← Back to branch summary

~ubuntu-branches/ubuntu/trusty/gnutls26/trusty

« back to all changes in this revision

Viewing changes to lib/x509/extensions.c

  • Committer: Package Import Robot
  • Author(s): Andreas Metzler
  • Date: 2011-10-01 15:28:13 UTC
  • mfrom: (12.1.20 sid)
  • Revision ID: package-import@ubuntu.com-20111001152813-yygm1c4cxonfxhzy
http://bugs.debian.org/640639
* New upstream version.
  + Allow CA importing of 0 certificates to succeed. Closes: #640639
* Add libp11-kit-dev to libgnutls-dev dependencies. (see #643811)
* [20_guiledocstring.diff] guile: Fix docstring extraction with CPP 4.5+.

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/x509/extensions.c
36
36
 
37
37
static int
38
38
get_extension (ASN1_TYPE asn, const char *root,
39
 
               const char *extension_id, int indx,
40
 
               gnutls_datum_t * ret, unsigned int *_critical)
 
39
               const char *extension_id, int indx,
 
40
               gnutls_datum_t * ret, unsigned int *_critical)
41
41
{
42
42
  int k, result, len;
43
43
  char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
65
65
       */
66
66
 
67
67
      if (result == ASN1_ELEMENT_NOT_FOUND)
68
 
        {
69
 
          break;
70
 
        }
 
68
        {
 
69
          break;
 
70
        }
71
71
 
72
72
      do
73
 
        {
74
 
 
75
 
          _gnutls_str_cpy (name2, sizeof (name2), name);
76
 
          _gnutls_str_cat (name2, sizeof (name2), ".extnID");
77
 
 
78
 
          len = sizeof (extnID) - 1;
79
 
          result = asn1_read_value (asn, name2, extnID, &len);
80
 
 
81
 
          if (result == ASN1_ELEMENT_NOT_FOUND)
82
 
            {
83
 
              gnutls_assert ();
84
 
              break;
85
 
            }
86
 
          else if (result != ASN1_SUCCESS)
87
 
            {
88
 
              gnutls_assert ();
89
 
              return _gnutls_asn2err (result);
90
 
            }
91
 
 
92
 
          /* Handle Extension 
93
 
           */
94
 
          if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
95
 
            {
96
 
              /* extension was found 
97
 
               */
98
 
 
99
 
              /* read the critical status.
100
 
               */
101
 
              _gnutls_str_cpy (name2, sizeof (name2), name);
102
 
              _gnutls_str_cat (name2, sizeof (name2), ".critical");
103
 
 
104
 
              len = sizeof (str_critical);
105
 
              result = asn1_read_value (asn, name2, str_critical, &len);
106
 
 
107
 
              if (result == ASN1_ELEMENT_NOT_FOUND)
108
 
                {
109
 
                  gnutls_assert ();
110
 
                  break;
111
 
                }
112
 
              else if (result != ASN1_SUCCESS)
113
 
                {
114
 
                  gnutls_assert ();
115
 
                  return _gnutls_asn2err (result);
116
 
                }
117
 
 
118
 
              if (str_critical[0] == 'T')
119
 
                critical = 1;
120
 
              else
121
 
                critical = 0;
122
 
 
123
 
              /* read the value.
124
 
               */
125
 
              _gnutls_str_cpy (name2, sizeof (name2), name);
126
 
              _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
127
 
 
128
 
              result = _gnutls_x509_read_value (asn, name2, &value, 0);
129
 
              if (result < 0)
130
 
                {
131
 
                  gnutls_assert ();
132
 
                  return result;
133
 
                }
134
 
 
135
 
              ret->data = value.data;
136
 
              ret->size = value.size;
137
 
 
138
 
              if (_critical)
139
 
                *_critical = critical;
140
 
 
141
 
              return 0;
142
 
            }
143
 
 
144
 
 
145
 
        }
 
73
        {
 
74
 
 
75
          _gnutls_str_cpy (name2, sizeof (name2), name);
 
76
          _gnutls_str_cat (name2, sizeof (name2), ".extnID");
 
77
 
 
78
          len = sizeof (extnID) - 1;
 
79
          result = asn1_read_value (asn, name2, extnID, &len);
 
80
 
 
81
          if (result == ASN1_ELEMENT_NOT_FOUND)
 
82
            {
 
83
              gnutls_assert ();
 
84
              break;
 
85
            }
 
86
          else if (result != ASN1_SUCCESS)
 
87
            {
 
88
              gnutls_assert ();
 
89
              return _gnutls_asn2err (result);
 
90
            }
 
91
 
 
92
          /* Handle Extension 
 
93
           */
 
94
          if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
 
95
            {
 
96
              /* extension was found 
 
97
               */
 
98
 
 
99
              /* read the critical status.
 
