diff options
Diffstat (limited to 'lib/x509/x509.c')
-rw-r--r-- | lib/x509/x509.c | 4824 |
1 files changed, 2351 insertions, 2473 deletions
diff --git a/lib/x509/x509.c b/lib/x509/x509.c index a0ec602c2e..164864b668 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -42,30 +42,29 @@ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_init (gnutls_x509_crt_t * cert) +int gnutls_x509_crt_init(gnutls_x509_crt_t * cert) { - gnutls_x509_crt_t tmp = gnutls_calloc (1, sizeof (gnutls_x509_crt_int)); - int result; + gnutls_x509_crt_t tmp = + gnutls_calloc(1, sizeof(gnutls_x509_crt_int)); + int result; - if (!tmp) - return GNUTLS_E_MEMORY_ERROR; + if (!tmp) + return GNUTLS_E_MEMORY_ERROR; - result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Certificate", &tmp->cert); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - gnutls_free (tmp); - return _gnutls_asn2err (result); - } + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.Certificate", &tmp->cert); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + gnutls_free(tmp); + return _gnutls_asn2err(result); + } - /* If you add anything here, be sure to check if it has to be added - to gnutls_x509_crt_import as well. */ + /* If you add anything here, be sure to check if it has to be added + to gnutls_x509_crt_import as well. */ - *cert = tmp; + *cert = tmp; - return 0; /* success */ + return 0; /* success */ } /*- @@ -78,49 +77,48 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. -*/ -int -_gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src) -{ - int ret; - size_t der_size=0; - uint8_t *der; - gnutls_datum_t tmp; - - ret = gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size); - if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - gnutls_assert (); - return ret; - } - - der = gnutls_malloc (der_size); - if (der == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, der, &der_size); - if (ret < 0) - { - gnutls_assert (); - gnutls_free (der); - return ret; - } - - tmp.data = der; - tmp.size = der_size; - ret = gnutls_x509_crt_import (dest, &tmp, GNUTLS_X509_FMT_DER); - - gnutls_free (der); - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - return 0; +int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src) +{ + int ret; + size_t der_size = 0; + uint8_t *der; + gnutls_datum_t tmp; + + ret = + gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, NULL, + &der_size); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { + gnutls_assert(); + return ret; + } + + der = gnutls_malloc(der_size); + if (der == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = + gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, der, + &der_size); + if (ret < 0) { + gnutls_assert(); + gnutls_free(der); + return ret; + } + + tmp.data = der; + tmp.size = der_size; + ret = gnutls_x509_crt_import(dest, &tmp, GNUTLS_X509_FMT_DER); + + gnutls_free(der); + + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return 0; } /** @@ -129,17 +127,16 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src) * * This function will deinitialize a certificate structure. **/ -void -gnutls_x509_crt_deinit (gnutls_x509_crt_t cert) +void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert) { - if (!cert) - return; + if (!cert) + return; - if (cert->cert) - asn1_delete_structure (&cert->cert); - gnutls_free(cert->raw_dn.data); - gnutls_free(cert->raw_issuer_dn.data); - gnutls_free (cert); + if (cert->cert) + asn1_delete_structure(&cert->cert); + gnutls_free(cert->raw_dn.data); + gnutls_free(cert->raw_issuer_dn.data); + gnutls_free(cert); } /** @@ -159,108 +156,103 @@ gnutls_x509_crt_deinit (gnutls_x509_crt_t cert) * negative error value. **/ int -gnutls_x509_crt_import (gnutls_x509_crt_t cert, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) -{ - int result = 0, need_free = 0; - gnutls_datum_t _data; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _data.data = data->data; - _data.size = data->size; - - /* If the Certificate is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) - { - /* Try the first header */ - result = - _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &_data); - - if (result <= 0) - { - /* try for the second header */ - result = - _gnutls_fbase64_decode (PEM_X509_CERT, data->data, - data->size, &_data); - - if (result < 0) - { - gnutls_assert (); - return result; - } - } - - need_free = 1; - } - - if (cert->expanded) - { - /* Any earlier asn1_der_decoding will modify the ASN.1 - structure, so we need to replace it with a fresh - structure. */ - asn1_delete_structure (&cert->cert); - _gnutls_free_datum(&cert->raw_dn); - _gnutls_free_datum(&cert->raw_issuer_dn); - - result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Certificate", &cert->cert); - if (result != ASN1_SUCCESS) - { - result = _gnutls_asn2err (result); - gnutls_assert (); - goto cleanup; - } - } - - result = asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL); - if (result != ASN1_SUCCESS) - { - result = _gnutls_asn2err (result); - gnutls_assert (); - goto cleanup; - } - - result = _gnutls_x509_get_raw_dn2 (cert->cert, &_data, - "tbsCertificate.issuer.rdnSequence", - &cert->raw_issuer_dn); - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } - - result = _gnutls_x509_get_raw_dn2 (cert->cert, &_data, - "tbsCertificate.subject.rdnSequence", - &cert->raw_dn); - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } - - cert->expanded = 1; - - /* Since we do not want to disable any extension - */ - cert->use_extensions = 1; - if (need_free) - _gnutls_free_datum (&_data); - - return 0; - -cleanup: - if (need_free) - _gnutls_free_datum (&_data); - _gnutls_free_datum (&cert->raw_dn); - _gnutls_free_datum (&cert->raw_issuer_dn); - return result; +gnutls_x509_crt_import(gnutls_x509_crt_t cert, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) +{ + int result = 0, need_free = 0; + gnutls_datum_t _data; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + _data.data = data->data; + _data.size = data->size; + + /* If the Certificate is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) { + /* Try the first header */ + result = + _gnutls_fbase64_decode(PEM_X509_CERT2, data->data, + data->size, &_data); + + if (result <= 0) { + /* try for the second header */ + result = + _gnutls_fbase64_decode(PEM_X509_CERT, + data->data, data->size, + &_data); + + if (result < 0) { + gnutls_assert(); + return result; + } + } + + need_free = 1; + } + + if (cert->expanded) { + /* Any earlier asn1_der_decoding will modify the ASN.1 + structure, so we need to replace it with a fresh + structure. */ + asn1_delete_structure(&cert->cert); + _gnutls_free_datum(&cert->raw_dn); + _gnutls_free_datum(&cert->raw_issuer_dn); + + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.Certificate", + &cert->cert); + if (result != ASN1_SUCCESS) { + result = _gnutls_asn2err(result); + gnutls_assert(); + goto cleanup; + } + } + + result = + asn1_der_decoding(&cert->cert, _data.data, _data.size, NULL); + if (result != ASN1_SUCCESS) { + result = _gnutls_asn2err(result); + gnutls_assert(); + goto cleanup; + } + + result = _gnutls_x509_get_raw_dn2(cert->cert, &_data, + "tbsCertificate.issuer.rdnSequence", + &cert->raw_issuer_dn); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + result = _gnutls_x509_get_raw_dn2(cert->cert, &_data, + "tbsCertificate.subject.rdnSequence", + &cert->raw_dn); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + cert->expanded = 1; + + /* Since we do not want to disable any extension + */ + cert->use_extensions = 1; + if (need_free) + _gnutls_free_datum(&_data); + + return 0; + + cleanup: + if (need_free) + _gnutls_free_datum(&_data); + _gnutls_free_datum(&cert->raw_dn); + _gnutls_free_datum(&cert->raw_issuer_dn); + return result; } @@ -282,18 +274,17 @@ cleanup: * the required size. On success 0 is returned. **/ int -gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, - size_t * buf_size) +gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, + size_t * buf_size) { - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - return _gnutls_x509_parse_dn (cert->cert, - "tbsCertificate.issuer.rdnSequence", buf, - buf_size); + return _gnutls_x509_parse_dn(cert->cert, + "tbsCertificate.issuer.rdnSequence", + buf, buf_size); } /** @@ -312,16 +303,16 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, * Since: 3.1.10 **/ int -gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn) +gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn) { - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - return _gnutls_x509_get_dn (cert->cert, - "tbsCertificate.issuer.rdnSequence", dn); + return _gnutls_x509_get_dn(cert->cert, + "tbsCertificate.issuer.rdnSequence", + dn); } /** @@ -354,27 +345,26 @@ gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn) * are no data in the current index. On success 0 is returned. **/ int -gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * buf_size) +gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * buf_size) { -gnutls_datum_t td; -int ret; + gnutls_datum_t td; + int ret; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + ret = _gnutls_x509_parse_dn_oid(cert->cert, + "tbsCertificate.issuer.rdnSequence", + oid, indx, raw_flag, &td); + if (ret < 0) + return gnutls_assert_val(ret); - ret = _gnutls_x509_parse_dn_oid (cert->cert, - "tbsCertificate.issuer.rdnSequence", - oid, indx, raw_flag, &td); - if (ret < 0) - return gnutls_assert_val(ret); - - return _gnutls_strdatum_to_buf (&td, buf, buf_size); + return _gnutls_strdatum_to_buf(&td, buf, buf_size); } /** @@ -397,18 +387,17 @@ int ret; * are no data in the current index. On success 0 is returned. **/ int -gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, - int indx, void *oid, size_t * oid_size) +gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, + int indx, void *oid, size_t * oid_size) { - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - return _gnutls_x509_get_dn_oid (cert->cert, - "tbsCertificate.issuer.rdnSequence", - indx, oid, oid_size); + return _gnutls_x509_get_dn_oid(cert->cert, + "tbsCertificate.issuer.rdnSequence", + indx, oid, oid_size); } /** @@ -429,18 +418,17 @@ gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, * with the required size. On success 0 is returned. **/ int -gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, - size_t * buf_size) +gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf, + size_t * buf_size) { - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - return _gnutls_x509_parse_dn (cert->cert, - "tbsCertificate.subject.rdnSequence", buf, - buf_size); + return _gnutls_x509_parse_dn(cert->cert, + "tbsCertificate.subject.rdnSequence", + buf, buf_size); } /** @@ -458,17 +446,16 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, * * Since: 3.1.10 **/ -int -gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn) +int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn) { - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - return _gnutls_x509_get_dn (cert->cert, - "tbsCertificate.subject.rdnSequence", dn); + return _gnutls_x509_get_dn(cert->cert, + "tbsCertificate.subject.rdnSequence", + dn); } /** @@ -501,26 +488,25 @@ gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn) * are no data in the current index. On success 0 is returned. **/ int -gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, - int indx, unsigned int raw_flag, - void *buf, size_t * buf_size) +gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, + int indx, unsigned int raw_flag, + void *buf, size_t * buf_size) { -gnutls_datum_t td; -int ret; + gnutls_datum_t td; + int ret; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + ret = _gnutls_x509_parse_dn_oid(cert->cert, + "tbsCertificate.subject.rdnSequence", + oid, indx, raw_flag, &td); + if (ret < 0) + return gnutls_assert_val(ret); - ret = _gnutls_x509_parse_dn_oid (cert->cert, - "tbsCertificate.subject.rdnSequence", - oid, indx, raw_flag, &td); - if (ret < 0) - return gnutls_assert_val(ret); - - return _gnutls_strdatum_to_buf (&td, buf, buf_size); + return _gnutls_strdatum_to_buf(&td, buf, buf_size); } /** @@ -543,18 +529,17 @@ int ret; * are no data in the current index. On success 0 is returned. **/ int -gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, - int indx, void *oid, size_t * oid_size) +gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, + int indx, void *oid, size_t * oid_size) { - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - return _gnutls_x509_get_dn_oid (cert->cert, - "tbsCertificate.subject.rdnSequence", - indx, oid, oid_size); + return _gnutls_x509_get_dn_oid(cert->cert, + "tbsCertificate.subject.rdnSequence", + indx, oid, oid_size); } /** @@ -568,10 +553,10 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, * Returns: a #gnutls_sign_algorithm_t value, or a negative error code on * error. **/ -int -gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert) +int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert) { - return _gnutls_x509_get_signature_algorithm(cert->cert, "signatureAlgorithm.algorithm"); + return _gnutls_x509_get_signature_algorithm(cert->cert, + "signatureAlgorithm.algorithm"); } /** @@ -586,50 +571,45 @@ gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert) * negative error value. and a negative error code on error. **/ int -gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, - char *sig, size_t * sizeof_sig) -{ - int result; - unsigned int bits; - int len; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - len = 0; - result = asn1_read_value (cert->cert, "signature", NULL, &len); - if (result != ASN1_MEM_ERROR) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - bits = len; - if (bits % 8 != 0) - { - gnutls_assert (); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - len = bits / 8; - - if (*sizeof_sig < (unsigned int) len) - { - *sizeof_sig = len; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - result = asn1_read_value (cert->cert, "signature", sig, &len); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - return 0; +gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, + char *sig, size_t * sizeof_sig) +{ + int result; + unsigned int bits; + int len; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + len = 0; + result = asn1_read_value(cert->cert, "signature", NULL, &len); + if (result != ASN1_MEM_ERROR) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + bits = len; + if (bits % 8 != 0) { + gnutls_assert(); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + len = bits / 8; + + if (*sizeof_sig < (unsigned int) len) { + *sizeof_sig = len; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + result = asn1_read_value(cert->cert, "signature", sig, &len); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + return 0; } /** @@ -640,31 +620,28 @@ gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, * * Returns: version of certificate, or a negative error code on error. **/ -int -gnutls_x509_crt_get_version (gnutls_x509_crt_t cert) +int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert) { - uint8_t version[8]; - int len, result; + uint8_t version[8]; + int len, result; - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - len = sizeof (version); - if ((result = - asn1_read_value (cert->cert, "tbsCertificate.version", version, - &len)) != ASN1_SUCCESS) - { + len = sizeof(version); + if ((result = + asn1_read_value(cert->cert, "tbsCertificate.version", version, + &len)) != ASN1_SUCCESS) { - if (result == ASN1_ELEMENT_NOT_FOUND) - return 1; /* the DEFAULT version */ - gnutls_assert (); - return _gnutls_asn2err (result); - } + if (result == ASN1_ELEMENT_NOT_FOUND) + return 1; /* the DEFAULT version */ + gnutls_assert(); + return _gnutls_asn2err(result); + } - return (int) version[0] + 1; + return (int) version[0] + 1; } /** @@ -676,17 +653,16 @@ gnutls_x509_crt_get_version (gnutls_x509_crt_t cert) * * Returns: activation time, or (time_t)-1 on error. **/ -time_t -gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert) +time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert) { - if (cert == NULL) - { - gnutls_assert (); - return (time_t) - 1; - } + if (cert == NULL) { + gnutls_assert(); + return (time_t) - 1; + } - return _gnutls_x509_get_time (cert->cert, - "tbsCertificate.validity.notBefore", 0); + return _gnutls_x509_get_time(cert->cert, + "tbsCertificate.validity.notBefore", + 0); } /** @@ -698,17 +674,16 @@ gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert) * * Returns: expiration time, or (time_t)-1 on error. **/ -time_t -gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert) +time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert) { - if (cert == NULL) - { - gnutls_assert (); - return (time_t) - 1; - } + if (cert == NULL) { + gnutls_assert(); + return (time_t) - 1; + } - return _gnutls_x509_get_time (cert->cert, - "tbsCertificate.validity.notAfter", 0); + return _gnutls_x509_get_time(cert->cert, + "tbsCertificate.validity.notAfter", + 0); } /** @@ -726,60 +701,59 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert) * if the extension is not present, otherwise a negative error value. **/ int -gnutls_x509_crt_get_private_key_usage_period (gnutls_x509_crt_t cert, time_t* activation, time_t* expiration, - unsigned int *critical) -{ - int result, ret; - gnutls_datum_t der = {NULL, 0}; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = - _gnutls_x509_crt_get_extension (cert, "2.5.29.16", 0, &der, - critical); - if (ret < 0) - return gnutls_assert_val(ret); - - if (der.size == 0 || der.data == NULL) - return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - - result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.PrivateKeyUsagePeriod", &c2); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (result); - goto cleanup; - } - - result = asn1_der_decoding (&c2, der.data, der.size, NULL); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (result); - goto cleanup; - } - - if (activation) - *activation = _gnutls_x509_get_time (c2, - "notBefore", 1); - - if (expiration) - *expiration = _gnutls_x509_get_time (c2, - "notAfter", 1); - - ret = 0; - -cleanup: - _gnutls_free_datum(&der); - asn1_delete_structure (&c2); - - return ret; +gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t cert, + time_t * activation, + time_t * expiration, + unsigned int *critical) +{ + int result, ret; + gnutls_datum_t der = { NULL, 0 }; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = + _gnutls_x509_crt_get_extension(cert, "2.5.29.16", 0, &der, + critical); + if (ret < 0) + return gnutls_assert_val(ret); + + if (der.size == 0 || der.data == NULL) + return + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + result = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.PrivateKeyUsagePeriod", &c2); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(result); + goto cleanup; + } + + result = asn1_der_decoding(&c2, der.data, der.size, NULL); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(result); + goto cleanup; + } + + if (activation) + *activation = _gnutls_x509_get_time(c2, "notBefore", 1); + + if (expiration) + *expiration = _gnutls_x509_get_time(c2, "notAfter", 1); + + ret = 0; + + cleanup: + _gnutls_free_datum(&der); + asn1_delete_structure(&c2); + + return ret; } @@ -798,29 +772,28 @@ cleanup: * negative error value. **/ int -gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, - size_t * result_size) +gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result, + size_t * result_size) { - int ret, len; + int ret, len; - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - len = *result_size; - ret = - asn1_read_value (cert->cert, "tbsCertificate.serialNumber", result, &len); - *result_size = len; + len = *result_size; + ret = + asn1_read_value(cert->cert, "tbsCertificate.serialNumber", + result, &len); + *result_size = len; - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (ret); - } + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(ret); + } - return 0; + return 0; } /** @@ -838,126 +811,116 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, * if the extension is not present, otherwise a negative error value. **/ int -gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret, - size_t * ret_size, unsigned int *critical) -{ - int result, len; - gnutls_datum_t id; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - - if (ret) - memset (ret, 0, *ret_size); - else - *ret_size = 0; - - if ((result = - _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id, - critical)) < 0) - { - return result; - } - - if (id.size == 0 || id.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.SubjectKeyIdentifier", &c2); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - _gnutls_free_datum (&id); - return _gnutls_asn2err (result); - } - - result = asn1_der_decoding (&c2, id.data, id.size, NULL); - _gnutls_free_datum (&id); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } - - len = *ret_size; - result = asn1_read_value (c2, "", ret, &len); - - *ret_size = len; - asn1_delete_structure (&c2); - - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) - { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - if (result != ASN1_SUCCESS) - { - if (result != ASN1_MEM_ERROR) - gnutls_assert (); - return _gnutls_asn2err (result); - } - - return 0; +gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void *ret, + size_t * ret_size, + unsigned int *critical) +{ + int result, len; + gnutls_datum_t id; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + + if (ret) + memset(ret, 0, *ret_size); + else + *ret_size = 0; + + if ((result = + _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &id, + critical)) < 0) { + return result; + } + + if (id.size == 0 || id.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + result = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.SubjectKeyIdentifier", &c2); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + _gnutls_free_datum(&id); + return _gnutls_asn2err(result); + } + + result = asn1_der_decoding(&c2, id.data, id.size, NULL); + _gnutls_free_datum(&id); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&c2); + return _gnutls_asn2err(result); + } + + len = *ret_size; + result = asn1_read_value(c2, "", ret, &len); + + *ret_size = len; + asn1_delete_structure(&c2); + + if (result == ASN1_VALUE_NOT_FOUND + || result == ASN1_ELEMENT_NOT_FOUND) { + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + if (result != ASN1_SUCCESS) { + if (result != ASN1_MEM_ERROR) + gnutls_assert(); + return _gnutls_asn2err(result); + } + + return 0; } static int -_get_authority_key_id (gnutls_x509_crt_t cert, ASN1_TYPE *c2, - unsigned int *critical) -{ - int ret; - gnutls_datum_t id; - - *c2 = ASN1_TYPE_EMPTY; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if ((ret = - _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id, - critical)) < 0) - { - return gnutls_assert_val(ret); - } - - if (id.size == 0 || id.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - ret = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", c2); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - _gnutls_free_datum (&id); - return _gnutls_asn2err (ret); - } - - ret = asn1_der_decoding (c2, id.data, id.size, NULL); - _gnutls_free_datum (&id); - - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (c2); - return _gnutls_asn2err (ret); - } - - return 0; +_get_authority_key_id(gnutls_x509_crt_t cert, ASN1_TYPE * c2, + unsigned int *critical) +{ + int ret; + gnutls_datum_t id; + + *c2 = ASN1_TYPE_EMPTY; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if ((ret = + _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &id, + critical)) < 0) { + return gnutls_assert_val(ret); + } + + if (id.size == 0 || id.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + ret = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", c2); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + _gnutls_free_datum(&id); + return _gnutls_asn2err(ret); + } + + ret = asn1_der_decoding(c2, id.data, id.size, NULL); + _gnutls_free_datum(&id); + + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(c2); + return _gnutls_asn2err(ret); + } + + return 0; } /** @@ -985,48 +948,50 @@ _get_authority_key_id (gnutls_x509_crt_t cert, ASN1_TYPE *c2, * Since: 3.0 **/ int -gnutls_x509_crt_get_authority_key_gn_serial (gnutls_x509_crt_t cert, unsigned int seq, void *alt, - size_t * alt_size, unsigned int *alt_type, - void* serial, size_t *serial_size, - unsigned int *critical) -{ -int ret, result, len; -ASN1_TYPE c2; - - ret = _get_authority_key_id(cert, &c2, critical); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = - _gnutls_parse_general_name (c2, "authorityCertIssuer", seq, alt, alt_size, alt_type, - 0); - if (ret < 0) - { - ret = gnutls_assert_val(ret); - goto fail; - } - - if (serial) - { - len = *serial_size; - result = asn1_read_value (c2, "authorityCertSerialNumber", serial, &len); - - *serial_size = len; - - if (result < 0) - { - ret = _gnutls_asn2err(result); - goto fail; - } - - } - - ret = 0; - -fail: - asn1_delete_structure (&c2); - - return ret; +gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert, + unsigned int seq, void *alt, + size_t * alt_size, + unsigned int *alt_type, + void *serial, + size_t * serial_size, + unsigned int *critical) +{ + int ret, result, len; + ASN1_TYPE c2; + + ret = _get_authority_key_id(cert, &c2, critical); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = + _gnutls_parse_general_name(c2, "authorityCertIssuer", seq, alt, + alt_size, alt_type, 0); + if (ret < 0) { + ret = gnutls_assert_val(ret); + goto fail; + } + + if (serial) { + len = *serial_size; + result = + asn1_read_value(c2, "authorityCertSerialNumber", + serial, &len); + + *serial_size = len; + + if (result < 0) { + ret = _gnutls_asn2err(result); + goto fail; + } + + } + + ret = 0; + + fail: + asn1_delete_structure(&c2); + + return ret; } /** @@ -1048,34 +1013,35 @@ fail: * if the extension is not present, otherwise a negative error value. **/ int -gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *id, - size_t * id_size, - unsigned int *critical) +gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id, + size_t * id_size, + unsigned int *critical) { - int ret, result, len; - ASN1_TYPE c2; + int ret, result, len; + ASN1_TYPE c2; - ret = _get_authority_key_id(cert, &c2, critical); - if (ret < 0) - return gnutls_assert_val(ret); + ret = _get_authority_key_id(cert, &c2, critical); + if (ret < 0) + return gnutls_assert_val(ret); - len = *id_size; - result = asn1_read_value (c2, "keyIdentifier", id, &len); + len = *id_size; + result = asn1_read_value(c2, "keyIdentifier", id, &len); - *id_size = len; - asn1_delete_structure (&c2); + *id_size = len; + asn1_delete_structure(&c2); - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) - return gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION); + if (result == ASN1_VALUE_NOT_FOUND + || result == ASN1_ELEMENT_NOT_FOUND) + return + gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION); - if (result != ASN1_SUCCESS) - { - if (result != ASN1_MEM_ERROR) - gnutls_assert (); - return _gnutls_asn2err (result); - } + if (result != ASN1_SUCCESS) { + if (result != ASN1_MEM_ERROR) + gnutls_assert(); + return _gnutls_asn2err(result); + } - return 0; + return 0; } /** @@ -1095,42 +1061,40 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *id, * success, or a negative error code on error. **/ int -gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, unsigned int *bits) +gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, + unsigned int *bits) { - int result; + int result; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (bits) - *bits = 0; + if (bits) + *bits = 0; - result = - _gnutls_x509_get_pk_algorithm (cert->cert, - "tbsCertificate.subjectPublicKeyInfo", - bits); + result = + _gnutls_x509_get_pk_algorithm(cert->cert, + "tbsCertificate.subjectPublicKeyInfo", + bits); - if (result < 0) - { - gnutls_assert (); - return result; - } + if (result < 0) { + gnutls_assert(); + return result; + } - return result; + return result; } -inline static int -is_type_printable (int type) +inline static int is_type_printable(int type) { - if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME || - type == GNUTLS_SAN_URI) - return 1; - else - return 0; + if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME || + type == GNUTLS_SAN_URI) + return 1; + else + return 0; } #define XMPP_OID "1.3.6.1.5.5.7.8.5" @@ -1139,251 +1103,233 @@ is_type_printable (int type) * Type is also returned as a parameter in case of an error. */ int -_gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, - int seq, void *name, size_t * name_size, - unsigned int *ret_type, int othername_oid) -{ - int len; - char nptr[ASN1_MAX_NAME_SIZE]; - int result; - char choice_type[128]; - gnutls_x509_subject_alt_name_t type; - - seq++; /* 0->1, 1->2 etc */ - - if (src_name[0] != 0) - snprintf (nptr, sizeof (nptr), "%s.?