Author: stsp
Date: Thu Jun 19 11:50:31 2014
New Revision: 1603841
URL: http://svn.apache.org/r1603841
Log:
On the svn-auth-x509 branch:
* subversion/libsvn_subr/x509.h,
subversion/libsvn_subr/x509parse.c: Replace tabs with spaces.
Modified:
subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h
subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h
URL:
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h?rev=1603841&r1=1603840&r2=1603841&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h (original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509.h Thu Jun 19
11:50:31 2014
@@ -123,50 +123,50 @@
* Structures for parsing X.509 certificates
*/
typedef struct _x509_buf {
- int tag;
- int len;
- unsigned char *p;
+ int tag;
+ int len;
+ unsigned char *p;
} x509_buf;
typedef struct _x509_name {
- x509_buf oid;
- x509_buf val;
- struct _x509_name *next;
+ x509_buf oid;
+ x509_buf val;
+ struct _x509_name *next;
} x509_name;
typedef struct _x509_time {
- int year, mon, day;
- int hour, min, sec;
+ int year, mon, day;
+ int hour, min, sec;
} x509_time;
typedef struct _x509_cert {
- x509_buf raw;
- x509_buf tbs;
+ x509_buf raw;
+ x509_buf tbs;
- int version;
- x509_buf serial;
- x509_buf sig_oid1;
+ int version;
+ x509_buf serial;
+ x509_buf sig_oid1;
- x509_buf issuer_raw;
- x509_buf subject_raw;
+ x509_buf issuer_raw;
+ x509_buf subject_raw;
- x509_name issuer;
- x509_name subject;
+ x509_name issuer;
+ x509_name subject;
- x509_time valid_from;
- x509_time valid_to;
+ x509_time valid_from;
+ x509_time valid_to;
- x509_buf pk_oid;
+ x509_buf pk_oid;
- x509_buf issuer_id;
- x509_buf subject_id;
- x509_buf v3_ext;
+ x509_buf issuer_id;
+ x509_buf subject_id;
+ x509_buf v3_ext;
- int ca_istrue;
- int max_pathlen;
+ int ca_istrue;
+ int max_pathlen;
- x509_buf sig_oid2;
- x509_buf sig;
+ x509_buf sig_oid2;
+ x509_buf sig;
} x509_cert;
@@ -174,19 +174,19 @@ typedef struct _x509_cert {
extern "C" {
#endif
- /**
- * \brief Parse one or more certificates and add them
- * to the chained list
- *
- * \param chain points to the start of the chain
- * \param buf buffer holding the certificate data
- * \param buflen size of the buffer
- *
- * \return 0 if successful, or a specific X509 error code
- */
- int x509parse_crt(x509_cert * chain, const unsigned char *buf, int
buflen);
+ /**
+ * \brief Parse one or more certificates and add them
+ * to the chained list
+ *
+ * \param chain points to the start of the chain
+ * \param buf buffer holding the certificate data
+ * \param buflen size of the buffer
+ *
+ * \return 0 if successful, or a specific X509 error code
+ */
+ int x509parse_crt(x509_cert * chain, const unsigned char *buf, int buflen);
#ifdef __cplusplus
}
#endif
-#endif /* x509.h */
+#endif /* x509.h */
Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
URL:
http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c?rev=1603841&r1=1603840&r2=1603841&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c
(original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/x509parse.c Thu
Jun 19 11:50:31 2014
@@ -1,47 +1,47 @@
/*
- * X.509 certificate and private key decoding
+ * X.509 certificate and private key decoding
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl
dot org>
+ * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
*
- * All rights reserved.
+ * All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
the
- * documentation and/or other materials provided with the
distribution.
- * * Neither the names of PolarSSL or XySSL nor the names of its
contributors
- * may be used to endorse or promote products derived from this
software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the names of PolarSSL or XySSL nor the names of its
contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
- * The ITU-T X.509 standard defines a certificat format for PKI.
