inline
state_t* newstate(state_t *parent) {
inline state_t* next_of(state_t *s) {
return (void*)((uint8_t*)s + state_size);
}
state_t *ptr;
if (!block_head) {
block_size *= 2;
state_t *p = malloc(block_size * state_size);
assert(p);
p->next = block_root;
block_root = p;
ptr = (void*)((uint8_t*)p + state_size * block_size);
p = block_head = next_of(p);
state_t *q;
for (q = next_of(p); q < ptr; p = q, q = next_of(q))
p->next = q;
p->next = NULL;
}
ptr = block_head;
block_head = block_head->next;
ptr->prev = parent;
ptr->h = 0;
return ptr;
}
// find the SID for this CMS and return it
static struct casn *findSID(
struct CMS *cmsp)
{
struct Certificate *certp;
struct Extensions *extsp;
struct Extension *extp;
// iterate through the cms's cert's extensions to find the SID
certp =
(struct Certificate *)member_casn(&cmsp->content.signedData.
certificates.self, 0);
extsp = &certp->toBeSigned.extensions;
extp = (struct Extension *)member_casn(&extsp->self, 0);
// check each extension's oid against the SID oid
while (extp != NULL)
{
if (diff_objid(&extp->extnID, id_subjectKeyIdentifier) == 0)
{
return (&extp->extnValue.subjectKeyIdentifier); /* found it */
}
extp = (struct Extension *)next_of(&extp->self); /* check next */
}
// not found
return (struct casn *)0;
}
int CertificateRevocationListToBeSignedConstraint(
struct CertificateRevocationListToBeSigned *ctbsp)
{
long version = 0;
int num = num_items(&ctbsp->extensions.self);
struct CRLEntry *crlentryp;
for (crlentryp =
(struct CRLEntry *)member_casn(&ctbsp->revokedCertificates.self, 0);
crlentryp; crlentryp = (struct CRLEntry *)next_of(&crlentryp->self))
{
if (vsize_casn(&crlentryp->extensions.self) > 0)
num++;
}
read_casn_num(&ctbsp->version.self, &version);
if (version > 1 || (!version && num > 0))
return 0;
return 1;
}
int main(
int argc,
char **argv)
{
struct Certificate cert;
int lth;
Certificate(&cert, (ushort) 0);
if (argc == 0 || argc < 3)
FATAL(MSG_USAGE);
lth = get_casn_file(&cert.self, argv[1], 0);
struct casn *casnp = &cert.toBeSigned.serialNumber;
if ((lth = vsize_casn(casnp)) < 6)
FATAL(MSG_SN);
struct Extension *extp;
if (!(extp = find_extension(&cert.toBeSigned.extensions, id_pe_ipAddrBlock, 0)))
FATAL(MSG_EXT, "IPAddress");
struct Extensions extensions;
Extensions(&extensions, (ushort) 0);
if ((lth = get_casn_file(&extensions.self, argv[2], 0)) < 0)
FATAL(MSG_OPEN, argv[2]);
struct Extension *sbextp = (struct Extension *)member_casn(&extensions.self, 0); // ip
// Addresses
uchar *sb = (uchar *) calloc(1, size_casn(&sbextp->self));
read_casn(&sbextp->self, sb);
uchar *b = (uchar *) calloc(1, size_casn(&extp->self));
read_casn(&extp->self, b);
if (diff_casn(&sbextp->self, &extp->self))
FATAL(MSG_IN, "IP Addresses");
sbextp = (struct Extension *)next_of(&sbextp->self);
if (!(extp = find_extension(&cert.toBeSigned.extensions,
id_pe_autonomousSysNum, 0)))
FATAL(MSG_EXT, "AS number");
if (diff_casn(&sbextp->self, &extp->self))
FATAL(MSG_IN, "AS numbers");
DONE(MSG_OK, argv[1]);
return 0;
}
int main(
int argc,
char *argv[])
{
int c = 0; /* command line option character */
int option_dir = 0; /* retrieve SIA directory URL */
int option_mft = 0; /* retrieve SIA manifest URL */
const char *file = NULL; /* certificate file */
struct Certificate cert; /* ASN.1 certificate object */
struct Extension *extp; /* ASN.1 X.509 extension pointer */
struct SubjectInfoAccess *siap; /* ASN.1 SIA pointer */
struct AccessDescription *adp; /* ASN.1 AccessDescription pointer */
int ret; /* return value */
/*
* Parse command line arguments.
*/
opterr = 0;
while ((c = getopt(argc, argv, "dm")) != -1)
{
switch (c)
{
case 'd':
option_dir = 1;
break;
case 'm':
option_mft = 1;
break;
case '?':
if (isprint(optopt))
fprintf(stderr, "Unknown option `-%c'.\n", optopt);
else
fprintf(stderr, "Unknown option character `\\x%x'.\n", optopt);
usage(argc, argv);
return -1;
default:
usage(argc, argv);
return -1;
}
}
/*
* If no selection, default to directory.
*/
if (option_dir == 0 && option_mft == 0)
option_dir = 1;
if (optind >= argc)
{
usage(argc, argv);
return -1;
}
file = argv[optind];
/*
* Parse certificate.
*/
Certificate(&cert, (unsigned short)0); /* constructor */
ret = get_casn_file(&cert.self, (char *)file, 0);
if (ret < 0)
{
fprintf(stderr, "Could not open file: %s\n", file);
return -2;
}
/*
* Find SIA extension.
*/
extp = find_extension(&cert.toBeSigned.extensions, id_pe_subjectInfoAccess, false);
if (!extp)
{
fprintf(stderr, "Error: could not locate SIA extension.\n");
return -3;
}
siap = &extp->extnValue.subjectInfoAccess;
/*
* For each AccessDescription, print the accessLocation URI if the
* accessMethod matches the user requested SIA type: directory or
* manifest.
*/
for (adp = (struct AccessDescription *)member_casn(&siap->self, 0);
adp != NULL; adp = (struct AccessDescription *)next_of(&adp->self))
{
char *rsync_uri = NULL;
int len = 0;
int print_this_one = 0;
if (diff_objid(&adp->accessMethod, id_ad_rpkiManifest) == 0 &&
option_mft)
{
/*
* Manifest
*/
print_this_one = 1;
}
else if (diff_objid(&adp->accessMethod, id_ad_caRepository) == 0 &&
option_dir)
{
/*
* Directory
*/
print_this_one = 1;
}
else if (diff_objid(&adp->accessMethod, id_ad_signedObject) == 0)
{
/*
* Signed Object
*/
print_this_one = 1;
}
if (!print_this_one)
continue;
/*
* print manifest URI
*/
len = vsize_casn(&adp->accessLocation.self);
rsync_uri = (char *)calloc(len + 2, 1);
if (!rsync_uri)
{
fprintf(stderr, "Memory allocation failure on %d bytes!\n",
len + 2);
continue;
}
ret = read_casn(&adp->accessLocation.self, (unsigned char *)rsync_uri);
if (ret < len)
{
fprintf(stderr, "Read failure: got %d, expected %d bytes\n", ret,
len);
}
else
{
printf("%s\n", rsync_uri);
}
free(rsync_uri);
}
/*
* Clean up.
*/
delete_casn(&cert.self);
return 0;
}