%u", src_name, seq); - else - snprintf (nptr, sizeof (nptr), "?%u", seq); - - len = sizeof (choice_type); - result = asn1_read_value (src, nptr, choice_type, &len); - - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) - { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - - type = _gnutls_x509_san_find_type (choice_type); - if (type == (gnutls_x509_subject_alt_name_t) - 1) - { - gnutls_assert (); - return GNUTLS_E_X509_UNKNOWN_SAN; - } - - if (ret_type) - *ret_type = type; - - if (type == GNUTLS_SAN_OTHERNAME) - { - if (othername_oid) - _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.type-id"); - else - _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.value"); - - len = *name_size; - result = asn1_read_value (src, nptr, name, &len); - *name_size = len; - - if (result == ASN1_MEM_ERROR) - return GNUTLS_E_SHORT_MEMORY_BUFFER; - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - if (othername_oid) - { - if ((unsigned)len > strlen (XMPP_OID) && strcmp (name, XMPP_OID) == 0) - type = GNUTLS_SAN_OTHERNAME_XMPP; - } - else - { - char oid[42]; - - if (src_name[0] != 0) - snprintf (nptr, sizeof (nptr), "%s.?%u.otherName.type-id", - src_name, seq); - else - snprintf (nptr, sizeof (nptr), "?%u.otherName.type-id", seq); - - len = sizeof (oid); - result = asn1_read_value (src, nptr, oid, &len); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - if ((unsigned)len > strlen (XMPP_OID) && strcmp (oid, XMPP_OID) == 0) - { - gnutls_datum_t out; - - result = _gnutls_x509_decode_string(ASN1_ETYPE_UTF8_STRING, - name, *name_size, &out); - if (result < 0) - { - gnutls_assert(); - return result; - } - - if (*name_size <= out.size) - { - gnutls_assert (); - gnutls_free(out.data); - *name_size = len + 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - *name_size = out.size; - memcpy(name, out.data, out.size); - /* null terminate it */ - ((char *) name)[*name_size] = 0; - gnutls_free(out.data); - } - } - } - else if (type == GNUTLS_SAN_DN) - { - _gnutls_str_cat (nptr, sizeof (nptr), ".directoryName"); - result = _gnutls_x509_parse_dn (src, nptr, name, name_size); - if (result < 0) - { - gnutls_assert (); - return result; - } - } - else if (othername_oid) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - else - { - size_t orig_name_size = *name_size; - - _gnutls_str_cat (nptr, sizeof (nptr), "."); - _gnutls_str_cat (nptr, sizeof (nptr), choice_type); - - len = *name_size; - result = asn1_read_value (src, nptr, name, &len); - *name_size = len; - - if (result == ASN1_MEM_ERROR) - { - if (is_type_printable (type)) - (*name_size)++; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - if (is_type_printable (type)) - { - - if ((unsigned)len + 1 > orig_name_size) - { - gnutls_assert (); - (*name_size)++; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - /* null terminate it */ - if (name) - ((char *) name)[*name_size] = 0; - } - - } - - return type; +_gnutls_parse_general_name(ASN1_TYPE src, const char *src_name, + int seq, void *name, size_t * name_size, + unsigned int *ret_type, int othername_oid) +{ + int len; + char nptr[ASN1_MAX_NAME_SIZE]; + int result; + char choice_type[128]; + gnutls_x509_subject_alt_name_t type; + + seq++; /* 0->1, 1->2 etc */ + + if (src_name[0] != 0) + snprintf(nptr, sizeof(nptr), "%s.?%u", src_name, seq); + else + snprintf(nptr, sizeof(nptr), "?%u", seq); + + len = sizeof(choice_type); + result = asn1_read_value(src, nptr, choice_type, &len); + + if (result == ASN1_VALUE_NOT_FOUND + || result == ASN1_ELEMENT_NOT_FOUND) { + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + + type = _gnutls_x509_san_find_type(choice_type); + if (type == (gnutls_x509_subject_alt_name_t) - 1) { + gnutls_assert(); + return GNUTLS_E_X509_UNKNOWN_SAN; + } + + if (ret_type) + *ret_type = type; + + if (type == GNUTLS_SAN_OTHERNAME) { + if (othername_oid) + _gnutls_str_cat(nptr, sizeof(nptr), + ".otherName.type-id"); + else + _gnutls_str_cat(nptr, sizeof(nptr), + ".otherName.value"); + + len = *name_size; + result = asn1_read_value(src, nptr, name, &len); + *name_size = len; + + if (result == ASN1_MEM_ERROR) + return GNUTLS_E_SHORT_MEMORY_BUFFER; + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + if (othername_oid) { + if ((unsigned) len > strlen(XMPP_OID) + && strcmp(name, XMPP_OID) == 0) + type = GNUTLS_SAN_OTHERNAME_XMPP; + } else { + char oid[42]; + + if (src_name[0] != 0) + snprintf(nptr, sizeof(nptr), + "%s.?%u.otherName.type-id", + src_name, seq); + else + snprintf(nptr, sizeof(nptr), + "?%u.otherName.type-id", seq); + + len = sizeof(oid); + result = asn1_read_value(src, nptr, oid, &len); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + if ((unsigned) len > strlen(XMPP_OID) + && strcmp(oid, XMPP_OID) == 0) { + gnutls_datum_t out; + + result = + _gnutls_x509_decode_string + (ASN1_ETYPE_UTF8_STRING, name, + *name_size, &out); + if (result < 0) { + gnutls_assert(); + return result; + } + + if (*name_size <= out.size) { + gnutls_assert(); + gnutls_free(out.data); + *name_size = len + 1; + return + GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + *name_size = out.size; + memcpy(name, out.data, out.size); + /* null terminate it */ + ((char *) name)[*name_size] = 0; + gnutls_free(out.data); + } + } + } else if (type == GNUTLS_SAN_DN) { + _gnutls_str_cat(nptr, sizeof(nptr), ".directoryName"); + result = _gnutls_x509_parse_dn(src, nptr, name, name_size); + if (result < 0) { + gnutls_assert(); + return result; + } + } else if (othername_oid) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + else { + size_t orig_name_size = *name_size; + + _gnutls_str_cat(nptr, sizeof(nptr), "."); + _gnutls_str_cat(nptr, sizeof(nptr), choice_type); + + len = *name_size; + result = asn1_read_value(src, nptr, name, &len); + *name_size = len; + + if (result == ASN1_MEM_ERROR) { + if (is_type_printable(type)) + (*name_size)++; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + if (is_type_printable(type)) { + + if ((unsigned) len + 1 > orig_name_size) { + gnutls_assert(); + (*name_size)++; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + /* null terminate it */ + if (name) + ((char *) name)[*name_size] = 0; + } + + } + + return type; } static int -get_alt_name (gnutls_x509_crt_t cert, const char *extension_id, - unsigned int seq, void *alt, - size_t * alt_size, unsigned int *alt_type, - unsigned int *critical, int othername_oid) -{ - int result; - gnutls_datum_t dnsname; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (alt) - memset (alt, 0, *alt_size); - else - *alt_size = 0; - - if ((result = - _gnutls_x509_crt_get_extension (cert, extension_id, 0, &dnsname, - critical)) < 0) - { - return result; - } - - if (dnsname.size == 0 || dnsname.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - if (strcmp ("2.5.29.17", extension_id) == 0) - result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.SubjectAltName", &c2); - else if (strcmp ("2.5.29.18", extension_id) == 0) - result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.IssuerAltName", &c2); - else - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - _gnutls_free_datum (&dnsname); - return _gnutls_asn2err (result); - } - - result = asn1_der_decoding (&c2, dnsname.data, dnsname.size, NULL); - _gnutls_free_datum (&dnsname); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } - - result = - _gnutls_parse_general_name (c2, "", seq, alt, alt_size, alt_type, - othername_oid); - - asn1_delete_structure (&c2); - - if (result < 0) - { - gnutls_assert (); - return result; - } - - return result; +get_alt_name(gnutls_x509_crt_t cert, const char *extension_id, + unsigned int seq, void *alt, + size_t * alt_size, unsigned int *alt_type, + unsigned int *critical, int othername_oid) +{ + int result; + gnutls_datum_t dnsname; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (alt) + memset(alt, 0, *alt_size); + else + *alt_size = 0; + + if ((result = + _gnutls_x509_crt_get_extension(cert, extension_id, 0, + &dnsname, critical)) < 0) { + return result; + } + + if (dnsname.size == 0 || dnsname.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + if (strcmp("2.5.29.17", extension_id) == 0) + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.SubjectAltName", &c2); + else if (strcmp("2.5.29.18", extension_id) == 0) + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.IssuerAltName", &c2); + else { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + _gnutls_free_datum(&dnsname); + return _gnutls_asn2err(result); + } + + result = asn1_der_decoding(&c2, dnsname.data, dnsname.size, NULL); + _gnutls_free_datum(&dnsname); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&c2); + return _gnutls_asn2err(result); + } + + result = + _gnutls_parse_general_name(c2, "", seq, alt, alt_size, + alt_type, othername_oid); + + asn1_delete_structure(&c2); + + if (result < 0) { + gnutls_assert(); + return result; + } + + return result; } /** @@ -1417,13 +1363,13 @@ get_alt_name (gnutls_x509_crt_t cert, const char *extension_id, * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. **/ int -gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, - unsigned int seq, void *san, - size_t * san_size, - unsigned int *critical) +gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, + unsigned int seq, void *san, + size_t * san_size, + unsigned int *critical) { - return get_alt_name (cert, "2.5.29.17", seq, san, san_size, NULL, critical, - 0); + return get_alt_name(cert, "2.5.29.17", seq, san, san_size, NULL, + critical, 0); } /** @@ -1460,13 +1406,13 @@ gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, * Since: 2.10.0 **/ int -gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert, - unsigned int seq, void *ian, - size_t * ian_size, - unsigned int *critical) +gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert, + unsigned int seq, void *ian, + size_t * ian_size, + unsigned int *critical) { - return get_alt_name (cert, "2.5.29.18", seq, ian, ian_size, NULL, critical, - 0); + return get_alt_name(cert, "2.5.29.18", seq, ian, ian_size, NULL, + critical, 0); } /** @@ -1494,14 +1440,14 @@ gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert, * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. **/ int -gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, - unsigned int seq, void *san, - size_t * san_size, - unsigned int *san_type, - unsigned int *critical) +gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert, + unsigned int seq, void *san, + size_t * san_size, + unsigned int *san_type, + unsigned int *critical) { - return get_alt_name (cert, "2.5.29.17", seq, san, san_size, san_type, - critical, 0); + return get_alt_name(cert, "2.5.29.17", seq, san, san_size, + san_type, critical, 0); } /** @@ -1532,14 +1478,14 @@ gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, * **/ int -gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert, - unsigned int seq, void *ian, - size_t * ian_size, - unsigned int *ian_type, - unsigned int *critical) +gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t cert, + unsigned int seq, void *ian, + size_t * ian_size, + unsigned int *ian_type, + unsigned int *critical) { - return get_alt_name (cert, "2.5.29.18", seq, ian, ian_size, ian_type, - critical, 0); + return get_alt_name(cert, "2.5.29.18", seq, ian, ian_size, + ian_type, critical, 0); } /** @@ -1573,11 +1519,12 @@ gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert, * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. **/ int -gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert, - unsigned int seq, - void *oid, size_t * oid_size) +gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert, + unsigned int seq, + void *oid, size_t * oid_size) { - return get_alt_name (cert, "2.5.29.17", seq, oid, oid_size, NULL, NULL, 1); + return get_alt_name(cert, "2.5.29.17", seq, oid, oid_size, NULL, + NULL, 1); } /** @@ -1613,11 +1560,12 @@ gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert, * Since: 2.10.0 **/ int -gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, size_t * ret_size) +gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t cert, + unsigned int seq, + void *ret, size_t * ret_size) { - return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, NULL, NULL, 1); + return get_alt_name(cert, "2.5.29.18", seq, ret, ret_size, NULL, + NULL, 1); } /** @@ -1641,49 +1589,48 @@ gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert, * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. **/ int -gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, - unsigned int *critical, - unsigned int *ca, int *pathlen) -{ - int result; - gnutls_datum_t basicConstraints; - unsigned int tmp_ca; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if ((result = - _gnutls_x509_crt_get_extension (cert, "2.5.29.19", 0, - &basicConstraints, critical)) < 0) - { - return result; - } - - if (basicConstraints.size == 0 || basicConstraints.