oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add a hx509_context where we can store configuration

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16476 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-01-04 20:33:31 +00:00
parent d5e17d6541
commit 7dcf3289bb
16 changed files with 456 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
lib/hx509/cert.c
View File

@@ -85,6 +85,39 @@ _hx509_abort(const char *fmt, ...)
abort();
}
/*
*
*/
int
hx509_context_init(hx509_context *context)
{
*context = calloc(1, sizeof(**context));
if (*context == NULL)
return ENOMEM;
_hx509_ks_mem_register(*context);
_hx509_ks_file_register(*context);
_hx509_ks_pkcs12_register(*context);
_hx509_ks_pkcs11_register(*context);
_hx509_ks_dir_register(*context);
return 0;
}
void
hx509_context_free(hx509_context *context)
{
if ((*context)->ks_ops) {
free((*context)->ks_ops);
(*context)->ks_ops = NULL;
}
(*context)->ks_num_ops = 0;
free(*context);
*context = NULL;
}
/*
*
*/
@@ -102,7 +135,7 @@ _hx509_cert_get_version(const Certificate *t)
}
int
hx509_cert_init(const Certificate *c, hx509_cert *cert)
hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
{
int ret;
@@ -196,7 +229,7 @@ hx509_cert_ref(hx509_cert cert)
}
int
hx509_verify_init_ctx(hx509_verify_ctx *ctx)
hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx)
{
hx509_verify_ctx c;
@@ -506,7 +539,9 @@ _hx509_cert_is_parent_cmp(const Certificate *subject,
}
static int
certificate_is_anchor(hx509_verify_ctx ctx, const hx509_cert cert)
certificate_is_anchor(hx509_context context,
hx509_verify_ctx ctx,
const hx509_cert cert)
{
hx509_query q;
hx509_cert c;
@@ -517,7 +552,7 @@ certificate_is_anchor(hx509_verify_ctx ctx, const hx509_cert cert)
q.match = HX509_QUERY_MATCH_CERTIFICATE;
q.certificate = _hx509_get_cert(cert);
ret = _hx509_certs_find(ctx->trust_anchors, &q, &c);
ret = _hx509_certs_find(context, ctx->trust_anchors, &q, &c);
if (ret == 0)
hx509_cert_free(c);
return ret == 0;
@@ -530,7 +565,8 @@ certificate_is_self_signed(const Certificate *cert)
}
static hx509_cert
find_parent(hx509_verify_ctx ctx,
find_parent(hx509_context context,
hx509_verify_ctx ctx,
hx509_path *path,
hx509_certs chain,
hx509_cert current)
@@ -548,10 +584,10 @@ find_parent(hx509_verify_ctx ctx,
q.subject = _hx509_get_cert(current);
q.path = path;
ret = _hx509_certs_find(chain, &q, &c);
ret = _hx509_certs_find(context, chain, &q, &c);
if (ret == 0)
return c;
ret = _hx509_certs_find(ctx->trust_anchors, &q, &c);
ret = _hx509_certs_find(context, ctx->trust_anchors, &q, &c);
if (ret == 0)
return c;
return NULL;
@@ -597,7 +633,8 @@ path_free(hx509_path *path)
*/
static int
calculate_path(hx509_verify_ctx ctx,
calculate_path(hx509_context context,
hx509_verify_ctx ctx,
hx509_cert cert,
hx509_certs chain,
hx509_path *path)
@@ -611,9 +648,9 @@ calculate_path(hx509_verify_ctx ctx,
current = hx509_cert_ref(cert);
while (!certificate_is_anchor(ctx, current)) {
while (!certificate_is_anchor(context, ctx, current)) {
parent = find_parent(ctx, path, chain, current);
parent = find_parent(context, ctx, path, chain, current);
hx509_cert_free(current);
if (parent == NULL)
return HX509_ISSUER_NOT_FOUND;
@@ -675,19 +712,19 @@ hx509_cert_cmp(hx509_cert p, hx509_cert q)
}
int
hx509_cert_issuer(hx509_cert p, hx509_name *name)
hx509_cert_get_issuer(hx509_cert p, hx509_name *name)
{
return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name);
}
int
hx509_cert_subject(hx509_cert p, hx509_name *name)
hx509_cert_get_subject(hx509_cert p, hx509_name *name)
{
return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name);
}
int
hx509_cert_serialnumber(hx509_cert p, heim_integer *i)
hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i)
{
return copy_heim_integer(&p->data->tbsCertificate.serialNumber, i);
}
@@ -1037,7 +1074,10 @@ free_name_constraints(hx509_name_constraints *nc)
}
int
hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain)
hx509_verify_path(hx509_context context,
hx509_verify_ctx ctx,
hx509_cert cert,
hx509_certs chain)
{
hx509_name_constraints nc;
hx509_path path;
@@ -1060,7 +1100,7 @@ hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain)
* Calculate the path from the certificate user presented to the
* to an anchor.
*/
ret = calculate_path(ctx, cert, chain, &path);
ret = calculate_path(context, ctx, cert, chain, &path);
if (ret)
goto out;
@@ -1168,7 +1208,8 @@ hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain)
}
int
hx509_verify_signature(const hx509_cert signer,
hx509_verify_signature(hx509_context context,
const hx509_cert signer,
const AlgorithmIdentifier *alg,
const heim_octet_string *data,
const heim_octet_string *sig)

