Lines Matching +full:data +full:- +full:out
2 * Copyright (c) 2006 - 2010 Kungliga Tekniska Högskolan
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
68 * Allocate an to-be-signed certificate object that will be converted
72 * @param tbs returned to-be-signed certicate object, free with
104 free_SubjectPublicKeyInfo(&(*tbs)->spki); in hx509_ca_tbs_free()
105 free_GeneralNames(&(*tbs)->san); in hx509_ca_tbs_free()
106 free_ExtKeyUsage(&(*tbs)->eku); in hx509_ca_tbs_free()
107 der_free_heim_integer(&(*tbs)->serial); in hx509_ca_tbs_free()
108 free_CRLDistributionPoints(&(*tbs)->crldp); in hx509_ca_tbs_free()
109 der_free_bit_string(&(*tbs)->subjectUniqueID); in hx509_ca_tbs_free()
110 der_free_bit_string(&(*tbs)->issuerUniqueID); in hx509_ca_tbs_free()
111 hx509_name_free(&(*tbs)->subject); in hx509_ca_tbs_free()
136 tbs->notBefore = t; in hx509_ca_tbs_set_notBefore()
157 tbs->notAfter = t; in hx509_ca_tbs_set_notAfter()
208 * Initialize the to-be-signed certificate object from a template certifiate.
230 if (tbs->subject) in hx509_ca_tbs_set_template()
231 hx509_name_free(&tbs->subject); in hx509_ca_tbs_set_template()
232 ret = hx509_cert_get_subject(cert, &tbs->subject); in hx509_ca_tbs_set_template()
240 der_free_heim_integer(&tbs->serial); in hx509_ca_tbs_set_template()
241 ret = hx509_cert_get_serialnumber(cert, &tbs->serial); in hx509_ca_tbs_set_template()
242 tbs->flags.serial = !ret; in hx509_ca_tbs_set_template()
250 tbs->notBefore = hx509_cert_get_notBefore(cert); in hx509_ca_tbs_set_template()
252 tbs->notAfter = hx509_cert_get_notAfter(cert); in hx509_ca_tbs_set_template()
254 free_SubjectPublicKeyInfo(&tbs->spki); in hx509_ca_tbs_set_template()
255 ret = hx509_cert_get_SPKI(context, cert, &tbs->spki); in hx509_ca_tbs_set_template()
256 tbs->flags.key = !ret; in hx509_ca_tbs_set_template()
265 tbs->key_usage = KeyUsage2int(ku); in hx509_ca_tbs_set_template()
286 * Make the to-be-signed certificate object a CA certificate. If the
304 tbs->flags.ca = 1; in hx509_ca_tbs_set_ca()
305 tbs->pathLenConstraint = pathLenConstraint; in hx509_ca_tbs_set_ca()
310 * Make the to-be-signed certificate object a proxy certificate. If the
328 tbs->flags.proxy = 1; in hx509_ca_tbs_set_proxy()
329 tbs->pathLenConstraint = pathLenConstraint; in hx509_ca_tbs_set_proxy()
335 * Make the to-be-signed certificate object a windows domain controller certificate.
349 tbs->flags.domaincontroller = 1; in hx509_ca_tbs_set_domaincontroller()
354 * Set the subject public key info (SPKI) in the to-be-signed certificate
360 * @param spki subject public key info to use for the to-be-signed certificate object.
373 free_SubjectPublicKeyInfo(&tbs->spki); in hx509_ca_tbs_set_spki()
374 ret = copy_SubjectPublicKeyInfo(spki, &tbs->spki); in hx509_ca_tbs_set_spki()
375 tbs->flags.key = !ret; in hx509_ca_tbs_set_spki()
380 * Set the serial number to use for to-be-signed certificate object.
384 * @param serialNumber serial number to use for the to-be-signed
398 der_free_heim_integer(&tbs->serial); in hx509_ca_tbs_set_serialnumber()
399 ret = der_copy_heim_integer(serialNumber, &tbs->serial); in hx509_ca_tbs_set_serialnumber()
400 tbs->flags.serial = !ret; in hx509_ca_tbs_set_serialnumber()
405 * An an extended key usage to the to-be-signed certificate object.
