summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/hx509
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/hx509')
-rw-r--r--source4/heimdal/lib/hx509/ca.c2
-rw-r--r--source4/heimdal/lib/hx509/cert.c70
-rw-r--r--source4/heimdal/lib/hx509/error.c9
-rw-r--r--source4/heimdal/lib/hx509/file.c14
-rw-r--r--source4/heimdal/lib/hx509/keyset.c2
-rw-r--r--source4/heimdal/lib/hx509/ks_file.c80
-rw-r--r--source4/heimdal/lib/hx509/lock.c10
-rw-r--r--source4/heimdal/lib/hx509/name.c31
-rw-r--r--source4/heimdal/lib/hx509/revoke.c4
-rw-r--r--source4/heimdal/lib/hx509/sel.c1
10 files changed, 144 insertions, 79 deletions
diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c
index 552a869809..8ec6eae22a 100644
--- a/source4/heimdal/lib/hx509/ca.c
+++ b/source4/heimdal/lib/hx509/ca.c
@@ -692,7 +692,7 @@ add_utf8_san(hx509_context context,
const heim_oid *oid,
const char *string)
{
- const PKIXXmppAddr ustring = string;
+ const PKIXXmppAddr ustring = (const PKIXXmppAddr)string;
heim_octet_string os;
size_t size;
int ret;
diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c
index 7eaf6eb3c8..ebf02a99e3 100644
--- a/source4/heimdal/lib/hx509/cert.c
+++ b/source4/heimdal/lib/hx509/cert.c
@@ -283,6 +283,7 @@ hx509_cert_init_data(hx509_context context,
return ret;
}
if (size != len) {
+ free_Certificate(&t);
hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE,
"Extra data after certificate");
return HX509_EXTRA_DATA_AFTER_STRUCTURE;
@@ -445,7 +446,7 @@ hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set)
{
if (ctx->trust_anchors)
hx509_certs_free(&ctx->trust_anchors);
- ctx->trust_anchors = _hx509_certs_ref(set);
+ ctx->trust_anchors = hx509_certs_ref(set);
}
/**
@@ -1926,9 +1927,9 @@ hx509_verify_path(hx509_context context,
*
*/
if (ctx->trust_anchors)
- anchors = _hx509_certs_ref(ctx->trust_anchors);
+ anchors = hx509_certs_ref(ctx->trust_anchors);
else if (context->default_trust_anchors && ALLOW_DEF_TA(ctx))
- anchors = _hx509_certs_ref(context->default_trust_anchors);
+ anchors = hx509_certs_ref(context->default_trust_anchors);
else {
ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors);
if (ret)
@@ -3451,3 +3452,66 @@ out:
hx509_env_free(&envcert);
return ret;
}
+
+/**
+ * Print a simple representation of a certificate
+ *
+ * @param context A hx509 context, can be NULL
+ * @param cert certificate to print
+ * @param out the stdio output stream, if NULL, stdout is used
+ *
+ * @return An hx509 error code
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_print_cert(hx509_context context, hx509_cert cert, FILE *out)
+{
+ hx509_name name;
+ char *str;
+ int ret;
+
+ if (out == NULL)
+ out = stderr;
+
+ ret = hx509_cert_get_issuer(cert, &name);
+ if (ret)
+ return ret;
+ hx509_name_to_string(name, &str);
+ hx509_name_free(&name);
+ fprintf(out, " issuer: \"%s\"\n", str);
+ free(str);
+
+ ret = hx509_cert_get_subject(cert, &name);
+ if (ret)
+ return ret;
+ hx509_name_to_string(name, &str);
+ hx509_name_free(&name);
+ fprintf(out, " subject: \"%s\"\n", str);
+ free(str);
+
+ {
+ heim_integer serialNumber;
+