60
lib/hx509/cms.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003 - 2005 Kungliga Tekniska H<>gskolan
* Copyright (c) 2003 - 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -66,7 +66,7 @@ fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id)
int ret;
id->element = choice_CMSIdentifier_issuerAndSerialNumber;
ret = hx509_cert_issuer(cert, &name);
ret = hx509_cert_get_issuer(cert, &name);
if (ret)
return ret;
ret = copy_Name(&name->der_name,
@@ -75,13 +75,14 @@ fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id)
if (ret)
return ret;
ret = hx509_cert_serialnumber(cert,
ret = hx509_cert_get_serialnumber(cert,
&id->u.issuerAndSerialNumber.serialNumber);
return ret;
}
static int
find_CMSIdentifier(CMSIdentifier *client,
find_CMSIdentifier(hx509_context context,
CMSIdentifier *client,
hx509_certs certs,
hx509_cert *signer_cert,
int match)
@@ -112,7 +113,7 @@ find_CMSIdentifier(CMSIdentifier *client,
q.match |= match;
ret = _hx509_certs_find(certs, &q, &cert);
ret = _hx509_certs_find(context, certs, &q, &cert);
if (ret)
return ret;
@@ -122,7 +123,8 @@ find_CMSIdentifier(CMSIdentifier *client,
}
int
hx509_cms_unenvelope(hx509_certs certs,
hx509_cms_unenvelope(hx509_context context,
hx509_certs certs,
const void *data,
size_t length,
heim_oid *contentType,
@@ -165,7 +167,7 @@ hx509_cms_unenvelope(hx509_certs certs,
* ki->keyEncryptionAlgorithm.algorithm);
*/
ret = find_CMSIdentifier(&ri->rid, certs, &cert,
ret = find_CMSIdentifier(context, &ri->rid, certs, &cert,
HX509_QUERY_PRIVATE_KEY|
HX509_QUERY_KU_ENCIPHERMENT);
if (ret) {
@@ -204,7 +206,7 @@ hx509_cms_unenvelope(hx509_certs certs,
hx509_crypto crypto;
heim_octet_string *ivec = NULL, ivec_data;
ret = hx509_crypto_init(NULL, &ai->algorithm, &crypto);
ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
if (ret)
goto out;
@@ -238,7 +240,8 @@ hx509_cms_unenvelope(hx509_certs certs,
}
int
hx509_cms_envelope_1(hx509_cert cert,
hx509_cms_envelope_1(hx509_context context,
hx509_cert cert,
const void *data,
size_t length,
const heim_oid *encryption_type,
@@ -265,7 +268,7 @@ hx509_cms_envelope_1(hx509_cert cert,
if (ret)
goto out;
ret = hx509_crypto_init(NULL, encryption_type, &crypto);
ret = hx509_crypto_init(context, NULL, encryption_type, &crypto);
if (ret)
goto out;
@@ -354,7 +357,7 @@ hx509_cms_envelope_1(hx509_cert cert,
}
static int
any_to_certs(const SignedData *sd, hx509_certs certs)
any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
{
int ret, i;
@@ -372,11 +375,11 @@ any_to_certs(const SignedData *sd, hx509_certs certs)
if (ret)
return ret;
ret = hx509_cert_init(&cert, &c);
ret = hx509_cert_init(context, &cert, &c);
free_Certificate(&cert);
if (ret)
return ret;
ret = hx509_certs_add(certs, c);
ret = hx509_certs_add(context, certs, c);
if (ret) {
hx509_cert_free(c);
return ret;
@@ -397,7 +400,8 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid)
}
int
hx509_cms_verify_signed(hx509_verify_ctx ctx,
hx509_cms_verify_signed(hx509_context context,
hx509_verify_ctx ctx,
const void *data,
size_t length,
hx509_certs store,
@@ -430,23 +434,25 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
goto out;
}
ret = hx509_certs_init("MEMORY:cms-cert-buffer", 0, NULL, &certs);
ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer",
0, NULL, &certs);
if (ret)
goto out;
ret = hx509_certs_init("MEMORY:cms-signer-certs", 0, NULL, signer_certs);
ret = hx509_certs_init(context, "MEMORY:cms-signer-certs",
0, NULL, signer_certs);
if (ret)
goto out;
/* XXX Check CMS version */
ret = any_to_certs(&sd, certs);
ret = any_to_certs(context, &sd, certs);
if (ret) {
goto out;
}
if (store) {
ret = hx509_certs_merge(certs, store);
ret = hx509_certs_merge(context, certs, store);
if (ret)
goto out;
}
@@ -465,7 +471,7 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
continue;
}
ret = find_CMSIdentifier(&signer_info->sid, certs, &cert,
ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert,
HX509_QUERY_KU_DIGITALSIGNATURE);
if (ret)
continue;
@@ -558,7 +564,8 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
free_oid(&decode_oid);
if (ret == 0)
ret = hx509_verify_signature(cert,
ret = hx509_verify_signature(context,
cert,
&signer_info->signatureAlgorithm,
signed_data,
&signer_info->signature);
@@ -572,13 +579,13 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
continue;
}
ret = hx509_verify_path(ctx, cert, certs);
ret = hx509_verify_path(context, ctx, cert, certs);
if (ret) {
hx509_cert_free(cert);
continue;
}
ret = hx509_certs_add(*signer_certs, hx509_cert_ref(cert));
ret = hx509_certs_add(context, *signer_certs, hx509_cert_ref(cert));
if (ret) {
hx509_cert_free(cert);
continue;
@@ -683,7 +690,8 @@ add_one_attribute(Attribute **attr,
int
hx509_cms_create_signed_1(const heim_oid *eContentType,
hx509_cms_create_signed_1(hx509_context context,
const heim_oid *eContentType,
const void *data, size_t length,
const AlgorithmIdentifier *digest_alg,
hx509_cert cert,
@@ -882,7 +890,8 @@ hx509_cms_create_signed_1(const heim_oid *eContentType,
}
int
hx509_cms_decrypt_encrypted(hx509_lock lock,
hx509_cms_decrypt_encrypted(hx509_context context,
hx509_lock lock,
const void *data,
size_t length,
heim_oid *contentType,
@@ -915,7 +924,8 @@ hx509_cms_decrypt_encrypted(hx509_lock lock,
goto out;
}
ret = _hx509_pbe_decrypt(lock,
ret = _hx509_pbe_decrypt(context,
lock,
ai,
ed.encryptedContentInfo.encryptedContent,
&cont);

40
lib/hx509/collector.c
View File

@@ -53,7 +53,7 @@ struct hx509_collector {
struct hx509_collector *
_hx509_collector_alloc(hx509_lock lock)
_hx509_collector_alloc(hx509_context context, hx509_lock lock)
{
struct hx509_collector *c;
@@ -62,10 +62,10 @@ _hx509_collector_alloc(hx509_lock lock)
return NULL;
c->lock = lock;
hx509_certs_init("MEMORY:dummy", 0, NULL, &c->unenvelop_certs);
hx509_certs_init(context, "MEMORY:dummy", 0, NULL, &c->unenvelop_certs);
c->val.data = NULL;
c->val.len = 0;
hx509_certs_init("MEMORY:collector-tmp-store", 0, NULL, &c->certs);
hx509_certs_init(context, "MEMORY:collector-tmp-store", 0, NULL, &c->certs);
return c;
}
@@ -78,9 +78,11 @@ _hx509_collector_get_lock(struct hx509_collector *c)
int
_hx509_collector_certs_add(struct hx509_collector *c, hx509_cert cert)
_hx509_collector_certs_add(hx509_context context,
struct hx509_collector *c,
hx509_cert cert)
{
return hx509_certs_add(c->certs, cert);
return hx509_certs_add(context, c->certs, cert);
}
static void
@@ -142,7 +144,9 @@ out:
}
static int
match_localkeyid(struct private_key *value, hx509_certs certs)
match_localkeyid(hx509_context context,
struct private_key *value,
hx509_certs certs)
{
hx509_cert cert;
hx509_query q;
@@ -153,21 +157,21 @@ match_localkeyid(struct private_key *value, hx509_certs certs)
q.local_key_id = &value->localKeyId;
ret = _hx509_certs_find(certs, &q, &cert);
ret = _hx509_certs_find(context, certs, &q, &cert);
if (ret == 0) {
if (value->private_key) {
_hx509_cert_assign_key(cert, value->private_key);
value->private_key = NULL;
}
hx509_certs_add(certs, cert);
hx509_certs_add(context, certs, cert);
hx509_cert_free(cert);
}
return ret;
}
static int
match_keys(struct private_key *value, hx509_certs certs)
match_keys(hx509_context context, struct private_key *value, hx509_certs certs)
{
hx509_cursor cursor;
hx509_cert c;
@@ -176,13 +180,13 @@ match_keys(struct private_key *value, hx509_certs certs)
if (value->private_key == NULL)
return EINVAL;
ret = hx509_certs_start_seq(certs, &cursor);
ret = hx509_certs_start_seq(context, certs, &cursor);
if (ret)
return ret;
c = NULL;
while (1) {
ret = hx509_certs_next_cert(certs, cursor, &c);
ret = hx509_certs_next_cert(context, certs, cursor, &c);
if (ret)
break;
if (c == NULL)
@@ -203,34 +207,36 @@ match_keys(struct private_key *value, hx509_certs certs)
hx509_cert_free(c);
}
hx509_certs_end_seq(certs, cursor);
hx509_certs_end_seq(context, certs, cursor);
return found;
}
int
_hx509_collector_collect(struct hx509_collector *c, hx509_certs *ret_certs)
_hx509_collector_collect(hx509_context context,
struct hx509_collector *c,
hx509_certs *ret_certs)
{
hx509_certs certs;
int ret, i;
*ret_certs = NULL;
ret = hx509_certs_init("MEMORY:collector-store", 0, NULL, &certs);
ret = hx509_certs_init(context, "MEMORY:collector-store", 0, NULL, &certs);
if (ret)
return ret;
ret = hx509_certs_merge(certs, c->certs);
ret = hx509_certs_merge(context, certs, c->certs);
if (ret) {
hx509_certs_free(&certs);
return ret;
}
for (i = 0; i < c->val.len; i++) {
ret = match_localkeyid(c->val.data[i], certs);
ret = match_localkeyid(context, c->val.data[i], certs);
if (ret == 0)
continue;
ret = match_keys(c->val.data[i], certs);
ret = match_keys(context, c->val.data[i], certs);
if (ret == 0)
continue;
}