+ * The ITU-T X.509 standard defines a certificat format for PKI.
*
- * http://www.ietf.org/rfc/rfc2459.txt
- * http://www.ietf.org/rfc/rfc3279.txt
+ * http://www.ietf.org/rfc/rfc2459.txt
+ * http://www.ietf.org/rfc/rfc3279.txt
*
- * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
+ * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
*
- * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
- * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
*/
#include "x509.h"
@@ -56,362 +56,362 @@
*/
static int asn1_get_len(unsigned char **p, const unsigned char *end, int *len)
{
- if ((end - *p) < 1)
- return (TROPICSSL_ERR_ASN1_OUT_OF_DATA);
+ if ((end - *p) < 1)
+ return (TROPICSSL_ERR_ASN1_OUT_OF_DATA);
- if ((**p & 0x80) == 0)
- *len = *(*p)++;
- else {
- switch (**p & 0x7F) {
- case 1:
- if ((end - *p) < 2)
- return (TROPICSSL_ERR_ASN1_OUT_OF_DATA);
-
- *len = (*p)[1];
- (*p) += 2;
- break;
-
- case 2:
- if ((end - *p) < 3)
- return (TROPICSSL_ERR_ASN1_OUT_OF_DATA);
-
- *len = ((*p)[1] << 8) | (*p)[2];
- (*p) += 3;
- break;
-
- default:
- return (TROPICSSL_ERR_ASN1_INVALID_LENGTH);
- break;
- }
- }
+ if ((**p & 0x80) == 0)
+ *len = *(*p)++;
+ else {
+ switch (**p & 0x7F) {
+ case 1:
+ if ((end - *p) < 2)
+ return (TROPICSSL_ERR_ASN1_OUT_OF_DATA);
+
+ *len = (*p)[1];
+ (*p) += 2;
+ break;
+
+ case 2:
+ if ((end - *p) < 3)
+ return (TROPICSSL_ERR_ASN1_OUT_OF_DATA);
+
+ *len = ((*p)[1] << 8) | (*p)[2];
+ (*p) += 3;
+ break;
+
+ default:
+ return (TROPICSSL_ERR_ASN1_INVALID_LENGTH);
+ break;
+ }
+ }
- if (*len > (int)(end - *p))
- return (TROPICSSL_ERR_ASN1_OUT_OF_DATA);
+ if (*len > (int)(end - *p))
+ return (TROPICSSL_ERR_ASN1_OUT_OF_DATA);
- return (0);
+ return (0);
}
static int asn1_get_tag(unsigned char **p,
- const unsigned char *end, int *len, int tag)
+ const unsigned char *end, int *len, int tag)
{
- if ((end - *p) < 1)
- return (TROPICSSL_ERR_ASN1_OUT_OF_DATA);
+ if ((end - *p) < 1)
+ return (TROPICSSL_ERR_ASN1_OUT_OF_DATA);
- if (**p != tag)
- return (TROPICSSL_ERR_ASN1_UNEXPECTED_TAG);
+ if (**p != tag)
+ return (TROPICSSL_ERR_ASN1_UNEXPECTED_TAG);
- (*p)++;
+ (*p)++;
- return (asn1_get_len(p, end, len));
+ return (asn1_get_len(p, end, len));
}
static int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
{
- int ret, len;
+ int ret, len;
- if ((ret = asn1_get_tag(p, end, &len, ASN1_INTEGER)) != 0)
- return (ret);
+ if ((ret = asn1_get_tag(p, end, &len, ASN1_INTEGER)) != 0)
+ return (ret);
- if (len > (int)sizeof(int) || (**p & 0x80) != 0)
- return (TROPICSSL_ERR_ASN1_INVALID_LENGTH);
+ if (len > (int)sizeof(int) || (**p & 0x80) != 0)
+ return (TROPICSSL_ERR_ASN1_INVALID_LENGTH);
- *val = 0;
+ *val = 0;
- while (len-- > 0) {
- *val = (*val << 8) | **p;
- (*p)++;
- }
+ while (len-- > 0) {
+ *val = (*val << 8) | **p;
+ (*p)++;
+ }
- return (0);
+ return (0);
}
/*
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
static int x509_get_version(unsigned char **p, const unsigned char *end, int
*ver)
{
- int ret, len;
+ int ret, len;
- if ((ret = asn1_get_tag(p, end, &len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0))
- != 0) {
- if (ret == TROPICSSL_ERR_ASN1_UNEXPECTED_TAG)
- return (*ver = 0);
