From 2b29b7186459d945ec448694164bfe4239b30d72 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Oct 2008 11:35:07 +0100 Subject: s4: import lorikeet-heimdal-200810271034 metze --- source4/heimdal/lib/hx509/ca.c | 128 ++++++++++++++++++++--------------------- 1 file changed, 64 insertions(+), 64 deletions(-) (limited to 'source4/heimdal/lib/hx509/ca.c') diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c index 5b4d7711e7..cbd58ebd01 100644 --- a/source4/heimdal/lib/hx509/ca.c +++ b/source4/heimdal/lib/hx509/ca.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" @@ -236,7 +236,7 @@ hx509_ca_tbs_set_template(hx509_context context, hx509_name_free(&tbs->subject); ret = hx509_cert_get_subject(cert, &tbs->subject); if (ret) { - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "Failed to get subject from template"); return ret; } @@ -246,7 +246,7 @@ hx509_ca_tbs_set_template(hx509_context context, ret = hx509_cert_get_serialnumber(cert, &tbs->serial); tbs->flags.serial = !ret; if (ret) { - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "Failed to copy serial number"); return ret; } @@ -473,7 +473,7 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context, int ret; memset(&dp, 0, sizeof(dp)); - + dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint)); { @@ -488,8 +488,8 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context, gn.element = choice_GeneralName_uniformResourceIdentifier; gn.u.uniformResourceIdentifier = rk_UNCONST(uri); - ASN1_MALLOC_ENCODE(DistributionPointName, - dp.distributionPoint->data, + ASN1_MALLOC_ENCODE(DistributionPointName, + dp.distributionPoint->data, dp.distributionPoint->length, &name, &size, ret); if (ret) { @@ -509,7 +509,7 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context, hx509_set_error_string(context, 0, EINVAL, "CRLDistributionPoints.name.issuername not yet supported"); return EINVAL; -#else +#else GeneralNames *crlissuer; GeneralName gn; Name n; @@ -579,7 +579,7 @@ hx509_ca_tbs_add_san_otherName(hx509_context context, gn.element = choice_GeneralName_otherName; gn.u.otherName.type_id = *oid; gn.u.otherName.value = *os; - + return add_GeneralNames(&tbs->san, &gn); } @@ -621,7 +621,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context, if(*str=='\\'){ if(str[1] == '\0' || str[1] == '@') { ret = HX509_PARSING_NAME_FAILED; - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "trailing \\ in principal name"); goto out; } @@ -629,7 +629,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context, } else if(*str == '/') n++; } - p.principalName.name_string.val = + p.principalName.name_string.val = calloc(n, sizeof(*p.principalName.name_string.val)); if (p.principalName.name_string.val == NULL) { ret = ENOMEM; @@ -661,7 +661,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context, *q++ = '\0'; } } - + ASN1_MALLOC_ENCODE(KRB5PrincipalName, os.data, os.length, &p, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -669,7 +669,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context, } if (size != os.length) _hx509_abort("internal ASN.1 encoder error"); - + ret = hx509_ca_tbs_add_san_otherName(context, tbs, oid_id_pkinit_san(), @@ -682,7 +682,7 @@ out: free(s); return ret; } - + /* * */ @@ -708,7 +708,7 @@ add_utf8_san(hx509_context context, } if (size != os.length) _hx509_abort("internal ASN.1 encoder error"); - + ret = hx509_ca_tbs_add_san_otherName(context, tbs, oid, @@ -787,7 +787,7 @@ hx509_ca_tbs_add_san_hostname(hx509_context context, memset(&gn, 0, sizeof(gn)); gn.element = choice_GeneralName_dNSName; gn.u.dNSName = rk_UNCONST(dnsname); - + return add_GeneralNames(&tbs->san, &gn); } @@ -814,7 +814,7 @@ hx509_ca_tbs_add_san_rfc822name(hx509_context context, memset(&gn, 0, sizeof(gn)); gn.element = choice_GeneralName_rfc822Name; gn.u.rfc822Name = rk_UNCONST(rfc822Name); - + return add_GeneralNames(&tbs->san, &gn); } @@ -1005,7 +1005,7 @@ ca_sign(hx509_context context, return EINVAL; } if (hx509_name_is_null_p(tbs->subject) && tbs->san.len == 0) { - hx509_set_error_string(context, 0, EINVAL, + hx509_set_error_string(context, 0, EINVAL, "NULL subject and no SubjectAltNames"); return EINVAL; } @@ -1017,7 +1017,7 @@ ca_sign(hx509_context context, } if (tbs->flags.proxy) { if (tbs->san.len > 0) { - hx509_set_error_string(context, 