diff options
| author | cvs2svn <admin@example.com> | 2009-06-25 14:33:51 +0000 |
|---|---|---|
| committer | cvs2svn <admin@example.com> | 2009-06-25 14:33:51 +0000 |
| commit | 3944e6efcea0baa7128a89353d149b37100c0ece (patch) | |
| tree | 64c1ad6d7af88839fd67d630ca81c768fd1191cd /src/lib/libcrypto/x509 | |
| parent | 2eabc3aa42ad7d46a1723621f8e34e533342f67a (diff) | |
| download | openbsd-OPENBSD_4_6_BASE.tar.gz openbsd-OPENBSD_4_6_BASE.tar.bz2 openbsd-OPENBSD_4_6_BASE.zip | |
This commit was manufactured by cvs2git to create tag 'OPENBSD_4_6_BASE'.OPENBSD_4_6_BASE
Diffstat (limited to '')
63 files changed, 0 insertions, 19265 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c deleted file mode 100644 index 341e0ba6a4..0000000000 --- a/src/lib/libcrypto/x509/by_dir.c +++ /dev/null | |||
| @@ -1,386 +0,0 @@ | |||
| 1 | /* crypto/x509/by_dir.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <time.h> | ||
| 61 | #include <errno.h> | ||
| 62 | |||
| 63 | #include "cryptlib.h" | ||
| 64 | |||
| 65 | #ifndef NO_SYS_TYPES_H | ||
| 66 | # include <sys/types.h> | ||
| 67 | #endif | ||
| 68 | #ifdef MAC_OS_pre_X | ||
| 69 | # include <stat.h> | ||
| 70 | #else | ||
| 71 | # include <sys/stat.h> | ||
| 72 | #endif | ||
| 73 | |||
| 74 | #include <openssl/lhash.h> | ||
| 75 | #include <openssl/x509.h> | ||
| 76 | |||
| 77 | #ifdef _WIN32 | ||
| 78 | #define stat _stat | ||
| 79 | #endif | ||
| 80 | |||
| 81 | typedef struct lookup_dir_st | ||
| 82 | { | ||
| 83 | BUF_MEM *buffer; | ||
| 84 | int num_dirs; | ||
| 85 | char **dirs; | ||
| 86 | int *dirs_type; | ||
| 87 | int num_dirs_alloced; | ||
| 88 | } BY_DIR; | ||
| 89 | |||
| 90 | static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, | ||
| 91 | char **ret); | ||
| 92 | static int new_dir(X509_LOOKUP *lu); | ||
| 93 | static void free_dir(X509_LOOKUP *lu); | ||
| 94 | static int add_cert_dir(BY_DIR *ctx,const char *dir,int type); | ||
| 95 | static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name, | ||
| 96 | X509_OBJECT *ret); | ||
| 97 | X509_LOOKUP_METHOD x509_dir_lookup= | ||
| 98 | { | ||
| 99 | "Load certs from files in a directory", | ||
| 100 | new_dir, /* new */ | ||
| 101 | free_dir, /* free */ | ||
| 102 | NULL, /* init */ | ||
| 103 | NULL, /* shutdown */ | ||
| 104 | dir_ctrl, /* ctrl */ | ||
| 105 | get_cert_by_subject, /* get_by_subject */ | ||
| 106 | NULL, /* get_by_issuer_serial */ | ||
| 107 | NULL, /* get_by_fingerprint */ | ||
| 108 | NULL, /* get_by_alias */ | ||
| 109 | }; | ||
| 110 | |||
| 111 | X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) | ||
| 112 | { | ||
| 113 | return(&x509_dir_lookup); | ||
| 114 | } | ||
| 115 | |||
| 116 | static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, | ||
| 117 | char **retp) | ||
| 118 | { | ||
| 119 | int ret=0; | ||
| 120 | BY_DIR *ld; | ||
| 121 | char *dir = NULL; | ||
| 122 | |||
| 123 | ld=(BY_DIR *)ctx->method_data; | ||
| 124 | |||
| 125 | switch (cmd) | ||
| 126 | { | ||
| 127 | case X509_L_ADD_DIR: | ||
| 128 | if (argl == X509_FILETYPE_DEFAULT) | ||
| 129 | { | ||
| 130 | dir=(char *)Getenv(X509_get_default_cert_dir_env()); | ||
| 131 | if (dir) | ||
| 132 | ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); | ||
| 133 | else | ||
| 134 | ret=add_cert_dir(ld,X509_get_default_cert_dir(), | ||
| 135 | X509_FILETYPE_PEM); | ||
| 136 | if (!ret) | ||