+ if ((ret = asn1_get_tag(p, end, &len,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0))
+ != 0) {
+ if (ret == TROPICSSL_ERR_ASN1_UNEXPECTED_TAG)
+ return (*ver = 0);
- return (ret);
- }
+ return (ret);
+ }
- end = *p + len;
+ end = *p + len;
- if ((ret = asn1_get_int(p, end, ver)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_VERSION | ret);
+ if ((ret = asn1_get_int(p, end, ver)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_VERSION | ret);
- if (*p != end)
- return (TROPICSSL_ERR_X509_CERT_INVALID_VERSION |
- TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
+ if (*p != end)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_VERSION |
+ TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
- return (0);
+ return (0);
}
/*
- * CertificateSerialNumber ::= INTEGER
+ * CertificateSerialNumber ::= INTEGER
*/
static int x509_get_serial(unsigned char **p,
- const unsigned char *end, x509_buf * serial)
+ const unsigned char *end, x509_buf * serial)
{
- int ret;
+ int ret;
- if ((end - *p) < 1)
- return (TROPICSSL_ERR_X509_CERT_INVALID_SERIAL |
- TROPICSSL_ERR_ASN1_OUT_OF_DATA);
+ if ((end - *p) < 1)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_SERIAL |
+ TROPICSSL_ERR_ASN1_OUT_OF_DATA);
- if (**p != (ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2) &&
- **p != ASN1_INTEGER)
- return (TROPICSSL_ERR_X509_CERT_INVALID_SERIAL |
- TROPICSSL_ERR_ASN1_UNEXPECTED_TAG);
+ if (**p != (ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2) &&
+ **p != ASN1_INTEGER)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_SERIAL |
+ TROPICSSL_ERR_ASN1_UNEXPECTED_TAG);
- serial->tag = *(*p)++;
+ serial->tag = *(*p)++;
- if ((ret = asn1_get_len(p, end, &serial->len)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_SERIAL | ret);
+ if ((ret = asn1_get_len(p, end, &serial->len)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_SERIAL | ret);
- serial->p = *p;
- *p += serial->len;
+ serial->p = *p;
+ *p += serial->len;
- return (0);
+ return (0);
}
/*
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY
algorithm OPTIONAL }
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL }
*/
static int x509_get_alg(unsigned char **p, const unsigned char *end, x509_buf
* alg)
{
- int ret, len;
+ int ret, len;
- if ((ret = asn1_get_tag(p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_ALG | ret);
+ if ((ret = asn1_get_tag(p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_ALG | ret);
- end = *p + len;
- alg->tag = **p;
+ end = *p + len;
+ alg->tag = **p;
- if ((ret = asn1_get_tag(p, end, &alg->len, ASN1_OID)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_ALG | ret);
+ if ((ret = asn1_get_tag(p, end, &alg->len, ASN1_OID)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_ALG | ret);
- alg->p = *p;
- *p += alg->len;
+ alg->p = *p;
+ *p += alg->len;
- if (*p == end)
- return (0);
+ if (*p == end)
+ return (0);
- /*
- * assume the algorithm parameters must be NULL
- */
- if ((ret = asn1_get_tag(p, end, &len, ASN1_NULL)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_ALG | ret);
+ /*
+ * assume the algorithm parameters must be NULL
+ */
