summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2014-04-20 15:36:21 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2014-04-20 15:36:21 +0000
commitd4f94e751dc845fe975d93fac80e24e6b4290950 (patch)
treec14675fb13fa76780f854fc52ffc1ff6302a700e /lib
parent05a7d94a4113584e4c01dbe58e568f3c1665a788 (diff)
KNF.
Diffstat (limited to 'lib')
-rw-r--r--lib/libcrypto/x509/x509_err.c162
-rw-r--r--lib/libcrypto/x509/x509_ext.c144
-rw-r--r--lib/libcrypto/x509/x509_lu.c355
-rw-r--r--lib/libcrypto/x509/x509_obj.c140
-rw-r--r--lib/libcrypto/x509/x509_r2x.c51
-rw-r--r--lib/libcrypto/x509/x509_req.c210
6 files changed, 592 insertions, 470 deletions
diff --git a/lib/libcrypto/x509/x509_err.c b/lib/libcrypto/x509/x509_err.c
index ab5e8aaea2f..4a890a180d2 100644
--- a/lib/libcrypto/x509/x509_err.c
+++ b/lib/libcrypto/x509/x509_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -68,96 +68,94 @@
#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
-static ERR_STRING_DATA X509_str_functs[]=
-{
-{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
-{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
-{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
-{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
-{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
-{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
-{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
-{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
-{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
-{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
-{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
-{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
-{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
-{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
-{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
-{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
-{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
-{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
-{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
-{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
-{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
-{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
-{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
-{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
-{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
-{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
-{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
-{0,NULL}
+static ERR_STRING_DATA X509_str_functs[] = {
+ {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
+ {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
+ {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
+ {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
+ {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
+ {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
+ {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
+ {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
+ {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
+ {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
+ {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
+ {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
+ {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
+ {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
+ {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
+ {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
+ {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
+ {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
+ {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
+ {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
+ {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
+ {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
+ {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
+ {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
+ {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
+ {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
+ {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"},
+ {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
+ {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
+ {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
+ {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
+ {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
+ {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"},
+ {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
+ {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
+ {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
+ {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
+ {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
+ {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
+ {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
+ {0, NULL}
};
-static ERR_STRING_DATA X509_str_reasons[]=
-{
-{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"},
-{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"},
-{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"},
-{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
-{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"},
-{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"},
-{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"},
-{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"},
-{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"},
-{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"},
-{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"},
-{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"},
-{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"},
-{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
-{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"},
-{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"},
-{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"},
