summaryrefslogtreecommitdiff
path: root/lib/x509/extensions.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/x509/extensions.c')
-rw-r--r--lib/x509/extensions.c2227
1 files changed, 1075 insertions, 1152 deletions
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index 80ed7f2669..4777931802 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -32,127 +32,122 @@
#include <gnutls_datum.h>
int
-get_extension (ASN1_TYPE asn, const char *root,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+get_extension(ASN1_TYPE asn, const char *root,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical)
{
- int k, result, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char str[1024];
- char str_critical[10];
- int critical = 0;
- char extnID[128];
- gnutls_datum_t value;
- int indx_counter = 0;
-
- ret->data = NULL;
- ret->size = 0;
-
- k = 0;
- do
- {
- k++;
-
- snprintf (name, sizeof (name), "%s.?%u", root, k);
-
- len = sizeof (str) - 1;
- result = asn1_read_value (asn, name, str, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
- {
- /* extension was found
- */
-
- /* read the critical status.
- */
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".critical");
-
- len = sizeof (str_critical);
- result = asn1_read_value (asn, name2, str_critical, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (str_critical[0] == 'T')
- critical = 1;
- else
- critical = 0;
-
- /* read the value.
- */
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
-
- result = _gnutls_x509_read_value (asn, name2, &value);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- ret->data = value.data;
- ret->size = value.size;
-
- if (_critical)
- *_critical = critical;
-
- return 0;
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ int k, result, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char str[1024];
+ char str_critical[10];
+ int critical = 0;
+ char extnID[128];
+ gnutls_datum_t value;
+ int indx_counter = 0;
+
+ ret->data = NULL;
+ ret->size = 0;
+
+ k = 0;
+ do {
+ k++;
+
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+
+ len = sizeof(str) - 1;
+ result = asn1_read_value(asn, name, str, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp(extnID, extension_id) == 0
+ && indx == indx_counter++) {
+ /* extension was found
+ */
+
+ /* read the critical status.
+ */
+ _gnutls_str_cpy(name2, sizeof(name2),
+ name);
+ _gnutls_str_cat(name2, sizeof(name2),
+ ".critical");
+
+ len = sizeof(str_critical);
+ result =
+ asn1_read_value(asn, name2,
+ str_critical, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (str_critical[0] == 'T')
+ critical = 1;
+ else
+ critical = 0;
+
+ /* read the value.
+ */
+ _gnutls_str_cpy(name2, sizeof(name2),
+ name);
+ _gnutls_str_cat(name2, sizeof(name2),
+ ".extnValue");
+
+ result =
+ _gnutls_x509_read_value(asn, name2,
+ &value);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ ret->data = value.data;
+ ret->size = value.size;
+
+ if (_critical)
+ *_critical = critical;
+
+ return 0;
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
}
/* This function will attempt to return the requested extension found in
@@ -165,21 +160,23 @@ get_extension (ASN1_TYPE asn, const char *root,
* be returned.
*/
int
-_gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+_gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *_critical)
{
- return get_extension (cert->cert, "tbsCertificate.extensions", extension_id,
- indx, ret, _critical);
+ return get_extension(cert->cert, "tbsCertificate.extensions",
+ extension_id, indx, ret, _critical);
}
int
-_gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+_gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *_critical)
{
- return get_extension (crl->crl, "tbsCertList.crlExtensions", extension_id,
- indx, ret, _critical);
+ return get_extension(crl->crl, "tbsCertList.crlExtensions",
+ extension_id, indx, ret, _critical);
}
@@ -190,87 +187,77 @@ _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
* be returned.