100
               */
 
101
              _gnutls_str_cpy (name2, sizeof (name2), name);
 
102
              _gnutls_str_cat (name2, sizeof (name2), ".critical");
 
103
 
 
104
              len = sizeof (str_critical);
 
105
              result = asn1_read_value (asn, name2, str_critical, &len);
 
106
 
 
107
              if (result == ASN1_ELEMENT_NOT_FOUND)
 
108
                {
 
109
                  gnutls_assert ();
 
110
                  break;
 
111
                }
 
112
              else if (result != ASN1_SUCCESS)
 
113
                {
 
114
                  gnutls_assert ();
 
115
                  return _gnutls_asn2err (result);
 
116
                }
 
117
 
 
118
              if (str_critical[0] == 'T')
 
119
                critical = 1;
 
120
              else
 
121
                critical = 0;
 
122
 
 
123
              /* read the value.
 
124
               */
 
125
              _gnutls_str_cpy (name2, sizeof (name2), name);
 
126
              _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
 
127
 
 
128
              result = _gnutls_x509_read_value (asn, name2, &value, 0);
 
129
              if (result < 0)
 
130
                {
 
131
                  gnutls_assert ();
 
132
                  return result;
 
133
                }
 
134
 
 
135
              ret->data = value.data;
 
136
              ret->size = value.size;
 
137
 
 
138
              if (_critical)
 
139
                *_critical = critical;
 
140
 
 
141
              return 0;
 
142
            }
 
143
 
 
144
 
 
145
        }
146
146
      while (0);
147
147
    }
148
148
  while (1);
169
169
 */
170
170
int
171
171
_gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
172
 
                                const char *extension_id, int indx,
173
 
                                gnutls_datum_t * ret, unsigned int *_critical)
 
172
                                const char *extension_id, int indx,
 
173
                                gnutls_datum_t * ret, unsigned int *_critical)
174
174
{
175
175
  return get_extension (cert->cert, "tbsCertificate.extensions", extension_id,
176
 
                        indx, ret, _critical);
 
176
                        indx, ret, _critical);
177
177
}
178
178
 
179
179
int
180
180
_gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
181
 
                                const char *extension_id, int indx,
182
 
                                gnutls_datum_t * ret, unsigned int *_critical)
 
181
                                const char *extension_id, int indx,
 
182
                                gnutls_datum_t * ret, unsigned int *_critical)
183
183
{
184
184
  return get_extension (crl->crl, "tbsCertList.crlExtensions", extension_id,
185
 
                        indx, ret, _critical);
 
185
                        indx, ret, _critical);
186
186
}
187
187
 
188
188
 
194
194
 */
195
195
static int
196
196
get_extension_oid (ASN1_TYPE asn, const char *root,
197
 
                   int indx, void *oid, size_t * sizeof_oid)
 
197
                   int indx, void *oid, size_t * sizeof_oid)
198
198
{
199
199
  int k, result, len;
200
200
  char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
216
216
       */
217
217
 
218
218
      if (result == ASN1_ELEMENT_NOT_FOUND)
219
 
        {
220
 
          break;
221
 
        }
 
219
        {
 
220
          break;
 