+ if ((ret = asn1_get_tag(p, end, &len, ASN1_NULL)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_ALG | ret);
- if (*p != end)
- return (TROPICSSL_ERR_X509_CERT_INVALID_ALG |
- TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
+ if (*p != end)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_ALG |
+ TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
- return (0);
+ return (0);
}
/*
- * RelativeDistinguishedName ::=
- * SET OF AttributeTypeAndValue
+ * RelativeDistinguishedName ::=
+ * SET OF AttributeTypeAndValue
*
- * AttributeTypeAndValue ::= SEQUENCE {
- * type AttributeType,
- * value AttributeValue }
+ * AttributeTypeAndValue ::= SEQUENCE {
+ * type AttributeType,
+ * value AttributeValue }
*
- * AttributeType ::= OBJECT IDENTIFIER
+ * AttributeType ::= OBJECT IDENTIFIER
*
- * AttributeValue ::= ANY DEFINED BY AttributeType
+ * AttributeValue ::= ANY DEFINED BY AttributeType
*/
static int x509_get_name(unsigned char **p, const unsigned char *end,
x509_name * cur)
{
- int ret, len;
- const unsigned char *end2;
- x509_buf *oid;
- x509_buf *val;
+ int ret, len;
+ const unsigned char *end2;
+ x509_buf *oid;
+ x509_buf *val;
- if ((ret = asn1_get_tag(p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SET)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_NAME | ret);
+ if ((ret = asn1_get_tag(p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SET)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_NAME | ret);
- end2 = end;
- end = *p + len;
+ end2 = end;
+ end = *p + len;
- if ((ret = asn1_get_tag(p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_NAME | ret);
+ if ((ret = asn1_get_tag(p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_NAME | ret);
- if (*p + len != end)
- return (TROPICSSL_ERR_X509_CERT_INVALID_NAME |
- TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
+ if (*p + len != end)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_NAME |
+ TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
- oid = &cur->oid;
- oid->tag = **p;
+ oid = &cur->oid;
+ oid->tag = **p;
- if ((ret = asn1_get_tag(p, end, &oid->len, ASN1_OID)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_NAME | ret);
+ if ((ret = asn1_get_tag(p, end, &oid->len, ASN1_OID)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_NAME | ret);
- oid->p = *p;
- *p += oid->len;
+ oid->p = *p;
+ *p += oid->len;
- if ((end - *p) < 1)
- return (TROPICSSL_ERR_X509_CERT_INVALID_NAME |
- TROPICSSL_ERR_ASN1_OUT_OF_DATA);
+ if ((end - *p) < 1)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_NAME |
+ TROPICSSL_ERR_ASN1_OUT_OF_DATA);
- if (**p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
- **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
- **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING)
- return (TROPICSSL_ERR_X509_CERT_INVALID_NAME |
- TROPICSSL_ERR_ASN1_UNEXPECTED_TAG);
+ if (**p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
+ **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
+ **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_NAME |
+ TROPICSSL_ERR_ASN1_UNEXPECTED_TAG);
- val = &cur->val;
- val->tag = *(*p)++;
+ val = &cur->val;
+ val->tag = *(*p)++;
- if ((ret = asn1_get_len(p, end, &val->len)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_NAME | ret);
