '\0' && env->type == env_string)
&& env->name[len] == '\0' && env->type == env_string)
return env->u.string;
env = env->next;
}
@@ -180,7 +180,7 @@ const char *
hx509_env_find(hx509_context context, hx509_env env, const char *key)
{
while(env) {
if (strcmp(key, env->name) == 0 && env->type == env_string)
if (strcmp(key, env->name) == 0 && env->type == env_string)
return env->u.string;
env = env->next;
}

56
lib/hx509/error.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -87,7 +87,7 @@ hx509_clear_error_string(hx509_context context)
*/
void
hx509_set_error_stringv(hx509_context context, int flags, int code,
hx509_set_error_stringv(hx509_context context, int flags, int code,
const char *fmt, va_list ap)
{
hx509_error msg;
@@ -115,7 +115,7 @@ hx509_set_error_stringv(hx509_context context, int flags, int code,
}
/**
* See hx509_set_error_stringv().
* See hx509_set_error_stringv().
*
* @param context A hx509 context.
* @param flags
@@ -172,7 +172,7 @@ hx509_get_error_string(hx509_context context, int error_code)
}
for (msg = context->error; msg; msg = msg->next)
p = rk_strpoolprintf(p, "%s%s", msg->msg,
p = rk_strpoolprintf(p, "%s%s", msg->msg,
msg->next != NULL ? "; " : "");
return rk_strpoolcollect(p);
@@ -205,7 +205,7 @@ hx509_free_error_string(char *str)
*/
void
hx509_err(hx509_context context, int exit_code,
hx509_err(hx509_context context, int exit_code,
int error_code, const char *fmt, ...)
{
va_list ap;

62
lib/hx509/file.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -73,7 +73,7 @@ header(FILE *f, const char *type, const char *str)
}
int
hx509_pem_write(hx509_context context, const char *type,
hx509_pem_write(hx509_context context, const char *type,
hx509_pem_header *headers, FILE *f,
const void *data, size_t size)
{
@@ -82,11 +82,11 @@ hx509_pem_write(hx509_context context, const char *type,
char *line;
#define ENCODE_LINE_LENGTH 54
header(f, "BEGIN", type);
while (headers) {
fprintf(f, "%s: %s\n%s",
fprintf(f, "%s: %s\n%s",
headers->header, headers->value,
headers->next ? "" : "\n");
headers = headers->next;
@@ -121,7 +121,7 @@ hx509_pem_write(hx509_context context, const char *type,
*/
int
hx509_pem_add_header(hx509_pem_header **headers,
hx509_pem_add_header(hx509_pem_header **headers,
const char *header, const char *value)
{
hx509_pem_header *h;
@@ -182,7 +182,7 @@ hx509_pem_find_header(const hx509_pem_header *h, const char *header)
int
hx509_pem_read(hx509_context context,
FILE *f,
FILE *f,
hx509_pem_read_func func,
void *ctx)
{
@@ -212,7 +212,7 @@ hx509_pem_read(hx509_context context,
if (i > 0)
i--;
}
switch (where) {
case BEFORE:
if (strncmp("-----BEGIN ", buf, 11) == 0) {
@@ -261,7 +261,7 @@ hx509_pem_read(hx509_context context,
free(p);
goto out;
}
data = erealloc(data, len + i);
memcpy(((char *)data) + len, p, i);
free(p);

48
lib/hx509/hx509.h
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */

54
lib/hx509/hx_locl.h
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
@@ -156,17 +156,17 @@ struct hx509_query_data {
struct hx509_keyset_ops {
const char *name;
int flags;
int (*init)(hx509_context, hx509_certs, void **,
int (*init)(hx509_context, hx509_certs, void **,
int, const char *, hx509_lock);
int (*store)(hx509_context, hx509_certs, void *, int, hx509_lock);
int (*free)(hx509_certs, void *);
int (*add)(hx509_context, hx509_certs, void *, hx509_cert);
int (*query)(hx509_context, hx509_certs, void *,
int (*query)(hx509_context, hx509_certs, void *,
const hx509_query *, hx509_cert *);
int (*iter_start)(hx509_context, hx509_certs, void *, void **);
int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *);
int (*iter_end)(hx509_context, hx509_certs, void *, void *);
int (*printinfo)(hx509_context, hx509_certs,
int (*printinfo)(hx509_context, hx509_certs,
void *, int (*)(void *, const char *), void *);
int (*getkeys)(hx509_context, hx509_certs, void *, hx509_private_key **);
int (*addkey)(hx509_context, hx509_certs, void *, hx509_private_key);

140
lib/hx509/hxtool.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -71,7 +71,7 @@ lock_strings(hx509_lock lock, getarg_strings *pass)
for (i = 0; i < pass->num_strings; i++) {
int ret = hx509_lock_command_string(lock, pass->strings[i]);
if (ret)
errx(1, "hx509_lock_command_string: %s: %d",
errx(1, "hx509_lock_command_string: %s: %d",
pass->strings[i], ret);
}
}
@@ -116,23 +116,23 @@ parse_oid(const char *str, const heim_oid *def, heim_oid *oid)
static void
peer_strings(hx509_context context,
hx509_peer_info *peer,
hx509_peer_info *peer,
const getarg_strings *s)
{
AlgorithmIdentifier *val;
int ret, i;
ret = hx509_peer_info_alloc(context, peer);
if (ret)
hx509_err(context, 1, ret, "hx509_peer_info_alloc");
val = calloc(s->num_strings, sizeof(*val));
if (val == NULL)
err(1, "malloc");
for (i = 0; i < s->num_strings; i++)
parse_oid(s->strings[i], NULL, &val[i].algorithm);
ret = hx509_peer_info_set_cms_algs(context, *peer, val, s->num_strings);
if (ret)
hx509_err(context, 1, ret, "hx509_peer_info_set_cms_algs");
@@ -147,7 +147,7 @@ peer_strings(hx509_context context,
*/
static int
pem_reader(hx509_context context, const char *type,
pem_reader(hx509_context context, const char *type,
const hx509_pem_header *headers,
const void *data , size_t length, void *ctx)
{
@@ -315,7 +315,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
certs_strings(context, "pool", pool, lock, &opt->pool_strings);
if (opt->anchors_strings.num_strings) {
ret = hx509_certs_init(context, "MEMORY:cert-anchors",
ret = hx509_certs_init(context, "MEMORY:cert-anchors",
0, NULL, &anchors);
if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY");
certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings);
@@ -333,7 +333,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
if (opt->signer_string)
hx509_query_match_friendly_name(q, opt->signer_string);
@@ -355,7 +355,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
flags,
&contentType,
p,
sz,
sz,
NULL,
cert,
peer,
@@ -403,7 +403,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
hx509_pem_header *header = NULL;
FILE *f;
hx509_pem_add_header(&header, "Content-disposition",
hx509_pem_add_header(&header, "Content-disposition",
opt->detached_signature_flag ?
"detached" : "inline");
hx509_pem_add_header(&header, "Signer", signer_name);
@@ -412,7 +412,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
if (f == NULL)
err(1, "open %s", argv[1]);
ret = hx509_pem_write(context, "CMS SIGNEDDATA", header, f,
ret = hx509_pem_write(context, "CMS SIGNEDDATA", header, f,
o.data, o.length);
fclose(f);
hx509_pem_free_header(header);
@@ -525,7 +525,7 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
if (opt->encryption_type_string) {
enctype = hx509_crypto_enctype_by_name(opt->encryption_type_string);
if (enctype == NULL)
errx(1, "encryption type: %s no found",
errx(1, "encryption type: %s no found",
opt->encryption_type_string);
}
@@ -542,7 +542,7 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType);
ret = hx509_cms_envelope_1(context, 0, cert, p, sz, enctype,
ret = hx509_cms_envelope_1(context, 0, cert, p, sz, enctype,
&contentType, &o);
if (ret)
errx(1, "hx509_cms_envelope_1: %d", ret);
@@ -581,11 +581,11 @@ print_certificate(hx509_context hxcontext, hx509_cert cert, int verbose)
const char *fn;
char *str;
int ret;
fn = hx509_cert_get_friendly_name(cert);
if (fn)
printf(" friendly name: %s\n", fn);
printf(" private key: %s\n",
printf(" private key: %s\n",
_hx509_cert_private_key(cert) ? "yes" : "no");
ret = hx509_cert_get_issuer(cert, &name);
@@ -642,7 +642,7 @@ static int
print_f(hx509_context hxcontext, void *ctx, hx509_cert cert)
{
struct print_s *s = ctx;
printf("cert: %d\n", s->counter++);
print_certificate(context, cert, s->verbose);
@@ -727,7 +727,7 @@ certificate_copy(struct certificate_copy_options *opt, int argc, char **argv)
hx509_lock_init(context, &lock);
lock_strings(lock, &opt->in_pass_strings);
ret = hx509_certs_init(context, argv[argc - 1],
ret = hx509_certs_init(context, argv[argc - 1],
HX509_CERTS_CREATE, lock, &certs);
if (ret)
hx509_err(context, 1, ret, "hx509_certs_init");
@@ -862,7 +862,7 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
ret = hx509_certs_append(context, certs, NULL, s);
if (ret)
hx509_err(context, 1, ret, "hx509_certs_append: certs: %s: %d",
hx509_err(context, 1, ret, "hx509_certs_append: certs: %s: %d",
s, ret);
} else if (strncmp(s, "crl:", 4) == 0) {
@@ -1030,7 +1030,7 @@ ocsp_fetch(struct ocsp_fetch_options *opt, int argc, char **argv)
if (f == NULL)
abort();
fprintf(f,
fprintf(f,
"POST %s HTTP/1.0\r\n"
"Content-Type: application/ocsp-request\r\n"
"Content-Length: %ld\r\n"
@@ -1068,7 +1068,7 @@ verify_o(hx509_context hxcontext, void *ctx, hx509_cert c)
time_t expiration;
int ret;
ret = hx509_ocsp_verify(context, 0, c, 0,
ret = hx509_ocsp_verify(context, 0, c, 0,
os->data, os->length, &expiration);
if (ret) {
char *s = hx509_get_error_string(hxcontext, ret);
@@ -1088,7 +1088,7 @@ ocsp_verify(struct ocsp_verify_options *opt, int argc, char **argv)
hx509_certs certs;
int ret, i;
heim_octet_string os;
hx509_lock_init(context, &lock);
if (opt->ocsp_file_string == NULL)
@@ -1097,7 +1097,7 @@ ocsp_verify(struct ocsp_verify_options *opt, int argc, char **argv)
ret = _hx509_map_file_os(opt->ocsp_file_string, &os);
if (ret)
err(1, "map_file: %s: %d", argv[0], ret);
ret = hx509_certs_init(context, "MEMORY:test-certs", 0, NULL, &certs);
if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY");
@@ -1122,7 +1122,7 @@ read_private_key(const char *fn, hx509_private_key *key)
hx509_private_key *keys;
hx509_certs certs;
int ret;
*key = NULL;
ret = hx509_certs_init(context, fn, 0, NULL, &certs);
@@ -1160,7 +1160,7 @@ get_key(const char *fn, const char *type, int optbits,
if (strcasecmp(type, "rsa") != 0)
errx(1, "can only handle rsa keys for now");
e = BN_new();
BN_set_word(e, 0x10001);
@@ -1211,11 +1211,11 @@ request_create(struct request_create_options *opt, int argc, char **argv)
memset(&key, 0, sizeof(key));
get_key(opt->key_string,
get_key(opt->key_string,
opt->generate_key_string,
opt->key_bits_integer,
&signer);
_hx509_request_init(context, &req);
if (opt->subject_string) {
@@ -1235,12 +1235,12 @@ request_create(struct request_create_options *opt, int argc, char **argv)
}
for (i = 0; i < opt->email_strings.num_strings; i++) {
ret = _hx509_request_add_email(context, req,
ret = _hx509_request_add_email(context, req,
opt->email_strings.strings[i]);
}
for (i = 0; i < opt->dnsname_strings.num_strings; i++) {
ret = _hx509_request_add_dns_name(context, req,
ret = _hx509_request_add_dns_name(context, req,
opt->dnsname_strings.strings[i]);
}
@@ -1499,11 +1499,11 @@ pkinit_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt
ret = hx509_ca_tbs_add_eku(context, tbs, oid_id_pkekuoid());
if (ret)
return ret;
ret = hx509_ca_tbs_add_eku(context, tbs, oid_id_ms_client_authentication());
if (ret)
return ret;
return hx509_ca_tbs_add_eku(context, tbs, oid_id_pkinit_ms_eku());
}
@@ -1520,17 +1520,17 @@ struct {
} certtypes[] = {
{
"https-server",
"Used for HTTPS server and many other TLS server certificate types",
"Used for HTTPS server and many other TLS server certificate types",
https_server
},
{
"https-client",
"Used for HTTPS client certificates",
"Used for HTTPS client certificates",
https_client
},
{
"email-client",
"Certificate will be use for email",
"Certificate will be use for email",
email_client
},
{
@@ -1555,22 +1555,22 @@ print_eval_types(FILE *out)
{
rtbl_t table;
unsigned i;
table = rtbl_create();
rtbl_add_column_by_id (table, 0, "Name", 0);
rtbl_add_column_by_id (table, 1, "Description", 0);
for (i = 0; i < sizeof(certtypes)/sizeof(certtypes[0]); i++) {
rtbl_add_column_entry_by_id(table, 0, certtypes[i].type);
rtbl_add_column_entry_by_id(table, 1, certtypes[i].desc);
}
rtbl_format (table, out);
rtbl_destroy (table);
}
static int
eval_types(hx509_context context,
eval_types(hx509_context context,
hx509_ca_tbs tbs,
const struct certificate_sign_options *opt)
{
@@ -1619,7 +1619,7 @@ eval_types(hx509_context context,
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_ms_upn");
}
for (i = 0; i < opt->hostname_strings.num_strings; i++) {
const char *hostname = opt->hostname_strings.strings[i];
@@ -1635,7 +1635,7 @@ eval_types(hx509_context context,
if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname");
ret = hx509_ca_tbs_add_eku(context, tbs,
ret = hx509_ca_tbs_add_eku(context, tbs,
oid_id_pkix_kp_emailProtection());
if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
@@ -1747,7 +1747,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
if (opt->generate_key_string) {
struct hx509_generate_private_context *keyctx;
ret = _hx509_generate_private_key_init(context,
ret = _hx509_generate_private_key_init(context,
oid_id_pkcs1_rsaEncryption(),
&keyctx);
if (ret)
@@ -1813,7 +1813,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
if (ret)
hx509_err(context, 1, ret, "no template certificate found");
flags = parse_units(opt->template_fields_string,
flags = parse_units(opt->template_fields_string,
hx509_ca_tbs_template_units(), "");
ret = hx509_ca_tbs_set_template(context, tbs, flags, template);
@@ -1849,7 +1849,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
}
if (opt->crl_uri_string) {
ret = hx509_ca_tbs_add_crl_dp_uri(context, tbs,
ret = hx509_ca_tbs_add_crl_dp_uri(context, tbs,
opt->crl_uri_string, NULL);
if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_crl_dp_uri");
@@ -1893,12 +1893,12 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
ret = _hx509_cert_assign_key(cert, cert_key);
if (ret)
hx509_err(context, 1, ret, "_hx509_cert_assign_key");
}
}
{
hx509_certs certs;
ret = hx509_certs_init(context, opt->certificate_string,
ret = hx509_certs_init(context, opt->certificate_string,
HX509_CERTS_CREATE, NULL, &certs);
if (ret)
hx509_err(context, 1, ret, "hx509_certs_init");
@@ -2038,7 +2038,7 @@ crl_sign(struct crl_sign_options *opt, int argc, char **argv)
ret = hx509_certs_init(context, opt->signer_string, 0,
NULL, &certs);
if (ret)
hx509_err(context, 1, ret,
hx509_err(context, 1, ret,
"hx509_certs_init: %s", opt->signer_string);
ret = hx509_query_alloc(context, &q);
@@ -2071,7 +2071,7 @@ crl_sign(struct crl_sign_options *opt, int argc, char **argv)
ret = hx509_certs_init(context, "MEMORY:revoked-certs", 0,
NULL, &revoked);
if (ret)
hx509_err(context, 1, ret,
hx509_err(context, 1, ret,
"hx509_certs_init: MEMORY cert");
for (i = 0; i < argc; i++) {