*/
static int
-get_extension_oid (ASN1_TYPE asn, const char *root,
- int indx, void *oid, size_t * sizeof_oid)
+get_extension_oid(ASN1_TYPE asn, const char *root,
+ int indx, void *oid, size_t * sizeof_oid)
{
- int k, result, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char str[1024];
- char extnID[128];
- int indx_counter = 0;
-
- k = 0;
- do
- {
- k++;
-
- snprintf (name, sizeof (name), "%s.?%u", root, k);
-
- len = sizeof (str) - 1;
- result = asn1_read_value (asn, name, str, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (indx == indx_counter++)
- {
- len = strlen (extnID) + 1;
-
- if (*sizeof_oid < (unsigned) len)
- {
- *sizeof_oid = len;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (oid, extnID, len);
- *sizeof_oid = len - 1;
-
- return 0;
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ int k, result, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char str[1024];
+ char extnID[128];
+ int indx_counter = 0;
+
+ k = 0;
+ do {
+ k++;
+
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+
+ len = sizeof(str) - 1;
+ result = asn1_read_value(asn, name, str, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (indx == indx_counter++) {
+ len = strlen(extnID) + 1;
+
+ if (*sizeof_oid < (unsigned) len) {
+ *sizeof_oid = len;
+ gnutls_assert();
+ return
+ GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy(oid, extnID, len);
+ *sizeof_oid = len - 1;
+
+ return 0;
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
}
/* This function will attempt to return the requested extension OID found in
@@ -280,19 +267,21 @@ get_extension_oid (ASN1_TYPE asn, const char *root,
* be returned.
*/
int
-_gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
+_gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * sizeof_oid)
{
- return get_extension_oid (cert->cert, "tbsCertificate.extensions", indx,
- oid, sizeof_oid);
+ return get_extension_oid(cert->cert, "tbsCertificate.extensions",
+ indx, oid, sizeof_oid);
}
int
-_gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
- int indx, void *oid, size_t * sizeof_oid)
+_gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl,
+ int indx, void *oid,
+ size_t * sizeof_oid)
{
- return get_extension_oid (crl->crl, "tbsCertList.crlExtensions", indx, oid,
- sizeof_oid);
+ return get_extension_oid(crl->crl, "tbsCertList.crlExtensions",
+ indx, oid, sizeof_oid);
}
/* This function will attempt to set the requested extension in
@@ -301,192 +290,179 @@ _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
* Critical will be either 0 or 1.
*/
static int
-add_extension (ASN1_TYPE asn, const char *root, const char *extension_id,
- const gnutls_datum_t * ext_data, unsigned int critical)
+add_extension(ASN1_TYPE asn, const char *root, const char *extension_id,
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
- int result;
- const char *str;
- char name[ASN1_MAX_NAME_SIZE];
-
- snprintf (name, sizeof (name), "%s", root);
-
- /* Add a new extension in the list.
- */
- result = asn1_write_value (asn, name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?LAST.extnID", root);
- else
- snprintf (name, sizeof (name), "?LAST.extnID");
-
- result = asn1_write_value (asn, name, extension_id, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (critical == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?LAST.critical", root);
- else
- snprintf (name, sizeof (name), "?LAST.critical");
-
- result = asn1_write_value (asn, name, str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?LAST.extnValue", root);
- else
- snprintf (name, sizeof (name), "?LAST.extnValue");
-
- result = _gnutls_x509_write_value (asn, name, ext_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ const char *str;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ snprintf(name, sizeof(name), "%s", root);
+
+ /* Add a new extension in the list.
+ */
+ result = asn1_write_value(asn, name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?LAST.extnID", root);
+ else
+ snprintf(name, sizeof(name), "?LAST.extnID");
+
+ result = asn1_write_value(asn, name, extension_id, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (critical == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?LAST.critical", root);
+ else
+ snprintf(name, sizeof(name), "?LAST.critical");
+
+ result = asn1_write_value(asn, name, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?LAST.extnValue", root);
+ else
+ snprintf(name, sizeof(name), "?LAST.extnValue");
+
+ result = _gnutls_x509_write_value(asn, name, ext_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* Overwrite the given extension (using the index)
* index here starts from one.