-{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
-{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
-{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"},
-{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"},
-{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"},
-{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"},
-{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
-{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"},
-{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"},
-{0,NULL}
+static ERR_STRING_DATA X509_str_reasons[] = {
+ {ERR_REASON(X509_R_BAD_X509_FILETYPE) , "bad x509 filetype"},
+ {ERR_REASON(X509_R_BASE64_DECODE_ERROR) , "base64 decode error"},
+ {ERR_REASON(X509_R_CANT_CHECK_DH_KEY) , "cant check dh key"},
+ {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), "cert already in hash table"},
+ {ERR_REASON(X509_R_ERR_ASN1_LIB) , "err asn1 lib"},
+ {ERR_REASON(X509_R_INVALID_DIRECTORY) , "invalid directory"},
+ {ERR_REASON(X509_R_INVALID_FIELD_NAME) , "invalid field name"},
+ {ERR_REASON(X509_R_INVALID_TRUST) , "invalid trust"},
+ {ERR_REASON(X509_R_KEY_TYPE_MISMATCH) , "key type mismatch"},
+ {ERR_REASON(X509_R_KEY_VALUES_MISMATCH) , "key values mismatch"},
+ {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"},
+ {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"},
+ {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"},
+ {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"},
+ {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
+ {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"},
+ {ERR_REASON(X509_R_SHOULD_RETRY) , "should retry"},
+ {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), "unable to find parameters in chain"},
+ {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), "unable to get certs public key"},
+ {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) , "unknown key type"},
+ {ERR_REASON(X509_R_UNKNOWN_NID) , "unknown nid"},
+ {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) , "unknown purpose id"},
+ {ERR_REASON(X509_R_UNKNOWN_TRUST_ID) , "unknown trust id"},
+ {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
+ {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) , "wrong lookup type"},
+ {ERR_REASON(X509_R_WRONG_TYPE) , "wrong type"},
+ {0, NULL}
};
#endif
-void ERR_load_X509_strings(void)
+void
+ERR_load_X509_strings(void)
{
#ifndef OPENSSL_NO_ERR
-
if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
- ERR_load_strings(0,X509_str_functs);
- ERR_load_strings(0,X509_str_reasons);
+ ERR_load_strings(0, X509_str_functs);
+ ERR_load_strings(0, X509_str_reasons);
}
#endif
}
diff --git a/lib/libcrypto/x509/x509_ext.c b/lib/libcrypto/x509/x509_ext.c
index bdc489f3674..a2441c2c2c0 100644
--- a/lib/libcrypto/x509/x509_ext.c
+++ b/lib/libcrypto/x509/x509_ext.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -66,142 +66,168 @@
#include <openssl/x509v3.h>
-int X509_CRL_get_ext_count(X509_CRL *x)
+int
+X509_CRL_get_ext_count(X509_CRL *x)
{
- return(X509v3_get_ext_count(x->crl->extensions));
+ return (X509v3_get_ext_count(x->crl->extensions));
}
-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
+int
+X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
{
- return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
+ return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos));
}
-int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
+int
+X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
{
- return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
+ return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos));
}
-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
+int
+X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
{
- return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
+ return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos));
}
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
+X509_EXTENSION *
+X509_CRL_get_ext(X509_CRL *x, int loc)
{
- return(X509v3_get_ext(x->crl->extensions,loc));
+ return (X509v3_get_ext(x->crl->extensions, loc));
}
-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
+X509_EXTENSION *
+X509_CRL_delete_ext(X509_CRL *x, int loc)
{
- return(X509v3_delete_ext(x->crl->extensions,loc));
+ return (X509v3_delete_ext(x->crl->extensions, loc));
}
-void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
+void *
+X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
{
return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
}
-int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
- unsigned long flags)
+int
+X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+ unsigned long flags)
{
return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
}
-int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
+int
+X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
{
- return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
+ return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL);
}
-int X509_get_ext_count(X509 *x)
+int
+X509_get_ext_count(X509 *x)
{
- return(X509v3_get_ext_count(x->cert_info->extensions));
+ return (X509v3_get_ext_count(x->cert_info->extensions));
}
-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
+int
+X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
{
- return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
+ return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos));
}
-int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
+int
+X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
{
- return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
+ return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos));
}
-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
+int
+X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
{
- return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
+ return (X509v3_get_ext_by_critical(x->cert_info->extensions, crit,