70
lib/hx509/crypto.c
View File

@@ -101,10 +101,7 @@ struct hx509_private_key {
const heim_oid *signature_alg;
struct {
RSA *rsa;
} private_key2;
/* supported key operations */
/* context pointer to backend */
/* function pointer to backend */
} private_key;
};
/*
@@ -286,14 +283,14 @@ rsa_create_signature(const struct signature_alg *sig_alg,
if (indata.length != size)
_hx509_abort("internal ASN.1 encoder error");
sig->length = RSA_size(signer->private_key2.rsa);
sig->length = RSA_size(signer->private_key.rsa);
sig->data = malloc(sig->length);
if (sig->data == NULL)
return ENOMEM;
ret = RSA_private_encrypt(indata.length, indata.data,
sig->data,
signer->private_key2.rsa,
signer->private_key.rsa,
RSA_PKCS1_PADDING);
free_octet_string(&indata);
if (ret <= 0)
@@ -366,9 +363,9 @@ rsa_parse_private_key(const struct signature_alg *sig_alg,
{
const unsigned char *p = data;
private_key->private_key2.rsa =
private_key->private_key.rsa =
d2i_RSAPrivateKey(NULL, &p, len);
if (private_key->private_key2.rsa == NULL)
if (private_key->private_key.rsa == NULL)
return EINVAL;
private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
@@ -820,17 +817,17 @@ _hx509_private_key_private_decrypt(const heim_octet_string *ciphertext,
cleartext->data = NULL;
cleartext->length = 0;
if (p->private_key2.rsa == NULL)
if (p->private_key.rsa == NULL)
return EINVAL;
cleartext->length = RSA_size(p->private_key2.rsa);
cleartext->length = RSA_size(p->private_key.rsa);
cleartext->data = malloc(cleartext->length);
if (cleartext->data == NULL)
return ENOMEM;
ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
cleartext->data,
p->private_key2.rsa,
p->private_key.rsa,
RSA_PKCS1_PADDING);
if (ret <= 0) {
free_octet_string(cleartext);
@@ -934,9 +931,9 @@ _hx509_new_private_key(hx509_private_key *key)
int
_hx509_free_private_key(hx509_private_key *key)
{
if ((*key)->private_key2.rsa)
RSA_free((*key)->private_key2.rsa);
(*key)->private_key2.rsa = NULL;
if ((*key)->private_key.rsa)
RSA_free((*key)->private_key.rsa);
(*key)->private_key.rsa = NULL;
free(*key);
*key = NULL;
return 0;
@@ -953,9 +950,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key,
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
if (key->private_key2.rsa) {
RSA_free(key->private_key2.rsa);
key->private_key2.rsa = NULL;
if (key->private_key.rsa) {
RSA_free(key->private_key.rsa);
key->private_key.rsa = NULL;
}
@@ -974,9 +971,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key,
if (private_key == NULL)
continue;
key->private_key2.rsa = EVP_PKEY_get1_RSA(private_key);
key->private_key.rsa = EVP_PKEY_get1_RSA(private_key);
EVP_PKEY_free(private_key);
if (key->private_key2.rsa == NULL)
if (key->private_key.rsa == NULL)
return EINVAL;
return 0;
@@ -988,9 +985,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key,
void
_hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
{
if (key->private_key2.rsa)
RSA_free(key->private_key2.rsa);
key->private_key2.rsa = ptr;
if (key->private_key.rsa)
RSA_free(key->private_key.rsa);
key->private_key.rsa = ptr;
}
@@ -1025,7 +1022,8 @@ find_cipher(const heim_oid *oid)
}
int
hx509_crypto_init(const char *provider,
hx509_crypto_init(hx509_context context,
const char *provider,
const heim_oid *enctype,
hx509_crypto *crypto)
{
@@ -1318,14 +1316,16 @@ hx509_crypto_decrypt(hx509_crypto crypto,
return ret;
}
typedef int (*PBE_string2key_func)(const char *,
typedef int (*PBE_string2key_func)(hx509_context,
const char *,
const heim_octet_string *,
hx509_crypto *, heim_octet_string *,
heim_octet_string *,
const heim_oid *, const EVP_MD *);
static int
PBE_string2key(const char *password,
PBE_string2key(hx509_context context,
const char *password,
const heim_octet_string *parameters,
hx509_crypto *crypto,
heim_octet_string *key, heim_octet_string *iv,
@@ -1370,7 +1370,7 @@ PBE_string2key(const char *password,
goto out;
}
ret = hx509_crypto_init(NULL, enc_oid, &c);
ret = hx509_crypto_init(context, NULL, enc_oid, &c);
if (ret)
goto out;
@@ -1424,7 +1424,8 @@ find_string2key(const heim_oid *oid,
int
_hx509_pbe_decrypt(hx509_lock lock,
_hx509_pbe_decrypt(hx509_context context,
hx509_lock lock,
const AlgorithmIdentifier *ai,
const heim_octet_string *econtent,
heim_octet_string *content)
@@ -1464,7 +1465,7 @@ _hx509_pbe_decrypt(hx509_lock lock,
for (i = 0; i < pw->len; i++) {
hx509_crypto crypto;
ret = (*s2k)(pw->val[i], ai->parameters, &crypto,
ret = (*s2k)(context, pw->val[i], ai->parameters, &crypto,
&key, &iv, enc_oid, md);
if (ret) {
goto out;
@@ -1503,10 +1504,10 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
size_t size;
int ret;
if (private_key->private_key2.rsa == NULL)
if (private_key->private_key.rsa == NULL)
return 0;
rsa = private_key->private_key2.rsa;
rsa = private_key->private_key.rsa;
if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
return 0;
@@ -1529,11 +1530,12 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
free_RSAPublicKey(&pk);
rsa->d = BN_dup(private_key->private_key2.rsa->d);
rsa->p = BN_dup(private_key->private_key2.rsa->p);
rsa->q = BN_dup(private_key->private_key2.rsa->q);
rsa->d = BN_dup(private_key->private_key.rsa->d);
rsa->p = BN_dup(private_key->private_key.rsa->p);
rsa->q = BN_dup(private_key->private_key.rsa->q);
if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL) {
if (rsa->n == NULL || rsa->e == NULL ||
rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL) {
RSA_free(rsa);
return 0;
}

17
lib/hx509/hx509.h
View File

@@ -33,16 +33,17 @@
/* $Id$ */
typedef struct hx509_verify_ctx_data *hx509_verify_ctx;
typedef struct hx509_certs_data *hx509_certs;
typedef struct hx509_cert_data *hx509_cert;
typedef struct hx509_cert_attribute_data *hx509_cert_attribute;
typedef struct hx509_validate_ctx_data *hx509_validate_ctx;
typedef struct hx509_name_data *hx509_name;
typedef void * hx509_cursor;
typedef struct hx509_lock_data *hx509_lock;
typedef struct hx509_private_key *hx509_private_key;
typedef struct hx509_cert_data *hx509_cert;
typedef struct hx509_certs_data *hx509_certs;
typedef struct hx509_context_data *hx509_context;
typedef struct hx509_crypto_data *hx509_crypto;
typedef struct hx509_lock_data *hx509_lock;
typedef struct hx509_name_data *hx509_name;
typedef struct hx509_private_key *hx509_private_key;
typedef struct hx509_validate_ctx_data *hx509_validate_ctx;
typedef struct hx509_verify_ctx_data *hx509_verify_ctx;
typedef void * hx509_cursor;
typedef void (*hx509_vprint_func)(void *, const char *, va_list);

20
lib/hx509/hx_locl.h
View File

@@ -121,13 +121,15 @@ struct hx509_query_data {
struct hx509_keyset_ops {
char *name;
int flags;
int (*init)(hx509_certs, void **, int, const char *, hx509_lock);
int (*init)(hx509_context, hx509_certs, void **,
int, const char *, hx509_lock);
int (*free)(hx509_certs, void *);
int (*add)(hx509_certs, void *, hx509_cert);
int (*query)(hx509_certs, void *, const hx509_query *, hx509_cert *);
int (*iter_start)(hx509_certs, void *, void **);
int (*iter)(hx509_certs, void *, void *, hx509_cert *);
int (*iter_end)(hx509_certs, void *, void *);
int (*add)(hx509_context, hx509_certs, void *, hx509_cert);
int (*query)(hx509_context, hx509_certs, void *,
const hx509_query *, hx509_cert *);
int (*iter_start)(hx509_context, hx509_certs, void *, void **);
int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *);
int (*iter_end)(hx509_context, hx509_certs, void *, void *);
};
struct _hx509_password {
@@ -136,3 +138,9 @@ struct _hx509_password {
};
extern hx509_lock _hx509_empty_lock;
struct hx509_context_data {
struct hx509_keyset_ops **ks_ops;
int ks_num_ops;
};