*/
static int
-overwrite_extension (ASN1_TYPE asn, const char *root, unsigned int indx,
- const gnutls_datum_t * ext_data, unsigned int critical)
+overwrite_extension(ASN1_TYPE asn, const char *root, unsigned int indx,
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- const char *str;
- int result;
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?%u", root, indx);
- else
- snprintf (name, sizeof (name), "?%u", indx);
-
- if (critical == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".critical");
-
- result = asn1_write_value (asn, name2, str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
-
- result = _gnutls_x509_write_value (asn, name2, ext_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ const char *str;
+ int result;
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?%u", root, indx);
+ else
+ snprintf(name, sizeof(name), "?%u", indx);
+
+ if (critical == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".critical");
+
+ result = asn1_write_value(asn, name2, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnValue");
+
+ result = _gnutls_x509_write_value(asn, name2, ext_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
int
-set_extension (ASN1_TYPE asn, const char *root,
- const char *ext_id,
- const gnutls_datum_t * ext_data, unsigned int critical)
+set_extension(ASN1_TYPE asn, const char *root,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
- int result;
- int k, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char extnID[128];
-
- /* Find the index of the given extension.
- */
- k = 0;
- do
- {
- k++;
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?%u", root, k);
- else
- snprintf (name, sizeof (name), "?%u", k);
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name, extnID, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, ext_id) == 0)
- {
- /* extension was found
- */
- return overwrite_extension (asn, root, k, ext_data, critical);
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return add_extension (asn, root, ext_id, ext_data, critical);
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- return 0;
+ int result;
+ int k, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char extnID[128];
+
+ /* Find the index of the given extension.
+ */
+ k = 0;
+ do {
+ k++;
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+ else
+ snprintf(name, sizeof(name), "?%u", k);
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name, extnID, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp(extnID, ext_id) == 0) {
+ /* extension was found
+ */
+ return overwrite_extension(asn, root, k,
+ ext_data,
+ critical);
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return add_extension(asn, root, ext_id, ext_data,
+ critical);
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ return 0;
}
/* This function will attempt to overwrite the requested extension with
@@ -495,217 +471,211 @@ set_extension (ASN1_TYPE asn, const char *root,
* Critical will be either 0 or 1.
*/
int
-_gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+_gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
- return set_extension (cert->cert, "tbsCertificate.extensions", ext_id,
- ext_data, critical);
+ return set_extension(cert->cert, "tbsCertificate.extensions",
+ ext_id, ext_data, critical);
}
int
-_gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+_gnutls_x509_crl_set_extension(gnutls_x509_crl_t crl,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
- return set_extension (crl->crl, "tbsCertList.crlExtensions", ext_id,
- ext_data, critical);
+ return set_extension(crl->crl, "tbsCertList.crlExtensions", ext_id,
+ ext_data, critical);
}
int
-_gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+_gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
- unsigned char *extensions = NULL;
- size_t extensions_size = 0;
- gnutls_datum_t der;
- ASN1_TYPE c2;
- int result;
-
- result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, NULL, &extensions_size);
- if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- extensions = gnutls_malloc (extensions_size);
- if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_attribute_by_oid (crq,
- "1.2.840.113549.1.9.14",
- 0, extensions,
- &extensions_size);
- }
- if (result < 0)
- {
- if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- extensions_size = 0;
- }
- else
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return result;
- }
- }
-
- result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return _gnutls_asn2err (result);
- }
-
- if (extensions_size > 0)
- {
- result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
- gnutls_free (extensions);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
- }
-
- result = set_extension (c2, "", ext_id, ext_data, critical);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return result;
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der, 0);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_x509_crq_set_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- der.data, der.size);
- gnutls_free (der.data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
-
- return 0;
+ unsigned char *extensions = NULL;
+ size_t extensions_size = 0;
+ gnutls_datum_t der;
+ ASN1_TYPE c2;
+ int result;
+
+ result =
+ gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0, NULL,
+ &extensions_size);
+ if (result == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ extensions = gnutls_malloc(extensions_size);
+ if (extensions == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0,
+ extensions,
+ &extensions_size);
+ }
+ if (result < 0) {
+ if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ extensions_size = 0;
+ } else {
+ gnutls_assert();
+ gnutls_free(extensions);
+ return result;
+ }
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions",
+ &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(extensions);
+ return _gnutls_asn2err(result);
+ }
+
+ if (extensions_size > 0) {
+ result =
+ asn1_der_decoding(&c2, extensions, extensions_size,
+ NULL);
+ gnutls_free(extensions);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ result = set_extension(c2, "", ext_id, ext_data, critical);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der, 0);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ gnutls_x509_crq_set_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ der.data, der.size);
+ gnutls_free(der.data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+
+ return 0;
}
/* Here we only extract the KeyUsage field, from the DER encoded
* extension.
