inline state_t* newstate(state_t *parent) { inline state_t* next_of(state_t *s) { return (void*)((uint8_t*)s + state_size); } state_t *ptr; if (!block_head) { block_size *= 2; state_t *p = malloc(block_size * state_size); assert(p); p->next = block_root; block_root = p; ptr = (void*)((uint8_t*)p + state_size * block_size); p = block_head = next_of(p); state_t *q; for (q = next_of(p); q < ptr; p = q, q = next_of(q)) p->next = q; p->next = NULL; } ptr = block_head; block_head = block_head->next; ptr->prev = parent; ptr->h = 0; return ptr; }
// find the SID for this CMS and return it static struct casn *findSID( struct CMS *cmsp) { struct Certificate *certp; struct Extensions *extsp; struct Extension *extp; // iterate through the cms's cert's extensions to find the SID certp = (struct Certificate *)member_casn(&cmsp->content.signedData. certificates.self, 0); extsp = &certp->toBeSigned.extensions; extp = (struct Extension *)member_casn(&extsp->self, 0); // check each extension's oid against the SID oid while (extp != NULL) { if (diff_objid(&extp->extnID, id_subjectKeyIdentifier) == 0) { return (&extp->extnValue.subjectKeyIdentifier); /* found it */ } extp = (struct Extension *)next_of(&extp->self); /* check next */ } // not found return (struct casn *)0; }
int CertificateRevocationListToBeSignedConstraint( struct CertificateRevocationListToBeSigned *ctbsp) { long version = 0; int num = num_items(&ctbsp->extensions.self); struct CRLEntry *crlentryp; for (crlentryp = (struct CRLEntry *)member_casn(&ctbsp->revokedCertificates.self, 0); crlentryp; crlentryp = (struct CRLEntry *)next_of(&crlentryp->self)) { if (vsize_casn(&crlentryp->extensions.self) > 0) num++; } read_casn_num(&ctbsp->version.self, &version); if (version > 1 || (!version && num > 0)) return 0; return 1; }
int main( int argc, char **argv) { struct Certificate cert; int lth; Certificate(&cert, (ushort) 0); if (argc == 0 || argc < 3) FATAL(MSG_USAGE); lth = get_casn_file(&cert.self, argv[1], 0); struct casn *casnp = &cert.toBeSigned.serialNumber; if ((lth = vsize_casn(casnp)) < 6) FATAL(MSG_SN); struct Extension *extp; if (!(extp = find_extension(&cert.toBeSigned.extensions, id_pe_ipAddrBlock, 0))) FATAL(MSG_EXT, "IPAddress"); struct Extensions extensions; Extensions(&extensions, (ushort) 0); if ((lth = get_casn_file(&extensions.self, argv[2], 0)) < 0) FATAL(MSG_OPEN, argv[2]); struct Extension *sbextp = (struct Extension *)member_casn(&extensions.self, 0); // ip // Addresses uchar *sb = (uchar *) calloc(1, size_casn(&sbextp->self)); read_casn(&sbextp->self, sb); uchar *b = (uchar *) calloc(1, size_casn(&extp->self)); read_casn(&extp->self, b); if (diff_casn(&sbextp->self, &extp->self)) FATAL(MSG_IN, "IP Addresses"); sbextp = (struct Extension *)next_of(&sbextp->self); if (!(extp = find_extension(&cert.toBeSigned.extensions, id_pe_autonomousSysNum, 0))) FATAL(MSG_EXT, "AS number"); if (diff_casn(&sbextp->self, &extp->self)) FATAL(MSG_IN, "AS numbers"); DONE(MSG_OK, argv[1]); return 0; }
int main( int argc, char *argv[]) { int c = 0; /* command line option character */ int option_dir = 0; /* retrieve SIA directory URL */ int option_mft = 0; /* retrieve SIA manifest URL */ const char *file = NULL; /* certificate file */ struct Certificate cert; /* ASN.1 certificate object */ struct Extension *extp; /* ASN.1 X.509 extension pointer */ struct SubjectInfoAccess *siap; /* ASN.1 SIA pointer */ struct AccessDescription *adp; /* ASN.1 AccessDescription pointer */ int ret; /* return value */ /* * Parse command line arguments. */ opterr = 0; while ((c = getopt(argc, argv, "dm")) != -1) { switch (c) { case 'd': option_dir = 1; break; case 'm': option_mft = 1; break; case '?': if (isprint(optopt)) fprintf(stderr, "Unknown option `-%c'.\n", optopt); else fprintf(stderr, "Unknown option character `\\x%x'.\n", optopt); usage(argc, argv); return -1; default: usage(argc, argv); return -1; } } /* * If no selection, default to directory. */ if (option_dir == 0 && option_mft == 0) option_dir = 1; if (optind >= argc) { usage(argc, argv); return -1; } file = argv[optind]; /* * Parse certificate. */ Certificate(&cert, (unsigned short)0); /* constructor */ ret = get_casn_file(&cert.self, (char *)file, 0); if (ret < 0) { fprintf(stderr, "Could not open file: %s\n", file); return -2; } /* * Find SIA extension. */ extp = find_extension(&cert.toBeSigned.extensions, id_pe_subjectInfoAccess, false); if (!extp) { fprintf(stderr, "Error: could not locate SIA extension.\n"); return -3; } siap = &extp->extnValue.subjectInfoAccess; /* * For each AccessDescription, print the accessLocation URI if the * accessMethod matches the user requested SIA type: directory or * manifest. */ for (adp = (struct AccessDescription *)member_casn(&siap->self, 0); adp != NULL; adp = (struct AccessDescription *)next_of(&adp->self)) { char *rsync_uri = NULL; int len = 0; int print_this_one = 0; if (diff_objid(&adp->accessMethod, id_ad_rpkiManifest) == 0 && option_mft) { /* * Manifest */ print_this_one = 1; } else if (diff_objid(&adp->accessMethod, id_ad_caRepository) == 0 && option_dir) { /* * Directory */ print_this_one = 1; } else if (diff_objid(&adp->accessMethod, id_ad_signedObject) == 0) { /* * Signed Object */ print_this_one = 1; } if (!print_this_one) continue; /* * print manifest URI */ len = vsize_casn(&adp->accessLocation.self); rsync_uri = (char *)calloc(len + 2, 1); if (!rsync_uri) { fprintf(stderr, "Memory allocation failure on %d bytes!\n", len + 2); continue; } ret = read_casn(&adp->accessLocation.self, (unsigned char *)rsync_uri); if (ret < len) { fprintf(stderr, "Read failure: got %d, expected %d bytes\n", ret, len); } else { printf("%s\n", rsync_uri); } free(rsync_uri); } /* * Clean up. */ delete_casn(&cert.self); return 0; }