110
lib/hx509/hxtool.c
View File

@@ -37,6 +37,8 @@ RCSID("$Id$");
#include <hxtool-commands.h>
#include <sl.h>
hx509_context context;
static int version_flag;
static int help_flag;
@@ -81,29 +83,29 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
size_t sz;
void *p;
hx509_lock_init(&lock);
hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings);
ret = _hx509_map_file(argv[0], &p, &sz);
if (ret)
err(1, "map_file: %s: %d", argv[0], ret);
ret = hx509_verify_init_ctx(&ctx);
ret = hx509_verify_init_ctx(context, &ctx);
ret = hx509_certs_init("MEMORY:cms-anchors", 0, NULL, &anchors);
ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors);
for (i = 0; i < opt->anchors_strings.num_strings; i++) {
ret = hx509_certs_append(anchors, lock,
ret = hx509_certs_append(context, anchors, lock,
opt->anchors_strings.strings[i]);
if (ret)
errx(1, "hx509_certs_append: anchor: %s: %d",
opt->anchors_strings.strings[i], ret);
}
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &store);
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
for (i = 0; i < opt->certificate_strings.num_strings; i++) {
ret = hx509_certs_append(store, lock,
ret = hx509_certs_append(context, store, lock,
opt->certificate_strings.strings[i]);
if (ret)
errx(1, "hx509_certs_append: store: %s %d",
@@ -136,7 +138,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
hx509_verify_attach_anchors(ctx, anchors);
ret = hx509_cms_verify_signed(ctx, co.data, co.length,
ret = hx509_cms_verify_signed(context, ctx, co.data, co.length,
store, &type, &c, &signers);
if (co.data != p)
free_octet_string(&co);
@@ -144,7 +146,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
errx(1, "hx509_cms_verify_signed: %d", ret);
printf("signers:\n");
hx509_certs_iter(signers, hx509_ci_print_names, stdout);
hx509_certs_iter(context, signers, hx509_ci_print_names, stdout);
hx509_verify_destroy_ctx(ctx);
@@ -181,7 +183,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
if (argc < 2)
errx(1, "argc < 2");
hx509_lock_init(&lock);
hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings);
for (i = 0; i < opt->pass_strings.num_strings; i++) {
@@ -191,10 +193,10 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
opt->pass_strings.strings[i], ret);
}
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &store);
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
for (i = 0; i < opt->certificate_strings.num_strings; i++) {
ret = hx509_certs_append(store, lock,
ret = hx509_certs_append(context, store, lock,
opt->certificate_strings.strings[i]);
if (ret)
errx(1, "hx509_certs_append: store: %s: %d",
@@ -210,7 +212,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
q.friendlyname = opt->signer_string;
}
ret = _hx509_certs_find(store, &q, &cert);
ret = _hx509_certs_find(context, store, &q, &cert);
if (ret)
errx(1, "hx509_certs_find: %d", ret);
@@ -218,7 +220,8 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
if (ret)
err(1, "map_file: %s: %d", argv[0], ret);
ret = hx509_cms_create_signed_1(contentType,
ret = hx509_cms_create_signed_1(context,
contentType,
p,
sz,
NULL,
@@ -271,7 +274,7 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv)
int ret, i;
hx509_lock lock;
hx509_lock_init(&lock);
hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings);
ret = _hx509_map_file(argv[0], &p, &sz);
@@ -302,19 +305,20 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv)
co.length = sz;
}
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs);
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
if (ret)
errx(1, "hx509_certs_init: MEMORY: %d", ret);
for (i = 0; i < opt->certificate_strings.num_strings; i++) {
ret = hx509_certs_append(certs, lock,
ret = hx509_certs_append(context, certs, lock,
opt->certificate_strings.strings[i]);
if (ret)
errx(1, "hx509_certs_append: %s: %d",
opt->certificate_strings.strings[i], ret);
}
ret = hx509_cms_unenvelope(certs, co.data, co.length, &contentType, &o);
ret = hx509_cms_unenvelope(context, certs, co.data, co.length,
&contentType, &o);
if (co.data != p)
free_octet_string(&co);
if (ret)
@@ -345,17 +349,17 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
void *p;
hx509_lock lock;
hx509_lock_init(&lock);
hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings);
ret = _hx509_map_file(argv[0], &p, &sz);
if (ret)
err(1, "map_file: %s: %d", argv[0], ret);
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs);
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
for (i = 0; i < opt->certificate_strings.num_strings; i++) {
ret = hx509_certs_append(certs, lock,
ret = hx509_certs_append(context, certs, lock,
opt->certificate_strings.strings[i]);
if (ret)
errx(1, "hx509_certs_append: certs: %s: %d",
@@ -364,11 +368,11 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
_hx509_query_clear(&q);
q.match |= HX509_QUERY_KU_ENCIPHERMENT;
ret = _hx509_certs_find(certs, &q, &cert);
ret = _hx509_certs_find(context, certs, &q, &cert);
if (ret)
errx(1, "hx509_certs_find: %d", ret);
ret = hx509_cms_envelope_1(cert, p, sz, NULL, &contentType, &o);
ret = hx509_cms_envelope_1(context, cert, p, sz, NULL, &contentType, &o);
if (ret)
errx(1, "hx509_cms_unenvelope: %d", ret);
@@ -414,7 +418,7 @@ struct print_s {
};
static int
print_f(void *ctx, hx509_cert cert)
print_f(hx509_context context, void *ctx, hx509_cert cert)
{
struct print_s *s = ctx;
hx509_name name;
@@ -432,13 +436,13 @@ print_f(void *ctx, hx509_cert cert)
}
printf("\n");
ret = hx509_cert_issuer(cert, &name);
ret = hx509_cert_get_issuer(cert, &name);
hx509_name_to_string(name, &str);
hx509_name_free(&name);
printf(" issuer: \"%s\"\n", str);
free(str);
ret = hx509_cert_subject(cert, &name);
ret = hx509_cert_get_subject(cert, &name);
hx509_name_to_string(name, &str);
hx509_name_free(&name);
printf(" subject: \"%s\"\n", str);
@@ -447,12 +451,12 @@ print_f(void *ctx, hx509_cert cert)
if (s->verbose) {
hx509_validate_ctx ctx;
hx509_validate_ctx_init(&ctx);
hx509_validate_ctx_init(context, &ctx);
hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout);
hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE);
hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VERBOSE);
hx509_validate_cert(ctx, cert);
hx509_validate_cert(context, ctx, cert);
}
return 0;
@@ -468,15 +472,15 @@ pcert_print(struct print_options *opt, int argc, char **argv)
s.counter = 0;
s.verbose = opt->content_flag;
hx509_lock_init(&lock);
hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings);
while(argc--) {
int ret;
ret = hx509_certs_init(argv[0], 0, lock, &certs);
ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
if (ret)
errx(1, "hx509_certs_init: %d", ret);
hx509_certs_iter(certs, print_f, &s);
hx509_certs_iter(context, certs, print_f, &s);
hx509_certs_free(&certs);
argv++;
}
@@ -488,9 +492,9 @@ pcert_print(struct print_options *opt, int argc, char **argv)
static int
validate_f(void *ctx, hx509_cert c)
validate_f(hx509_context context, void *ctx, hx509_cert c)
{
hx509_validate_cert(ctx, c);
hx509_validate_cert(context, ctx, c);
return 0;
}
@@ -501,19 +505,19 @@ pcert_validate(struct validate_options *opt, int argc, char **argv)
hx509_certs certs;
hx509_lock lock;
hx509_lock_init(&lock);
hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings);
hx509_validate_ctx_init(&ctx);
hx509_validate_ctx_init(context, &ctx);
hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout);
hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE);
while(argc--) {
int ret;
ret = hx509_certs_init(argv[0], 0, lock, &certs);
ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
if (ret)
errx(1, "hx509_certs_init: %d", ret);
hx509_certs_iter(certs, validate_f, ctx);
hx509_certs_iter(context, certs, validate_f, ctx);
hx509_certs_free(&certs);
argv++;
}
@@ -530,12 +534,12 @@ struct verify {
};
static int
verify_f(void *ctx, hx509_cert c)
verify_f(hx509_context context, void *ctx, hx509_cert c)
{
struct verify *v = ctx;
int ret;
ret = hx509_verify_path(v->ctx, c, v->chain);
ret = hx509_verify_path(context, v->ctx, c, v->chain);
if (ret)
printf("verify_path returned %d\n", ret);
else
@@ -552,10 +556,10 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
struct verify v;
int ret;
ret = hx509_verify_init_ctx(&ctx);
ret = hx509_certs_init("MEMORY:anchors", 0, NULL, &anchors);
ret = hx509_certs_init("MEMORY:chain", 0, NULL, &chain);
ret = hx509_certs_init("MEMORY:certs", 0, NULL, &certs);
ret = hx509_verify_init_ctx(context, &ctx);
ret = hx509_certs_init(context, "MEMORY:anchors", 0, NULL, &anchors);
ret = hx509_certs_init(context, "MEMORY:chain", 0, NULL, &chain);
ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs);
while(argc--) {
char *s = *argv++;
@@ -563,21 +567,21 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
if (strncmp(s, "chain:", 6) == 0) {
s += 6;
ret = hx509_certs_append(chain, NULL, s);
ret = hx509_certs_append(context, chain, NULL, s);
if (ret)
errx(1, "hx509_certs_append: chain: %s: %d", s, ret);
} else if (strncmp(s, "anchor:", 7) == 0) {
s += 7;
ret = hx509_certs_append(anchors, NULL, s);
ret = hx509_certs_append(context, anchors, NULL, s);
if (ret)
errx(1, "hx509_certs_append: anchor: %s: %d", s, ret);
} else if (strncmp(s, "cert:", 5) == 0) {
s += 5;
ret = hx509_certs_append(certs, NULL, s);
ret = hx509_certs_append(context, certs, NULL, s);
if (ret)
errx(1, "hx509_certs_append: certs: %s: %d", s, ret);
@@ -591,7 +595,7 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
v.ctx = ctx;
v.chain = chain;
ret = hx509_certs_iter(certs, verify_f, &v);
ret = hx509_certs_iter(context, certs, verify_f, &v);
hx509_verify_destroy_ctx(ctx);
@@ -614,14 +618,14 @@ query(struct query_options *opt, int argc, char **argv)
_hx509_query_clear(&q);
hx509_lock_init(&lock);
hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings);
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs);
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
while (argc > 0) {
ret = hx509_certs_append(certs, lock, argv[0]);
ret = hx509_certs_append(context, certs, lock, argv[0]);
if (ret)
errx(1, "hx509_certs_append: %s: %d", argv[0], ret);
@@ -638,7 +642,7 @@ query(struct query_options *opt, int argc, char **argv)
q.match |= HX509_QUERY_PRIVATE_KEY;
ret = _hx509_certs_find(certs, &q, &c);
ret = _hx509_certs_find(context, certs, &q, &c);
if (ret)
warnx("_hx509_certs_find: %d", ret);
else
@@ -704,9 +708,15 @@ main(int argc, char **argv)
if (argc == 0)
usage(1);
ret = hx509_context_init(&context);
if (ret)
errx(1, "hx509_context_init failed with %d");
ret = sl_command(commands, argc, argv);
if(ret == -1)
warnx ("unrecognized command: %s", argv[0]);
hx509_context_free(&context);
return ret;
}