+ lastpos));
}
-X509_EXTENSION *X509_get_ext(X509 *x, int loc)
+X509_EXTENSION *
+X509_get_ext(X509 *x, int loc)
{
- return(X509v3_get_ext(x->cert_info->extensions,loc));
+ return (X509v3_get_ext(x->cert_info->extensions, loc));
}
-X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
+X509_EXTENSION *
+X509_delete_ext(X509 *x, int loc)
{
- return(X509v3_delete_ext(x->cert_info->extensions,loc));
+ return (X509v3_delete_ext(x->cert_info->extensions, loc));
}
-int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
+int
+X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
{
- return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
+ return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
}
-void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
+void *
+X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
{
return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
}
-int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
- unsigned long flags)
+int
+X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags)
{
return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
- flags);
+ flags);
}
-int X509_REVOKED_get_ext_count(X509_REVOKED *x)
+int
+X509_REVOKED_get_ext_count(X509_REVOKED *x)
{
- return(X509v3_get_ext_count(x->extensions));
+ return (X509v3_get_ext_count(x->extensions));
}
-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
+int
+X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
{
- return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
+ return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
}
-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
- int lastpos)
+int
+X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, int lastpos)
{
- return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
+ return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
}
-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
+int
+X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
{
- return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
+ return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
}
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
+X509_EXTENSION *
+X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
{
- return(X509v3_get_ext(x->extensions,loc));
+ return (X509v3_get_ext(x->extensions, loc));
}
-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
+X509_EXTENSION *
+X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
{
- return(X509v3_delete_ext(x->extensions,loc));
+ return (X509v3_delete_ext(x->extensions, loc));
}
-int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
+int
+X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
{
- return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
+ return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
}
-void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
+void *
+X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
{
return X509V3_get_d2i(x->extensions, nid, crit, idx);
}
-int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
- unsigned long flags)
+int
+X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+ unsigned long flags)
{
return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
}
diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c
index a89cd70313e..aec1121ffb0 100644
--- a/lib/libcrypto/x509/x509_lu.c
+++ b/lib/libcrypto/x509/x509_lu.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -62,18 +62,20 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
+X509_LOOKUP *
+X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
{
X509_LOOKUP *ret;
- ret=(X509_LOOKUP *)malloc(sizeof(X509_LOOKUP));
- if (ret == NULL) return NULL;
+ ret = (X509_LOOKUP *)malloc(sizeof(X509_LOOKUP));
+ if (ret == NULL)
+ return NULL;
- ret->init=0;
- ret->skip=0;
- ret->method=method;
- ret->method_data=NULL;
- ret->store_ctx=NULL;
+ ret->init = 0;
+ ret->skip = 0;
+ ret->method = method;
+ ret->method_data = NULL;
+ ret->store_ctx = NULL;
if ((method->new_item != NULL) && !method->new_item(ret)) {
free(ret);
return NULL;
@@ -81,91 +83,104 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
return ret;
}
-void X509_LOOKUP_free(X509_LOOKUP *ctx)
+void
+X509_LOOKUP_free(X509_LOOKUP *ctx)
{
- if (ctx == NULL) return;
- if ( (ctx->method != NULL) &&
- (ctx->method->free != NULL))
+ if (ctx == NULL)
+ return;
+ if ((ctx->method != NULL) && (ctx->method->free != NULL))
(*ctx->method->free)(ctx);
free(ctx);
}
-int X509_LOOKUP_init(X509_LOOKUP *ctx)
+int
+X509_LOOKUP_init(X509_LOOKUP *ctx)
{
- if (ctx->method == NULL) return 0;
+ if (ctx->method == NULL)
+ return 0;
if (ctx->method->init != NULL)
return ctx->method->init(ctx);
else
return 1;
}
-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
+int
+X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
{
- if (ctx->method == NULL) return 0;
+ if (ctx->method == NULL)
+ return 0;
if (ctx->method->shutdown != NULL)
return ctx->method->shutdown(ctx);
else
return 1;
}
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
- char **ret)
+int
+X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+ char **ret)
{
- if (ctx->method == NULL) return -1;
+ if (ctx->method == NULL)
+ return -1;
if (ctx->method->ctrl != NULL)
- return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
+ return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
else
return 1;
}
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
- X509_OBJECT *ret)
- {
+int
+X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+ X509_OBJECT *ret)
+{
if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
return X509_LU_FAIL;
- if (ctx->skip) return 0;
- return ctx->method->get_by_subject(ctx,type,name,ret);
+ if (ctx->skip)
+ return 0;
+ return ctx->method->get_by_subject(ctx, type, name, ret);
}
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
- ASN1_INTEGER *serial, X509_OBJECT *ret)
+int
+X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+ ASN1_INTEGER *serial, X509_OBJECT *ret)