427 for (i = 0; i < tbs->eku.len; i++) { in hx509_ca_tbs_add_eku()
428 if (der_heim_oid_cmp(oid, &tbs->eku.val[i]) == 0) in hx509_ca_tbs_add_eku()
432 ptr = realloc(tbs->eku.val, sizeof(tbs->eku.val[0]) * (tbs->eku.len + 1)); in hx509_ca_tbs_add_eku()
434 hx509_set_error_string(context, 0, ENOMEM, "out of memory"); in hx509_ca_tbs_add_eku()
437 tbs->eku.val = ptr; in hx509_ca_tbs_add_eku()
438 ret = der_copy_oid(oid, &tbs->eku.val[tbs->eku.len]); in hx509_ca_tbs_add_eku()
440 hx509_set_error_string(context, 0, ret, "out of memory"); in hx509_ca_tbs_add_eku()
443 tbs->eku.len += 1; in hx509_ca_tbs_add_eku()
448 * Add CRL distribution point URI to the to-be-signed certificate
484 gn.u.uniformResourceIdentifier.data = rk_UNCONST(uri); in hx509_ca_tbs_add_crl_dp_uri()
488 dp.distributionPoint->data, in hx509_ca_tbs_add_crl_dp_uri()
489 dp.distributionPoint->length, in hx509_ca_tbs_add_crl_dp_uri()
494 goto out; in hx509_ca_tbs_add_crl_dp_uri()
496 if (dp.distributionPoint->length != size) in hx509_ca_tbs_add_crl_dp_uri()
522 hx509_set_error_string(context, 0, ret, "out of memory"); in hx509_ca_tbs_add_crl_dp_uri()
523 goto out; in hx509_ca_tbs_add_crl_dp_uri()
532 hx509_set_error_string(context, 0, ret, "out of memory"); in hx509_ca_tbs_add_crl_dp_uri()
533 goto out; in hx509_ca_tbs_add_crl_dp_uri()
540 ret = add_CRLDistributionPoints(&tbs->crldp, &dp); in hx509_ca_tbs_add_crl_dp_uri()
542 hx509_set_error_string(context, 0, ret, "out of memory"); in hx509_ca_tbs_add_crl_dp_uri()
543 goto out; in hx509_ca_tbs_add_crl_dp_uri()
546 out: in hx509_ca_tbs_add_crl_dp_uri()
553 * Add Subject Alternative Name otherName to the to-be-signed
559 * @param os data in the other name.
579 return add_GeneralNames(&tbs->san, &gn); in hx509_ca_tbs_add_san_otherName()
583 * Add Kerberos Subject Alternative Name to the to-be-signed
622 goto out; in hx509_ca_tbs_add_san_pkinit()
632 hx509_set_error_string(context, 0, ret, "malloc: out of memory"); in hx509_ca_tbs_add_san_pkinit()
633 goto out; in hx509_ca_tbs_add_san_pkinit()
641 hx509_set_error_string(context, 0, ret, "malloc: out of memory"); in hx509_ca_tbs_add_san_pkinit()
642 goto out; in hx509_ca_tbs_add_san_pkinit()
648 goto out; in hx509_ca_tbs_add_san_pkinit()
661 ASN1_MALLOC_ENCODE(KRB5PrincipalName, os.data, os.length, &p, &size, ret); in hx509_ca_tbs_add_san_pkinit()
663 hx509_set_error_string(context, 0, ret, "Out of memory"); in hx509_ca_tbs_add_san_pkinit()
664 goto out; in hx509_ca_tbs_add_san_pkinit()
673 free(os.data); in hx509_ca_tbs_add_san_pkinit()
674 out: in hx509_ca_tbs_add_san_pkinit()
698 os.data = NULL; in add_utf8_san()
700 ASN1_MALLOC_ENCODE(PKIXXmppAddr, os.data, os.length, &ustring, &size, ret); in add_utf8_san()
702 hx509_set_error_string(context, 0, ret, "Out of memory"); in add_utf8_san()
703 goto out; in add_utf8_san()
712 free(os.data); in add_utf8_san()
713 out: in add_utf8_san()
718 * Add Microsoft UPN Subject Alternative Name to the to-be-signed
739 * Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed
761 * Add a Subject Alternative Name hostname to to-be-signed certificate
785 gn.u.dNSName.data = rk_UNCONST(dnsname); in hx509_ca_tbs_add_san_hostname()
788 return add_GeneralNames(&tbs->san, &gn); in hx509_ca_tbs_add_san_hostname()
793 * to-be-signed certificate object.
813 gn.u.rfc822Name.data = rk_UNCONST(rfc822Name); in hx509_ca_tbs_add_san_rfc822name()
816 return add_GeneralNames(&tbs->san, &gn); in hx509_ca_tbs_add_san_rfc822name()
820 * Set the subject name of a to-be-signed certificate object.