106
lib/hx509/keyset.c
View File

@@ -34,44 +34,43 @@
#include "hx_locl.h"
RCSID("$Id$");
static struct hx509_keyset_ops **ks_ops;
static int ks_num_ops;
struct hx509_certs_data {
struct hx509_keyset_ops *ops;
void *ops_data;
};
static struct hx509_keyset_ops *
_hx509_ks_type(const char *type)
_hx509_ks_type(hx509_context context, const char *type)
{
int i;
for (i = 0; i < ks_num_ops; i++)
if (strcasecmp(type, ks_ops[i]->name) == 0)
return ks_ops[i];
for (i = 0; i < context->ks_num_ops; i++)
if (strcasecmp(type, context->ks_ops[i]->name) == 0)
return context->ks_ops[i];
return NULL;
}
void
_hx509_ks_register(struct hx509_keyset_ops *ops)
_hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops)
{
struct hx509_keyset_ops **val;
if (_hx509_ks_type(ops->name))
if (_hx509_ks_type(context, ops->name))
return;
val = realloc(ks_ops, (ks_num_ops + 1) * sizeof(ks_ops[0]));
val = realloc(context->ks_ops,
(context->ks_num_ops + 1) * sizeof(context->ks_ops[0]));
if (val == NULL)
return;
val[ks_num_ops] = ops;
ks_ops = val;
ks_num_ops++;
val[context->ks_num_ops] = ops;
context->ks_ops = val;
context->ks_num_ops++;
}
int
hx509_certs_init(const char *name, int flags,
hx509_certs_init(hx509_context context,
const char *name, int flags,
hx509_lock lock, hx509_certs *certs)
{
struct hx509_keyset_ops *ops;
@@ -82,14 +81,6 @@ hx509_certs_init(const char *name, int flags,
*certs = NULL;
if (ks_ops == NULL) {
_hx509_ks_mem_register();
_hx509_ks_file_register();
_hx509_ks_pkcs12_register();
_hx509_ks_pkcs11_register();
_hx509_ks_dir_register();
}
residue = strchr(name, ':');
if (residue) {
type = strndup(name, residue - name);
@@ -103,7 +94,7 @@ hx509_certs_init(const char *name, int flags,
if (type == NULL)
return ENOMEM;
ops = _hx509_ks_type(type);
ops = _hx509_ks_type(context, type);
free(type);
if (ops == NULL)
return ENOENT;
@@ -114,7 +105,7 @@ hx509_certs_init(const char *name, int flags,
c->ops = ops;
ret = (*ops->init)(c, &c->ops_data, flags, residue, lock);
ret = (*ops->init)(context, c, &c->ops_data, flags, residue, lock);
if (ret) {
free(c);
return ENOMEM;
@@ -134,14 +125,16 @@ hx509_certs_free(hx509_certs *certs)
}
int
hx509_certs_start_seq(hx509_certs certs, hx509_cursor cursor)
hx509_certs_start_seq(hx509_context context,
hx509_certs certs,
hx509_cursor cursor)
{
int ret;
if (certs->ops->iter_start == NULL)
return ENOENT;
ret = (*certs->ops->iter_start)(certs, certs->ops_data, cursor);
ret = (*certs->ops->iter_start)(context, certs, certs->ops_data, cursor);
if (ret)
return ret;
@@ -149,53 +142,60 @@ hx509_certs_start_seq(hx509_certs certs, hx509_cursor cursor)
}
int
hx509_certs_next_cert(hx509_certs certs, hx509_cursor cursor,
hx509_certs_next_cert(hx509_context context,
hx509_certs certs,
hx509_cursor cursor,
hx509_cert *cert)
{
*cert = NULL;
return (*certs->ops->iter)(certs, certs->ops_data, cursor, cert);
return (*certs->ops->iter)(context, certs, certs->ops_data, cursor, cert);
}
int
hx509_certs_end_seq(hx509_certs certs, hx509_cursor cursor)
hx509_certs_end_seq(hx509_context context,
hx509_certs certs,
hx509_cursor cursor)
{
(*certs->ops->iter_end)(certs, certs->ops_data, cursor);
(*certs->ops->iter_end)(context, certs, certs->ops_data, cursor);
return 0;
}
int
hx509_certs_iter(hx509_certs certs, int (*fn)(void *, hx509_cert), void *ctx)
hx509_certs_iter(hx509_context context,
hx509_certs certs,
int (*fn)(hx509_context, void *, hx509_cert),
void *ctx)
{
hx509_cursor cursor;
hx509_cert c;
int ret;
ret = hx509_certs_start_seq(certs, &cursor);
ret = hx509_certs_start_seq(context, certs, &cursor);
if (ret)
return ret;
while (1) {
ret = hx509_certs_next_cert(certs, cursor, &c);
ret = hx509_certs_next_cert(context, certs, cursor, &c);
if (ret)
break;
if (c == NULL) {
ret = 0;
break;
}
ret = (*fn)(ctx, c);
ret = (*fn)(context, ctx, c);
hx509_cert_free(c);
if (ret)
break;
}
hx509_certs_end_seq(certs, cursor);
hx509_certs_end_seq(context, certs, cursor);
return ret;
}
int
hx509_ci_print_names(void *ctx, hx509_cert c)
hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c)
{
Certificate *cert;
hx509_name n;
@@ -212,16 +212,19 @@ hx509_ci_print_names(void *ctx, hx509_cert c)
}
int
hx509_certs_add(hx509_certs certs, hx509_cert cert)
hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert)
{
if (certs->ops->add == NULL)
return ENOENT;
return (*certs->ops->add)(certs, certs->ops_data, cert);
return (*certs->ops->add)(context, certs, certs->ops_data, cert);
}
int
_hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
_hx509_certs_find(hx509_context context,
hx509_certs certs,
const hx509_query *q,
hx509_cert *r)
{
hx509_cursor cursor;
hx509_cert c;
@@ -230,15 +233,15 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
*r = NULL;
if (certs->ops->query)
return (*certs->ops->query)(certs, certs->ops_data, q, r);
return (*certs->ops->query)(context, certs, certs->ops_data, q, r);
ret = hx509_certs_start_seq(certs, &cursor);
ret = hx509_certs_start_seq(context, certs, &cursor);
if (ret)
return ret;
c = NULL;
while (1) {
ret = hx509_certs_next_cert(certs, cursor, &c);
ret = hx509_certs_next_cert(context, certs, cursor, &c);
if (ret)
break;
if (c == NULL)
@@ -250,7 +253,7 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
hx509_cert_free(c);
}
hx509_certs_end_seq(certs, cursor);
hx509_certs_end_seq(context, certs, cursor);
if (ret)
return ret;
if (c == NULL)
@@ -260,27 +263,30 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
}
static int
certs_merge_func(void *ctx, hx509_cert c)
certs_merge_func(hx509_context context, void *ctx, hx509_cert c)
{
return hx509_certs_add((hx509_certs)ctx, c);
return hx509_certs_add(context, (hx509_certs)ctx, c);
}
int
hx509_certs_merge(hx509_certs to, hx509_certs from)
hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from)
{
return hx509_certs_iter(from, certs_merge_func, to);
return hx509_certs_iter(context, from, certs_merge_func, to);
}
int
hx509_certs_append(hx509_certs to, hx509_lock lock, const char *name)
hx509_certs_append(hx509_context context,
hx509_certs to,
hx509_lock lock,
const char *name)
{
hx509_certs s;
int ret;
ret = hx509_certs_init(name, 0, lock, &s);
ret = hx509_certs_init(context, name, 0, lock, &s);
if (ret)
return ret;
ret = hx509_certs_merge(to, s);
ret = hx509_certs_merge(context, to, s);
hx509_certs_free(&s);
return ret;
}

