diff options
Diffstat (limited to 'src/crypto/x509')
31 files changed, 456 insertions, 181 deletions
diff --git a/src/crypto/x509/CMakeLists.txt b/src/crypto/x509/CMakeLists.txt index 3bb5704..258c263 100644 --- a/src/crypto/x509/CMakeLists.txt +++ b/src/crypto/x509/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( x509 @@ -15,6 +15,7 @@ add_library( i2d_pr.c pkcs7.c t_crl.c + t_req.c t_x509.c t_x509a.c x509.c diff --git a/src/crypto/x509/a_digest.c b/src/crypto/x509/a_digest.c index 6060bbd..430e2e6 100644 --- a/src/crypto/x509/a_digest.c +++ b/src/crypto/x509/a_digest.c @@ -71,7 +71,7 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, i=i2d(data,NULL); if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) { - OPENSSL_PUT_ERROR(X509, ASN1_digest, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return(0); } p=str; diff --git a/src/crypto/x509/a_sign.c b/src/crypto/x509/a_sign.c index f219c23..4e9be8a 100644 --- a/src/crypto/x509/a_sign.c +++ b/src/crypto/x509/a_sign.c @@ -106,7 +106,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, if ((buf_in == NULL) || (buf_out == NULL)) { outl=0; - OPENSSL_PUT_ERROR(X509, ASN1_item_sign_ctx, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } @@ -114,7 +114,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, || !EVP_DigestSignFinal(ctx, buf_out, &outl)) { outl=0; - OPENSSL_PUT_ERROR(X509, ASN1_item_sign_ctx, ERR_R_EVP_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); goto err; } if (signature->data != NULL) OPENSSL_free(signature->data); diff --git a/src/crypto/x509/a_verify.c b/src/crypto/x509/a_verify.c index 72e0a62..572a139 100644 --- a/src/crypto/x509/a_verify.c +++ b/src/crypto/x509/a_verify.c @@ -80,13 +80,13 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (!pkey) { - OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - OPENSSL_PUT_ERROR(X509, ASN1_item_verify, X509_R_INVALID_BIT_STRING_BITS_LEFT); + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_BIT_STRING_BITS_LEFT); return 0; } @@ -101,7 +101,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (buf_in == NULL) { - OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } @@ -109,7 +109,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, { OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); - OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_EVP_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); goto err; } @@ -119,7 +119,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (EVP_DigestVerifyFinal(&ctx,signature->data, (size_t)signature->length) <= 0) { - OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_EVP_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); goto err; } /* we don't need to zero the 'ctx' because we just checked diff --git a/src/crypto/x509/asn1_gen.c b/src/crypto/x509/asn1_gen.c index d4d1ee6..850a816 100644 --- a/src/crypto/x509/asn1_gen.c +++ b/src/crypto/x509/asn1_gen.c @@ -171,7 +171,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) { if (!cnf) { - OPENSSL_PUT_ERROR(ASN1, ASN1_generate_v3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); return NULL; } ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); @@ -314,7 +314,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) if (utype == -1) { - OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_TAG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG); ERR_add_error_data(2, "tag=", elem); return -1; } @@ -327,7 +327,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) /* If no value and not end of string, error */ if (!vstart && elem[len]) { - OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_MISSING_VALUE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE); return -1; } return 0; @@ -340,7 +340,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) /* Check for illegal multiple IMPLICIT tagging */ if (arg->imp_tag != -1) { - OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_ILLEGAL_NESTED_TAGGING); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING); return -1; } if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) @@ -378,7 +378,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) case ASN1_GEN_FLAG_FORMAT: if (!vstart) { - OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); return -1; } if (!strncmp(vstart, "ASCII", 5)) @@ -391,7 +391,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) arg->format = ASN1_GEN_FORMAT_BITLIST; else { - OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); return -1; } break; @@ -415,7 +415,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) return 0; if (tag_num < 0) { - OPENSSL_PUT_ERROR(ASN1, parse_tagging, ASN1_R_INVALID_NUMBER); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); return 0; } *ptag = tag_num; @@ -448,7 +448,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) default: erch[0] = *eptr; erch[1] = 0; - OPENSSL_PUT_ERROR(ASN1, parse_tagging, ASN1_R_INVALID_MODIFIER); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER); ERR_add_error_data(2, "Char=", erch); return 0; break; @@ -534,13 +534,13 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons /* Can only have IMPLICIT if permitted */ if ((arg->imp_tag != -1) && !imp_ok) { - OPENSSL_PUT_ERROR(ASN1, append_exp, ASN1_R_ILLEGAL_IMPLICIT_TAG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG); return 0; } if (arg->exp_count == ASN1_FLAG_EXP_MAX) { - OPENSSL_PUT_ERROR(ASN1, append_exp, ASN1_R_DEPTH_EXCEEDED); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED); return 0; } @@ -658,7 +658,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (!(atmp = ASN1_TYPE_new())) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return NULL; } @@ -671,7 +671,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_NULL: if (str && *str) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_NULL_VALUE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE); goto bad_form; } break; @@ -679,7 +679,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_BOOLEAN: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT); goto bad_form; } vtmp.name = NULL; @@ -687,7 +687,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) vtmp.value = (char *)str; if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_BOOLEAN); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN); goto bad_str; } break; @@ -696,12 +696,12 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_ENUMERATED: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_INTEGER_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT); goto bad_form; } if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_INTEGER); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER); goto bad_str; } break; @@ -709,12 +709,12 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_OBJECT: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_OBJECT_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT); goto bad_form; } if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_OBJECT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT); goto bad_str; } break; @@ -723,23 +723,23 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_GENERALIZEDTIME: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_TIME_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT); goto bad_form; } if (!(atmp->value.asn1_string = ASN1_STRING_new())) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto bad_str; } if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto bad_str; } atmp->value.asn1_string->type = utype; if (!ASN1_TIME_check(atmp->value.asn1_string)) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_TIME_VALUE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE); goto bad_str; } @@ -761,7 +761,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) format = MBSTRING_UTF8; else { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT); goto bad_form; } @@ -769,7 +769,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, -1, format, ASN1_tag2bit(utype)) <= 0) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto bad_str; } @@ -782,7 +782,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (!(atmp->value.asn1_string = ASN1_STRING_new())) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto bad_form; } @@ -791,7 +791,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (!(rdata = string_to_hex((char *)str, &rdlen))) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_HEX); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX); goto bad_str; } @@ -806,7 +806,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) { if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string)) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_LIST_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR); goto bad_str; } no_unused = 0; @@ -814,7 +814,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) } else { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_BITSTRING_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT); goto bad_form; } @@ -830,7 +830,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) break; default: - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_UNSUPPORTED_TYPE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE); goto bad_str; break; } @@ -860,12 +860,12 @@ static int bitstr_cb(const char *elem, int len, void *bitstr) return 0; if (bitnum < 0) { - OPENSSL_PUT_ERROR(ASN1, bitstr_cb, ASN1_R_INVALID_NUMBER); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); return 0; } if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { - OPENSSL_PUT_ERROR(ASN1, bitstr_cb, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return 0; } return 1; diff --git a/src/crypto/x509/by_dir.c b/src/crypto/x509/by_dir.c index 34bb1e4..3393dfa 100644 --- a/src/crypto/x509/by_dir.c +++ b/src/crypto/x509/by_dir.c @@ -139,7 +139,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, X509_FILETYPE_PEM); if (!ret) { - OPENSSL_PUT_ERROR(X509, dir_ctrl, X509_R_LOADING_CERT_DIR); + OPENSSL_PUT_ERROR(X509, X509_R_LOADING_CERT_DIR); } } else @@ -208,7 +208,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) if (dir == NULL || !*dir) { - OPENSSL_PUT_ERROR(X509, add_cert_dir, X509_R_INVALID_DIRECTORY); + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_DIRECTORY); return 0; } @@ -237,7 +237,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) ctx->dirs = sk_BY_DIR_ENTRY_new_null(); if (!ctx->dirs) { - OPENSSL_PUT_ERROR(X509, add_cert_dir, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } } @@ -311,13 +311,13 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, } else { - OPENSSL_PUT_ERROR(X509, get_cert_by_subject, X509_R_WRONG_LOOKUP_TYPE); + OPENSSL_PUT_ERROR(X509, X509_R_WRONG_LOOKUP_TYPE); goto finish; } if ((b=BUF_MEM_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, get_cert_by_subject, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); goto finish; } @@ -337,7 +337,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, j=strlen(ent->dir)+1+8+6+1+1; if (!BUF_MEM_grow(b,j)) { - OPENSSL_PUT_ERROR(X509, get_cert_by_subject, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto finish; } if (type == X509_LU_CRL && ent->hashes) diff --git a/src/crypto/x509/by_file.c b/src/crypto/x509/by_file.c index 2fdbce4..f1d6194 100644 --- a/src/crypto/x509/by_file.c +++ b/src/crypto/x509/by_file.c @@ -109,7 +109,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, if (!ok) { - OPENSSL_PUT_ERROR(X509, by_file_ctrl, X509_R_LOADING_DEFAULTS); + OPENSSL_PUT_ERROR(X509, X509_R_LOADING_DEFAULTS); } } else @@ -137,7 +137,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) { - OPENSSL_PUT_ERROR(X509, X509_load_cert_file, ERR_R_SYS_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB); goto err; } @@ -156,7 +156,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) } else { - OPENSSL_PUT_ERROR(X509, X509_load_cert_file, ERR_R_PEM_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB); goto err; } } @@ -173,7 +173,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) x=d2i_X509_bio(in,NULL); if (x == NULL) { - OPENSSL_PUT_ERROR(X509, X509_load_cert_file, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); goto