82
lib/hx509/keyset.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -40,7 +40,7 @@ RCSID("$Id$");
* Type of certificates store:
* - MEMORY
* In memory based format. Doesnt support storing.
* - FILE
* - FILE
* FILE supports raw DER certicates and PEM certicates. When PEM is
* used the file can contain may certificates and match private
* keys. Support storing the certificates. DER format only supports
@@ -84,7 +84,7 @@ _hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops)
if (_hx509_ks_type(context, ops->name))
return;
val = realloc(context->ks_ops,
val = realloc(context->ks_ops,
(context->ks_num_ops + 1) * sizeof(context->ks_ops[0]));
if (val == NULL)
return;
@@ -138,10 +138,10 @@ hx509_certs_init(hx509_context context,
hx509_clear_error_string(context);
return ENOMEM;
}
ops = _hx509_ks_type(context, type);
if (ops == NULL) {
hx509_set_error_string(context, 0, ENOENT,
hx509_set_error_string(context, 0, ENOENT,
"Keyset type %s is not supported", type);
free(type);
return ENOENT;
@@ -257,8 +257,8 @@ hx509_certs_start_seq(hx509_context context,
int ret;
if (certs->ops->iter_start == NULL) {
hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
"Keyset type %s doesn't support iteration",
hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
"Keyset type %s doesn't support iteration",
certs->ops->name);
return HX509_UNSUPPORTED_OPERATION;
}
@@ -333,8 +333,8 @@ hx509_certs_end_seq(hx509_context context,
*/
int
hx509_certs_iter(hx509_context context,
hx509_certs certs,
hx509_certs_iter(hx509_context context,
hx509_certs certs,
int (*func)(hx509_context, void *, hx509_cert),
void *ctx)
{
@@ -345,7 +345,7 @@ hx509_certs_iter(hx509_context context,
ret = hx509_certs_start_seq(context, certs, &cursor);
if (ret)
return ret;
while (1) {
ret = hx509_certs_next_cert(context, certs, cursor, &c);
if (ret)
@@ -420,8 +420,8 @@ int
hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert)
{
if (certs->ops->add == NULL) {
hx509_set_error_string(context, 0, ENOENT,
"Keyset type %s doesn't support add operation",
hx509_set_error_string(context, 0, ENOENT,
"Keyset type %s doesn't support add operation",
certs->ops->name);
return ENOENT;
}
@@ -445,7 +445,7 @@ hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert)
int
hx509_certs_find(hx509_context context,
hx509_certs certs,
hx509_certs certs,
const hx509_query *q,
hx509_cert *r)
{
@@ -604,7 +604,7 @@ certs_info_stdio(void *ctx, const char *str)
*/
int
hx509_certs_info(hx509_context context,
hx509_certs_info(hx509_context context,
hx509_certs certs,
int (*func)(void *, const char *),
void *ctx)
@@ -639,8 +639,8 @@ _hx509_pi_printf(int (*func)(void *, const char *), void *ctx,
}
int
_hx509_certs_keys_get(hx509_context context,
hx509_certs certs,
_hx509_certs_keys_get(hx509_context context,
hx509_certs certs,
hx509_private_key **keys)
{
if (certs->ops->getkeys == NULL) {
@@ -651,8 +651,8 @@ _hx509_certs_keys_get(hx509_context context,
}
int
_hx509_certs_keys_add(hx509_context context,
hx509_certs certs,
_hx509_certs_keys_add(hx509_context context,
hx509_certs certs,
hx509_private_key key)
{
if (certs->ops->addkey == NULL) {

54
lib/hx509/ks_dir.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -55,7 +55,7 @@ struct dircursor {
static int
dir_init(hx509_context context,
hx509_certs certs, void **data, int flags,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
*data = NULL;
@@ -96,7 +96,7 @@ dir_free(hx509_certs certs, void *data)
static int
static int
dir_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{
@@ -130,7 +130,7 @@ dir_iter(hx509_context context,
{
struct dircursor *d = iter;
int ret = 0;
*cert = NULL;
do {