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - result = - _gnutls_x509_ext_extract_basicConstraints (&tmp_ca, - pathlen, - basicConstraints.data, - basicConstraints.size); - if (ca) - *ca = tmp_ca; - _gnutls_free_datum (&basicConstraints); - - if (result < 0) - { - gnutls_assert (); - return result; - } - - return tmp_ca; +gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, + unsigned int *critical, + unsigned int *ca, int *pathlen) +{ + int result; + gnutls_datum_t basicConstraints; + unsigned int tmp_ca; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if ((result = + _gnutls_x509_crt_get_extension(cert, "2.5.29.19", 0, + &basicConstraints, + critical)) < 0) { + return result; + } + + if (basicConstraints.size == 0 || basicConstraints.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + result = + _gnutls_x509_ext_extract_basicConstraints(&tmp_ca, + pathlen, + basicConstraints. + data, + basicConstraints. + size); + if (ca) + *ca = tmp_ca; + _gnutls_free_datum(&basicConstraints); + + if (result < 0) { + gnutls_assert(); + return result; + } + + return tmp_ca; } /** @@ -1704,12 +1651,13 @@ gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. **/ int -gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical) +gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, + unsigned int *critical) { - int pathlen; - unsigned int ca; - return gnutls_x509_crt_get_basic_constraints (cert, critical, &ca, - &pathlen); + int pathlen; + unsigned int ca; + return gnutls_x509_crt_get_basic_constraints(cert, critical, &ca, + &pathlen); } /** @@ -1732,46 +1680,42 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical) * returned. **/ int -gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, - unsigned int *key_usage, - unsigned int *critical) +gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, + unsigned int *key_usage, + unsigned int *critical) { - int result; - gnutls_datum_t keyUsage; - uint16_t _usage; + int result; + gnutls_datum_t keyUsage; + uint16_t _usage; - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if ((result = - _gnutls_x509_crt_get_extension (cert, "2.5.29.15", 0, &keyUsage, - critical)) < 0) - { - return result; - } + if ((result = + _gnutls_x509_crt_get_extension(cert, "2.5.29.15", 0, + &keyUsage, critical)) < 0) { + return result; + } - if (keyUsage.size == 0 || keyUsage.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (keyUsage.size == 0 || keyUsage.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - result = _gnutls_x509_ext_extract_keyUsage (&_usage, keyUsage.data, - keyUsage.size); - _gnutls_free_datum (&keyUsage); + result = _gnutls_x509_ext_extract_keyUsage(&_usage, keyUsage.data, + keyUsage.size); + _gnutls_free_datum(&keyUsage); - *key_usage = _usage; + *key_usage = _usage; - if (result < 0) - { - gnutls_assert (); - return result; - } + if (result < 0) { + gnutls_assert(); + return result; + } - return 0; + return 0; } /** @@ -1792,48 +1736,46 @@ gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, * otherwise a negative error code is returned. **/ int -gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, - unsigned int *critical, - int *pathlen, - char **policyLanguage, - char **policy, size_t * sizeof_policy) -{ - int result; - gnutls_datum_t proxyCertInfo; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if ((result = - _gnutls_x509_crt_get_extension (cert, "1.3.6.1.5.5.7.1.14", 0, - &proxyCertInfo, critical)) < 0) - { - return result; - } - - if (proxyCertInfo.size == 0 || proxyCertInfo.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - result = _gnutls_x509_ext_extract_proxyCertInfo (pathlen, - policyLanguage, - policy, - sizeof_policy, - proxyCertInfo.data, - proxyCertInfo.size); - _gnutls_free_datum (&proxyCertInfo); - if (result < 0) - { - gnutls_assert (); - return result; - } - - return 0; +gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, + unsigned int *critical, + int *pathlen, + char **policyLanguage, + char **policy, size_t * sizeof_policy) +{ + int result; + gnutls_datum_t proxyCertInfo; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if ((result = + _gnutls_x509_crt_get_extension(cert, "1.3.6.1.5.5.7.1.14", 0, + &proxyCertInfo, critical)) < 0) + { + return result; + } + + if (proxyCertInfo.size == 0 || proxyCertInfo.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + result = _gnutls_x509_ext_extract_proxyCertInfo(pathlen, + policyLanguage, + policy, + sizeof_policy, + proxyCertInfo.data, + proxyCertInfo. + size); + _gnutls_free_datum(&proxyCertInfo); + if (result < 0) { + gnutls_assert(); + return result; + } + + return 0; } /** @@ -1845,92 +1787,86 @@ gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, * * Since: 3.1.5 **/ -void gnutls_x509_policy_release(struct gnutls_x509_policy_st* policy) -{ -unsigned i; - - gnutls_free(policy->oid); - for (i=0;i<policy->qualifiers;i++) - gnutls_free(policy->qualifier[i].data); -} - -static int decode_user_notice(const void* data, size_t size, gnutls_datum_t *txt) -{ - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int ret, len; - char choice_type[64]; - char name[128]; - gnutls_datum_t td, utd; - - ret = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.UserNotice", &c2); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = GNUTLS_E_PARSING_ERROR; - goto cleanup; - } - - ret = asn1_der_decoding (&c2, data, size, NULL); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = GNUTLS_E_PARSING_ERROR; - goto cleanup; - } - - len = sizeof(choice_type); - ret = asn1_read_value(c2, "explicitText", choice_type, &len); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = GNUTLS_E_PARSING_ERROR; - goto cleanup; - } - - if (strcmp(choice_type, "utf8String") != 0 && strcmp(choice_type, "IA5String") != 0 && - strcmp(choice_type, "bmpString") != 0 && strcmp(choice_type, "visibleString") != 0) - { - gnutls_assert(); - ret = GNUTLS_E_PARSING_ERROR; - goto cleanup; - } - - snprintf (name, sizeof (name), "explicitText.%s", choice_type); - - ret = _gnutls_x509_read_value(c2, name, &td); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - if (strcmp(choice_type, "bmpString") == 0) - { /* convert to UTF-8 */ - ret = _gnutls_ucs2_to_utf8(td.data, td.size, &utd); - _gnutls_free_datum(&td); - if (ret < 0) - { - gnutls_assert(); - goto cleanup; - } - - td.data = utd.data; - td.size = utd.size; - } - else - { - /* _gnutls_x509_read_value allows that */ - td.data[td.size] = 0; - } - - txt->data = (void*)td.data; - txt->size = td.size; - ret = 0; - -cleanup: - asn1_delete_structure (&c2); - return ret; +void gnutls_x509_policy_release(struct gnutls_x509_policy_st *policy) +{ + unsigned i; + + gnutls_free(policy->oid); + for (i = 0; i < policy->qualifiers; i++) + gnutls_free(policy->qualifier[i].data); +} + +static int decode_user_notice(const void *data, size_t size, + gnutls_datum_t * txt) +{ + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int ret, len; + char choice_type[64]; + char name[128]; + gnutls_datum_t td, utd; + + ret = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.UserNotice", &c2); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = GNUTLS_E_PARSING_ERROR; + goto cleanup; + } + + ret = asn1_der_decoding(&c2, data, size, NULL); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = GNUTLS_E_PARSING_ERROR; + goto cleanup; + } + + len = sizeof(choice_type); + ret = asn1_read_value(c2, "explicitText", choice_type, &len); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = GNUTLS_E_PARSING_ERROR; + goto cleanup; + } + + if (strcmp(choice_type, "utf8String") != 0 + && strcmp(choice_type, "IA5String") != 0 + && strcmp(choice_type, "bmpString") != 0 + && strcmp(choice_type, "visibleString") != 0) { + gnutls_assert(); + ret = GNUTLS_E_PARSING_ERROR; + goto cleanup; + } + + snprintf(name, sizeof(name), "explicitText.%s", choice_type); + + ret = _gnutls_x509_read_value(c2, name, &td); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + if (strcmp(choice_type, "bmpString") == 0) { /* convert to UTF-8 */ + ret = _gnutls_ucs2_to_utf8(td.data, td.size, &utd); + _gnutls_free_datum(&td); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + td.data = utd.data; + td.size = utd.size; + } else { + /* _gnutls_x509_read_value allows that */ + td.data[td.size] = 0; + } + + txt->data = (void *) td.data; + txt->size = td.size; + ret = 0; + + cleanup: + asn1_delete_structure(&c2); + return ret; } @@ -1953,153 +1889,149 @@ cleanup: * Since: 3.1.5 **/ int -gnutls_x509_crt_get_policy (gnutls_x509_crt_t crt, int indx, - struct gnutls_x509_policy_st* policy, - unsigned int *critical) -{ - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - char tmpstr[128]; - char tmpoid[MAX_OID_SIZE]; - gnutls_datum_t tmpd = {NULL, 0}; - int ret, len; - unsigned i; - - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - memset(policy, 0, sizeof(*policy)); - - if ((ret = - _gnutls_x509_crt_get_extension (crt, "2.5.29.32", 0, &tmpd, - critical)) < 0) - { - return ret; - } - - if (tmpd.size == 0 || tmpd .data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - ret = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.certificatePolicies", &c2); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_der_decoding (&c2, tmpd.data, tmpd.size, NULL); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - _gnutls_free_datum (&tmpd); - - indx++; - /* create a string like "?1" - */ - snprintf (tmpstr, sizeof (tmpstr), "?%u.policyIdentifier", indx); - - ret = _gnutls_x509_read_value(c2, tmpstr, &tmpd); - - if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) - ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - - if (ret < 0) - { - gnutls_assert(); - goto cleanup; - } - policy->oid = (void*)tmpd.data; - tmpd.data = NULL; - - for (i=0;i<GNUTLS_MAX_QUALIFIERS;i++) - { - gnutls_datum_t td; - - snprintf (tmpstr, sizeof (tmpstr), "?%u.policyQualifiers.?%u.policyQualifierId", indx, i+1); - - len = sizeof(tmpoid); - ret = asn1_read_value(c2, tmpstr, tmpoid, &len); - - if (ret == ASN1_ELEMENT_NOT_FOUND) - break; /* finished */ - - if (ret != ASN1_SUCCESS) - { - gnutls_assert(); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.1") == 0) - { - snprintf (tmpstr, sizeof (tmpstr), "?%u.policyQualifiers.?%u.qualifier", indx, i+1); - - ret = _gnutls_x509_read_string(c2, tmpstr, &td, ASN1_ETYPE_IA5_STRING); - if (ret < 0) - { - gnutls_assert(); - goto full_cleanup; - } - - policy->qualifier[i].data = (void*)td.data; - policy->qualifier[i].size = td.size; - td.data = NULL; - policy->qualifier[i].type = GNUTLS_X509_QUALIFIER_URI; - } - else if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.2") == 0) - { - gnutls_datum_t txt; - - snprintf (tmpstr, sizeof (tmpstr), "?%u.policyQualifiers.?%u.qualifier", indx, i+1); - - ret = _gnutls_x509_read_value(c2, tmpstr, &td); - if (ret < 0) - { - gnutls_assert(); - goto full_cleanup; - } - - ret = decode_user_notice(td.data, td.size, &txt); - gnutls_free(td.data); - td.data = NULL; - - if (ret < 0) - { - gnutls_assert(); - goto full_cleanup; - } - - policy->qualifier[i].data = (void*)txt.data; - policy->qualifier[i].size = txt.size; - policy->qualifier[i].type = GNUTLS_X509_QUALIFIER_NOTICE; - } - else - policy->qualifier[i].type = GNUTLS_X509_QUALIFIER_UNKNOWN; - - policy->qualifiers++; - - } - - ret = 0; - goto cleanup; - -full_cleanup: - gnutls_x509_policy_release(policy); - -cleanup: - _gnutls_free_datum (&tmpd); - asn1_delete_structure (&c2); - return ret; +gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, int indx, + struct gnutls_x509_policy_st *policy, + unsigned int *critical) +{ + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + char tmpstr[128]; + char tmpoid[MAX_OID_SIZE]; + gnutls_datum_t tmpd = { NULL, 0 }; + int ret, len; + unsigned i; + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + memset(policy, 0, sizeof(*policy)); + + if ((ret = + _gnutls_x509_crt_get_extension(crt, "2.5.29.32", 0, &tmpd, + critical)) < 0) { + return ret; + } + + if (tmpd.size == 0 || tmpd.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + ret = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.certificatePolicies", &c2); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } + + ret = asn1_der_decoding(&c2, tmpd.data, tmpd.size, NULL); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } + _gnutls_free_datum(&tmpd); + + indx++; + /* create a string like "?1" + */ + snprintf(tmpstr, sizeof(tmpstr), "?