err; } i=X509_STORE_add_cert(ctx->store_ctx,x); @@ -182,7 +182,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) } else { - OPENSSL_PUT_ERROR(X509, X509_load_cert_file, X509_R_BAD_X509_FILETYPE); + OPENSSL_PUT_ERROR(X509, X509_R_BAD_X509_FILETYPE); goto err; } err: @@ -203,7 +203,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) { - OPENSSL_PUT_ERROR(X509, X509_load_crl_file, ERR_R_SYS_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB); goto err; } @@ -222,7 +222,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) } else { - OPENSSL_PUT_ERROR(X509, X509_load_crl_file, ERR_R_PEM_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB); goto err; } } @@ -239,7 +239,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) x=d2i_X509_CRL_bio(in,NULL); if (x == NULL) { - OPENSSL_PUT_ERROR(X509, X509_load_crl_file, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); goto err; } i=X509_STORE_add_crl(ctx->store_ctx,x); @@ -248,7 +248,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) } else { - OPENSSL_PUT_ERROR(X509, X509_load_crl_file, X509_R_BAD_X509_FILETYPE); + OPENSSL_PUT_ERROR(X509, X509_R_BAD_X509_FILETYPE); goto err; } err: @@ -268,13 +268,13 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) return X509_load_cert_file(ctx, file, type); in = BIO_new_file(file, "r"); if(!in) { - OPENSSL_PUT_ERROR(X509, X509_load_cert_crl_file, ERR_R_SYS_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB); return 0; } inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); BIO_free(in); if(!inf) { - OPENSSL_PUT_ERROR(X509, X509_load_cert_crl_file, ERR_R_PEM_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB); return 0; } for(i = 0; i < sk_X509_INFO_num(inf); i++) { diff --git a/src/crypto/x509/i2d_pr.c b/src/crypto/x509/i2d_pr.c index 443ca53..e7f4269 100644 --- a/src/crypto/x509/i2d_pr.c +++ b/src/crypto/x509/i2d_pr.c @@ -78,7 +78,7 @@ int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp) } /* Although this file is in crypto/x509 for layering reasons, it emits * an error code from ASN1 for OpenSSL compatibility. */ - OPENSSL_PUT_ERROR(ASN1, i2d_PrivateKey, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return -1; } diff --git a/src/crypto/x509/pkcs7.c b/src/crypto/x509/pkcs7.c index 99ee3da..2087f94 100644 --- a/src/crypto/x509/pkcs7.c +++ b/src/crypto/x509/pkcs7.c @@ -57,8 +57,7 @@ static int pkcs7_parse_header(uint8_t **der_bytes, CBS *out, CBS *cbs) { } if (OBJ_cbs2nid(&content_type) != NID_pkcs7_signed) { - OPENSSL_PUT_ERROR(X509, pkcs7_parse_header, - X509_R_NOT_PKCS7_SIGNED_DATA); + OPENSSL_PUT_ERROR(X509, X509_R_NOT_PKCS7_SIGNED_DATA); goto err; } @@ -73,8 +72,7 @@ static int pkcs7_parse_header(uint8_t **der_bytes, CBS *out, CBS *cbs) { } if (version < 1) { - OPENSSL_PUT_ERROR(X509, pkcs7_parse_header, - X509_R_BAD_PKCS7_VERSION); + OPENSSL_PUT_ERROR(X509, X509_R_BAD_PKCS7_VERSION); goto err; } @@ -103,8 +101,7 @@ int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs) { /* See https://tools.ietf.org/html/rfc2315#section-9.1 */ if (!CBS_get_asn1(&signed_data, &certificates, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { - OPENSSL_PUT_ERROR(X509, PKCS7_get_certificates, - X509_R_NO_CERTIFICATES_INCLUDED); + OPENSSL_PUT_ERROR(X509, X509_R_NO_CERTIFICATES_INCLUDED); goto err; } @@ -171,8 +168,7 @@ int PKCS7_get_CRLs(STACK_OF(X509_CRL) *out_crls, CBS *cbs) { if (!CBS_get_asn1(&signed_data, &crls, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 1)) { - OPENSSL_PUT_ERROR(X509, PKCS7_get_CRLs, - X509_R_NO_CRLS_INCLUDED); + OPENSSL_PUT_ERROR(X509, X509_R_NO_CRLS_INCLUDED); goto err; } diff --git a/src/crypto/x509/t_crl.c b/src/crypto/x509/t_crl.c index 93a7afb..a2d8bc7 100644 --- a/src/crypto/x509/t_crl.c +++ b/src/crypto/x509/t_crl.c @@ -70,7 +70,7 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_CRL_print_fp, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); diff --git a/src/crypto/x509/t_req.c b/src/crypto/x509/t_req.c new file mode 100644 index 0000000..39c836c --- /dev/null +++ b/src/crypto/x509/t_req.c @@ -0,0 +1,246 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#include <stdio.h> + +#include <openssl/bn.h> +#include <openssl/buffer.h> +#include <openssl/err.h> +#include <openssl/objects.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> + + +int X509_REQ_print_fp(FILE *fp, X509_REQ *x) { + BIO *bio = BIO_new(BIO_s_file()); + if (bio == NULL) { + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); + return 0; + } + + BIO_set_fp(bio, fp, BIO_NOCLOSE); + int ret = X509_REQ_print(bio, x); + BIO_free(bio); + return ret; +} + +int X509_REQ_print_ex(BIO *bio, X509_REQ *x, unsigned long nmflags, + unsigned long cflag) { + long l; + EVP_PKEY *pkey; + STACK_OF(X509_ATTRIBUTE) * sk; + char mlch = ' '; + + int nmindent = 0; + + if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { + mlch = '\n'; + nmindent = 12; + } + + if (nmflags == X509_FLAG_COMPAT) { + nmindent = 16; + } + + X509_REQ_INFO *ri = x->req_info; + if (!(cflag & X509_FLAG_NO_HEADER)) { + if (BIO_write(bio, "Certificate Request:\n", 21) <= 0 || + BIO_write(bio, " Data:\n", 10) <= 0) { + goto err; + } + } + if (!(cflag & X509_FLAG_NO_VERSION)) { + l = X509_REQ_get_version(x); + if (BIO_printf(bio, "%8sVersion: %ld (0x%lx)\n", "", l + 1, l) <= 0) { + goto err; + } + } + if (!(cflag & X509_FLAG_NO_SUBJECT)) { + if (BIO_printf(bio, " Subject:%c", mlch) <= 0 || + X509_NAME_print_ex(bio, ri->subject, nmindent, nmflags) < 0 || + BIO_write(bio, "\n", 1) <= 0) { + goto err; + } + } + if (!