82
lib/hx509/ks_file.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -47,8 +47,8 @@ struct ks_file {
*/
static int
parse_certificate(hx509_context context, const char *fn,
struct hx509_collector *c,
parse_certificate(hx509_context context, const char *fn,
struct hx509_collector *c,
const hx509_pem_header *headers,
const void *data, size_t len)
{
@@ -131,7 +131,7 @@ out:
static int
parse_rsa_private_key(hx509_context context, const char *fn,
struct hx509_collector *c,
struct hx509_collector *c,
const hx509_pem_header *headers,
const void *data, size_t len)
{
@@ -281,7 +281,7 @@ parse_rsa_private_key(hx509_context context, const char *fn,
struct pem_formats {
const char *name;
int (*func)(hx509_context, const char *, struct hx509_collector *,
int (*func)(hx509_context, const char *, struct hx509_collector *,
const hx509_pem_header *, const void *, size_t);
} formats[] = {
{ "CERTIFICATE", parse_certificate },
@@ -327,7 +327,7 @@ pem_func(hx509_context context, const char *type,
static int
file_init_common(hx509_context context,
hx509_certs certs, void **data, int flags,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock, outformat format)
{
char *p, *pnext;
@@ -358,13 +358,13 @@ file_init_common(hx509_context context,
goto out;
}
/*
/*
* XXX this is broken, the function should parse the file before
* overwriting it
*/
if (flags & HX509_CERTS_CREATE) {
ret = hx509_certs_init(context, "MEMORY:ks-file-create",
ret = hx509_certs_init(context, "MEMORY:ks-file-create",
0, lock, &f->certs);
if (ret)
goto out;
@@ -386,15 +386,15 @@ file_init_common(hx509_context context,
if ((f = fopen(p, "r")) == NULL) {
ret = ENOENT;
hx509_set_error_string(context, 0, ret,
"Failed to open PEM file \"%s\": %s",
hx509_set_error_string(context, 0, ret,
"Failed to open PEM file \"%s\": %s",
p, strerror(errno));
goto out;
}
rk_cloexec_file(f);
ret = hx509_pem_read(context, f, pem_func, &pem_ctx);
fclose(f);
fclose(f);
if (ret != 0 && ret != HX509_PARSING_KEY_FAILED)
goto out;
else if (ret == HX509_PARSING_KEY_FAILED) {
@@ -448,7 +448,7 @@ out:
static int
file_init_pem(hx509_context context,
hx509_certs certs, void **data, int flags,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
return file_init_common(context, certs, data, flags, residue, lock, USE_PEM);
@@ -456,7 +456,7 @@ file_init_pem(hx509_context context,
static int
file_init_der(hx509_context context,
hx509_certs certs, void **data, int flags,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
return file_init_common(context, certs, data, flags, residue, lock, USE_DER);
@@ -487,14 +487,14 @@ store_func(hx509_context context, void *ctx, hx509_cert c)
ret = hx509_cert_binary(context, c, &data);
if (ret)
return ret;
switch (sc->format) {
case USE_DER:
fwrite(data.data, data.length, 1, sc->f);
free(data.data);
break;
case USE_PEM:
hx509_pem_write(context, "CERTIFICATE", NULL, sc->f,
hx509_pem_write(context, "CERTIFICATE", NULL, sc->f,
data.data, data.length);
free(data.data);
if (_hx509_cert_private_key_exportable(c)) {
@@ -513,7 +513,7 @@ store_func(hx509_context context, void *ctx, hx509_cert c)
}
static int
file_store(hx509_context context,
file_store(hx509_context context,
hx509_certs certs, void *data, int flags, hx509_lock lock)
{
struct ks_file *f = data;
@@ -534,14 +534,14 @@ file_store(hx509_context context,
return ret;
}
static int
static int
file_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
{
struct ks_file *f = data;
return hx509_certs_add(context, f->certs, c);
}
static int
static int
file_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{

74
lib/hx509/ks_keychain.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -50,7 +50,7 @@ OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG,
static int
getAttribute(SecKeychainItemRef itemRef, SecItemAttr item,
SecKeychainAttributeList **attrs)
{
{
SecKeychainAttributeInfo attrInfo;
UInt32 attrFormat = 0;
OSStatus ret;
@@ -60,7 +60,7 @@ getAttribute(SecKeychainItemRef itemRef, SecItemAttr item,
attrInfo.count = 1;
attrInfo.tag = &item;
attrInfo.format = &attrFormat;
ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL,
attrs, NULL, NULL);
if (ret)
@@ -101,7 +101,7 @@ kc_rsa_public_decrypt(int flen,
static int
kc_rsa_private_encrypt(int flen,
kc_rsa_private_encrypt(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
@@ -160,7 +160,7 @@ kc_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
return -1;
}
static int
static int
kc_rsa_init(RSA *rsa)
{
return 1;
@@ -281,12 +281,12 @@ keychain_init(hx509_context context,
ret = SecKeychainOpen(residue + 5, &ctx->keychain);
if (ret != noErr) {
hx509_set_error_string(context, 0, ENOENT,
hx509_set_error_string(context, 0, ENOENT,
"Failed to open %s", residue);
return ENOENT;
}
} else {
hx509_set_error_string(context, 0, ENOENT,
hx509_set_error_string(context, 0, ENOENT,
"Unknown subtype %s", residue);
return ENOENT;
}
@@ -321,7 +321,7 @@ struct iter {
SecKeychainSearchRef searchRef;
};
static int
static int
keychain_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{
@@ -339,7 +339,7 @@ keychain_iter_start(hx509_context context,
int ret;
int i;
ret = hx509_certs_init(context, "MEMORY:ks-file-create",
ret = hx509_certs_init(context, "MEMORY:ks-file-create",
0, NULL, &iter->certs);
if (ret) {
free(iter);
@@ -350,12 +350,12 @@ keychain_iter_start(hx509_context context,
if (ret != 0) {
hx509_certs_free(&iter->certs);
free(iter);
hx509_set_error_string(context, 0, ENOMEM,
hx509_set_error_string(context, 0, ENOMEM,
"Can't get trust anchors from Keychain");
return ENOMEM;
}
for (i = 0; i < CFArrayGetCount(anchors); i++) {
SecCertificateRef cr;
SecCertificateRef cr;
hx509_cert cert;
CSSM_DATA cssm;
@@ -390,7 +390,7 @@ keychain_iter_start(hx509_context context,
&iter->searchRef);
if (ret) {
free(iter);
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"Failed to start search for attributes");
return ENOMEM;
}
@@ -438,7 +438,7 @@ keychain_iter(hx509_context context,
attrInfo.count = 1;
attrInfo.tag = item;
attrInfo.format = attrFormat;
ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL,
&attrs, &len, &ptr);
if (ret)
@@ -448,7 +448,7 @@ keychain_iter(hx509_context context,
if (ret)
goto out;
/*
/*
* Find related private key if there is one by looking at
* kSecPublicKeyHashItemAttr == kSecKeyLabel
*/

60
lib/hx509/ks_mem.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -74,7 +74,7 @@ mem_free(hx509_certs certs, void *data)
{
struct mem_data *mem = data;
unsigned long i;
for (i = 0; i < mem->certs.len; i++)
hx509_cert_free(mem->certs.val[i]);
free(mem->certs.val);
@@ -87,13 +87,13 @@ mem_free(hx509_certs certs, void *data)
return 0;
}
static int
static int
mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
{
struct mem_data *mem = data;
hx509_cert *val;
val = realloc(mem->certs.val,
val = realloc(mem->certs.val,
(mem->certs.len + 1) * sizeof(mem->certs.val[0]));
if (val == NULL)
return ENOMEM;
@@ -105,7 +105,7 @@ mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
return 0;
}
static int
static int
mem_iter_start(hx509_context context,
hx509_certs certs,
void *data,
@@ -125,7 +125,7 @@ mem_iter_start(hx509_context context,
static int
mem_iter(hx509_context contexst,
hx509_certs certs,
void *data,
void *data,
void *cursor,
hx509_cert *cert)
{
@@ -172,7 +172,7 @@ mem_getkeys(hx509_context context,
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM;
}
}
}
(*keys)[i] = NULL;
return 0;
}

50
lib/hx509/ks_null.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -51,7 +51,7 @@ null_free(hx509_certs certs, void *data)
return 0;
}
static int
static int
null_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{