836 if (tbs->subject) in hx509_ca_tbs_set_subject()
837 hx509_name_free(&tbs->subject); in hx509_ca_tbs_set_subject()
838 return hx509_name_copy(context, subject, &tbs->subject); in hx509_ca_tbs_set_subject()
867 der_free_bit_string(&tbs->subjectUniqueID); in hx509_ca_tbs_set_unique()
868 der_free_bit_string(&tbs->issuerUniqueID); in hx509_ca_tbs_set_unique()
871 ret = der_copy_bit_string(subjectUniqueID, &tbs->subjectUniqueID); in hx509_ca_tbs_set_unique()
877 ret = der_copy_bit_string(issuerUniqueID, &tbs->issuerUniqueID); in hx509_ca_tbs_set_unique()
886 * Expand the the subject name in the to-be-signed certificate object
904 return hx509_name_expand(context, tbs->subject, env); in hx509_ca_tbs_subject_expand()
916 const heim_octet_string *data) in add_extension() argument
927 hx509_set_error_string(context, 0, ret, "Out of memory"); in add_extension()
928 goto out; in add_extension()
935 hx509_set_error_string(context, 0, ret, "Out of memory"); in add_extension()
936 goto out; in add_extension()
938 ret = der_copy_octet_string(data, &ext.extnValue); in add_extension()
940 hx509_set_error_string(context, 0, ret, "Out of memory"); in add_extension()
941 goto out; in add_extension()
943 ret = add_Extensions(tbsc->extensions, &ext); in add_extension()
945 hx509_set_error_string(context, 0, ret, "Out of memory"); in add_extension()
946 goto out; in add_extension()
948 out: in add_extension()
968 asprintf(&tstr, "ts-%lu", (unsigned long)t); in build_proxy_prefix()
990 heim_octet_string data; in ca_sign() local
1009 notBefore = tbs->notBefore; in ca_sign()
1011 notBefore = time(NULL) - 3600 * 24; in ca_sign()
1012 notAfter = tbs->notAfter; in ca_sign()
1016 key_usage = tbs->key_usage; in ca_sign()
1025 if (tbs->flags.ca) { in ca_sign()
1039 if (tbs->flags.key == 0) { in ca_sign()
1048 if (!tbs->flags.proxy) { in ca_sign()
1049 if (tbs->subject == NULL) { in ca_sign()
1053 if (hx509_name_is_null_p(tbs->subject) && tbs->san.len == 0) { in ca_sign()
1059 if (tbs->flags.ca && tbs->flags.proxy) { in ca_sign()
1064 if (tbs->flags.proxy) { in ca_sign()
1065 if (tbs->san.len > 0) { in ca_sign()
1073 /* version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, */ in ca_sign()
1074 tbsc->version = calloc(1, sizeof(*tbsc->version)); in ca_sign()
1075 if (tbsc->version == NULL) { in ca_sign()
1077 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1078 goto out; in ca_sign()
1080 *tbsc->version = rfc3280_version_3; in ca_sign()
1082 if (tbs->flags.serial) { in ca_sign()
1083 ret = der_copy_heim_integer(&tbs->serial, &tbsc->serialNumber); in ca_sign()
1085 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1086 goto out; in ca_sign()
1089 tbsc->serialNumber.length = 20; in ca_sign()
1090 tbsc->serialNumber.data = malloc(tbsc->serialNumber.length); in ca_sign()
1091 if (tbsc->serialNumber.data == NULL){ in ca_sign()
1093 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1094 goto out; in ca_sign()
1097 RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length); in ca_sign()
1098 ((unsigned char *)tbsc->serialNumber.data)[0] &= 0x7f; in ca_sign()
1101 ret = copy_AlgorithmIdentifier(sigalg, &tbsc->signature); in ca_sign()
1104 goto out; in ca_sign()
1108 ret = copy_Name(issuername, &tbsc->issuer); in ca_sign()
1110 ret = hx509_name_to_Name(tbs->subject, &tbsc->issuer); in ca_sign()
1113 goto out; in ca_sign()
1116 tbsc->validity.notBefore.element = choice_Time_generalTime; in ca_sign()
1117 tbsc->validity.notBefore.u.generalTime = notBefore; in ca_sign()
1118 tbsc->validity.notAfter.element = choice_Time_generalTime; in ca_sign()
1119 tbsc->validity.notAfter.u.generalTime = notAfter; in ca_sign()
1121 if (tbs->flags.proxy) { in ca_sign()
1122 ret = build_proxy_prefix(context, &tbsc->issuer, &tbsc->subject); in ca_sign()
1124 goto out; in ca_sign()
1126 ret = hx509_name_to_Name(tbs->subject, &tbsc->subject); in ca_sign()
1130 goto out; in ca_sign()
1134 ret = copy_SubjectPublicKeyInfo(&tbs->spki, &tbsc->subjectPublicKeyInfo); in ca_sign()
