Changeset 745 for trunk/server/source4/heimdal/lib/hx509
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 29 edited
- 2 copied
-
. (modified) (1 prop)
-
source4/heimdal/lib/hx509/ca.c (modified) (12 diffs)
-
source4/heimdal/lib/hx509/cert.c (modified) (20 diffs)
-
source4/heimdal/lib/hx509/char_map.h (copied) (copied from vendor/current/source4/heimdal/lib/hx509/char_map.h )
-
source4/heimdal/lib/hx509/cms.c (modified) (12 diffs)
-
source4/heimdal/lib/hx509/collector.c (modified) (2 diffs)
-
source4/heimdal/lib/hx509/crypto.c (modified) (83 diffs)
-
source4/heimdal/lib/hx509/error.c (modified) (2 diffs)
-
source4/heimdal/lib/hx509/file.c (modified) (3 diffs)
-
source4/heimdal/lib/hx509/hx509.h (modified) (4 diffs)
-
source4/heimdal/lib/hx509/hx509_err.et (modified) (1 diff)
-
source4/heimdal/lib/hx509/hx_locl.h (modified) (3 diffs)
-
source4/heimdal/lib/hx509/keyset.c (modified) (7 diffs)
-
source4/heimdal/lib/hx509/ks_dir.c (modified) (2 diffs)
-
source4/heimdal/lib/hx509/ks_file.c (modified) (17 diffs)
-
source4/heimdal/lib/hx509/ks_keychain.c (modified) (3 diffs)
-
source4/heimdal/lib/hx509/ks_mem.c (modified) (2 diffs)
-
source4/heimdal/lib/hx509/ks_p11.c (modified) (5 diffs)
-
source4/heimdal/lib/hx509/ks_p12.c (modified) (2 diffs)
-
source4/heimdal/lib/hx509/lex.yy.c (copied) (copied from vendor/current/source4/heimdal/lib/hx509/lex.yy.c )
-
source4/heimdal/lib/hx509/lock.c (modified) (1 diff)
-
source4/heimdal/lib/hx509/name.c (modified) (19 diffs)
-
source4/heimdal/lib/hx509/peer.c (modified) (2 diffs)
-
source4/heimdal/lib/hx509/print.c (modified) (1 diff)
-
source4/heimdal/lib/hx509/req.c (modified) (11 diffs)
-
source4/heimdal/lib/hx509/revoke.c (modified) (6 diffs)
-
source4/heimdal/lib/hx509/sel-gram.c (modified) (37 diffs)
-
source4/heimdal/lib/hx509/sel-gram.h (modified) (3 diffs)
-
source4/heimdal/lib/hx509/sel-lex.c (modified) (18 diffs)
-
source4/heimdal/lib/hx509/sel-lex.l (modified) (1 diff)
-
source4/heimdal/lib/hx509/sel.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source4/heimdal/lib/hx509/ca.c
r414 r745 1 1 /* 2 * Copyright (c) 2006 - 20 07Kungliga Tekniska Högskolan2 * Copyright (c) 2006 - 2010 Kungliga Tekniska Högskolan 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. … … 54 54 unsigned int serial:1; 55 55 unsigned int domaincontroller:1; 56 unsigned int xUniqueID:1; 56 57 } flags; 57 58 time_t notBefore; … … 59 60 int pathLenConstraint; /* both for CA and Proxy */ 60 61 CRLDistributionPoints crldp; 62 heim_bit_string subjectUniqueID; 63 heim_bit_string issuerUniqueID; 64 61 65 }; 62 66 … … 80 84 if (*tbs == NULL) 81 85 return ENOMEM; 82 83 (*tbs)->subject = NULL;84 (*tbs)->san.len = 0;85 (*tbs)->san.val = NULL;86 (*tbs)->eku.len = 0;87 (*tbs)->eku.val = NULL;88 (*tbs)->pathLenConstraint = 0;89 (*tbs)->crldp.len = 0;90 (*tbs)->crldp.val = NULL;91 86 92 87 return 0; … … 112 107 der_free_heim_integer(&(*tbs)->serial); 113 108 free_CRLDistributionPoints(&(*tbs)->crldp); 114 109 der_free_bit_string(&(*tbs)->subjectUniqueID); 110 der_free_bit_string(&(*tbs)->issuerUniqueID); 115 111 hx509_name_free(&(*tbs)->subject); 116 112 … … 486 482 487 483 gn.element = choice_GeneralName_uniformResourceIdentifier; 488 gn.u.uniformResourceIdentifier = rk_UNCONST(uri); 484 gn.u.uniformResourceIdentifier.data = rk_UNCONST(uri); 485 gn.u.uniformResourceIdentifier.length = strlen(uri); 489 486 490 487 ASN1_MALLOC_ENCODE(DistributionPointName, … … 786 783 memset(&gn, 0, sizeof(gn)); 787 784 gn.element = choice_GeneralName_dNSName; 788 gn.u.dNSName = rk_UNCONST(dnsname); 785 gn.u.dNSName.data = rk_UNCONST(dnsname); 786 gn.u.dNSName.length = strlen(dnsname); 789 787 790 788 return add_GeneralNames(&tbs->san, &gn); … … 813 811 memset(&gn, 0, sizeof(gn)); 814 812 gn.element = choice_GeneralName_rfc822Name; 815 gn.u.rfc822Name = rk_UNCONST(rfc822Name); 813 gn.u.rfc822Name.data = rk_UNCONST(rfc822Name); 814 gn.u.rfc822Name.length = strlen(rfc822Name); 816 815 817 816 return add_GeneralNames(&tbs->san, &gn); … … 841 840 842 841 /** 842 * Set the issuerUniqueID and subjectUniqueID 843 * 844 * These are only supposed to be used considered with version 2 845 * certificates, replaced by the two extensions SubjectKeyIdentifier 846 * and IssuerKeyIdentifier. This function is to allow application 847 * using legacy protocol to issue them. 848 * 849 * @param context A hx509 context. 850 * @param tbs object to be signed. 851 * @param issuerUniqueID to be set 852 * @param subjectUniqueID to be set 853 * 854 * @return An hx509 error code, see hx509_get_error_string(). 855 * 856 * @ingroup hx509_ca 857 */ 858 859 int 860 hx509_ca_tbs_set_unique(hx509_context context, 861 hx509_ca_tbs tbs, 862 const heim_bit_string *subjectUniqueID, 863 const heim_bit_string *issuerUniqueID) 864 { 865 int ret; 866 867 der_free_bit_string(&tbs->subjectUniqueID); 868 der_free_bit_string(&tbs->issuerUniqueID); 869 870 if (subjectUniqueID) { 871 ret = der_copy_bit_string(subjectUniqueID, &tbs->subjectUniqueID); 872 if (ret) 873 return ret; 874 } 875 876 if (issuerUniqueID) { 877 ret = der_copy_bit_string(issuerUniqueID, &tbs->issuerUniqueID); 878 if (ret) 879 return ret; 880 } 881 882 return 0; 883 } 884 885 /** 843 886 * Expand the the subject name in the to-be-signed certificate object 844 887 * using hx509_name_expand(). … … 861 904 return hx509_name_expand(context, tbs->subject, env); 862 905 } 906 907 /* 908 * 909 */ 863 910 864 911 static int … … 1091 1138 } 1092 1139 /* issuerUniqueID [1] IMPLICIT BIT STRING OPTIONAL */ 1140 if (tbs->issuerUniqueID.length) { 1141 tbsc->issuerUniqueID = calloc(1, sizeof(*tbsc->issuerUniqueID)); 1142 if (tbsc->issuerUniqueID == NULL) { 1143 ret = ENOMEM; 1144 hx509_set_error_string(context, 0, ret, "Out of memory"); 1145 goto out; 1146 } 1147 ret = der_copy_bit_string(&tbs->issuerUniqueID, tbsc->issuerUniqueID); 1148 if (ret) { 1149 hx509_set_error_string(context, 0, ret, "Out of memory"); 1150 goto out; 1151 } 1152 } 1093 1153 /* subjectUniqueID [2] IMPLICIT BIT STRING OPTIONAL */ 1154 if (tbs->subjectUniqueID.length) { 1155 tbsc->subjectUniqueID = calloc(1, sizeof(*tbsc->subjectUniqueID)); 1156 if (tbsc->subjectUniqueID == NULL) { 1157 ret = ENOMEM; 1158 hx509_set_error_string(context, 0, ret, "Out of memory"); 1159 goto out; 1160 } 1161 1162 ret = der_copy_bit_string(&tbs->subjectUniqueID, tbsc->subjectUniqueID); 1163 if (ret) { 1164 hx509_set_error_string(context, 0, ret, "Out of memory"); 1165 goto out; 1166 } 1167 } 1168 1094 1169 /* extensions [3] EXPLICIT Extensions OPTIONAL */ 1095 1170 tbsc->extensions = calloc(1, sizeof(*tbsc->extensions)); … … 1194 1269 1195 1270 { 1196 SHA_CTX m; 1197 1198 SHA1_Init(&m); 1199 SHA1_Update(&m, tbs->spki.subjectPublicKey.data, 1200 tbs->spki.subjectPublicKey.length / 8); 1201 SHA1_Final (hash, &m); 1271 EVP_MD_CTX *ctx; 1272 1273 ctx = EVP_MD_CTX_create(); 1274 EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); 1275 EVP_DigestUpdate(ctx, tbs->spki.subjectPublicKey.data, 1276 tbs->spki.subjectPublicKey.length / 8); 1277 EVP_DigestFinal_ex(ctx, hash, NULL); 1278 EVP_MD_CTX_destroy(ctx); 1202 1279 } 1203 1280 -
trunk/server/source4/heimdal/lib/hx509/cert.c
r414 r745 284 284 } 285 285 if (size != len) { 286 free_Certificate(&t); 286 287 hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE, 287 288 "Extra data after certificate"); … … 310 311 { 311 312 if (cert->private_key) 312 _hx509_private_key_free(&cert->private_key);313 hx509_private_key_free(&cert->private_key); 313 314 cert->private_key = _hx509_private_key_ref(private_key); 314 315 return 0; … … 341 342 342 343 if (cert->private_key) 343 _hx509_private_key_free(&cert->private_key);344 hx509_private_key_free(&cert->private_key); 344 345 345 346 free_Certificate(cert->data); … … 446 447 if (ctx->trust_anchors) 447 448 hx509_certs_free(&ctx->trust_anchors); 448 ctx->trust_anchors = _hx509_certs_ref(set);449 ctx->trust_anchors = hx509_certs_ref(set); 449 450 } 450 451 … … 1023 1024 &cert->tbsCertificate.issuer, &diff); 1024 1025 *self_signed = (diff == 0); 1025 if (ret) 1026 if (ret) { 1026 1027 hx509_set_error_string(context, 0, ret, 1027 1028 "Failed to check if self signed"); 1029 } else 1030 ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm); 1031 1028 1032 return ret; 1029 1033 } … … 1507 1511 } 1508 1512 1513 static int 1514 get_x_unique_id(hx509_context context, const char *name, 1515 const heim_bit_string *cert, heim_bit_string *subject) 1516 { 1517 int ret; 1518 1519 if (cert == NULL) { 1520 ret = HX509_EXTENSION_NOT_FOUND; 1521 hx509_set_error_string(context, 0, ret, "%s unique id doesn't exists", name); 1522 return ret; 1523 } 1524 ret = der_copy_bit_string(cert, subject); 1525 if (ret) { 1526 hx509_set_error_string(context, 0, ret, "malloc out of memory", name); 1527 return ret; 1528 } 1529 return 0; 1530 } 1531 1532 /** 1533 * Get a copy of the Issuer Unique ID 1534 * 1535 * @param context a hx509_context 1536 * @param p a hx509 certificate 1537 * @param issuer the issuer id returned, free with der_free_bit_string() 1538 * 1539 * @return An hx509 error code, see hx509_get_error_string(). The 1540 * error code HX509_EXTENSION_NOT_FOUND is returned if the certificate 1541 * doesn't have a issuerUniqueID 1542 * 1543 * @ingroup hx509_cert 1544 */ 1545 1546 int 1547 hx509_cert_get_issuer_unique_id(hx509_context context, hx509_cert p, heim_bit_string *issuer) 1548 { 1549 return get_x_unique_id(context, "issuer", p->data->tbsCertificate.issuerUniqueID, issuer); 1550 } 1551 1552 /** 1553 * Get a copy of the Subect Unique ID 1554 * 1555 * @param context a hx509_context 1556 * @param p a hx509 certificate 1557 * @param subject the subject id returned, free with der_free_bit_string() 1558 * 1559 * @return An hx509 error code, see hx509_get_error_string(). The 1560 * error code HX509_EXTENSION_NOT_FOUND is returned if the certificate 1561 * doesn't have a subjectUniqueID 1562 * 1563 * @ingroup hx509_cert 1564 */ 1565 1566 int 1567 hx509_cert_get_subject_unique_id(hx509_context context, hx509_cert p, heim_bit_string *subject) 1568 { 1569 return get_x_unique_id(context, "subject", p->data->tbsCertificate.subjectUniqueID, subject); 1570 } 1571 1509 1572 1510 1573 hx509_private_key … … 1545 1608 } 1546 1609 1547 return _hx509_private_key_private_decrypt(context,1610 return hx509_private_key_private_decrypt(context, 1548 1611 ciphertext, 1549 1612 encryption_oid, … … 1553 1616 1554 1617 int 1555 _hx509_cert_public_encrypt(hx509_context context,1618 hx509_cert_public_encrypt(hx509_context context, 1556 1619 const heim_octet_string *cleartext, 1557 1620 const hx509_cert p, … … 1693 1756 const char *s; 1694 1757 size_t len1, len2; 1695 s = strchr(c->u.rfc822Name, '@');1758 s = memchr(c->u.rfc822Name.data, '@', c->u.rfc822Name.length); 1696 1759 if (s) { 1697 if ( strcasecmp(c->u.rfc822Name,n->u.rfc822Name) != 0)1760 if (der_printable_string_cmp(&c->u.rfc822Name, &n->u.rfc822Name) != 0) 1698 1761 return HX509_NAME_CONSTRAINT_ERROR; 1699 1762 } else { 1700 s = strchr(n->u.rfc822Name, '@');1763 s = memchr(n->u.rfc822Name.data, '@', n->u.rfc822Name.length); 1701 1764 if (s == NULL) 1702 1765 return HX509_NAME_CONSTRAINT_ERROR; 1703 len1 = strlen(c->u.rfc822Name); 1704 len2 = strlen(s + 1); 1766 len1 = c->u.rfc822Name.length; 1767 len2 = n->u.rfc822Name.length - 1768 (s - ((char *)n->u.rfc822Name.data)); 1705 1769 if (len1 > len2) 1706 1770 return HX509_NAME_CONSTRAINT_ERROR; 1707 if ( strcasecmp(s + 1 + len2 - len1, c->u.rfc822Name) != 0)1771 if (memcmp(s + 1 + len2 - len1, c->u.rfc822Name.data, len1) != 0) 1708 1772 return HX509_NAME_CONSTRAINT_ERROR; 1709 1773 if (len1 < len2 && s[len2 - len1 + 1] != '.') … … 1715 1779 case choice_GeneralName_dNSName: { 1716 1780 size_t lenc, lenn; 1717 1718 lenc = strlen(c->u.dNSName); 1719 lenn = strlen(n->u.dNSName); 1781 char *ptr; 1782 1783 lenc = c->u.dNSName.length; 1784 lenn = n->u.dNSName.length; 1720 1785 if (lenc > lenn) 1721 1786 return HX509_NAME_CONSTRAINT_ERROR; 1722 if (strcasecmp(&n->u.dNSName[lenn - lenc], c->u.dNSName) != 0) 1787 ptr = n->u.dNSName.data; 1788 if (memcmp(&ptr[lenn - lenc], c->u.dNSName.data, lenc) != 0) 1723 1789 return HX509_NAME_CONSTRAINT_ERROR; 1724 if (len c != lenn && n->u.dNSName[lenn - lenc - 1] != '.')1790 if (lenn != lenc && ptr[lenn - lenc - 1] != '.') 1725 1791 return HX509_NAME_CONSTRAINT_ERROR; 1726 1792 *match = 1; … … 1927 1993 */ 1928 1994 if (ctx->trust_anchors) 1929 anchors = _hx509_certs_ref(ctx->trust_anchors);1995 anchors = hx509_certs_ref(ctx->trust_anchors); 1930 1996 else if (context->default_trust_anchors && ALLOW_DEF_TA(ctx)) 1931 anchors = _hx509_certs_ref(context->default_trust_anchors);1997 anchors = hx509_certs_ref(context->default_trust_anchors); 1932 1998 else { 1933 1999 ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors); … … 2244 2310 2245 2311 for (i = path.len - 1; i >= 0; i--) { 2246 Certificate *signer, *c; 2312 hx509_cert signer; 2313 Certificate *c; 2247 2314 2248 2315 c = _hx509_get_cert(path.val[i]); … … 2252 2319 int selfsigned; 2253 2320 2254 signer = path.val[i] ->data;2255 2256 ret = certificate_is_self_signed(context, signer , &selfsigned);2321 signer = path.val[i]; 2322 2323 ret = certificate_is_self_signed(context, signer->data, &selfsigned); 2257 2324 if (ret) 2258 2325 goto out; … … 2263 2330 } else { 2264 2331 /* take next certificate in chain */ 2265 signer = path.val[i + 1] ->data;2332 signer = path.val[i + 1]; 2266 2333 } 2267 2334 … … 2327 2394 const heim_octet_string *sig) 2328 2395 { 2329 return _hx509_verify_signature(context, signer->data, alg, data, sig); 2330 } 2396 return _hx509_verify_signature(context, signer, alg, data, sig); 2397 } 2398 2399 int 2400 _hx509_verify_signature_bitstring(hx509_context context, 2401 const hx509_cert signer, 2402 const AlgorithmIdentifier *alg, 2403 const heim_octet_string *data, 2404 const heim_bit_string *sig) 2405 { 2406 heim_octet_string os; 2407 2408 if (sig->length & 7) { 2409 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, 2410 "signature not multiple of 8 bits"); 2411 return HX509_CRYPTO_SIG_INVALID_FORMAT; 2412 } 2413 2414 os.data = sig->data; 2415 os.length = sig->length / 8; 2416 2417 return _hx509_verify_signature(context, signer, alg, data, &os); 2418 } 2419 2331 2420 2332 2421 … … 2379 2468 for (j = 0; j < san.len; j++) { 2380 2469 switch (san.val[j].element) { 2381 case choice_GeneralName_dNSName: 2382 if (strcasecmp(san.val[j].u.dNSName, hostname) == 0) { 2470 case choice_GeneralName_dNSName: { 2471 heim_printable_string hn; 2472 hn.data = rk_UNCONST(hostname); 2473 hn.length = strlen(hostname); 2474 2475 if (der_printable_string_cmp(&san.val[j].u.dNSName, &hn) == 0) { 2383 2476 free_GeneralNames(&san); 2384 2477 return 0; 2385 2478 } 2386 2479 break; 2480 } 2387 2481 default: 2388 2482 break; … … 2402 2496 DirectoryString *ds = &n->value; 2403 2497 switch (ds->element) { 2404 case choice_DirectoryString_printableString: 2405 if (strcasecmp(ds->u.printableString, hostname) == 0) 2498 case choice_DirectoryString_printableString: { 2499 heim_printable_string hn; 2500 hn.data = rk_UNCONST(hostname); 2501 hn.length = strlen(hostname); 2502 2503 if (der_printable_string_cmp(&ds->u.printableString, &hn) == 0) 2406 2504 return 0; 2407 2505 break; 2408 case choice_DirectoryString_ia5String: 2409 if (strcasecmp(ds->u.ia5String, hostname) == 0) 2410 return 0; 2506 } 2507 case choice_DirectoryString_ia5String: { 2508 heim_ia5_string hn; 2509 hn.data = rk_UNCONST(hostname); 2510 hn.length = strlen(hostname); 2511 2512 if (der_ia5_string_cmp(&ds->u.ia5String, &hn) == 0) 2513 return 0; 2411 2514 break; 2515 } 2412 2516 case choice_DirectoryString_utf8String: 2413 2517 if (strcasecmp(ds->u.utf8String, hostname) == 0) … … 3228 3332 * @param c the certificate to encode. 