221
        }
222
222
 
223
223
      do
224
 
        {
225
 
 
226
 
          _gnutls_str_cpy (name2, sizeof (name2), name);
227
 
          _gnutls_str_cat (name2, sizeof (name2), ".extnID");
228
 
 
229
 
          len = sizeof (extnID) - 1;
230
 
          result = asn1_read_value (asn, name2, extnID, &len);
231
 
 
232
 
          if (result == ASN1_ELEMENT_NOT_FOUND)
233
 
            {
234
 
              gnutls_assert ();
235
 
              break;
236
 
            }
237
 
          else if (result != ASN1_SUCCESS)
238
 
            {
239
 
              gnutls_assert ();
240
 
              return _gnutls_asn2err (result);
241
 
            }
242
 
 
243
 
          /* Handle Extension 
244
 
           */
245
 
          if (indx == indx_counter++)
246
 
            {
247
 
              len = strlen (extnID) + 1;
248
 
 
249
 
              if (*sizeof_oid < (unsigned) len)
250
 
                {
251
 
                  *sizeof_oid = len;
252
 
                  gnutls_assert ();
253
 
                  return GNUTLS_E_SHORT_MEMORY_BUFFER;
254
 
                }
255
 
 
256
 
              memcpy (oid, extnID, len);
257
 
              *sizeof_oid = len - 1;
258
 
 
259
 
              return 0;
260
 
            }
261
 
 
262
 
 
263
 
        }
 
224
        {
 
225
 
 
226
          _gnutls_str_cpy (name2, sizeof (name2), name);
 
227
          _gnutls_str_cat (name2, sizeof (name2), ".extnID");
 
228
 
 
229
          len = sizeof (extnID) - 1;
 
230
          result = asn1_read_value (asn, name2, extnID, &len);
 
231
 
 
232
          if (result == ASN1_ELEMENT_NOT_FOUND)
 
233
            {
 
234
              gnutls_assert ();
 
235
              break;
 
236
            }
 
237
          else if (result != ASN1_SUCCESS)
 
238
            {
 
239
              gnutls_assert ();
 
240
              return _gnutls_asn2err (result);
 
241
            }
 
242
 
 
243
          /* Handle Extension 
 
244
           */
 
245
          if (indx == indx_counter++)
 
246
            {
 
247
              len = strlen (extnID) + 1;
 
248
 
 
249
              if (*sizeof_oid < (unsigned) len)
 
250
                {
 
251
                  *sizeof_oid = len;
 
252
                  gnutls_assert ();
 
253
                  return GNUTLS_E_SHORT_MEMORY_BUFFER;
 
254
                }
 
255
 
 
256
              memcpy (oid, extnID, len);
 
257
              *sizeof_oid = len - 1;
 
258
 
 
259
              return 0;
 
260
            }
 
261
 
 
262
 
 
263
        }
264
264
      while (0);
265
265
    }
266
266
  while (1);
284
284
 */
285
285
int
286
286
_gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
287
 
                                    int indx, void *oid, size_t * sizeof_oid)
 
287
                                    int indx, void *oid, size_t * sizeof_oid)
288
288
{
289
289
  return get_extension_oid (cert->cert, "tbsCertificate.extensions", indx,
290
 
                            oid, sizeof_oid);
 
290
                            oid, sizeof_oid);
291
291
}
292
292
 
293
293
int
294
294
_gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
295
 
                                    int indx, void *oid, size_t * sizeof_oid)
 
295
                                    int indx, void *oid, size_t * sizeof_oid)
296
296
{
297
297
  return get_extension_oid (crl->crl, "tbsCertList.crlExtensions", indx, oid,
298
 
                            sizeof_oid);
 
298
                            sizeof_oid);
299
299
}
300
300
 
301
301
/* This function will attempt to set the requested extension in
305
305
 */
306
306
static int
307
307
add_extension (ASN1_TYPE asn, const char *root, const char *extension_id,
308
 
               const gnutls_datum_t * ext_data, unsigned int critical)
 
308
               const gnutls_datum_t * ext_data, unsigned int critical)
309
309
{
310
310
  int result;
311
311
  const char *str;
371
371
 */
372
372
static int
373
373
overwrite_extension (ASN1_TYPE asn, const char *root, unsigned int indx,
374
 
                     const gnutls_datum_t * ext_data, unsigned int critical)
 
374
                     const gnutls_datum_t * ext_data, unsigned int critical)
375
375
{
376
376
  char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
377
377
  const char *str;
412
412
 
413
413
static int
414
414
set_extension (ASN1_TYPE asn, const char *root,
415
 
               const char *ext_id,
416
 
               const gnutls_datum_t * ext_data, unsigned int critical)
 
415
               const char *ext_id,
 
416
               const gnutls_datum_t * ext_data, unsigned int critical)
417
417
{
418
418
  int result;
419
419
  int k, len;
428
428
      k++;
429
429
 