*/
int
-_gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
- uint8_t * extnValue, int extnValueLen)
+_gnutls_x509_ext_extract_keyUsage(uint16_t * keyUsage,
+ uint8_t * extnValue, int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int len, result;
- uint8_t str[2];
-
- str[0] = str[1] = 0;
- *keyUsage = 0;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- len = sizeof (str);
- result = asn1_read_value (ext, "", str, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return 0;
- }
-
- *keyUsage = str[0] | (str[1] << 8);
-
- asn1_delete_structure (&ext);
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int len, result;
+ uint8_t str[2];
+
+ str[0] = str[1] = 0;
+ *keyUsage = 0;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS)
+ {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ len = sizeof(str);
+ result = asn1_read_value(ext, "", str, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return 0;
+ }
+
+ *keyUsage = str[0] | (str[1] << 8);
+
+ asn1_delete_structure(&ext);
+
+ return 0;
}
/* extract the basicConstraints from the DER encoded extension
*/
int
-_gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
- int *pathLenConstraint,
- uint8_t * extnValue,
- int extnValueLen)
+_gnutls_x509_ext_extract_basicConstraints(unsigned int *CA,
+ int *pathLenConstraint,
+ uint8_t * extnValue,
+ int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- char str[128];
- int len, result;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint)
- {
- result = _gnutls_x509_read_uint (ext, "pathLenConstraint",
- (unsigned int*)pathLenConstraint);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- *pathLenConstraint = -1;
- else if (result != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
- }
-
- /* the default value of cA is false.
- */
- len = sizeof (str) - 1;
- result = asn1_read_value (ext, "cA", str, &len);
- if (result == ASN1_SUCCESS && strcmp (str, "TRUE") == 0)
- *CA = 1;
- else
- *CA = 0;
-
- asn1_delete_structure (&ext);
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ char str[128];
+ int len, result;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.BasicConstraints",
+ &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint) {
+ result = _gnutls_x509_read_uint(ext, "pathLenConstraint",
+ (unsigned int *)
+ pathLenConstraint);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ *pathLenConstraint = -1;
+ else if (result != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ /* the default value of cA is false.
+ */
+ len = sizeof(str) - 1;
+ result = asn1_read_value(ext, "cA", str, &len);
+ if (result == ASN1_SUCCESS && strcmp(str, "TRUE") == 0)
+ *CA = 1;
+ else
+ *CA = 0;
+
+ asn1_delete_structure(&ext);
+
+ return 0;
}
/* generate the basicConstraints in a DER encoded extension
@@ -714,391 +684,364 @@ _gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
* should not be present, >= 0 to indicate set values.
*/
int
-_gnutls_x509_ext_gen_basicConstraints (int CA,
- int pathLenConstraint,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_basicConstraints(int CA,
+ int pathLenConstraint,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- const char *str;
- int result;
-
- if (CA == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "cA", str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint < 0)
- {
- result = asn1_write_value (ext, "pathLenConstraint", NULL, 0);
- if (result < 0)
- result = _gnutls_asn2err (result);
- }
- else
- result = _gnutls_x509_write_uint32 (ext, "pathLenConstraint",
- pathLenConstraint);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ const char *str;
+ int result;
+
+ if (CA == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.BasicConstraints", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "cA", str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint < 0) {
+ result =
+ asn1_write_value(ext, "pathLenConstraint", NULL, 0);
+ if (result < 0)
+ result = _gnutls_asn2err(result);
+ } else
+ result =
+ _gnutls_x509_write_uint32(ext, "pathLenConstraint",
+ pathLenConstraint);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* extract an INTEGER from the DER encoded extension
*/
int
-_gnutls_x509_ext_extract_number (uint8_t * number,
- size_t * _nr_size,
- uint8_t * extnValue, int extnValueLen)
+_gnutls_x509_ext_extract_number(uint8_t * number,
+ size_t * _nr_size,
+ uint8_t * extnValue, int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- int nr_size = *_nr_size;
-
- /* here it doesn't matter so much that we use CertificateSerialNumber. It is equal
- * to using INTEGER.