3229 3333 * @param os the encode certificate, set to NULL, 0 on case of 3230 * error. Free the returned structurewith hx509_xfree().3334 * error. Free the os->data with hx509_xfree(). 3231 3335 * 3232 3336 * @return An hx509 error code, see hx509_get_error_string(). … … 3384 3488 heim_octet_string os, sig; 3385 3489 hx509_env envhash = NULL; 3386 char *buf;3387 3490 3388 3491 os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; … … 3430 3533 return ret; 3431 3534 } 3535 3536 /** 3537 * Print a simple representation of a certificate 3538 * 3539 * @param context A hx509 context, can be NULL 3540 * @param cert certificate to print 3541 * @param out the stdio output stream, if NULL, stdout is used 3542 * 3543 * @return An hx509 error code 3544 * 3545 * @ingroup hx509_cert 3546 */ 3547 3548 int 3549 hx509_print_cert(hx509_context context, hx509_cert cert, FILE *out) 3550 { 3551 hx509_name name; 3552 char *str; 3553 int ret; 3554 3555 if (out == NULL) 3556 out = stderr; 3557 3558 ret = hx509_cert_get_issuer(cert, &name); 3559 if (ret) 3560 return ret; 3561 hx509_name_to_string(name, &str); 3562 hx509_name_free(&name); 3563 fprintf(out, " issuer: \"%s\"\n", str); 3564 free(str); 3565 3566 ret = hx509_cert_get_subject(cert, &name); 3567 if (ret) 3568 return ret; 3569 hx509_name_to_string(name, &str); 3570 hx509_name_free(&name); 3571 fprintf(out, " subject: \"%s\"\n", str); 3572 free(str); 3573 3574 { 3575 heim_integer serialNumber; 3576 3577 ret = hx509_cert_get_serialnumber(cert, &serialNumber); 3578 if (ret) 3579 return ret; 3580 ret = der_print_hex_heim_integer(&serialNumber, &str); 3581 if (ret) 3582 return ret; 3583 der_free_heim_integer(&serialNumber); 3584 fprintf(out, " serial: %s\n", str); 3585 free(str); 3586 } 3587 3588 printf(" keyusage: "); 3589 ret = hx509_cert_keyusage_print(context, cert, &str); 3590 if (ret == 0) { 3591 fprintf(out, "%s\n", str); 3592 free(str); 3593 } else 3594 fprintf(out, "no"); 3595 3596 return 0; 3597 } -
trunk/server/source4/heimdal/lib/hx509/cms.c
r414 r745 533 533 * - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate 534 534 * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo 535 * - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number 535 536 * @param cert Certificate to encrypt the EnvelopedData encryption key 536 537 * with. … … 560 561 heim_octet_string key; 561 562 hx509_crypto crypto = NULL; 563 int ret, cmsidflag; 562 564 EnvelopedData ed; 563 565 size_t size; 564 int ret;565 566 566 567 memset(&ivec, 0, sizeof(ivec)); … … 649 650 ri = &ed.recipientInfos.val[0]; 650 651 651 ri->version = 0; 652 ret = fill_CMSIdentifier(cert, CMS_ID_SKI, &ri->rid); 652 if (flags & HX509_CMS_EV_ID_NAME) { 653 ri->version = 0; 654 cmsidflag = CMS_ID_NAME; 655 } else { 656 ri->version = 2; 657 cmsidflag = CMS_ID_SKI; 658 } 659 660 ret = fill_CMSIdentifier(cert, cmsidflag, &ri->rid); 653 661 if (ret) { 654 662 hx509_set_error_string(context, 0, ret, … … 658 666 } 659 667 660 ret = _hx509_cert_public_encrypt(context,668 ret = hx509_cert_public_encrypt(context, 661 669 &key, cert, 662 670 &ri->keyEncryptionAlgorithm.algorithm, … … 1171 1179 hx509_peer_info peer; 1172 1180 int cmsidflag; 1181 int leafonly; 1173 1182 hx509_certs certs; 1174 1183 hx509_certs anchors; … … 1361 1370 unsigned int i; 1362 1371 1363 if (sigctx->pool ) {1372 if (sigctx->pool && sigctx->leafonly == 0) { 1364 1373 _hx509_calculate_path(context, 1365 1374 HX509_CALCULATE_PATH_NO_ANCHOR, … … 1416 1425 } 1417 1426 1427 static int 1428 cmp_AlgorithmIdentifier(const AlgorithmIdentifier *p, const AlgorithmIdentifier *q) 1429 { 1430 return der_heim_oid_cmp(&p->algorithm, &q->algorithm); 1431 } 1432 1418 1433 int 1419 1434 hx509_cms_create_signed(hx509_context context, … … 1428 1443 heim_octet_string *signed_data) 1429 1444 { 1430 unsigned int i ;1445 unsigned int i, j; 1431 1446 hx509_name name; 1432 1447 int ret; … … 1455 1470 sigctx.cmsidflag = CMS_ID_SKI; 1456 1471 1457 ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &sigctx.certs); 1458 if (ret) 1459 return ret; 1472 /** 1473 * Use HX509_CMS_SIGNATURE_LEAF_ONLY to only request leaf 1474 * certificates to be added to the SignedData. 1475 */ 1476 sigctx.leafonly = (flags & HX509_CMS_SIGNATURE_LEAF_ONLY) ? 1 : 0; 1477 1478 /** 1479 * Use HX509_CMS_NO_CERTS to make the SignedData contain no 1480 * certificates, overrides HX509_CMS_SIGNATURE_LEAF_ONLY. 1481 */ 1482 1483 if ((flags & HX509_CMS_SIGNATURE_NO_CERTS) == 0) { 1484 ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &sigctx.certs); 1485 if (ret) 1486 return ret; 1487 } 1460 1488 1461 1489 sigctx.anchors = anchors; … … 1492 1520 */ 1493 1521 if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) { 1494 ret = hx509_certs_iter (context, certs, sig_process, &sigctx);1522 ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx); 1495 1523 if (ret) 1496 1524 goto out; … … 1498 1526 1499 1527 if (sigctx.sd.signerInfos.len) { 1500 ALLOC_SEQ(&sigctx.sd.digestAlgorithms, sigctx.sd.signerInfos.len);1501 if (sigctx.sd.digestAlgorithms.val == NULL) {1502 ret = ENOMEM;1503 hx509_clear_error_string(context);1504 goto out;1505 }1506 1507 /* XXX remove dups */1508 1528 for (i = 0; i < sigctx.sd.signerInfos.len; i++) { 1509 1529 AlgorithmIdentifier *di = 1510 1530 &sigctx.sd.signerInfos.val[i].digestAlgorithm; 1511 ret = copy_AlgorithmIdentifier(di, 1512 &sigctx.sd.digestAlgorithms.val[i]); 1513 if (ret) { 1514 hx509_clear_error_string(context); 1515 goto out; 1531 1532 for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++) 1533 if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0) 1534 break; 1535 if (j < sigctx.sd.digestAlgorithms.len) { 1536 ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di); 1537 if (ret) { 1538 hx509_clear_error_string(context); 1539 goto out; 1540 } 1516 1541 } 1517 1542 } … … 1526 1551 } 1527 1552 1528 ret = hx509_certs_iter (context, sigctx.certs, cert_process, &sigctx);1553 ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx); 1529 1554 if (ret) 1530 1555 goto out; -
trunk/server/source4/heimdal/lib/hx509/collector.c
r414 r745 106 106 free_AlgorithmIdentifier(&key->alg); 107 107 if (key->private_key) 108 _hx509_private_key_free(&key->private_key);108 hx509_private_key_free(&key->private_key); 109 109 der_free_octet_string(&key->localKeyId); 110 110 free(key); … … 144 144 key->private_key = private_key; 145 145 } else { 146 ret = _hx509_parse_private_key(context, alg,146 ret = hx509_parse_private_key(context, alg, 147 147 key_data->data, key_data->length, 148 HX509_KEY_FORMAT_DER, 148 149 &key->private_key); 149 150 if (ret) -
trunk/server/source4/heimdal/lib/hx509/crypto.c
r414 r745 54 54 int (*export)(hx509_context context, 55 55 const hx509_private_key, 56 hx509_key_format_t, 56 57 heim_octet_string *); 57 58 int (*import)(hx509_context, const AlgorithmIdentifier *, 58 const void *, size_t, hx509_private_key); 59 const void *, size_t, hx509_key_format_t, 60 hx509_private_key); 59 61 int (*generate_private_key)(hx509_context, 60 62 struct hx509_generate_private_context *, … … 88 90 const AlgorithmIdentifier *digest_alg; 89 91 int flags; 90 #define PROVIDE_CONF 1 91 #define REQUIRE_SIGNER 2 92 #define PROVIDE_CONF 0x1 93 #define REQUIRE_SIGNER 0x2 94 #define SELF_SIGNED_OK 0x4 92 95 93 96 #define SIG_DIGEST 0x100 … … 98 101 99 102 time_t best_before; /* refuse signature made after best before date */ 103 const EVP_MD *(*evp_md)(void); 100 104 int (*verify_signature)(hx509_context context, 101 105 const struct signature_alg *, … … 148 152 }; 149 153 150 static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };151 const AlgorithmIdentifier _hx509_signature_md2_data = {152 { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)153 };154 155 154 static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 }; 156 155 const AlgorithmIdentifier _hx509_signature_ecPublicKey = { … … 191 190 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = { 192 191 { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL 193 };194 195 static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };196 const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {197 { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL198 192 }; 199 193 … … 282 276 */ 283 277 284 if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp256r1) == 0)278 if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP256R1) == 0) 285 279 return NID_X9_62_prime256v1; 286 else if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp160r1) == 0)280 else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R1) == 0) 287 281 return NID_secp160r1; 288 else if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp160r2) == 0)282 else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R2) == 0) 289 283 return NID_secp160r2; 290 284 … … 369 363 spi = &signer->tbsCertificate.subjectPublicKeyInfo; 370 364 371 if (der_heim_oid_cmp(&spi->algorithm.algorithm, &asn1_oid_id_ecPublicKey) != 0)365 if (der_heim_oid_cmp(&spi->algorithm.algorithm, ASN1_OID_ID_ECPUBLICKEY) != 0) 372 366 return HX509_CRYPTO_SIG_INVALID_FORMAT; 373 367 … … 430 424 int ret; 431 425 432 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0)426 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0) 433 427 _hx509_abort("internal error passing private key to wrong ops"); 434 428 … … 550 544 int ret; 551 545 RSA *rsa; 552 RSAPublicKey pk;553 546 size_t size; 547 const unsigned char *p; 554 548 555 549 memset(&di, 0, sizeof(di)); … … 557 551 spi = &signer->tbsCertificate.subjectPublicKeyInfo; 558 552 559 rsa = RSA_new(); 553 p = spi->subjectPublicKey.data; 554 size = spi->subjectPublicKey.length / 8; 555 556 rsa = d2i_RSAPublicKey(NULL, &p, size); 560 557 if (rsa == NULL) { 561 hx509_set_error_string(context, 0, ENOMEM, "out of memory");562 return ENOMEM;563 }564 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,565 spi->subjectPublicKey.length / 8,566 &pk, &size);567 if (ret) {568 hx509_set_error_string(context, 0, ret, "Failed to decode RSAPublicKey");569 goto out;570 }571 572 rsa->n = heim_int2BN(&pk.modulus);573 rsa->e = heim_int2BN(&pk.publicExponent);574 575 free_RSAPublicKey(&pk);576 577 if (rsa->n == NULL || rsa->e == NULL) {578 558 ret = ENOMEM; 579 559 hx509_set_error_string(context, 0, ret, "out of memory"); … … 642 622 } else { 643 623 if (retsize != data->length || 644 memcmp(to, data->data, retsize) != 0)624 ct_memcmp(to, data->data, retsize) != 0) 645 625 { 646 626 ret = HX509_CRYPTO_SIG_INVALID_FORMAT; … … 650 630 free(to); 651 631 } 632 ret = 0; 652 633 653 634 out: 654 635 free_DigestInfo(&di); 655 RSA_free(rsa); 636 if (rsa) 637 RSA_free(rsa); 656 638 return ret; 657 639 } … … 672 654 int ret; 673 655 674 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) != 0)656 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) 675 657 return HX509_ALG_NOT_SUPP; 676 658 … … 680 662 sig_oid = signer->signature_alg; 681 663 682 if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_sha256WithRSAEncryption) == 0) { 664 if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION) == 0) { 665 digest_alg = hx509_signature_sha512(); 666 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION) == 0) { 667 digest_alg = hx509_signature_sha384(); 668 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION) == 0) { 683 669 digest_alg = hx509_signature_sha256(); 684 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_sha1WithRSAEncryption) == 0) {670 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION) == 0) { 685 671 digest_alg = hx509_signature_sha1(); 686 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_md5WithRSAEncryption) == 0) {672 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) { 687 673 digest_alg = hx509_signature_md5(); 688 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_md5WithRSAEncryption) == 0) {674 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) { 689 675 digest_alg = hx509_signature_md5(); 690 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_dsa_with_sha1) == 0) {676 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_DSA_WITH_SHA1) == 0) { 691 677 digest_alg = hx509_signature_sha1(); 692 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0) {678 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) { 693 679 digest_alg = hx509_signature_sha1(); 694 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_heim_rsa_pkcs1_x509) == 0) {680 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_HEIM_RSA_PKCS1_X509) == 0) { 695 681 digest_alg = NULL; 696 682 } else … … 751 737 ret = HX509_CMS_FAILED_CREATE_SIGATURE; 752 738 hx509_set_error_string(context, 0, ret, 753 "RSA private decrypt failed: %d", ret);739 "RSA private encrypt failed: %d", ret); 754 740 return ret; 755 741 } … … 767 753 const void *data, 768 754 size_t len, 755 hx509_key_format_t format, 769 756 