430
430
      if (root[0] != 0)
431
 
        snprintf (name, sizeof (name), "%s.?%u", root, k);
 
431
        snprintf (name, sizeof (name), "%s.?%u", root, k);
432
432
      else
433
 
        snprintf (name, sizeof (name), "?%u", k);
 
433
        snprintf (name, sizeof (name), "?%u", k);
434
434
 
435
435
      len = sizeof (extnID) - 1;
436
436
      result = asn1_read_value (asn, name, extnID, &len);
439
439
       */
440
440
 
441
441
      if (result == ASN1_ELEMENT_NOT_FOUND)
442
 
        {
443
 
          break;
444
 
        }
 
442
        {
 
443
          break;
 
444
        }
445
445
 
446
446
      do
447
 
        {
448
 
 
449
 
          _gnutls_str_cpy (name2, sizeof (name2), name);
450
 
          _gnutls_str_cat (name2, sizeof (name2), ".extnID");
451
 
 
452
 
          len = sizeof (extnID) - 1;
453
 
          result = asn1_read_value (asn, name2, extnID, &len);
454
 
 
455
 
          if (result == ASN1_ELEMENT_NOT_FOUND)
456
 
            {
457
 
              gnutls_assert ();
458
 
              break;
459
 
            }
460
 
          else if (result != ASN1_SUCCESS)
461
 
            {
462
 
              gnutls_assert ();
463
 
              return _gnutls_asn2err (result);
464
 
            }
465
 
 
466
 
          /* Handle Extension 
467
 
           */
468
 
          if (strcmp (extnID, ext_id) == 0)
469
 
            {
470
 
              /* extension was found 
471
 
               */
472
 
              return overwrite_extension (asn, root, k, ext_data, critical);
473
 
            }
474
 
 
475
 
 
476
 
        }
 
447
        {
 
448
 
 
449
          _gnutls_str_cpy (name2, sizeof (name2), name);
 
450
          _gnutls_str_cat (name2, sizeof (name2), ".extnID");
 
451
 
 
452
          len = sizeof (extnID) - 1;
 
453
          result = asn1_read_value (asn, name2, extnID, &len);
 
454
 
 
455
          if (result == ASN1_ELEMENT_NOT_FOUND)
 
456
            {
 
457
              gnutls_assert ();
 
458
              break;
 
459
            }
 
460
          else if (result != ASN1_SUCCESS)
 
461
            {
 
462
              gnutls_assert ();
 
463
              return _gnutls_asn2err (result);
 
464
            }
 
465
 
 
466
          /* Handle Extension 
 
467
           */
 
468
          if (strcmp (extnID, ext_id) == 0)
 
469
            {
 
470
              /* extension was found 
 
471
               */
 
472
              return overwrite_extension (asn, root, k, ext_data, critical);
 
473
            }
 
474
 
 
475
 
 
476
        }
477
477
      while (0);
478
478
    }
479
479
  while (1);
499
499
 */
500
500
int
501
501
_gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
502
 
                                const char *ext_id,
503
 
                                const gnutls_datum_t * ext_data,
504
 
                                unsigned int critical)
 
502
                                const char *ext_id,
 
503
                                const gnutls_datum_t * ext_data,
 
504
                                unsigned int critical)
505
505
{
506
506
  return set_extension (cert->cert, "tbsCertificate.extensions", ext_id,
507
 
                        ext_data, critical);
 
507
                        ext_data, critical);
508
508
}
509
509
 
510
510
int
511
511
_gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
512
 
                                const char *ext_id,
513
 
                                const gnutls_datum_t * ext_data,
514
 
                                unsigned int critical)
 
512
                                const char *ext_id,
 
513
                                const gnutls_datum_t * ext_data,
 
514
                                unsigned int critical)
515
515
{
516
516
  return set_extension (crl->crl, "tbsCertList.crlExtensions", ext_id,
517
 
                        ext_data, critical);
 
517
                        ext_data, critical);
518
518
}
519
519
 
520
520
#ifdef ENABLE_PKI
521
521
int
522
522
_gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
523
 
                                const char *ext_id,
524
 
                                const gnutls_datum_t * ext_data,
525
 
                                unsigned int critical)
 