{
if ((ctx->method == NULL) ||
- (ctx->method->get_by_issuer_serial == NULL))
+ (ctx->method->get_by_issuer_serial == NULL))
return X509_LU_FAIL;
- return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
+ return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
}
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
- unsigned char *bytes, int len, X509_OBJECT *ret)
+int
+X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, unsigned char *bytes,
+ int len, X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
return X509_LU_FAIL;
- return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
+ return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
}
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
- X509_OBJECT *ret)
+int
+X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+ X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
return X509_LU_FAIL;
- return ctx->method->get_by_alias(ctx,type,str,len,ret);
-}
-
-
-static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
- {
- int ret;
-
- ret=((*a)->type - (*b)->type);
- if (ret) return ret;
- switch ((*a)->type) {
- case X509_LU_X509:
- ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
- break;
- case X509_LU_CRL:
- ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
- break;
+ return ctx->method->get_by_alias(ctx, type, str, len, ret);
+}
+
+static int
+x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
+{
+ int ret;
+
+ ret = ((*a)->type - (*b)->type);
+ if (ret)
+ return ret;
+ switch ((*a)->type) {
+ case X509_LU_X509:
+ ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
+ break;
+ case X509_LU_CRL:
+ ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
+ break;
default:
/* abort(); */
return 0;
@@ -173,23 +188,24 @@ static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * con
return ret;
}
-X509_STORE *X509_STORE_new(void)
+X509_STORE *
+X509_STORE_new(void)
{
X509_STORE *ret;
- if ((ret=(X509_STORE *)malloc(sizeof(X509_STORE))) == NULL)
+ if ((ret = (X509_STORE *)malloc(sizeof(X509_STORE))) == NULL)
return NULL;
ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
- ret->cache=1;
- ret->get_cert_methods=sk_X509_LOOKUP_new_null();
- ret->verify=0;
- ret->verify_cb=0;
+ ret->cache = 1;
+ ret->get_cert_methods = sk_X509_LOOKUP_new_null();
+ ret->verify = 0;
+ ret->verify_cb = 0;
if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) {
sk_X509_OBJECT_free(ret->objs);
free(ret);
return NULL;
-}
+ }
ret->get_issuer = 0;
ret->check_issued = 0;
@@ -201,17 +217,19 @@ X509_STORE *X509_STORE_new(void)
ret->lookup_crls = 0;
ret->cleanup = 0;
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE,
+ ret, &ret->ex_data)) {
sk_X509_OBJECT_free(ret->objs);
free(ret);
return NULL;
}
- ret->references=1;
+ ret->references = 1;
return ret;
}
-static void cleanup(X509_OBJECT *a)
+static void
+cleanup(X509_OBJECT *a)
{
if (a->type == X509_LU_X509) {
X509_free(a->data.x509);
@@ -224,18 +242,19 @@ static void cleanup(X509_OBJECT *a)
free(a);
}
-void X509_STORE_free(X509_STORE *vfy)
+void
+X509_STORE_free(X509_STORE *vfy)
{
int i;
STACK_OF(X509_LOOKUP) *sk;
X509_LOOKUP *lu;
if (vfy == NULL)
- return;
+ return;
- sk=vfy->get_cert_methods;
- for (i=0; i<sk_X509_LOOKUP_num(sk); i++) {
- lu=sk_X509_LOOKUP_value(sk,i);
+ sk = vfy->get_cert_methods;
+ for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+ lu = sk_X509_LOOKUP_value(sk, i);
X509_LOOKUP_shutdown(lu);
X509_LOOKUP_free(lu);
}
@@ -248,26 +267,27 @@ void X509_STORE_free(X509_STORE *vfy)
free(vfy);
}
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
+X509_LOOKUP *
+X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
{
int i;
STACK_OF(X509_LOOKUP) *sk;
X509_LOOKUP *lu;
- sk=v->get_cert_methods;
- for (i=0; i<sk_X509_LOOKUP_num(sk); i++) {
- lu=sk_X509_LOOKUP_value(sk,i);
+ sk = v->get_cert_methods;
+ for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+ lu = sk_X509_LOOKUP_value(sk, i);
if (m == lu->method) {
return lu;
}
}
/* a new one */
- lu=X509_LOOKUP_new(m);
+ lu = X509_LOOKUP_new(m);
if (lu == NULL)
return NULL;
else {
- lu->store_ctx=v;
- if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
+ lu->store_ctx = v;
+ if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
return lu;
else {
X509_LOOKUP_free(lu);
@@ -276,31 +296,33 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
}
}
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
- X509_OBJECT *ret)
+int
+X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
+ X509_OBJECT *ret)
{
- X509_STORE *ctx=vs->ctx;
+ X509_STORE *ctx = vs->ctx;
X509_LOOKUP *lu;
- X509_OBJECT stmp,*tmp;
- int i,j;
+ X509_OBJECT stmp, *tmp;
+ int i, j;
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
- tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
+ tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
if (tmp == NULL || type == X509_LU_CRL) {
- for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
- lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
- j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
+ for (i = vs->current_method;
+ i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+ lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
+ j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
if (j < 0) {
- vs->current_method=j;
+ vs->current_method = j;
return j;
} else if (j) {
- tmp= &stmp;
+ tmp = &stmp;
break;
}
}
- vs->current_method=0;
+ vs->current_method = 0;
if (tmp == NULL)
return 0;
}
@@ -308,27 +330,29 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
/* if (ret->data.ptr != NULL)
X509_OBJECT_free_contents(ret); */
- ret->type=tmp->type;
- ret->data.ptr=tmp->data.ptr;
+ ret->type = tmp->type;
+ ret->data.ptr = tmp->data.ptr;
X509_OBJECT_up_ref_count(ret);
return 1;
}
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+int
+X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
{
X509_OBJECT *obj;
- int ret=1;
+ int ret = 1;
- if (x == NULL) return 0;
- obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT));
+ if (x == NULL)
+ return 0;
+ obj = (X509_OBJECT *)malloc(sizeof(X509_OBJECT));
if (obj == NULL) {
- X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
+ X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
return 0;
}
- obj->type=X509_LU_X509;
- obj->data.x509=x;
+ obj->type = X509_LU_X509;
+ obj->data.x509 = x;
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
@@ -337,29 +361,32 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
X509_OBJECT_free_contents(obj);
free(obj);
- X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
- ret=0;
- }
- else sk_X509_OBJECT_push(ctx->objs, obj);
+ X509err(X509_F_X509_STORE_ADD_CERT,
+ X509_R_CERT_ALREADY_IN_HASH_TABLE);
+ ret = 0;
+ } else
+ sk_X509_OBJECT_push(ctx->objs, obj);
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
return ret;
}
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+int
+X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
{
X509_OBJECT *obj;
- int ret=1;
+ int ret = 1;
- if (x == NULL) return 0;
- obj=(X509_OBJECT *)malloc(sizeof(X509_OBJECT));
+ if (x == NULL)
+ return 0;
+ obj = (X509_OBJECT *)malloc(sizeof(X509_OBJECT));
if (obj == NULL) {
- X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
+ X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
return 0;
}
- obj->type=X509_LU_CRL;
- obj->data.crl=x;
+ obj->type = X509_LU_CRL;
+ obj->data.crl = x;
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
@@ -368,8 +395,9 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
X509_OBJECT_free_contents(obj);
free(obj);
- X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
- ret=0;
+ X509err(X509_F_X509_STORE_ADD_CRL,
+ X509_R_CERT_ALREADY_IN_HASH_TABLE);
+ ret = 0;
} else
sk_X509_OBJECT_push(ctx->objs, obj);
@@ -378,19 +406,21 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
return ret;
}
-void X509_OBJECT_up_ref_count(X509_OBJECT *a)
+void
+X509_OBJECT_up_ref_count(X509_OBJECT *a)
{
switch (a->type) {
case X509_LU_X509:
- CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
+ CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509);
break;
case X509_LU_CRL:
- CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+ CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
break;
}
}
-void X509_OBJECT_free_contents(X509_OBJECT *a)
+void
+X509_OBJECT_free_contents(X509_OBJECT *a)
{
switch (a->type) {
case X509_LU_X509:
@@ -402,8 +432,9 @@ void X509_OBJECT_free_contents(X509_OBJECT *a)
}
}
-static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
- X509_NAME *name, int *pnmatch)
+static int
+x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name,
+ int *pnmatch)
{
X509_OBJECT stmp;
X509 x509_s;
@@ -412,24 +443,24 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
X509_CRL_INFO crl_info_s;
int idx;
- stmp.type=type;
+ stmp.type = type;
switch (type) {
case X509_LU_X509:
- stmp.data.x509= &x509_s;
- x509_s.cert_info= &cinf_s;
- cinf_s.subject=name;
+ stmp.data.x509 = &x509_s;
+ x509_s.cert_info = &cinf_s;
+ cinf_s.subject = name;
break;
case X509_LU_CRL:
- stmp.data.crl= &crl_s;
- crl_s.crl= &crl_info_s;
- crl_info_s.issuer=name;
+ stmp.data.crl = &crl_s;
+ crl_s.crl = &crl_info_s;
+ crl_info_s.issuer = name;
break;
default:
/* abort(); */
return -1;
}
- idx = sk_X509_OBJECT_find(h,&stmp);
+ idx = sk_X509_OBJECT_find(h, &stmp);
if (idx >= 0 && pnmatch) {
int tidx;
const X509_OBJECT *tobj, *pstmp;
@@ -445,28 +476,32 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
return idx;
}
-
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
- X509_NAME *name)
+int
+X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name)
{
return x509_object_idx_cnt(h, type, name, NULL);
}
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
- X509_NAME *name)
+X509_OBJECT *
+X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+ X509_NAME *name)
{
int idx;
+
idx = X509_OBJECT_idx_by_subject(h, type, name);
- if (idx==-1) return NULL;
+ if (idx == -1)
+ return NULL;
return sk_X509_OBJECT_value(h, idx);
}
-STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+STACK_OF(X509) *
+X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
{
int i, idx, cnt;
STACK_OF(X509) *sk;
X509 *x;
X509_OBJECT *obj;
+
sk = sk_X509_new_null();
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
@@ -482,7 +517,8 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
}
X509_OBJECT_free_contents(&xobj);
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
- idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt);
+ idx = x509_object_idx_cnt(ctx->ctx->objs,
+ X509_LU_X509, nm, &cnt);
if (idx < 0) {
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
sk_X509_free(sk);
@@ -505,12 +541,14 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
}
-STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
+STACK_OF(X509_CRL) *
+X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
{
int i, idx, cnt;
STACK_OF(X509_CRL) *sk;
X509_CRL *x;
X509_OBJECT *obj, xobj;
+
sk = sk_X509_CRL_new_null();
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
/* Check cache first */
@@ -525,7 +563,7 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
}
X509_OBJECT_free_contents(&xobj);
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
- idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt);
+ idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
if (idx < 0) {
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
sk_X509_CRL_free(sk);
@@ -547,17 +585,21 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
return sk;
}
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
+X509_OBJECT *
+X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
{
int idx, i;
X509_OBJECT *obj;
+
idx = sk_X509_OBJECT_find(h, x);
- if (idx == -1) return NULL;
+ if (idx == -1)
+ return NULL;
if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
return sk_X509_OBJECT_value(h, idx);
for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
