static int null_callback(int ok, X509_STORE_CTX *e)
{
- return(ok);
+ return (ok);
}
#if 0
static int x509_subject_cmp(X509 **a, X509 **b)
{
- return(X509_subject_name_cmp(*a,*b));
+ return (X509_subject_name_cmp(*a,*b));
}
#endif
if (ctx->cert == NULL)
{
X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
- return(-1);
+ return (-1);
}
cb=ctx->verify_cb;
ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
ctx->current_cert=x;
ctx->error_depth=i-1;
- if(ok == 1) X509_free(xtmp);
+ if (ok == 1) X509_free(xtmp);
ok=cb(0,ctx);
if (!ok) goto end;
}
ok = ctx->get_issuer(&xtmp, ctx, x);
if (ok < 0) return ok;
- if(ok == 0) break;
+ if (ok == 0) break;
x = xtmp;
if (!sk_X509_push(ctx->chain,x))
{
X509_free(xtmp);
X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
- return(0);
+ return (0);
}
num++;
}
}
/* We have the chain complete: now we need to check its purpose */
- if(ctx->purpose > 0) ok = check_chain_purpose(ctx);
+ if (ctx->purpose > 0) ok = check_chain_purpose(ctx);
- if(!ok) goto end;
+ if (!ok) goto end;
/* The chain extensions are OK: check trust */
- if(ctx->trust > 0) ok = check_trust(ctx);
+ if (ctx->trust > 0) ok = check_trust(ctx);
- if(!ok) goto end;
+ if (!ok) goto end;
/* We may as well copy down any DSA parameters that are required */
X509_get_pubkey_parameters(NULL,ctx->chain);
}
if (sktmp != NULL) sk_X509_free(sktmp);
if (chain_ss != NULL) X509_free(chain_ss);
- return(ok);
+ return (ok);
}
{
int i;
X509 *issuer;
- for(i = 0; i < sk_X509_num(sk); i++) {
+ for (i = 0; i < sk_X509_num(sk); i++)
+ {
issuer = sk_X509_value(sk, i);
- if(ctx->check_issued(ctx, x, issuer)) return issuer;
- }
+ if (ctx->check_issued(ctx, x, issuer))
+ return issuer;
+ }
return NULL;
}
{
int ret;
ret = X509_check_issued(issuer, x);
- if(ret == X509_V_OK) return 1;
- else {
- ctx->error = ret;
- ctx->current_cert = x;
- ctx->current_issuer = issuer;
- if(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)
- return ctx->verify_cb(0, ctx);
- else return 0;
- }
+ if (ret == X509_V_OK)
+ return 1;
+ else
+ {
+ ctx->error = ret;
+ ctx->current_cert = x;
+ ctx->current_issuer = issuer;
+ if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb)
+ return ctx->verify_cb(0, ctx);
+ else
+ return 0;
+ }
return 0;
}
static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
{
*issuer = find_issuer(ctx, ctx->other_ctx, x);
- if(*issuer) {
+ if (*issuer)
+ {
CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
return 1;
- } else return 0;
+ }
+ else
+ return 0;
}
cb=ctx->verify_cb;
if (cb == NULL) cb=null_callback;
/* Check all untrusted certificates */
- for(i = 0; i < ctx->last_untrusted; i++) {
+ for (i = 0; i < ctx->last_untrusted; i++)
+ {
x = sk_X509_value(ctx->chain, i);
- if(!X509_check_purpose(x, ctx->purpose, i)) {
- if(i) ctx->error = X509_V_ERR_INVALID_CA;
- else ctx->error = X509_V_ERR_INVALID_PURPOSE;
+ if (!X509_check_purpose(x, ctx->purpose, i))
+ {
+ if (i)
+ ctx->error = X509_V_ERR_INVALID_CA;
+ else
+ ctx->error = X509_V_ERR_INVALID_PURPOSE;
ctx->error_depth = i;
ctx->current_cert = x;
ok=cb(0,ctx);
- if(!ok) goto end;
- }
+ if (!ok) goto end;
+ }
/* Check pathlen */
- if((i > 1) && (x->ex_pathlen != -1)
- && (i > (x->ex_pathlen + 1))) {
+ if ((i > 1) && (x->ex_pathlen != -1)
+ && (i > (x->ex_pathlen + 1)))
+ {
ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
ctx->error_depth = i;
ctx->current_cert = x;
ok=cb(0,ctx);
- if(!ok) goto end;
+ if (!ok) goto end;
+ }
}
- }