+ if ((ret = asn1_get_len(p, end, &val->len)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_NAME | ret);
- val->p = *p;
- *p += val->len;
+ val->p = *p;
+ *p += val->len;
- cur->next = NULL;
+ cur->next = NULL;
- if (*p != end)
- return (TROPICSSL_ERR_X509_CERT_INVALID_NAME |
- TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
+ if (*p != end)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_NAME |
+ TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
- /*
- * recurse until end of SEQUENCE is reached
- */
- if (*p == end2)
- return (0);
+ /*
+ * recurse until end of SEQUENCE is reached
+ */
+ if (*p == end2)
+ return (0);
- cur->next = (x509_name *) malloc(sizeof(x509_name));
+ cur->next = (x509_name *) malloc(sizeof(x509_name));
- if (cur->next == NULL)
- return (1);
+ if (cur->next == NULL)
+ return (1);
- return (x509_get_name(p, end2, cur->next));
+ return (x509_get_name(p, end2, cur->next));
}
/*
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
+ * Validity ::= SEQUENCE {
+ * notBefore Time,
+ * notAfter Time }
+ *
+ * Time ::= CHOICE {
+ * utcTime UTCTime,
+ * generalTime GeneralizedTime }
*/
static int x509_get_dates(unsigned char **p,
- const unsigned char *end, x509_time * from, x509_time
* to)
+ const unsigned char *end, x509_time * from, x509_time * to)
{
- int ret, len;
- char date[64];
+ int ret, len;
+ char date[64];
- if ((ret = asn1_get_tag(p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_DATE | ret);
+ if ((ret = asn1_get_tag(p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_DATE | ret);
- end = *p + len;
+ end = *p + len;
- /*
- * TODO: also handle GeneralizedTime
- */
- if ((ret = asn1_get_tag(p, end, &len, ASN1_UTC_TIME)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_DATE | ret);
+ /*
+ * TODO: also handle GeneralizedTime
+ */
+ if ((ret = asn1_get_tag(p, end, &len, ASN1_UTC_TIME)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_DATE | ret);
- memset(date, 0, sizeof(date));
- memcpy(date, *p, (len < (int)sizeof(date) - 1) ?
- len : (int)sizeof(date) - 1);
+ memset(date, 0, sizeof(date));
+ memcpy(date, *p, (len < (int)sizeof(date) - 1) ?
+ len : (int)sizeof(date) - 1);
- if (sscanf(date, "%2d%2d%2d%2d%2d%2d",
- &from->year, &from->mon, &from->day,
- &from->hour, &from->min, &from->sec) < 5)
- return (TROPICSSL_ERR_X509_CERT_INVALID_DATE);
+ if (sscanf(date, "%2d%2d%2d%2d%2d%2d",
+ &from->year, &from->mon, &from->day,
+ &from->hour, &from->min, &from->sec) < 5)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_DATE);
- from->year += 100 * (from->year < 90);
- from->year += 1900;
+ from->year += 100 * (from->year < 90);
+ from->year += 1900;
- *p += len;
+ *p += len;
- if ((ret = asn1_get_tag(p, end, &len, ASN1_UTC_TIME)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_DATE | ret);
+ if ((ret = asn1_get_tag(p, end, &len, ASN1_UTC_TIME)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_DATE | ret);
- memset(date, 0, sizeof(date));
- memcpy(date, *p, (len < (int)sizeof(date) - 1) ?
- len : (int)sizeof(date) - 1);
+ memset(date, 0, sizeof(date));
+ memcpy(date, *p, (len < (int)sizeof(date) - 1) ?