hx509_private_key private_key) 770 757 { 771 const unsigned char *p = data; 772 773 private_key->private_key.rsa = 774 d2i_RSAPrivateKey(NULL, &p, len); 775 if (private_key->private_key.rsa == NULL) { 776 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, 777 "Failed to parse RSA key"); 778 return HX509_PARSING_KEY_FAILED; 779 } 780 private_key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption; 758 switch (format) { 759 case HX509_KEY_FORMAT_DER: { 760 const unsigned char *p = data; 761 762 private_key->private_key.rsa = 763 d2i_RSAPrivateKey(NULL, &p, len); 764 if (private_key->private_key.rsa == NULL) { 765 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, 766 "Failed to parse RSA key"); 767 return HX509_PARSING_KEY_FAILED; 768 } 769 private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; 770 break; 771 772 } 773 default: 774 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; 775 } 781 776 782 777 return 0; … … 801 796 spki->subjectPublicKey.length = len * 8; 802 797 803 ret = set_digest_alg(&spki->algorithm, &asn1_oid_id_pkcs1_rsaEncryption,798 ret = set_digest_alg(&spki->algorithm, ASN1_OID_ID_PKCS1_RSAENCRYPTION, 804 799 "\x05\x00", 2); 805 800 if (ret) { … … 829 824 830 825 static const int default_rsa_e = 65537; 831 static const int default_rsa_bits = 1024;826 static const int default_rsa_bits = 2048; 832 827 833 828 private_key->private_key.rsa = RSA_new(); … … 845 840 if (ctx->num_bits) 846 841 bits = ctx->num_bits; 847 else if (ctx->isCA)848 bits *= 2;849 842 850 843 ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL); … … 855 848 return HX509_PARSING_KEY_FAILED; 856 849 } 857 private_key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption;850 private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; 858 851 859 852 return 0; … … 863 856 rsa_private_key_export(hx509_context context, 864 857 const hx509_private_key key, 858 hx509_key_format_t format, 865 859 heim_octet_string *data) 866 860 { … … 870 864 data->length = 0; 871 865 872 ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL); 873 if (ret <= 0) { 874 ret = EINVAL; 875 hx509_set_error_string(context, 0, ret, 866 switch (format) { 867 case HX509_KEY_FORMAT_DER: 868 869 ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL); 870 if (ret <= 0) { 871 ret = EINVAL; 872 hx509_set_error_string(context, 0, ret, 876 873 "Private key is not exportable"); 877 return ret; 878 } 879 880 data->data = malloc(ret); 881 if (data->data == NULL) { 882 ret = ENOMEM; 883 hx509_set_error_string(context, 0, ret, "malloc out of memory"); 884 return ret; 885 } 886 data->length = ret; 887 888 { 889 unsigned char *p = data->data; 890 i2d_RSAPrivateKey(key->private_key.rsa, &p); 874 return ret; 875 } 876 877 data->data = malloc(ret); 878 if (data->data == NULL) { 879 ret = ENOMEM; 880 hx509_set_error_string(context, 0, ret, "malloc out of memory"); 881 return ret; 882 } 883 data->length = ret; 884 885 { 886 unsigned char *p = data->data; 887 i2d_RSAPrivateKey(key->private_key.rsa, &p); 888 } 889 break; 890 default: 891 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; 891 892 } 892 893 … … 911 912 static hx509_private_key_ops rsa_private_key_ops = { 912 913 "RSA PRIVATE KEY", 913 &asn1_oid_id_pkcs1_rsaEncryption,914 ASN1_OID_ID_PKCS1_RSAENCRYPTION, 914 915 NULL, 915 916 rsa_private_key2SPKI, … … 934 935 ecdsa_private_key_export(hx509_context context, 935 936 const hx509_private_key key, 937 hx509_key_format_t format, 936 938 heim_octet_string *data) 937 939 { 938 return ENOMEM;940 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; 939 941 } 940 942 … … 944 946 const void *data, 945 947 size_t len, 948 hx509_key_format_t format, 946 949 hx509_private_key private_key) 947 950 { … … 978 981 } 979 982 980 private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len); 981 if (private_key->private_key.ecdsa == NULL) { 982 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, 983 "Failed to parse EC private key"); 984 return HX509_PARSING_KEY_FAILED; 985 } 986 private_key->signature_alg = &asn1_oid_id_ecdsa_with_SHA256; 983 switch (format) { 984 case HX509_KEY_FORMAT_DER: 985 986 private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len); 987 if (private_key->private_key.ecdsa == NULL) { 988 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, 989 "Failed to parse EC private key"); 990 return HX509_PARSING_KEY_FAILED; 991 } 992 private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256; 993 break; 994 995 default: 996 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; 997 } 987 998 988 999 return 0; … … 1008 1019 static hx509_private_key_ops ecdsa_private_key_ops = { 1009 1020 "EC PRIVATE KEY", 1010 &asn1_oid_id_ecPublicKey,1021 ASN1_OID_ID_ECPUBLICKEY, 1011 1022 ecdsa_available, 1012 1023 ecdsa_private_key2SPKI, … … 1121 1132 if (private_key->private_key.dsa == NULL) 1122 1133 return EINVAL; 1123 private_key->signature_alg = &asn1_oid_id_dsa_with_sha1;1134 private_key->signature_alg = ASN1_OID_ID_DSA_WITH_SHA1; 1124 1135 1125 1136 return 0; … … 1131 1142 #endif 1132 1143 1133 1134 1144 static int 1135 sha1_verify_signature(hx509_context context, 1136 const struct signature_alg *sig_alg, 1137 const Certificate *signer, 1138 const AlgorithmIdentifier *alg, 1139 const heim_octet_string *data, 1140 const heim_octet_string *sig) 1141 { 1142 unsigned char digest[SHA_DIGEST_LENGTH]; 1143 SHA_CTX m; 1144 1145 if (sig->length != SHA_DIGEST_LENGTH) { 1146 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, 1147 "SHA1 sigature have wrong length"); 1148 return HX509_CRYPTO_SIG_INVALID_FORMAT; 1149 } 1150 1151 SHA1_Init(&m); 1152 SHA1_Update(&m, data->data, data->length); 1153 SHA1_Final (digest, &m); 1154 1155 if (memcmp(digest, sig->data, SHA_DIGEST_LENGTH) != 0) { 1156 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, 1157 "Bad SHA1 sigature"); 1158 return HX509_CRYPTO_BAD_SIGNATURE; 1159 } 1160 1161 return 0; 1162 } 1163 1164 static int 1165 sha256_create_signature(hx509_context context, 1145 evp_md_create_signature(hx509_context context, 1166 1146 const struct signature_alg *sig_alg, 1167 1147 const hx509_private_key signer, … … 1171 1151 heim_octet_string *sig) 1172 1152 { 1173 SHA256_CTX m; 1153 size_t sigsize = EVP_MD_size(sig_alg->evp_md()); 1154 EVP_MD_CTX *ctx; 1174 1155 1175 1156 memset(sig, 0, sizeof(*sig)); … … 1184 1165 1185 1166 1186 sig->data = malloc( SHA256_DIGEST_LENGTH);1167 sig->data = malloc(sigsize); 1187 1168 if (sig->data == NULL) { 1188 1169 sig->length = 0; 1189 1170 return ENOMEM; 1190 1171 } 1191 sig->length = SHA256_DIGEST_LENGTH; 1192 1193 SHA256_Init(&m); 1194 SHA256_Update(&m, data->data, data->length); 1195 SHA256_Final (sig->data, &m); 1172 sig->length = sigsize; 1173 1174 ctx = EVP_MD_CTX_create(); 1175 EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL); 1176 EVP_DigestUpdate(ctx, data->data, data->length); 1177 EVP_DigestFinal_ex(ctx, sig->data, NULL); 1178 EVP_MD_CTX_destroy(ctx); 1179 1196 1180 1197 1181 return 0; … … 1199 1183 1200 1184 static int 1201 sha256_verify_signature(hx509_context context,1185 evp_md_verify_signature(hx509_context context, 1202 1186 const struct signature_alg *sig_alg, 1203 1187 const Certificate *signer, … … 1206 1190 const heim_octet_string *sig) 1207 1191 { 1208 unsigned char digest[SHA256_DIGEST_LENGTH]; 1209 SHA256_CTX m; 1210 1211 if (sig->length != SHA256_DIGEST_LENGTH) { 1192 unsigned char digest[EVP_MAX_MD_SIZE]; 1193 EVP_MD_CTX *ctx; 1194 size_t sigsize = EVP_MD_size(sig_alg->evp_md()); 1195 1196 if (sig->length != sigsize || sigsize > sizeof(digest)) { 1212 1197 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, 1213 1198 "SHA256 sigature have wrong length"); … … 1215 1200 } 1216 1201 1217 SHA256_Init(&m); 1218 SHA256_Update(&m, data->data, data->length); 1219 SHA256_Final (digest, &m); 1220 1221 if (memcmp(digest, sig->data, SHA256_DIGEST_LENGTH) != 0) { 1202 ctx = EVP_MD_CTX_create(); 1203 EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL); 1204 EVP_DigestUpdate(ctx, data->data, data->length); 1205 EVP_DigestFinal_ex(ctx, digest, NULL); 1206 EVP_MD_CTX_destroy(ctx); 1207 1208 if (ct_memcmp(digest, sig->data, sigsize) != 0) { 1222 1209 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, 1223 "Bad SHA256 sigature"); 1224 return HX509_CRYPTO_BAD_SIGNATURE; 1225 } 1226 1227 return 0; 1228 } 1229 1230 static int 1231 sha1_create_signature(hx509_context context, 1232 const struct signature_alg *sig_alg, 1233 const hx509_private_key signer, 1234 const AlgorithmIdentifier *alg, 1235 const heim_octet_string *data, 1236 AlgorithmIdentifier *signatureAlgorithm, 1237 heim_octet_string *sig) 1238 { 1239 SHA_CTX m; 1240 1241 memset(sig, 0, sizeof(*sig)); 1242 1243 if (signatureAlgorithm) { 1244 int ret; 1245 ret = set_digest_alg(signatureAlgorithm, sig_alg->sig_oid, 1246 "\x05\x00", 2); 1247 if (ret) 1248 return ret; 1249 } 1250 1251 1252 sig->data = malloc(SHA_DIGEST_LENGTH); 1253 if (sig->data == NULL) { 1254 sig->length = 0; 1255 return ENOMEM; 1256 } 1257 sig->length = SHA_DIGEST_LENGTH; 1258 1259 SHA1_Init(&m); 1260 SHA1_Update(&m, data->data, data->length); 1261 SHA1_Final (sig->data, &m); 1262 1263 return 0; 1264 } 1265 1266 static int 1267 md5_verify_signature(hx509_context context, 1268 const struct signature_alg *sig_alg, 1269 const Certificate *signer, 1270 const AlgorithmIdentifier *alg, 1271 const heim_octet_string *data, 1272 const heim_octet_string *sig) 1273 { 1274 unsigned char digest[MD5_DIGEST_LENGTH]; 1275 MD5_CTX m; 1276 1277 if (sig->length != MD5_DIGEST_LENGTH) { 1278 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, 1279 "MD5 sigature have wrong length"); 1280 return HX509_CRYPTO_SIG_INVALID_FORMAT; 1281 } 1282 1283 MD5_Init(&m); 1284 MD5_Update(&m, data->data, data->length); 1285 MD5_Final (digest, &m); 1286 1287 if (memcmp(digest, sig->data, MD5_DIGEST_LENGTH) != 0) { 1288 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, 1289 "Bad MD5 sigature"); 1290 return HX509_CRYPTO_BAD_SIGNATURE; 1291 } 1292 1293 return 0; 1294 } 1295 1296 static int 1297 md2_verify_signature(hx509_context context, 1298 const struct signature_alg *sig_alg, 1299 const Certificate *signer, 1300 const AlgorithmIdentifier *alg, 1301 const heim_octet_string *data, 1302 const heim_octet_string *sig) 1303 { 1304 unsigned char digest[MD2_DIGEST_LENGTH]; 1305 MD2_CTX m; 1306 1307 if (sig->length != MD2_DIGEST_LENGTH) { 1308 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, 1309 "MD2 sigature have wrong length"); 1310 return HX509_CRYPTO_SIG_INVALID_FORMAT; 1311 } 1312 1313 MD2_Init(&m); 1314 MD2_Update(&m, data->data, data->length); 1315 MD2_Final (digest, &m); 1316 1317 if (memcmp(digest, sig->data, MD2_DIGEST_LENGTH) != 0) { 1318 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, 1319 "Bad MD2 sigature"); 1210 "Bad %s sigature", sig_alg->name); 1320 1211 return HX509_CRYPTO_BAD_SIGNATURE; 1321 1212 } … … 1328 1219 static const struct signature_alg ecdsa_with_sha256_alg = { 1329 1220 "ecdsa-with-sha256", 1330 &asn1_oid_id_ecdsa_with_SHA256,1221 ASN1_OID_ID_ECDSA_WITH_SHA256, 1331 1222 &_hx509_signature_ecdsa_with_sha256_data, 1332 &asn1_oid_id_ecPublicKey,1223 ASN1_OID_ID_ECPUBLICKEY, 1333 1224 &_hx509_signature_sha256_data, 1334 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG ,1225 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 1335 1226 0, 1227 NULL, 1336 1228 ecdsa_verify_signature, 1337 1229 ecdsa_create_signature, … … 1341 1233 static const struct signature_alg ecdsa_with_sha1_alg = { 1342 1234 "ecdsa-with-sha1", 1343 &asn1_oid_id_ecdsa_with_SHA1,1235 ASN1_OID_ID_ECDSA_WITH_SHA1, 1344 1236 &_hx509_signature_ecdsa_with_sha1_data, 1345 &asn1_oid_id_ecPublicKey,1237 ASN1_OID_ID_ECPUBLICKEY, 1346 1238 &_hx509_signature_sha1_data, 1347 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG ,1239 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 1348 1240 0, 1241 NULL, 1349 1242 ecdsa_verify_signature, 1350 1243 ecdsa_create_signature, … … 1356 1249 static const struct signature_alg heim_rsa_pkcs1_x509 = { 1357 1250 "rsa-pkcs1-x509", 1358 &asn1_oid_id_heim_rsa_pkcs1_x509,1251 ASN1_OID_ID_HEIM_RSA_PKCS1_X509, 1359 1252 &_hx509_signature_rsa_pkcs1_x509_data, 1360 &asn1_oid_id_pkcs1_rsaEncryption,1253 ASN1_OID_ID_PKCS1_RSAENCRYPTION, 1361 1254 NULL, 1362 1255 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, 1363 1256 0, 1257 NULL, 1364 1258 rsa_verify_signature, 1365 1259 rsa_create_signature … … 1368 1262 static const struct signature_alg pkcs1_rsa_sha1_alg = { 1369 1263 "rsa", 1370 &asn1_oid_id_pkcs1_rsaEncryption,1264 ASN1_OID_ID_PKCS1_RSAENCRYPTION, 1371 1265 &_hx509_signature_rsa_with_sha1_data, 1372 &asn1_oid_id_pkcs1_rsaEncryption,1266 ASN1_OID_ID_PKCS1_RSAENCRYPTION, 1373 1267 NULL, 1374 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG ,1268 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 1375 1269 0, 1270 NULL, 1376 1271 rsa_verify_signature, 1377 1272 rsa_create_signature 1378 1273 }; 1379 1274 1275 static const struct signature_alg rsa_with_sha512_alg = { 1276 "rsa-with-sha512", 1277 ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION, 1278 &_hx509_signature_rsa_with_sha512_data, 1279 ASN1_OID_ID_PKCS1_RSAENCRYPTION, 1280 &_hx509_signature_sha512_data, 1281 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 1282 0, 1283 NULL, 1284 rsa_verify_signature, 1285 rsa_create_signature 1286 }; 1287 1288 static const struct signature_alg rsa_with_sha384_alg = { 1289 "rsa-with-sha384", 1290 ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION, 1291 &_hx509_signature_rsa_with_sha384_data, 1292 ASN1_OID_ID_PKCS1_RSAENCRYPTION, 1293 &_hx509_signature_sha384_data, 1294 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 1295 0, 1296 NULL, 1297 rsa_verify_signature, 1298 rsa_create_signature 1299 }; 1300 1380 1301 static const struct signature_alg rsa_with_sha256_alg = { 1381 1302 "rsa-with-sha256", 1382 &asn1_oid_id_pkcs1_sha256WithRSAEncryption,1303 ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION, 1383 1304 &_hx509_signature_rsa_with_sha256_data, 1384 &asn1_oid_id_pkcs1_rsaEncryption,1305 ASN1_OID_ID_PKCS1_RSAENCRYPTION, 1385 1306 &_hx509_signature_sha256_data, 1386 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG ,1307 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 