(cflag & X509_FLAG_NO_PUBKEY)) { + if (BIO_write(bio, " Subject Public Key Info:\n", 33) <= 0 || + BIO_printf(bio, "%12sPublic Key Algorithm: ", "") <= 0 || + i2a_ASN1_OBJECT(bio, ri->pubkey->algor->algorithm) <= 0 || + BIO_puts(bio, "\n") <= 0) { + goto err; + } + + pkey = X509_REQ_get_pubkey(x); + if (pkey == NULL) { + BIO_printf(bio, "%12sUnable to load Public Key\n", ""); + ERR_print_errors(bio); + } else { + EVP_PKEY_print_public(bio, pkey, 16, NULL); + EVP_PKEY_free(pkey); + } + } + + if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { + if (BIO_printf(bio, "%8sAttributes:\n", "") <= 0) { + goto err; + } + + sk = x->req_info->attributes; + if (sk_X509_ATTRIBUTE_num(sk) == 0) { + if (BIO_printf(bio, "%12sa0:00\n", "") <= 0) { + goto err; + } + } else { + size_t i; + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + X509_ATTRIBUTE *a = sk_X509_ATTRIBUTE_value(sk, i); + ASN1_OBJECT *aobj = X509_ATTRIBUTE_get0_object(a); + + if (X509_REQ_extension_nid(OBJ_obj2nid(aobj))) { + continue; + } + + if (BIO_printf(bio, "%12s", "") <= 0) { + goto err; + } + + const int num_attrs = X509_ATTRIBUTE_count(a); + const int obj_str_len = i2a_ASN1_OBJECT(bio, aobj); + if (obj_str_len <= 0) { + if (BIO_puts(bio, "(Unable to print attribute ID.)\n") < 0) { + goto err; + } else { + continue; + } + } + + int j; + for (j = 0; j < num_attrs; j++) { + const ASN1_TYPE *at = X509_ATTRIBUTE_get0_type(a, j); + const int type = at->type; + ASN1_BIT_STRING *bs = at->value.asn1_string; + + int k; + for (k = 25 - obj_str_len; k > 0; k--) { + if (BIO_write(bio, " ", 1) != 1) { + goto err; + } + } + + if (BIO_puts(bio, ":") <= 0) { + goto err; + } + + if (type == V_ASN1_PRINTABLESTRING || + type == V_ASN1_UTF8STRING || + type == V_ASN1_IA5STRING || + type == V_ASN1_T61STRING) { + if (BIO_write(bio, (char *)bs->data, bs->length) != bs->length) { + goto err; + } + BIO_puts(bio, "\n"); + } else { + BIO_puts(bio, "unable to print attribute\n"); + } + } + } + } + } + + if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { + STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(x); + if (exts) { + BIO_printf(bio, "%8sRequested Extensions:\n", ""); + + size_t i; + for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { + X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i); + if (BIO_printf(bio, "%12s", "") <= 0) { + goto err; + } + ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex); + i2a_ASN1_OBJECT(bio, obj); + const int is_critical = X509_EXTENSION_get_critical(ex); + if (BIO_printf(bio, ": %s\n", is_critical ? "critical" : "") <= 0) { + goto err; + } + if (!X509V3_EXT_print(bio, ex, cflag, 16)) { + BIO_printf(bio, "%16s", ""); + ASN1_STRING_print(bio, X509_EXTENSION_get_data(ex)); + } + if (BIO_write(bio, "\n", 1) <= 0) { + goto err; + } + } + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + } + } + + if (!(cflag & X509_FLAG_NO_SIGDUMP) && + !X509_signature_print(bio, x->sig_alg, x->signature)) { + goto err; + } + + return 1; + +err: + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); + return 0; +} + +int X509_REQ_print(BIO *bio, X509_REQ *req) { + return X509_REQ_print_ex(bio, req, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +} diff --git a/src/crypto/x509/t_x509.c b/src/crypto/x509/t_x509.c index 2b9a421..7785ebf 100644 --- a/src/crypto/x509/t_x509.c +++ b/src/crypto/x509/t_x509.c @@ -74,7 +74,7 @@ int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cfla if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_print_ex_fp, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); @@ -493,7 +493,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) if (0) { err: - OPENSSL_PUT_ERROR(X509, X509_NAME_print, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); } OPENSSL_free(b); return(ret); diff --git a/src/crypto/x509/x509_att.c b/src/crypto/x509/x509_att.c index 90e7810..1491484 100644 --- a/src/crypto/x509/x509_att.c +++ b/src/crypto/x509/x509_att.c @@ -124,7 +124,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, if (x == NULL) { - OPENSSL_PUT_ERROR(X509, X509at_add1_attr, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); goto err2; } @@ -144,7 +144,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, *x=sk; return(sk); err: - OPENSSL_PUT_ERROR(X509, X509at_add1_attr, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); err2: if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr); if (sk != NULL) sk_X509_ATTRIBUTE_free(sk); @@ -214,7 +214,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, obj=OBJ_nid2obj(nid); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_create_by_NID, X509_R_UNKNOWN_NID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_NID); return(NULL); } return X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len); @@ -229,7 +229,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, { if ((ret=X509_ATTRIBUTE_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_create_by_OBJ, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return(NULL); } } @@ -258,7 +258,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, obj=OBJ_txt2obj(atrname, 0); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_create_by_txt, X509_R_INVALID_FIELD_NAME); + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_NAME); ERR_add_error_data(2, "name=", atrname); return(NULL); } @@ -286,7 +286,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, OBJ_obj2nid(attr->object)); if(!stmp) { - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_set1_data, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); return 0; } atype = stmp->type; @@ -314,7 +314,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; return 1; err: - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_set1_data, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } @@ -338,7 +338,7 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, ttmp = X509_ATTRIBUTE_get0_type(attr, idx); if(!ttmp) return NULL; if(atrtype != ASN1_TYPE_get(ttmp)){ - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_get0_data, X509_R_WRONG_TYPE); + OPENSSL_PUT_ERROR(X509, X509_R_WRONG_TYPE); return NULL; } return ttmp->value.ptr; diff --git a/src/crypto/x509/x509_cmp.c b/src/crypto/x509/x509_cmp.c index 712e36b..0e35f3e 100644 --- a/src/crypto/x509/x509_cmp.c +++ b/src/crypto/x509/x509_cmp.c @@ -333,13 +333,13 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) case 1: break; case 0: - OPENSSL_PUT_ERROR(X509, X509_check_private_key, X509_R_KEY_VALUES_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH); break; case -1: - OPENSSL_PUT_ERROR(X509, X509_check_private_key, X509_R_KEY_TYPE_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH); break; case -2: - OPENSSL_PUT_ERROR(X509, X509_check_private_key, X509_R_UNKNOWN_KEY_TYPE); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE); } if (xk) EVP_PKEY_free(xk); diff --git a/src/crypto/x509/x509_lu.c b/src/crypto/x509/x509_lu.c index a662305..6d7bc26 100644 --- a/src/crypto/x509/x509_lu.c +++ b/src/crypto/x509/x509_lu.c @@ -345,7 +345,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_STORE_add_cert, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } obj->type=X509_LU_X509; @@ -359,7 +359,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) { X509_OBJECT_free_contents(obj); OPENSSL_free(obj); - OPENSSL_PUT_ERROR(X509, X509_STORE_add_cert, X509_R_CERT_ALREADY_IN_HASH_TABLE); + OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE); ret=0; } else sk_X509_OBJECT_push(ctx->objs, obj); @@ -378,7 +378,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_STORE_add_crl, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } obj->type=X509_LU_CRL; @@ -392,7 +392,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) { X509_OBJECT_free_contents(obj); OPENSSL_free(obj); - OPENSSL_PUT_ERROR(X509, X509_STORE_add_crl, X509_R_CERT_ALREADY_IN_HASH_TABLE); + OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE); ret=0; } else sk_X509_OBJECT_push(ctx->objs, obj); @@ -410,7 +410,7 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a) X509_up_ref(a->data.x509); break; case X509_LU_CRL: - CRYPTO_refcount_inc(&a->data.crl->references); + X509_CRL_up_ref(a->data.crl); break; } } @@ -572,7 +572,7 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) { obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); x = obj->data.crl; - CRYPTO_refcount_inc(&x->references); + X509_CRL_up_ref(x); if (!sk_X509_CRL_push(sk, x)) { CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); @@ -641,7 +641,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) if (ok == X509_LU_RETRY) { X509_OBJECT_free_contents(&obj); - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_get1_issuer, X509_R_SHOULD_RETRY); + OPENSSL_PUT_ERROR(X509, X509_R_SHOULD_RETRY); return -1; } else if (ok != X509_LU_FAIL) diff --git a/src/crypto/x509/x509_obj.c b/src/crypto/x509/x509_obj.c index 914e0de..b6f0816 100644 --- a/src/crypto/x509/x509_obj.c +++ b/src/crypto/x509/x509_obj.c @@ -184,7 +184,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) *p = '\0'; return(p); err: - OPENSSL_PUT_ERROR(X509, X509_NAME_oneline, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); if (b != NULL) BUF_MEM_free(b); return(NULL); } diff --git a/src/crypto/x509/x509_r2x.c b/src/crypto/x509/x509_r2x.c index 3c8e9c0..85979ac 100644 --- a/src/crypto/x509/x509_r2x.c +++ b/src/crypto/x509/x509_r2x.c @@ -72,7 +72,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) if ((ret=X509_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_REQ_to_X509, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/src/crypto/x509/x509_req.c b/src/crypto/x509/x509_req.c index 2732d6e..01c5113 100644 --- a/src/crypto/x509/x509_req.c +++ b/src/crypto/x509/x509_req.c @@ -77,7 +77,7 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) ret=X509_REQ_new(); if (ret == NULL) { - OPENSSL_PUT_ERROR(X509, X509_to_X509_REQ, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } @@ -128,24 +128,24 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) ok=1; break; case 0: - OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_KEY_VALUES_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH); break; case -1: - OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_KEY_TYPE_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH); break; case -2: if (k->type == EVP_PKEY_EC) { - OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_EC_LIB); break; } if (k->type == EVP_PKEY_DH) { /* No idea */ - OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_CANT_CHECK_DH_KEY); + OPENSSL_PUT_ERROR(X509, X509_R_CANT_CHECK_DH_KEY); break; } - OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_UNKNOWN_KEY_TYPE); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE); } EVP_PKEY_free(xk); diff --git a/src/crypto/x509/x509_trs.c b/src/crypto/x509/x509_trs.c index 9b7cc9c..820e605 100644 --- a/src/crypto/x509/x509_trs.c +++ b/src/crypto/x509/x509_trs.c @@ -156,7 +156,7 @@ int X509_TRUST_get_by_id(int id) int X509_TRUST_set(int *t, int trust) { if(X509_TRUST_get_by_id(trust) == -1) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_set, X509_R_INVALID_TRUST); + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_TRUST); return 0; } *t = trust; @@ -179,7 +179,7 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), /* Need a new entry */ if(idx == -1) { if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } trtmp->flags = X509_TRUST_DYNAMIC; @@ -188,7 +188,7 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), /* Duplicate the supplied name. */ name_dup = BUF_strdup(name); if (name_dup == NULL) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); if (idx == -1) OPENSSL_free(trtmp); return 0; @@ -210,12 +210,12 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), /* If its a new entry manage the dynamic table */ if(idx == -1) { if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); trtable_free(trtmp); return 0; } if (!sk_X509_TRUST_push(trtable, trtmp)) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); trtable_free(trtmp); return 0; } diff --git a/src/crypto/x509/x509_v3.c b/src/crypto/x509/x509_v3.c index 0fc9a9a..b042985 100644 --- a/src/crypto/x509/x509_v3.c +++ b/src/crypto/x509/x509_v3.c @@ -147,7 +147,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, if (x == NULL) { - OPENSSL_PUT_ERROR(X509, X509v3_add_ext, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); goto err2; } @@ -171,7 +171,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, *x=sk; return(sk); err: - OPENSSL_PUT_ERROR(X509, X509v3_add_ext, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); err2: if (new_ex != NULL) X509_EXTENSION_free(new_ex); if (sk != NULL) sk_X509_EXTENSION_free(sk); @@ -187,7 +187,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, obj=OBJ_nid2obj(nid); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_EXTENSION_create_by_NID, X509_R_UNKNOWN_NID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_NID); return(NULL); } ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data); @@ -203,7 +203,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, { if ((ret=X509_EXTENSION_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_EXTENSION_create_by_OBJ, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return(NULL); } } diff --git a/src/crypto/x509/x509_vfy.c b/src/crypto/x509/x509_vfy.c index f53f279..5d856f0 100644 --- a/src/crypto/x509/x509_vfy.c +++ b/src/crypto/x509/x509_vfy.c @@ -72,7 +72,8 @@ #include "../internal.h" -static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; +static CRYPTO_EX_DATA_CLASS g_ex_data_class = + CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA; /* CRL score values */ @@ -201,7 +202,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) STACK_OF(X509) *sktmp=NULL; if (ctx->cert == NULL) { - OPENSSL_PUT_ERROR(X509, X509_verify_cert, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); + OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); return -1; } @@ -214,7 +215,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if ( ((ctx->chain=sk_X509_new_null()) == NULL) || (!sk_X509_push(ctx->chain,ctx->cert))) { - OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto end; } X509_up_ref(ctx->cert); @@ -225,7 +226,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (ctx->untrusted != NULL && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto end; } @@ -251,7 +252,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) { ok = ctx->get_issuer(&xtmp, ctx, x); if (ok < 0) - return ok; + goto end; /* If successful for now free up cert so it * will be picked up again later. */ @@ -270,10 +271,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx) { if (!sk_X509_push(ctx->chain,xtmp)) { - OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto end; } - CRYPTO_refcount_inc(&xtmp->references); + X509_up_ref(xtmp); (void)sk_X509_delete_ptr(sktmp,xtmp); ctx->last_untrusted++; x=xtmp; @@ -349,15 +350,16 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = ctx->get_issuer(&xtmp, ctx, x); - if (ok < 0) return ok; + if (ok < 0) goto end; if (ok == 0) break; x = xtmp; if (!sk_X509_push(ctx->chain,x)) { X509_free(xtmp); - OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); - return 0; + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); + ok = 0; + goto end; } num++; } @@ -990,7 +992,7 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, *pissuer = best_crl_issuer; *pscore = best_score; *preasons = best_reasons; - CRYPTO_refcount_inc(&best_crl->references); + X509_CRL_up_ref(best_crl); if (*pdcrl) { X509_CRL_free(*pdcrl); @@ -1097,7 +1099,7 @@ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, { if (check_crl_time(ctx, delta, 0)) *pscore |= CRL_SCORE_TIME_DELTA; - CRYPTO_refcount_inc(&delta->references); + X509_CRL_up_ref(delta); *dcrl = delta; return; } @@ -1634,7 +1636,7 @@ static int check_policy(X509_STORE_CTX *ctx) ctx->param->policies, ctx->param->flags); if (ret == 0) { - OPENSSL_PUT_ERROR(X509, check_policy, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } /* Invalid or inconsistent extensions */ @@ -1983,44 +1985,44 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, /* CRLs can't be delta already */ if (base->base_crl_number || newer->base_crl_number) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_CRL_ALREADY_DELTA); + OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA); return NULL; } /* Base and new CRL must have a CRL number */ if (!base->crl_number || !newer->crl_number) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_NO_CRL_NUMBER); + OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER); return NULL; } /* Issuer names must match */ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_ISSUER_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH); return NULL; } /* AKID and IDP must match */ if (!crl_extension_match(base, newer, NID_authority_key_identifier)) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_AKID_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH); return NULL; } if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_IDP_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH); return NULL; } /* Newer CRL number must exceed full CRL number */ if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_NEWER_CRL_NOT_NEWER); + OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER); return NULL; } /* CRLs must verify */ if (skey && (X509_CRL_verify(base, skey) <= 0 || X509_CRL_verify(newer, skey) <= 0)) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_CRL_VERIFY_FAILURE); + OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE); return NULL; } /* Create new CRL */ @@ -2085,7 +2087,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, return crl; memerr: - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); if (crl) X509_CRL_free(crl); return NULL; @@ -2210,7 +2212,7 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, idx = X509_PURPOSE_get_by_id(purpose); if (idx == -1) { - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_purpose_inherit, X509_R_UNKNOWN_PURPOSE_ID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID); return 0; } ptmp = X509_PURPOSE_get0(idx); @@ -2219,7 +2221,7 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, idx = X509_PURPOSE_get_by_id(def_purpose); if (idx == -1) { - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_purpose_inherit, X509_R_UNKNOWN_PURPOSE_ID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID); return 0; } ptmp = X509_PURPOSE_get0(idx); @@ -2232,7 +2234,7 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, idx = X509_TRUST_get_by_id(trust); if (idx == -1) { - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_purpose_inherit, X509_R_UNKNOWN_TRUST_ID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID); return 0; } } @@ -2248,7 +2250,7 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); if (!ctx) { - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return NULL; } memset(ctx, 0, sizeof(X509_STORE_CTX)); @@ -2371,7 +2373,7 @@ err: } memset(ctx, 0, sizeof(X509_STORE_CTX)); - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_init, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/src/crypto/x509/x509cset.c b/src/crypto/x509/x509cset.c index b526c69..82d61d0 100644 --- a/src/crypto/x509/x509cset.c +++ b/src/crypto/x509/x509cset.c @@ -57,6 +57,8 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "../internal.h" + int X509_CRL_set_version(X509_CRL *x, long version) { @@ -128,6 +130,11 @@ int X509_CRL_sort(X509_CRL *c) return 1; } +void X509_CRL_up_ref(X509_CRL *crl) + { + CRYPTO_refcount_inc(&crl->references); + } + int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) { ASN1_TIME *in; diff --git a/src/crypto/x509/x509name.c b/src/crypto/x509/x509name.c index 042d18b..7bb3aa1 100644 --- a/src/crypto/x509/x509name.c +++ b/src/crypto/x509/x509name.c @@ -254,7 +254,7 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, new_name->set=set; if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc)) { - OPENSSL_PUT_ERROR(X509, X509_NAME_add_entry, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } if (inc) @@ -279,7 +279,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, obj=OBJ_txt2obj(field, 0); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_NAME_ENTRY_create_by_txt, X509_R_INVALID_FIELD_NAME); + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_NAME); ERR_add_error_data(2, "name=", field); return(NULL); } @@ -297,7 +297,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, obj=OBJ_nid2obj(nid); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_NAME_ENTRY_create_by_NID, X509_R_UNKNOWN_NID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_NID); return(NULL); } nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); @@ -336,7 +336,7 @@ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj) { if ((ne == NULL) || (obj == NULL)) { - OPENSSL_PUT_ERROR(X509, X509_NAME_ENTRY_set_object, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); return(0); } ASN1_OBJECT_free(ne->object); diff --git a/src/crypto/x509/x509spki.c b/src/crypto/x509/x509spki.c index 9bab957..ccf93e0 100644 --- a/src/crypto/x509/x509spki.c +++ b/src/crypto/x509/x509spki.c @@ -84,15 +84,15 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) if (len <= 0) len = strlen(str); if (!EVP_DecodedLength(&spki_len, len)) { - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_decode, X509_R_BASE64_DECODE_ERROR); + OPENSSL_PUT_ERROR(X509, X509_R_BASE64_DECODE_ERROR); return NULL; } if (!(spki_der = OPENSSL_malloc(spki_len))) { - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_decode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return NULL; } if (!EVP_DecodeBase64(spki_der, &spki_len, spki_len, (const uint8_t *)str, len)) { - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_decode, X509_R_BASE64_DECODE_ERROR); + OPENSSL_PUT_ERROR(X509, X509_R_BASE64_DECODE_ERROR); OPENSSL_free(spki_der); return NULL; } @@ -113,18 +113,18 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) der_len = i2d_NETSCAPE_SPKI(spki, NULL); if (!EVP_EncodedLength(&b64_len, der_len)) { - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_encode, ERR_R_OVERFLOW); + OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW); return NULL; } der_spki = OPENSSL_malloc(der_len); if (der_spki == NULL) { - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return NULL; } b64_str = OPENSSL_malloc(b64_len); if (b64_str == NULL) { OPENSSL_free(der_spki); - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return NULL; } p = der_spki; diff --git a/src/crypto/x509/x_all.c b/src/crypto/x509/x_all.c index 785fd1e..d7f2d29 100644 --- a/src/crypto/x509/x_all.c +++ b/src/crypto/x509/x_all.c @@ -64,9 +64,6 @@ #include <openssl/x509.h> -extern const ASN1_ITEM RSAPrivateKey_it; -extern const ASN1_ITEM RSAPublicKey_it; - int X509_verify(X509 *a, EVP_PKEY *r) { if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) @@ -144,6 +141,12 @@ int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) x->signature, x->spkac,pkey,md)); } +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *x, EVP_PKEY *pkey) + { + return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, + x->signature, x->spkac, pkey)); + } + #ifndef OPENSSL_NO_FP_API X509 *d2i_X509_fp(FILE *fp, X509 **x509) { @@ -239,17 +242,17 @@ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) #ifndef OPENSSL_NO_FP_API RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); + return ASN1_d2i_fp_of(RSA, RSA_new, d2i_RSAPrivateKey, fp, rsa); } int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); + return ASN1_i2d_fp_of_const(RSA, i2d_RSAPrivateKey, fp, rsa); } RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); + return ASN1_d2i_fp_of(RSA, RSA_new, d2i_RSAPublicKey, fp, rsa); } RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) @@ -261,7 +264,7 @@ RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); + return ASN1_i2d_fp_of_const(RSA, i2d_RSAPublicKey, fp, rsa); } int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) @@ -272,17 +275,17 @@ int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); + return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSAPrivateKey, bp, rsa); } int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); + return ASN1_i2d_bio_of_const(RSA, i2d_RSAPrivateKey, bp, rsa); } RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); + return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSAPublicKey, bp, rsa); } @@ -293,7 +296,7 @@ RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); + return ASN1_i2d_bio_of_const(RSA, i2d_RSAPublicKey, bp, rsa); } int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) diff --git