+ len : (int)sizeof(date) - 1);
- if (sscanf(date, "%2d%2d%2d%2d%2d%2d",
- &to->year, &to->mon, &to->day,
- &to->hour, &to->min, &to->sec) < 5)
- return (TROPICSSL_ERR_X509_CERT_INVALID_DATE);
+ if (sscanf(date, "%2d%2d%2d%2d%2d%2d",
+ &to->year, &to->mon, &to->day,
+ &to->hour, &to->min, &to->sec) < 5)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_DATE);
- to->year += 100 * (to->year < 90);
- to->year += 1900;
+ to->year += 100 * (to->year < 90);
+ to->year += 1900;
- *p += len;
+ *p += len;
- if (*p != end)
- return (TROPICSSL_ERR_X509_CERT_INVALID_DATE |
- TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
+ if (*p != end)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_DATE |
+ TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
- return (0);
+ return (0);
}
static int x509_get_sig(unsigned char **p, const unsigned char *end, x509_buf
* sig)
{
- int ret, len;
+ int ret, len;
- sig->tag = **p;
+ sig->tag = **p;
- if ((ret = asn1_get_tag(p, end, &len, ASN1_BIT_STRING)) != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_SIGNATURE | ret);
+ if ((ret = asn1_get_tag(p, end, &len, ASN1_BIT_STRING)) != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_SIGNATURE | ret);
- if (--len < 1 || *(*p)++ != 0)
- return (TROPICSSL_ERR_X509_CERT_INVALID_SIGNATURE);
+ if (--len < 1 || *(*p)++ != 0)
+ return (TROPICSSL_ERR_X509_CERT_INVALID_SIGNATURE);
- sig->len = len;
- sig->p = *p;
+ sig->len = len;
+ sig->p = *p;
- *p += len;
+ *p += len;
- return (0);
+ return (0);
}
/*
* X.509 v2/v3 unique identifier (not parsed)
*/
static int x509_get_uid(unsigned char **p,
- const unsigned char *end, x509_buf * uid, int n)
+ const unsigned char *end, x509_buf * uid, int n)
{
- int ret;
+ int ret;
- if (*p == end)
- return (0);
+ if (*p == end)
+ return (0);
- uid->tag = **p;
+ uid->tag = **p;
- if ((ret = asn1_get_tag(p, end, &uid->len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n))
- != 0) {
- if (ret == TROPICSSL_ERR_ASN1_UNEXPECTED_TAG)
- return (0);
+ if ((ret = asn1_get_tag(p, end, &uid->len,
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n))
+ != 0) {
+ if (ret == TROPICSSL_ERR_ASN1_UNEXPECTED_TAG)
+ return (0);
- return (ret);
- }
+ return (ret);
+ }
- uid->p = *p;
- *p += uid->len;
+ uid->p = *p;
+ *p += uid->len;
- return (0);
+ return (0);
}
/*
@@ -419,191 +419,191 @@ static int x509_get_uid(unsigned char **
*/
static int _x509parse_crt_1(x509_cert * chain, unsigned char *buf, int buflen)
{
- int ret, len;
- unsigned char *p;
- const unsigned char *end;
- x509_cert *crt;
-
- crt = chain;
-
- /*
- * Copy the raw DER data.
- */
- p = (unsigned char *)malloc(len = buflen);
-
- if (p == NULL)
- return (1);
-
- memcpy(p, buf, buflen);
-
- buflen = 0;
-
- crt->raw.p = p;
- crt->raw.len = len;
- end = p + len;
-
- /*
- * Certificate ::= SEQUENCE {
- * tbsCertificate TBSCertificate,
- * signatureAlgorithm AlgorithmIdentifier,
- * signatureValue BIT STRING }
- */
- if ((ret = asn1_get_tag(&p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) {
- return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT);
- }
-
- if (len != (int)(end - p)) {
- return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT |
- TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
- }
-
- /*
- * TBSCertificate ::= SEQUENCE {
- */
- crt->tbs.p = p;
-
- if ((ret = asn1_get_tag(&p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) {
- return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT | ret);
- }
-
- end = p + len;
- crt->tbs.len = end - crt->tbs.p;
-
- /*
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
- *
- * CertificateSerialNumber ::= INTEGER
- *