24
lib/hx509/ks_dir.c
View File

@@ -36,8 +36,9 @@ RCSID("$Id$");
#include <dirent.h>
static int
dir_init(hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
dir_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
*data = NULL;
@@ -70,7 +71,8 @@ dir_free(hx509_certs certs, void *data)
static int
dir_iter_start(hx509_certs certs, void *data, void **cursor)
dir_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{
DIR *d;
@@ -85,7 +87,8 @@ dir_iter_start(hx509_certs certs, void *data, void **cursor)
}
static int
dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
dir_iter(hx509_context context,
hx509_certs certs, void *data, void *iter, hx509_cert *cert)
{
DIR *d = iter;
int ret;
@@ -103,7 +106,7 @@ dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
if (asprintf(&fn, "%s/%s", (char *)data, dir->d_name) == -1)
return ENOMEM;
ret = _hx509_file_to_cert(fn, cert);
ret = _hx509_file_to_cert(context, fn, cert);
free(fn);
} while(ret != 0);
@@ -112,9 +115,10 @@ dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
static int
dir_iter_end(hx509_certs certs,
void *data,
void *cursor)
dir_iter_end(hx509_context context,
hx509_certs certs,
void *data,
void *cursor)
{
DIR *d = cursor;
closedir(d);
@@ -135,7 +139,7 @@ static struct hx509_keyset_ops keyset_dir = {
};
void
_hx509_ks_dir_register(void)
_hx509_ks_dir_register(hx509_context context)
{
_hx509_ks_register(&keyset_dir);
_hx509_ks_register(context, &keyset_dir);
}

34
lib/hx509/ks_file.c
View File

@@ -123,7 +123,7 @@ parse_file_der(const char *fn, Certificate *t)
}
int
_hx509_file_to_cert(const char *certfn, hx509_cert *cert)
_hx509_file_to_cert(hx509_context context, const char *certfn, hx509_cert *cert)
{
Certificate t;
int ret;
@@ -134,7 +134,7 @@ _hx509_file_to_cert(const char *certfn, hx509_cert *cert)
if (ret)
return ret;
ret = hx509_cert_init(&t, cert);
ret = hx509_cert_init(context, &t, cert);
free_Certificate(&t);
return ret;
@@ -142,7 +142,8 @@ _hx509_file_to_cert(const char *certfn, hx509_cert *cert)
static int
file_init(hx509_certs certs, void **data, int flags,
file_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
char *certfn = NULL, *keyfn, *friendlyname = NULL;
@@ -156,7 +157,7 @@ file_init(hx509_certs certs, void **data, int flags,
if (lock == NULL)
lock = _hx509_empty_lock;
c = _hx509_collector_alloc(lock);
c = _hx509_collector_alloc(context, lock);
if (c == NULL)
return ENOMEM;
@@ -177,11 +178,11 @@ file_init(hx509_certs certs, void **data, int flags,
*friendlyname++ = '\0';
}
ret = _hx509_file_to_cert(certfn, &cert);
ret = _hx509_file_to_cert(context, certfn, &cert);
if (ret)
goto out;
_hx509_collector_certs_add(c, cert);
_hx509_collector_certs_add(context, c, cert);
if (keyfn) {
ret = _hx509_cert_assign_private_key_file(cert, lock, keyfn);
@@ -194,7 +195,7 @@ file_init(hx509_certs certs, void **data, int flags,
goto out;
}
ret = _hx509_collector_collect(c, &f->certs);
ret = _hx509_collector_collect(context, c, &f->certs);
if (ret == 0)
*data = f;
out:
@@ -223,26 +224,29 @@ file_free(hx509_certs certs, void *data)
static int
file_iter_start(hx509_certs certs, void *data, void **cursor)
file_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{
struct ks_file *f = data;
return hx509_certs_start_seq(f->certs, cursor);
return hx509_certs_start_seq(context, f->certs, cursor);
}
static int
file_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
file_iter(hx509_context context,
hx509_certs certs, void *data, void *iter, hx509_cert *cert)
{
struct ks_file *f = data;
return hx509_certs_next_cert(f->certs, iter, cert);
return hx509_certs_next_cert(context, f->certs, iter, cert);
}
static int
file_iter_end(hx509_certs certs,
file_iter_end(hx509_context context,
hx509_certs certs,
void *data,
void *cursor)
{
struct ks_file *f = data;
return hx509_certs_end_seq(f->certs, cursor);
return hx509_certs_end_seq(context, f->certs, cursor);
}
@@ -259,7 +263,7 @@ static struct hx509_keyset_ops keyset_file = {
};
void
_hx509_ks_file_register(void)
_hx509_ks_file_register(hx509_context context)
{
_hx509_ks_register(&keyset_file);
_hx509_ks_register(context, &keyset_file);
}

20
lib/hx509/ks_mem.c
View File

@@ -41,7 +41,8 @@ struct mem_data {
};
static int
mem_init(hx509_certs certs, void **data, int flags,
mem_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
struct mem_data *mem;
@@ -75,7 +76,7 @@ mem_free(hx509_certs certs, void *data)
}
static int
mem_add(hx509_certs certs, void *data, hx509_cert c)
mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
{
struct mem_data *mem = data;
hx509_cert *val;
@@ -92,7 +93,10 @@ mem_add(hx509_certs certs, void *data, hx509_cert c)
}
static int
mem_iter_start(hx509_certs certs, void *data, void **cursor)
mem_iter_start(hx509_context context,
hx509_certs certs,
void *data,
void **cursor)
{
unsigned long *iter = malloc(sizeof(*iter));
@@ -106,7 +110,8 @@ mem_iter_start(hx509_certs certs, void *data, void **cursor)
}
static int
mem_iter(hx509_certs certs,
mem_iter(hx509_context contexst,
hx509_certs certs,
void *data,
void *cursor,
hx509_cert *cert)
@@ -125,7 +130,8 @@ mem_iter(hx509_certs certs,
}
static int
mem_iter_end(hx509_certs certs,
mem_iter_end(hx509_context context,
hx509_certs certs,
void *data,
void *cursor)
{
@@ -146,7 +152,7 @@ static struct hx509_keyset_ops keyset_mem = {
};
void
_hx509_ks_mem_register(void)
_hx509_ks_mem_register(hx509_context context)
{
_hx509_ks_register(&keyset_mem);
_hx509_ks_register(context, &keyset_mem);
}