%u.policyIdentifier", indx); + + ret = _gnutls_x509_read_value(c2, tmpstr, &tmpd); + + if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) + ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + policy->oid = (void *) tmpd.data; + tmpd.data = NULL; + + for (i = 0; i < GNUTLS_MAX_QUALIFIERS; i++) { + gnutls_datum_t td; + + snprintf(tmpstr, sizeof(tmpstr), + "?%u.policyQualifiers.?%u.policyQualifierId", + indx, i + 1); + + len = sizeof(tmpoid); + ret = asn1_read_value(c2, tmpstr, tmpoid, &len); + + if (ret == ASN1_ELEMENT_NOT_FOUND) + break; /* finished */ + + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } + + if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.1") == 0) { + snprintf(tmpstr, sizeof(tmpstr), + "?%u.policyQualifiers.?%u.qualifier", + indx, i + 1); + + ret = + _gnutls_x509_read_string(c2, tmpstr, &td, + ASN1_ETYPE_IA5_STRING); + if (ret < 0) { + gnutls_assert(); + goto full_cleanup; + } + + policy->qualifier[i].data = (void *) td.data; + policy->qualifier[i].size = td.size; + td.data = NULL; + policy->qualifier[i].type = + GNUTLS_X509_QUALIFIER_URI; + } else if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.2") == 0) { + gnutls_datum_t txt; + + snprintf(tmpstr, sizeof(tmpstr), + "?%u.policyQualifiers.?%u.qualifier", + indx, i + 1); + + ret = _gnutls_x509_read_value(c2, tmpstr, &td); + if (ret < 0) { + gnutls_assert(); + goto full_cleanup; + } + + ret = decode_user_notice(td.data, td.size, &txt); + gnutls_free(td.data); + td.data = NULL; + + if (ret < 0) { + gnutls_assert(); + goto full_cleanup; + } + + policy->qualifier[i].data = (void *) txt.data; + policy->qualifier[i].size = txt.size; + policy->qualifier[i].type = + GNUTLS_X509_QUALIFIER_NOTICE; + } else + policy->qualifier[i].type = + GNUTLS_X509_QUALIFIER_UNKNOWN; + + policy->qualifiers++; + + } + + ret = 0; + goto cleanup; + + full_cleanup: + gnutls_x509_policy_release(policy); + + cleanup: + _gnutls_free_datum(&tmpd); + asn1_delete_structure(&c2); + return ret; } @@ -2122,49 +2054,45 @@ cleanup: * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. **/ int -gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, - const char *oid, int indx, - void *buf, size_t * buf_size, - unsigned int *critical) +gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, + const char *oid, int indx, + void *buf, size_t * buf_size, + unsigned int *critical) { - int result; - gnutls_datum_t output; + int result; + gnutls_datum_t output; - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if ((result = - _gnutls_x509_crt_get_extension (cert, oid, indx, &output, - critical)) < 0) - { - gnutls_assert (); - return result; - } + if ((result = + _gnutls_x509_crt_get_extension(cert, oid, indx, &output, + critical)) < 0) { + gnutls_assert(); + return result; + } - if (output.size == 0 || output.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + if (output.size == 0 || output.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } - if (output.size > (unsigned int) *buf_size) - { - *buf_size = output.size; - _gnutls_free_datum (&output); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + if (output.size > (unsigned int) *buf_size) { + *buf_size = output.size; + _gnutls_free_datum(&output); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } - *buf_size = output.size; + *buf_size = output.size; - if (buf) - memcpy (buf, output.data, output.size); + if (buf) + memcpy(buf, output.data, output.size); - _gnutls_free_datum (&output); + _gnutls_free_datum(&output); - return 0; + return 0; } @@ -2187,24 +2115,23 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, * will be returned. **/ int -gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * oid_size) +gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, int indx, + void *oid, size_t * oid_size) { - int result; + int result; - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - result = _gnutls_x509_crt_get_extension_oid (cert, indx, oid, oid_size); - if (result < 0) - { - return result; - } + result = + _gnutls_x509_crt_get_extension_oid(cert, indx, oid, oid_size); + if (result < 0) { + return result; + } - return 0; + return 0; } @@ -2233,55 +2160,51 @@ gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, * will be returned. **/ int -gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * oid_size, - unsigned int *critical) -{ - int result; - char str_critical[10]; - char name[ASN1_MAX_NAME_SIZE]; - int len; - - if (!cert) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID", - indx + 1); - - len = *oid_size; - result = asn1_read_value (cert->cert, name, oid, &len); - *oid_size = len; - - if (result == ASN1_ELEMENT_NOT_FOUND) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.critical", - indx + 1); - len = sizeof (str_critical); - result = asn1_read_value (cert->cert, name, str_critical, &len); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - if (critical) - { - if (str_critical[0] == 'T') - *critical = 1; - else - *critical = 0; - } - - return 0; +gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, int indx, + void *oid, size_t * oid_size, + unsigned int *critical) +{ + int result; + char str_critical[10]; + char name[ASN1_MAX_NAME_SIZE]; + int len; + + if (!cert) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + snprintf(name, sizeof(name), + "tbsCertificate.extensions.?%u.extnID", indx + 1); + + len = *oid_size; + result = asn1_read_value(cert->cert, name, oid, &len); + *oid_size = len; + + if (result == ASN1_ELEMENT_NOT_FOUND) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + else if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + snprintf(name, sizeof(name), + "tbsCertificate.extensions.?%u.critical", indx + 1); + len = sizeof(str_critical); + result = asn1_read_value(cert->cert, name, str_critical, &len); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + if (critical) { + if (str_critical[0] == 'T') + *critical = 1; + else + *critical = 0; + } + + return 0; } @@ -2307,34 +2230,32 @@ gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, * will be returned. **/ int -gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx, - void *data, size_t * sizeof_data) +gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, int indx, + void *data, size_t * sizeof_data) { - int result, len; - char name[ASN1_MAX_NAME_SIZE]; + int result, len; + char name[ASN1_MAX_NAME_SIZE]; - if (!cert) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!cert) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnValue", - indx + 1); + snprintf(name, sizeof(name), + "tbsCertificate.extensions.?%u.extnValue", indx + 1); - len = *sizeof_data; - result = asn1_read_value (cert->cert, name, data, &len); - *sizeof_data = len; + len = *sizeof_data; + result = asn1_read_value(cert->cert, name, data, &len); + *sizeof_data = len; - if (result == ASN1_ELEMENT_NOT_FOUND) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - else if (result < 0) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + if (result == ASN1_ELEMENT_NOT_FOUND) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + else if (result < 0) { + gnutls_assert(); + return _gnutls_asn2err(result); + } - return 0; + return 0; } /** @@ -2350,10 +2271,11 @@ gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx, * **/ int -gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, - gnutls_datum_t * dn) +gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, + gnutls_datum_t * dn) { - return _gnutls_set_datum (dn, cert->raw_issuer_dn.data, cert->raw_issuer_dn.size); + return _gnutls_set_datum(dn, cert->raw_issuer_dn.data, + cert->raw_issuer_dn.size); } /** @@ -2368,19 +2290,18 @@ gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, * negative error value. or a negative error code on error. * **/ -int -gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, gnutls_datum_t * dn) +int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, gnutls_datum_t * dn) { - return _gnutls_set_datum (dn, cert->raw_dn.data, cert->raw_dn.size); + return _gnutls_set_datum(dn, cert->raw_dn.data, cert->raw_dn.size); } static int -get_dn (gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn) +get_dn(gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn) { - *dn = asn1_find_node (cert->cert, whom); - if (!*dn) - return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; - return 0; + *dn = asn1_find_node(cert->cert, whom); + if (!*dn) + return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; + return 0; } /** @@ -2398,9 +2319,9 @@ get_dn (gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn) * Returns: Returns 0 on success, or an error code. **/ int -gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) +gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) { - return get_dn (cert, "tbsCertificate.subject.rdnSequence", dn); + return get_dn(cert, "tbsCertificate.subject.rdnSequence", dn); } /** @@ -2418,9 +2339,9 @@ gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) * Returns: Returns 0 on success, or an error code. **/ int -gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) +gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) { - return get_dn (cert, "tbsCertificate.issuer.rdnSequence", dn); + return get_dn(cert, "tbsCertificate.issuer.rdnSequence", dn); } /** @@ -2452,99 +2373,92 @@ gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) * Returns: Returns 0 on success, or an error code. **/ int -gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, - int irdn, int iava, gnutls_x509_ava_st * ava) -{ - ASN1_TYPE rdn, elem; - ASN1_DATA_NODE vnode; - long len; - int lenlen, remlen, ret; - char rbuf[ASN1_MAX_NAME_SIZE]; - unsigned char cls; - const unsigned char *ptr; - - iava++; - irdn++; /* 0->1, 1->2 etc */ - - snprintf (rbuf, sizeof (rbuf), "rdnSequence.?%d.?%d", irdn, iava); - rdn = asn1_find_node (dn, rbuf); - if (!rdn) - { - gnutls_assert (); - return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; - } - - snprintf (rbuf, sizeof (rbuf), "?%d.type", iava); - elem = asn1_find_node (rdn, rbuf); - if (!elem) - { - gnutls_assert (); - return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; - } - - ret = asn1_read_node_value(elem, &vnode); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; - } - - ava->oid.data = (void*)vnode.value; - ava->oid.size = vnode.value_len; - - snprintf (rbuf, sizeof (rbuf), "?%d.value", iava); - elem = asn1_find_node (rdn, rbuf); - if (!elem) - { - gnutls_assert (); - return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; - } - - ret = asn1_read_node_value(elem, &vnode); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; - } - /* The value still has the previous tag's length bytes, plus the - * current value's tag and length bytes. Decode them. - */ - - ptr = vnode.value; - remlen = vnode.value_len; - len = asn1_get_length_der (ptr, remlen, &lenlen); - if (len < 0) - { - gnutls_assert (); - return GNUTLS_E_ASN1_DER_ERROR; - } - - ptr += lenlen; - remlen -= lenlen; - ret = asn1_get_tag_der (ptr, remlen, &cls, &lenlen, &ava->value_tag); - if (ret) - { - gnutls_assert (); - return _gnutls_asn2err (ret); - } - - ptr += lenlen; - remlen -= lenlen; - - { - signed long tmp; - - tmp = asn1_get_length_der (ptr, remlen, &lenlen); - if (tmp < 0) - { - gnutls_assert (); - return GNUTLS_E_ASN1_DER_ERROR; - } - ava->value.size = tmp; - } - ava->value.data = (void*)(ptr + lenlen); - - return 0; +gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, + int irdn, int iava, gnutls_x509_ava_st * ava) +{ + ASN1_TYPE rdn, elem; + ASN1_DATA_NODE vnode; + long len; + int lenlen, remlen, ret; + char rbuf[ASN1_MAX_NAME_SIZE]; + unsigned char cls; + const unsigned char *ptr; + + iava++; + irdn++; /* 0->1, 1->2 etc */ + + snprintf(rbuf, sizeof(rbuf), "rdnSequence.?%d.?%d", irdn, iava); + rdn = asn1_find_node(dn, rbuf); + if (!rdn) { + gnutls_assert(); + return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; + } + + snprintf(rbuf, sizeof(rbuf), "?%d.type", iava); + elem = asn1_find_node(rdn, rbuf); + if (!elem) { + gnutls_assert(); + return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; + } + + ret = asn1_read_node_value(elem, &vnode); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; + } + + ava->oid.data = (void *) vnode.value; + ava->oid.size = vnode.value_len; + + snprintf(rbuf, sizeof(rbuf), "?