118
lib/hx509/ks_p11.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -83,7 +83,7 @@ static void p11_release_module(struct p11_module *);
static int p11_list_keys(hx509_context,
struct p11_module *,
struct p11_slot *,
struct p11_slot *,
CK_SESSION_HANDLE,
hx509_lock,
hx509_certs *);
@@ -121,7 +121,7 @@ p11_rsa_public_decrypt(int flen,
static int
p11_rsa_private_encrypt(int flen,
p11_rsa_private_encrypt(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
@@ -152,7 +152,7 @@ p11_rsa_private_encrypt(int flen,
return -1;
}
ret = P11FUNC(p11rsa->p, Sign,
ret = P11FUNC(p11rsa->p, Sign,
(session, (CK_BYTE *)from, flen, to, &ck_sigsize));
p11_put_session(p11rsa->p, p11rsa->slot, session);
if (ret != CKR_OK)
@@ -190,7 +190,7 @@ p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
return -1;
}
ret = P11FUNC(p11rsa->p, Decrypt,
ret = P11FUNC(p11rsa->p, Decrypt,
(session, (CK_BYTE *)from, flen, to, &ck_sigsize));
p11_put_session(p11rsa->p, p11rsa->slot, session);
if (ret != CKR_OK)
@@ -199,7 +199,7 @@ p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
return ck_sigsize;
}
static int
static int
p11_rsa_init(RSA *rsa)
{
return 1;
@@ -299,7 +299,7 @@ p11_mech_info(hx509_context context,
}
static int
p11_init_slot(hx509_context context,
p11_init_slot(hx509_context context,
struct p11_module *p,
hx509_lock lock,
CK_SLOT_ID id,
@@ -376,14 +376,14 @@ p11_get_session(hx509_context context,
if (slot->flags & P11_SESSION_IN_USE)
_hx509_abort("slot already in session");
if (slot->flags & P11_SESSION) {
slot->flags |= P11_SESSION_IN_USE;
*psession = slot->session;
return 0;
}
ret = P11FUNC(p, OpenSession, (slot->id,
ret = P11FUNC(p, OpenSession, (slot->id,
CKF_SERIAL_SESSION,
NULL,
NULL,
@@ -396,10 +396,10 @@ p11_get_session(hx509_context context,
(int)slot->id, ret);
return HX509_PKCS11_OPEN_SESSION;
}
slot->flags |= P11_SESSION;
/*
/*
* If we have have to login, and haven't tried before and have a
* prompter or known to work pin code.
*
@@ -430,7 +430,7 @@ p11_get_session(hx509_context context,
prompt.type = HX509_PROMPT_TYPE_PASSWORD;
prompt.reply.data = pin;
prompt.reply.length = sizeof(pin);
ret = hx509_lock_prompt(lock, &prompt);
if (ret) {
free(str);
@@ -479,7 +479,7 @@ p11_get_session(hx509_context context,
static int
p11_put_session(struct p11_module *p,
struct p11_slot *slot,
struct p11_slot *slot,
CK_SESSION_HANDLE session)
{
if ((slot->flags & P11_SESSION_IN_USE) == 0)
@@ -520,7 +520,7 @@ iterate_entries(hx509_context context,
for (i = 0; i < num_query; i++)
query[i].pValue = NULL;
ret = P11FUNC(p, GetAttributeValue,
ret = P11FUNC(p, GetAttributeValue,
(session, object, query, num_query));
if (ret != CKR_OK) {
return -1;
@@ -569,7 +569,7 @@ static BIGNUM *
getattr_bn(struct p11_module *p,
struct p11_slot *slot,
CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE object,
CK_OBJECT_HANDLE object,
unsigned int type)
{
CK_ATTRIBUTE query;
@@ -580,14 +580,14 @@ getattr_bn(struct p11_module *p,
query.pValue = NULL;
query.ulValueLen = 0;
ret = P11FUNC(p, GetAttributeValue,
ret = P11FUNC(p, GetAttributeValue,
(session, object, &query, 1));
if (ret != CKR_OK)
return NULL;
query.pValue = malloc(query.ulValueLen);
ret = P11FUNC(p, GetAttributeValue,
ret = P11FUNC(p, GetAttributeValue,
(session, object, &query, 1));
if (ret != CKR_OK) {
free(query.pValue);
@@ -624,7 +624,7 @@ collect_private_key(hx509_context context,
if (rsa == NULL)
_hx509_abort("out of memory");
/*
/*
* The exponent and modulus should always be present according to
* the pkcs11 specification, but some smartcards leaves it out,
* let ignore any failure to fetch it.
@@ -639,7 +639,7 @@ collect_private_key(hx509_context context,
p11rsa->p = p;
p11rsa->slot = slot;
p11rsa->private_key = object;
if (p->ref == 0)
_hx509_abort("pkcs11 ref == 0 on alloc");
p->ref++;
@@ -676,7 +676,7 @@ p11_cert_release(hx509_cert cert, void *ctx)
static int
collect_cert(hx509_context context,
collect_cert(hx509_context context,
struct p11_module *p, struct p11_slot *slot,
CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE object,
@@ -687,12 +687,12 @@ collect_cert(hx509_context context,
int ret;
if ((CK_LONG)query[0].ulValueLen == -1 ||
(CK_LONG)query[1].ulValueLen == -1)
(CK_LONG)query[1].ulValueLen == -1)
{
return 0;
}
ret = hx509_cert_init_data(context, query[1].pValue,
ret = hx509_cert_init_data(context, query[1].pValue,
query[1].ulValueLen, &cert);
if (ret)
return ret;
@@ -738,7 +738,7 @@ collect_cert(hx509_context context,
static int
p11_list_keys(hx509_context context,
struct p11_module *p,
struct p11_slot *slot,
struct p11_slot *slot,
CK_SESSION_HANDLE session,
hx509_lock lock,
hx509_certs *certs)
@@ -792,7 +792,7 @@ out:
static int
p11_init(hx509_context context,
hx509_certs certs, void **data, int flags,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
CK_C_GetFunctionList getFuncs;
@@ -842,7 +842,7 @@ p11_init(hx509_context context,
if (getFuncs == NULL) {
ret = HX509_PKCS11_LOAD;
hx509_set_error_string(context, 0, ret,
"C_GetFunctionList missing in %s: %s",
"C_GetFunctionList missing in %s: %s",
list, dlerror());
goto out;
}
@@ -908,7 +908,7 @@ p11_init(hx509_context context,
ret = ENOMEM;
goto out;
}
for (i = 0; i < p->num_slots; i++) {
ret = p11_init_slot(context, p, lock, slot_ids[i], i, &p->slot[i]);
if (ret)
@@ -928,7 +928,7 @@ p11_init(hx509_context context,
*data = p;
return 0;
out:
out:
p11_release_module(p);
return ret;
}
@@ -1003,7 +1003,7 @@ struct p11_cursor {
void *cursor;
};
static int
static int
p11_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{
@@ -1103,16 +1103,16 @@ static struct units mechflags[] = {
#undef MECHFLAG
static int
p11_printinfo(hx509_context context,
hx509_certs certs,
p11_printinfo(hx509_context context,
hx509_certs certs,
void *data,
int (*func)(void *, const char *),
void *ctx)
{
struct p11_module *p = data;
int i, j;
_hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s",
_hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s",
p->num_slots, p->num_slots > 1 ? "s" : "");
for (i = 0; i < p->num_slots; i++) {
@@ -1121,7 +1121,7 @@ p11_printinfo(hx509_context context,
_hx509_pi_printf(func, ctx, "slot %d: id: %d name: %s flags: %08x",
i, (int)s->id, s->name, s->flags);
_hx509_pi_printf(func, ctx, "number of supported mechanisms: %lu",
_hx509_pi_printf(func, ctx, "number of supported mechanisms: %lu",
(unsigned long)s->mechs.num);
for (j = 0; j < s->mechs.num; j++) {
const char *mechname = "unknown";
@@ -1155,13 +1155,13 @@ p11_printinfo(hx509_context context,
MECHNAME(CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen");
default:
snprintf(unknownname, sizeof(unknownname),
"unknown-mech-%lu",
"unknown-mech-%lu",
(unsigned long)s->mechs.list[j]);
mechname = unknownname;
break;
}
#undef MECHNAME
unparse_flags(s->mechs.infos[j]->flags, mechflags,
unparse_flags(s->mechs.infos[j]->flags, mechflags,
flags, sizeof(flags));
_hx509_pi_printf(func, ctx, " %s: %s", mechname, flags);

90
lib/hx509/ks_p12.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -50,7 +50,7 @@ struct type {
};
static void
parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *,
parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *,
const void *, size_t, const PKCS12_Attributes *);
@@ -68,7 +68,7 @@ find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
static int
keyBag_parser(hx509_context context,
struct hx509_collector *c,
struct hx509_collector *c,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
@@ -84,7 +84,7 @@ keyBag_parser(hx509_context context,
ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL);
if (ret)
return ret;
_hx509_collector_private_key_add(context,
c,
&ki.privateKeyAlgorithm,
@@ -97,16 +97,16 @@ keyBag_parser(hx509_context context,
static int
ShroudedKeyBag_parser(hx509_context context,
struct hx509_collector *c,
struct hx509_collector *c,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
PKCS8EncryptedPrivateKeyInfo pk;
heim_octet_string content;
int ret;
memset(&pk, 0, sizeof(pk));
ret = decode_PKCS8EncryptedPrivateKeyInfo(data, length, &pk, NULL);
if (ret)
return ret;
@@ -127,7 +127,7 @@ ShroudedKeyBag_parser(hx509_context context,
static int
certBag_parser(hx509_context context,
struct hx509_collector *c,
struct hx509_collector *c,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
@@ -145,7 +145,7 @@ certBag_parser(hx509_context context,
return 0;
}
ret = decode_PKCS12_OctetString(cb.certValue.data,
ret = decode_PKCS12_OctetString(cb.certValue.data,
cb.certValue.length,
&os,
NULL);
@@ -187,7 +187,7 @@ certBag_parser(hx509_context context,
static int
parse_safe_content(hx509_context context,
struct hx509_collector *c,
struct hx509_collector *c,
const unsigned char *p, size_t len)
{
PKCS12_SafeContents sc;
@@ -213,7 +213,7 @@ parse_safe_content(hx509_context context,
static int
safeContent_parser(hx509_context context,
struct hx509_collector *c,
struct hx509_collector *c,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
@@ -280,7 +280,7 @@ envelopedData_parser(hx509_context context,
&contentType,
&content);
if (ret) {
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"PKCS12 failed to unenvelope");
return ret;
}
@@ -307,7 +307,7 @@ struct type bagtypes[] = {
static void
parse_pkcs12_type(hx509_context context,
struct hx509_collector *c,
const heim_oid *oid,
const heim_oid *oid,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
@@ -320,7 +320,7 @@ parse_pkcs12_type(hx509_context context,
static int
p12_init(hx509_context context,
hx509_certs certs, void **data, int flags,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
struct ks_pkcs12 *p12;
@@ -404,7 +404,7 @@ p12_init(hx509_context context,
hx509_clear_error_string(context);
goto out;
}
ret = decode_PKCS12_AuthenticatedSafe(asdata.data,
ret = decode_PKCS12_AuthenticatedSafe(asdata.data,
asdata.length,
&as,
NULL);
@@ -465,7 +465,7 @@ addBag(hx509_context context,
hx509_set_error_string(context, 0, ret, "out of memory");
return ret;
}
as->val[as->len].content = calloc(1, sizeof(*as->val[0].content));
if (as->val[as->len].content == NULL) {
der_free_oid(&as->val[as->len].contentType);
@@ -528,7 +528,7 @@ store_func(hx509_context context, void *ctx, hx509_cert c)
ret = der_parse_hex_heim_integer("00", &pki.version);
if (ret)
return ret;
ret = _hx509_private_key_oid(context, key,
ret = _hx509_private_key_oid(context, key,
&pki.privateKeyAlgorithm.algorithm);
if (ret) {
free_PKCS8PrivateKeyInfo(&pki);
@@ -559,7 +559,7 @@ out:
}
static int
p12_store(hx509_context context,
p12_store(hx509_context context,
hx509_certs certs, void *data, int flags, hx509_lock lock)
{
struct ks_pkcs12 *p12 = data;
@@ -581,7 +581,7 @@ p12_store(hx509_context context,
free_PKCS12_AuthenticatedSafe(&as);
if (ret)
return ret;
ret = der_parse_hex_heim_integer("03", &pfx.version);
if (ret) {
free(asdata.data);
@@ -590,7 +590,7 @@ p12_store(hx509_context context,
pfx.authSafe.content = calloc(1, sizeof(*pfx.authSafe.content));
ASN1_MALLOC_ENCODE(PKCS12_OctetString,
ASN1_MALLOC_ENCODE(PKCS12_OctetString,
pfx.authSafe.content->data,
pfx.authSafe.content->length,
&asdata, &size, ret);
@@ -647,14 +647,14 @@ p12_free(hx509_certs certs, void *data)
return 0;
}
static int
static int
p12_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
{
struct ks_pkcs12 *p12 = data;
return hx509_certs_add(context, p12->certs, c);
}
static int
static int
p12_iter_start(hx509_context context,
hx509_certs certs,
void *data,

58
lib/hx509/lock.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -69,8 +69,8 @@ hx509_lock_init(hx509_context context, hx509_lock *lock)
if (l == NULL)
return ENOMEM;
ret = hx509_certs_init(context,
"MEMORY:locks-internal",
ret = hx509_certs_init(context,
"MEMORY:locks-internal",
0,
NULL,
&l->certs);
@@ -147,8 +147,8 @@ hx509_lock_reset_certs(hx509_context context, hx509_lock lock)
{
hx509_certs certs = lock->certs;
int ret;
ret = hx509_certs_init(context,
ret = hx509_certs_init(context,
"MEMORY:locks-internal",
0,
NULL,
@@ -181,7 +181,7 @@ hx509_lock_reset_promper(hx509_lock lock)
lock->prompt_data = NULL;
}
static int
static int
default_prompter(void *data, const hx509_prompt *prompter)
{
if (hx509_prompt_hidden(prompter->type)) {