1137 goto out; in ca_sign()
1140 if (tbs->issuerUniqueID.length) { in ca_sign()
1141 tbsc->issuerUniqueID = calloc(1, sizeof(*tbsc->issuerUniqueID)); in ca_sign()
1142 if (tbsc->issuerUniqueID == NULL) { in ca_sign()
1144 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1145 goto out; in ca_sign()
1147 ret = der_copy_bit_string(&tbs->issuerUniqueID, tbsc->issuerUniqueID); in ca_sign()
1149 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1150 goto out; in ca_sign()
1154 if (tbs->subjectUniqueID.length) { in ca_sign()
1155 tbsc->subjectUniqueID = calloc(1, sizeof(*tbsc->subjectUniqueID)); in ca_sign()
1156 if (tbsc->subjectUniqueID == NULL) { in ca_sign()
1158 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1159 goto out; in ca_sign()
1162 ret = der_copy_bit_string(&tbs->subjectUniqueID, tbsc->subjectUniqueID); in ca_sign()
1164 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1165 goto out; in ca_sign()
1170 tbsc->extensions = calloc(1, sizeof(*tbsc->extensions)); in ca_sign()
1171 if (tbsc->extensions == NULL) { in ca_sign()
1173 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1174 goto out; in ca_sign()
1178 if (tbs->flags.domaincontroller) { in ca_sign()
1179 data.data = rk_UNCONST("\x1e\x20\x00\x44\x00\x6f\x00\x6d" in ca_sign()
1184 data.length = 34; in ca_sign()
1188 &data); in ca_sign()
1190 goto out; in ca_sign()
1198 ASN1_MALLOC_ENCODE(KeyUsage, data.data, data.length, &ku, &size, ret); in ca_sign()
1200 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1201 goto out; in ca_sign()
1203 if (size != data.length) in ca_sign()
1206 &asn1_oid_id_x509_ce_keyUsage, &data); in ca_sign()
1207 free(data.data); in ca_sign()
1209 goto out; in ca_sign()
1213 if (tbs->eku.len > 0) { in ca_sign()
1214 ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length, in ca_sign()
1215 &tbs->eku, &size, ret); in ca_sign()
1217 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1218 goto out; in ca_sign()
1220 if (size != data.length) in ca_sign()
1223 &asn1_oid_id_x509_ce_extKeyUsage, &data); in ca_sign()
1224 free(data.data); in ca_sign()
1226 goto out; in ca_sign()
1230 if (tbs->san.len > 0) { in ca_sign()
1231 ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length, in ca_sign()
1232 &tbs->san, &size, ret); in ca_sign()
1234 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1235 goto out; in ca_sign()
1237 if (size != data.length) in ca_sign()
1241 &data); in ca_sign()
1242 free(data.data); in ca_sign()
1244 goto out; in ca_sign()
1249 ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length, in ca_sign()
1252 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1253 goto out; in ca_sign()
1255 if (size != data.length) in ca_sign()
1259 &data); in ca_sign()
1260 free(data.data); in ca_sign()
1262 goto out; in ca_sign()
1275 EVP_DigestUpdate(ctx, tbs->spki.subjectPublicKey.data, in ca_sign()
1276 tbs->spki.subjectPublicKey.length / 8); in ca_sign()
1281 si.data = hash; in ca_sign()
1284 ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length, in ca_sign()
1287 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1288 goto out; in ca_sign()
1290 if (size != data.length) in ca_sign()
1294 &data); in ca_sign()
1295 free(data.data); in ca_sign()
1297 goto out; in ca_sign()
1308 if (tbs->flags.ca) { in ca_sign()
1310 if (tbs->pathLenConstraint >= 0) { in ca_sign()
1311 path = tbs->pathLenConstraint; in ca_sign()
1316 ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length, in ca_sign()
1319 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1320 goto out; in ca_sign()
1322 if (size != data.length) in ca_sign()
1325 ret = add_extension(context, tbsc, tbs->flags.ca, in ca_sign()
1327 &data); in ca_sign()
1328 free(data.data); in ca_sign()
1330 goto out; in ca_sign()
1334 if (tbs->flags.proxy) { in ca_sign()
1339 if (tbs->pathLenConstraint >= 0) { in ca_sign()
1344 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1345 goto out; in ca_sign()
1347 *info.pCPathLenConstraint = tbs->pathLenConstraint; in ca_sign()