%d.value", iava); + elem = asn1_find_node(rdn, rbuf); + if (!elem) { + gnutls_assert(); + return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; + } + + ret = asn1_read_node_value(elem, &vnode); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; + } + /* The value still has the previous tag's length bytes, plus the + * current value's tag and length bytes. Decode them. + */ + + ptr = vnode.value; + remlen = vnode.value_len; + len = asn1_get_length_der(ptr, remlen, &lenlen); + if (len < 0) { + gnutls_assert(); + return GNUTLS_E_ASN1_DER_ERROR; + } + + ptr += lenlen; + remlen -= lenlen; + ret = + asn1_get_tag_der(ptr, remlen, &cls, &lenlen, &ava->value_tag); + if (ret) { + gnutls_assert(); + return _gnutls_asn2err(ret); + } + + ptr += lenlen; + remlen -= lenlen; + + { + signed long tmp; + + tmp = asn1_get_length_der(ptr, remlen, &lenlen); + if (tmp < 0) { + gnutls_assert(); + return GNUTLS_E_ASN1_DER_ERROR; + } + ava->value.size = tmp; + } + ava->value.data = (void *) (ptr + lenlen); + + return 0; } /** @@ -2564,46 +2478,45 @@ gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, * with the required size. On success 0 is returned. **/ int -gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, - gnutls_digest_algorithm_t algo, - void *buf, size_t * buf_size) +gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, + gnutls_digest_algorithm_t algo, + void *buf, size_t * buf_size) { - uint8_t *cert_buf; - int cert_buf_size; - int result; - gnutls_datum_t tmp; + uint8_t *cert_buf; + int cert_buf_size; + int result; + gnutls_datum_t tmp; - if (buf_size == 0 || cert == NULL) - { - return GNUTLS_E_INVALID_REQUEST; - } + if (buf_size == 0 || cert == NULL) { + return GNUTLS_E_INVALID_REQUEST; + } - cert_buf_size = 0; - asn1_der_coding (cert->cert, "", NULL, &cert_buf_size, NULL); + cert_buf_size = 0; + asn1_der_coding(cert->cert, "", NULL, &cert_buf_size, NULL); - cert_buf = gnutls_malloc (cert_buf_size); - if (cert_buf == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + cert_buf = gnutls_malloc(cert_buf_size); + if (cert_buf == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } - result = asn1_der_coding (cert->cert, "", cert_buf, &cert_buf_size, NULL); + result = + asn1_der_coding(cert->cert, "", cert_buf, &cert_buf_size, + NULL); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - gnutls_free (cert_buf); - return _gnutls_asn2err (result); - } + if (result != ASN1_SUCCESS) { + gnutls_assert(); + gnutls_free(cert_buf); + return _gnutls_asn2err(result); + } - tmp.data = cert_buf; - tmp.size = cert_buf_size; + tmp.data = cert_buf; + tmp.size = cert_buf_size; - result = gnutls_fingerprint (algo, &tmp, buf, buf_size); - gnutls_free (cert_buf); + result = gnutls_fingerprint(algo, &tmp, buf, buf_size); + gnutls_free(cert_buf); - return result; + return result; } /** @@ -2627,18 +2540,17 @@ gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, * returned, and 0 on success. **/ int -gnutls_x509_crt_export (gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) +gnutls_x509_crt_export(gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - return _gnutls_x509_export_int (cert->cert, format, "CERTIFICATE", - output_data, output_data_size); + return _gnutls_x509_export_int(cert->cert, format, "CERTIFICATE", + output_data, output_data_size); } /** @@ -2659,53 +2571,51 @@ gnutls_x509_crt_export (gnutls_x509_crt_t cert, * Since: 3.1.3 **/ int -gnutls_x509_crt_export2 (gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) +gnutls_x509_crt_export2(gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) { - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - return _gnutls_x509_export_int2 (cert->cert, format, "CERTIFICATE", out); + return _gnutls_x509_export_int2(cert->cert, format, "CERTIFICATE", + out); } int -_gnutls_get_key_id (gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params, - unsigned char *output_data, - size_t * output_data_size) +_gnutls_get_key_id(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params, + unsigned char *output_data, size_t * output_data_size) { - int ret = 0; - gnutls_datum_t der = { NULL, 0 }; - const gnutls_digest_algorithm_t hash = GNUTLS_DIG_SHA1; - unsigned int digest_len = _gnutls_hash_get_algo_len(mac_to_entry(hash)); + int ret = 0; + gnutls_datum_t der = { NULL, 0 }; + const gnutls_digest_algorithm_t hash = GNUTLS_DIG_SHA1; + unsigned int digest_len = + _gnutls_hash_get_algo_len(mac_to_entry(hash)); - if (output_data == NULL || *output_data_size < digest_len) - { - gnutls_assert (); - *output_data_size = digest_len; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + if (output_data == NULL || *output_data_size < digest_len) { + gnutls_assert(); + *output_data_size = digest_len; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } - ret = _gnutls_x509_encode_PKI_params(&der, pk, params); - if (ret < 0) - return gnutls_assert_val(ret); + ret = _gnutls_x509_encode_PKI_params(&der, pk, params); + if (ret < 0) + return gnutls_assert_val(ret); - ret = _gnutls_hash_fast(hash, der.data, der.size, output_data); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - *output_data_size = digest_len; + ret = _gnutls_hash_fast(hash, der.data, der.size, output_data); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + *output_data_size = digest_len; - ret = 0; + ret = 0; -cleanup: + cleanup: - _gnutls_free_datum (&der); - return ret; + _gnutls_free_datum(&der); + return ret; } /** @@ -2729,132 +2639,133 @@ cleanup: * returned, and 0 on success. **/ int -gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size) +gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, unsigned int flags, + unsigned char *output_data, + size_t * output_data_size) { - int pk, ret = 0; - gnutls_pk_params_st params; + int pk, ret = 0; + gnutls_pk_params_st params; + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + pk = gnutls_x509_crt_get_pk_algorithm(crt, NULL); + if (pk < 0) { + gnutls_assert(); + return pk; + } - pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL); - if (pk < 0) - { - gnutls_assert (); - return pk; - } + ret = _gnutls_x509_crt_get_mpis(crt, ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } - ret = _gnutls_x509_crt_get_mpis (crt, ¶ms); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = _gnutls_get_key_id(pk, ¶ms, output_data, output_data_size); + ret = + _gnutls_get_key_id(pk, ¶ms, output_data, output_data_size); - gnutls_pk_params_release(¶ms); + gnutls_pk_params_release(¶ms); - return ret; + return ret; } static int -crl_issuer_matches (gnutls_x509_crl_t crl, gnutls_x509_crt_t cert) +crl_issuer_matches(gnutls_x509_crl_t crl, gnutls_x509_crt_t cert) { - if (_gnutls_x509_compare_raw_dn(&crl->raw_issuer_dn, &cert->raw_issuer_dn) != 0) - return 1; - else - return 0; + if (_gnutls_x509_compare_raw_dn + (&crl->raw_issuer_dn, &cert->raw_issuer_dn) != 0) + return 1; + else + return 0; } /* This is exactly as gnutls_x509_crt_check_revocation() except that * it calls func. */ int -_gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, - int crl_list_length, - gnutls_verify_output_function func) -{ - uint8_t serial[128]; - uint8_t cert_serial[128]; - size_t serial_size, cert_serial_size; - int ncerts, ret, i, j; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - for (j = 0; j < crl_list_length; j++) - { /* do for all the crls */ - - /* Step 1. check if issuer's DN match - */ - ret = crl_issuer_matches(crl_list[j], cert); - if (ret == 0) - { - /* issuers do not match so don't even - * bother checking. - */ - gnutls_assert(); - continue; - } - - /* Step 2. Read the certificate's serial number - */ - cert_serial_size = sizeof (cert_serial); - ret = gnutls_x509_crt_get_serial (cert, cert_serial, &cert_serial_size); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - /* Step 3. cycle through the CRL serials and compare with - * certificate serial we have. - */ - - ncerts = gnutls_x509_crl_get_crt_count (crl_list[j]); - if (ncerts < 0) - { - gnutls_assert (); - return ncerts; - } - - for (i = 0; i < ncerts; i++) - { - serial_size = sizeof (serial); - ret = - gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial, - &serial_size, NULL); - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - if (serial_size == cert_serial_size) - { - if (memcmp (serial, cert_serial, serial_size) == 0) - { - /* serials match */ - if (func) func(cert, NULL, crl_list[j], GNUTLS_CERT_REVOKED|GNUTLS_CERT_INVALID); - return 1; /* revoked! */ - } - } - } - if (func) func(cert, NULL, crl_list[j], 0); - - } - return 0; /* not revoked. */ +_gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, + const gnutls_x509_crl_t * crl_list, + int crl_list_length, + gnutls_verify_output_function func) +{ + uint8_t serial[128]; + uint8_t cert_serial[128]; + size_t serial_size, cert_serial_size; + int ncerts, ret, i, j; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + for (j = 0; j < crl_list_length; j++) { /* do for all the crls */ + + /* Step 1. check if issuer's DN match + */ + ret = crl_issuer_matches(crl_list[j], cert); + if (ret == 0) { + /* issuers do not match so don't even + * bother checking. + */ + gnutls_assert(); + continue; + } + + /* Step 2. Read the certificate's serial number + */ + cert_serial_size = sizeof(cert_serial); + ret = + gnutls_x509_crt_get_serial(cert, cert_serial, + &cert_serial_size); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + /* Step 3. cycle through the CRL serials and compare with + * certificate serial we have. + */ + + ncerts = gnutls_x509_crl_get_crt_count(crl_list[j]); + if (ncerts < 0) { + gnutls_assert(); + return ncerts; + } + + for (i = 0; i < ncerts; i++) { + serial_size = sizeof(serial); + ret = + gnutls_x509_crl_get_crt_serial(crl_list[j], i, + serial, + &serial_size, + NULL); + + if (ret < 0) { + gnutls_assert(); + return ret; + } + + if (serial_size == cert_serial_size) { + if (memcmp + (serial, cert_serial, + serial_size) == 0) { + /* serials match */ + if (func) + func(cert, NULL, + crl_list[j], + GNUTLS_CERT_REVOKED | + GNUTLS_CERT_INVALID); + return 1; /* revoked! */ + } + } + } + if (func) + func(cert, NULL, crl_list[j], 0); + + } + return 0; /* not revoked. */ } @@ -2871,11 +2782,12 @@ _gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, * negative error code is returned on error. **/ int -gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, - int crl_list_length) +gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, + const gnutls_x509_crl_t * crl_list, + int crl_list_length) { - return _gnutls_x509_crt_check_revocation(cert, crl_list, crl_list_length, NULL); + return _gnutls_x509_crt_check_revocation(cert, crl_list, + crl_list_length, NULL); } /** @@ -2895,36 +2807,33 @@ gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, * Since: 2.8.0 **/ int -gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash) +gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t crt, + const gnutls_datum_t * signature, + gnutls_digest_algorithm_t * hash) { - gnutls_pk_params_st issuer_params; - int ret; + gnutls_pk_params_st issuer_params; + int ret; - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - ret = _gnutls_x509_crt_get_mpis (crt, &issuer_params); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = _gnutls_x509_crt_get_mpis(crt, &issuer_params); + if (ret < 0) { + gnutls_assert(); + return ret; + } - ret = _gnutls_x509_verify_algorithm (hash, - signature, - gnutls_x509_crt_get_pk_algorithm (crt, - NULL), - &issuer_params); + ret = _gnutls_x509_verify_algorithm(hash, + signature, + gnutls_x509_crt_get_pk_algorithm + (crt, NULL), &issuer_params); - /* release allocated mpis */ - gnutls_pk_params_release(&issuer_params); + /* release allocated mpis */ + gnutls_pk_params_release(&issuer_params); - return ret; + return ret; } @@ -2947,35 +2856,33 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, * Since: 2.12.0 **/ int -gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, - gnutls_digest_algorithm_t * - hash, unsigned int *mand) +gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt, + gnutls_digest_algorithm_t * + hash, unsigned int *mand) { - gnutls_pk_params_st issuer_params; - int ret; + gnutls_pk_params_st issuer_params; + int ret; - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - ret = _gnutls_x509_crt_get_mpis (crt, &issuer_params); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = _gnutls_x509_crt_get_mpis(crt, &issuer_params); + if (ret < 0) { + gnutls_assert(); + return ret; + } - ret = - _gnutls_pk_get_hash_algorithm (gnutls_x509_crt_get_pk_algorithm - (crt, NULL), &issuer_params, - hash, mand); + ret = + _gnutls_pk_get_hash_algorithm(gnutls_x509_crt_get_pk_algorithm + (crt, NULL), &issuer_params, + hash, mand); - /* release allocated mpis */ - gnutls_pk_params_release(&issuer_params); + /* release allocated mpis */ + gnutls_pk_params_release(&issuer_params); - return ret; + return ret; } /** @@ -2995,26 +2902,26 @@ gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, * is returned, and zero or positive code on success. **/ int -gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) +gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature) { - int result; + int result; - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - result = _gnutls_x509_verify_data (GNUTLS_DIG_UNKNOWN, data, signature, crt); - if (result < 0) - { - gnutls_assert (); - return result; - } + result = + _gnutls_x509_verify_data(GNUTLS_DIG_UNKNOWN, data, signature, + crt); + if (result < 0) { + gnutls_assert(); + return result; + } - return result; + return result; } /** @@ -3034,48 +2941,44 @@ gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags, * is returned, and zero or positive code on success. **/ int -gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) -{ - gnutls_pk_params_st params; - gnutls_digest_algorithm_t algo; - int ret; - - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = gnutls_x509_crt_get_verify_algorithm (crt, signature, &algo); - if (ret < 0) - return gnutls_assert_val(ret); - - /* Read the MPI parameters from the issuer's certificate. - */ - ret = - _gnutls_x509_crt_get_mpis (crt, ¶ms); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = - pubkey_verify_hashed_data (gnutls_x509_crt_get_pk_algorithm (crt, NULL), - mac_to_entry(algo), - hash, signature, ¶ms); - if (ret < 0) - { - gnutls_assert (); - } - - /* release all allocated MPIs - */ - gnutls_pk_params_release(¶ms); - - return ret; +gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt, unsigned int flags, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature) +{ + gnutls_pk_params_st params; + gnutls_digest_algorithm_t algo; + int ret; + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = gnutls_x509_crt_get_verify_algorithm(crt, signature, &algo); + if (ret < 0) + return gnutls_assert_val(ret); + + /* Read the MPI parameters from the issuer's certificate. + */ + ret = _gnutls_x509_crt_get_mpis(crt, ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = + pubkey_verify_hashed_data(gnutls_x509_crt_get_pk_algorithm + (crt, NULL), mac_to_entry(algo), + hash, signature, ¶ms); + if (ret < 0) { + gnutls_assert(); + } + + /* release all allocated MPIs + */ + gnutls_pk_params_release(¶ms); + + return ret; } /** @@ -3100,106 +3003,104 @@ gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags, * returned. **/ int -gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *reason_flags, - unsigned int *critical) -{ - int result; - gnutls_datum_t dist_points = { NULL, 0 }; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - char name[ASN1_MAX_NAME_SIZE]; - int len; - gnutls_x509_subject_alt_name_t type; - uint8_t reasons[2]; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (*ret_size > 0 && ret) - memset (ret, 0, *ret_size); - else - *ret_size = 0; - - if (reason_flags) - *reason_flags = 0; - - result = - _gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points, - critical); - if (result < 0) - { - return result; - } - - if (dist_points.size == 0 || dist_points.