+ ret = hx509_cert_get_serialnumber(cert, &serialNumber);
+ if (ret)
+ return ret;
+ ret = der_print_hex_heim_integer(&serialNumber, &str);
+ if (ret)
+ return ret;
+ der_free_heim_integer(&serialNumber);
+ fprintf(out, " serial: %s\n", str);
+ free(str);
+ }
+
+ printf(" keyusage: ");
+ ret = hx509_cert_keyusage_print(context, cert, &str);
+ if (ret == 0) {
+ fprintf(out, "%s\n", str);
+ free(str);
+ } else
+ fprintf(out, "no");
+
+ return 0;
+}
diff --git a/source4/heimdal/lib/hx509/error.c b/source4/heimdal/lib/hx509/error.c
index 45813efb38..fc3cf90b32 100644
--- a/source4/heimdal/lib/hx509/error.c
+++ b/source4/heimdal/lib/hx509/error.c
@@ -67,8 +67,10 @@ free_error_string(hx509_error msg)
void
hx509_clear_error_string(hx509_context context)
{
- free_error_string(context->error);
- context->error = NULL;
+ if (context) {
+ free_error_string(context->error);
+ context->error = NULL;
+ }
}
/**
@@ -91,6 +93,9 @@ hx509_set_error_stringv(hx509_context context, int flags, int code,
{
hx509_error msg;
+ if (context == NULL)
+ return;
+
msg = calloc(1, sizeof(*msg));
if (msg == NULL) {
hx509_clear_error_string(context);
diff --git a/source4/heimdal/lib/hx509/file.c b/source4/heimdal/lib/hx509/file.c
index 674d2706ce..56e25766ef 100644
--- a/source4/heimdal/lib/hx509/file.c
+++ b/source4/heimdal/lib/hx509/file.c
@@ -66,7 +66,7 @@ _hx509_write_file(const char *fn, const void *data, size_t length)
*/
static void
-header(FILE *f, const char *type, const char *str)
+print_pem_stamp(FILE *f, const char *type, const char *str)
{
fprintf(f, "-----%s %s-----\n", type, str);
}
@@ -82,7 +82,7 @@ hx509_pem_write(hx509_context context, const char *type,
#define ENCODE_LINE_LENGTH 54
- header(f, "BEGIN", type);
+ print_pem_stamp(f, "BEGIN", type);
while (headers) {
fprintf(f, "%s: %s\n%s",
@@ -110,7 +110,7 @@ hx509_pem_write(hx509_context context, const char *type,
free(line);
}
- header(f, "END", type);
+ print_pem_stamp(f, "END", type);
return 0;
}
@@ -121,14 +121,14 @@ hx509_pem_write(hx509_context context, const char *type,
int
hx509_pem_add_header(hx509_pem_header **headers,
- const char *hdr, const char *value)
+ const char *header, const char *value)
{
hx509_pem_header *h;
h = calloc(1, sizeof(*h));
if (h == NULL)
return ENOMEM;
- h->header = strdup(hdr);
+ h->header = strdup(header);
if (h->header == NULL) {
free(h);
return ENOMEM;
@@ -164,10 +164,10 @@ hx509_pem_free_header(hx509_pem_header *headers)
*/
const char *
-hx509_pem_find_header(const hx509_pem_header *h, const char *hdr)
+hx509_pem_find_header(const hx509_pem_header *h, const char *header)
{
while(h) {
- if (strcmp(hdr, h->header) == 0)
+ if (strcmp(header, h->header) == 0)
return h->value;
h = h->next;
}
diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c
index c4f035ab87..4a96cff530 100644
--- a/source4/heimdal/lib/hx509/keyset.c
+++ b/source4/heimdal/lib/hx509/keyset.c
@@ -198,7 +198,7 @@ hx509_certs_store(hx509_context context,
hx509_certs
-_hx509_certs_ref(hx509_certs certs)
+hx509_certs_ref(hx509_certs certs)
{
if (certs == NULL)
return NULL;
diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c
index 3955820aef..f137b84641 100644
--- a/source4/heimdal/lib/hx509/ks_file.c
+++ b/source4/heimdal/lib/hx509/ks_file.c
@@ -367,7 +367,7 @@ file_init_common(hx509_context context,
const char *residue, hx509_lock lock, outformat format)
{
char *p, *pnext;
- struct ks_file *f = NULL;
+ struct ks_file *ksf = NULL;
hx509_private_key *keys = NULL;
int ret;
struct pem_ctx pem_ctx;
@@ -380,15 +380,15 @@ file_init_common(hx509_context context,
if (lock == NULL)
lock = _hx509_empty_lock;
- f = calloc(1, sizeof(*f));
- if (f == NULL) {
+ ksf = calloc(1, sizeof(*ksf));
+ if (ksf == NULL) {
hx509_clear_error_string(context);
return ENOMEM;
}
- f->format = format;
+ ksf->format = format;
- f->fn = strdup(residue);
- if (f->fn == NULL) {
+ ksf->fn = strdup(residue);
+ if (ksf->fn == NULL) {
hx509_clear_error_string(context);
ret = ENOMEM;
goto out;
@@ -401,10 +401,10 @@ file_init_common(hx509_context context,
if (flags & HX509_CERTS_CREATE) {
ret = hx509_certs_init(context, "MEMORY:ks-file-create",
- 0, lock, &f->certs);
+ 0, lock, &ksf->certs);
if (ret)
goto out;
- *data = f;
+ *data = ksf;
return 0;
}
@@ -412,25 +412,25 @@ file_init_common(hx509_context context,
if (ret)
goto out;
- for (p = f->fn; p != NULL; p = pnext) {
- FILE *f2;
+ for (p = ksf->fn; p != NULL; p = pnext) {
+ FILE *f;
pnext = strchr(p, ',');
if (pnext)
*pnext++ = '\0';
- if ((f2 = fopen(p, "r")) == NULL) {
+ if ((f = fopen(p, "r")) == NULL) {
ret = ENOENT;
hx509_set_error_string(context, 0, ret,
"Failed to open PEM file \"%s\": %s",
p, strerror(errno));
goto out;
}
- rk_cloexec_file(f2);
+ rk_cloexec_file(f);
- ret = hx509_pem_read(context, f2, pem_func, &pem_ctx);
- fclose(f2);
+ ret = hx509_pem_read(context, f, pem_func, &pem_ctx);
+ fclose(f);
if (ret != 0 && ret != HX509_PARSING_KEY_FAILED)
goto out;
else if (ret == HX509_PARSING_KEY_FAILED) {
@@ -461,7 +461,7 @@ file_init_common(hx509_context context,
}
}
- ret = _hx509_collector_collect_certs(context, pem_ctx.c, &f->certs);
+ ret = _hx509_collector_collect_certs(context, pem_ctx.c, &ksf->certs);
if (ret)
goto out;
@@ -470,17 +470,17 @@ file_init_common(hx509_context context,
int i;
for (i = 0; keys[i]; i++)
- _hx509_certs_keys_add(context, f->certs, keys[i]);
+ _hx509_certs_keys_add(context, ksf->certs, keys[i]);
_hx509_certs_keys_free(context, keys);
}
out:
if (ret == 0)
- *data = f;
+ *data = ksf;
else {
- if (f->fn)
- free(f->fn);
- free(f);
+ if (ksf->fn)
+ free(ksf->fn);
+ free(ksf);
}
if (pem_ctx.c)
_hx509_collector_free(pem_ctx.c);
@@ -507,10 +507,10 @@ file_init_der(hx509_context context,
static int
file_free(hx509_certs certs, void *data)
{
- struct ks_file *f = data;
- hx509_certs_free(&f->certs);
- free(f->fn);
- free(f);
+ struct ks_file *ksf = data;
+ hx509_certs_free(&ksf->certs);
+ free(ksf->fn);
+ free(ksf);
return 0;
}
@@ -558,20 +558,20 @@ static int
file_store(hx509_context context,
hx509_certs certs, void *data, int flags, hx509_lock lock)
{
- struct ks_file *f = data;
+ struct ks_file *ksf = data;
struct store_ctx sc;
int ret;
- sc.f = fopen(f->fn, "w");
