diff options
Diffstat (limited to 'src/openssl/x509.c')
-rw-r--r-- | src/openssl/x509.c | 2572 |
1 files changed, 1286 insertions, 1286 deletions
diff --git a/src/openssl/x509.c b/src/openssl/x509.c index 74dd4096..459a312d 100644 --- a/src/openssl/x509.c +++ b/src/openssl/x509.c @@ -1,4 +1,4 @@ -/** +/** * XMLSec library * * X509 support @@ -6,7 +6,7 @@ * * This is free software; see Copyright file in the source * distribution for preciese wording. - * + * * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> */ #include "globals.h" @@ -45,73 +45,73 @@ * X509 utility functions * ************************************************************************/ -static int xmlSecOpenSSLX509DataNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLX509CertificateNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLX509CertificateNodeWrite (X509* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLX509SubjectNameNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLX509SubjectNameNodeWrite (X509* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLX509IssuerSerialNodeWrite (X509* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLX509SKINodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLX509SKINodeWrite (X509* cert, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLX509CRLNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLX509CRLNodeWrite (X509_CRL* crl, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, - xmlSecKeyPtr key, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static X509* xmlSecOpenSSLX509CertDerRead (const xmlSecByte* buf, - xmlSecSize size); -static X509* xmlSecOpenSSLX509CertBase64DerRead (xmlChar* buf); -static xmlChar* xmlSecOpenSSLX509CertBase64DerWrite (X509* cert, - int base64LineWrap); -static X509_CRL* xmlSecOpenSSLX509CrlDerRead (xmlSecByte* buf, - xmlSecSize size); -static X509_CRL* xmlSecOpenSSLX509CrlBase64DerRead (xmlChar* buf); -static xmlChar* xmlSecOpenSSLX509CrlBase64DerWrite (X509_CRL* crl, - int base64LineWrap); -static xmlChar* xmlSecOpenSSLX509NameWrite (X509_NAME* nm); -static xmlChar* xmlSecOpenSSLASN1IntegerWrite (ASN1_INTEGER *asni); -static xmlChar* xmlSecOpenSSLX509SKIWrite (X509* cert); -static void xmlSecOpenSSLX509CertDebugDump (X509* cert, - FILE* output); -static void xmlSecOpenSSLX509CertDebugXmlDump (X509* cert, - FILE* output); -static int xmlSecOpenSSLX509CertGetTime (ASN1_TIME* t, - time_t* res); +static int xmlSecOpenSSLX509DataNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLX509CertificateNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLX509CertificateNodeWrite (X509* cert, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLX509SubjectNameNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLX509SubjectNameNodeWrite (X509* cert, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLX509IssuerSerialNodeWrite (X509* cert, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLX509SKINodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLX509SKINodeWrite (X509* cert, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLX509CRLNodeRead (xmlSecKeyDataPtr data, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLX509CRLNodeWrite (X509_CRL* crl, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, + xmlSecKeyPtr key, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static X509* xmlSecOpenSSLX509CertDerRead (const xmlSecByte* buf, + xmlSecSize size); +static X509* xmlSecOpenSSLX509CertBase64DerRead (xmlChar* buf); +static xmlChar* xmlSecOpenSSLX509CertBase64DerWrite (X509* cert, + int base64LineWrap); +static X509_CRL* xmlSecOpenSSLX509CrlDerRead (xmlSecByte* buf, + xmlSecSize size); +static X509_CRL* xmlSecOpenSSLX509CrlBase64DerRead (xmlChar* buf); +static xmlChar* xmlSecOpenSSLX509CrlBase64DerWrite (X509_CRL* crl, + int base64LineWrap); +static xmlChar* xmlSecOpenSSLX509NameWrite (X509_NAME* nm); +static xmlChar* xmlSecOpenSSLASN1IntegerWrite (ASN1_INTEGER *asni); +static xmlChar* xmlSecOpenSSLX509SKIWrite (X509* cert); +static void xmlSecOpenSSLX509CertDebugDump (X509* cert, + FILE* output); +static void xmlSecOpenSSLX509CertDebugXmlDump (X509* cert, + FILE* output); +static int xmlSecOpenSSLX509CertGetTime (ASN1_TIME* t, + time_t* res); /************************************************************************* * * Internal OpenSSL X509 data CTX * ************************************************************************/ -typedef struct _xmlSecOpenSSLX509DataCtx xmlSecOpenSSLX509DataCtx, - *xmlSecOpenSSLX509DataCtxPtr; +typedef struct _xmlSecOpenSSLX509DataCtx xmlSecOpenSSLX509DataCtx, + *xmlSecOpenSSLX509DataCtxPtr; struct _xmlSecOpenSSLX509DataCtx { - X509* keyCert; - STACK_OF(X509)* certsList; - STACK_OF(X509_CRL)* crlsList; + X509* keyCert; + STACK_OF(X509)* certsList; + STACK_OF(X509_CRL)* crlsList; }; /************************************************************************** @@ -121,52 +121,52 @@ struct _xmlSecOpenSSLX509DataCtx { * * The X509Data Element (http://www.w3.org/TR/xmldsig-core/#sec-X509Data) * - * An X509Data element within KeyInfo contains one or more identifiers of keys - * or X509 certificates (or certificates' identifiers or a revocation list). + * An X509Data element within KeyInfo contains one or more identifiers of keys + * or X509 certificates (or certificates' identifiers or a revocation list). * The content of X509Data is: * * 1. At least one element, from the following set of element types; any of these may appear together or more than once iff (if and only if) each instance describes or is related to the same certificate: * 2. - * * The X509IssuerSerial element, which contains an X.509 issuer - * distinguished name/serial number pair that SHOULD be compliant - * with RFC2253 [LDAP-DN], - * * The X509SubjectName element, which contains an X.509 subject - * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN], - * * The X509SKI element, which contains the base64 encoded plain (i.e. - * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension. - * * The X509Certificate element, which contains a base64-encoded [X509v3] - * certificate, and - * * Elements from an external namespace which accompanies/complements any - * of the elements above. - * * The X509CRL element, which contains a base64-encoded certificate - * revocation list (CRL) [X509v3]. + * * The X509IssuerSerial element, which contains an X.509 issuer + * distinguished name/serial number pair that SHOULD be compliant + * with RFC2253 [LDAP-DN], + * * The X509SubjectName element, which contains an X.509 subject + * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN], + * * The X509SKI element, which contains the base64 encoded plain (i.e. + * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension. + * * The X509Certificate element, which contains a base64-encoded [X509v3] + * certificate, and + * * Elements from an external namespace which accompanies/complements any + * of the elements above. + * * The X509CRL element, which contains a base64-encoded certificate + * revocation list (CRL) [X509v3]. * - * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear + * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear * MUST refer to the certificate or certificates containing the validation key. - * All such elements that refer to a particular individual certificate MUST be - * grouped inside a single X509Data element and if the certificate to which + * All such elements that refer to a particular individual certificate MUST be + * grouped inside a single X509Data element and if the certificate to which * they refer appears, it MUST also be in that X509Data element. * - * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to - * the same key but different certificates MUST be grouped within a single + * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to + * the same key but different certificates MUST be grouped within a single * KeyInfo but MAY occur in multiple X509Data elements. * - * All certificates appearing in an X509Data element MUST relate to the - * validation key by either containing it or being part of a certification + * All certificates appearing in an X509Data element MUST relate to the + * validation key by either containing it or being part of a certification * chain that terminates in a certificate containing the validation key. * * No ordering is implied by the above constraints. * - * Note, there is no direct provision for a PKCS#7 encoded "bag" of - * certificates or CRLs. However, a set of certificates and CRLs can occur - * within an X509Data element and multiple X509Data elements can occur in a - * KeyInfo. Whenever multiple certificates occur in an X509Data element, at - * least one such certificate must contain the public key which verifies the + * Note, there is no direct provision for a PKCS#7 encoded "bag" of + * certificates or