523
                                const char *ext_id,
 
524
                                const gnutls_datum_t * ext_data,
 
525
                                unsigned int critical)
526
526
{
527
527
  unsigned char *extensions = NULL;
528
528
  size_t extensions_size = 0;
531
531
  int result;
532
532
 
533
533
  result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
534
 
                                                 0, NULL, &extensions_size);
 
534
                                                 0, NULL, &extensions_size);
535
535
  if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
536
536
    {
537
537
      extensions = gnutls_malloc (extensions_size);
538
538
      if (extensions == NULL)
539
 
        {
540
 
          gnutls_assert ();
541
 
          return GNUTLS_E_MEMORY_ERROR;
542
 
        }
 
539
        {
 
540
          gnutls_assert ();
 
541
          return GNUTLS_E_MEMORY_ERROR;
 
542
        }
543
543
 
544
544
      result = gnutls_x509_crq_get_attribute_by_oid (crq,
545
 
                                                     "1.2.840.113549.1.9.14",
546
 
                                                     0, extensions,
547
 
                                                     &extensions_size);
 
545
                                                     "1.2.840.113549.1.9.14",
 
546
                                                     0, extensions,
 
547
                                                     &extensions_size);
548
548
    }
549
549
  if (result < 0)
550
550
    {
551
551
      if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
552
 
        {
553
 
          extensions_size = 0;
554
 
        }
 
552
        {
 
553
          extensions_size = 0;
 
554
        }
555
555
      else
556
 
        {
557
 
          gnutls_assert ();
558
 
          gnutls_free (extensions);
559
 
          return result;
560
 
        }
 
556
        {
 
557
          gnutls_assert ();
 
558
          gnutls_free (extensions);
 
559
          return result;
 
560
        }
561
561
    }
562
562
 
563
563
  result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
573
573
      result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
574
574
      gnutls_free (extensions);
575
575
      if (result != ASN1_SUCCESS)
576
 
        {
577
 
          gnutls_assert ();
578
 
          asn1_delete_structure (&c2);
579
 
          return _gnutls_asn2err (result);
580
 
        }
 
576
        {
 
577
          gnutls_assert ();
 
578
          asn1_delete_structure (&c2);
 
579
          return _gnutls_asn2err (result);
 
580
        }
581
581
    }
582
582
 
583
583
  result = set_extension (c2, "", ext_id, ext_data, critical);
599
599
    }
600
600
 
601
601
  result = gnutls_x509_crq_set_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
602
 
                                                 der.data, der.size);
 
602
                                                 der.data, der.size);
603
603
  gnutls_free (der.data);
604
604
  if (result < 0)
605
605
    {
618
618
 */
619
619
int
620
620
_gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
621
 
                                   opaque * extnValue, int extnValueLen)
 
621
                                   opaque * extnValue, int extnValueLen)
622
622
{
623
623
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
624
624
  int len, result;
663
663
 */
664
664
int
665
665
_gnutls_x509_ext_extract_basicConstraints (int *CA,
666
 
                                           int *pathLenConstraint,
667
 
                                           opaque * extnValue,
668
 
                                           int extnValueLen)
 
666
                                           int *pathLenConstraint,
 
667
                                           opaque * extnValue,
 
668
                                           int extnValueLen)
669
669
{
670
670
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
671
671
  char str[128];
689
689
  if (pathLenConstraint)
690
690
    {
691
691
      result = _gnutls_x509_read_uint (ext, "pathLenConstraint",
692
 
                                       pathLenConstraint);
 
692
                                       pathLenConstraint);
693
693
      if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
694
 
        *pathLenConstraint = -1;
 
694
        *pathLenConstraint = -1;
695
695
      else if (result != GNUTLS_E_SUCCESS)
696
 
        {
697
 
          gnutls_assert ();
698
 
          asn1_delete_structure (&ext);
699
 
          return _gnutls_asn2err (result);
700
 
        }
 
696
        {
 
697
          gnutls_assert ();
 
698
          asn1_delete_structure (&ext);
 
699
          return _gnutls_asn2err (result);
 
700
        }
701
701
    }
702
702
 
703
703
  /* the default value of cA is false.
721
721
 */
722
722
int
723
723
_gnutls_x509_ext_gen_basicConstraints (int CA,
724
 