- * signature AlgorithmIdentifier
- */
- if ((ret = x509_get_version(&p, end, &crt->version)) != 0 ||
- (ret = x509_get_serial(&p, end, &crt->serial)) != 0 ||
- (ret = x509_get_alg(&p, end, &crt->sig_oid1)) != 0) {
- return (ret);
- }
-
- crt->version++;
-
- if (crt->version > 3) {
- return (TROPICSSL_ERR_X509_CERT_UNKNOWN_VERSION);
- }
-
- if (crt->sig_oid1.len != 9 ||
- memcmp(crt->sig_oid1.p, OID_PKCS1, 8) != 0) {
- return (TROPICSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG);
- }
-
- if (crt->sig_oid1.p[8] < 2 || crt->sig_oid1.p[8] > 5) {
- return (TROPICSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG);
- }
-
- /*
- * issuer Name
- */
- crt->issuer_raw.p = p;
-
- if ((ret = asn1_get_tag(&p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) {
- return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT | ret);
- }
-
- if ((ret = x509_get_name(&p, p + len, &crt->issuer)) != 0) {
- return (ret);
- }
-
- crt->issuer_raw.len = p - crt->issuer_raw.p;
-
- /*
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- */
- if ((ret = x509_get_dates(&p, end, &crt->valid_from,
- &crt->valid_to)) != 0) {
- return (ret);
- }
-
- /*
- * subject Name
- */
- crt->subject_raw.p = p;
-
- if ((ret = asn1_get_tag(&p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) {
- return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT | ret);
- }
-
- if ((ret = x509_get_name(&p, p + len, &crt->subject)) != 0) {
- return (ret);
- }
-
- crt->subject_raw.len = p - crt->subject_raw.p;
-
- /*
- * SubjectPublicKeyInfo ::= SEQUENCE
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- */
- if ((ret = asn1_get_tag(&p, end, &len,
- ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) {
- return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT | ret);
- }
+ int ret, len;
+ unsigned char *p;
+ const unsigned char *end;
+ x509_cert *crt;
+
+ crt = chain;
+
+ /*
+ * Copy the raw DER data.
+ */
+ p = (unsigned char *)malloc(len = buflen);
+
+ if (p == NULL)
+ return (1);
+
+ memcpy(p, buf, buflen);
+
+ buflen = 0;
+
+ crt->raw.p = p;
+ crt->raw.len = len;
+ end = p + len;
+
+ /*
+ * Certificate ::= SEQUENCE {
+ * tbsCertificate TBSCertificate,
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signatureValue BIT STRING }
+ */
+ if ((ret = asn1_get_tag(&p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) {
+ return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT);
+ }
+
+ if (len != (int)(end - p)) {
+ return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT |
+ TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
+ }
+
+ /*
+ * TBSCertificate ::= SEQUENCE {
+ */
+ crt->tbs.p = p;
+
+ if ((ret = asn1_get_tag(&p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) {
+ return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT | ret);
+ }
+
+ end = p + len;
+ crt->tbs.len = end - crt->tbs.p;
+
+ /*
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ *
+ * CertificateSerialNumber ::= INTEGER
+ *
+ * signature AlgorithmIdentifier
+ */
+ if ((ret = x509_get_version(&p, end, &crt->version)) != 0 ||
+ (ret = x509_get_serial(&p, end, &crt->serial)) != 0 ||
+ (ret = x509_get_alg(&p, end, &crt->sig_oid1)) != 0) {
+ return (ret);
+ }
+
+ crt->version++;
+
+ if (crt->version > 3) {
+ return (TROPICSSL_ERR_X509_CERT_UNKNOWN_VERSION);
+ }
+
+ if (crt->sig_oid1.len != 9 ||
+ memcmp(crt->sig_oid1.p, OID_PKCS1, 8) != 0) {
+ return (TROPICSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG);
+ }
+
+ if (crt->sig_oid1.p[8] < 2 || crt->sig_oid1.p[8] > 5) {
+ return (TROPICSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG);
+ }
+
+ /*
+ * issuer Name
+ */
+ crt->issuer_raw.p = p;