1387 1308 0, 1309 NULL, 1388 1310 rsa_verify_signature, 1389 1311 rsa_create_signature … … 1392 1314 static const struct signature_alg rsa_with_sha1_alg = { 1393 1315 "rsa-with-sha1", 1394 &asn1_oid_id_pkcs1_sha1WithRSAEncryption,1316 ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION, 1395 1317 &_hx509_signature_rsa_with_sha1_data, 1396 &asn1_oid_id_pkcs1_rsaEncryption,1318 ASN1_OID_ID_PKCS1_RSAENCRYPTION, 1397 1319 &_hx509_signature_sha1_data, 1398 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG ,1320 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 1399 1321 0, 1322 NULL, 1400 1323 rsa_verify_signature, 1401 1324 rsa_create_signature 1402 1325 }; 1403 1326 1327 static const struct signature_alg rsa_with_sha1_alg_secsig = { 1328 "rsa-with-sha1", 1329 ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION, 1330 &_hx509_signature_rsa_with_sha1_data, 1331 ASN1_OID_ID_PKCS1_RSAENCRYPTION, 1332 &_hx509_signature_sha1_data, 1333 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 1334 0, 1335 NULL, 1336 rsa_verify_signature, 1337 rsa_create_signature 1338 }; 1339 1404 1340 static const struct signature_alg rsa_with_md5_alg = { 1405 1341 "rsa-with-md5", 1406 &asn1_oid_id_pkcs1_md5WithRSAEncryption,1342 ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION, 1407 1343 &_hx509_signature_rsa_with_md5_data, 1408 &asn1_oid_id_pkcs1_rsaEncryption,1344 ASN1_OID_ID_PKCS1_RSAENCRYPTION, 1409 1345 &_hx509_signature_md5_data, 1410 1346 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, 1411 1347 1230739889, 1348 NULL, 1412 1349 rsa_verify_signature, 1413 1350 rsa_create_signature 1414 1351 }; 1415 1352 1416 static const struct signature_alg rsa_with_md2_alg = {1417 "rsa-with-md2",1418 &asn1_oid_id_pkcs1_md2WithRSAEncryption,1419 &_hx509_signature_rsa_with_md2_data,1420 &asn1_oid_id_pkcs1_rsaEncryption,1421 &_hx509_signature_md2_data,1422 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,1423 1230739889,1424 rsa_verify_signature,1425 rsa_create_signature1426 };1427 1428 1353 static const struct signature_alg dsa_sha1_alg = { 1429 1354 "dsa-with-sha1", 1430 &asn1_oid_id_dsa_with_sha1,1355 ASN1_OID_ID_DSA_WITH_SHA1, 1431 1356 NULL, 1432 &asn1_oid_id_dsa,1357 ASN1_OID_ID_DSA, 1433 1358 &_hx509_signature_sha1_data, 1434 1359 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, 1435 1360 0, 1361 NULL, 1436 1362 dsa_verify_signature, 1437 1363 /* create_signature */ NULL, 1438 1364 }; 1439 1365 1366 static const struct signature_alg sha512_alg = { 1367 "sha-512", 1368 ASN1_OID_ID_SHA512, 1369 &_hx509_signature_sha512_data, 1370 NULL, 1371 NULL, 1372 SIG_DIGEST, 1373 0, 1374 EVP_sha512, 1375 evp_md_verify_signature, 1376 evp_md_create_signature 1377 }; 1378 1379 static const struct signature_alg sha384_alg = { 1380 "sha-384", 1381 ASN1_OID_ID_SHA512, 1382 &_hx509_signature_sha384_data, 1383 NULL, 1384 NULL, 1385 SIG_DIGEST, 1386 0, 1387 EVP_sha384, 1388 evp_md_verify_signature, 1389 evp_md_create_signature 1390 }; 1391 1440 1392 static const struct signature_alg sha256_alg = { 1441 1393 "sha-256", 1442 &asn1_oid_id_sha256,1394 ASN1_OID_ID_SHA256, 1443 1395 &_hx509_signature_sha256_data, 1444 1396 NULL, … … 1446 1398 SIG_DIGEST, 1447 1399 0, 1448 sha256_verify_signature, 1449 sha256_create_signature 1400 EVP_sha256, 1401 evp_md_verify_signature, 1402 evp_md_create_signature 1450 1403 }; 1451 1404 1452 1405 static const struct signature_alg sha1_alg = { 1453 1406 "sha1", 1454 &asn1_oid_id_secsig_sha_1,1407 ASN1_OID_ID_SECSIG_SHA_1, 1455 1408 &_hx509_signature_sha1_data, 1456 1409 NULL, … … 1458 1411 SIG_DIGEST, 1459 1412 0, 1460 sha1_verify_signature, 1461 sha1_create_signature 1413 EVP_sha1, 1414 evp_md_verify_signature, 1415 evp_md_create_signature 1462 1416 }; 1463 1417 1464 1418 static const struct signature_alg md5_alg = { 1465 1419 "rsa-md5", 1466 &asn1_oid_id_rsa_digest_md5,1420 ASN1_OID_ID_RSA_DIGEST_MD5, 1467 1421 &_hx509_signature_md5_data, 1468 1422 NULL, … … 1470 1424 SIG_DIGEST, 1471 1425 0, 1472 md5_verify_signature 1473 }; 1474 1475 static const struct signature_alg md2_alg = { 1476 "rsa-md2", 1477 &asn1_oid_id_rsa_digest_md2, 1478 &_hx509_signature_md2_data, 1479 NULL, 1480 NULL, 1481 SIG_DIGEST, 1482 0, 1483 md2_verify_signature 1426 EVP_md5, 1427 evp_md_verify_signature, 1428 NULL 1484 1429 }; 1485 1430 … … 1494 1439 &ecdsa_with_sha1_alg, 1495 1440 #endif 1441 &rsa_with_sha512_alg, 1442 &rsa_with_sha384_alg, 1496 1443 &rsa_with_sha256_alg, 1497 1444 &rsa_with_sha1_alg, 1445 &rsa_with_sha1_alg_secsig, 1498 1446 &pkcs1_rsa_sha1_alg, 1499 1447 &rsa_with_md5_alg, 1500 &rsa_with_md2_alg,1501 1448 &heim_rsa_pkcs1_x509, 1502 1449 &dsa_sha1_alg, 1450 &sha512_alg, 1451 &sha384_alg, 1503 1452 &sha256_alg, 1504 1453 &sha1_alg, 1505 1454 &md5_alg, 1506 &md2_alg,1507 1455 NULL 1508 1456 }; … … 1559 1507 }; 1560 1508 1561 statichx509_private_key_ops *1562 find_private_alg(const heim_oid *oid)1509 hx509_private_key_ops * 1510 hx509_find_private_alg(const heim_oid *oid) 1563 1511 { 1564 1512 int i; … … 1599 1547 1600 1548 int 1601 _hx509_verify_signature(hx509_context context, 1602 const Certificate *signer, 1603 const AlgorithmIdentifier *alg, 1604 const heim_octet_string *data, 1605 const heim_octet_string *sig) 1549 _hx509_self_signed_valid(hx509_context context, 1550 const AlgorithmIdentifier *alg) 1606 1551 { 1607 1552 const struct signature_alg *md; … … 1612 1557 return HX509_SIG_ALG_NO_SUPPORTED; 1613 1558 } 1559 if ((md->flags & SELF_SIGNED_OK) == 0) { 1560 hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE, 1561 "Algorithm %s not trusted for self signatures", 1562 md->name); 1563 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; 1564 } 1565 return 0; 1566 } 1567 1568 1569 int 1570 _hx509_verify_signature(hx509_context context, 1571 const hx509_cert cert, 1572 const AlgorithmIdentifier *alg, 1573 const heim_octet_string *data, 1574 const heim_octet_string *sig) 1575 { 1576 const struct signature_alg *md; 1577 const Certificate *signer = NULL; 1578 1579 if (cert) 1580 signer = _hx509_get_cert(cert); 1581 1582 md = find_sig_alg(&alg->algorithm); 1583 if (md == NULL) { 1584 hx509_clear_error_string(context); 1585 return HX509_SIG_ALG_NO_SUPPORTED; 1586 } 1614 1587 if (signer && (md->flags & PROVIDE_CONF) == 0) { 1615 1588 hx509_clear_error_string(context); … … 1630 1603 } 1631 1604 return (*md->verify_signature)(context, md, signer, alg, data, sig); 1632 }1633 1634 int1635 _hx509_verify_signature_bitstring(hx509_context context,1636 const Certificate *signer,1637 const AlgorithmIdentifier *alg,1638 const heim_octet_string *data,1639 const heim_bit_string *sig)1640 {1641 heim_octet_string os;1642 1643 if (sig->length & 7) {1644 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,1645 "signature not multiple of 8 bits");1646 return HX509_CRYPTO_SIG_INVALID_FORMAT;1647 }1648 1649 os.data = sig->data;1650 os.length = sig->length / 8;1651 1652 return _hx509_verify_signature(context, signer, alg, data, &os);1653 1605 } 1654 1606 … … 1712 1664 int ret; 1713 1665 RSA *rsa; 1714 RSAPublicKey pk;1715 1666 size_t size; 1667 const unsigned char *p; 1716 1668 1717 1669 ciphertext->data = NULL; … … 1720 1672 spi = &cert->tbsCertificate.subjectPublicKeyInfo; 1721 1673 1722 rsa = RSA_new(); 1674 p = spi->subjectPublicKey.data; 1675 size = spi->subjectPublicKey.length / 8; 1676 1677 rsa = d2i_RSAPublicKey(NULL, &p, size); 1723 1678 if (rsa == NULL) { 1724 hx509_set_error_string(context, 0, ENOMEM, "out of memory");1725 return ENOMEM;1726 }1727 1728 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,1729 spi->subjectPublicKey.length / 8,1730 &pk, &size);1731 if (ret) {1732 RSA_free(rsa);1733 hx509_set_error_string(context, 0, ret, "RSAPublicKey decode failure");1734 return ret;1735 }1736 rsa->n = heim_int2BN(&pk.modulus);1737 rsa->e = heim_int2BN(&pk.publicExponent);1738 1739 free_RSAPublicKey(&pk);1740 1741 if (rsa->n == NULL || rsa->e == NULL) {1742 RSA_free(rsa);1743 1679 hx509_set_error_string(context, 0, ENOMEM, "out of memory"); 1744 1680 return ENOMEM; … … 1769 1705 ciphertext->data = to; 1770 1706 1771 ret = der_copy_oid( &asn1_oid_id_pkcs1_rsaEncryption, encryption_oid);1707 ret = der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION, encryption_oid); 1772 1708 if (ret) { 1773 1709 der_free_octet_string(ciphertext); … … 1780 1716 1781 1717 int 1782 _hx509_private_key_private_decrypt(hx509_context context,1718 hx509_private_key_private_decrypt(hx509_context context, 1783 1719 const heim_octet_string *ciphertext, 1784 1720 const heim_oid *encryption_oid, … … 1823 1759 1824 1760 int 1825 _hx509_parse_private_key(hx509_context context,1761 hx509_parse_private_key(hx509_context context, 1826 1762 const AlgorithmIdentifier *keyai, 1827 1763 const void *data, 1828 1764 size_t len, 1765 hx509_key_format_t format, 1829 1766 hx509_private_key *private_key) 1830 1767 { … … 1834 1771 *private_key = NULL; 1835 1772 1836 ops = find_private_alg(&keyai->algorithm);1773 ops = hx509_find_private_alg(&keyai->algorithm); 1837 1774 if (ops == NULL) { 1838 1775 hx509_clear_error_string(context); … … 1840 1777 } 1841 1778 1842 ret = _hx509_private_key_init(private_key, ops, NULL);1779 ret = hx509_private_key_init(private_key, ops, NULL); 1843 1780 if (ret) { 1844 1781 hx509_set_error_string(context, 0, ret, "out of memory"); … … 1846 1783 } 1847 1784 1848 ret = (*ops->import)(context, keyai, data, len, *private_key);1785 ret = (*ops->import)(context, keyai, data, len, format, *private_key); 1849 1786 if (ret) 1850 _hx509_private_key_free(private_key);1787 hx509_private_key_free(private_key); 1851 1788 1852 1789 return ret; … … 1858 1795 1859 1796 int 1860 _hx509_private_key2SPKI(hx509_context context,1797 hx509_private_key2SPKI(hx509_context context, 1861 1798 hx509_private_key private_key, 1862 1799 SubjectPublicKeyInfo *spki) … … 1878 1815 *ctx = NULL; 1879 1816 1880 if (der_heim_oid_cmp(oid, &asn1_oid_id_pkcs1_rsaEncryption) != 0) {1817 if (der_heim_oid_cmp(oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) { 1881 1818 hx509_set_error_string(context, 0, EINVAL, 1882 1819 "private key not an RSA key"); … … 1929 1866 *private_key = NULL; 1930 1867 1931 ops = find_private_alg(ctx->key_oid);1868 ops = hx509_find_private_alg(ctx->key_oid); 1932 1869 if (ops == NULL) { 1933 1870 hx509_clear_error_string(context); … … 1935 1872 } 1936 1873 1937 ret = _hx509_private_key_init(private_key, ops, NULL);1874 ret = hx509_private_key_init(private_key, ops, NULL); 1938 1875 if (ret) { 1939 1876 hx509_set_error_string(context, 0, ret, "out of memory"); … … 1943 1880 ret = (*ops->generate_private_key)(context, ctx, *private_key); 1944 1881 if (ret) 1945 _hx509_private_key_free(private_key);1882 hx509_private_key_free(private_key); 1946 1883 1947 1884 return ret; … … 1973 1910 1974 1911 const AlgorithmIdentifier * 1975 hx509_signature_md2(void)1976 { return &_hx509_signature_md2_data; }1977 1978 const AlgorithmIdentifier *1979 1912 hx509_signature_ecPublicKey(void) 1980 1913 { return &_hx509_signature_ecPublicKey; } … … 2007 1940 hx509_signature_rsa_with_md5(void) 2008 1941 { return &_hx509_signature_rsa_with_md5_data; } 2009 2010 const AlgorithmIdentifier *2011 hx509_signature_rsa_with_md2(void)2012 { return &_hx509_signature_rsa_with_md2_data; }2013 1942 2014 1943 const AlgorithmIdentifier * … … 2048 1977 2049 1978 int 2050 _hx509_private_key_init(hx509_private_key *key,1979 hx509_private_key_init(hx509_private_key *key, 2051 1980 hx509_private_key_ops *ops, 2052 1981 void *keydata) … … 2079 2008 2080 2009 int 2081 _hx509_private_key_free(hx509_private_key *key)2010 hx509_private_key_free(hx509_private_key *key) 2082 2011 { 2083 2012 if (key == NULL || *key == NULL) … … 2089 2018 return 0; 2090 2019 2091 if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0) {2020 if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) { 2092 2021 if ((*key)->private_key.rsa) 2093 2022 RSA_free((*key)->private_key.rsa); 2094 2023 #ifdef HAVE_OPENSSL 2095 } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, &asn1_oid_id_ecPublicKey) == 0) {2024 } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) { 2096 2025 if ((*key)->private_key.ecdsa) 2097 2026 EC_KEY_free((*key)->private_key.ecdsa); … … 2105 2034 2106 2035 void 2107 _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)2036 hx509_private_key_assign_rsa(hx509_private_key key, void *ptr) 2108 2037 { 2109 2038 if (key->private_key.rsa) 2110 2039 RSA_free(key->private_key.rsa); 2111 2040 key->private_key.rsa = ptr; 2112 key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption;2041 key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; 2113 2042 key->md = &pkcs1_rsa_sha1_alg; 2114 2043 } … … 2147 2076 _hx509_private_key_export(hx509_context context, 2148 2077 const hx509_private_key key, 2078 hx509_key_format_t format, 2149 2079 heim_octet_string *data) 2150 2080 { … … 2153 2083 return HX509_UNIMPLEMENTED_OPERATION; 2154 2084 } 2155 return (*key->ops->export)(context, key, data);2085 return (*key->ops->export)(context, key, format, data); 2156 2086 } 2157 2087 … … 2176 2106 char *name; 2177 2107 int flags; 2178 #define ALLOW_WEAK 1 2108 #define ALLOW_WEAK 1 2109 2110 #define PADDING_NONE 2 2111 #define PADDING_PKCS7 4 2112 #define PADDING_FLAGS (2|4) 2179 2113 const struct hx509cipher *cipher; 2180 2114 const EVP_CIPHER *c; … … 2332 2266 "rc2-cbc", 2333 2267 CIPHER_WEAK, 2334 &asn1_oid_id_pkcs3_rc2_cbc,2268 ASN1_OID_ID_PKCS3_RC2_CBC, 2335 2269 NULL, 2336 2270 EVP_rc2_cbc, … … 2341 2275 "rc2-cbc", 2342 2276 CIPHER_WEAK, 2343 &asn1_oid_id_rsadsi_rc2_cbc,2277 ASN1_OID_ID_RSADSI_RC2_CBC, 2344 2278 NULL, 2345 2279 EVP_rc2_cbc, … … 2359 2293 "des-ede3-cbc", 2360 2294 0, 2361 &asn1_oid_id_pkcs3_des_ede3_cbc,2295 ASN1_OID_ID_PKCS3_DES_EDE3_CBC, 2362 2296 NULL, 2363 2297 EVP_des_ede3_cbc, … … 2368 2302 "des-ede3-cbc", 2369 2303 0, 2370 &asn1_oid_id_rsadsi_des_ede3_cbc,2304 ASN1_OID_ID_RSADSI_DES_EDE3_CBC, 2371 2305 hx509_crypto_des_rsdi_ede3_cbc, 2372 2306 EVP_des_ede3_cbc, … … 2377 2311 "aes-128-cbc", 2378 2312 0, 2379 &asn1_oid_id_aes_128_cbc,2313 ASN1_OID_ID_AES_128_CBC, 2380 2314 hx509_crypto_aes128_cbc, 2381 2315 EVP_aes_128_cbc, … … 2386 2320 "aes-192-cbc", 2387 2321 0, 2388 &asn1_oid_id_aes_192_cbc,2322 ASN1_OID_ID_AES_192_CBC, 2389 2323 NULL, 2390 2324 EVP_aes_192_cbc, … … 