                                       int pathLenConstraint,
725
 
                                       gnutls_datum_t * der_ext)
 
724
                                       int pathLenConstraint,
 
725
                                       gnutls_datum_t * der_ext)
726
726
{
727
727
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
728
728
  const char *str;
753
753
    {
754
754
      result = asn1_write_value (ext, "pathLenConstraint", NULL, 0);
755
755
      if (result < 0)
756
 
        result = _gnutls_asn2err (result);
 
756
        result = _gnutls_asn2err (result);
757
757
    }
758
758
  else
759
759
    result = _gnutls_x509_write_uint32 (ext, "pathLenConstraint",
760
 
                                        pathLenConstraint);
 
760
                                        pathLenConstraint);
761
761
  if (result < 0)
762
762
    {
763
763
      gnutls_assert ();
782
782
 */
783
783
int
784
784
_gnutls_x509_ext_extract_number (opaque * number,
785
 
                                 size_t * _nr_size,
786
 
                                 opaque * extnValue, int extnValueLen)
 
785
                                 size_t * _nr_size,
 
786
                                 opaque * extnValue, int extnValueLen)
787
787
{
788
788
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
789
789
  int result;
794
794
   */
795
795
  if ((result = asn1_create_element
796
796
       (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
797
 
        &ext)) != ASN1_SUCCESS)
 
797
        &ext)) != ASN1_SUCCESS)
798
798
    {
799
799
      gnutls_assert ();
800
800
      return _gnutls_asn2err (result);
827
827
 */
828
828
int
829
829
_gnutls_x509_ext_gen_number (const opaque * number, size_t nr_size,
830
 
                             gnutls_datum_t * der_ext)
 
830
                             gnutls_datum_t * der_ext)
831
831
{
832
832
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
833
833
  int result;
834
834
 
835
835
  result =
836
836
    asn1_create_element (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
837
 
                         &ext);
 
837
                         &ext);
838
838
  if (result != ASN1_SUCCESS)
839
839
    {
840
840
      gnutls_assert ();
905
905
 
906
906
static int
907
907
write_new_general_name (ASN1_TYPE ext, const char *ext_name,
908
 
                        gnutls_x509_subject_alt_name_t type,
909
 
                        const void *data, unsigned int data_size)
 
908
                        gnutls_x509_subject_alt_name_t type,
 
909
                        const void *data, unsigned int data_size)
910
910
{
911
911
  const char *str;
912
912
  int result;
939
939
    }
940
940
 
941
941
  if (ext_name[0] == 0)
942
 
    {                           /* no dot */
 
942
    {                           /* no dot */
943
943
      _gnutls_str_cpy (name, sizeof (name), "?LAST");
944
944
    }
945
945
  else
974
974
 */
975
975
int
976
976
_gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
977
 
                                       type, const void *data,
978
 
                                       unsigned int data_size,
979
 
                                       gnutls_datum_t * prev_der_ext,
980
 
                                       gnutls_datum_t * der_ext)
 
977
                                       type, const void *data,
 
978
                                       unsigned int data_size,
 
979
                                       gnutls_datum_t * prev_der_ext,
 
980
                                       gnutls_datum_t * der_ext)
981
981
{
982
982
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
983
983
  int result;
994
994
      && prev_der_ext->size != 0)
995
995
    {
996
996
      result =
997
 
        asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size,
998
 
                           NULL);
 
997
        asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size,
 
998
                           NULL);
999
999
 
1000
1000
      if (result != ASN1_SUCCESS)
1001
 
        {
1002
 
          gnutls_assert ();
1003
 
          asn1_delete_structure (&ext);
1004
 
          return _gnutls_asn2err (result);
1005
 
        }
 
1001
        {
 
1002
          gnutls_assert ();
 
1003
          asn1_delete_structure (&ext);
 
1004
          return _gnutls_asn2err (result);
 
1005
        }
1006
1006
    }
1007
1007
 
1008
1008
  result = write_new_general_name (ext, "", type, data, data_size);
1030
1030
 */
1031
1031
int
1032
1032
_gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
1033
 
                             gnutls_datum_t * der_ext)
 
1033
                             gnutls_datum_t * der_ext)
1034
1034
{
1035
1035
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
1036
1036
  int result;
1037
1037
 