+
+ if ((ret = asn1_get_tag(&p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) {
+ return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT | ret);
+ }
+
+ if ((ret = x509_get_name(&p, p + len, &crt->issuer)) != 0) {
+ return (ret);
+ }
+
+ crt->issuer_raw.len = p - crt->issuer_raw.p;
+
+ /*
+ * Validity ::= SEQUENCE {
+ * notBefore Time,
+ * notAfter Time }
+ *
+ */
+ if ((ret = x509_get_dates(&p, end, &crt->valid_from,
+ &crt->valid_to)) != 0) {
+ return (ret);
+ }
+
+ /*
+ * subject Name
+ */
+ crt->subject_raw.p = p;
+
+ if ((ret = asn1_get_tag(&p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) {
+ return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT | ret);
+ }
+
+ if ((ret = x509_get_name(&p, p + len, &crt->subject)) != 0) {
+ return (ret);
+ }
+
+ crt->subject_raw.len = p - crt->subject_raw.p;
+
+ /*
+ * SubjectPublicKeyInfo ::= SEQUENCE
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ */
+ if ((ret = asn1_get_tag(&p, end, &len,
+ ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) {
+ return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT | ret);
+ }
/* Skip pubkey. */
p += len;
- /*
- * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version
shall be v2 or v3
- * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version
shall be v2 or v3
- * extensions [3] EXPLICIT Extensions OPTIONAL
- * -- If present, version
shall be v3
- */
- if (crt->version == 2 || crt->version == 3) {
- ret = x509_get_uid(&p, end, &crt->issuer_id, 1);
- if (ret != 0) {
- return (ret);
- }
- }
-
- if (crt->version == 2 || crt->version == 3) {
- ret = x509_get_uid(&p, end, &crt->subject_id, 2);
- if (ret != 0) {
- return (ret);
- }
- }
-
- if (p != end) {
- return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT |
- TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
- }
-
- end = crt->raw.p + crt->raw.len;
-
- /*
- * signatureAlgorithm AlgorithmIdentifier,
- * signatureValue BIT STRING
- */
- if ((ret = x509_get_alg(&p, end, &crt->sig_oid2)) != 0) {
- return (ret);
- }
-
- if (memcmp(crt->sig_oid1.p, crt->sig_oid2.p, 9) != 0) {
- return (TROPICSSL_ERR_X509_CERT_SIG_MISMATCH);
- }
-
- if ((ret = x509_get_sig(&p, end, &crt->sig)) != 0) {
- return (ret);
- }
-
- if (p != end) {
- return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT |
- TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
- }
+ /*
+ * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ * -- If present, version
shall be v2 or v3
+ * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ * -- If present, version
shall be v2 or v3
+ * extensions [3] EXPLICIT Extensions OPTIONAL
+ * -- If present, version
shall be v3
+ */
+ if (crt->version == 2 || crt->version == 3) {
+ ret = x509_get_uid(&p, end, &crt->issuer_id, 1);
+ if (ret != 0) {
+ return (ret);
+ }
+ }
+
+ if (crt->version == 2 || crt->version == 3) {
+ ret = x509_get_uid(&p, end, &crt->subject_id, 2);
+ if (ret != 0) {
+ return (ret);
+ }
+ }
+
+ if (p != end) {
+ return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT |
+ TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
+ }
+
+ end = crt->raw.p + crt->raw.len;
+
+ /*
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signatureValue BIT STRING
+ */
+ if ((ret = x509_get_alg(&p, end, &crt->sig_oid2)) != 0) {
+ return (ret);
+ }
+
+ if (memcmp(crt->sig_oid1.p, crt->sig_oid2.p, 9) != 0) {
+ return (TROPICSSL_ERR_X509_CERT_SIG_MISMATCH);
+ }
+
+ if ((ret = x509_get_sig(&p, end, &crt->sig)) != 0) {
+ return (ret);
+ }
+
+ if (p != end) {
+ return (TROPICSSL_ERR_X509_CERT_INVALID_FORMAT |
+ TROPICSSL_ERR_ASN1_LENGTH_MISMATCH);
+ }
- return (0);
+ return (0);
}