| 137 | { | ||
| 138 | X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR); | ||
| 139 | } | ||
| 140 | } | ||
| 141 | else | ||
| 142 | ret=add_cert_dir(ld,argp,(int)argl); | ||
| 143 | break; | ||
| 144 | } | ||
| 145 | return(ret); | ||
| 146 | } | ||
| 147 | |||
| 148 | static int new_dir(X509_LOOKUP *lu) | ||
| 149 | { | ||
| 150 | BY_DIR *a; | ||
| 151 | |||
| 152 | if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL) | ||
| 153 | return(0); | ||
| 154 | if ((a->buffer=BUF_MEM_new()) == NULL) | ||
| 155 | { | ||
| 156 | OPENSSL_free(a); | ||
| 157 | return(0); | ||
| 158 | } | ||
| 159 | a->num_dirs=0; | ||
| 160 | a->dirs=NULL; | ||
| 161 | a->dirs_type=NULL; | ||
| 162 | a->num_dirs_alloced=0; | ||
| 163 | lu->method_data=(char *)a; | ||
| 164 | return(1); | ||
| 165 | } | ||
| 166 | |||
| 167 | static void free_dir(X509_LOOKUP *lu) | ||
| 168 | { | ||
| 169 | BY_DIR *a; | ||
| 170 | int i; | ||
| 171 | |||
| 172 | a=(BY_DIR *)lu->method_data; | ||
| 173 | for (i=0; i<a->num_dirs; i++) | ||
| 174 | if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]); | ||
| 175 | if (a->dirs != NULL) OPENSSL_free(a->dirs); | ||
| 176 | if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type); | ||
| 177 | if (a->buffer != NULL) BUF_MEM_free(a->buffer); | ||
| 178 | OPENSSL_free(a); | ||
| 179 | } | ||
| 180 | |||
| 181 | static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) | ||
| 182 | { | ||
| 183 | int j,len; | ||
| 184 | int *ip; | ||
| 185 | const char *s,*ss,*p; | ||
| 186 | char **pp; | ||
| 187 | |||
| 188 | if (dir == NULL || !*dir) | ||
| 189 | { | ||
| 190 | X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY); | ||
| 191 | return 0; | ||
| 192 | } | ||
| 193 | |||
| 194 | s=dir; | ||
| 195 | p=s; | ||
| 196 | for (;;p++) | ||
| 197 | { | ||
| 198 | if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) | ||
| 199 | { | ||
| 200 | ss=s; | ||
| 201 | s=p+1; | ||
| 202 | len=(int)(p-ss); | ||
| 203 | if (len == 0) continue; | ||
| 204 | for (j=0; j<ctx->num_dirs; j++) | ||
| 205 | if (strlen(ctx->dirs[j]) == (size_t)len && | ||
| 206 | strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0) | ||
| 207 | break; | ||
| 208 | if (j<ctx->num_dirs) | ||
| 209 | continue; | ||
| 210 | if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) | ||
| 211 | { | ||
| 212 | ctx->num_dirs_alloced+=10; | ||
| 213 | pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced* | ||
| 214 | sizeof(char *)); | ||
| 215 | ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced* | ||
| 216 | sizeof(int)); | ||
| 217 | if ((pp == NULL) || (ip == NULL)) | ||
| 218 | { | ||
| 219 | X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE); | ||
| 220 | return(0); | ||
| 221 | } | ||
| 222 | memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)* | ||
| 223 | sizeof(char *)); | ||
| 224 | memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* | ||
| 225 | sizeof(int)); | ||
| 226 | if (ctx->dirs != NULL) | ||
| 227 | OPENSSL_free(ctx->dirs); | ||
| 228 | if (ctx->dirs_type != NULL) | ||
| 229 | OPENSSL_free(ctx->dirs_type); | ||
| 230 | ctx->dirs=pp; | ||
| 231 | ctx->dirs_type=ip; | ||
| 232 | } | ||
| 233 | ctx->dirs_type[ctx->num_dirs]=type; | ||
| 234 | ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1); | ||
| 235 | if (ctx->dirs[ctx->num_dirs] == NULL) return(0); | ||