1038
1038
  result =
1039
1039
    asn1_create_element (_gnutls_get_pkix (),
1040
 
                         "PKIX1.SubjectKeyIdentifier", &ext);
 
1040
                         "PKIX1.SubjectKeyIdentifier", &ext);
1041
1041
  if (result != ASN1_SUCCESS)
1042
1042
    {
1043
1043
      gnutls_assert ();
1069
1069
 */
1070
1070
int
1071
1071
_gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
1072
 
                                  gnutls_datum_t * der_ext)
 
1072
                                  gnutls_datum_t * der_ext)
1073
1073
{
1074
1074
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
1075
1075
  int result;
1076
1076
 
1077
1077
  result =
1078
1078
    asn1_create_element (_gnutls_get_pkix (),
1079
 
                         "PKIX1.AuthorityKeyIdentifier", &ext);
 
1079
                         "PKIX1.AuthorityKeyIdentifier", &ext);
1080
1080
  if (result != ASN1_SUCCESS)
1081
1081
    {
1082
1082
      gnutls_assert ();
1115
1115
 */
1116
1116
int
1117
1117
_gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t
1118
 
                                      type, const void *data,
1119
 
                                      unsigned int data_size,
1120
 
                                      unsigned int reason_flags,
1121
 
                                      gnutls_datum_t * der_ext)
 
1118
                                      type, const void *data,
 
1119
                                      unsigned int data_size,
 
1120
                                      unsigned int reason_flags,
 
1121
                                      gnutls_datum_t * der_ext)
1122
1122
{
1123
1123
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
1124
1124
  gnutls_datum_t gnames = { NULL, 0 };
1130
1130
 
1131
1131
  result =
1132
1132
    asn1_create_element (_gnutls_get_pkix (),
1133
 
                         "PKIX1.CRLDistributionPoints", &ext);
 
1133
                         "PKIX1.CRLDistributionPoints", &ext);
1134
1134
  if (result != ASN1_SUCCESS)
1135
1135
    {
1136
1136
      gnutls_assert ();
1150
1150
    {
1151
1151
      result = asn1_write_value (ext, "?LAST.reasons", reasons, 9);
1152
1152
      if (result != ASN1_SUCCESS)
1153
 
        {
1154
 
          gnutls_assert ();
1155
 
          result = _gnutls_asn2err (result);
1156
 
          goto cleanup;
1157
 
        }
 
1153
        {
 
1154
          gnutls_assert ();
 
1155
          result = _gnutls_asn2err (result);
 
1156
          goto cleanup;
 
1157
        }
1158
1158
    }
1159
1159
  else
1160
1160
    {
1161
1161
      result = asn1_write_value (ext, "?LAST.reasons", NULL, 0);
1162
1162
      if (result != ASN1_SUCCESS)
1163
 
        {
1164
 
          gnutls_assert ();
1165
 
          result = _gnutls_asn2err (result);
1166
 
          goto cleanup;
1167
 
        }
 
1163
        {
 
1164
          gnutls_assert ();
 
1165
          result = _gnutls_asn2err (result);
 
1166
          goto cleanup;
 
1167
        }
1168
1168
    }
1169
1169
 
1170
1170
  result = asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0);
1188
1188
#if 0
1189
1189
  /* only needed in old code (where defined as SEQUENCE OF) */
1190
1190
  asn1_write_value (ext,
1191
 
                    "?LAST.distributionPoint.nameRelativeToCRLIssuer",
1192
 
                    NULL, 0);
 
1191
                    "?LAST.distributionPoint.nameRelativeToCRLIssuer",
 
1192
                    NULL, 0);
1193
1193
#endif
1194
1194
 
1195
1195
  result =
1196
1196
    write_new_general_name (ext, "?LAST.distributionPoint.fullName",
1197
 
                            type, data, data_size);
 
1197
                            type, data, data_size);
1198
1198
  if (result < 0)
1199
1199
    {
1200
1200
      gnutls_assert ();
1222
1222
 */
1223
1223
int
1224
1224
_gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
1225
 
                                        char **policyLanguage,
1226
 
                                        char **policy,
1227
 
                                        size_t * sizeof_policy,
1228
 
                                        opaque * extnValue, int extnValueLen)
 