a/src/crypto/x509/x_crl.c b/src/crypto/x509/x_crl.c index 2f41bb1..d516872 100644 --- a/src/crypto/x509/x_crl.c +++ b/src/crypto/x509/x_crl.c @@ -400,7 +400,7 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) if(!inf->revoked) inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { - OPENSSL_PUT_ERROR(X509, X509_CRL_add0_revoked, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } inf->enc.modified = 1; diff --git a/src/crypto/x509/x_info.c b/src/crypto/x509/x_info.c index f9e9ab8..be579d7 100644 --- a/src/crypto/x509/x_info.c +++ b/src/crypto/x509/x_info.c @@ -69,7 +69,7 @@ X509_INFO *X509_INFO_new(void) ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO)); if (ret == NULL) { - OPENSSL_PUT_ERROR(X509, X509_INFO_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return(NULL); } diff --git a/src/crypto/x509/x_name.c b/src/crypto/x509/x_name.c index 5cfb3ae..762756b 100644 --- a/src/crypto/x509/x_name.c +++ b/src/crypto/x509/x_name.c @@ -150,7 +150,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) return 1; memerr: - OPENSSL_PUT_ERROR(X509, x509_name_ex_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); if (ret) { if (ret->entries) @@ -239,7 +239,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, err: if (nm.x != NULL) X509_NAME_free(nm.x); - OPENSSL_PUT_ERROR(X509, x509_name_ex_d2i, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); return 0; } @@ -300,7 +300,7 @@ static int x509_name_encode(X509_NAME *a) memerr: sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, local_sk_X509_NAME_ENTRY_free); - OPENSSL_PUT_ERROR(X509, x509_name_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/src/crypto/x509/x_pkey.c b/src/crypto/x509/x_pkey.c index 5bc6415..f5e98b8 100644 --- a/src/crypto/x509/x_pkey.c +++ b/src/crypto/x509/x_pkey.c @@ -69,7 +69,7 @@ X509_PKEY *X509_PKEY_new(void) X509_PKEY *ret = OPENSSL_malloc(sizeof(X509_PKEY)); if (ret == NULL) { - OPENSSL_PUT_ERROR(X509, X509_PKEY_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } memset(ret, 0, sizeof(X509_PKEY)); diff --git a/src/crypto/x509/x_pubkey.c b/src/crypto/x509/x_pubkey.c index c2e0863..a16edca 100644 --- a/src/crypto/x509/x_pubkey.c +++ b/src/crypto/x509/x_pubkey.c @@ -100,19 +100,19 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { if (!pkey->ameth->pub_encode(pk, pkey)) { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_set, X509_R_PUBLIC_KEY_ENCODE_ERROR); + OPENSSL_PUT_ERROR(X509, X509_R_PUBLIC_KEY_ENCODE_ERROR); goto error; } } else { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_set, X509_R_METHOD_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(X509, X509_R_METHOD_NOT_SUPPORTED); goto error; } } else { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_set, X509_R_UNSUPPORTED_ALGORITHM); + OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM); goto error; } @@ -151,13 +151,13 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) if ((ret = EVP_PKEY_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_get, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto error; } if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_get, X509_R_UNSUPPORTED_ALGORITHM); + OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM); goto error; } @@ -165,13 +165,13 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { if (!ret->ameth->pub_decode(ret, key)) { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_get, X509_R_PUBLIC_KEY_DECODE_ERROR); + OPENSSL_PUT_ERROR(X509, X509_R_PUBLIC_KEY_DECODE_ERROR); goto error; } } else { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_get, X509_R_METHOD_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(X509, X509_R_METHOD_NOT_SUPPORTED); goto error; } @@ -262,7 +262,7 @@ int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp) pktmp = EVP_PKEY_new(); if (!pktmp) { - OPENSSL_PUT_ERROR(X509, i2d_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } EVP_PKEY_set1_RSA(pktmp, (RSA*) a); @@ -301,7 +301,7 @@ int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp) pktmp = EVP_PKEY_new(); if(!pktmp) { - OPENSSL_PUT_ERROR(X509, i2d_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } EVP_PKEY_set1_DSA(pktmp, (DSA*) a); @@ -338,7 +338,7 @@ int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp) if (!a) return(0); if ((pktmp = EVP_PKEY_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, i2d_EC_PUBKEY, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return(0); } EVP_PKEY_set1_EC_KEY(pktmp, (EC_KEY*) a); diff --git a/src/crypto/x509/x_x509a.c b/src/crypto/x509/x_x509a.c index e13204b..fb7172b 100644 --- a/src/crypto/x509/x_x509a.c +++ b/src/crypto/x509/x_x509a.c @@ -133,24 +133,44 @@ unsigned char *X509_keyid_get0(X509 *x, int *len) int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) { - X509_CERT_AUX *aux; - ASN1_OBJECT *objtmp; - if(!(objtmp = OBJ_dup(obj))) return 0; - if(!(aux = aux_get(x))) return 0; - if(!aux->trust - && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0; - return sk_ASN1_OBJECT_push(aux->trust, objtmp); + ASN1_OBJECT *objtmp = OBJ_dup(obj); + if (objtmp == NULL) + goto err; + X509_CERT_AUX *aux = aux_get(x); + if (aux->trust == NULL) + { + aux->trust = sk_ASN1_OBJECT_new_null(); + if (aux->trust == NULL) + goto err; + } + if (!sk_ASN1_OBJECT_push(aux->trust, objtmp)) + goto err; + return 1; + +err: + ASN1_OBJECT_free(objtmp); + return 0; } int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) { - X509_CERT_AUX *aux; - ASN1_OBJECT *objtmp; - if(!(objtmp = OBJ_dup(obj))) return 0; - if(!(aux = aux_get(x))) return 0; - if(!aux->reject - && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0; - return sk_ASN1_OBJECT_push(aux->reject, objtmp); + ASN1_OBJECT *objtmp = OBJ_dup(obj); + if (objtmp == NULL) + goto err; + X509_CERT_AUX *aux = aux_get(x); + if (aux->reject == NULL) + { + aux->reject = sk_ASN1_OBJECT_new_null(); + if (aux->reject == NULL) + goto err; + } + if (!sk_ASN1_OBJECT_push(aux->reject, objtmp)) + goto err; + return 1; + +err: + ASN1_OBJECT_free(objtmp); + return 0; } void X509_trust_clear(X509 *x) |