1354 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1355 goto out; in ca_sign()
1358 ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length, in ca_sign()
1362 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1363 goto out; in ca_sign()
1365 if (size != data.length) in ca_sign()
1369 &data); in ca_sign()
1370 free(data.data); in ca_sign()
1372 goto out; in ca_sign()
1375 if (tbs->crldp.len) { in ca_sign()
1377 ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length, in ca_sign()
1378 &tbs->crldp, &size, ret); in ca_sign()
1380 hx509_set_error_string(context, 0, ret, "Out of memory"); in ca_sign()
1381 goto out; in ca_sign()
1383 if (size != data.length) in ca_sign()
1387 &data); in ca_sign()
1388 free(data.data); in ca_sign()
1390 goto out; in ca_sign()
1393 ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret); in ca_sign()
1395 hx509_set_error_string(context, 0, ret, "malloc out of memory"); in ca_sign()
1396 goto out; in ca_sign()
1398 if (data.length != size) in ca_sign()
1404 &data, in ca_sign()
1407 free(data.data); in ca_sign()
1409 goto out; in ca_sign()
1413 goto out; in ca_sign()
1419 out: in ca_sign()
1434 ai->keyIdentifier = calloc(1, sizeof(*ai->keyIdentifier)); in get_AuthorityKeyIdentifier()
1435 if (ai->keyIdentifier == NULL) { in get_AuthorityKeyIdentifier()
1438 hx509_set_error_string(context, 0, ret, "Out of memory"); in get_AuthorityKeyIdentifier()
1439 goto out; in get_AuthorityKeyIdentifier()
1441 ret = der_copy_octet_string(&si, ai->keyIdentifier); in get_AuthorityKeyIdentifier()
1444 hx509_set_error_string(context, 0, ret, "Out of memory"); in get_AuthorityKeyIdentifier()
1445 goto out; in get_AuthorityKeyIdentifier()
1456 ai->authorityCertIssuer = in get_AuthorityKeyIdentifier()
1457 calloc(1, sizeof(*ai->authorityCertIssuer)); in get_AuthorityKeyIdentifier()
1458 if (ai->authorityCertIssuer == NULL) { in get_AuthorityKeyIdentifier()
1460 hx509_set_error_string(context, 0, ret, "Out of memory"); in get_AuthorityKeyIdentifier()
1461 goto out; in get_AuthorityKeyIdentifier()
1463 ai->authorityCertSerialNumber = in get_AuthorityKeyIdentifier()
1464 calloc(1, sizeof(*ai->authorityCertSerialNumber)); in get_AuthorityKeyIdentifier()
1465 if (ai->authorityCertSerialNumber == NULL) { in get_AuthorityKeyIdentifier()
1467 hx509_set_error_string(context, 0, ret, "Out of memory"); in get_AuthorityKeyIdentifier()
1468 goto out; in get_AuthorityKeyIdentifier()
1477 ret = copy_Name(&certificate->tbsCertificate.subject, &name); in get_AuthorityKeyIdentifier()
1479 hx509_set_error_string(context, 0, ret, "Out of memory"); in get_AuthorityKeyIdentifier()
1480 goto out; in get_AuthorityKeyIdentifier()
1491 hx509_set_error_string(context, 0, ret, "Out of memory"); in get_AuthorityKeyIdentifier()
1492 goto out; in get_AuthorityKeyIdentifier()
1495 ai->authorityCertIssuer->val = gns.val; in get_AuthorityKeyIdentifier()
1496 ai->authorityCertIssuer->len = gns.len; in get_AuthorityKeyIdentifier()
1498 ret = der_copy_heim_integer(&certificate->tbsCertificate.serialNumber, in get_AuthorityKeyIdentifier()
1499 ai->authorityCertSerialNumber); in get_AuthorityKeyIdentifier()
1500 if (ai->authorityCertSerialNumber == NULL) { in get_AuthorityKeyIdentifier()
1502 hx509_set_error_string(context, 0, ret, "Out of memory"); in get_AuthorityKeyIdentifier()
1503 goto out; in get_AuthorityKeyIdentifier()
1506 out: in get_AuthorityKeyIdentifier()
1514 * Sign a to-be-signed certificate object with a issuer certificate.
1517 * to-be-signed certificate object:
1518 * - hx509_ca_tbs_init()
1519 * - hx509_ca_tbs_set_subject()
1520 * - hx509_ca_tbs_set_spki()
1522 * When done the to-be-signed certificate object should be freed with
1525 * When creating self-signed certificate use hx509_ca_sign_self() instead.
1553 goto out; in hx509_ca_sign()
1559 &signer_cert->tbsCertificate.subject, in hx509_ca_sign()
1562 out: in hx509_ca_sign()
1569 * Work just like hx509_ca_sign() but signs it-self.