ok = 1;
- end:
- return(ok);
+ end:
+ return (ok);
#endif
}
i = sk_X509_num(ctx->chain) - 1;
x = sk_X509_value(ctx->chain, i);
ok = X509_check_trust(x, ctx->trust, 0);
- if(ok == X509_TRUST_TRUSTED) return 1;
+ if (ok == X509_TRUST_TRUSTED)
+ return 1;
ctx->error_depth = sk_X509_num(ctx->chain) - 1;
ctx->current_cert = x;
- if(ok == X509_TRUST_REJECTED) ctx->error = X509_V_ERR_CERT_REJECTED;
- else ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+ if (ok == X509_TRUST_REJECTED)
+ ctx->error = X509_V_ERR_CERT_REJECTED;
+ else
+ ctx->error = X509_V_ERR_CERT_UNTRUSTED;
ok = cb(0, ctx);
- return(ok);
+ return (ok);
#endif
}
ctx->error_depth=n-1;
n--;
xi=sk_X509_value(ctx->chain,n);
- if(ctx->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->check_time;
- else ptime = NULL;
+ if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+ ptime = &ctx->check_time;
+ else
+ ptime = NULL;
if (ctx->check_issued(ctx, xi, xi))
xs=xi;
else
}
ok=1;
end:
- return(ok);
+ return (ok);
}
int X509_cmp_current_time(ASN1_TIME *ctm)
p=buff1;
i=ctm->length;
str=(char *)ctm->data;
- if(ctm->type == V_ASN1_UTCTIME) {
- if ((i < 11) || (i > 17)) return(0);
+ if (ctm->type == V_ASN1_UTCTIME)
+ {
+ if ((i < 11) || (i > 17)) return (0);
memcpy(p,str,10);
p+=10;
str+=10;
- } else {
- if(i < 13) return 0;
+ }
+ else
+ {
+ if (i < 13) return 0;
memcpy(p,str,12);
p+=12;
str+=12;
- }
+ }
if ((*str == 'Z') || (*str == '-') || (*str == '+'))
{ *(p++)='0'; *(p++)='0'; }
*(p++)= *(str++);
*(p++)= *(str++);
/* Skip any fractional seconds... */
- if(*str == '.')
+ if (*str == '.')
{
str++;
- while((*str >= '0') && (*str <= '9')) str++;
+ while ((*str >= '0') && (*str <= '9')) str++;
}
-
- }
+
+ }
*(p++)='Z';
*(p++)='\0';
else
{
if ((*str != '+') && (str[5] != '-'))
- return(0);
+ return (0);
offset=((str[1]-'0')*10+(str[2]-'0'))*60;
offset+=(str[3]-'0')*10+(str[4]-'0');
if (*str == '-')
X509_time_adj(&atm,-offset*60, cmp_time);
- if(ctm->type == V_ASN1_UTCTIME)
+ if (ctm->type == V_ASN1_UTCTIME)
{
i=(buff1[0]-'0')*10+(buff1[1]-'0');
if (i < 50) i+=100; /* cf. RFC 2459 */
}
i=strcmp(buff1,buff2);
if (i == 0) /* wait a second then return younger :-) */
- return(-1);
+ return (-1);
else
- return(i);
+ return (i);
}
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
{
time_t t;
- if(in_tm) t = *in_tm;
+ if (in_tm) t = *in_tm;
else time(&t);
t+=adj;
- if(!s) return ASN1_TIME_set(s, t);
- if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
+ if (!s) return ASN1_TIME_set(s, t);
+ if (s->type == V_ASN1_UTCTIME) return (ASN1_UTCTIME_set(s,t));
return ASN1_GENERALIZEDTIME_set(s, t);
}
EVP_PKEY *ktmp=NULL,*ktmp2;
int i,j;
- if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
+ if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return (1);
for (i=0; i<sk_X509_num(chain); i++)
{
if (ktmp == NULL)
{
X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
- return(0);
+ return (0);
}
if (!EVP_PKEY_missing_parameters(ktmp))
break;
if (ktmp == NULL)
{
X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
- return(0);
+ return (0);
}
/* first, populate the other certs */
if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
EVP_PKEY_free(ktmp);
- return(1);
+ return (1);
}
int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
x509_store_ctx_num++;
- return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+ return (CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
&x509_store_ctx_method,