- */
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
- &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- /* the default value of cA is false.
- */
- result = asn1_read_value (ext, "", number, &nr_size);
- if (result != ASN1_SUCCESS)
- result = _gnutls_asn2err (result);
- else
- result = 0;
-
- *_nr_size = nr_size;
-
- asn1_delete_structure (&ext);
-
- return result;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ int nr_size = *_nr_size;
+
+ /* here it doesn't matter so much that we use CertificateSerialNumber. It is equal
+ * to using INTEGER.
+ */
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.CertificateSerialNumber",
+ &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ /* the default value of cA is false.
+ */
+ result = asn1_read_value(ext, "", number, &nr_size);
+ if (result != ASN1_SUCCESS)
+ result = _gnutls_asn2err(result);
+ else
+ result = 0;
+
+ *_nr_size = nr_size;
+
+ asn1_delete_structure(&ext);
+
+ return result;
}
/* generate an INTEGER in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_number (const uint8_t * number, size_t nr_size,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
- &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "", number, nr_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.CertificateSerialNumber", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "", number, nr_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* generate the keyUsage in a DER encoded extension
* Use an ORed SEQUENCE of GNUTLS_KEY_* for usage.
*/
-int
-_gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext)
+int _gnutls_x509_ext_gen_keyUsage(uint16_t usage, gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- uint8_t str[2];
-
- result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.KeyUsage", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- str[0] = usage & 0xff;
- str[1] = usage >> 8;
-
- result = asn1_write_value (ext, "", str, 9);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ uint8_t str[2];
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.KeyUsage",
+ &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ str[0] = usage & 0xff;
+ str[1] = usage >> 8;
+
+ result = asn1_write_value(ext, "", str, 9);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
static int
-write_new_general_name (ASN1_TYPE ext, const char *ext_name,
- gnutls_x509_subject_alt_name_t type,
- const void *data, unsigned int data_size)
+write_new_general_name(ASN1_TYPE ext, const char *ext_name,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data, unsigned int data_size)
{
- const char *str;
- int result;
- char name[128];
-
- result = asn1_write_value (ext, ext_name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- switch (type)
- {
- case GNUTLS_SAN_DNSNAME:
- str = "dNSName";
- break;
- case GNUTLS_SAN_RFC822NAME:
- str = "rfc822Name";
- break;
- case GNUTLS_SAN_URI:
- str = "uniformResourceIdentifier";
- break;
- case GNUTLS_SAN_IPADDRESS:
- str = "iPAddress";
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (ext_name[0] == 0)
- { /* no dot */
- _gnutls_str_cpy (name, sizeof (name), "?LAST");
- }
- else
- {
- _gnutls_str_cpy (name, sizeof (name), ext_name);
- _gnutls_str_cat (name, sizeof (name), ".?LAST");
- }
-
- result = asn1_write_value (ext, name, str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cat (name, sizeof (name), ".");
- _gnutls_str_cat (name, sizeof (name), str);
-
- result = asn1_write_value (ext, name, data, data_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ const char *str;
+ int result;
+ char name[128];
+
+ result = asn1_write_value(ext, ext_name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ switch (type) {
+ case GNUTLS_SAN_DNSNAME:
+ str = "dNSName";
+ break;
+ case GNUTLS_SAN_RFC822NAME:
+ str = "rfc822Name";
+ break;
+ case GNUTLS_SAN_URI:
+ str = "uniformResourceIdentifier";
+ break;
+ case GNUTLS_SAN_IPADDRESS:
+ str = "iPAddress";
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (ext_name[0] == 0) { /* no dot */
+ _gnutls_str_cpy(name, sizeof(name), "?LAST");
+ } else {
+ _gnutls_str_cpy(name, sizeof(name), ext_name);
+ _gnutls_str_cat(name, sizeof(name), ".?LAST");
+ }
+
+ result = asn1_write_value(ext, name, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cat(name, sizeof(name), ".");
+ _gnutls_str_cat(name, sizeof(name), str);
+
+ result = asn1_write_value(ext, name, data, data_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/* Convert the given name to GeneralNames in a DER encoded extension.