2395 2329 "aes-256-cbc", 2396 2330 0, 2397 &asn1_oid_id_aes_256_cbc,2331 ASN1_OID_ID_AES_256_CBC, 2398 2332 hx509_crypto_aes256_cbc, 2399 2333 EVP_aes_256_cbc, … … 2462 2396 } 2463 2397 2398 (*crypto)->flags = PADDING_PKCS7; 2464 2399 (*crypto)->cipher = cipher; 2465 2400 (*crypto)->c = (*cipher->evp_func)(); … … 2507 2442 } 2508 2443 2444 void 2445 hx509_crypto_set_padding(hx509_crypto crypto, int padding_type) 2446 { 2447 switch (padding_type) { 2448 case HX509_CRYPTO_PADDING_PKCS7: 2449 crypto->flags &= ~PADDING_FLAGS; 2450 crypto->flags |= PADDING_PKCS7; 2451 break; 2452 case HX509_CRYPTO_PADDING_NONE: 2453 crypto->flags &= ~PADDING_FLAGS; 2454 crypto->flags |= PADDING_NONE; 2455 break; 2456 default: 2457 _hx509_abort("Invalid padding"); 2458 } 2459 } 2460 2509 2461 int 2510 2462 hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length) … … 2598 2550 { 2599 2551 EVP_CIPHER_CTX evp; 2600 size_t padsize ;2552 size_t padsize, bsize; 2601 2553 int ret; 2602 2554 … … 2625 2577 } 2626 2578 2627 if (EVP_CIPHER_block_size(crypto->c) == 1) { 2628 padsize = 0; 2629 } else { 2630 int bsize = EVP_CIPHER_block_size(crypto->c); 2631 padsize = bsize - (length % bsize); 2632 } 2579 assert(crypto->flags & PADDING_FLAGS); 2580 2581 bsize = EVP_CIPHER_block_size(crypto->c); 2582 padsize = 0; 2583 2584 if (crypto->flags & PADDING_NONE) { 2585 if (bsize != 1 && (length % bsize) != 0) 2586 return HX509_CMS_PADDING_ERROR; 2587 } else if (crypto->flags & PADDING_PKCS7) { 2588 if (bsize != 1) 2589 padsize = bsize - (length % bsize); 2590 } 2591 2633 2592 (*ciphertext)->length = length + padsize; 2634 2593 (*ciphertext)->data = malloc(length + padsize); … … 2720 2679 EVP_CIPHER_CTX_cleanup(&evp); 2721 2680 2722 if ( EVP_CIPHER_block_size(crypto->c) > 1) {2681 if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) { 2723 2682 int padsize; 2724 2683 unsigned char *p; … … 2832 2791 PBE_string2key_func *s2k) 2833 2792 { 2834 if (der_heim_oid_cmp(oid, &asn1_oid_id_pbewithSHAAnd40BitRC2_CBC) == 0) {2793 if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC) == 0) { 2835 2794 *c = EVP_rc2_40_cbc(); 2836 2795 *md = EVP_sha1(); 2837 2796 *s2k = PBE_string2key; 2838 2797 return &asn1_oid_private_rc2_40; 2839 } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd128BitRC2_CBC) == 0) {2798 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC) == 0) { 2840 2799 *c = EVP_rc2_cbc(); 2841 2800 *md = EVP_sha1(); 2842 2801 *s2k = PBE_string2key; 2843 return &asn1_oid_id_pkcs3_rc2_cbc;2802 return ASN1_OID_ID_PKCS3_RC2_CBC; 2844 2803 #if 0 2845 } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd40BitRC4) == 0) {2804 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC4) == 0) { 2846 2805 *c = EVP_rc4_40(); 2847 2806 *md = EVP_sha1(); 2848 2807 *s2k = PBE_string2key; 2849 2808 return NULL; 2850 } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd128BitRC4) == 0) {2809 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC4) == 0) { 2851 2810 *c = EVP_rc4(); 2852 2811 *md = EVP_sha1(); 2853 2812 *s2k = PBE_string2key; 2854 return &asn1_oid_id_pkcs3_rc4;2813 return ASN1_OID_ID_PKCS3_RC4; 2855 2814 #endif 2856 } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC) == 0) {2815 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC) == 0) { 2857 2816 *c = EVP_des_ede3_cbc(); 2858 2817 *md = EVP_sha1(); 2859 2818 *s2k = PBE_string2key; 2860 return &asn1_oid_id_pkcs3_des_ede3_cbc;2819 return ASN1_OID_ID_PKCS3_DES_EDE3_CBC; 2861 2820 } 2862 2821 … … 3035 2994 _hx509_match_keys(hx509_cert c, hx509_private_key key) 3036 2995 { 3037 if (der_heim_oid_cmp(key->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0)2996 if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) 3038 2997 return match_keys_rsa(c, key); 3039 if (der_heim_oid_cmp(key->ops->key_oid, &asn1_oid_id_ecPublicKey) == 0)2998 if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) 3040 2999 return match_keys_ec(c, key); 3041 3000 return 0; -
trunk/server/source4/heimdal/lib/hx509/error.c
r414 r745 68 68 hx509_clear_error_string(hx509_context context) 69 69 { 70 free_error_string(context->error); 71 context->error = NULL; 70 if (context) { 71 free_error_string(context->error); 72 context->error = NULL; 73 } 72 74 } 73 75 … … 91 93 { 92 94 hx509_error msg; 95 96 if (context == NULL) 97 return; 93 98 94 99 msg = calloc(1, sizeof(*msg)); -
trunk/server/source4/heimdal/lib/hx509/file.c
r414 r745 67 67 68 68 static void 69 header(FILE *f, const char *type, const char *str)69 print_pem_stamp(FILE *f, const char *type, const char *str) 70 70 { 71 71 fprintf(f, "-----%s %s-----\n", type, str); … … 83 83 #define ENCODE_LINE_LENGTH 54 84 84 85 header(f, "BEGIN", type);85 print_pem_stamp(f, "BEGIN", type); 86 86 87 87 while (headers) { … … 111 111 } 112 112 113 header(f, "END", type);113 print_pem_stamp(f, "END", type); 114 114 115 115 return 0; -
trunk/server/source4/heimdal/lib/hx509/hx509.h
r414 r745 49 49 typedef struct hx509_name_data *hx509_name; 50 50 typedef struct hx509_private_key *hx509_private_key; 51 typedef struct hx509_private_key_ops hx509_private_key_ops; 51 52 typedef struct hx509_validate_ctx_data *hx509_validate_ctx; 52 53 typedef struct hx509_verify_ctx_data *hx509_verify_ctx; … … 71 72 HX509_VALIDATE_F_VERBOSE = 2 72 73 }; 74 75 enum { 76 HX509_CRYPTO_PADDING_PKCS7 = 0, 77 HX509_CRYPTO_PADDING_NONE = 1 78 }; 79 80 enum { 81 HX509_KEY_FORMAT_GUESS = 0, 82 HX509_KEY_FORMAT_DER = 1, 83 HX509_KEY_FORMAT_WIN_BACKUPKEY = 2 84 }; 85 typedef uint32_t hx509_key_format_t; 73 86 74 87 struct hx509_cert_attribute_data { … … 131 144 #define HX509_CMS_EV_NO_KU_CHECK 0x01 132 145 #define HX509_CMS_EV_ALLOW_WEAK 0x02 146 #define HX509_CMS_EV_ID_NAME 0x04 133 147 134 148 /* flags to hx509_cms_verify_signed */ … … 158 172 #define HX509_CMS_SIGNATURE_ID_NAME 0x02 159 173 #define HX509_CMS_SIGNATURE_NO_SIGNER 0x04 174 #define HX509_CMS_SIGNATURE_LEAF_ONLY 0x08 175 #define HX509_CMS_SIGNATURE_NO_CERTS 0x10 160 176 161 177 /* hx509_verify_hostname nametype */ -
trunk/server/source4/heimdal/lib/hx509/hx509_err.et
r414 r745 67 67 error_code RSA_PRIVATE_DECRYPT, "RSA private decryption failed" 68 68 error_code ALGORITHM_BEST_BEFORE, "Algorithm has passed its best before date" 69 error_code KEY_FORMAT_UNSUPPORTED, "Key format is unsupported" 69 70 70 71 # revoke related errors -
trunk/server/source4/heimdal/lib/hx509/hx_locl.h
r414 r745 40 40 #include <ctype.h> 41 41 #include <errno.h> 42 #ifdef HAVE_STRINGS_H 42 43 #include <strings.h> 44 #endif 43 45 #include <assert.h> 44 46 #include <stdarg.h> … … 46 48 #include <limits.h> 47 49 50 #include <roken.h> 51 48 52 #include <getarg.h> 49 53 #include <base64.h> 50 54 #include <hex.h> 51 #include <roken.h>52 55 #include <com_err.h> 53 56 #include <parse_units.h> … … 80 83 typedef void (*_hx509_cert_release_func)(struct hx509_cert_data *, void *); 81 84 82 typedef struct hx509_private_key_ops hx509_private_key_ops;83 85 84 86 #include "sel.h" -
trunk/server/source4/heimdal/lib/hx509/keyset.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 199 201 200 202 hx509_certs 201 _hx509_certs_ref(hx509_certs certs)203 hx509_certs_ref(hx509_certs certs) 202 204 { 203 205 if (certs == NULL) … … 324 326 * @param func function to call for each certificate. The function 325 327 * should return non-zero to abort the iteration, that value is passed 326 * back to t e caller of hx509_certs_iter().328 * back to the caller of hx509_certs_iter_f(). 327 329 * @param ctx context variable that will passed to the function. 328 330 * … … 333 335 334 336 int 335 hx509_certs_iter (hx509_context context,336 hx509_certs certs,337 int (*func)(hx509_context, void *, hx509_cert),338 void *ctx)337 hx509_certs_iter_f(hx509_context context, 338 hx509_certs certs, 339 int (*func)(hx509_context, void *, hx509_cert), 340 void *ctx) 339 341 { 340 342 hx509_cursor cursor; … … 365 367 } 366 368 367 368 /** 369 * Function to use to hx509_certs_iter() as a function argument, the 370 * ctx variable to hx509_certs_iter() should be a FILE file descriptor. 371 * 372 * @param context a hx509 context. 373 * @param ctx used by hx509_certs_iter(). 369 /** 370 * Iterate over all certificates in a keystore and call an function 371 * for each fo them. 372 * 373 * @param context a hx509 context. 374 * @param certs certificate store to iterate over. 375 * @param func function to call for each certificate. The function 376 * should return non-zero to abort the iteration, that value is passed 377 * back to the caller of hx509_certs_iter(). 378 * 379 * @return Returns an hx509 error code. 380 * 381 * @ingroup hx509_keyset 382 */ 383 384 #ifdef __BLOCKS__ 385 386 static int 387 certs_iter(hx509_context context, void *ctx, hx509_cert cert) 388 { 389 int (^func)(hx509_cert) = ctx; 390 return func(cert); 391 } 392 393 int 394 hx509_certs_iter(hx509_context context, 395 hx509_certs certs, 396 int (^func)(hx509_cert)) 397 { 398 return hx509_certs_iter_f(context, certs, certs_iter, func); 399 } 400 #endif 401 402 403 /** 404 * Function to use to hx509_certs_iter_f() as a function argument, the 405 * ctx variable to hx509_certs_iter_f() should be a FILE file descriptor. 406 * 407 * @param context a hx509 context. 408 * @param ctx used by hx509_certs_iter_f(). 374 409 * @param c a certificate 375 410 * … … 588 623 if (from == NULL) 589 624 return 0; 590 return hx509_certs_iter (context, from, certs_merge_func, to);625 return hx509_certs_iter_f(context, from, certs_merge_func, to); 591 626 } 592 627 … … 747 782 int i; 748 783 for (i = 0; keys[i]; i++) 749 _hx509_private_key_free(&keys[i]);784 hx509_private_key_free(&keys[i]); 750 785 free(keys); 751 786 } -
trunk/server/source4/heimdal/lib/hx509/ks_dir.c
r414 r745 94 94 } 95 95 96 97 98 96 static int 99 97 dir_iter_start(hx509_context context, … … 116 114 return errno; 117 115 } 118 rk_cloexec (dirfd(d->dir));116 rk_cloexec_dir(d->dir); 119 117 d->certs = NULL; 120 118 d->iter = NULL; -
trunk/server/source4/heimdal/lib/hx509/ks_file.c
r414 r745 368 368 { 369 369 char *p, *pnext; 370 struct ks_file * f = NULL;370 struct ks_file *ksf = NULL; 371 371 hx509_private_key *keys = NULL; 372 372 int ret; … … 381 381 lock = _hx509_empty_lock; 382 382 383 f = calloc(1, sizeof(*f));384 if ( f == NULL) {383 ksf = calloc(1, sizeof(*ksf)); 384 if (ksf == NULL) { 385 385 hx509_clear_error_string(context); 386 386 return ENOMEM; 387 387 } 388 f->format = format;389 390 f->fn = strdup(residue);391 if ( f->fn == NULL) {388 ksf->format = format; 389 390 ksf->fn = strdup(residue); 391 if (ksf->fn == NULL) { 392 392 hx509_clear_error_string(context); 393 393 ret = ENOMEM; … … 402 402 if (flags & HX509_CERTS_CREATE) { 403 403 ret = hx509_certs_init(context, "MEMORY:ks-file-create", 404 0, lock, & f->certs);404 0, lock, &ksf->certs); 405 405 if (ret) 406 406 goto out; 407 *data = f;407 *data = ksf; 408 408 return 0; 409 409 } … … 413 413 goto out; 414 414 415 for (p = f->fn; p != NULL; p = pnext) {415 for (p = ksf->fn; p != NULL; p = pnext) { 416 416 FILE *f; 417 417 … … 462 462 } 463 463 464 ret = _hx509_collector_collect_certs(context, pem_ctx.c, & f->certs);464 ret = _hx509_collector_collect_certs(context, pem_ctx.c, &ksf->certs); 465 465 if (ret) 466 466 goto out; … … 471 471 472 472 for (i = 0; keys[i]; i++) 473 _hx509_certs_keys_add(context, f->certs, keys[i]);473 _hx509_certs_keys_add(context, ksf->certs, keys[i]); 474 474 _hx509_certs_keys_free(context, keys); 475 475 } … … 477 477 out: 478 478 if (ret == 0) 479 *data = f;479 *data = ksf; 480 480 else { 481 if ( f->fn)482 free( f->fn);483 free( f);481 if (ksf->fn) 482 free(ksf->fn); 483 free(ksf); 484 484 } 485 485 if (pem_ctx.c) … … 508 508 file_free(hx509_certs certs, void *data) 509 509 { 510 struct ks_file * f = data;511 hx509_certs_free(& f->certs);512 free( f->fn);513 free( f);510 struct ks_file *ksf = data; 511 hx509_certs_free(&ksf->certs); 512 free(ksf->fn); 513 free(ksf); 514 514 return 0; 515 515 } … … 542 542 if (_hx509_cert_private_key_exportable(c)) { 543 543 hx509_private_key key = _hx509_cert_private_key(c); 544 ret = _hx509_private_key_export(context, key, &data); 544 ret = _hx509_private_key_export(context, key, 545 HX509_KEY_FORMAT_DER, &data); 545 546 if (ret) 546 547 break; … … 559 560 hx509_certs certs, void *data, int flags, hx509_lock lock) 560 561 { 561 struct ks_file * f = data;562 struct ks_file *ksf = data; 562 563 struct store_ctx sc; 563 564 int ret; 564 565 565 sc.f = fopen( f->fn, "w");566 sc.f = fopen(ksf->fn, "w"); 566 567 if (sc.f == NULL) { 567 568 hx509_set_error_string(context, 0, ENOENT, … … 570 571 } 571 572 rk_cloexec_file(sc.f); 572 sc.format = f->format;573 574 ret = hx509_certs_iter (context,f->certs, store_func, &sc);573 sc.format = ksf->format; 574 575 ret = hx509_certs_iter_f(context, ksf->certs, store_func, &sc); 575 576 fclose(sc.f); 576 577 return ret; … … 580 581 file_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c) 581 582 { 582 struct ks_file * f = data;583 return hx509_certs_add(context, f->certs, c);583 struct ks_file *ksf = data; 584 return hx509_certs_add(context, ksf->certs, c); 584 585 } 585 586 … … 588 589 hx509_certs certs, void *data, void **cursor) 589 590 { 590 struct ks_file * f = data;591 return hx509_certs_start_seq(context, f->certs, cursor);591 struct ks_file *ksf = data; 592 return hx509_certs_start_seq(context, ksf->certs, cursor); 592 593 } 593 594 … … 596 597 hx509_certs certs, void *data, void *iter, hx509_cert *cert) 597 598 { 598 struct ks_file * f = data;599 return hx509_certs_next_cert(context, f->certs, iter, cert);599 struct ks_file *ksf = data; 600 return hx509_certs_next_cert(context, ksf->certs, iter, cert); 600 601 } 601 602 … … 606 607 void *cursor) 607 608 { 608 struct ks_file * f = data;609 return hx509_certs_end_seq(context, f->certs, cursor);609 struct ks_file *ksf = data; 610 return hx509_certs_end_seq(context, ksf->certs, cursor); 610 611 } 611 612 … … 616 617 hx509_private_key **keys) 617 618 { 618 struct ks_file * f = data;619 return _hx509_certs_keys_get(context, f->certs, keys);619 struct ks_file *ksf = data; 620 return _hx509_certs_keys_get(context, ksf->certs, keys); 620 621 } 621 622 … … 626 627 hx509_private_key key) 627 628 { 628 struct ks_file * f = data;629 return _hx509_certs_keys_add(context, f->certs, key);629 struct ks_file *ksf = data; 630 return _hx509_certs_keys_add(context, ksf->certs, key); 630 631 } 631 632 -