obj = sk_X509_OBJECT_value(h, i);
- if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+ if (x509_object_cmp((const X509_OBJECT **)&obj,
+ (const X509_OBJECT **)&x))
return NULL;
if (x->type == X509_LU_X509) {
if (!X509_cmp(obj->data.x509, x->data.x509))
@@ -583,17 +625,19 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
* 0 certificate not found.
* -1 some other error.
*/
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+int
+X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
{
X509_NAME *xn;
X509_OBJECT obj, *pobj;
int i, ok, idx, ret;
- xn=X509_get_issuer_name(x);
- ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
+ xn = X509_get_issuer_name(x);
+ ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
if (ok != X509_LU_X509) {
if (ok == X509_LU_RETRY) {
X509_OBJECT_free_contents(&obj);
- X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY);
+ X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,
+ X509_R_SHOULD_RETRY);
return -1;
} else if (ok != X509_LU_FAIL) {
X509_OBJECT_free_contents(&obj);
@@ -620,7 +664,8 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
/* See if we've run past the matches */
if (pobj->type != X509_LU_X509)
break;
- if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
+ if (X509_NAME_cmp(xn,
+ X509_get_subject_name(pobj->data.x509)))
break;
if (ctx->check_issued(ctx, x, pobj->data.x509)) {
*issuer = pobj->data.x509;
@@ -634,34 +679,40 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
return ret;
}
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
+int
+X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
{
return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
}
-int X509_STORE_set_depth(X509_STORE *ctx, int depth)
+int
+X509_STORE_set_depth(X509_STORE *ctx, int depth)
{
X509_VERIFY_PARAM_set_depth(ctx->param, depth);
return 1;
}
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+int
+X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
{
return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
}
-int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+int
+X509_STORE_set_trust(X509_STORE *ctx, int trust)
{
return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
}
-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
+int
+X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
{
return X509_VERIFY_PARAM_set1(ctx->param, param);
}
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
- int (*verify_cb)(int, X509_STORE_CTX *))
+void
+X509_STORE_set_verify_cb(X509_STORE *ctx,
+ int (*verify_cb)(int, X509_STORE_CTX *))
{
ctx->verify_cb = verify_cb;
}
diff --git a/lib/libcrypto/x509/x509_obj.c b/lib/libcrypto/x509/x509_obj.c
index d0c02f833e1..a50b05bb7a1 100644
--- a/lib/libcrypto/x509/x509_obj.c
+++ b/lib/libcrypto/x509/x509_obj.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,105 +63,115 @@
#include <openssl/x509.h>
#include <openssl/buffer.h>
-char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+char *
+X509_NAME_oneline(X509_NAME *a, char *buf, int len)
{
X509_NAME_ENTRY *ne;
-int i;
- int n,lold,l,l1,l2,num,j,type;
+ int i;
+ int n, lold, l,l1, l2, num, j, type;
const char *s;
char *p;
unsigned char *q;
- BUF_MEM *b=NULL;
- static const char hex[17]="0123456789ABCDEF";
+ BUF_MEM *b = NULL;
+ static const char hex[17] = "0123456789ABCDEF";
int gs_doit[4];
char tmp_buf[80];
if (buf == NULL) {
- if ((b=BUF_MEM_new()) == NULL) goto err;
- if (!BUF_MEM_grow(b,200)) goto err;
- b->data[0]='\0';
- len=200;
+ if ((b = BUF_MEM_new()) == NULL)
+ goto err;
+ if (!BUF_MEM_grow(b, 200))
+ goto err;
+ b->data[0] = '\0';
+ len = 200;
}
if (a == NULL) {
- if(b) {
- buf=b->data;
+ if (b) {
+ buf = b->data;
free(b);
}
- strlcpy(buf,"NO X509_NAME",len);
+ strlcpy(buf, "NO X509_NAME", len);
return buf;
}
len--; /* space for '\0' */
- l=0;
- for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++) {
- ne=sk_X509_NAME_ENTRY_value(a->entries,i);
- n=OBJ_obj2nid(ne->object);
- if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) {
- i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
- s=tmp_buf;
+ l = 0;
+ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+ ne = sk_X509_NAME_ENTRY_value(a->entries, i);
+ n = OBJ_obj2nid(ne->object);
+ if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
+ i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
+ s = tmp_buf;
}
- l1=strlen(s);
+ l1 = strlen(s);
- type=ne->value->type;
- num=ne->value->length;
- q=ne->value->data;
- if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) {
- gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
- for (j=0; j<num; j++)
- if (q[j] != 0) gs_doit[j&3]=1;
+ type = ne->value->type;
+ num = ne->value->length;
+ q = ne->value->data;
+ if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
+ gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
+ for (j = 0; j < num; j++)
+ if (q[j] != 0)
+ gs_doit[j & 3] = 1;
if (gs_doit[0]|gs_doit[1]|gs_doit[2])
- gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
+ gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
else {
- gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
- gs_doit[3]=1;
+ gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
+ gs_doit[3] = 1;
}
} else
- gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
+ gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
- for (l2=j=0; j<num; j++) {
- if (!gs_doit[j&3]) continue;
+ for (l2 = j=0; j < num; j++) {
+ if (!gs_doit[j&3])
+ continue;
l2++;
- if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
+ if ((q[j] < ' ') || (q[j] > '~'))
+ l2 += 3;
}
- lold=l;
- l+=1+l1+1+l2;
+ lold = l;
+ l += 1 + l1 + 1 + l2;
if (b != NULL) {
- if (!BUF_MEM_grow(b,l+1)) goto err;
- p= &(b->data[lold]);
+ if (!BUF_MEM_grow(b, l + 1))
+ goto err;
+ p = &(b->data[lold]);
} else if (l > len) {
break;
} else
- p= &(buf[lold]);
- *(p++)='/';
- memcpy(p,s,(unsigned int)l1); p+=l1;
- *(p++)='=';
- q=ne->value->data;
- for (j=0; j<num; j++) {