* This is the same as subject alternative name.
*/
int
-_gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- gnutls_datum_t * prev_der_ext,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ gnutls_datum_t * prev_der_ext,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.GeneralNames", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (prev_der_ext != NULL && prev_der_ext->data != NULL
- && prev_der_ext->size != 0)
- {
- result =
- asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size,
- NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
- }
-
- result = write_new_general_name (ext, "", type, data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.GeneralNames",
+ &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (prev_der_ext != NULL && prev_der_ext->data != NULL
+ && prev_der_ext->size != 0) {
+ result =
+ asn1_der_decoding(&ext, prev_der_ext->data,
+ prev_der_ext->size, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ result = write_new_general_name(ext, "", type, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* generate the SubjectKeyID in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_key_id(const void *id, size_t id_size,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.SubjectKeyIdentifier", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "", id, id_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.SubjectKeyIdentifier", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "", id, id_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* generate the AuthorityKeyID in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.AuthorityKeyIdentifier", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "keyIdentifier", id, id_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- asn1_write_value (ext, "authorityCertIssuer", NULL, 0);
- asn1_write_value (ext, "authorityCertSerialNumber", NULL, 0);
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.AuthorityKeyIdentifier", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "keyIdentifier", id, id_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ asn1_write_value(ext, "authorityCertIssuer", NULL, 0);
+ asn1_write_value(ext, "authorityCertSerialNumber", NULL, 0);
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
@@ -1108,253 +1051,233 @@ _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
*
*/
int
-_gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- unsigned int reason_flags,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- gnutls_datum_t gnames = { NULL, 0 };
- int result;
- uint8_t reasons[2];
-
- reasons[0] = reason_flags & 0xff;
- reasons[1] = reason_flags >> 8;
-
- result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.CRLDistributionPoints", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (ext, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (reason_flags)
- {
- result = asn1_write_value (ext, "?LAST.reasons", reasons, 9);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
- }
- else
- {
- result = asn1_write_value (ext, "?LAST.reasons", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
- }
-
- result = asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* When used as type CHOICE.
- */
- result = asn1_write_value (ext, "?LAST.distributionPoint", "fullName", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ gnutls_datum_t gnames = { NULL, 0 };
+ int result;
+ uint8_t reasons[2];
+
+ reasons[0] = reason_flags & 0xff;
+ reasons[1] = reason_flags >> 8;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.CRLDistributionPoints", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value(ext, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (reason_flags) {
+ result =
+ asn1_write_value(ext, "?LAST.reasons", reasons, 9);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ } else {
+ result = asn1_write_value(ext, "?LAST.reasons", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ }
+
+ result = asn1_write_value(ext, "?LAST.cRLIssuer", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* When used as type CHOICE.