92
lib/hx509/name.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -116,7 +116,7 @@ quote_string(const char *f, size_t len, size_t *rlen)
static int
append_string(char **str, size_t *total_len, const char *ss,
append_string(char **str, size_t *total_len, const char *ss,
size_t len, int quote)
{
char *s, *qs;
@@ -143,7 +143,7 @@ oidtostring(const heim_oid *type)
{
char *s;
size_t i;
for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) {
if (der_heim_oid_cmp((*no[i].o)(), type) == 0)
return strdup(no[i].n);
@@ -158,7 +158,7 @@ stringtooid(const char *name, size_t len, heim_oid *oid)
{
int i, ret;
char *s;
memset(oid, 0, sizeof(*oid));
for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) {
@@ -210,7 +210,7 @@ _hx509_Name_to_string(const Name *n, char **str)
DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
char *oidname;
char *ss;
oidname = oidtostring(&n->u.rdnSequence.val[i].val[j].type);
switch(ds->element) {
@@ -426,7 +426,7 @@ _hx509_name_cmp(const Name *n1, const Name *n2, int *c)
&n1->u.rdnSequence.val[i].val[j].type);
if (*c)
return 0;
ret = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value,
&n2->u.rdnSequence.val[i].val[j].value,
c);
@@ -480,17 +480,17 @@ _hx509_name_from_Name(const Name *n, hx509_name *name)
int
_hx509_name_modify(hx509_context context,
Name *name,
Name *name,
int append,
const heim_oid *oid,
const heim_oid *oid,
const char *str)
{
RelativeDistinguishedName *rdn;
int ret;
void *ptr;
ptr = realloc(name->u.rdnSequence.val,
sizeof(name->u.rdnSequence.val[0]) *
ptr = realloc(name->u.rdnSequence.val,
sizeof(name->u.rdnSequence.val[0]) *
(name->u.rdnSequence.len + 1));
if (ptr == NULL) {
hx509_set_error_string(context, 0, ENOMEM, "Out of memory");
@@ -503,7 +503,7 @@ _hx509_name_modify(hx509_context context,
} else {
memmove(&name->u.rdnSequence.val[1],
&name->u.rdnSequence.val[0],
name->u.rdnSequence.len *
name->u.rdnSequence.len *
sizeof(name->u.rdnSequence.val[0]));
rdn = &name->u.rdnSequence.val[0];
@@ -577,7 +577,7 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
}
if (q == p) {
ret = HX509_PARSING_NAME_FAILED;
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"missing name before = in %s", p);
goto out;
}
@@ -591,7 +591,7 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
ret = stringtooid(p, q - p, &oid);
if (ret) {
ret = HX509_PARSING_NAME_FAILED;
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, 0, ret,
"unknown type: %.*s", (int)(q - p), p);
goto out;
}
@@ -600,7 +600,7 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
size_t pstr_len = len - (q - p) - 1;
const char *pstr = p + (q - p) + 1;
char *r;
r = malloc(pstr_len + 1);
if (r == NULL) {
der_free_oid(&oid);
@@ -731,8 +731,8 @@ hx509_name_expand(hx509_context context,
}
p = strstr(ds->u.utf8String, "${");
if (p) {
strpool = rk_strpoolprintf(strpool, "%.*s",
(int)(p - ds->u.utf8String),
strpool = rk_strpoolprintf(strpool, "%.*s",
(int)(p - ds->u.utf8String),
ds->u.utf8String);
if (strpool == NULL) {
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
@@ -751,7 +751,7 @@ hx509_name_expand(hx509_context context,
p += 2;
value = hx509_env_lfind(context, env, p, p2 - p);
if (value == NULL) {
hx509_set_error_string(context, 0, EINVAL,
hx509_set_error_string(context, 0, EINVAL,
"variable %.*s missing",
(int)(p2 - p), p);
rk_strpoolfree(strpool);
@@ -766,7 +766,7 @@ hx509_name_expand(hx509_context context,
p = strstr(p2, "${");
if (p)
strpool = rk_strpoolprintf(strpool, "%.*s",
strpool = rk_strpoolprintf(strpool, "%.*s",
(int)(p - p2), p2);
else
strpool = rk_strpoolprintf(strpool, "%s", p2);
@@ -942,7 +942,7 @@ hx509_general_name_unparse(GeneralName *name, char **str)
break;
}
case choice_GeneralName_uniformResourceIdentifier:
strpool = rk_strpoolprintf(strpool, "URI: %s",
strpool = rk_strpoolprintf(strpool, "URI: %s",
name->u.uniformResourceIdentifier);
break;
case choice_GeneralName_iPAddress: {
@@ -952,20 +952,20 @@ hx509_general_name_unparse(GeneralName *name, char **str)
if (strpool == NULL)
break;
if (name->u.iPAddress.length == 4)
strpool = rk_strpoolprintf(strpool, "%d.%d.%d.%d",
strpool = rk_strpoolprintf(strpool, "%d.%d.%d.%d",
a[0], a[1], a[2], a[3]);
else if (name->u.iPAddress.length == 16)
strpool = rk_strpoolprintf(strpool,
strpool = rk_strpoolprintf(strpool,
"%02X:%02X:%02X:%02X:"
"%02X:%02X:%02X:%02X:"
"%02X:%02X:%02X:%02X:"
"%02X:%02X:%02X:%02X",
"%02X:%02X:%02X:%02X",
a[0], a[1], a[2], a[3],
a[4], a[5], a[6], a[7],
a[8], a[9], a[10], a[11],
a[12], a[13], a[14], a[15]);
else
strpool = rk_strpoolprintf(strpool,
strpool = rk_strpoolprintf(strpool,
"unknown IP address of length %lu",
(unsigned long)name->u.iPAddress.length);
break;

48
lib/hx509/peer.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"