1225
                                        char **policyLanguage,
 
1226
                                        char **policy,
 
1227
                                        size_t * sizeof_policy,
 
1228
                                        opaque * extnValue, int extnValueLen)
1229
1229
{
1230
1230
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
1231
1231
  int result;
1249
1249
  if (pathLenConstraint)
1250
1250
    {
1251
1251
      result = _gnutls_x509_read_uint (ext, "pCPathLenConstraint",
1252
 
                                       pathLenConstraint);
 
1252
                                       pathLenConstraint);
1253
1253
      if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
1254
 
        *pathLenConstraint = -1;
 
1254
        *pathLenConstraint = -1;
1255
1255
      else if (result != GNUTLS_E_SUCCESS)
1256
 
        {
1257
 
          asn1_delete_structure (&ext);
1258
 
          return _gnutls_asn2err (result);
1259
 
        }
 
1256
        {
 
1257
          asn1_delete_structure (&ext);
 
1258
          return _gnutls_asn2err (result);
 
1259
        }
1260
1260
    }
1261
1261
 
1262
1262
  result = _gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage",
1263
 
                                    &value, 0);
 
1263
                                    &value, 0);
1264
1264
  if (result < 0)
1265
1265
    {
1266
1266
      gnutls_assert ();
1275
1275
  if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
1276
1276
    {
1277
1277
      if (policy)
1278
 
        *policy = NULL;
 
1278
        *policy = NULL;
1279
1279
      if (sizeof_policy)
1280
 
        *sizeof_policy = 0;
 
1280
        *sizeof_policy = 0;
1281
1281
    }
1282
1282
  else if (result < 0)
1283
1283
    {
1288
1288
  else
1289
1289
    {
1290
1290
      if (policy)
1291
 
        *policy = value.data;
 
1291
        *policy = value.data;
1292
1292
      if (sizeof_policy)
1293
 
        *sizeof_policy = value.size;
 
1293
        *sizeof_policy = value.size;
1294
1294
    }
1295
1295
 
1296
1296
  asn1_delete_structure (&ext);
1302
1302
 */
1303
1303
int
1304
1304
_gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
1305
 
                                    const char *policyLanguage,
1306
 
                                    const char *policy,
1307
 
                                    size_t sizeof_policy,
1308
 
                                    gnutls_datum_t * der_ext)
 
1305
                                    const char *policyLanguage,
 
1306
                                    const char *policy,
 
1307
                                    size_t sizeof_policy,
 
1308
                                    gnutls_datum_t * der_ext)
1309
1309
{
1310
1310
  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
1311
1311
  int result;
1312
1312
 
1313
1313
  result = asn1_create_element (_gnutls_get_pkix (),
1314
 
                                "PKIX1.ProxyCertInfo", &ext);
 
1314
                                "PKIX1.ProxyCertInfo", &ext);
1315
1315
  if (result != ASN1_SUCCESS)
1316
1316
    {
1317
1317
      gnutls_assert ();
1322
1322
    {
1323
1323
      result = asn1_write_value (ext, "pCPathLenConstraint", NULL, 0);
1324
1324
      if (result < 0)
1325
 
        result = _gnutls_asn2err (result);
 
1325
        result = _gnutls_asn2err (result);
1326
1326
    }
1327
1327
  else
1328
1328
    result = _gnutls_x509_write_uint32 (ext, "pCPathLenConstraint",
1329
 
                                        pathLenConstraint);
 
1329
                                        pathLenConstraint);
1330
1330
  if (result < 0)
1331
1331
    {
1332
1332
      gnutls_assert ();
1335
1335
    }
1336
1336
 
1337
1337
  result = asn1_write_value (ext, "proxyPolicy.policyLanguage",
1338
 
                             policyLanguage, 1);
 
1338
                             policyLanguage, 1);
1339
1339
  if (result < 0)
1340
1340
    {
1341
1341
      gnutls_assert ();
1344
1344
    }
1345
1345
 
1346
1346
  result = asn1_write_value (ext, "proxyPolicy.policy",
1347
 
                             policy, sizeof_policy);
 
1347
                             policy, sizeof_policy);
1348
1348
  if (result < 0)
1349
1349
    {
1350
1350
      gnutls_assert ();