+ sc.f = fopen(ksf->fn, "w");
if (sc.f == NULL) {
hx509_set_error_string(context, 0, ENOENT,
"Failed to open file %s for writing");
return ENOENT;
}
rk_cloexec_file(sc.f);
- sc.format = f->format;
+ sc.format = ksf->format;
- ret = hx509_certs_iter(context, f->certs, store_func, &sc);
+ ret = hx509_certs_iter(context, ksf->certs, store_func, &sc);
fclose(sc.f);
return ret;
}
@@ -579,24 +579,24 @@ file_store(hx509_context context,
static int
file_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
{
- struct ks_file *f = data;
- return hx509_certs_add(context, f->certs, c);
+ struct ks_file *ksf = data;
+ return hx509_certs_add(context, ksf->certs, c);
}
static int
file_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{
- struct ks_file *f = data;
- return hx509_certs_start_seq(context, f->certs, cursor);
+ struct ks_file *ksf = data;
+ return hx509_certs_start_seq(context, ksf->certs, cursor);
}
static int
file_iter(hx509_context context,
hx509_certs certs, void *data, void *iter, hx509_cert *cert)
{
- struct ks_file *f = data;
- return hx509_certs_next_cert(context, f->certs, iter, cert);
+ struct ks_file *ksf = data;
+ return hx509_certs_next_cert(context, ksf->certs, iter, cert);
}
static int
@@ -605,8 +605,8 @@ file_iter_end(hx509_context context,
void *data,
void *cursor)
{
- struct ks_file *f = data;
- return hx509_certs_end_seq(context, f->certs, cursor);
+ struct ks_file *ksf = data;
+ return hx509_certs_end_seq(context, ksf->certs, cursor);
}
static int
@@ -615,8 +615,8 @@ file_getkeys(hx509_context context,
void *data,
hx509_private_key **keys)
{
- struct ks_file *f = data;
- return _hx509_certs_keys_get(context, f->certs, keys);
+ struct ks_file *ksf = data;
+ return _hx509_certs_keys_get(context, ksf->certs, keys);
}
static int
@@ -625,8 +625,8 @@ file_addkey(hx509_context context,
void *data,
hx509_private_key key)
{
- struct ks_file *f = data;
- return _hx509_certs_keys_add(context, f->certs, key);
+ struct ks_file *ksf = data;
+ return _hx509_certs_keys_add(context, ksf->certs, key);
}
static struct hx509_keyset_ops keyset_file = {
diff --git a/source4/heimdal/lib/hx509/lock.c b/source4/heimdal/lib/hx509/lock.c
index 219a301928..07e9d36125 100644
--- a/source4/heimdal/lib/hx509/lock.c
+++ b/source4/heimdal/lib/hx509/lock.c
@@ -214,10 +214,12 @@ hx509_lock_prompt(hx509_lock lock, hx509_prompt *prompt)
void
hx509_lock_free(hx509_lock lock)
{
- hx509_certs_free(&lock->certs);
- hx509_lock_reset_passwords(lock);
- memset(lock, 0, sizeof(*lock));
- free(lock);
+ if (lock) {
+ hx509_certs_free(&lock->certs);
+ hx509_lock_reset_passwords(lock);
+ memset(lock, 0, sizeof(*lock));
+ free(lock);
+ }
}
int
diff --git a/source4/heimdal/lib/hx509/name.c b/source4/heimdal/lib/hx509/name.c
index c5844f98cc..b544ecb7ff 100644
--- a/source4/heimdal/lib/hx509/name.c
+++ b/source4/heimdal/lib/hx509/name.c
@@ -243,11 +243,7 @@ _hx509_Name_to_string(const Name *n, char **str)
break;
}
case choice_DirectoryString_teletexString:
- ss = malloc(ds->u.teletexString.length + 1);
- if (ss == NULL)
- _hx509_abort("allocation failure"); /* XXX */