154
lib/hx509/print.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -114,7 +114,7 @@ print_func(hx509_vprint_func func, void *ctx, const char *fmt, ...)
/**
* Print a oid to a string.
*
*
* @param oid oid to print
* @param str allocated string, free with hx509_xfree().
*
@@ -132,7 +132,7 @@ hx509_oid_sprint(const heim_oid *oid, char **str)
/**
* Print a oid using a hx509_vprint_func function. To print to stdout
* use hx509_print_stdout().
*
*
* @param oid oid to print
* @param func hx509_vprint_func to print with.
* @param ctx context variable to hx509_vprint_func function.
@@ -152,7 +152,7 @@ hx509_oid_print(const heim_oid *oid, hx509_vprint_func func, void *ctx)
/**
* Print a bitstring using a hx509_vprint_func function. To print to
* stdout use hx509_print_stdout().
*
*
* @param b bit string to print.
* @param func hx509_vprint_func to print with.
* @param ctx context variable to hx509_vprint_func function.
@@ -168,7 +168,7 @@ hx509_bitstring_print(const heim_bit_string *b,
print_func(func, ctx, "\tlength: %d\n\t", b->length);
for (i = 0; i < (b->length + 7) / 8; i++)
print_func(func, ctx, "%02x%s%s",
((unsigned char *)b->data)[i],
((unsigned char *)b->data)[i],
i < (b->length - 7) / 8
&& (i == 0 || (i % 16) != 15) ? ":" : "",
i != 0 && (i % 16) == 15 ?
@@ -177,7 +177,7 @@ hx509_bitstring_print(const heim_bit_string *b,
/**
* Print certificate usage for a certificate to a string.
*
*
* @param context A hx509 context.
* @param c a certificate print the keyusage for.
* @param s the return string with the keysage printed in to, free
@@ -234,7 +234,7 @@ validate_print(hx509_validate_ctx ctx, int flags, const char *fmt, ...)
va_end(va);
}
/*
/*
* Dont Care, SHOULD critical, SHOULD NOT critical, MUST critical,
* MUST NOT critical
*/
@@ -275,7 +275,7 @@ check_Null(hx509_validate_ctx ctx,
}
static int
check_subjectKeyIdentifier(hx509_validate_ctx ctx,
check_subjectKeyIdentifier(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
const Extension *e)
@@ -287,7 +287,7 @@ check_subjectKeyIdentifier(hx509_validate_ctx ctx,
status->haveSKI = 1;
check_Null(ctx, status, cf, e);
ret = decode_SubjectKeyIdentifier(e->extnValue.data,
ret = decode_SubjectKeyIdentifier(e->extnValue.data,
e->extnValue.length,
&si, &size);
if (ret) {
@@ -323,7 +323,7 @@ check_subjectKeyIdentifier(hx509_validate_ctx ctx,
}
static int
check_authorityKeyIdentifier(hx509_validate_ctx ctx,
check_authorityKeyIdentifier(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
const Extension *e)
@@ -335,7 +335,7 @@ check_authorityKeyIdentifier(hx509_validate_ctx ctx,
status->haveAKI = 1;
check_Null(ctx, status, cf, e);
ret = decode_AuthorityKeyIdentifier(e->extnValue.data,
ret = decode_AuthorityKeyIdentifier(e->extnValue.data,
e->extnValue.length,
&ai, &size);
if (ret) {
@@ -363,7 +363,7 @@ check_authorityKeyIdentifier(hx509_validate_ctx ctx,
}
static int
check_extKeyUsage(hx509_validate_ctx ctx,
check_extKeyUsage(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
const Extension *e)
@@ -374,7 +374,7 @@ check_extKeyUsage(hx509_validate_ctx ctx,
check_Null(ctx, status, cf, e);
ret = decode_ExtKeyUsage(e->extnValue.data,
ret = decode_ExtKeyUsage(e->extnValue.data,
e->extnValue.length,
&eku, &size);
if (ret) {
@@ -436,7 +436,7 @@ check_pkinit_san(hx509_validate_ctx ctx, heim_any *a)
/* print kerberos principal, add code to quote / within components */
for (i = 0; i < kn.principalName.name_string.len; i++) {
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s",
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s",
kn.principalName.name_string.val[i]);
if (i + 1 < kn.principalName.name_string.len)
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "/");
@@ -475,7 +475,7 @@ check_altnull(hx509_validate_ctx ctx, heim_any *a)
}
static int
check_CRLDistributionPoints(hx509_validate_ctx ctx,
check_CRLDistributionPoints(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
const Extension *e)
@@ -486,7 +486,7 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
check_Null(ctx, status, cf, e);
ret = decode_CRLDistributionPoints(e->extnValue.data,
ret = decode_CRLDistributionPoints(e->extnValue.data,
e->extnValue.length,
&dp, &size);
if (ret) {
@@ -501,11 +501,11 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
DistributionPointName dpname;
heim_any *data = dp.val[i].distributionPoint;
int j;
ret = decode_DistributionPointName(data->data, data->length,
&dpname, NULL);
if (ret) {
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Failed to parse CRL Distribution Point Name: %d\n", ret);
continue;
}
@@ -579,7 +579,7 @@ check_altName(hx509_validate_ctx ctx,
&gn, &size);
if (ret) {
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"\tret = %d while decoding %s GeneralNames\n",
"\tret = %d while decoding %s GeneralNames\n",
ret, name);
return 1;
}
@@ -598,11 +598,11 @@ check_altName(hx509_validate_ctx ctx,
"%sAltName otherName ", name);
for (j = 0; j < sizeof(check_altname)/sizeof(check_altname[0]); j++) {
if (der_heim_oid_cmp((*check_altname[j].oid)(),
if (der_heim_oid_cmp((*check_altname[j].oid)(),
&gn.val[i].u.otherName.type_id) != 0)
continue;
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ",
validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ",
check_altname[j].name);
(*check_altname[j].func)(ctx, &gn.val[i].u.otherName.value);
break;
@@ -657,9 +657,9 @@ check_issuerAltName(hx509_validate_ctx ctx,
static int
check_basicConstraints(hx509_validate_ctx ctx,
check_basicConstraints(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
enum critical_flag cf,
const Extension *e)
{
BasicConstraints b;
@@ -667,7 +667,7 @@ check_basicConstraints(hx509_validate_ctx ctx,
int ret;
check_Null(ctx, status, cf, e);
ret = decode_BasicConstraints(e->extnValue.data, e->extnValue.length,
&b, &size);
if (ret) {
@@ -700,9 +700,9 @@ check_basicConstraints(hx509_validate_ctx ctx,
}
static int
check_proxyCertInfo(hx509_validate_ctx ctx,
check_proxyCertInfo(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
enum critical_flag cf,
const Extension *e)
{
check_Null(ctx, status, cf, e);
@@ -711,9 +711,9 @@ check_proxyCertInfo(hx509_validate_ctx ctx,
}
static int
check_authorityInfoAccess(hx509_validate_ctx ctx,
check_authorityInfoAccess(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
enum critical_flag cf,
const Extension *e)
{
AuthorityInfoAccessSyntax aia;
@@ -722,7 +722,7 @@ check_authorityInfoAccess(hx509_validate_ctx ctx,
check_Null(ctx, status, cf, e);
ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data,
ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data,
e->extnValue.length,
&aia, &size);
if (ret) {
@@ -752,13 +752,13 @@ check_authorityInfoAccess(hx509_validate_ctx ctx,
struct {
const char *name;
const heim_oid *(*oid)(void);
int (*func)(hx509_validate_ctx ctx,
int (*func)(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
enum critical_flag cf,
const Extension *);
enum critical_flag cf;
} check_extension[] = {
#define ext(name, checkname) #name, &oid_id_x509_ce_##name, check_##checkname
#define ext(name, checkname) #name, &oid_id_x509_ce_##name, check_##checkname
{ ext(subjectDirectoryAttributes, Null), M_N_C },
{ ext(subjectKeyIdentifier, subjectKeyIdentifier), M_N_C },
{ ext(keyUsage, Null), S_C },
@@ -782,20 +782,20 @@ struct {
{ ext(freshestCRL, Null), M_N_C },
{ ext(inhibitAnyPolicy, Null), M_C },
#undef ext
#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname
#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname
{ ext(proxyCertInfo, proxyCertInfo), M_C },
{ ext(authorityInfoAccess, authorityInfoAccess), M_C },
#undef ext
{ "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim,
{ "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim,
check_Null, D_C },
{ "Netscape cert comment", oid_id_netscape_cert_comment,
{ "Netscape cert comment", oid_id_netscape_cert_comment,
check_Null, D_C },
{ NULL }
};
/**
* Allocate a hx509 validation/printing context.
*
*
* @param context A hx509 context.
* @param ctx a new allocated hx509 validation context, free with
* hx509_validate_ctx_free().
@@ -817,7 +817,7 @@ hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx)
/**
* Set the printing functions for the validation context.
*
*
* @param ctx a hx509 valication context.
* @param func the printing function to usea.
* @param c the context variable to the printing function.
@@ -828,7 +828,7 @@ hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx)
*/
void
hx509_validate_ctx_set_print(hx509_validate_ctx ctx,
hx509_validate_ctx_set_print(hx509_validate_ctx ctx,
hx509_vprint_func func,
void *c)
{
@@ -839,7 +839,7 @@ hx509_validate_ctx_set_print(hx509_validate_ctx ctx,
/**
* Add flags to control the behaivor of the hx509_validate_cert()
* function.
*
*
* @param ctx A hx509 validation context.
* @param flags flags to add to the validation context.
*
@@ -856,7 +856,7 @@ hx509_validate_ctx_add_flags(hx509_validate_ctx ctx, int flags)
/**
* Free an hx509 validate context.
*
*
* @param ctx the hx509 validate context to free.
*
* @ingroup hx509_print
@@ -870,7 +870,7 @@ hx509_validate_ctx_free(hx509_validate_ctx ctx)
/**
* Validate/Print the status of the certificate.
*
*
* @param context A hx509 context.
* @param ctx A hx509 validation context.
* @param cert the cerificate to validate/print.
@@ -897,7 +897,7 @@ hx509_validate_cert(hx509_context context,
if (_hx509_cert_get_version(c) != 3)
validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
"Not version 3 certificate\n");
if ((t->version == NULL || *t->version < 2) && t->extensions)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Not version 3 certificate with extensions\n");
@@ -960,7 +960,7 @@ hx509_validate_cert(hx509_context context,
if (t->extensions->val[i].critical)
validate_print(ctx, flags, "and is CRITICAL ");
if (ctx->flags & flags)
hx509_oid_print(&t->extensions->val[i].extnID,
hx509_oid_print(&t->extensions->val[i].extnID,
validate_vprint, ctx);
validate_print(ctx, flags, " is\n");
continue;
@@ -979,40 +979,40 @@ hx509_validate_cert(hx509_context context,
if (status.isca) {
if (!status.haveSKI)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"CA certificate have no SubjectKeyIdentifier\n");
} else {
if (!status.haveAKI)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Is not CA and doesn't have "
"AuthorityKeyIdentifier\n");
}
if (!status.haveSKI)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Doesn't have SubjectKeyIdentifier\n");
if (status.isproxy && status.isca)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Proxy and CA at the same time!\n");
if (status.isproxy) {
if (status.haveSAN)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Proxy and have SAN\n");
if (status.haveIAN)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Proxy and have IAN\n");
}
if (hx509_name_is_null_p(subject) && !status.haveSAN)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"NULL subject DN and doesn't have a SAN\n");
if (!status.selfsigned && !status.haveCRLDP)
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Not a CA nor PROXY and doesn't have"
"CRL Dist Point\n");
@@ -1023,10 +1023,10 @@ hx509_validate_cert(hx509_context context,
&c->tbsCertificate._save,
&c->signatureValue);
if (ret == 0)
validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
"Self-signed certificate was self-signed\n");
else
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
"Self-signed certificate NOT really self-signed!\n");
}

56
lib/hx509/req.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -195,14 +195,14 @@ _hx509_request_to_pkcs10(hx509_context context,
&r.certificationRequestInfo.subjectPKInfo);
if (ret)
goto out;
r.certificationRequestInfo.attributes =
r.certificationRequestInfo.attributes =
calloc(1, sizeof(*r.certificationRequestInfo.attributes));
if (r.certificationRequestInfo.attributes == NULL) {
ret = ENOMEM;
goto out;
}
ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length,
ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length,
&r.certificationRequestInfo, &size, ret);
if (ret)
goto out;
@@ -237,7 +237,7 @@ out:
}
int
_hx509_request_parse(hx509_context context,
_hx509_request_parse(hx509_context context,
const char *path,
hx509_request *req)
{
@@ -319,7 +319,7 @@ _hx509_request_print(hx509_context context, hx509_request req, FILE *f)
fprintf(f, "name: %s\n", subject);
free(subject);
}
return 0;
}