CRLs. However, a set of certificates and CRLs can occur + * within an X509Data element and multiple X509Data elements can occur in a + * KeyInfo. Whenever multiple certificates occur in an X509Data element, at + * least one such certificate must contain the public key which verifies the * signature. * * Schema Definition * - * <element name="X509Data" type="ds:X509DataType"/> + * <element name="X509Data" type="ds:X509DataType"/> * <complexType name="X509DataType"> * <sequence maxOccurs="unbounded"> * <choice> @@ -179,10 +179,10 @@ struct _xmlSecOpenSSLX509DataCtx { * </choice> * </sequence> * </complexType> - * <complexType name="X509IssuerSerialType"> - * <sequence> - * <element name="X509IssuerName" type="string"/> - * <element name="X509SerialNumber" type="integer"/> + * <complexType name="X509IssuerSerialType"> + * <sequence> + * <element name="X509IssuerName" type="string"/> + * <element name="X509SerialNumber" type="integer"/> * </sequence> * </complexType> * @@ -203,30 +203,30 @@ struct _xmlSecOpenSSLX509DataCtx { * xmlSecOpenSSLX509DataCtx is located after xmlSecTransform * *************************************************************************/ -#define xmlSecOpenSSLX509DataSize \ - (sizeof(xmlSecKeyData) + sizeof(xmlSecOpenSSLX509DataCtx)) +#define xmlSecOpenSSLX509DataSize \ + (sizeof(xmlSecKeyData) + sizeof(xmlSecOpenSSLX509DataCtx)) #define xmlSecOpenSSLX509DataGetCtx(data) \ ((xmlSecOpenSSLX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData))) -static int xmlSecOpenSSLKeyDataX509Initialize (xmlSecKeyDataPtr data); -static int xmlSecOpenSSLKeyDataX509Duplicate (xmlSecKeyDataPtr dst, - xmlSecKeyDataPtr src); -static void xmlSecOpenSSLKeyDataX509Finalize (xmlSecKeyDataPtr data); -static int xmlSecOpenSSLKeyDataX509XmlRead (xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecOpenSSLKeyDataX509XmlWrite (xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static xmlSecKeyDataType xmlSecOpenSSLKeyDataX509GetType (xmlSecKeyDataPtr data); -static const xmlChar* xmlSecOpenSSLKeyDataX509GetIdentifier (xmlSecKeyDataPtr data); +static int xmlSecOpenSSLKeyDataX509Initialize (xmlSecKeyDataPtr data); +static int xmlSecOpenSSLKeyDataX509Duplicate (xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecOpenSSLKeyDataX509Finalize (xmlSecKeyDataPtr data); +static int xmlSecOpenSSLKeyDataX509XmlRead (xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLKeyDataX509XmlWrite (xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static xmlSecKeyDataType xmlSecOpenSSLKeyDataX509GetType (xmlSecKeyDataPtr data); +static const xmlChar* xmlSecOpenSSLKeyDataX509GetIdentifier (xmlSecKeyDataPtr data); -static void xmlSecOpenSSLKeyDataX509DebugDump (xmlSecKeyDataPtr data, - FILE* output); -static void xmlSecOpenSSLKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data, - FILE* output); +static void xmlSecOpenSSLKeyDataX509DebugDump (xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecOpenSSLKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data, + FILE* output); @@ -236,63 +236,63 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataX509Klass = { /* data */ xmlSecNameX509Data, - xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, - /* xmlSecKeyDataUsage usage; */ - xmlSecHrefX509Data, /* const xmlChar* href; */ - xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */ - xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ - + xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefX509Data, /* const xmlChar* href; */ + xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + /* constructors/destructor */ - xmlSecOpenSSLKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */ - xmlSecOpenSSLKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ - xmlSecOpenSSLKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */ - NULL, /* xmlSecKeyDataGenerateMethod generate; */ + xmlSecOpenSSLKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecOpenSSLKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecOpenSSLKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ - xmlSecOpenSSLKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */ - NULL, /* xmlSecKeyDataGetSizeMethod getSize; */ - xmlSecOpenSSLKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + xmlSecOpenSSLKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */ + NULL, /* xmlSecKeyDataGetSizeMethod getSize; */ + xmlSecOpenSSLKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - xmlSecOpenSSLKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - xmlSecOpenSSLKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ - NULL, /* xmlSecKeyDataBinReadMethod binRead; */ - NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + xmlSecOpenSSLKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecOpenSSLKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ - xmlSecOpenSSLKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ - xmlSecOpenSSLKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + xmlSecOpenSSLKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecOpenSSLKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; -/** +/** * xmlSecOpenSSLKeyDataX509GetKlass: - * + * * The OpenSSL X509 key data klass (http://www.w3.org/TR/xmldsig-core/#sec-X509Data). * * Returns: the X509 data klass. */ -xmlSecKeyDataId +xmlSecKeyDataId xmlSecOpenSSLKeyDataX509GetKlass(void) { return(&xmlSecOpenSSLKeyDataX509Klass); } /** * xmlSecOpenSSLKeyDataX509GetKeyCert: - * @data: the pointer to X509 key data. + * @data: the pointer to X509 key data. * - * Gets the certificate from which the key was extracted. + * Gets the certificate from which the key was extracted. * * Returns: the key's certificate or NULL if key data was not used for key * extraction or an error occurs. */ -X509* +X509* xmlSecOpenSSLKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) { xmlSecOpenSSLX509DataCtxPtr ctx; - + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), NULL); ctx = xmlSecOpenSSLX509DataGetCtx(data); @@ -303,8 +303,8 @@ xmlSecOpenSSLKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) { /** * xmlSecOpenSSLKeyDataX509AdoptKeyCert: - * @data: the pointer to X509 key data. - * @cert: the pointer to OpenSSL X509 certificate. + * @data: the pointer to X509 key data. + * @cert: the pointer to OpenSSL X509 certificate. * * Sets the key's certificate in @data. * @@ -319,9 +319,9 @@ xmlSecOpenSSLKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, X509* cert) { ctx = xmlSecOpenSSLX509DataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - + if(ctx->keyCert != NULL) { - X509_free(ctx->keyCert); + X509_free(ctx->keyCert); } ctx->keyCert = cert; return(0); @@ -329,60 +329,60 @@ xmlSecOpenSSLKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, X509* cert) { /** * xmlSecOpenSSLKeyDataX509AdoptCert: - * @data: the pointer to X509 key data. - * @cert: the pointer to OpenSSL X509 certificate. + * @data: the pointer to X509 key data. + * @cert: the pointer to OpenSSL X509 certificate. * * Adds certificate to the X509 key data. * * Returns: 0 on success or a negative value if an error occurs. */ -int +int xmlSecOpenSSLKeyDataX509AdoptCert(xmlSecKeyDataPtr data, X509* cert) { xmlSecOpenSSLX509DataCtxPtr ctx; int ret; - + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1); xmlSecAssert2(cert != NULL, -1); ctx = xmlSecOpenSSLX509DataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - + if(ctx->certsList == NULL) { - ctx->certsList = sk_X509_new_null(); - if(ctx->certsList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "sk_X509_new_null", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - + ctx->certsList = sk_X509_new_null(); + if(ctx->certsList == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "sk_X509_new_null", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + ret = sk_X509_push(ctx->certsList, cert); if(ret < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "sk_X509_push", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "sk_X509_push", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + return(0); } /** * xmlSecOpenSSLKeyDataX509GetCert: - * @data: the pointer to X509 key data. - * @pos: the desired certificate position. - * + * @data: the pointer to X509 key data. + * @pos: the desired certificate position. + * * Gets a certificate from X509 key data. * - * Returns: the pointer to certificate or NULL if @pos is larger than the + * Returns: the pointer to certificate or NULL if @pos is larger than the * number of certificates in @data or an error occurs. */ -X509* +X509* xmlSecOpenSSLKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) { xmlSecOpenSSLX509DataCtxPtr ctx; @@ -398,13 +398,13 @@ xmlSecOpenSSLKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) { /** * xmlSecOpenSSLKeyDataX509GetCertsSize: - * @data: the pointer to X509 key data. + * @data: the pointer to X509 