14
lib/hx509/ks_null.c
View File

@@ -36,7 +36,8 @@ RCSID("$Id$");
static int
null_init(hx509_certs certs, void **data, int flags,
null_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
*data = NULL;
@@ -51,21 +52,24 @@ null_free(hx509_certs certs, void *data)
}
static int
null_iter_start(hx509_certs certs, void *data, void **cursor)
null_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{
*cursor = NULL;
return 0;
}
static int
null_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
null_iter(hx509_context context,
hx509_certs certs, void *data, void *iter, hx509_cert *cert)
{
*cert = NULL;
return ENOENT;
}
static int
null_iter_end(hx509_certs certs,
null_iter_end(hx509_context context,
hx509_certs certs,
void *data,
void *cursor)
{
@@ -74,8 +78,6 @@ null_iter_end(hx509_certs certs,
}
struct hx509_keyset_ops keyset_null = {
"NULL",
0,

58
lib/hx509/ks_p11.c
View File

@@ -415,12 +415,17 @@ getattr_bn(struct p11_module *p, struct p11_slot *slot,
return bn;
}
struct p11_collector {
hx509_context context;
struct hx509_collector *c;
};
static int
collect_private_key(struct p11_module *p, struct p11_slot *slot,
CK_OBJECT_HANDLE object,
void *ptr, CK_ATTRIBUTE *query, int num_query)
{
struct hx509_collector *c = ptr;
struct p11_collector *ctx = ptr;
AlgorithmIdentifier alg;
hx509_private_key key;
heim_octet_string localKeyId;
@@ -467,7 +472,7 @@ collect_private_key(struct p11_module *p, struct p11_slot *slot,
_hx509_private_key_assign_rsa(key, rsa);
ret = _hx509_collector_private_key_add(c,
ret = _hx509_collector_private_key_add(ctx->c,
&alg,
key,
NULL,
@@ -486,7 +491,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
void *ptr, CK_ATTRIBUTE *query, int num_query)
{
heim_octet_string localKeyId;
struct hx509_collector *c = ptr;
struct p11_collector *ctx = ptr;
hx509_cert cert;
Certificate t;
int ret;
@@ -499,7 +504,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
if (ret)
return 0;
ret = hx509_cert_init(&t, &cert);
ret = hx509_cert_init(ctx->context, &t, &cert);
free_Certificate(&t);
if (ret)
return ret;
@@ -508,7 +513,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
oid_id_pkcs_9_at_localKeyId(),
&localKeyId);
ret = _hx509_collector_certs_add(c, cert);
ret = _hx509_collector_certs_add(ctx->context, ctx->c, cert);
if (ret) {
hx509_cert_free(cert);
return ret;
@@ -519,11 +524,13 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
static int
p11_list_keys(struct p11_module *p,
p11_list_keys(hx509_context context,
struct p11_module *p,
struct p11_slot *slot,
hx509_lock lock,
hx509_certs *certs)
{
struct p11_collector ctx;
CK_OBJECT_CLASS key_class;
CK_ATTRIBUTE search_data[] = {
{CKA_CLASS, &key_class, sizeof(key_class)},
@@ -533,20 +540,21 @@ p11_list_keys(struct p11_module *p,
{CKA_VALUE, NULL, 0}
};
int ret;
struct hx509_collector *c;
if (lock == NULL)
lock = _hx509_empty_lock;
c = _hx509_collector_alloc(lock);
if (c == NULL)
ctx.context = context;
ctx.c = _hx509_collector_alloc(context, lock);
if (ctx.c == NULL)
return ENOMEM;
key_class = CKO_PRIVATE_KEY;
ret = iterate_entries(p, slot,
search_data, 1,
query_data, 1,
collect_private_key, c);
collect_private_key, &ctx);
if (ret)
goto out;
@@ -554,21 +562,22 @@ p11_list_keys(struct p11_module *p,
ret = iterate_entries(p, slot,
search_data, 1,
query_data, 2,
collect_cert, c);
collect_cert, &ctx);
if (ret)
goto out;
ret = _hx509_collector_collect(c, &slot->certs);
ret = _hx509_collector_collect(context, ctx.c, &slot->certs);
out:
_hx509_collector_free(c);
_hx509_collector_free(ctx.c);
return ret;
}
static int
p11_init(hx509_certs certs, void **data, int flags,
p11_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
CK_C_GetFunctionList getFuncs;
@@ -640,7 +649,7 @@ p11_init(hx509_certs certs, void **data, int flags,
free(slot_ids);
p11_get_session(p, &p->slot);
p11_list_keys(p, &p->slot, NULL, &p->slot.certs);
p11_list_keys(context, p, &p->slot, NULL, &p->slot.certs);
p11_put_session(p, &p->slot);
}
@@ -676,24 +685,27 @@ p11_free(hx509_certs certs, void *data)
}
static int
p11_iter_start(hx509_certs certs, void *data, void **cursor)
p11_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{
struct p11_module *p = data;
return hx509_certs_start_seq(p->slot.certs, cursor);
return hx509_certs_start_seq(context, p->slot.certs, cursor);
}
static int
p11_iter(hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
p11_iter(hx509_context context,
hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
{
struct p11_module *p = data;
return hx509_certs_next_cert(p->slot.certs, cursor, cert);
return hx509_certs_next_cert(context, p->slot.certs, cursor, cert);
}
static int
p11_iter_end(hx509_certs certs, void *data, void *cursor)
p11_iter_end(hx509_context context,
hx509_certs certs, void *data, void *cursor)
{
struct p11_module *p = data;
return hx509_certs_end_seq(p->slot.certs, cursor);
return hx509_certs_end_seq(context, p->slot.certs, cursor);
}
static struct hx509_keyset_ops keyset_pkcs11 = {
@@ -709,7 +721,7 @@ static struct hx509_keyset_ops keyset_pkcs11 = {
};
void
_hx509_ks_pkcs11_register(void)
_hx509_ks_pkcs11_register(hx509_context context)
{
_hx509_ks_register(&keyset_pkcs11);
_hx509_ks_register(context, &keyset_pkcs11);
}