128
lib/hx509/revoke.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/**
@@ -234,19 +234,19 @@ verify_ocsp(hx509_context context,
goto out;
}
ret = hx509_cert_check_eku(context, signer,
ret = hx509_cert_check_eku(context, signer,
oid_id_pkix_kp_OCSPSigning(), 0);
if (ret)
goto out;
}
ret = _hx509_verify_signature_bitstring(context,
_hx509_get_cert(signer),
_hx509_get_cert(signer),
&ocsp->ocsp.signatureAlgorithm,
&ocsp->ocsp.tbsResponseData._save,
&ocsp->ocsp.signature);
if (ret) {
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"OCSP signature invalid");
goto out;
}
@@ -294,7 +294,7 @@ parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic)
return EINVAL;
}
ret = der_heim_oid_cmp(&resp.responseBytes->responseType,
ret = der_heim_oid_cmp(&resp.responseBytes->responseType,
oid_id_pkix_ocsp_basic());
if (ret != 0) {
free_OCSPResponse(&resp);
@@ -352,7 +352,7 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
if (basic.certs) {
int i;
ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
NULL, &certs);
if (ret) {
free_OCSPBasicOCSPResponse(&basic);
@@ -361,11 +361,11 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
for (i = 0; i < basic.certs->len; i++) {
hx509_cert c;
ret = hx509_cert_init(context, &basic.certs->val[i], &c);
if (ret)
continue;
ret = hx509_certs_add(context, certs, c);
hx509_cert_free(c);
if (ret)
@@ -420,7 +420,7 @@ hx509_revoke_add_ocsp(hx509_context context,
return 0;
}
data = realloc(ctx->ocsps.val,
data = realloc(ctx->ocsps.val,
(ctx->ocsps.len + 1) * sizeof(ctx->ocsps.val[0]));
if (data == NULL) {
hx509_clear_error_string(context);
@@ -429,7 +429,7 @@ hx509_revoke_add_ocsp(hx509_context context,
ctx->ocsps.val = data;
memset(&ctx->ocsps.val[ctx->ocsps.len], 0,
memset(&ctx->ocsps.val[ctx->ocsps.len], 0,
sizeof(ctx->ocsps.val[0]));
ctx->ocsps.val[ctx->ocsps.len].path = strdup(path);
@@ -507,7 +507,7 @@ verify_crl(hx509_context context,
}
ret = _hx509_verify_signature_bitstring(context,
_hx509_get_cert(signer),
_hx509_get_cert(signer),
&crl->signatureAlgorithm,
&crl->tbsCertList._save,
&crl->signatureValue);
@@ -517,7 +517,7 @@ verify_crl(hx509_context context,
goto out;
}
/*
/*
* If signer is not CA cert, need to check revoke status of this
* CRL signing cert too, this include all parent CRL signer cert
* up to the root *sigh*, assume root at least hve CERTSIGN flag
@@ -540,7 +540,7 @@ verify_crl(hx509_context context,
}
ret = hx509_revoke_verify(context,
ctx,
ctx,
certs,
time_now,
signer,
@@ -621,7 +621,7 @@ hx509_revoke_add_crl(hx509_context context,
return HX509_UNSUPPORTED_OPERATION;
}
path += 5;
for (i = 0; i < ctx->crls.len; i++) {
@@ -629,7 +629,7 @@ hx509_revoke_add_crl(hx509_context context,
return 0;
}
data = realloc(ctx->crls.val,
data = realloc(ctx->crls.val,
(ctx->crls.len + 1) * sizeof(ctx->crls.val[0]));
if (data == NULL) {
hx509_clear_error_string(context);
@@ -645,7 +645,7 @@ hx509_revoke_add_crl(hx509_context context,
return ENOMEM;
}
ret = load_crl(path,
ret = load_crl(path,
&ctx->crls.val[ctx->crls.len].last_modfied,
&ctx->crls.val[ctx->crls.len].crl);
if (ret) {
@@ -719,7 +719,7 @@ hx509_revoke_verify(hx509_context context,
&c->tbsCertificate.serialNumber);
if (ret != 0)
continue;
/* verify issuer hashes hash */
ret = _hx509_verify_signature(context,
NULL,
@@ -744,7 +744,7 @@ hx509_revoke_verify(hx509_context context,
case choice_OCSPCertStatus_good:
break;
case choice_OCSPCertStatus_revoked:
hx509_set_error_string(context, 0,
hx509_set_error_string(context, 0,
HX509_CERT_REVOKED,
"Certificate revoked by issuer in OCSP");
return HX509_CERT_REVOKED;
@@ -753,7 +753,7 @@ hx509_revoke_verify(hx509_context context,
}
/* don't allow the update to be in the future */
if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate >
if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate >
now + context->ocsp_time_diff)
continue;
@@ -774,7 +774,7 @@ hx509_revoke_verify(hx509_context context,
int diff;
/* check if cert.issuer == crls.val[i].crl.issuer */
ret = _hx509_name_cmp(&c->tbsCertificate.issuer,
ret = _hx509_name_cmp(&c->tbsCertificate.issuer,
&crl->crl.tbsCertList.issuer, &diff);
if (ret || diff)
continue;
@@ -807,7 +807,7 @@ hx509_revoke_verify(hx509_context context,
if (crl->crl.tbsCertList.crlExtensions) {
for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++) {
if (crl->crl.tbsCertList.crlExtensions->val[j].critical) {
hx509_set_error_string(context, 0,
hx509_set_error_string(context, 0,
HX509_CRL_UNKNOWN_EXTENSION,
"Unknown CRL extension");
return HX509_CRL_UNKNOWN_EXTENSION;
@@ -830,13 +830,13 @@ hx509_revoke_verify(hx509_context context,
t = _hx509_Time2time_t(&crl->crl.tbsCertList.revokedCertificates->val[j].revocationDate);
if (t > now)
continue;
if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions)
for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++)
if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical)
return HX509_CRL_UNKNOWN_EXTENSION;
hx509_set_error_string(context, 0,
hx509_set_error_string(context, 0,
HX509_CERT_REVOKED,
"Certificate revoked by issuer in CRL");
return HX509_CERT_REVOKED;
@@ -848,7 +848,7 @@ hx509_revoke_verify(hx509_context context,
if (context->flags & HX509_CTX_VERIFY_MISSING_OK)
return 0;
hx509_set_error_string(context, HX509_ERROR_APPEND,
hx509_set_error_string(context, HX509_ERROR_APPEND,
HX509_REVOKE_STATUS_MISSING,
"No revoke status found for "
"certificates");
@@ -874,13 +874,13 @@ add_to_req(hx509_context context, void *ptr, hx509_cert cert)
hx509_query q;
void *d;
d = realloc(ctx->req->requestList.val,
d = realloc(ctx->req->requestList.val,
sizeof(ctx->req->requestList.val[0]) *
(ctx->req->requestList.len + 1));
if (d == NULL)
return ENOMEM;
ctx->req->requestList.val = d;
one = &ctx->req->requestList.val[ctx->req->requestList.len];
memset(one, 0, sizeof(*one));
@@ -920,7 +920,7 @@ add_to_req(hx509_context context, void *ptr, hx509_cert cert)
goto out;
os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
os.length =
os.length =
p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
ret = _hx509_create_signature(context,
@@ -994,9 +994,9 @@ hx509_ocsp_request(hx509_context context,
hx509_cert_free(ctx.parent);
if (ret)
goto out;
if (nonce) {
req.tbsRequest.requestExtensions =
req.tbsRequest.requestExtensions =
calloc(1, sizeof(*req.tbsRequest.requestExtensions));
if (req.tbsRequest.requestExtensions == NULL) {
ret = ENOMEM;
@@ -1079,7 +1079,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
{
struct revoke_ocsp ocsp;
int ret, i;
if (out == NULL)
out = stdout;
@@ -1122,7 +1122,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
break;
}
fprintf(out, "producedAt: %s\n",
fprintf(out, "producedAt: %s\n",
printable_time(ocsp.ocsp.tbsResponseData.producedAt));
fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len);
@@ -1145,10 +1145,10 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
fprintf(out, "\t%d. status: %s\n", i, status);
fprintf(out, "\tthisUpdate: %s\n",
fprintf(out, "\tthisUpdate: %s\n",
printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
if (ocsp.ocsp.tbsResponseData.responses.val[i].nextUpdate)
fprintf(out, "\tproducedAt: %s\n",
fprintf(out, "\tproducedAt: %s\n",
printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
}
@@ -1210,7 +1210,7 @@ hx509_ocsp_verify(hx509_context context,
&c->tbsCertificate.serialNumber);
if (ret != 0)
continue;
/* verify issuer hashes hash */
ret = _hx509_verify_signature(context,
NULL,
@@ -1229,7 +1229,7 @@ hx509_ocsp_verify(hx509_context context,
}
/* don't allow the update to be in the future */
if (basic.tbsResponseData.responses.val[i].thisUpdate >
if (basic.tbsResponseData.responses.val[i].thisUpdate >
now + context->ocsp_time_diff)
continue;
@@ -1323,7 +1323,7 @@ hx509_crl_alloc(hx509_context context, hx509_crl *crl)
int
hx509_crl_add_revoked_certs(hx509_context context,
hx509_crl crl,
hx509_crl crl,
hx509_certs certs)
{
return hx509_certs_merge(context, crl->revoked, certs);
@@ -1386,13 +1386,13 @@ add_revoked(hx509_context context, void *ctx, hx509_cert cert)
}
c->revokedCertificates->val = ptr;
ret = hx509_cert_get_serialnumber(cert,
ret = hx509_cert_get_serialnumber(cert,
&c->revokedCertificates->val[num].userCertificate);
if (ret) {
hx509_clear_error_string(context);
return ret;
}
c->revokedCertificates->val[num].revocationDate.element =
c->revokedCertificates->val[num].revocationDate.element =
choice_Time_generalTime;
c->revokedCertificates->val[num].revocationDate.u.generalTime =
time(NULL) - 3600 * 24;
@@ -1401,7 +1401,7 @@ add_revoked(hx509_context context, void *ctx, hx509_cert cert)
c->revokedCertificates->len++;
return 0;
}
}
/**
* Sign a CRL and return an encode certificate.
@@ -1479,7 +1479,7 @@ hx509_crl_sign(hx509_context context,
c.tbsCertList.nextUpdate->u.generalTime = next;
}
c.tbsCertList.revokedCertificates =
c.tbsCertList.revokedCertificates =
calloc(1, sizeof(*c.tbsCertList.revokedCertificates));
if (c.tbsCertList.revokedCertificates == NULL) {
hx509_set_error_string(context, 0, ENOMEM, "out of memory");

58
lib/hx509/sel-gram.y
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
%{
@@ -87,8 +87,8 @@ words : word { $$ = _hx509_make_expr(expr_WORDS, $1, NULL); }
;
comp : word '=' '=' word { $$ = _hx509_make_expr(comp_EQ, $1, $4); }
| word '!' '=' word { $$ = _hx509_make_expr(comp_NE, $1, $4); }
| word kw_TAILMATCH word { $$ = _hx509_make_expr(comp_TAILEQ, $1, $3); }
| word '!' '=' word { $$ = _hx509_make_expr(comp_NE, $1, $4); }
| word kw_TAILMATCH word { $$ = _hx509_make_expr(comp_TAILEQ, $1, $3); }
| word kw_IN '(' words ')' { $$ = _hx509_make_expr(comp_IN, $1, $4); }
| word kw_IN variable { $$ = _hx509_make_expr(comp_IN, $1, $3); }
;
@@ -102,14 +102,14 @@ word : number { $$ = $1; }
number : NUMBER { $$ = _hx509_make_expr(expr_NUMBER, $1, NULL); };
string : STRING { $$ = _hx509_make_expr(expr_STRING, $1, NULL); };
function: IDENTIFIER '(' words ')' {
function: IDENTIFIER '(' words ')' {
$$ = _hx509_make_expr(expr_FUNCTION, $1, $3); }
;
variable: '%' '{' variables '}' { $$ = $3; }
;
variables: IDENTIFIER '.' variables {
variables: IDENTIFIER '.' variables {
$$ = _hx509_make_expr(expr_VAR, $1, $3); }
| IDENTIFIER {
| IDENTIFIER {
$$ = _hx509_make_expr(expr_VAR, $1, NULL); }
;

52
lib/hx509/sel-lex.l
View File

@@ -1,35 +1,35 @@
%{
/*
* Copyright (c) 2004, 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id$ */
@@ -112,7 +112,7 @@ handle_string(void)
}
int
yywrap ()
yywrap ()
{
return 1;
}
@@ -127,7 +127,7 @@ lex_input(char *buf, int max_size)
n = max_size;
if (n <= 0)
return YY_NULL;
memcpy(buf, _hx509_expr_input.buf + _hx509_expr_input.offset, n);
_hx509_expr_input.offset += n;

58
lib/hx509/sel.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -75,7 +75,7 @@ find_variable(hx509_context context, hx509_env env, struct hx_expr *word)
if (word->arg2 == NULL)
return hx509_env_find_binding(context, env, word->arg1);
env = hx509_env_find_binding(context, env, word->arg1);
if (env == NULL)
return NULL;
@@ -101,7 +101,7 @@ eval_comp(hx509_context context, hx509_env env, struct hx_expr *expr)
if (expr->op == comp_TAILEQ) {
size_t len1 = strlen(s1);
size_t len2 = strlen(s2);
if (len1 < len2)
return 0;
ret = strcmp(s1 + (len1 - len2), s2) == 0;
@@ -133,7 +133,7 @@ eval_comp(hx509_context context, hx509_env env, struct hx_expr *expr)
subenv = find_variable(context, env, subexpr);
if (subenv == NULL)
return FALSE;
while (subenv) {
if (subenv->type != env_string)
continue;
@@ -166,7 +166,7 @@ _hx509_expr_eval(hx509_context context, hx509_env env, struct hx_expr *expr)
case op_NOT:
return ! _hx509_expr_eval(context, env, expr->arg1);
case op_AND:
return _hx509_expr_eval(context, env, expr->arg1) &&
return _hx509_expr_eval(context, env, expr->arg1) &&
_hx509_expr_eval(context, env, expr->arg2);
case op_OR:
return _hx509_expr_eval(context, env, expr->arg1) ||
@@ -226,7 +226,7 @@ _hx509_sel_yyerror (char *s)
{
if (_hx509_expr_input.error)
free(_hx509_expr_input.error);
_hx509_expr_input.error = strdup(s);
}