trunk/server/source4/heimdal/lib/hx509/ks_keychain.c
r414 r745 44 44 int, const CSSM_ACCESS_CREDENTIALS **); 45 45 #define kSecCredentialTypeDefault 0 46 #define CSSM_SIZE uint32_t 46 47 #endif 47 48 … … 259 260 int ret; 260 261 261 ret = _hx509_private_key_init(&key, NULL, NULL);262 ret = hx509_private_key_init(&key, NULL, NULL); 262 263 if (ret) 263 264 return ret; … … 302 303 _hx509_abort("RSA_set_app_data"); 303 304 304 _hx509_private_key_assign_rsa(key, rsa);305 hx509_private_key_assign_rsa(key, rsa); 305 306 _hx509_cert_assign_key(cert, key); 306 307 -
trunk/server/source4/heimdal/lib/hx509/ks_mem.c
r414 r745 79 79 free(mem->certs.val); 80 80 for (i = 0; mem->keys && mem->keys[i]; i++) 81 _hx509_private_key_free(&mem->keys[i]);81 hx509_private_key_free(&mem->keys[i]); 82 82 free(mem->keys); 83 83 free(mem->name); … … 168 168 if ((*keys)[i] == NULL) { 169 169 while (--i >= 0) 170 _hx509_private_key_free(&(*keys)[i]);170 hx509_private_key_free(&(*keys)[i]); 171 171 hx509_set_error_string(context, 0, ENOMEM, "out of memory"); 172 172 return ENOMEM; -
trunk/server/source4/heimdal/lib/hx509/ks_p11.c
r414 r745 614 614 localKeyId.length = query[0].ulValueLen; 615 615 616 ret = _hx509_private_key_init(&key, NULL, NULL);616 ret = hx509_private_key_init(&key, NULL, NULL); 617 617 if (ret) 618 618 return ret; … … 649 649 _hx509_abort("RSA_set_app_data"); 650 650 651 _hx509_private_key_assign_rsa(key, rsa);651 hx509_private_key_assign_rsa(key, rsa); 652 652 653 653 ret = _hx509_collector_private_key_add(context, … … 659 659 660 660 if (ret) { 661 _hx509_private_key_free(&key);661 hx509_private_key_free(&key); 662 662 return ret; 663 663 } … … 836 836 } 837 837 838 getFuncs = dlsym(p->dl_handle, "C_GetFunctionList");838 getFuncs = (CK_C_GetFunctionList) dlsym(p->dl_handle, "C_GetFunctionList"); 839 839 if (getFuncs == NULL) { 840 840 ret = HX509_PKCS11_LOAD; … … 1140 1140 MECHNAME(CKM_SHA_1, "sha1"); 1141 1141 MECHNAME(CKM_MD5, "md5"); 1142 MECHNAME(CKM_MD2, "md2");1143 1142 MECHNAME(CKM_RIPEMD160, "ripemd-160"); 1144 1143 MECHNAME(CKM_DES_ECB, "des-ecb"); -
trunk/server/source4/heimdal/lib/hx509/ks_p12.c
r414 r745 536 536 ret = _hx509_private_key_export(context, 537 537 _hx509_cert_private_key(c), 538 HX509_KEY_FORMAT_DER, 538 539 &pki.privateKey); 539 540 if (ret) { … … 572 573 memset(&pfx, 0, sizeof(pfx)); 573 574 574 ret = hx509_certs_iter (context, p12->certs, store_func, &as);575 ret = hx509_certs_iter_f(context, p12->certs, store_func, &as); 575 576 if (ret) 576 577 goto out; -
trunk/server/source4/heimdal/lib/hx509/lock.c
r414 r745 215 215 hx509_lock_free(hx509_lock lock) 216 216 { 217 hx509_certs_free(&lock->certs); 218 hx509_lock_reset_passwords(lock); 219 memset(lock, 0, sizeof(*lock)); 220 free(lock); 217 if (lock) { 218 hx509_certs_free(&lock->certs); 219 hx509_lock_reset_passwords(lock); 220 memset(lock, 0, sizeof(*lock)); 221 free(lock); 222 } 221 223 } 222 224 -
trunk/server/source4/heimdal/lib/hx509/name.c
r414 r745 34 34 #include "hx_locl.h" 35 35 #include <wind.h> 36 #include "char_map.h" 36 37 37 38 /** … … 44 45 * types are defined by OID and have long and short description. For 45 46 * example id-at-commonName (2.5.4.3) have the long name CommonName 46 * and short name CN. The string itself can be of se rveral encoding,47 * and short name CN. The string itself can be of several encoding, 47 48 * UTF8, UTF16, Teltex string, etc. The type limit what encoding 48 49 * should be used. … … 80 81 81 82 static char * 82 quote_string(const char *f, size_t len, size_t *rlen)83 quote_string(const char *f, size_t len, int flags, size_t *rlen) 83 84 { 84 85 size_t i, j, tolen; 85 const char *from =f;86 char *to;86 const unsigned char *from = (const unsigned char *)f; 87 unsigned char *to; 87 88 88 89 tolen = len * 3 + 1; … … 92 93 93 94 for (i = 0, j = 0; i < len; i++) { 94 if (from[i] == ' ' && i + 1 < len) 95 to[j++] = from[i]; 96 else if (from[i] == ',' || from[i] == '=' || from[i] == '+' || 97 from[i] == '<' || from[i] == '>' || from[i] == '#' || 98 from[i] == ';' || from[i] == ' ') 99 { 95 unsigned char map = char_map[from[i]] & flags; 96 if (i == 0 && (map & Q_RFC2253_QUOTE_FIRST)) { 100 97 to[j++] = '\\'; 101 98 to[j++] = from[i]; 102 } else if (((unsigned char)from[i]) >= 32 && ((unsigned char)from[i]) <= 127) { 99 } else if ((i + 1) == len && (map & Q_RFC2253_QUOTE_LAST)) { 100 101 to[j++] = '\\'; 103 102 to[j++] = from[i]; 104 } else { 105 int l = snprintf(&to[j], tolen - j - 1, 103 } else if (map & Q_RFC2253_QUOTE) { 104 to[j++] = '\\'; 105 to[j++] = from[i]; 106 } else if (map & Q_RFC2253_HEX) { 107 int l = snprintf((char *)&to[j], tolen - j - 1, 106 108 "#%02x", (unsigned char)from[i]); 107 109 j += l; 110 } else { 111 to[j++] = from[i]; 108 112 } 109 113 } … … 111 115 assert(j < tolen); 112 116 *rlen = j; 113 return to;117 return (char *)to; 114 118 } 115 119 … … 122 126 123 127 if (quote) 124 qs = quote_string(ss, len, &len);128 qs = quote_string(ss, len, Q_RFC2253, &len); 125 129 else 126 130 qs = rk_UNCONST(ss); … … 204 208 205 209 for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) { 206 int len;210 size_t len; 207 211 208 212 for (j = 0; j < n->u.rdnSequence.val[i].len; j++) { … … 215 219 switch(ds->element) { 216 220 case choice_DirectoryString_ia5String: 217 ss = ds->u.ia5String; 221 ss = ds->u.ia5String.data; 222 len = ds->u.ia5String.length; 218 223 break; 219 224 case choice_DirectoryString_printableString: 220 ss = ds->u.printableString; 225 ss = ds->u.printableString.data; 226 len = ds->u.printableString.length; 221 227 break; 222 228 case choice_DirectoryString_utf8String: 223 229 ss = ds->u.utf8String; 230 len = strlen(ss); 224 231 break; 225 232 case choice_DirectoryString_bmpString: { … … 241 248 } 242 249 ss[k] = '\0'; 250 len = k; 243 251 break; 244 252 } 245 253 case choice_DirectoryString_teletexString: 246 ss = malloc(ds->u.teletexString.length + 1); 247 if (ss == NULL) 248 _hx509_abort("allocation failure"); /* XXX */ 249 memcpy(ss, ds->u.teletexString.data, ds->u.teletexString.length); 250 ss[ds->u.teletexString.length] = '\0'; 254 ss = ds->u.teletexString; 255 len = strlen(ss); 251 256 break; 252 257 case choice_DirectoryString_universalString: { … … 268 273 } 269 274 ss[k] = '\0'; 275 len = k; 270 276 break; 271 277 } … … 277 283 free(oidname); 278 284 append_string(str, &total_len, "=", 1, 0); 279 len = strlen(ss);280 285 append_string(str, &total_len, ss, len, 1); 281 if (ds->element == choice_DirectoryString_universalString || 282 ds->element == choice_DirectoryString_bmpString || 283 ds->element == choice_DirectoryString_teletexString) 286 if (ds->element == choice_DirectoryString_bmpString || 287 ds->element == choice_DirectoryString_universalString) 284 288 { 285 289 free(ss); … … 325 329 dsstringprep(const DirectoryString *ds, uint32_t **rname, size_t *rlen) 326 330 { 327 wind_profile_flags flags = 0;331 wind_profile_flags flags; 328 332 size_t i, len; 329 333 int ret; … … 335 339 switch(ds->element) { 336 340 case choice_DirectoryString_ia5String: 337 COPYCHARARRAY(ds, ia5String, len, name); 341 flags = WIND_PROFILE_LDAP; 342 COPYVOIDARRAY(ds, ia5String, len, name); 338 343 break; 339 344 case choice_DirectoryString_printableString: 340 flags = WIND_PROFILE_LDAP_CASE_EXACT_ATTRIBUTE; 341 COPYCHARARRAY(ds, printableString, len, name); 345 flags = WIND_PROFILE_LDAP; 346 flags |= WIND_PROFILE_LDAP_CASE_EXACT_ATTRIBUTE; 347 COPYVOIDARRAY(ds, printableString, len, name); 342 348 break; 343 349 case choice_DirectoryString_teletexString: 344 COPYVOIDARRAY(ds, teletexString, len, name); 350 flags = WIND_PROFILE_LDAP_CASE; 351 COPYCHARARRAY(ds, teletexString, len, name); 345 352 break; 346 353 case choice_DirectoryString_bmpString: 354 flags = WIND_PROFILE_LDAP; 347 355 COPYVALARRAY(ds, bmpString, len, name); 348 356 break; 349 357 case choice_DirectoryString_universalString: 358 flags = WIND_PROFILE_LDAP; 350 359 COPYVALARRAY(ds, universalString, len, name); 351 360 break; 352 361 case choice_DirectoryString_utf8String: 362 flags = WIND_PROFILE_LDAP; 353 363 ret = wind_utf8ucs4_length(ds->u.utf8String, &len); 354 364 if (ret) … … 373 383 *rname = malloc(*rlen * sizeof((*rname)[0])); 374 384 375 ret = wind_stringprep(name, len, *rname, rlen, 376 WIND_PROFILE_LDAP|flags); 385 ret = wind_stringprep(name, len, *rname, rlen, flags); 377 386 if (ret == WIND_ERR_OVERRUN) { 378 387 free(*rname); … … 400 409 { 401 410 uint32_t *ds1lp, *ds2lp; 402 size_t ds1len, ds2len ;411 size_t ds1len, ds2len, i; 403 412 int ret; 404 413 … … 414 423 if (ds1len != ds2len) 415 424 *diff = ds1len - ds2len; 416 else 417 *diff = memcmp(ds1lp, ds2lp, ds1len * sizeof(ds1lp[0])); 418 425 else { 426 for (i = 0; i < ds1len; i++) { 427 *diff = ds1lp[i] - ds2lp[i]; 428 if (*diff) 429 break; 430 } 431 } 419 432 free(ds1lp); 420 433 free(ds2lp); … … 927 940 switch (name->element) { 928 941 case choice_GeneralName_otherName: { 929 char * str;930 hx509_oid_sprint(&name->u.otherName.type_id, & str);931 if ( str== NULL)942 char *oid; 943 hx509_oid_sprint(&name->u.otherName.type_id, &oid); 944 if (oid == NULL) 932 945 return ENOMEM; 933 strpool = rk_strpoolprintf(strpool, "otherName: %s", str);934 free( str);946 strpool = rk_strpoolprintf(strpool, "otherName: %s", oid); 947 free(oid); 935 948 break; 936 949 } 937 950 case choice_GeneralName_rfc822Name: 938 strpool = rk_strpoolprintf(strpool, "rfc822Name: %s\n", 939 name->u.rfc822Name); 951 strpool = rk_strpoolprintf(strpool, "rfc822Name: %.*s\n", 952 (int)name->u.rfc822Name.length, 953 (char *)name->u.rfc822Name.data); 940 954 break; 941 955 case choice_GeneralName_dNSName: 942 strpool = rk_strpoolprintf(strpool, "dNSName: %s\n", 943 name->u.dNSName); 956 strpool = rk_strpoolprintf(strpool, "dNSName: %.*s\n", 957 (int)name->u.dNSName.length, 958 (char *)name->u.dNSName.data); 944 959 break; 945 960 case choice_GeneralName_directoryName: { … … 958 973 } 959 974 case choice_GeneralName_uniformResourceIdentifier: 960 strpool = rk_strpoolprintf(strpool, "URI: %s", 961 name->u.uniformResourceIdentifier); 975 strpool = rk_strpoolprintf(strpool, "URI: %.*s", 976 (int)name->u.uniformResourceIdentifier.length, 977 (char *)name->u.uniformResourceIdentifier.data); 962 978 break; 963 979 case choice_GeneralName_iPAddress: { … … 987 1003 } 988 1004 case choice_GeneralName_registeredID: { 989 char * str;990 hx509_oid_sprint(&name->u.registeredID, & str);991 if ( str== NULL)1005 char *oid; 1006 hx509_oid_sprint(&name->u.registeredID, &oid); 1007 if (oid == NULL) 992 1008 return ENOMEM; 993 strpool = rk_strpoolprintf(strpool, "registeredID: %s", str);994 free( str);1009 strpool = rk_strpoolprintf(strpool, "registeredID: %s", oid); 1010 free(oid); 995 1011 break; 996 1012 } -
trunk/server/source4/heimdal/lib/hx509/peer.c
r414 r745 3 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 5 7 * 6 8 * Redistribution and use in source and binary forms, with or without … … 145 147 return ENOMEM; 146 148 } 149 peer->val = ptr; 147 150 ret = copy_AlgorithmIdentifier(val, &peer->val[peer->len]); 148 151 if (ret == 0) -
trunk/server/source4/heimdal/lib/hx509/print.c
r414 r745 1018 1018 if (status.selfsigned) { 1019 1019 ret = _hx509_verify_signature_bitstring(context, 1020 c ,1020 cert, 1021 1021 &c->signatureAlgorithm, 1022 1022 &c->tbsCertificate._save, -
trunk/server/source4/heimdal/lib/hx509/req.c
r414 r745 47 47 48 48 int 49 _hx509_request_init(hx509_context context, hx509_request *req)49 hx509_request_init(hx509_context context, hx509_request *req) 50 50 { 51 51 *req = calloc(1, sizeof(**req)); … … 57 57 58 58 void 59 _hx509_request_free(hx509_request *req)59 hx509_request_free(hx509_request *req) 60 60 { 61 61 if ((*req)->name) … … 70 70 71 71 int 72 _hx509_request_set_name(hx509_context context,72 hx509_request_set_name(hx509_context context, 73 73 hx509_request req, 74 74 hx509_name name) … … 85 85 86 86 int 87 _hx509_request_get_name(hx509_context context,87 hx509_request_get_name(hx509_context context, 88 88 hx509_request req, 89 89 hx509_name *name) … … 97 97 98 98 int 99 _hx509_request_set_SubjectPublicKeyInfo(hx509_context context,99 hx509_request_set_SubjectPublicKeyInfo(hx509_context context, 100 100 hx509_request req, 101 101 const SubjectPublicKeyInfo *key) … … 106 106 107 107 int 108 _hx509_request_get_SubjectPublicKeyInfo(hx509_context context,108 hx509_request_get_SubjectPublicKeyInfo(hx509_context context, 109 109 hx509_request req, 110 110 SubjectPublicKeyInfo *key) … … 144 144 memset(&name, 0, sizeof(name)); 145 145 name.element = choice_GeneralName_dNSName; 146 name.u.dNSName = rk_UNCONST(hostname); 146 name.u.dNSName.data = rk_UNCONST(hostname); 147 name.u.dNSName.length = strlen(hostname); 147 148 148 149 return add_GeneralNames(&req->san, &name); … … 158 159 memset(&name, 0, sizeof(name)); 159 160 name.element = choice_GeneralName_rfc822Name; 160 name.u.dNSName = rk_UNCONST(email); 161 name.u.dNSName.data = rk_UNCONST(email); 162 name.u.dNSName.length = strlen(email); 161 163 162 164 return add_GeneralNames(&req->san, &name); … … 270 272 } 271 273 272 ret = _hx509_request_init(context, req);274 ret = hx509_request_init(context, req); 273 275 if (ret) { 274 276 free_CertificationRequest(&r); … … 278 280 rinfo = &r.certificationRequestInfo; 279 281 280 ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req,282 ret = hx509_request_set_SubjectPublicKeyInfo(context, *req, 281 283 &rinfo->subjectPKInfo); 282 284 if (ret) { 283 285 free_CertificationRequest(&r); 284 _hx509_request_free(req);286 hx509_request_free(req); 285 287 return ret; 286 288 } … … 289 291 if (ret) { 290 292 free_CertificationRequest(&r); 291 _hx509_request_free(req);292 return ret; 293 } 294 ret = _hx509_request_set_name(context, *req, subject);293 hx509_request_free(req); 294 return ret; 295 } 296 ret = hx509_request_set_name(context, *req, subject); 295 297 hx509_name_free(&subject); 296 298 free_CertificationRequest(&r); 297 299 if (ret) { 298 _hx509_request_free(req);300 hx509_request_free(req); 299 301 return ret; 300 302 } -
trunk/server/source4/heimdal/lib/hx509/revoke.c