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.CRLDistributionPoints", &c2); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - _gnutls_free_datum (&dist_points); - return _gnutls_asn2err (result); - } - - result = asn1_der_decoding (&c2, dist_points.data, dist_points.size, NULL); - _gnutls_free_datum (&dist_points); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } - - /* Return the different names from the first CRLDistr. point. - * The whole thing is a mess. - */ - _gnutls_str_cpy (name, sizeof (name), "?1.distributionPoint.fullName"); - - result = _gnutls_parse_general_name (c2, name, seq, ret, ret_size, NULL, 0); - if (result < 0) - { - asn1_delete_structure (&c2); - return result; - } - - type = result; - - - /* Read the CRL reasons. - */ - if (reason_flags) - { - _gnutls_str_cpy (name, sizeof (name), "?1.reasons"); - - reasons[0] = reasons[1] = 0; - - len = sizeof (reasons); - result = asn1_read_value (c2, name, reasons, &len); - - if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } - - *reason_flags = reasons[0] | (reasons[1] << 8); - } - - asn1_delete_structure (&c2); - - return type; +gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *reason_flags, + unsigned int *critical) +{ + int result; + gnutls_datum_t dist_points = { NULL, 0 }; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + char name[ASN1_MAX_NAME_SIZE]; + int len; + gnutls_x509_subject_alt_name_t type; + uint8_t reasons[2]; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (*ret_size > 0 && ret) + memset(ret, 0, *ret_size); + else + *ret_size = 0; + + if (reason_flags) + *reason_flags = 0; + + result = + _gnutls_x509_crt_get_extension(cert, "2.5.29.31", 0, + &dist_points, critical); + if (result < 0) { + return result; + } + + if (dist_points.size == 0 || dist_points.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + result = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.CRLDistributionPoints", &c2); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + _gnutls_free_datum(&dist_points); + return _gnutls_asn2err(result); + } + + result = + asn1_der_decoding(&c2, dist_points.data, dist_points.size, + NULL); + _gnutls_free_datum(&dist_points); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&c2); + return _gnutls_asn2err(result); + } + + /* Return the different names from the first CRLDistr. point. + * The whole thing is a mess. + */ + _gnutls_str_cpy(name, sizeof(name), + "?1.distributionPoint.fullName"); + + result = + _gnutls_parse_general_name(c2, name, seq, ret, ret_size, NULL, + 0); + if (result < 0) { + asn1_delete_structure(&c2); + return result; + } + + type = result; + + + /* Read the CRL reasons. + */ + if (reason_flags) { + _gnutls_str_cpy(name, sizeof(name), "?1.reasons"); + + reasons[0] = reasons[1] = 0; + + len = sizeof(reasons); + result = asn1_read_value(c2, name, reasons, &len); + + if (result != ASN1_VALUE_NOT_FOUND + && result != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&c2); + return _gnutls_asn2err(result); + } + + *reason_flags = reasons[0] | (reasons[1] << 8); + } + + asn1_delete_structure(&c2); + + return type; } /** @@ -3224,81 +3125,75 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, * with the required size. On success 0 is returned. **/ int -gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, - int indx, void *oid, size_t * oid_size, - unsigned int *critical) -{ - char tmpstr[ASN1_MAX_NAME_SIZE]; - int result, len; - gnutls_datum_t id; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - if (cert == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (oid) - memset (oid, 0, *oid_size); - else - *oid_size = 0; - - if ((result = - _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id, - critical)) < 0) - { - return result; - } - - if (id.size == 0 || id.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - _gnutls_free_datum (&id); - return _gnutls_asn2err (result); - } - - result = asn1_der_decoding (&c2, id.data, id.size, NULL); - _gnutls_free_datum (&id); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } - - indx++; - /* create a string like "?1" - */ - snprintf (tmpstr, sizeof (tmpstr), "?%u", indx); - - len = *oid_size; - result = asn1_read_value (c2, tmpstr, oid, &len); - - *oid_size = len; - asn1_delete_structure (&c2); - - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) - { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - return 0; +gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, + int indx, void *oid, size_t * oid_size, + unsigned int *critical) +{ + char tmpstr[ASN1_MAX_NAME_SIZE]; + int result, len; + gnutls_datum_t id; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (oid) + memset(oid, 0, *oid_size); + else + *oid_size = 0; + + if ((result = + _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &id, + critical)) < 0) { + return result; + } + + if (id.size == 0 || id.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + result = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + _gnutls_free_datum(&id); + return _gnutls_asn2err(result); + } + + result = asn1_der_decoding(&c2, id.data, id.size, NULL); + _gnutls_free_datum(&id); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&c2); + return _gnutls_asn2err(result); + } + + indx++; + /* create a string like "?1" + */ + snprintf(tmpstr, sizeof(tmpstr), "?%u", indx); + + len = *oid_size; + result = asn1_read_value(c2, tmpstr, oid, &len); + + *oid_size = len; + asn1_delete_structure(&c2); + + if (result == ASN1_VALUE_NOT_FOUND + || result == ASN1_ELEMENT_NOT_FOUND) { + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + return 0; } @@ -3315,52 +3210,47 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. **/ int -gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, - gnutls_datum_t * m, gnutls_datum_t * e) -{ - int ret; - gnutls_pk_params_st params; - - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL); - if (ret != GNUTLS_PK_RSA) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_x509_crt_get_mpis (crt, ¶ms); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = _gnutls_mpi_dprint_lz (params.params[0], m); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = _gnutls_mpi_dprint_lz (params.params[1], e); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (m); - goto cleanup; - } - - ret = 0; - -cleanup: - gnutls_pk_params_release(¶ms); - return ret; +gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, + gnutls_datum_t * m, gnutls_datum_t * e) +{ + int ret; + gnutls_pk_params_st params; + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL); + if (ret != GNUTLS_PK_RSA) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_x509_crt_get_mpis(crt, ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = _gnutls_mpi_dprint_lz(params.params[0], m); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_mpi_dprint_lz(params.params[1], e); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(m); + goto cleanup; + } + + ret = 0; + + cleanup: + gnutls_pk_params_release(¶ms); + return ret; } /** @@ -3378,79 +3268,72 @@ cleanup: * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. **/ int -gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) -{ - int ret; - gnutls_pk_params_st params; - - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL); - if (ret != GNUTLS_PK_DSA) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_x509_crt_get_mpis (crt, ¶ms); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - - /* P */ - ret = _gnutls_mpi_dprint_lz (params.params[0], p); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - /* Q */ - ret = _gnutls_mpi_dprint_lz (params.params[1], q); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - goto cleanup; - } - - - /* G */ - ret = _gnutls_mpi_dprint_lz (params.params[2], g); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - _gnutls_free_datum (q); - goto cleanup; - } - - - /* Y */ - ret = _gnutls_mpi_dprint_lz (params.params[3], y); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - _gnutls_free_datum (g); - _gnutls_free_datum (q); - goto cleanup; - } - - ret = 0; - -cleanup: - gnutls_pk_params_release(¶ms); - return ret; +gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y) +{ + int ret; + gnutls_pk_params_st params; + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL); + if (ret != GNUTLS_PK_DSA) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_x509_crt_get_mpis(crt, ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + + /* P */ + ret = _gnutls_mpi_dprint_lz(params.params[0], p); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + /* Q */ + ret = _gnutls_mpi_dprint_lz(params.params[1], q); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + goto cleanup; + } + + + /* G */ + ret = _gnutls_mpi_dprint_lz(params.params[2], g); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + _gnutls_free_datum(q); + goto cleanup; + } + + + /* Y */ + ret = _gnutls_mpi_dprint_lz(params.params[3], y); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + _gnutls_free_datum(g); + _gnutls_free_datum(q); + goto cleanup; + } + + ret = 0; + + cleanup: + gnutls_pk_params_release(¶ms); + return ret; } @@ -3474,89 +3357,93 @@ cleanup: * Since: 3.0 **/ int -gnutls_x509_crt_list_import2 (gnutls_x509_crt_t ** certs, - unsigned int * size, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags) -{ -unsigned int init = 1024; -int ret; - - *certs = gnutls_malloc(sizeof(gnutls_x509_crt_t)*init); - if (*certs == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = gnutls_x509_crt_list_import(*certs, &init, data, format, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); - if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - *certs = gnutls_realloc_fast(*certs, sizeof(gnutls_x509_crt_t)*init); - if (*certs == NULL) - { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = gnutls_x509_crt_list_import(*certs, &init, data, format, flags); - } - - if (ret < 0) - { - gnutls_free(*certs); - *certs = NULL; - return ret; - } - - *size = init; - return 0; +gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs, + unsigned int *size, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags) +{ + unsigned int init = 1024; + int ret; + + *certs = gnutls_malloc(sizeof(gnutls_x509_crt_t) * init); + if (*certs == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = + gnutls_x509_crt_list_import(*certs, &init, data, format, + GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { + *certs = + gnutls_realloc_fast(*certs, + sizeof(gnutls_x509_crt_t) * init); + if (*certs == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = + gnutls_x509_crt_list_import(*certs, &init, data, + format, flags); + } + + if (ret < 0) { + gnutls_free(*certs); + *certs = NULL; + return ret; + } + + *size = init; + return 0; } static int check_if_sorted(gnutls_x509_crt_t * crt, int nr) { -char prev_dn[MAX_DN]; -char dn[MAX_DN]; -size_t prev_dn_size, dn_size; -int i, ret; - - /* check if the X.509 list is ordered */ - if (nr > 1) - { - - for (i=0;i<nr;i++) - { - if (i>0) - { - dn_size = sizeof(dn); - ret = gnutls_x509_crt_get_dn(crt[i], dn, &dn_size); - if (ret < 0) - { - ret = gnutls_assert_val(ret); - goto cleanup; - } - - if (dn_size != prev_dn_size || memcmp(dn, prev_dn, dn_size) != 0) - { - ret = gnutls_assert_val(GNUTLS_E_CERTIFICATE_LIST_UNSORTED); - goto cleanup; - } - } - - prev_dn_size = sizeof(prev_dn); - ret = gnutls_x509_crt_get_issuer_dn(crt[i], prev_dn, &prev_dn_size); - if (ret < 0) - { - ret = gnutls_assert_val(ret); - goto cleanup; - } - } - } - - ret = 0; - -cleanup: - return ret; + char prev_dn[MAX_DN]; + char dn[MAX_DN]; + size_t prev_dn_size, dn_size; + int i, ret; + + /* check if the X.509 list is ordered */ + if (nr > 1) { + + for (i = 0; i < nr; i++) { + if (i > 0) { + dn_size = sizeof(dn); + ret = + gnutls_x509_crt_get_dn(crt[i], dn, + &dn_size); + if (ret < 0) { + ret = gnutls_assert_val(ret); + goto cleanup; + } + + if (dn_size != prev_dn_size + || memcmp(dn, prev_dn, dn_size) != 0) { + ret = + gnutls_assert_val + (GNUTLS_E_CERTIFICATE_LIST_UNSORTED); + goto cleanup; + } + } + + prev_dn_size = sizeof(prev_dn); + ret = + gnutls_x509_crt_get_issuer_dn(crt[i], prev_dn, + &prev_dn_size); + if (ret < 0) { + ret = gnutls_assert_val(ret); + goto cleanup; + } + } + } + + ret = 0; + + cleanup: + return ret; } @@ -3584,135 +3471,129 @@ cleanup: * Returns: the number of certificates