argl,argp,new_func,dup_func,free_func));
}
int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
{
- return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
+ return (CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
}
void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
{
- return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
+ return (CRYPTO_get_ex_data(&ctx->ex_data,idx));
}
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
{
- return(ctx->error);
+ return (ctx->error);
}
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
{
- return(ctx->error_depth);
+ return (ctx->error_depth);
}
X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
{
- return(ctx->current_cert);
+ return (ctx->current_cert);
}
STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
{
- return(ctx->chain);
+ return (ctx->chain);
}
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
int i;
X509 *x;
STACK_OF(X509) *chain;
- if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
- for(i = 0; i < sk_X509_num(chain); i++) {
+ if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
+ for (i = 0; i < sk_X509_num(chain); i++)
+ {
x = sk_X509_value(chain, i);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- }
- return(chain);
+ }
+ return (chain);
}
void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
{
int idx;
/* If purpose not set use default */
- if(!purpose) purpose = def_purpose;
+ if (!purpose) purpose = def_purpose;
/* If we have a purpose then check it is valid */
- if(purpose) {
+ if (purpose)
+ {
X509_PURPOSE *ptmp;
idx = X509_PURPOSE_get_by_id(purpose);
- if(idx == -1) {
+ if (idx == -1)
+ {
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
X509_R_UNKNOWN_PURPOSE_ID);
return 0;
- }
+ }
ptmp = X509_PURPOSE_get0(idx);
- if(ptmp->trust == X509_TRUST_DEFAULT) {
+ if (ptmp->trust == X509_TRUST_DEFAULT)
+ {
idx = X509_PURPOSE_get_by_id(def_purpose);
- if(idx == -1) {
+ if (idx == -1)
+ {
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
X509_R_UNKNOWN_PURPOSE_ID);
return 0;
- }
+ }
ptmp = X509_PURPOSE_get0(idx);
- }
+ }
/* If trust not set then get from purpose default */
- if(!trust) trust = ptmp->trust;
- }
- if(trust) {
+ if (!trust) trust = ptmp->trust;
+ }
+ if (trust)
+ {
idx = X509_TRUST_get_by_id(trust);
- if(idx == -1) {
+ if (idx == -1)
+ {
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
X509_R_UNKNOWN_TRUST_ID);
return 0;
+ }
}
- }
- if(purpose) ctx->purpose = purpose;
- if(trust) ctx->trust = trust;
+ if (purpose) ctx->purpose = purpose;
+ if (trust) ctx->trust = trust;
return 1;
}
{
X509_STORE_CTX *ctx;
ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
- if(ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
+ if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
return ctx;
}
ctx->last_untrusted=0;
ctx->purpose=0;
ctx->trust=0;
+ ctx->check_time=0;
+ ctx->flags=0;
+ ctx->other_ctx=NULL;
ctx->valid=0;
ctx->chain=NULL;
ctx->depth=9;
ctx->error=0;
+ ctx->error_depth=0;
ctx->current_cert=NULL;
ctx->current_issuer=NULL;
ctx->check_issued = check_issued;
ctx->get_issuer = X509_STORE_CTX_get1_issuer;
ctx->verify_cb = store->verify_cb;
ctx->verify = store->verify;
- ctx->cleanup = NULL;
+ ctx->cleanup = 0;
memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
}
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
{
- if(ctx->cleanup) ctx->cleanup(ctx);
+ if (ctx->cleanup) ctx->cleanup(ctx);
if (ctx->chain != NULL)
{
sk_X509_pop_free(ctx->chain,X509_free);