50
lib/hx509/sel.h
View File

@@ -1,38 +1,38 @@
/*
* Copyright (c) 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
enum hx_expr_op {
op_TRUE,
op_TRUE,
op_FALSE,
op_NOT,
op_AND,

114
lib/hx509/softp11.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2004 - 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -302,7 +302,7 @@ add_st_object(void)
memset(o, 0, sizeof(*o));
o->attrs = NULL;
o->num_attributes = 0;
for (i = 0; i < soft_token.object.num_objs; i++) {
if (soft_token.object.objs == NULL) {
soft_token.object.objs[i] = o;
@@ -326,7 +326,7 @@ add_st_object(void)
}
static CK_RV
add_object_attribute(struct st_object *o,
add_object_attribute(struct st_object *o,
int secret,
CK_ATTRIBUTE_TYPE type,
CK_VOID_PTR pValue,
@@ -362,14 +362,14 @@ add_pubkey_info(hx509_context hxctx, struct st_object *o,
CK_ULONG modulus_bits = 0;
CK_BYTE *exponent = NULL;
size_t exponent_len = 0;
if (key_type != CKK_RSA)
return CKR_OK;
if (_hx509_cert_private_key(cert) == NULL)
return CKR_OK;
num = _hx509_private_key_get_internal(context,
_hx509_cert_private_key(cert),
num = _hx509_private_key_get_internal(context,
_hx509_cert_private_key(cert),
"rsa-modulus");
if (num == NULL)
return CKR_GENERAL_ERROR;
@@ -386,8 +386,8 @@ add_pubkey_info(hx509_context hxctx, struct st_object *o,
free(modulus);
num = _hx509_private_key_get_internal(context,
_hx509_cert_private_key(cert),
num = _hx509_private_key_get_internal(context,
_hx509_cert_private_key(cert),
"rsa-exponent");
if (num == NULL)
return CKR_GENERAL_ERROR;
@@ -717,7 +717,7 @@ read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin)
if (strcasecmp("certificate", type) == 0) {
char *cert, *id, *label;
id = strtok_r(NULL, "\t", &s);
if (id == NULL) {
st_logf("no id\n");
@@ -734,9 +734,9 @@ read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin)
st_logf("no certfiicate store\n");
continue;
}
st_logf("adding: %s: %s in file %s\n", id, label, cert);
ret = add_certificate(cert, pin, id, label);
if (ret)
failed = ret;
@@ -824,7 +824,7 @@ C_Initialize(CK_VOID_PTR a)
soft_token.object.objs = NULL;
soft_token.object.num_objs = 0;
soft_token.logfile = NULL;
#if 0
soft_token.logfile = stdout;
@@ -906,11 +906,11 @@ C_GetInfo(CK_INFO_PTR args)
memset(args, 17, sizeof(*args));
args->cryptokiVersion.major = 2;
args->cryptokiVersion.minor = 10;
snprintf_fill((char *)args->manufacturerID,
snprintf_fill((char *)args->manufacturerID,
sizeof(args->manufacturerID),
' ',
"Heimdal hx509 SoftToken");
snprintf_fill((char *)args->libraryDescription,
snprintf_fill((char *)args->libraryDescription,
sizeof(args->libraryDescription), ' ',
"Heimdal hx509 SoftToken");
args->libraryVersion.major = 2;
@@ -956,7 +956,7 @@ C_GetSlotInfo(CK_SLOT_ID slotID,
if (slotID != 1)
return CKR_ARGUMENTS_BAD;
snprintf_fill((char *)pInfo->slotDescription,
snprintf_fill((char *)pInfo->slotDescription,
sizeof(pInfo->slotDescription),
' ',
"Heimdal hx509 SoftToken (slot)");
@@ -971,7 +971,7 @@ C_GetSlotInfo(CK_SLOT_ID slotID,
pInfo->hardwareVersion.minor = 0;
pInfo->firmwareVersion.major = 1;
pInfo->firmwareVersion.minor = 0;
return CKR_OK;
}
@@ -980,15 +980,15 @@ C_GetTokenInfo(CK_SLOT_ID slotID,
CK_TOKEN_INFO_PTR pInfo)
{
INIT_CONTEXT();
st_logf("GetTokenInfo: %s\n", has_session());
st_logf("GetTokenInfo: %s\n", has_session());
memset(pInfo, 19, sizeof(*pInfo));
snprintf_fill((char *)pInfo->label,
snprintf_fill((char *)pInfo->label,
sizeof(pInfo->label),
' ',
"Heimdal hx509 SoftToken (token)");
snprintf_fill((char *)pInfo->manufacturerID,
snprintf_fill((char *)pInfo->manufacturerID,
sizeof(pInfo->manufacturerID),
' ',
"Heimdal hx509 SoftToken (token)");
@@ -996,12 +996,12 @@ C_GetTokenInfo(CK_SLOT_ID slotID,
sizeof(pInfo->model),
' ',
"Heimdal hx509 SoftToken (token)");
snprintf_fill((char *)pInfo->serialNumber,
snprintf_fill((char *)pInfo->serialNumber,
sizeof(pInfo->serialNumber),
' ',
"4711");
pInfo->flags =
CKF_TOKEN_INITIALIZED |
pInfo->flags =
CKF_TOKEN_INITIALIZED |
CKF_USER_PIN_INITIALIZED;
if (soft_token.flags.login_done == 0)
@@ -1078,7 +1078,7 @@ C_OpenSession(CK_SLOT_ID slotID,
int i;
INIT_CONTEXT();
st_logf("OpenSession: slot: %d\n", (int)slotID);
if (soft_token.open_sessions == MAX_NUM_SESSION)
return CKR_SESSION_COUNT;
@@ -1136,7 +1136,7 @@ C_GetSessionInfo(CK_SESSION_HANDLE hSession,
{
st_logf("GetSessionInfo\n");
INIT_CONTEXT();
VERIFY_SESSION_HANDLE(hSession, NULL);
memset(pInfo, 20, sizeof(*pInfo));
@@ -1180,7 +1180,7 @@ C_Login(CK_SESSION_HANDLE hSession,
soft_token.flags.login_done = 1;
free(pin);
return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT;
}
@@ -1278,12 +1278,12 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession,
print_attributes(pTemplate, ulCount);
state->find.attributes =
state->find.attributes =
calloc(1, ulCount * sizeof(state->find.attributes[0]));
if (state->find.attributes == NULL)
return CKR_DEVICE_MEMORY;
for (i = 0; i < ulCount; i++) {
state->find.attributes[i].pValue =
state->find.attributes[i].pValue =
malloc(pTemplate[i].ulValueLen);
if (state->find.attributes[i].pValue == NULL) {
find_object_final(state);
@@ -1435,15 +1435,15 @@ C_SignInit(CK_SESSION_HANDLE hSession,
INIT_CONTEXT();
st_logf("SignInit\n");
VERIFY_SESSION_HANDLE(hSession, &state);
ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
mechs, sizeof(mechs)/sizeof(mechs[0]),
pMechanism, hKey, &o);
if (ret)
return ret;
ret = dup_mechanism(&state->sign_mechanism, pMechanism);
if (ret == CKR_OK)
if (ret == CKR_OK)
state->sign_object = OBJECT_ID(o);
return CKR_OK;
@@ -1500,7 +1500,7 @@ C_Sign(CK_SESSION_HANDLE hSession,
ret = CKR_FUNCTION_NOT_SUPPORTED;
goto out;
}
data.data = pData;
data.length = ulDataLen;
@@ -1568,15 +1568,15 @@ C_VerifyInit(CK_SESSION_HANDLE hSession,
INIT_CONTEXT();
st_logf("VerifyInit\n");
VERIFY_SESSION_HANDLE(hSession, &state);
ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
mechs, sizeof(mechs)/sizeof(mechs[0]),
pMechanism, hKey, &o);
if (ret)
return ret;
ret = dup_mechanism(&state->verify_mechanism, pMechanism);
if (ret == CKR_OK)
if (ret == CKR_OK)
state->verify_object = OBJECT_ID(o);
return ret;

4
lib/hx509/test_expr.c
View File

@@ -70,11 +70,11 @@ main(int argc, char **argv)
val = _hx509_expr_eval(context, env, expr);
if (foo[i].val) {
if (val == 0)
errx(1, "_hx509_expr_eval not true when it should: %d: %s",
errx(1, "_hx509_expr_eval not true when it should: %d: %s",
i, foo[i].str);
} else {
if (val)
errx(1, "_hx509_expr_eval true when it should not: %d: %s",
errx(1, "_hx509_expr_eval true when it should not: %d: %s",
i, foo[i].str);
}

50
lib/hx509/test_name.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -92,7 +92,7 @@ test_expand(hx509_context context, const char *name, const char *expected)
hx509_name_free(&n);
if (ret)
return 1;
ret = strcmp(s, expected) != 0;
free(s);
if (ret)

60
lib/hx509/test_soft_pkcs11.c
View File

@@ -1,34 +1,34 @@
/*
* Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "hx_locl.h"
@@ -39,9 +39,9 @@ static CK_FUNCTION_LIST_PTR func;
static CK_RV
find_object(CK_SESSION_HANDLE session,
find_object(CK_SESSION_HANDLE session,
char *id,
CK_OBJECT_CLASS key_class,
CK_OBJECT_CLASS key_class,
CK_OBJECT_HANDLE_PTR object)
{
CK_ULONG object_count;
@@ -119,11 +119,11 @@ main(int argc, char **argv)
if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0)
errx(1, "no token present");
ret = (*func->C_OpenSession)(slot, CKF_SERIAL_SESSION,
ret = (*func->C_OpenSession)(slot, CKF_SERIAL_SESSION,
NULL, NULL, &session);
if (ret != CKR_OK)
errx(1, "C_OpenSession failed: %d", (int)ret);
ret = (*func->C_GetTokenInfo)(slot, &token_info);
if (ret)
errx(1, "C_GetTokenInfo1 failed: %d", (int)ret);
@@ -172,7 +172,7 @@ main(int argc, char **argv)
if (ret != CKR_OK)
return 1;
ret = (*func->C_Verify)(session, (CK_BYTE *)signature, ck_sigsize,
ret = (*func->C_Verify)(session, (CK_BYTE *)signature, ck_sigsize,
(CK_BYTE *)sighash, strlen(sighash));
if (ret != CKR_OK) {
printf("message: %d\n", (int)ret);
@@ -206,7 +206,7 @@ main(int argc, char **argv)
return 1;
outsize = sizeof(outdata);
ret = (*func->C_Decrypt)(session, (CK_BYTE *)signature, ck_sigsize,
ret = (*func->C_Decrypt)(session, (CK_BYTE *)signature, ck_sigsize,
(CK_BYTE *)outdata, &outsize);
if (ret != CKR_OK) {
printf("message: %d\n", (int)ret);