read or a negative error value. **/ int -gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, - unsigned int *cert_max, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags) -{ - int size; - const char *ptr; - gnutls_datum_t tmp; - int ret, nocopy = 0; - unsigned int count = 0, j; - - if (format == GNUTLS_X509_FMT_DER) - { - if (*cert_max < 1) - { - *cert_max = 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - count = 1; /* import only the first one */ - - ret = gnutls_x509_crt_init (&certs[0]); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - - ret = gnutls_x509_crt_import (certs[0], data, format); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - - *cert_max = 1; - return 1; - } - - /* move to the certificate - */ - ptr = memmem (data->data, data->size, - PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); - if (ptr == NULL) - ptr = memmem (data->data, data->size, - PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); - - if (ptr == NULL) - return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND); - - count = 0; - - do - { - if (count >= *cert_max) - { - if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) - break; - else - nocopy = 1; - } - - if (!nocopy) - { - ret = gnutls_x509_crt_init (&certs[count]); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - - tmp.data = (void *) ptr; - tmp.size = data->size - (ptr - (char *) data->data); - - ret = - gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - } - - /* now we move ptr after the pem header - */ - ptr++; - /* find the next certificate (if any) - */ - size = data->size - (ptr - (char *) data->data); - - if (size > 0) - { - char *ptr2; - - ptr2 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); - if (ptr2 == NULL) - ptr2 = memmem (ptr, size, PEM_CERT_SEP2, - sizeof (PEM_CERT_SEP2) - 1); - - ptr = ptr2; - } - else - ptr = NULL; - - count++; - } - while (ptr != NULL); - - *cert_max = count; - - if (flags & GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED) - { - ret = check_if_sorted(certs, *cert_max); - if (ret < 0) - { - gnutls_assert(); - goto error; - } - } - - if (nocopy == 0) - return count; - else - return GNUTLS_E_SHORT_MEMORY_BUFFER; - -error: - for (j = 0; j < count; j++) - gnutls_x509_crt_deinit (certs[j]); - return ret; +gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, + unsigned int *cert_max, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags) +{ + int size; + const char *ptr; + gnutls_datum_t tmp; + int ret, nocopy = 0; + unsigned int count = 0, j; + + if (format == GNUTLS_X509_FMT_DER) { + if (*cert_max < 1) { + *cert_max = 1; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + count = 1; /* import only the first one */ + + ret = gnutls_x509_crt_init(&certs[0]); + if (ret < 0) { + gnutls_assert(); + goto error; + } + + ret = gnutls_x509_crt_import(certs[0], data, format); + if (ret < 0) { + gnutls_assert(); + goto error; + } + + *cert_max = 1; + return 1; + } + + /* move to the certificate + */ + ptr = memmem(data->data, data->size, + PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1); + if (ptr == NULL) + ptr = memmem(data->data, data->size, + PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1); + + if (ptr == NULL) + return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND); + + count = 0; + + do { + if (count >= *cert_max) { + if (! + (flags & + GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) + break; + else + nocopy = 1; + } + + if (!nocopy) { + ret = gnutls_x509_crt_init(&certs[count]); + if (ret < 0) { + gnutls_assert(); + goto error; + } + + tmp.data = (void *) ptr; + tmp.size = + data->size - (ptr - (char *) data->data); + + ret = + gnutls_x509_crt_import(certs[count], &tmp, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + gnutls_assert(); + goto error; + } + } + + /* now we move ptr after the pem header + */ + ptr++; + /* find the next certificate (if any) + */ + size = data->size - (ptr - (char *) data->data); + + if (size > 0) { + char *ptr2; + + ptr2 = + memmem(ptr, size, PEM_CERT_SEP, + sizeof(PEM_CERT_SEP) - 1); + if (ptr2 == NULL) + ptr2 = memmem(ptr, size, PEM_CERT_SEP2, + sizeof(PEM_CERT_SEP2) - 1); + + ptr = ptr2; + } else + ptr = NULL; + + count++; + } + while (ptr != NULL); + + *cert_max = count; + + if (flags & GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED) { + ret = check_if_sorted(certs, *cert_max); + if (ret < 0) { + gnutls_assert(); + goto error; + } + } + + if (nocopy == 0) + return count; + else + return GNUTLS_E_SHORT_MEMORY_BUFFER; + + error: + for (j = 0; j < count; j++) + gnutls_x509_crt_deinit(certs[j]); + return ret; } /** @@ -3732,31 +3613,29 @@ error: * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. **/ int -gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf, - size_t * buf_size) +gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t crt, char *buf, + size_t * buf_size) { - int result; - gnutls_datum_t datum = { NULL, 0 }; + int result; + gnutls_datum_t datum = { NULL, 0 }; - result = - _gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID", - &datum); + result = + _gnutls_x509_read_value(crt->cert, + "tbsCertificate.subjectUniqueID", + &datum); - if (datum.size > *buf_size) - { /* then we're not going to fit */ - *buf_size = datum.size; - buf[0] = '\0'; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - } - else - { - *buf_size = datum.size; - memcpy (buf, datum.data, datum.size); - } + if (datum.size > *buf_size) { /* then we're not going to fit */ + *buf_size = datum.size; + buf[0] = '\0'; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + } else { + *buf_size = datum.size; + memcpy(buf, datum.data, datum.size); + } - _gnutls_free_datum (&datum); + _gnutls_free_datum(&datum); - return result; + return result; } /** @@ -3778,125 +3657,126 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf, * Since: 2.12.0 **/ int -gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf, - size_t * buf_size) +gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t crt, char *buf, + size_t * buf_size) { - int result; - gnutls_datum_t datum = { NULL, 0 }; + int result; + gnutls_datum_t datum = { NULL, 0 }; - result = - _gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID", - &datum); + result = + _gnutls_x509_read_value(crt->cert, + "tbsCertificate.issuerUniqueID", + &datum); - if (datum.size > *buf_size) - { /* then we're not going to fit */ - *buf_size = datum.size; - buf[0] = '\0'; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - } - else - { - *buf_size = datum.size; - memcpy (buf, datum.data, datum.size); - } + if (datum.size > *buf_size) { /* then we're not going to fit */ + *buf_size = datum.size; + buf[0] = '\0'; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + } else { + *buf_size = datum.size; + memcpy(buf, datum.data, datum.size); + } - _gnutls_free_datum (&datum); + _gnutls_free_datum(&datum); - return result; + return result; } static int -_gnutls_parse_aia (ASN1_TYPE src, - unsigned int seq, - int what, - gnutls_datum_t * data) -{ - int len; - char nptr[ASN1_MAX_NAME_SIZE]; - int result; - gnutls_datum_t d; - const char *oid = NULL; - - seq++; /* 0->1, 1->2 etc */ - switch (what) - { - case GNUTLS_IA_ACCESSMETHOD_OID: - snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq); - break; - - case GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE: - snprintf (nptr, sizeof (nptr), "?%u.accessLocation", seq); - break; - - case GNUTLS_IA_CAISSUERS_URI: - oid = GNUTLS_OID_AD_CAISSUERS; - /* fall through */ - - case GNUTLS_IA_OCSP_URI: - if (oid == NULL) - oid = GNUTLS_OID_AD_OCSP; - { - char tmpoid[20]; - snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq); - len = sizeof (tmpoid); - result = asn1_read_value (src, nptr, tmpoid, &len); - - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) - return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - if ((unsigned)len != strlen (oid) + 1 || memcmp (tmpoid, oid, len) != 0) - return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM); - } - /* fall through */ - - case GNUTLS_IA_URI: - snprintf (nptr, sizeof (nptr), - "?%u.accessLocation.uniformResourceIdentifier", seq); - break; - - default: - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - } - - len = 0; - result = asn1_read_value (src, nptr, NULL, &len); - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) - return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - - if (result != ASN1_MEM_ERROR) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - d.size = len; - - d.data = gnutls_malloc (d.size); - if (d.data == NULL) - return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - - result = asn1_read_value (src, nptr, d.data, &len); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - gnutls_free (d.data); - return _gnutls_asn2err (result); - } - - if (data) - { - data->data = d.data; - data->size = d.size; - } - else - gnutls_free (d.data); - - return 0; +_gnutls_parse_aia(ASN1_TYPE src, + unsigned int seq, int what, gnutls_datum_t * data) +{ + int len; + char nptr[ASN1_MAX_NAME_SIZE]; + int result; + gnutls_datum_t d; + const char *oid = NULL; + + seq++; /* 0->1, 1->2 etc */ + switch (what) { + case GNUTLS_IA_ACCESSMETHOD_OID: + snprintf(nptr, sizeof(nptr), "?%u.accessMethod", seq); + break; + + case GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE: + snprintf(nptr, sizeof(nptr), "?%u.accessLocation", seq); + break; + + case GNUTLS_IA_CAISSUERS_URI: + oid = GNUTLS_OID_AD_CAISSUERS; + /* fall through */ + + case GNUTLS_IA_OCSP_URI: + if (oid == NULL) + oid = GNUTLS_OID_AD_OCSP; + { + char tmpoid[20]; + snprintf(nptr, sizeof(nptr), "?%u.accessMethod", + seq); + len = sizeof(tmpoid); + result = asn1_read_value(src, nptr, tmpoid, &len); + + if (result == ASN1_VALUE_NOT_FOUND + || result == ASN1_ELEMENT_NOT_FOUND) + return + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + if ((unsigned) len != strlen(oid) + 1 + || memcmp(tmpoid, oid, len) != 0) + return + gnutls_assert_val + (GNUTLS_E_UNKNOWN_ALGORITHM); + } + /* fall through */ + + case GNUTLS_IA_URI: + snprintf(nptr, sizeof(nptr), + "?%u.accessLocation.uniformResourceIdentifier", + seq); + break; + + default: + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + } + + len = 0; + result = asn1_read_value(src, nptr, NULL, &len); + if (result == ASN1_VALUE_NOT_FOUND + || result == ASN1_ELEMENT_NOT_FOUND) + return + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + if (result != ASN1_MEM_ERROR) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + d.size = len; + + d.data = gnutls_malloc(d.size); + if (d.data == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + result = asn1_read_value(src, nptr, d.data, &len); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + gnutls_free(d.data); + return _gnutls_asn2err(result); + } + + if (data) { + data->data = d.data; + data->size = d.size; + } else + gnutls_free(d.data); + + return 0; } /** @@ -3969,61 +3849,58 @@ _gnutls_parse_aia (ASN1_TYPE src, * Since: 3.0 **/ int -gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt, - unsigned int seq, - int what, - gnutls_datum_t * data, - unsigned int *critical) -{ - int ret; - gnutls_datum_t aia; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if ((ret = _gnutls_x509_crt_get_extension (crt, GNUTLS_OID_AIA, 0, &aia, - critical)) < 0) - return ret; - - if (aia.size == 0 || aia.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - if (critical && *critical) - return GNUTLS_E_CONSTRAINT_ERROR; - - ret = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.AuthorityInfoAccessSyntax", &c2); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - _gnutls_free_datum (&aia); - return _gnutls_asn2err (ret); - } - - ret = asn1_der_decoding (&c2, aia.data, aia.size, NULL); - /* asn1_print_structure (stdout, c2, "", ASN1_PRINT_ALL); */ - _gnutls_free_datum (&aia); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (ret); - } - - ret = _gnutls_parse_aia (c2, seq, what, data); - - asn1_delete_structure (&c2); - if (ret < 0) - gnutls_assert (); - - return ret; +gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t crt, + unsigned int seq, + int what, + gnutls_datum_t * data, + unsigned int *critical) +{ + int ret; + gnutls_datum_t aia; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if ((ret = + _gnutls_x509_crt_get_extension(crt, GNUTLS_OID_AIA, 0, &aia, + critical)) < 0) + return ret; + + if (aia.size == 0 || aia.data == NULL) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + if (critical && *critical) + return GNUTLS_E_CONSTRAINT_ERROR; + + ret = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.AuthorityInfoAccessSyntax", &c2); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + _gnutls_free_datum(&aia); + return _gnutls_asn2err(ret); + } + + ret = asn1_der_decoding(&c2, aia.data, aia.size, NULL); + /* asn1_print_structure (stdout, c2, "", ASN1_PRINT_ALL); */ + _gnutls_free_datum(&aia); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&c2); + return _gnutls_asn2err(ret); + } + + ret = _gnutls_parse_aia(c2, seq, what, data); + + asn1_delete_structure(&c2); + if (ret < 0) + gnutls_assert(); + + return ret; } /** @@ -4042,9 +3919,10 @@ gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt, * Since: 3.1.0 * **/ -void gnutls_x509_crt_set_pin_function (gnutls_x509_crt_t crt, - gnutls_pin_callback_t fn, void *userdata) +void gnutls_x509_crt_set_pin_function(gnutls_x509_crt_t crt, + gnutls_pin_callback_t fn, + void *userdata) { - crt->pin.cb = fn; - crt->pin.data = userdata; + crt->pin.cb = fn; + crt->pin.data = userdata; } |