key data. * * Gets the number of certificates in @data. * * Returns: te number of certificates in @data. */ -xmlSecSize +xmlSecSize xmlSecOpenSSLKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) { xmlSecOpenSSLX509DataCtxPtr ctx; @@ -418,60 +418,60 @@ xmlSecOpenSSLKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) { /** * xmlSecOpenSSLKeyDataX509AdoptCrl: - * @data: the pointer to X509 key data. - * @crl: the pointer to OpenSSL X509 CRL. + * @data: the pointer to X509 key data. + * @crl: the pointer to OpenSSL X509 CRL. * * Adds CRL to the X509 key data. * * Returns: 0 on success or a negative value if an error occurs. */ -int +int xmlSecOpenSSLKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, X509_CRL* crl) { xmlSecOpenSSLX509DataCtxPtr ctx; int ret; - + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1); xmlSecAssert2(crl != NULL, -1); ctx = xmlSecOpenSSLX509DataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - + if(ctx->crlsList == NULL) { - ctx->crlsList = sk_X509_CRL_new_null(); - if(ctx->crlsList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "sk_X509_CRL_new_null", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - + ctx->crlsList = sk_X509_CRL_new_null(); + if(ctx->crlsList == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "sk_X509_CRL_new_null", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } + ret = sk_X509_CRL_push(ctx->crlsList, crl); if(ret < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "sk_X509_CRL_push", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "sk_X509_CRL_push", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + return(0); } /** * xmlSecOpenSSLKeyDataX509GetCrl: - * @data: the pointer to X509 key data. - * @pos: the desired CRL position. - * + * @data: the pointer to X509 key data. + * @pos: the desired CRL position. + * * Gets a CRL from X509 key data. * - * Returns: the pointer to CRL or NULL if @pos is larger than the + * Returns: the pointer to CRL or NULL if @pos is larger than the * number of CRLs in @data or an error occurs. */ -X509_CRL* +X509_CRL* xmlSecOpenSSLKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) { xmlSecOpenSSLX509DataCtxPtr ctx; @@ -488,13 +488,13 @@ xmlSecOpenSSLKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) { /** * xmlSecOpenSSLKeyDataX509GetCrlsSize: - * @data: the pointer to X509 key data. + * @data: the pointer to X509 key data. * * Gets the number of CRLs in @data. * * Returns: te number of CRLs in @data. */ -xmlSecSize +xmlSecSize xmlSecOpenSSLKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) { xmlSecOpenSSLX509DataCtxPtr ctx; @@ -506,7 +506,7 @@ xmlSecOpenSSLKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) { return((ctx->crlsList != NULL) ? sk_X509_CRL_num(ctx->crlsList) : 0); } -static int +static int xmlSecOpenSSLKeyDataX509Initialize(xmlSecKeyDataPtr data) { xmlSecOpenSSLX509DataCtxPtr ctx; @@ -530,99 +530,99 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataX509Id), -1); xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataX509Id), -1); - + /* copy certsList */ size = xmlSecOpenSSLKeyDataX509GetCertsSize(src); for(pos = 0; pos < size; ++pos) { - certSrc = xmlSecOpenSSLKeyDataX509GetCert(src, pos); - if(certSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecOpenSSLKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - - certDst = X509_dup(certSrc); - if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - ret = xmlSecOpenSSLKeyDataX509AdoptCert(dst, certDst); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - X509_free(certDst); - return(-1); - } + certSrc = xmlSecOpenSSLKeyDataX509GetCert(src, pos); + if(certSrc == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), + "xmlSecOpenSSLKeyDataX509GetCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return(-1); + } + + certDst = X509_dup(certSrc); + if(certDst == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "X509_dup", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ret = xmlSecOpenSSLKeyDataX509AdoptCert(dst, certDst); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "xmlSecOpenSSLKeyDataX509AdoptCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + X509_free(certDst); + return(-1); + } } /* copy crls */ size = xmlSecOpenSSLKeyDataX509GetCrlsSize(src); for(pos = 0; pos < size; ++pos) { - crlSrc = xmlSecOpenSSLKeyDataX509GetCrl(src, pos); - if(crlSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecOpenSSLKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - - crlDst = X509_CRL_dup(crlSrc); - if(crlDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "X509_CRL_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - ret = xmlSecOpenSSLKeyDataX509AdoptCrl(dst, crlDst); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecOpenSSLKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - X509_CRL_free(crlDst); - return(-1); - } + crlSrc = xmlSecOpenSSLKeyDataX509GetCrl(src, pos); + if(crlSrc == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), + "xmlSecOpenSSLKeyDataX509GetCrl", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return(-1); + } + + crlDst = X509_CRL_dup(crlSrc); + if(crlDst == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "X509_CRL_dup", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ret = xmlSecOpenSSLKeyDataX509AdoptCrl(dst, crlDst); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "xmlSecOpenSSLKeyDataX509AdoptCrl", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + X509_CRL_free(crlDst); + return(-1); + } } /* copy key cert if exist */ certSrc = xmlSecOpenSSLKeyDataX509GetKeyCert(src); if(certSrc != NULL) { - certDst = X509_dup(certSrc); - if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - ret = xmlSecOpenSSLKeyDataX509AdoptKeyCert(dst, certDst); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecOpenSSLKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - X509_free(certDst); - return(-1); - } + certDst = X509_dup(certSrc); + if(certDst == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "X509_dup", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ret = xmlSecOpenSSLKeyDataX509AdoptKeyCert(dst, certDst); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "xmlSecOpenSSLKeyDataX509AdoptKeyCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + X509_free(certDst); + return(-1); + } } return(0); } @@ -637,72 +637,72 @@ xmlSecOpenSSLKeyDataX509Finalize(xmlSecKeyDataPtr data) { xmlSecAssert(ctx != NULL); if(ctx->certsList != NULL) { - sk_X509_pop_free(ctx->certsList, X509_free); + sk_X509_pop_free(ctx->certsList, X509_free); } if(ctx->crlsList != NULL) { - sk_X509_CRL_pop_free(ctx->crlsList, X509_CRL_free); + sk_X509_CRL_pop_free(ctx->crlsList, X509_CRL_free); } if(ctx->keyCert != NULL) { - X509_free(ctx->keyCert); + X509_free(ctx->keyCert); } memset(ctx, 0, sizeof(xmlSecOpenSSLX509DataCtx)); } static int xmlSecOpenSSLKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; int ret; - + xmlSecAssert2(id == xmlSecOpenSSLKeyDataX509Id, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - + data = xmlSecKeyEnsureData(key, id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeyEnsureData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ret = xmlSecOpenSSLX509DataNodeRead(data, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509DataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLX509DataNodeRead", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { ret = xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } } return(0); } -static int +static int xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; X509* cert; X509_CRL* crl; xmlSecSize size, pos; int content; int ret; - + xmlSecAssert2(id == xmlSecOpenSSLKeyDataX509Id, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); @@ -710,112 +710,112 @@ xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); if (content < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecX509DataGetNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "content=%d", content); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecX509DataGetNodeContent", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "content=%d", content); + return(-1); } else if(content == 0) { - /* by default we are writing certificates and crls */ - content = XMLSEC_X509DATA_DEFAULT; + /* by default we are writing certificates and crls */ + content = XMLSEC_X509DATA_DEFAULT; } /* get x509 data */ data = xmlSecKeyGetData(key, id); if(data == NULL) { - /* no x509 data in the key */ - return(0); + /* no x509 data in the key */ + return(0); } /* write certs */ size = xmlSecOpenSSLKeyDataX509GetCertsSize(data); for(pos = 0; pos < size; ++pos) { - cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos); - if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - - if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { - ret = xmlSecOpenSSLX509CertificateNodeWrite(cert, node, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509CertificateNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - } - - if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { - ret = xmlSecOpenSSLX509SubjectNameNodeWrite(cert, node, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509SubjectNameNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - } - - if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { - ret = xmlSecOpenSSLX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509IssuerSerialNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - } - - if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { - ret = xmlSecOpenSSLX509SKINodeWrite(cert, node, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509SKINodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - } - } + cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos); + if(cert == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLKeyDataX509GetCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return(-1); + } + + if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { + ret = xmlSecOpenSSLX509CertificateNodeWrite(cert, node, keyInfoCtx); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLX509CertificateNodeWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return(-1); + } + } + + if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { + ret = xmlSecOpenSSLX509SubjectNameNodeWrite(cert, node, keyInfoCtx); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLX509SubjectNameNodeWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return(-1); + } + } + + if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { + ret = xmlSecOpenSSLX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLX509IssuerSerialNodeWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return(-1); + } + } + + if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { + ret = xmlSecOpenSSLX509SKINodeWrite(cert, node, keyInfoCtx); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLX509SKINodeWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return(-1); + } + } + } /* write crls if needed */ if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { - size = xmlSecOpenSSLKeyDataX509GetCrlsSize(data); - for(pos = 0; pos < size; ++pos) { - crl = xmlSecOpenSSLKeyDataX509GetCrl(data, pos); - if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - - ret = xmlSecOpenSSLX509CRLNodeWrite(crl, node, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509CRLNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return(-1); - } - } - } - + size = xmlSecOpenSSLKeyDataX509GetCrlsSize(data); + for(pos = 0; pos < size; ++pos) { + crl = xmlSecOpenSSLKeyDataX509GetCrl(data, pos); + if(crl == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLKeyDataX509GetCrl", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return(-1); + } + + ret = xmlSecOpenSSLX509CRLNodeWrite(crl, node, keyInfoCtx); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLX509CRLNodeWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return(-1); + } + } + } + return(0); } @@ -824,19 +824,19 @@ static xmlSecKeyDataType xmlSecOpenSSLKeyDataX509GetType(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), xmlSecKeyDataTypeUnknown); - /* TODO: return verified/not verified status */ + /* TODO: return verified/not verified status */ return(xmlSecKeyDataTypeUnknown); } static const xmlChar* xmlSecOpenSSLKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), NULL); - - /* TODO */ + + /* TODO */ return(NULL); } -static void +static void xmlSecOpenSSLKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { X509* cert; xmlSecSize size, pos; @@ -847,25 +847,25 @@ xmlSecOpenSSLKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { fprintf(output, "=== X509 Data:\n"); cert = xmlSecOpenSSLKeyDataX509GetKeyCert(data); if(cert != NULL) { - fprintf(output, "==== Key Certificate:\n"); - xmlSecOpenSSLX509CertDebugDump(cert, output); + fprintf(output, "==== Key Certificate:\n"); + xmlSecOpenSSLX509CertDebugDump(cert, output); } - + size = xmlSecOpenSSLKeyDataX509GetCertsSize(data); for(pos = 0; pos < size; ++pos) { - cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos); - if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return; - } - fprintf(output, "==== Certificate:\n"); - xmlSecOpenSSLX509CertDebugDump(cert, output); - } - + cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos); + if(cert == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLKeyDataX509GetCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return; + } + fprintf(output, "==== Certificate:\n"); + xmlSecOpenSSLX509CertDebugDump(cert, output); + } + /* we don't print out crls */ } @@ -880,78 +880,78 @@ xmlSecOpenSSLKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { fprintf(output, "<X509Data>\n"); cert = xmlSecOpenSSLKeyDataX509GetKeyCert(data); if(cert != NULL) { - fprintf(output, "<KeyCertificate>\n"); - xmlSecOpenSSLX509CertDebugXmlDump(cert, output); - fprintf(output, "</KeyCertificate>\n"); + fprintf(output, "<KeyCertificate>\n"); + xmlSecOpenSSLX509CertDebugXmlDump(cert, output); + fprintf(output, "</KeyCertificate>\n"); } - + size = xmlSecOpenSSLKeyDataX509GetCertsSize(data); for(pos = 0; pos < size; ++pos) { - cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos); - if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); - return; - } - fprintf(output, "<Certificate>\n"); - xmlSecOpenSSLX509CertDebugXmlDump(cert, output); - fprintf(output, "</Certificate>\n"); - } - + cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos); + if(cert == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLKeyDataX509GetCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "pos=%d", pos); + return; + } + fprintf(output, "<Certificate>\n"); + xmlSecOpenSSLX509CertDebugXmlDump(cert, output); + fprintf(output, "</Certificate>\n"); + } + /* we don't print out crls */ fprintf(output, "</X509Data>\n"); } static int xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlNodePtr cur; + xmlNodePtr cur; int ret; - + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - + for(cur = xmlSecGetNextElementNode(node->children); - cur != NULL; - cur = xmlSecGetNextElementNode(cur->next)) { - - ret = 0; - if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { - ret = xmlSecOpenSSLX509CertificateNodeRead(data, cur, keyInfoCtx); - } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { - ret = xmlSecOpenSSLX509SubjectNameNodeRead(data, cur, keyInfoCtx); - } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { - ret = xmlSecOpenSSLX509IssuerSerialNodeRead(data, cur, keyInfoCtx); - } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { - ret = xmlSecOpenSSLX509SKINodeRead(data, cur, keyInfoCtx); - } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { - ret = xmlSecOpenSSLX509CRLNodeRead(data, cur, keyInfoCtx); - } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { - /* laxi schema validation: ignore unknown nodes */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "read node failed"); - return(-1); - } + cur != NULL; + cur = xmlSecGetNextElementNode(cur->next)) { + + ret = 0; + if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { + ret = xmlSecOpenSSLX509CertificateNodeRead(data, cur, keyInfoCtx); + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { + ret = xmlSecOpenSSLX509SubjectNameNodeRead(data, cur, keyInfoCtx); + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { + ret = xmlSecOpenSSLX509IssuerSerialNodeRead(data, cur, keyInfoCtx); + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { + ret = xmlSecOpenSSLX509SKINodeRead(data, cur, keyInfoCtx); + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { + ret = xmlSecOpenSSLX509CRLNodeRead(data, cur, keyInfoCtx); + } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { + /* laxi schema validation: ignore unknown nodes */ + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_UNEXPECTED_NODE, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "read node failed"); + return(-1); + } } return(0); } static int -xmlSecOpenSSLX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +xmlSecOpenSSLX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlChar *content; X509* cert; int ret; @@ -962,77 +962,77 @@ xmlSecOpenSSLX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml content = xmlNodeGetContent(node); if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { - if(content != NULL) { - xmlFree(content); - } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - return(0); + if(content != NULL) { + xmlFree(content); + } + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + return(0); } cert = xmlSecOpenSSLX509CertBase64DerRead(content); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLX509CertBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(content); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLX509CertBase64DerRead", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(content); + return(-1); + } + ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - X509_free(cert); - xmlFree(content); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLKeyDataX509AdoptCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + X509_free(cert); + xmlFree(content); + return(-1); + } + xmlFree(content); return(0); } -static int +static int xmlSecOpenSSLX509CertificateNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlChar* buf; xmlNodePtr cur; - + xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - + /* set base64 lines size from context */ - buf = xmlSecOpenSSLX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); + buf = xmlSecOpenSSLX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLX509CertBase64DerWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); - xmlFree(buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); + xmlFree(buf); + return(-1); } /* todo: add \n around base64 data - from context */ @@ -1043,14 +1043,14 @@ xmlSecOpenSSLX509CertificateNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfo return(0); } -static int -xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { +static int +xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; xmlChar* subject; X509* cert; X509* cert2; int ret; - + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); @@ -1058,72 +1058,72 @@ xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecKeysMngrGetDataStore", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } subject = xmlNodeGetContent(node); if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { - if(subject != NULL) { - xmlFree(subject); - } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - return(0); + if(subject != NULL) { + xmlFree(subject); + } + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + return(0); } cert = xmlSecOpenSSLX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); if(cert == NULL){ - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "subject=%s", - xmlSecErrorsSafeString(subject)); - xmlFree(subject); - return(-1); - } + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + NULL, + XMLSEC_ERRORS_R_CERT_NOT_FOUND, + "subject=%s", + xmlSecErrorsSafeString(subject)); + xmlFree(subject); + return(-1); + } - xmlFree(subject); - return(0); + xmlFree(subject); + return(0); } cert2 = X509_dup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "X509_dup", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(subject); - return(-1); + xmlFree(subject); + return(-1); } - + ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - X509_free(cert2); - xmlFree(subject); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLKeyDataX509AdoptCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + X509_free(cert2); + xmlFree(subject); + return(-1); + } + xmlFree(subject); return(0); } @@ -1138,36 +1138,36 @@ xmlSecOpenSSLX509SubjectNameNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfo buf = xmlSecOpenSSLX509NameWrite(X509_get_subject_name(cert)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509NameWrite(X509_get_subject_name)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLX509NameWrite(X509_get_subject_name)", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); - xmlFree(buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); + xmlFree(buf); + return(-1); } xmlSecNodeEncodeAndSetContent(cur, buf); xmlFree(buf); return(0); } -static int +static int xmlSecOpenSSLX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; xmlNodePtr cur; xmlChar *issuerName; - xmlChar *issuerSerial; + xmlChar *issuerSerial; X509* cert; X509* cert2; int ret; @@ -1179,130 +1179,130 @@ xmlSecOpenSSLX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecKeysMngrGetDataStore", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } cur = xmlSecGetNextElementNode(node->children); if(cur == NULL) { - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); - return(-1); - } - return(0); - } - + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), + XMLSEC_ERRORS_R_NODE_NOT_FOUND, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + return(-1); + } + return(0); + } + /* the first is required node X509IssuerName */ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); - return(-1); - } + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), + XMLSEC_ERRORS_R_NODE_NOT_FOUND, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + return(-1); + } issuerName = xmlNodeGetContent(cur); if(issuerName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + return(-1); } - cur = xmlSecGetNextElementNode(cur->next); + cur = xmlSecGetNextElementNode(cur->next); /* next is required node X509SerialNumber */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); - xmlFree(issuerName); - return(-1); - } + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_NODE_NOT_FOUND, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlFree(issuerName); + return(-1); + } issuerSerial = xmlNodeGetContent(cur); if(issuerSerial == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); - xmlFree(issuerName); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlFree(issuerName); + return(-1); } - cur = xmlSecGetNextElementNode(cur->next); + cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(issuerSerial); - xmlFree(issuerName); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_UNEXPECTED_NODE, + XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(issuerSerial); + xmlFree(issuerName); + return(-1); } cert = xmlSecOpenSSLX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx); if(cert == NULL){ - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "issuerName=%s;issuerSerial=%s", - xmlSecErrorsSafeString(issuerName), - xmlSecErrorsSafeString(issuerSerial)); - xmlFree(issuerSerial); - xmlFree(issuerName); - return(-1); - } - xmlFree(issuerSerial); - xmlFree(issuerName); - return(0); + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + NULL, + XMLSEC_ERRORS_R_CERT_NOT_FOUND, + "issuerName=%s;issuerSerial=%s", + xmlSecErrorsSafeString(issuerName), + xmlSecErrorsSafeString(issuerSerial)); + xmlFree(issuerSerial); + xmlFree(issuerName); + return(-1); + } + xmlFree(issuerSerial); + xmlFree(issuerName); + return(0); } cert2 = X509_dup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(issuerSerial); - xmlFree(issuerName); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "X509_dup", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(issuerSerial); + xmlFree(issuerName); + return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - X509_free(cert2); - xmlFree(issuerSerial); - xmlFree(issuerName); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLKeyDataX509AdoptCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + X509_free(cert2); + xmlFree(issuerSerial); + xmlFree(issuerName); + return(-1); + } + xmlFree(issuerSerial); xmlFree(issuerName); return(0); @@ -1314,65 +1314,65 @@ xmlSecOpenSSLX509IssuerSerialNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInf xmlNodePtr issuerNameNode; xmlNodePtr issuerNumberNode; xmlChar* buf; - + xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); /* create xml nodes */ cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); + return(-1); } issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + return(-1); } issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + return(-1); } /* write data */ buf = xmlSecOpenSSLX509NameWrite(X509_get_issuer_name(cert)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509NameWrite(X509_get_issuer_name)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLX509NameWrite(X509_get_issuer_name)", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); xmlFree(buf); buf = xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber(cert)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber)", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf); xmlFree(buf); @@ -1381,14 +1381,14 @@ xmlSecOpenSSLX509IssuerSerialNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInf } -static int +static int xmlSecOpenSSLX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataStorePtr x509Store; xmlChar* ski; X509* cert; X509* cert2; int ret; - + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); @@ -1396,70 +1396,70 @@ xmlSecOpenSSLX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecKeysMngrGetDataStore", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ski = xmlNodeGetContent(node); if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { - if(ski != NULL) { - xmlFree(ski); - } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); - return(-1); - } - return(0); + if(ski != NULL) { + xmlFree(ski); + } + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + return(-1); + } + return(0); } cert = xmlSecOpenSSLX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); if(cert == NULL){ - xmlFree(ski); - - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "ski=%s", - xmlSecErrorsSafeString(ski)); - return(-1); - } - return(0); + xmlFree(ski); + + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + NULL, + XMLSEC_ERRORS_R_CERT_NOT_FOUND, + "ski=%s", + xmlSecErrorsSafeString(ski)); + return(-1); + } + return(0); } cert2 = X509_dup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(ski); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "X509_dup", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(ski); + return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - X509_free(cert2); - xmlFree(ski); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLKeyDataX509AdoptCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + X509_free(cert2); + xmlFree(ski); + return(-1); + } + xmlFree(ski); return(0); } @@ -1474,24 +1474,24 @@ xmlSecOpenSSLX509SKINodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr k buf = xmlSecOpenSSLX509SKIWrite(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509SKIWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLX509SKIWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); - xmlFree(buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "new_node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlFree(buf); + return(-1); } xmlSecNodeEncodeAndSetContent(cur, buf); xmlFree(buf); @@ -1499,7 +1499,7 @@ xmlSecOpenSSLX509SKINodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr k return(0); } -static int +static int xmlSecOpenSSLX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlChar *content; X509_CRL* crl; @@ -1511,43 +1511,43 @@ xmlSecOpenSSLX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn content = xmlNodeGetContent(node); if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { - if(content != NULL) { - xmlFree(content); - } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - return(0); + if(content != NULL) { + xmlFree(content); + } + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + return(0); } crl = xmlSecOpenSSLX509CrlBase64DerRead(content); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLX509CrlBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(content); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLX509CrlBase64DerRead", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(content); + return(-1); + } + ret = xmlSecOpenSSLKeyDataX509AdoptCrl(data, crl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - X509_CRL_free(crl); - xmlFree(content); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLKeyDataX509AdoptCrl", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + X509_CRL_free(crl); + xmlFree(content); + return(-1); + } + xmlFree(content); return(0); } @@ -1562,26 +1562,26 @@ xmlSecOpenSSLX509CRLNodeWrite(X509_CRL* crl, xmlNodePtr node, xmlSecKeyInfoCtxPt xmlSecAssert2(keyInfoCtx != NULL, -1); /* set base64 lines size from context */ - buf = xmlSecOpenSSLX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); + buf = xmlSecOpenSSLX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLX509CrlBase64DerWrite", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); - xmlFree(buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "new_node=%s", + xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlFree(buf); + return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ @@ -1594,11 +1594,11 @@ xmlSecOpenSSLX509CRLNodeWrite(X509_CRL* crl, xmlNodePtr node, xmlSecKeyInfoCtxPt static int xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, - xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecOpenSSLX509DataCtxPtr ctx; xmlSecKeyDataStorePtr x509Store; int ret; - + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); @@ -1609,93 +1609,93 @@ xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecKeysMngrGetDataStore", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } if((ctx->keyCert == NULL) && (ctx->certsList != NULL) && (xmlSecKeyGetValue(key) == NULL)) { - X509* cert; - - cert = xmlSecOpenSSLX509StoreVerify(x509Store, ctx->certsList, ctx->crlsList, keyInfoCtx); - if(cert != NULL) { - xmlSecKeyDataPtr keyValue; - - ctx->keyCert = X509_dup(cert); - if(ctx->keyCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - keyValue = xmlSecOpenSSLX509CertGetKey(ctx->keyCert); - if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* verify that the key matches our expectations */ - if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeyReqMatchKeyValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDataDestroy(keyValue); - return(-1); - } - - ret = xmlSecKeySetValue(key, keyValue); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDataDestroy(keyValue); - return(-1); - } - - if((X509_get_notBefore(ctx->keyCert) != NULL) && (X509_get_notAfter(ctx->keyCert) != NULL)) { - ret = xmlSecOpenSSLX509CertGetTime(X509_get_notBefore(ctx->keyCert), &(key->notValidBefore)); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidBefore"); - return(-1); - } - ret = xmlSecOpenSSLX509CertGetTime(X509_get_notAfter(ctx->keyCert), &(key->notValidAfter)); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidAfter"); - return(-1); - } - } else { - key->notValidBefore = key->notValidAfter = 0; - } - } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + X509* cert; + + cert = xmlSecOpenSSLX509StoreVerify(x509Store, ctx->certsList, ctx->crlsList, keyInfoCtx); + if(cert != NULL) { + xmlSecKeyDataPtr keyValue; + + ctx->keyCert = X509_dup(cert); + if(ctx->keyCert == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "X509_dup", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + keyValue = xmlSecOpenSSLX509CertGetKey(ctx->keyCert); + if(keyValue == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLX509CertGetKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* verify that the key matches our expectations */ + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecKeyReqMatchKeyValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecKeyDataDestroy(keyValue); + return(-1); + } + + ret = xmlSecKeySetValue(key, keyValue); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecKeySetValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecKeyDataDestroy(keyValue); + return(-1); + } + + if((X509_get_notBefore(ctx->keyCert) != NULL) && (X509_get_notAfter(ctx->keyCert) != NULL)) { + ret = xmlSecOpenSSLX509CertGetTime(X509_get_notBefore(ctx->keyCert), &(key->notValidBefore)); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLX509CertGetTime", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "notValidBefore"); + return(-1); + } + ret = xmlSecOpenSSLX509CertGetTime(X509_get_notAfter(ctx->keyCert), &(key->notValidAfter)); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecOpenSSLX509CertGetTime", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "notValidAfter"); + return(-1); + } + } else { + key->notValidBefore = key->notValidAfter = 0; + } + } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + NULL, + XMLSEC_ERRORS_R_CERT_NOT_FOUND, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } } return(0); } @@ -1704,38 +1704,38 @@ xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr extern time_t timegm (struct tm *tm); #else /* HAVE_TIMEGM */ #ifdef WIN32 -#define timegm(tm) (mktime(tm) - _timezone) +#define timegm(tm) (mktime(tm) - _timezone) #else /* WIN32 */ /* Absolutely not the best way but it's the only ANSI compatible way I know. * If you system has a native struct tm --> GMT time_t conversion function * (like timegm) use it instead. */ -static time_t -my_timegm(struct tm *t) { - time_t tl, tb; - struct tm *tg; +static time_t +my_timegm(struct tm *t) { + time_t tl, tb; + struct tm *tg; - tl = mktime (t); + tl = mktime (t); if(tl == -1) { - t->tm_hour--; - tl = mktime (t); - if (tl == -1) { - return -1; - } - tl += 3600; - } - tg = gmtime (&tl); - tg->tm_isdst = 0; - tb = mktime (tg); + t->tm_hour--; + tl = mktime (t); + if (tl == -1) { + return -1; + } + tl += 3600; + } + tg = gmtime (&tl); + tg->tm_isdst = 0; + tb = mktime (tg); if (tb == -1) { - tg->tm_hour--; - tb = mktime (tg); - if (tb == -1) { - return -1; - } - tb += 3600; - } - return (tl - (tb - tl)); + tg->tm_hour--; + tb = mktime (tg); + if (tb == -1) { + return -1; + } + tb += 3600; + } + return (tl - (tb - tl)); } #define timegm(tm) my_timegm(tm) @@ -1746,112 +1746,112 @@ static int xmlSecOpenSSLX509CertGetTime(ASN1_TIME* t, time_t* res) { struct tm tm; int offset; - + xmlSecAssert2(t != NULL, -1); xmlSecAssert2(res != NULL, -1); (*res) = 0; #ifndef XMLSEC_OPENSSL_096 if(!ASN1_TIME_check(t)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "ASN1_TIME_check", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "ASN1_TIME_check", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } #endif /* XMLSEC_OPENSSL_096 */ - + memset(&tm, 0, sizeof(tm)); #define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') if(t->type == V_ASN1_UTCTIME) { - xmlSecAssert2(t->length > 12, -1); - - - /* this code is copied from OpenSSL asn1/a_utctm.c file */ - tm.tm_year = g2(t->data); - if(tm.tm_year < 50) { - tm.tm_year += 100; - } - tm.tm_mon = g2(t->data + 2) - 1; - tm.tm_mday = g2(t->data + 4); - tm.tm_hour = g2(t->data + 6); - tm.tm_min = g2(t->data + 8); - tm.tm_sec = g2(t->data + 10); - if(t->data[12] == 'Z') { - offset = 0; - } else { - xmlSecAssert2(t->length > 16, -1); - - offset = g2(t->data + 13) * 60 + g2(t->data + 15); - if(t->data[12] == '-') { - offset = -offset; - } - } - tm.tm_isdst = -1; + xmlSecAssert2(t->length > 12, -1); + + + /* this code is copied from OpenSSL asn1/a_utctm.c file */ + tm.tm_year = g2(t->data); + if(tm.tm_year < 50) { + tm.tm_year += 100; + } + tm.tm_mon = g2(t->data + 2) - 1; + tm.tm_mday = g2(t->data + 4); + tm.tm_hour = g2(t->data + 6); + tm.tm_min = g2(t->data + 8); + tm.tm_sec = g2(t->data + 10); + if(t->data[12] == 'Z') { + offset = 0; + } else { + xmlSecAssert2(t->length > 16, -1); + + offset = g2(t->data + 13) * 60 + g2(t->data + 15); + if(t->data[12] == '-') { + offset = -offset; + } + } + tm.tm_isdst = -1; } else { - xmlSecAssert2(t->length > 14, -1); - - tm.tm_year = g2(t->data) * 100 + g2(t->data + 2); - tm.tm_mon = g2(t->data + 4) - 1; - tm.tm_mday = g2(t->data + 6); - tm.tm_hour = g2(t->data + 8); - tm.tm_min = g2(t->data + 10); - tm.tm_sec = g2(t->data + 12); - if(t->data[14] == 'Z') { - offset = 0; - } else { - xmlSecAssert2(t->length > 18, -1); - - offset = g2(t->data + 15) * 60 + g2(t->data + 17); - if(t->data[14] == '-') { - offset = -offset; - } - } - tm.tm_isdst = -1; + xmlSecAssert2(t->length > 14, -1); + + tm.tm_year = g2(t->data) * 100 + g2(t->data + 2); + tm.tm_mon = g2(t->data + 4) - 1; + tm.tm_mday = g2(t->data + 6); + tm.tm_hour = g2(t->data + 8); + tm.tm_min = g2(t->data + 10); + tm.tm_sec = g2(t->data + 12); + if(t->data[14] == 'Z') { + offset = 0; + } else { + xmlSecAssert2(t->length > 18, -1); + + offset = g2(t->data + 15) * 60 + g2(t->data + 17); + if(t->data[14] == '-') { + offset = -offset; + } + } + tm.tm_isdst = -1; } #undef g2 (*res) = timegm(&tm) - offset * 60; return(0); } -/** +/** * xmlSecOpenSSLX509CertGetKey: - * @cert: the certificate. - * + * @cert: the certificate. + * * Extracts public key from the @cert. * * Returns: public key value or NULL if an error occurs. */ -xmlSecKeyDataPtr +xmlSecKeyDataPtr xmlSecOpenSSLX509CertGetKey(X509* cert) { xmlSecKeyDataPtr data; EVP_PKEY *pKey = NULL; - + xmlSecAssert2(cert != NULL, NULL); pKey = X509_get_pubkey(cert); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_get_pubkey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "X509_get_pubkey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } data = xmlSecOpenSSLEvpKeyAdopt(pKey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLEvpKeyAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - EVP_PKEY_free(pKey); - return(NULL); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLEvpKeyAdopt", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + EVP_PKEY_free(pKey); + return(NULL); + } + return(data); } @@ -1860,18 +1860,18 @@ xmlSecOpenSSLX509CertBase64DerRead(xmlChar* buf) { int ret; xmlSecAssert2(buf != NULL, NULL); - + /* usual trick with base64 decoding "in-place" */ - ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); + ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBase64Decode", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + return(xmlSecOpenSSLX509CertDerRead((xmlSecByte*)buf, ret)); } @@ -1883,37 +1883,37 @@ xmlSecOpenSSLX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) { xmlSecAssert2(buf != NULL, NULL); xmlSecAssert2(size > 0, NULL); - + mem = BIO_new(BIO_s_mem()); if(mem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "BIO_s_mem"); - return(NULL); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "BIO_s_mem"); + return(NULL); + } + ret = BIO_write(mem, buf, size); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_write", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", size); - BIO_free_all(mem); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_write", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "size=%d", size); + BIO_free_all(mem); + return(NULL); } cert = d2i_X509_bio(mem, NULL); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "d2i_X509_bio", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - BIO_free_all(mem); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "d2i_X509_bio", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free_all(mem); + return(NULL); } BIO_free_all(mem); @@ -1928,42 +1928,42 @@ xmlSecOpenSSLX509CertBase64DerWrite(X509* cert, int base64LineWrap) { long size; xmlSecAssert2(cert != NULL, NULL); - + mem = BIO_new(BIO_s_mem()); if(mem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "BIO_s_mem"); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "BIO_s_mem"); + return(NULL); } /* todo: add error checks */ i2d_X509_bio(mem, cert); BIO_flush(mem); - + size = BIO_get_mem_data(mem, &p); if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_get_mem_data", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - BIO_free_all(mem); - return(NULL); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_get_mem_data", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free_all(mem); + return(NULL); + } + res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - BIO_free_all(mem); - return(NULL); - } + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBase64Encode", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free_all(mem); + return(NULL); + } BIO_free_all(mem); return(res); @@ -1974,18 +1974,18 @@ xmlSecOpenSSLX509CrlBase64DerRead(xmlChar* buf) { int ret; xmlSecAssert2(buf != NULL, NULL); - + /* usual trick with base64 decoding "in-place" */ - ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); + ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBase64Decode", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + return(xmlSecOpenSSLX509CrlDerRead((xmlSecByte*)buf, ret)); } @@ -1997,37 +1997,37 @@ xmlSecOpenSSLX509CrlDerRead(xmlSecByte* buf, xmlSecSize size) { xmlSecAssert2(buf != NULL, NULL); xmlSecAssert2(size > 0, NULL); - + mem = BIO_new(BIO_s_mem()); if(mem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "BIO_s_mem"); - return(NULL); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "BIO_s_mem"); + return(NULL); + } + ret = BIO_write(mem, buf, size); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_write", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", size); - BIO_free_all(mem); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_write", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "size=%d", size); + BIO_free_all(mem); + return(NULL); } crl = d2i_X509_CRL_bio(mem, NULL); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "d2i_X509_CRL_bio", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - BIO_free_all(mem); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "d2i_X509_CRL_bio", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free_all(mem); + return(NULL); } BIO_free_all(mem); @@ -2042,44 +2042,44 @@ xmlSecOpenSSLX509CrlBase64DerWrite(X509_CRL* crl, int base64LineWrap) { long size; xmlSecAssert2(crl != NULL, NULL); - + mem = BIO_new(BIO_s_mem()); if(mem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "BIO_s_mem"); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "BIO_s_mem"); + return(NULL); } /* todo: add error checks */ i2d_X509_CRL_bio(mem, crl); BIO_flush(mem); - + size = BIO_get_mem_data(mem, &p); if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_get_mem_data", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - BIO_free_all(mem); - return(NULL); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_get_mem_data", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free_all(mem); + return(NULL); + } + res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - BIO_free_all(mem); - return(NULL); - } - - BIO_free_all(mem); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBase64Encode", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free_all(mem); + return(NULL); + } + + BIO_free_all(mem); return(res); } @@ -2094,19 +2094,19 @@ xmlSecOpenSSLX509NameWrite(X509_NAME* nm) { mem = BIO_new(BIO_s_mem()); if(mem == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "BIO_s_mem"); + NULL, + "BIO_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "BIO_s_mem"); return(NULL); } if (X509_NAME_print_ex(mem, nm, 0, XN_FLAG_RFC2253) <=0) { xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_NAME_print_ex", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + NULL, + "X509_NAME_print_ex", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); BIO_free_all(mem); return(NULL); } @@ -2116,13 +2116,13 @@ xmlSecOpenSSLX509NameWrite(X509_NAME* nm) { size = BIO_pending(mem); res = xmlMalloc(size + 1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - BIO_free_all(mem); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlMalloc", + XMLSEC_ERRORS_R_MALLOC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free_all(mem); + return(NULL); } size = BIO_read(mem, res, size); @@ -2137,28 +2137,28 @@ xmlSecOpenSSLASN1IntegerWrite(ASN1_INTEGER *asni) { xmlChar *res = NULL; BIGNUM *bn; char *p; - + xmlSecAssert2(asni != NULL, NULL); bn = ASN1_INTEGER_to_BN(asni, NULL); if(bn == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "ASN1_INTEGER_to_BN", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "ASN1_INTEGER_to_BN", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); } p = BN_bn2dec(bn); if (p == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_bn2dec", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - BN_free(bn); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BN_bn2dec", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BN_free(bn); + return(NULL); } BN_free(bn); bn = NULL; @@ -2169,13 +2169,13 @@ xmlSecOpenSSLASN1IntegerWrite(ASN1_INTEGER *asni) { */ res = xmlCharStrdup(p); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlCharStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - OPENSSL_free(p); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlCharStrdup", + XMLSEC_ERRORS_R_MALLOC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + OPENSSL_free(p); + return(NULL); } OPENSSL_free(p); p = NULL; @@ -2193,51 +2193,51 @@ xmlSecOpenSSLX509SKIWrite(X509* cert) { index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); if (index < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Certificate without SubjectKeyIdentifier extension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "Certificate without SubjectKeyIdentifier extension", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + ext = X509_get_ext(cert, index); if (ext == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_get_ext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "X509_get_ext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); } keyId = X509V3_EXT_d2i(ext); if (keyId == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509V3_EXT_d2i", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - M_ASN1_OCTET_STRING_free(keyId); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "X509V3_EXT_d2i", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + M_ASN1_OCTET_STRING_free(keyId); + return(NULL); } res = xmlSecBase64Encode(M_ASN1_STRING_data(keyId), M_ASN1_STRING_length(keyId), 0); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - M_ASN1_OCTET_STRING_free(keyId); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBase64Encode", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + M_ASN1_OCTET_STRING_free(keyId); + return(NULL); } M_ASN1_OCTET_STRING_free(keyId); - + return(res); } -static void +static void xmlSecOpenSSLX509CertDebugDump(X509* cert, FILE* output) { char buf[1024]; BIGNUM *bn = NULL; @@ -2245,47 +2245,47 @@ xmlSecOpenSSLX509CertDebugDump(X509* cert, FILE* output) { xmlSecAssert(cert != NULL); xmlSecAssert(output != NULL); - fprintf(output, "==== Subject Name: %s\n", - X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf))); - fprintf(output, "==== Issuer Name: %s\n", - X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf))); + fprintf(output, "==== Subject Name: %s\n", + X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf))); + fprintf(output, "==== Issuer Name: %s\n", + X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf))); fprintf(output, "==== Issuer Serial: "); bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert),NULL); if(bn != NULL) { - BN_print_fp(output, bn); - BN_free(bn); - fprintf(output, "\n"); + BN_print_fp(output, bn); + BN_free(bn); + fprintf(output, "\n"); } else { - fprintf(output, "unknown\n"); + fprintf(output, "unknown\n"); } } -static void +static void xmlSecOpenSSLX509CertDebugXmlDump(X509* cert, FILE* output) { char buf[1024]; BIGNUM *bn = NULL; xmlSecAssert(cert != NULL); xmlSecAssert(output != NULL); - + fprintf(output, "<SubjectName>"); - xmlSecPrintXmlString(output, - BAD_CAST X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)) + xmlSecPrintXmlString(output, + BAD_CAST X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)) ); fprintf(output, "</SubjectName>\n"); - - + + fprintf(output, "<IssuerName>"); - xmlSecPrintXmlString(output, - BAD_CAST X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf))); + xmlSecPrintXmlString(output, + BAD_CAST X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf))); fprintf(output, "</IssuerName>\n"); fprintf(output, "<SerialNumber>"); bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert),NULL); if(bn != NULL) { - BN_print_fp(output, bn); - BN_free(bn); + BN_print_fp(output, bn); + BN_free(bn); } fprintf(output, "</SerialNumber>\n"); } @@ -2297,11 +2297,11 @@ xmlSecOpenSSLX509CertDebugXmlDump(X509* cert, FILE* output) { * * *************************************************************************/ -static int xmlSecOpenSSLKeyDataRawX509CertBinRead (xmlSecKeyDataId id, - xmlSecKeyPtr key, - const xmlSecByte* buf, - xmlSecSize bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecOpenSSLKeyDataRawX509CertBinRead (xmlSecKeyDataId id, + xmlSecKeyPtr key, + const xmlSecByte* buf, + xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx); static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataRawX509CertKlass = { sizeof(xmlSecKeyDataKlass), @@ -2309,58 +2309,58 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataRawX509CertKlass = { /* data */ xmlSecNameRawX509Cert, - xmlSecKeyDataUsageRetrievalMethodNodeBin, - /* xmlSecKeyDataUsage usage; */ - xmlSecHrefRawX509Cert, /* const xmlChar* href; */ - NULL, /* const xmlChar* dataNodeName; */ - xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ - + xmlSecKeyDataUsageRetrievalMethodNodeBin, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefRawX509Cert, /* const xmlChar* href; */ + NULL, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + /* constructors/destructor */ - NULL, /* xmlSecKeyDataInitializeMethod initialize; */ - NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */ - NULL, /* xmlSecKeyDataFinalizeMethod finalize; */ - NULL, /* xmlSecKeyDataGenerateMethod generate; */ + NULL, /* xmlSecKeyDataInitializeMethod initialize; */ + NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */ + NULL, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecKeyDataGenerateMethod generate; */ /* get info */ - NULL, /* xmlSecKeyDataGetTypeMethod getType; */ - NULL, /* xmlSecKeyDataGetSizeMethod getSize; */ - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + NULL, /* xmlSecKeyDataGetTypeMethod getType; */ + NULL, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ - xmlSecOpenSSLKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ - NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + xmlSecOpenSSLKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ - NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */ - NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; /** * xmlSecOpenSSLKeyDataRawX509CertGetKlass: - * + * * The raw X509 certificates key data klass. * * Returns: raw X509 certificates key data klass. */ -xmlSecKeyDataId +xmlSecKeyDataId xmlSecOpenSSLKeyDataRawX509CertGetKlass(void) { return(&xmlSecOpenSSLKeyDataRawX509CertKlass); } static int xmlSecOpenSSLKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - const xmlSecByte* buf, xmlSecSize bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx) { + const xmlSecByte* buf, xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; X509* cert; int ret; - + xmlSecAssert2(id == xmlSecOpenSSLKeyDataRawX509CertId, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(buf != NULL, -1); @@ -2369,44 +2369,44 @@ xmlSecOpenSSLKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, cert = xmlSecOpenSSLX509CertDerRead(buf, bufSize); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509CertDerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLX509CertDerRead", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } data = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - X509_free(cert); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeyEnsureData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + X509_free(cert); + return(-1); + } + ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - X509_free(cert); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLKeyDataX509AdoptCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + X509_free(cert); + return(-1); } ret = xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } return(0); } |