90
lib/hx509/ks_p12.c
View File

@@ -38,7 +38,9 @@ struct ks_pkcs12 {
hx509_certs certs;
};
typedef int (*collector_func)(struct hx509_collector *, const void *, size_t,
typedef int (*collector_func)(hx509_context,
struct hx509_collector *,
const void *, size_t,
const PKCS12_Attributes *);
struct type {
@@ -47,7 +49,7 @@ struct type {
};
static void
parse_pkcs12_type(struct hx509_collector *, const heim_oid *,
parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *,
const void *, size_t, const PKCS12_Attributes *);
@@ -64,7 +66,8 @@ find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
}
static int
ShroudedKeyBag_parser(struct hx509_collector *c,
ShroudedKeyBag_parser(hx509_context context,
struct hx509_collector *c,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
@@ -84,7 +87,8 @@ ShroudedKeyBag_parser(struct hx509_collector *c,
if (ret)
return ret;
ret = _hx509_pbe_decrypt(_hx509_collector_get_lock(c),
ret = _hx509_pbe_decrypt(context,
_hx509_collector_get_lock(c),
&pk.encryptionAlgorithm,
&pk.encryptedData,
&content);
@@ -110,7 +114,8 @@ ShroudedKeyBag_parser(struct hx509_collector *c,
}
static int
certBag_parser(struct hx509_collector *c,
certBag_parser(hx509_context context,
struct hx509_collector *c,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
@@ -137,12 +142,12 @@ certBag_parser(struct hx509_collector *c,
if (ret)
return ret;
ret = hx509_cert_init(&t, &cert);
ret = hx509_cert_init(context, &t, &cert);
free_Certificate(&t);
if (ret)
return ret;
ret = _hx509_collector_certs_add(c, cert);
ret = _hx509_collector_certs_add(context, c, cert);
if (ret) {
hx509_cert_free(cert);
return ret;
@@ -166,7 +171,8 @@ certBag_parser(struct hx509_collector *c,
}
static int
parse_safe_content(struct hx509_collector *c,
parse_safe_content(hx509_context context,
struct hx509_collector *c,
const unsigned char *p, size_t len)
{
PKCS12_SafeContents sc;
@@ -179,7 +185,8 @@ parse_safe_content(struct hx509_collector *c,
return ret;
for (i = 0; i < sc.len ; i++)
parse_pkcs12_type(c,
parse_pkcs12_type(context,
c,
&sc.val[i].bagId,
sc.val[i].bagValue.data,
sc.val[i].bagValue.length,
@@ -190,7 +197,8 @@ parse_safe_content(struct hx509_collector *c,
}
static int
safeContent_parser(struct hx509_collector *c,
safeContent_parser(hx509_context context,
struct hx509_collector *c,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
@@ -200,13 +208,14 @@ safeContent_parser(struct hx509_collector *c,
ret = decode_PKCS12_OctetString(data, length, &os, NULL);
if (ret)
return ret;
ret = parse_safe_content(c, os.data, os.length);
ret = parse_safe_content(context, c, os.data, os.length);
free_octet_string(&os);
return ret;
};
static int
encryptedData_parser(struct hx509_collector *c,
encryptedData_parser(hx509_context context,
struct hx509_collector *c,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
@@ -216,7 +225,8 @@ encryptedData_parser(struct hx509_collector *c,
memset(&contentType, 0, sizeof(contentType));
ret = hx509_cms_decrypt_encrypted(_hx509_collector_get_lock(c),
ret = hx509_cms_decrypt_encrypted(context,
_hx509_collector_get_lock(c),
data, length,
&contentType,
&content);
@@ -224,7 +234,7 @@ encryptedData_parser(struct hx509_collector *c,
return ret;
if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
ret = parse_safe_content(c, content.data, content.length);
ret = parse_safe_content(context, c, content.data, content.length);
free_octet_string(&content);
free_oid(&contentType);
@@ -232,7 +242,8 @@ encryptedData_parser(struct hx509_collector *c,
}
static int
envelopedData_parser(struct hx509_collector *c,
envelopedData_parser(hx509_context context,
struct hx509_collector *c,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
@@ -245,7 +256,8 @@ envelopedData_parser(struct hx509_collector *c,
lock = _hx509_collector_get_lock(c);
ret = hx509_cms_unenvelope(_hx509_lock_unlock_certs(lock),
ret = hx509_cms_unenvelope(context,
_hx509_lock_unlock_certs(lock),
data, length,
&contentType,
&content);
@@ -253,7 +265,7 @@ envelopedData_parser(struct hx509_collector *c,
return ret;
if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
ret = parse_safe_content(c, content.data, content.length);
ret = parse_safe_content(context, c, content.data, content.length);
free_octet_string(&content);
free_oid(&contentType);
@@ -271,7 +283,9 @@ struct type bagtypes[] = {
};
static void
parse_pkcs12_type(struct hx509_collector *c, const heim_oid *oid,
parse_pkcs12_type(hx509_context context,
struct hx509_collector *c,
const heim_oid *oid,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
@@ -279,11 +293,12 @@ parse_pkcs12_type(struct hx509_collector *c, const heim_oid *oid,
for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++)
if (heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0)
(*bagtypes[i].func)(c, data, length, attrs);
(*bagtypes[i].func)(context, c, data, length, attrs);
}
static int
p12_init(hx509_certs certs, void **data, int flags,
p12_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{
struct ks_pkcs12 *p12;
@@ -299,7 +314,7 @@ p12_init(hx509_certs certs, void **data, int flags,
if (lock == NULL)
lock = _hx509_empty_lock;
c = _hx509_collector_alloc(lock);
c = _hx509_collector_alloc(context, lock);
if (c == NULL)
return ENOMEM;
@@ -350,7 +365,8 @@ p12_init(hx509_certs certs, void **data, int flags,
}
for (i = 0; i < as.len; i++)
parse_pkcs12_type(c,
parse_pkcs12_type(context,
c,
&as.val[i].contentType,
as.val[i].content->data,
as.val[i].content->length,
@@ -358,7 +374,7 @@ p12_init(hx509_certs certs, void **data, int flags,
free_PKCS12_AuthenticatedSafe(&as);
ret = _hx509_collector_collect(c, &p12->certs);
ret = _hx509_collector_collect(context, c, &p12->certs);
if (ret == 0)
*data = p12;
@@ -384,26 +400,34 @@ p12_free(hx509_certs certs, void *data)
}
static int
p12_iter_start(hx509_certs certs, void *data, void **cursor)
p12_iter_start(hx509_context context,
hx509_certs certs,
void *data,
void **cursor)
{
struct ks_pkcs12 *p12 = data;
return hx509_certs_start_seq(p12->certs, cursor);
return hx509_certs_start_seq(context, p12->certs, cursor);
}
static int
p12_iter(hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
p12_iter(hx509_context context,
hx509_certs certs,
void *data,
void *cursor,
hx509_cert *cert)
{
struct ks_pkcs12 *p12 = data;
return hx509_certs_next_cert(p12->certs, cursor, cert);
return hx509_certs_next_cert(context, p12->certs, cursor, cert);
}
static int
p12_iter_end(hx509_certs certs,
void *data,
void *cursor)
p12_iter_end(hx509_context context,
hx509_certs certs,
void *data,
void *cursor)
{
struct ks_pkcs12 *p12 = data;
return hx509_certs_end_seq(p12->certs, cursor);
return hx509_certs_end_seq(context, p12->certs, cursor);
}
static struct hx509_keyset_ops keyset_pkcs12 = {
@@ -419,7 +443,7 @@ static struct hx509_keyset_ops keyset_pkcs12 = {
};
void
_hx509_ks_pkcs12_register(void)
_hx509_ks_pkcs12_register(hx509_context context)
{
_hx509_ks_register(&keyset_pkcs12);
_hx509_ks_register(context, &keyset_pkcs12);
}

24
lib/hx509/lock.c
View File

@@ -53,7 +53,7 @@ hx509_lock _hx509_empty_lock = &empty_lock_data;
*/
int
hx509_lock_init(hx509_lock *lock)
hx509_lock_init(hx509_context context, hx509_lock *lock)
{
hx509_lock l;
int ret;
@@ -64,7 +64,11 @@ hx509_lock_init(hx509_lock *lock)
if (l == NULL)
return ENOMEM;
ret = hx509_certs_init("MEMORY:locks-internal", 0, NULL, &l->certs);
ret = hx509_certs_init(context,
"MEMORY:locks-internal",
0,
NULL,
&l->certs);
if (ret) {
free(l);
return ret;
@@ -122,24 +126,28 @@ hx509_lock_reset_passwords(hx509_lock lock)
}
int
hx509_lock_add_cert(hx509_lock lock, hx509_cert cert)
hx509_lock_add_cert(hx509_context context, hx509_lock lock, hx509_cert cert)
{
return hx509_certs_add(lock->certs, cert);
return hx509_certs_add(context, lock->certs, cert);
}
int
hx509_lock_add_certs(hx509_lock lock, hx509_certs certs)
hx509_lock_add_certs(hx509_context context, hx509_lock lock, hx509_certs certs)
{
return hx509_certs_merge(lock->certs, certs);
return hx509_certs_merge(context, lock->certs, certs);
}
void
hx509_lock_reset_certs(hx509_lock lock)
hx509_lock_reset_certs(hx509_context context, hx509_lock lock)
{
hx509_certs certs = lock->certs;
int ret;
ret = hx509_certs_init("MEMORY:locks-internal", 0, NULL, &lock->certs);
ret = hx509_certs_init(context,
"MEMORY:locks-internal",
0,
NULL,
&lock->certs);
if (ret == 0)
hx509_certs_free(&certs);
else

6
lib/hx509/print.c
View File

@@ -299,7 +299,7 @@ struct {
};
int
hx509_validate_ctx_init(hx509_validate_ctx *ctx)
hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx)
{
*ctx = malloc(sizeof(**ctx));
if (*ctx == NULL)
@@ -330,7 +330,9 @@ hx509_validate_ctx_free(hx509_validate_ctx ctx)
}
int
hx509_validate_cert(hx509_validate_ctx ctx, hx509_cert cert)
hx509_validate_cert(hx509_context context,
hx509_validate_ctx ctx,
hx509_cert cert)
{
Certificate *c = _hx509_get_cert(cert);
TBSCertificate *t = &c->tbsCertificate;