- if (!gs_doit[j&3]) continue;
- n=q[j];
+ p = &(buf[lold]);
+ *(p++) = '/';
+ memcpy(p, s, (unsigned int)l1);
+ p += l1;
+ *(p++) = '=';
+ q = ne->value->data;
+ for (j = 0; j < num; j++) {
+ if (!gs_doit[j & 3])
+ continue;
+ n = q[j];
if ((n < ' ') || (n > '~')) {
- *(p++)='\\';
- *(p++)='x';
- *(p++)=hex[(n>>4)&0x0f];
- *(p++)=hex[n&0x0f];
+ *(p++) = '\\';
+ *(p++) = 'x';
+ *(p++) = hex[(n >> 4) & 0x0f];
+ *(p++) = hex[n & 0x0f];
} else
- *(p++)=n;
+ *(p++) = n;
}
- *p='\0';
+ *p = '\0';
}
if (b != NULL) {
- p=b->data;
+ p = b->data;
free(b);
} else
- p=buf;
+ p = buf;
if (i == 0)
*p = '\0';
- return(p);
+ return (p);
+
err:
- X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
- if (b != NULL) BUF_MEM_free(b);
- return(NULL);
+ X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
+ if (b != NULL)
+ BUF_MEM_free(b);
+ return (NULL);
}
-
diff --git a/lib/libcrypto/x509/x509_r2x.c b/lib/libcrypto/x509/x509_r2x.c
index f084447334f..530a214c1d3 100644
--- a/lib/libcrypto/x509/x509_r2x.c
+++ b/lib/libcrypto/x509/x509_r2x.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -65,47 +65,50 @@
#include <openssl/objects.h>
#include <openssl/buffer.h>
-X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
+X509 *
+X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
{
- X509 *ret=NULL;
- X509_CINF *xi=NULL;
+ X509 *ret = NULL;
+ X509_CINF *xi = NULL;
X509_NAME *xn;
- if ((ret=X509_new()) == NULL) {
- X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
+ if ((ret = X509_new()) == NULL) {
+ X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
goto err;
}
/* duplicate the request */
- xi=ret->cert_info;
+ xi = ret->cert_info;
if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
- if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
- if (!ASN1_INTEGER_set(xi->version,2)) goto err;
+ if ((xi->version = M_ASN1_INTEGER_new()) == NULL)
+ goto err;
+ if (!ASN1_INTEGER_set(xi->version, 2))
+ goto err;
/* xi->extensions=ri->attributes; <- bad, should not ever be done
ri->attributes=NULL; */
}
- xn=X509_REQ_get_subject_name(r);
- if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0)
+ xn = X509_REQ_get_subject_name(r);
+ if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
goto err;
- if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0)
+ if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
goto err;
- if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
+ if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
goto err;
- if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
+ if (X509_gmtime_adj(xi->validity->notAfter,
+ (long)60 * 60 * 24 * days) == NULL)
goto err;
- X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
+ X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
- if (!X509_sign(ret,pkey,EVP_md5()))
+ if (!X509_sign(ret, pkey, EVP_md5()))
goto err;
if (0) {
err:
X509_free(ret);
- ret=NULL;
+ ret = NULL;
}
- return(ret);
+ return (ret);
}
-
diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c
index 12725ed7e95..ae6fbd7d148 100644
--- a/lib/libcrypto/x509/x509_req.c
+++ b/lib/libcrypto/x509/x509_req.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -67,86 +67,97 @@
#include <openssl/buffer.h>
#include <openssl/pem.h>
-X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+X509_REQ *
+X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
{
X509_REQ *ret;
X509_REQ_INFO *ri;
int i;
EVP_PKEY *pktmp;
- ret=X509_REQ_new();
+ ret = X509_REQ_new();
if (ret == NULL) {
- X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
+ X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
goto err;
}
- ri=ret->req_info;
+ ri = ret->req_info;
- ri->version->length=1;
- ri->version->data=(unsigned char *)malloc(1);
- if (ri->version->data == NULL) goto err;
- ri->version->data[0]=0; /* version == 0 */
+ ri->version->length = 1;
+ ri->version->data = (unsigned char *)malloc(1);
+ if (ri->version->data == NULL)
+ goto err;
+ ri->version->data[0] = 0; /* version == 0 */
- if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
+ if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
goto err;
pktmp = X509_get_pubkey(x);
- i=X509_REQ_set_pubkey(ret,pktmp);
+ i = X509_REQ_set_pubkey(ret, pktmp);
EVP_PKEY_free(pktmp);
- if (!i) goto err;
+ if (!i)
+ goto err;
if (pkey != NULL) {
- if (!X509_REQ_sign(ret,pkey,md))
+ if (!X509_REQ_sign(ret, pkey, md))
goto err;
}
- return(ret);
+ return (ret);
+
err:
X509_REQ_free(ret);
- return(NULL);
+ return (NULL);
}
-EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
+EVP_PKEY *
+X509_REQ_get_pubkey(X509_REQ *req)
{
if ((req == NULL) || (req->req_info == NULL))
- return(NULL);
- return(X509_PUBKEY_get(req->req_info->pubkey));
+ return (NULL);
+ return (X509_PUBKEY_get(req->req_info->pubkey));
}
-int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
+int
+X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
{
- EVP_PKEY *xk=NULL;
- int ok=0;
+ EVP_PKEY *xk = NULL;
+ int ok = 0;
- xk=X509_REQ_get_pubkey(x);
+ xk = X509_REQ_get_pubkey(x);
switch (EVP_PKEY_cmp(xk, k)) {
case 1:
- ok=1;
+ ok = 1;
break;
case 0:
- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+ X509_R_KEY_VALUES_MISMATCH);
break;
case -1:
- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+ X509_R_KEY_TYPE_MISMATCH);
break;
case -2:
#ifndef OPENSSL_NO_EC
if (k->type == EVP_PKEY_EC) {
- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+ ERR_R_EC_LIB);
break;
}
#endif
#ifndef OPENSSL_NO_DH
if (k->type == EVP_PKEY_DH) {
/* No idea */
- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+ X509_R_CANT_CHECK_DH_KEY);
break;
}
#endif
- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+ X509_R_UNKNOWN_KEY_TYPE);
}
EVP_PKEY_free(xk);
- return(ok);
+ return (ok);
}
/* It seems several organisations had the same idea of including a list of
@@ -154,31 +165,38 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
* used and there may be more: so the list is configurable.