r414 r745 224 224 225 225 ret = _hx509_verify_signature_bitstring(context, 226 p ,226 parent, 227 227 &s->signatureAlgorithm, 228 228 &s->tbsCertificate._save, … … 241 241 242 242 ret = _hx509_verify_signature_bitstring(context, 243 _hx509_get_cert(signer),243 signer, 244 244 &ocsp->ocsp.signatureAlgorithm, 245 245 &ocsp->ocsp.tbsResponseData._save, … … 507 507 508 508 ret = _hx509_verify_signature_bitstring(context, 509 _hx509_get_cert(signer),509 signer, 510 510 &crl->signatureAlgorithm, 511 511 &crl->tbsCertList._save, … … 990 990 ctx.parent = NULL; 991 991 992 ret = hx509_certs_iter (context, reqcerts, add_to_req, &ctx);992 ret = hx509_certs_iter_f(context, reqcerts, add_to_req, &ctx); 993 993 hx509_cert_free(ctx.parent); 994 994 if (ret) … … 1154 1154 fprintf(out, "appended certs:\n"); 1155 1155 if (ocsp.certs) 1156 ret = hx509_certs_iter (context, ocsp.certs, hx509_ci_print_names, out);1156 ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out); 1157 1157 1158 1158 free_ocsp(&ocsp); … … 1487 1487 c.tbsCertList.crlExtensions = NULL; 1488 1488 1489 ret = hx509_certs_iter (context, crl->revoked, add_revoked, &c.tbsCertList);1489 ret = hx509_certs_iter_f(context, crl->revoked, add_revoked, &c.tbsCertList); 1490 1490 if (ret) 1491 1491 goto out; -
trunk/server/source4/heimdal/lib/hx509/sel-gram.c
r414 r745 1 /* A Bison parser, made by GNU Bison 2.3. */ 1 2 /* A Bison parser, made by GNU Bison 2.4.1. */ 2 3 3 4 /* Skeleton implementation for Bison's Yacc-like parsers in C 4 5 Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 20065 6 Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 6 7 Free Software Foundation, Inc. 7 8 This program is free software ;you can redistribute it and/or modify8 9 This program is free software: you can redistribute it and/or modify 9 10 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation ; either version 2, or (at your option)11 any later version.12 11 the Free Software Foundation, either version 3 of the License, or 12 (at your option) any later version. 13 13 14 This program is distributed in the hope that it will be useful, 14 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 17 GNU General Public License for more details. 17 18 18 19 You should have received a copy of the GNU General Public License 19 along with this program; if not, write to the Free Software 20 Foundation, Inc., 51 Franklin Street, Fifth Floor, 21 Boston, MA 02110-1301, USA. */ 20 along with this program. If not, see <http://www.gnu.org/licenses/>. */ 22 21 23 22 /* As a special exception, you may create a larger work that contains … … 30 29 Bison output files to be licensed under the GNU General Public 31 30 License without this special exception. 32 31 33 32 This special exception was added by the Free Software Foundation in 34 33 version 2.2 of Bison. */ … … 48 47 49 48 /* Bison version. */ 50 #define YYBISON_VERSION "2. 3"49 #define YYBISON_VERSION "2.4.1" 51 50 52 51 /* Skeleton name. */ … … 56 55 #define YYPURE 0 57 56 57 /* Push parsers. */ 58 #define YYPUSH 0 59 60 /* Pull parsers. */ 61 #define YYPULL 1 62 58 63 /* Using locations. */ 59 64 #define YYLSP_NEEDED 0 60 65 66 67 68 /* Copy the first part of user declarations. */ 69 70 /* Line 189 of yacc.c */ 71 #line 34 "sel-gram.c" 72 73 #ifdef HAVE_CONFIG_H 74 #include <config.h> 75 #endif 76 #include <stdio.h> 77 #include <stdlib.h> 78 #include <hx_locl.h> 79 80 81 82 83 /* Line 189 of yacc.c */ 84 #line 85 "sel-gram.c" 85 86 /* Enabling traces. */ 87 #ifndef YYDEBUG 88 # define YYDEBUG 0 89 #endif 90 91 /* Enabling verbose error messages. */ 92 #ifdef YYERROR_VERBOSE 93 # undef YYERROR_VERBOSE 94 # define YYERROR_VERBOSE 1 95 #else 96 # define YYERROR_VERBOSE 0 97 #endif 98 99 /* Enabling the token table. */ 100 #ifndef YYTOKEN_TABLE 101 # define YYTOKEN_TABLE 0 102 #endif 61 103 62 104 … … 92 134 93 135 94 /* Copy the first part of user declarations. */95 #line 34 "heimdal/lib/hx509/sel-gram.y"96 97 #ifdef HAVE_CONFIG_H98 #include <config.h>99 #endif100 #include <stdio.h>101 #include <stdlib.h>102 #include <hx_locl.h>103 104 105 106 107 /* Enabling traces. */108 #ifndef YYDEBUG109 # define YYDEBUG 0110 #endif111 112 /* Enabling verbose error messages. */113 #ifdef YYERROR_VERBOSE114 # undef YYERROR_VERBOSE115 # define YYERROR_VERBOSE 1116 #else117 # define YYERROR_VERBOSE 0118 #endif119 120 /* Enabling the token table. */121 #ifndef YYTOKEN_TABLE122 # define YYTOKEN_TABLE 0123 #endif124 125 136 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED 126 137 typedef union YYSTYPE 127 #line 45 "heimdal/lib/hx509/sel-gram.y" 128 { 138 { 139 140 /* Line 214 of yacc.c */ 141 #line 45 "sel-gram.c" 142 129 143 char *string; 130 144 struct hx_expr *expr; 131 } 132 /* Line 187 of yacc.c. */ 133 #line 134 "heimdal/lib/hx509/sel-gram.y" 134 YYSTYPE; 145 146 147 148 /* Line 214 of yacc.c */ 149 #line 150 "sel-gram.c" 150 } YYSTYPE; 151 # define YYSTYPE_IS_TRIVIAL 1 135 152 # define yystype YYSTYPE /* obsolescent; will be withdrawn */ 136 153 # define YYSTYPE_IS_DECLARED 1 137 # define YYSTYPE_IS_TRIVIAL 1 138 #endif 139 154 #endif 140 155 141 156 … … 143 158 144 159 145 /* Line 2 16 of yacc.c.*/146 #line 1 47 "heimdal/lib/hx509/sel-gram.y"160 /* Line 264 of yacc.c */ 161 #line 162 "sel-gram.c" 147 162 148 163 #ifdef short … … 219 234 || defined __cplusplus || defined _MSC_VER) 220 235 static int 221 YYID (int i)236 YYID (int yyi) 222 237 #else 223 238 static int 224 YYID ( i)225 int i;226 #endif 227 { 228 return i;239 YYID (yyi) 240 int yyi; 241 #endif 242 { 243 return yyi; 229 244 } 230 245 #endif … … 307 322 union yyalloc 308 323 { 309 yytype_int16 yyss ;310 YYSTYPE yyvs ;311 324 yytype_int16 yyss_alloc; 325 YYSTYPE yyvs_alloc; 326 }; 312 327 313 328 /* The size of the maximum gap between one aligned stack and the next. */ … … 343 358 stack. Advance YYPTR to a properly aligned location for the next 344 359 stack. */ 345 # define YYSTACK_RELOCATE(Stack )\360 # define YYSTACK_RELOCATE(Stack_alloc, Stack) \ 346 361 do \ 347 362 { \ 348 363 YYSIZE_T yynewbytes; \ 349 YYCOPY (&yyptr->Stack , Stack, yysize);\350 Stack = &yyptr->Stack ;\364 YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ 365 Stack = &yyptr->Stack_alloc; \ 351 366 yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ 352 367 yyptr += yynewbytes / sizeof (*yyptr); \ … … 738 753 || defined __cplusplus || defined _MSC_VER) 739 754 static void 740 yy_stack_print (yytype_int16 * bottom, yytype_int16 *top)755 yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) 741 756 #else 742 757 static void 743 yy_stack_print ( bottom,top)744 yytype_int16 * bottom;745 yytype_int16 * top;758 yy_stack_print (yybottom, yytop) 759 yytype_int16 *yybottom; 760 yytype_int16 *yytop; 746 761 #endif 747 762 { 748 763 YYFPRINTF (stderr, "Stack now"); 749 for (; bottom <= top; ++bottom) 750 YYFPRINTF (stderr, " %d", *bottom); 764 for (; yybottom <= yytop; yybottom++) 765 { 766 int yybot = *yybottom; 767 YYFPRINTF (stderr, " %d", yybot); 768 } 751 769 YYFPRINTF (stderr, "\n"); 752 770 } … … 782 800 for (yyi = 0; yyi < yynrhs; yyi++) 783 801 { 784 fprintf(stderr, " $%d = ", yyi + 1);802 YYFPRINTF (stderr, " $%d = ", yyi + 1); 785 803 yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], 786 804 &(yyvsp[(yyi + 1) - (yynrhs)]) 787 805 ); 788 fprintf(stderr, "\n");806 YYFPRINTF (stderr, "\n"); 789 807 } 790 808 } … … 1069 1087 } 1070 1088 1071 1072 1073 1089 /* Prevent warnings from -Wmissing-prototypes. */ 1074 1075 1090 #ifdef YYPARSE_PARAM 1076 1091 #if defined __STDC__ || defined __cplusplus … … 1088 1103 1089 1104 1090 1091 /* The look-ahead symbol. */ 1105 /* The lookahead symbol. */ 1092 1106 int yychar; 1093 1107 1094 /* The semantic value of the look -ahead symbol. */1108 /* The semantic value of the lookahead symbol. */ 1095 1109 YYSTYPE yylval; 1096 1110 … … 1100 1114 1101 1115 1102 /*---------- .1103 | yyparse . |1104 `---------- */1116 /*-------------------------. 1117 | yyparse or yypush_parse. | 1118 `-------------------------*/ 1105 1119 1106 1120 #ifdef YYPARSE_PARAM … … 1126 1140 #endif 1127 1141 { 1128 1129 int yystate; 1142 1143 1144 int yystate; 1145 /* Number of tokens to shift before error messages enabled. */ 1146 int yyerrstatus; 1147 1148 /* The stacks and their tools: 1149 `yyss': related to states. 1150 `yyvs': related to semantic values. 1151 1152 Refer to the stacks thru separate pointers, to allow yyoverflow 1153 to reallocate them elsewhere. */ 1154 1155 /* The state stack. */ 1156 yytype_int16 yyssa[YYINITDEPTH]; 1157 yytype_int16 *yyss; 1158 yytype_int16 *yyssp; 1159 1160 /* The semantic value stack. */ 1161 YYSTYPE yyvsa[YYINITDEPTH]; 1162 YYSTYPE *yyvs; 1163 YYSTYPE *yyvsp; 1164 1165 YYSIZE_T yystacksize; 1166 1130 1167 int yyn; 1131 1168 int yyresult; 1132 /* Number of tokens to shift before error messages enabled. */ 1133 int yyerrstatus; 1134 /* Look-ahead token as an internal (translated) token number. */ 1135 int yytoken = 0; 1169 /* Lookahead token as an internal (translated) token number. */ 1170 int yytoken; 1171 /* The variables used to return semantic value and location from the 1172 action routines. */ 1173 YYSTYPE yyval; 1174 1136 1175 #if YYERROR_VERBOSE 1137 1176 /* Buffer for error messages, and its allocated size. */ … … 1141 1180 #endif 1142 1181 1143 /* Three stacks and their tools:1144 `yyss': related to states,1145 `yyvs': related to semantic values,1146 `yyls': related to locations.1147 1148 Refer to the stacks thru separate pointers, to allow yyoverflow1149 to reallocate them elsewhere. */1150 1151 /* The state stack. */1152 yytype_int16 yyssa[YYINITDEPTH];1153 yytype_int16 *yyss = yyssa;1154 yytype_int16 *yyssp;1155 1156 /* The semantic value stack. */1157 YYSTYPE yyvsa[YYINITDEPTH];1158 YYSTYPE *yyvs = yyvsa;1159 YYSTYPE *yyvsp;1160 1161 1162 1163 1182 #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) 1164 1165 YYSIZE_T yystacksize = YYINITDEPTH;1166 1167 /* The variables used to return semantic value and location from the1168 action routines. */1169 YYSTYPE yyval;1170 1171 1183 1172 1184 /* The number of symbols on the RHS of the reduced rule. … … 1174 1186 int yylen = 0; 1175 1187 1188 yytoken = 0; 1189 yyss = yyssa; 1190 yyvs = yyvsa; 1191 yystacksize = YYINITDEPTH; 1192 1176 1193 YYDPRINTF ((stderr, "Starting parse\n")); 1177 1194 … … 1179 1196 yyerrstatus = 0; 1180 1197 yynerrs = 0; 1181 yychar = YYEMPTY; 1198 yychar = YYEMPTY; /* Cause a token to be read. */ 1182 1199 1183 1200 /* Initialize stack pointers. … … 1185 1202 so that they stay on the same level as the state stack. 1186 1203 The wasted elements are never initialized. */ 1187 1188 1204 yyssp = yyss; 1189 1205 yyvsp = yyvs; … … 1215 1231 yytype_int16 *yyss1 = yyss; 1216 1232 1217 1218 1233 /* Each stack pointer address is followed by the size of the 1219 1234 data in use in that stack, in bytes. This used to be a … … 1223 1238 &yyss1, yysize * sizeof (*yyssp), 1224 1239 &yyvs1, yysize * sizeof (*yyvsp), 1225 1226 1240 &yystacksize); 1227 1241 … … 1246 1260 if (! yyptr) 1247 1261 goto yyexhaustedlab; 1248 YYSTACK_RELOCATE (yyss); 1249 YYSTACK_RELOCATE (yyvs); 1250 1262 YYSTACK_RELOCATE (yyss_alloc, yyss); 1263 YYSTACK_RELOCATE (yyvs_alloc, yyvs); 1251 1264 # undef YYSTACK_RELOCATE 1252 1265 if (yyss1 != yyssa) … … 1259 1272 yyvsp = yyvs + yysize - 1; 1260 1273 1261 1262 1274 YYDPRINTF ((stderr, "Stack size increased to %lu\n", 1263 1275 (unsigned long int) yystacksize)); … … 1268 1280 1269 1281 YYDPRINTF ((stderr, "Entering state %d\n", yystate)); 1282 1283 if (yystate == YYFINAL) 1284 YYACCEPT; 1270 1285 1271 1286 goto yybackup; … … 1277 1292 1278 1293 /* Do appropriate processing given the current state. Read a 1279 look -ahead token if we need one and don't already have one. */1280 1281 /* First try to decide what to do without reference to look -ahead token. */1294 lookahead token if we need one and don't already have one. */ 1295 1296 /* First try to decide what to do without reference to lookahead token. */ 1282 1297 yyn = yypact[yystate]; 1283 1298 if (yyn == YYPACT_NINF) 1284 1299 goto yydefault; 1285 1300 1286 /* Not known => get a look -ahead token if don't already have one. */1287 1288 /* YYCHAR is either YYEMPTY or YYEOF or a valid look -ahead symbol. */1301 /* Not known => get a lookahead token if don't already have one. */ 1302 1303 /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ 1289 1304 if (yychar == YYEMPTY) 1290 1305 { … … 1318 1333 } 1319 1334 1320 if (yyn == YYFINAL)1321 YYACCEPT;1322 1323 1335 /* Count tokens shifted since error; after three, turn off error 1324 1336 status. */ … … 1326 1338 yyerrstatus--; 1327 1339 1328 /* Shift the look -ahead token. */1340 /* Shift the lookahead token. */ 1329 1341 YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); 1330 1342 1331 /* Discard the shifted token unless it is eof. */ 1332 if (yychar != YYEOF) 1333 yychar = YYEMPTY; 1343 /* Discard the shifted token. */ 1344 yychar = YYEMPTY; 1334 1345 1335 1346 yystate = yyn; … … 1371 1382 { 1372 1383 case 2: 1373 #line 73 "heimdal/lib/hx509/sel-gram.y" 1384 1385 /* Line 1455 of yacc.c */ 1386 #line 73 "sel-gram.c" 1374 1387 { _hx509_expr_input.expr = (yyvsp[(1) - (1)].expr); } 1375 1388 break; 1376 1389 1377 1390 case 3: 1378 #line 75 "heimdal/lib/hx509/sel-gram.y" 1391 1392 /* Line 1455 of yacc.c */ 1393 #line 75 "sel-gram.c" 1379 1394 { (yyval.expr) = _hx509_make_expr(op_TRUE, NULL, NULL); } 1380 1395 break; 1381 1396 1382 1397 case 4: 1383 #line 76 "heimdal/lib/hx509/sel-gram.y" 1398 1399 /* Line 1455 of yacc.c */ 1400 #line 76 "sel-gram.c" 1384 1401 { (yyval.expr) = _hx509_make_expr(op_FALSE, NULL, NULL); } 1385 1402 break; 1386 1403 1387 1404 case 5: 1388 #line 77 "heimdal/lib/hx509/sel-gram.y" 1405 1406 /* Line 1455 of yacc.c */ 1407 #line 77 "sel-gram.c" 1389 1408 { (yyval.expr) = _hx509_make_expr(op_NOT, (yyvsp[(2) - (2)].expr), NULL); } 1390 1409 break; 1391 1410 1392 1411 case 6: 1393 #line 78 "heimdal/lib/hx509/sel-gram.y" 1412 1413 /* Line 1455 of yacc.c */ 1414 #line 78 "sel-gram.c" 1394 1415 { (yyval.expr) = _hx509_make_expr(op_AND, (yyvsp[(1) - (3)].expr), (yyvsp[(3) - (3)].expr)); } 1395 1416 break; 1396 1417 1397 1418 case 7: 1398 #line 79 "heimdal/lib/hx509/sel-gram.y" 1419 1420 /* Line 1455 of yacc.c */ 1421 #line 79 "sel-gram.c" 1399 1422 { (yyval.expr) = _hx509_make_expr(op_OR, (yyvsp[(1) - (3)].expr), (yyvsp[(3) - (3)].expr)); } 1400 1423 break; 1401 1424 1402 1425 case 8: 1403 #line 80 "heimdal/lib/hx509/sel-gram.y" 1426 1427 /* Line 1455 of yacc.c */ 1428 #line 80 "sel-gram.c" 1404 1429 { (yyval.expr) = (yyvsp[(2) - (3)].expr); } 1405 1430 break; 1406 1431 1407 1432 case 9: 1408 #line 81 "heimdal/lib/hx509/sel-gram.y" 1433 1434 /* Line 1455 of yacc.c */ 1435 #line 81 "sel-gram.c" 1409 1436 { (yyval.expr) = _hx509_make_expr(op_COMP, (yyvsp[(1) - (1)].expr), NULL); } 1410 1437 break; 1411 1438 1412 1439 case 10: 1413 #line 84 "heimdal/lib/hx509/sel-gram.y" 1440 1441 /* Line 1455 of yacc.c */ 1442 #line 84 "sel-gram.c" 1414 1443 { (yyval.expr) = _hx509_make_expr(expr_WORDS, (yyvsp[(1) - (1)].expr), NULL); } 1415 1444 break; 1416 1445 1417 1446 case 11: 1418 #line 85 "heimdal/lib/hx509/sel-gram.y" 1447 1448 /* Line 1455 of yacc.c */ 1449 #line 85 "sel-gram.c" 1419 1450 { (yyval.expr) = _hx509_make_expr(expr_WORDS, (yyvsp[(1) - (3)].expr), (yyvsp[(3) - (3)].expr)); } 1420 1451 break; 1421 1452 1422 1453 case 12: 1423 #line 88 "heimdal/lib/hx509/sel-gram.y" 1454 1455 /* Line 1455 of yacc.c */ 1456 #line 88 "sel-gram.c" 1424 1457 { (yyval.expr) = _hx509_make_expr(comp_EQ, (yyvsp[(1) - (4)].expr), (yyvsp[(4) - (4)].expr)); } 1425 1458 break; 1426 1459 1427 1460 case 13: 1428 #line 89 "heimdal/lib/hx509/sel-gram.y" 1461 1462 /* Line 1455 of yacc.c */ 1463 #line 89 "sel-gram.c" 1429 1464 { (yyval.expr) = _hx509_make_expr(comp_NE, (yyvsp[(1) - (4)].expr), (yyvsp[(4) - (4)].expr)); } 1430 1465 break; 1431 1466 1432 1467 case 14: 1433 #line 90 "heimdal/lib/hx509/sel-gram.y" 1468 1469 /* Line 1455 of yacc.c */ 1470 #line 90 "sel-gram.c" 1434 1471 { (yyval.expr) = _hx509_make_expr(comp_TAILEQ, (yyvsp[(1) - (3)].expr), (yyvsp[(3) - (3)].expr)); } 1435 1472 break; 1436 1473 1437 1474 case 15: 1438 #line 91 "heimdal/lib/hx509/sel-gram.y" 1475 1476 /* Line 1455 of yacc.c */ 1477 #line 91 "sel-gram.c" 1439 1478 { (yyval.expr) = _hx509_make_expr(comp_IN, (yyvsp[(1) - (5)].expr), (yyvsp[(4) - (5)].expr)); } 1440 1479 break; 1441 1480 1442 1481 case 16: 1443 #line 92 "heimdal/lib/hx509/sel-gram.y" 1482 1483 /* Line 1455 of yacc.c */ 1484 #line 92 "sel-gram.c" 1444 1485 { (yyval.expr) = _hx509_make_expr(comp_IN, (yyvsp[(1) - (3)].expr), (yyvsp[(3) - (3)].expr)); } 1445 1486 break; 1446 1487 1447 1488 case 17: 1448 #line 95 "heimdal/lib/hx509/sel-gram.y" 1489 1490 /* Line 1455 of yacc.c */ 1491 #line 95 "sel-gram.c" 1449 1492 { (yyval.expr) = (yyvsp[(1) - (1)].expr); } 1450 1493 break; 1451 1494 1452 1495 case 18: 1453 #line 96 "heimdal/lib/hx509/sel-gram.y" 1496 1497 /* Line 1455 of yacc.c */ 1498 #line 96 "sel-gram.c" 1454 1499 { (yyval.expr) = (yyvsp[(1) - (1)].expr); } 1455 1500 break; 1456 1501 1457 1502 case 19: 1458 #line 97 "heimdal/lib/hx509/sel-gram.y" 1503 1504 /* Line 1455 of yacc.c */ 1505 #line 97 "sel-gram.c" 1459 1506 { (yyval.expr) = (yyvsp[(1) - (1)].expr); } 1460 1507 break; 1461 1508 1462 1509 case 20: 1463 #line 98 "heimdal/lib/hx509/sel-gram.y" 1510 1511 /* Line 1455 of yacc.c */ 1512 #line 98 "sel-gram.c" 1464 1513 { (yyval.expr) = (yyvsp[(1) - (1)].expr); } 1465 1514 break; 1466 1515 1467 1516 case 21: 1468 #line 101 "heimdal/lib/hx509/sel-gram.y" 1517 1518 /* Line 1455 of yacc.c */ 1519 #line 101 "sel-gram.c" 1469 1520 { (yyval.expr) = _hx509_make_expr(expr_NUMBER, (yyvsp[(1) - (1)].string), NULL); } 1470 1521 break; 1471 1522 1472 1523 case 22: 1473 #line 102 "heimdal/lib/hx509/sel-gram.y" 1524 1525 /* Line 1455 of yacc.c */ 1526 #line 102 "sel-gram.c" 1474 1527 { (yyval.expr) = _hx509_make_expr(expr_STRING, (yyvsp[(1) - (1)].string), NULL); } 1475 1528 break; 1476 1529 1477 1530 case 23: 1478 #line 104 "heimdal/lib/hx509/sel-gram.y" 1531 1532 /* Line 1455 of yacc.c */ 1533 #line 104 "sel-gram.c" 1479 1534 { 1480 1535 (yyval.expr) = _hx509_make_expr(expr_FUNCTION, (yyvsp[(1) - (4)].string), (yyvsp[(3) - (4)].expr)); } … … 1482 1537 1483 1538 case 24: 1484 #line 107 "heimdal/lib/hx509/sel-gram.y" 1539 1540 /* Line 1455 of yacc.c */ 1541 #line 107 "sel-gram.c" 1485 1542 { (yyval.expr) = (yyvsp[(3) - (4)].expr); } 1486 1543 break; 1487 1544 1488 1545 case 25: 1489 #line 110 "heimdal/lib/hx509/sel-gram.y" 1546 1547 /* Line 1455 of yacc.c */ 1548 #line 110 "sel-gram.c" 1490 1549 { 1491 1550 (yyval.expr) = _hx509_make_expr(expr_VAR, (yyvsp[(1) - (3)].string), (yyvsp[(3) - (3)].expr)); } … … 1493 1552 1494 1553 case 26: 1495 #line 112 "heimdal/lib/hx509/sel-gram.y" 1554 1555 /* Line 1455 of yacc.c */ 1556 #line 112 "sel-gram.c" 1496 1557 { 1497 1558 (yyval.expr) = _hx509_make_expr(expr_VAR, (yyvsp[(1) - (1)].string), NULL); } … … 1499 1560 1500 1561 1501 /* Line 1267 of yacc.c. */ 1502 #line 1500 "heimdal/lib/hx509/sel-gram.y" 1562 1563 /* Line 1455 of yacc.c */ 1564 #line 1563 "sel-gram.c" 1503 1565 default: break; 1504 1566 } … … 1510 1572 1511 1573 *++yyvsp = yyval; 1512 1513 1574 1514 1575 /* Now `shift' the result of the reduction. Determine what state … … 1576 1637 if (yyerrstatus == 3) 1577 1638 { 1578 /* If just tried and failed to reuse look -ahead token after an1639 /* If just tried and failed to reuse lookahead token after an 1579 1640 error, discard it. */ 1580 1641 … … 1593 1654 } 1594 1655 1595 /* Else will try to reuse look -ahead token after shifting the error1656 /* Else will try to reuse lookahead token after shifting the error 1596 1657 token. */ 1597 1658 goto yyerrlab1; … … 1650 1711 } 1651 1712 1652 if (yyn == YYFINAL)1653 YYACCEPT;1654 1655 1713 *++yyvsp = yylval; 1656 1714 … … 1677 1735 goto yyreturn; 1678 1736 1679 #if ndef yyoverflow1737 #if !defined(yyoverflow) || YYERROR_VERBOSE 1680 1738 /*-------------------------------------------------. 1681 1739 | yyexhaustedlab -- memory exhaustion comes here. | … … 1688 1746 1689 1747 yyreturn: 1690 if (yychar != YYE OF && yychar != YYEMPTY)1748 if (yychar != YYEMPTY) 1691 1749 yydestruct ("Cleanup: discarding lookahead", 1692 1750 yytoken, &yylval); -
trunk/server/source4/heimdal/lib/hx509/sel-gram.h
r414 r745 1 /* A Bison parser, made by GNU Bison 2.3. */ 1 2 /* A Bison parser, made by GNU Bison 2.4.1. */ 2 3 3 4 /* Skeleton interface for Bison's Yacc-like parsers in C 4 5 Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 20065 6 Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 6 7 Free Software Foundation, Inc. 7 8 This program is free software ;you can redistribute it and/or modify8 9 This program is free software: you can redistribute it and/or modify 9 10 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation ; either version 2, or (at your option)11 any later version.12 11 the Free Software Foundation, either version 3 of the License, or 12 (at your option) any later version. 13 13 14 This program is distributed in the hope that it will be useful, 14 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 17 GNU General Public License for more details. 17 18 18 19 You should have received a copy of the GNU General Public License 19 along with this program; if not, write to the Free Software 20 Foundation, Inc., 51 Franklin Street, Fifth Floor, 21 Boston, MA 02110-1301, USA. */ 20 along with this program. If not, see <http://www.gnu.org/licenses/>. */ 22 21 23 22 /* As a special exception, you may create a larger work that contains … … 30 29 Bison output files to be licensed under the GNU General Public 31 30 License without this special exception. 32 31 33 32 This special exception was added by the Free Software Foundation in 34 33 version 2.2 of Bison. */ 34 35 35 36 36 /* Tokens. */ … … 67 67 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED 68 68 typedef union YYSTYPE 69 #line 45 "heimdal/lib/hx509/sel-gram.y"70 69 { 70 71 /* Line 1676 of yacc.c */ 72 #line 45 "sel-gram.c" 73 71 74 char *string; 72 75 struct hx_expr *expr; 73 } 74 /* Line 1489 of yacc.c. */ 75 #line 76 "heimdal/lib/hx509/sel-gram.y" 76 YYSTYPE; 76 77 78 79 /* Line 1676 of yacc.c */ 80 #line 81 "sel-gram.c" 81 } YYSTYPE; 82 # define YYSTYPE_IS_TRIVIAL 1 77 83 # define yystype YYSTYPE /* obsolescent; will be withdrawn */ 78 84 # define YYSTYPE_IS_DECLARED 1 79 # define YYSTYPE_IS_TRIVIAL 180 85 #endif 81 86 82 87 extern YYSTYPE yylval; 83 88 89 -
trunk/server/source4/heimdal/lib/hx509/sel-lex.c
r414 r745 1 1 #include "config.h" 2 2 3 #line 3 " heimdal/lib/hx509/sel-lex.c"3 #line 3 "sel-lex.c" 4 4 5 5 #define YY_INT_ALIGNED short int … … 10 10 #define YY_FLEX_MAJOR_VERSION 2 11 11 #define YY_FLEX_MINOR_VERSION 5 12 #define YY_FLEX_SUBMINOR_VERSION 3 412 #define YY_FLEX_SUBMINOR_VERSION 35 13 13 #if YY_FLEX_SUBMINOR_VERSION > 0 14 14 #define FLEX_BETA … … 55 55 typedef unsigned short int flex_uint16_t; 56 56 typedef unsigned int flex_uint32_t; 57 #endif /* ! C99 */58 57 59 58 /* Limits of integral types. */ … … 85 84 #define UINT32_MAX (4294967295U) 86 85 #endif 86 87 #endif /* ! C99 */ 87 88 88 89 #endif /* ! FLEXINT_H */ … … 142 143 /* Size of default input buffer. */ 143 144 #ifndef YY_BUF_SIZE 145 #ifdef __ia64__ 146 /* On IA-64, the buffer size is 16k, not 8k. 147 * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. 148 * Ditto for the __ia64__ case accordingly. 149 */ 150 #define YY_BUF_SIZE 32768 151 #else 144 152 #define YY_BUF_SIZE 16384 153 #endif /* __ia64__ */ 145 154 #endif 146 155 … … 179 188 180 189 #define unput(c) yyunput( c, (yytext_ptr) ) 181 182 /* The following is because we cannot portably get our hands on size_t183 * (without autoconf's help, which isn't available because we want184 * flex-generated scanners to compile on their own).185 * Given that the standard has decreed that size_t exists since 1989,186 * I guess we can afford to depend on it. Manoj.187 */188 190 189 191 #ifndef YY_TYPEDEF_YY_SIZE_T … … 532 534 struct hx_expr_input _hx509_expr_input; 533 535 536 #ifndef YY_NULL 537 #define YY_NULL 0 538 #endif 539 534 540 #define YY_NO_UNPUT 1 535 541 … … 539 545 #undef ECHO 540 546 541 #line 54 1 "heimdal/lib/hx509/sel-lex.c"547 #line 547 "sel-lex.c" 542 548 543 549 #define INITIAL 0 … … 556 562 557 563 static int yy_init_globals (void ); 564 565 /* Accessor methods to globals. 566 These are made visible to non-reentrant scanners for convenience. */ 567 568 int yylex_destroy (void ); 569 570 int yyget_debug (void ); 571 572 void yyset_debug (int debug_flag ); 573 574 YY_EXTRA_TYPE yyget_extra (void ); 575 576 void yyset_extra (YY_EXTRA_TYPE user_defined ); 577 578 FILE *yyget_in (void ); 579 580 void yyset_in (FILE * in_str ); 581 582 FILE *yyget_out (void ); 583 584 void yyset_out (FILE * out_str ); 585 586 int yyget_leng (void ); 587 588 char *yyget_text (void ); 589 590 int yyget_lineno (void ); 591 592 void yyset_lineno (int line_number ); 558 593 559 594 /* Macros after this point can all be overridden by user definitions in … … 591 626 /* Amount of stuff to slurp up with each read. */ 592 627 #ifndef YY_READ_BUF_SIZE 628 #ifdef __ia64__ 629 /* On IA-64, the buffer size is 16k, not 8k */ 630 #define YY_READ_BUF_SIZE 16384 631 #else 593 632 #define YY_READ_BUF_SIZE 8192 633 #endif /* __ia64__ */ 594 634 #endif 595 635 … … 599 639 * we now use fwrite(). 600 640 */ 601 #define ECHO fwrite( yytext, yyleng, 1, yyout)641 #define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) 602 642 #endif 603 643 … … 610 650 { \ 611 651 int c = '*'; \ 612 int n; \652 size_t n; \ 613 653 for ( n = 0; n < max_size && \ 614 654 (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ … … 692 732 register int yy_act; 693 733 694 #line 6 4"sel-lex.l"695 696 697 #line 697 "heimdal/lib/hx509/sel-lex.c"734 #line 68 "sel-lex.l" 735 736 737 #line 737 "sel-lex.c" 698 738 699 739 if ( !(yy_init) ) … … 780 820 case 1: 781 821 YY_RULE_SETUP 782 #line 66"sel-lex.l"822 #line 70 "sel-lex.l" 783 823 { return kw_TRUE; } 784 824 YY_BREAK 785 825 case 2: 786 826 YY_RULE_SETUP 787 #line 67"sel-lex.l"827 #line 71 "sel-lex.l" 788 828 { return kw_FALSE; } 789 829 YY_BREAK 790 830 case 3: 791 831 YY_RULE_SETUP 792 #line 68"sel-lex.l"832 #line 72 "sel-lex.l" 793 833 { return kw_AND; } 794 834 YY_BREAK 795 835 case 4: 796 836 YY_RULE_SETUP 797 #line 69"sel-lex.l"837 #line 73 "sel-lex.l" 798 838 { return kw_OR; } 799 839 YY_BREAK 800 840 case 5: 801 841 YY_RULE_SETUP 802 #line 7 0"sel-lex.l"842 #line 74 "sel-lex.l" 803 843 { return kw_IN; } 804 844 YY_BREAK 805 845 case 6: 806 846 YY_RULE_SETUP 807 #line 7 1"sel-lex.l"847 #line 75 "sel-lex.l" 808 848 { return kw_TAILMATCH; } 809 849 YY_BREAK 810 850 case 7: 811 851 YY_RULE_SETUP 812 #line 7 3"sel-lex.l"852 #line 77 "sel-lex.l" 813 853 { 814 854 yylval.string = strdup ((const char *)yytext); … … 818 858 case 8: 819 859 YY_RULE_SETUP 820 #line 77"sel-lex.l"860 #line 81 "sel-lex.l" 821 861 { yylval.string = handle_string(); return STRING; } 822 862 YY_BREAK … … 824 864 /* rule 9 can match eol */ 825 865 YY_RULE_SETUP 826 #line 78"sel-lex.l"866 #line 82 "sel-lex.l" 827 867 { ++lineno; } 828 868 YY_BREAK 829 869 case 10: 830 870 YY_RULE_SETUP 831 #line 79"sel-lex.l"871 #line 83 "sel-lex.l" 832 872 { return *yytext; } 833 873 YY_BREAK 834 874 case 11: 835 875 YY_RULE_SETUP 836 #line 8 0"sel-lex.l"876 #line 84 "sel-lex.l" 837 877 ; 838 878 YY_BREAK 839 879 case 12: 840 880 YY_RULE_SETUP 841 #line 8 1"sel-lex.l"881 #line 85 "sel-lex.l" 842 882 ECHO; 843 883 YY_BREAK 844 #line 8 44 "heimdal/lib/hx509/sel-lex.c"884 #line 884 "sel-lex.c" 845 885 case YY_STATE_EOF(INITIAL): 846 886 yyterminate(); … … 1600 1640 /** Setup the input buffer state to scan the given bytes. The next call to yylex() will 1601 1641 * scan from a @e copy of @a bytes. 1602 * @param bytes the byte buffer to scan1603 * @param len the number of bytes in the buffer pointed to by @a bytes.1642 * @param yybytes the byte buffer to scan 1643 * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. 1604 1644 * 1605 1645 * @return the newly allocated buffer state object. … … 1840 1880 #define YYTABLES_NAME "yytables" 1841 1881 1842 #line 8 1"sel-lex.l"1882 #line 85 "sel-lex.l" 1843 1883 1844 1884 -
trunk/server/source4/heimdal/lib/hx509/sel-lex.l
r414 r745 53 53 54 54 struct hx_expr_input _hx509_expr_input; 55 56 #ifndef YY_NULL 57 #define YY_NULL 0 58 #endif 55 59 56 60 #define YY_NO_UNPUT 1 -
trunk/server/source4/heimdal/lib/hx509/sel.c
r414 r745 176 176 default: 177 177 _hx509_abort("hx509 eval expr with unknown op: %d", (int)expr->op); 178 UNREACHABLE(return 0); 178 179 } 179 180 }
Note:
See TracChangeset
for help on using the changeset viewer.