+ */
+ result =
+ asn1_write_value(ext, "?LAST.distributionPoint", "fullName",
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
#if 0
- /* only needed in old code (where defined as SEQUENCE OF) */
- asn1_write_value (ext,
- "?LAST.distributionPoint.nameRelativeToCRLIssuer",
- NULL, 0);
+ /* only needed in old code (where defined as SEQUENCE OF) */
+ asn1_write_value(ext,
+ "?LAST.distributionPoint.nameRelativeToCRLIssuer",
+ NULL, 0);
#endif
- result =
- write_new_general_name (ext, "?LAST.distributionPoint.fullName",
- type, data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ result =
+ write_new_general_name(ext, "?LAST.distributionPoint.fullName",
+ type, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = 0;
+ result = 0;
-cleanup:
- _gnutls_free_datum (&gnames);
- asn1_delete_structure (&ext);
+ cleanup:
+ _gnutls_free_datum(&gnames);
+ asn1_delete_structure(&ext);
- return result;
+ return result;
}
/* extract the proxyCertInfo from the DER encoded extension
*/
int
-_gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
- char **policyLanguage,
- char **policy,
- size_t * sizeof_policy,
- uint8_t * extnValue, int extnValueLen)
+_gnutls_x509_ext_extract_proxyCertInfo(int *pathLenConstraint,
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy,
+ uint8_t * extnValue,
+ int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- gnutls_datum_t value;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.ProxyCertInfo", &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint)
- {
- result = _gnutls_x509_read_uint (ext, "pCPathLenConstraint",
- (unsigned int*)pathLenConstraint);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- *pathLenConstraint = -1;
- else if (result != GNUTLS_E_SUCCESS)
- {
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
- }
-
- result = _gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage",
- &value);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- if (policyLanguage)
- *policyLanguage = gnutls_strdup ((char*)value.data);
-
- result = _gnutls_x509_read_value (ext, "proxyPolicy.policy", &value);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- {
- if (policy)
- *policy = NULL;
- if (sizeof_policy)
- *sizeof_policy = 0;
- }
- else if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
- else
- {
- if (policy)
- *policy = (char*)value.data;
- if (sizeof_policy)
- *sizeof_policy = value.size;
- }
-
- asn1_delete_structure (&ext);
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ gnutls_datum_t value;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ProxyCertInfo",
+ &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint) {
+ result = _gnutls_x509_read_uint(ext, "pCPathLenConstraint",
+ (unsigned int *)
+ pathLenConstraint);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ *pathLenConstraint = -1;
+ else if (result != GNUTLS_E_SUCCESS) {
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ result = _gnutls_x509_read_value(ext, "proxyPolicy.policyLanguage",
+ &value);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ if (policyLanguage)
+ *policyLanguage = gnutls_strdup((char *) value.data);
+
+ result =
+ _gnutls_x509_read_value(ext, "proxyPolicy.policy", &value);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
+ if (policy)
+ *policy = NULL;
+ if (sizeof_policy)
+ *sizeof_policy = 0;
+ } else if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ } else {
+ if (policy)
+ *policy = (char *) value.data;
+ if (sizeof_policy)
+ *sizeof_policy = value.size;
+ }
+
+ asn1_delete_structure(&ext);
+
+ return 0;
}
/* generate the proxyCertInfo in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
- const char *policyLanguage,
- const char *policy,
- size_t sizeof_policy,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_proxyCertInfo(int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.ProxyCertInfo", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint < 0)
- {
- result = asn1_write_value (ext, "pCPathLenConstraint", NULL, 0);
- if (result < 0)
- result = _gnutls_asn2err (result);
- }
- else
- result = _gnutls_x509_write_uint32 (ext, "pCPathLenConstraint",
- pathLenConstraint);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- result = asn1_write_value (ext, "proxyPolicy.policyLanguage",
- policyLanguage, 1);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "proxyPolicy.policy",
- policy, sizeof_policy);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.ProxyCertInfo", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint < 0) {
+ result =
+ asn1_write_value(ext, "pCPathLenConstraint", NULL, 0);
+ if (result < 0)
+ result = _gnutls_asn2err(result);
+ } else
+ result =
+ _gnutls_x509_write_uint32(ext, "pCPathLenConstraint",
+ pathLenConstraint);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ result = asn1_write_value(ext, "proxyPolicy.policyLanguage",
+ policyLanguage, 1);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "proxyPolicy.policy",
+ policy, sizeof_policy);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
View Lorry Controller Status