*/
-static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
+static int ext_nid_list[] = {NID_ext_req, NID_ms_ext_req, NID_undef};
static int *ext_nids = ext_nid_list;
-int X509_REQ_extension_nid(int req_nid)
+int
+X509_REQ_extension_nid(int req_nid)
{
int i, nid;
- for(i = 0; ; i++) {
+
+ for (i = 0; ; i++) {
nid = ext_nids[i];
- if(nid == NID_undef) return 0;
- else if (req_nid == nid) return 1;
+ if (nid == NID_undef)
+ return 0;
+ else if (req_nid == nid)
+ return 1;
}
}
-int *X509_REQ_get_extension_nids(void)
+int *
+X509_REQ_get_extension_nids(void)
{
return ext_nids;
}
-
-void X509_REQ_set_extension_nids(int *nids)
+
+void
+X509_REQ_set_extension_nids(int *nids)
{
ext_nids = nids;
}
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+STACK_OF(X509_EXTENSION) *
+X509_REQ_get_extensions(X509_REQ *req)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *ext = NULL;
@@ -186,46 +204,50 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
const unsigned char *p;
if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
- return(NULL);
+ return (NULL);
for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
if (idx == -1)
continue;
attr = X509_REQ_get_attr(req, idx);
- if(attr->single) ext = attr->value.single;
- else if(sk_ASN1_TYPE_num(attr->value.set))
+ if (attr->single)
+ ext = attr->value.single;
+ else if (sk_ASN1_TYPE_num(attr->value.set))
ext = sk_ASN1_TYPE_value(attr->value.set, 0);
break;
}
- if(!ext || (ext->type != V_ASN1_SEQUENCE))
+ if (!ext || (ext->type != V_ASN1_SEQUENCE))
return NULL;
p = ext->value.sequence->data;
- return (STACK_OF(X509_EXTENSION) *)
- ASN1_item_d2i(NULL, &p, ext->value.sequence->length,
- ASN1_ITEM_rptr(X509_EXTENSIONS));
+ return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p,
+ ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS));
}
/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
* in case we want to create a non standard one.
*/
-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
- int nid)
+int
+X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+ int nid)
{
ASN1_TYPE *at = NULL;
X509_ATTRIBUTE *attr = NULL;
- if(!(at = ASN1_TYPE_new()) ||
- !(at->value.sequence = ASN1_STRING_new())) goto err;
+
+ if (!(at = ASN1_TYPE_new()) ||
+ !(at->value.sequence = ASN1_STRING_new()))
+ goto err;
at->type = V_ASN1_SEQUENCE;
/* Generate encoding of extensions */
- at->value.sequence->length =
- ASN1_item_i2d((ASN1_VALUE *)exts,
- &at->value.sequence->data,
- ASN1_ITEM_rptr(X509_EXTENSIONS));
- if(!(attr = X509_ATTRIBUTE_new())) goto err;
- if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
- if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
+ at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts,
+ &at->value.sequence->data, ASN1_ITEM_rptr(X509_EXTENSIONS));
+ if (!(attr = X509_ATTRIBUTE_new()))
+ goto err;
+ if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
+ goto err;
+ if (!sk_ASN1_TYPE_push(attr->value.set, at))
+ goto err;
at = NULL;
attr->single = 0;
attr->object = OBJ_nid2obj(nid);
@@ -233,77 +255,89 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
goto err;
}
- if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
+ if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))
+ goto err;
return 1;
- err:
+
+err:
X509_ATTRIBUTE_free(attr);
ASN1_TYPE_free(at);
return 0;
}
+
/* This is the normal usage: use the "official" OID */
-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
+int
+X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
{
return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
}
/* Request attribute functions */
-int X509_REQ_get_attr_count(const X509_REQ *req)
+int
+X509_REQ_get_attr_count(const X509_REQ *req)
{
return X509at_get_attr_count(req->req_info->attributes);
}
-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
- int lastpos)
+int
+X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
{
return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
}
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
- int lastpos)
+int
+X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, int lastpos)
{
return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
}
-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
+X509_ATTRIBUTE *
+X509_REQ_get_attr(const X509_REQ *req, int loc)
{
return X509at_get_attr(req->req_info->attributes, loc);
}
-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
+X509_ATTRIBUTE *
+X509_REQ_delete_attr(X509_REQ *req, int loc)
{
return X509at_delete_attr(req->req_info->attributes, loc);
}
-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
+int
+X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
{
- if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
+ if (X509at_add1_attr(&req->req_info->attributes, attr))
+ return 1;
return 0;
}
-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
- const ASN1_OBJECT *obj, int type,
- const unsigned char *bytes, int len)
+int
+X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes, int len)
{
- if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
- type, bytes, len)) return 1;
+ if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
+ type, bytes, len))
+ return 1;
return 0;
}
-int X509_REQ_add1_attr_by_NID(X509_REQ *req,
- int nid, int type,
- const unsigned char *bytes, int len)
+int
+X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type,
+ const unsigned char *bytes, int len)
{
- if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
- type, bytes, len)) return 1;
+ if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
+ type, bytes, len))
+ return 1;
return 0;
}
-int X509_REQ_add1_attr_by_txt(X509_REQ *req,
- const char *attrname, int type,
- const unsigned char *bytes, int len)
+int
+X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type,
+ const unsigned char *bytes, int len)
{
- if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
- type, bytes, len)) return 1;
+ if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
+ type, bytes, len))
+ return 1;
return 0;
}