- memcpy(ss, ds->u.teletexString.data, ds->u.teletexString.length);
- ss[ds->u.teletexString.length] = '\0';
+ ss = ds->u.teletexString;
break;
case choice_DirectoryString_universalString: {
const uint32_t *uni = ds->u.universalString.data;
@@ -279,8 +275,7 @@ _hx509_Name_to_string(const Name *n, char **str)
len = strlen(ss);
append_string(str, &total_len, ss, len, 1);
if (ds->element == choice_DirectoryString_universalString ||
- ds->element == choice_DirectoryString_bmpString ||
- ds->element == choice_DirectoryString_teletexString)
+ ds->element == choice_DirectoryString_bmpString)
{
free(ss);
}
@@ -341,7 +336,7 @@ dsstringprep(const DirectoryString *ds, uint32_t **rname, size_t *rlen)
COPYCHARARRAY(ds, printableString, len, name);
break;
case choice_DirectoryString_teletexString:
- COPYVOIDARRAY(ds, teletexString, len, name);
+ COPYCHARARRAY(ds, teletexString, len, name);
break;
case choice_DirectoryString_bmpString:
COPYVALARRAY(ds, bmpString, len, name);
@@ -930,12 +925,12 @@ hx509_general_name_unparse(GeneralName *name, char **str)
switch (name->element) {
case choice_GeneralName_otherName: {
- char *str2;
- hx509_oid_sprint(&name->u.otherName.type_id, &str2);
- if (str2 == NULL)
+ char *oid;
+ hx509_oid_sprint(&name->u.otherName.type_id, &oid);
+ if (oid == NULL)
return ENOMEM;
- strpool = rk_strpoolprintf(strpool, "otherName: %s", str2);
- free(str2);
+ strpool = rk_strpoolprintf(strpool, "otherName: %s", oid);
+ free(oid);
break;
}
case choice_GeneralName_rfc822Name:
@@ -990,12 +985,12 @@ hx509_general_name_unparse(GeneralName *name, char **str)
break;
}
case choice_GeneralName_registeredID: {
- char *str2;
- hx509_oid_sprint(&name->u.registeredID, &str2);
- if (str2 == NULL)
+ char *oid;
+ hx509_oid_sprint(&name->u.registeredID, &oid);
+ if (oid == NULL)
return ENOMEM;
- strpool = rk_strpoolprintf(strpool, "registeredID: %s", str2);
- free(str2);
+ strpool = rk_strpoolprintf(strpool, "registeredID: %s", oid);
+ free(oid);
break;
}
default:
diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c
index 74f2d74679..21140b3c7e 100644
--- a/source4/heimdal/lib/hx509/revoke.c
+++ b/source4/heimdal/lib/hx509/revoke.c
@@ -1004,17 +1004,17 @@ hx509_ocsp_request(hx509_context context,
es = req.tbsRequest.requestExtensions;
- es->val = calloc(es->len, sizeof(es->val[0]));
+ es->val = calloc(1, sizeof(es->val[0]));
if (es->val == NULL) {
ret = ENOMEM;
goto out;
}
- es->len = 1;
ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID);
if (ret) {
free_OCSPRequest(&req);
return ret;
}
+ es->len = 1;
es->val[0].extnValue.data = malloc(10);
if (es->val[0].extnValue.data == NULL) {
diff --git a/source4/heimdal/lib/hx509/sel.c b/source4/heimdal/lib/hx509/sel.c
index c5e760569a..5932ce84c3 100644
--- a/source4/heimdal/lib/hx509/sel.c
+++ b/source4/heimdal/lib/hx509/sel.c
@@ -176,7 +176,6 @@ _hx509_expr_eval(hx509_context context, hx509_env env, struct hx_expr *expr)
default:
_hx509_abort("hx509 eval expr with unknown op: %d", (int)expr->op);
}
- return 0;
}
void
generated by cgit (git 2.34.1) at 2024-07-27 07:52:57 +0000