0, EINVAL, + hx509_set_error_string(context, 0, EINVAL, "Proxy certificate is not allowed " "to have SubjectAltNames"); return EINVAL; @@ -1099,7 +1099,7 @@ ca_sign(hx509_context context, hx509_set_error_string(context, 0, ret, "Out of memory"); goto out; } - + /* Add the text BMP string Domaincontroller to the cert */ if (tbs->flags.domaincontroller) { data.data = rk_UNCONST("\x1e\x20\x00\x44\x00\x6f\x00\x6d" @@ -1137,7 +1137,7 @@ ca_sign(hx509_context context, /* add ExtendedKeyUsage */ if (tbs->eku.len > 0) { - ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length, + ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length, &tbs->eku, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -1154,7 +1154,7 @@ ca_sign(hx509_context context, /* add Subject Alternative Name */ if (tbs->san.len > 0) { - ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length, + ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length, &tbs->san, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -1172,7 +1172,7 @@ ca_sign(hx509_context context, /* Add Authority Key Identifier */ if (ai) { - ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length, + ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length, ai, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -1195,7 +1195,7 @@ ca_sign(hx509_context context, { SHA_CTX m; - + SHA1_Init(&m); SHA1_Update(&m, tbs->spki.subjectPublicKey.data, tbs->spki.subjectPublicKey.length / 8); @@ -1205,7 +1205,7 @@ ca_sign(hx509_context context, si.data = hash; si.length = sizeof(hash); - ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length, + ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length, &si, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -1221,7 +1221,7 @@ ca_sign(hx509_context context, goto out; } - /* Add BasicConstraints */ + /* Add BasicConstraints */ { BasicConstraints bc; int aCA = 1; @@ -1237,7 +1237,7 @@ ca_sign(hx509_context context, } } - ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length, + ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length, &bc, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -1261,7 +1261,7 @@ ca_sign(hx509_context context, memset(&info, 0, sizeof(info)); if (tbs->pathLenConstraint >= 0) { - info.pCPathLenConstraint = + info.pCPathLenConstraint = malloc(sizeof(*info.pCPathLenConstraint)); if (info.pCPathLenConstraint == NULL) { ret = ENOMEM; @@ -1279,7 +1279,7 @@ ca_sign(hx509_context context, goto out; } - ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length, + ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length, &info, &size, ret); free_ProxyCertInfo(&info); if (ret) { @@ -1377,14 +1377,14 @@ get_AuthorityKeyIdentifier(hx509_context context, memset(&gns, 0, sizeof(gns)); memset(&name, 0, sizeof(name)); - ai->authorityCertIssuer = + ai->authorityCertIssuer = calloc(1, sizeof(*ai->authorityCertIssuer)); if (ai->authorityCertIssuer == NULL) { ret = ENOMEM; hx509_set_error_string(context, 0, ret, "Out of memory"); goto out; } - ai->authorityCertSerialNumber = + ai->authorityCertSerialNumber = calloc(1, sizeof(*ai->authorityCertSerialNumber)); if (ai->authorityCertSerialNumber == NULL) { ret = ENOMEM; @@ -1392,7 +1392,7 @@ get_AuthorityKeyIdentifier(hx509_context context, goto out; } - /* + /* * XXX unbreak when asn1 compiler handle IMPLICIT * * This is so horrible. @@ -1407,7 +1407,7 @@ get_AuthorityKeyIdentifier(hx509_context context, memset(&gn, 0, sizeof(gn)); gn.element = choice_GeneralName_directoryName; - gn.u.directoryName.element = + gn.u.directoryName.element = choice_GeneralName_directoryName_rdnSequence; gn.u.directoryName.u.rdnSequence = name.u.rdnSequence; @@ -1436,7 +1436,7 @@ out: /** - * Sign a to-be-signed certificate object with a issuer certificate. + * Sign a to-be-signed certificate object with a issuer certificate. * * The caller needs to at least have called the following functions on the * to-be-signed certificate object: @@ -1478,7 +1478,7 @@ hx509_ca_sign(hx509_context context, goto out; ret = ca_sign(context, - tbs, + tbs, _hx509_cert_private_key(signer), &ai, &signer_cert->tbsCertificate.subject, @@ -1510,7 +1510,7 @@ hx509_ca_sign_self(hx509_context context, hx509_cert *certificate) { return ca_sign(context, - tbs, + tbs, signer, NULL, NULL, -- cgit