| 236 | strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len); | ||
| 237 | ctx->dirs[ctx->num_dirs][len]='\0'; | ||
| 238 | ctx->num_dirs++; | ||
| 239 | } | ||
| 240 | if (*p == '\0') break; | ||
| 241 | } | ||
| 242 | return(1); | ||
| 243 | } | ||
| 244 | |||
| 245 | static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, | ||
| 246 | X509_OBJECT *ret) | ||
| 247 | { | ||
| 248 | BY_DIR *ctx; | ||
| 249 | union { | ||
| 250 | struct { | ||
| 251 | X509 st_x509; | ||
| 252 | X509_CINF st_x509_cinf; | ||
| 253 | } x509; | ||
| 254 | struct { | ||
| 255 | X509_CRL st_crl; | ||
| 256 | X509_CRL_INFO st_crl_info; | ||
| 257 | } crl; | ||
| 258 | } data; | ||
| 259 | int ok=0; | ||
| 260 | int i,j,k; | ||
| 261 | unsigned long h; | ||
| 262 | BUF_MEM *b=NULL; | ||
| 263 | struct stat st; | ||
| 264 | X509_OBJECT stmp,*tmp; | ||
| 265 | const char *postfix=""; | ||
| 266 | |||
| 267 | if (name == NULL) return(0); | ||
| 268 | |||
| 269 | stmp.type=type; | ||
| 270 | if (type == X509_LU_X509) | ||
| 271 | { | ||
| 272 | data.x509.st_x509.cert_info= &data.x509.st_x509_cinf; | ||
| 273 | data.x509.st_x509_cinf.subject=name; | ||
| 274 | stmp.data.x509= &data.x509.st_x509; | ||
| 275 | postfix=""; | ||
| 276 | } | ||
| 277 | else if (type == X509_LU_CRL) | ||
| 278 | { | ||
| 279 | data.crl.st_crl.crl= &data.crl.st_crl_info; | ||
| 280 | data.crl.st_crl_info.issuer=name; | ||
| 281 | stmp.data.crl= &data.crl.st_crl; | ||
| 282 | postfix="r"; | ||
| 283 | } | ||
| 284 | else | ||
| 285 | { | ||
| 286 | X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE); | ||
| 287 | goto finish; | ||
| 288 | } | ||
| 289 | |||
| 290 | if ((b=BUF_MEM_new()) == NULL) | ||
| 291 | { | ||
| 292 | X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB); | ||
| 293 | goto finish; | ||
| 294 | } | ||
| 295 | |||
| 296 | ctx=(BY_DIR *)xl->method_data; | ||
| 297 | |||
| 298 | h=X509_NAME_hash(name); | ||
| 299 | for (i=0; i<ctx->num_dirs; i++) | ||
| 300 | { | ||
| 301 | j=strlen(ctx->dirs[i])+1+8+6+1+1; | ||
| 302 | if (!BUF_MEM_grow(b,j)) | ||
| 303 | { | ||
| 304 | X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE); | ||
| 305 | goto finish; | ||
| 306 | } | ||
| 307 | k=0; | ||
| 308 | for (;;) | ||
| 309 | { | ||
| 310 | char c = '/'; | ||
| 311 | #ifdef OPENSSL_SYS_VMS | ||
| 312 | c = ctx->dirs[i][strlen(ctx->dirs[i])-1]; | ||
| 313 | if (c != ':' && c != '>' && c != ']') | ||
| 314 | { | ||
| 315 | /* If no separator is present, we assume the | ||
| 316 | directory specifier is a logical name, and | ||
| 317 | add a colon. We really should use better | ||
| 318 | VMS routines for merging things like this, | ||
| 319 | but this will do for now... | ||
| 320 | -- Richard Levitte */ | ||
| 321 | c = ':'; | ||
| 322 | } | ||
| 323 | else | ||
| 324 | { | ||
| 325 | c = '\0'; | ||
| 326 | } | ||
| 327 | #endif | ||
| 328 | if (c == '\0') | ||
| 329 | { | ||
| 330 | /* This is special. When c == '\0', no | ||
| 331 | directory separator should be added. */ | ||
| 332 | BIO_snprintf(b->data,b->max, | ||
| 333 | "%s%08lx.%s%d",ctx->dirs[i],h, | ||
| 334 | postfix,k); | ||
| 335 | } | ||
| 336 | else | ||
| 337 | { | ||
| 338 | BIO_snprintf(b->data,b->max, | ||
| 339 | "%s%c%08lx.%s%d",ctx->dirs[i],c,h, | ||
| 340 | postfix,k); | ||
| 341 | } | ||
| 342 | k++; | ||
| 343 | if (stat(b->data,&st) < 0) | ||
| 344 | break; | ||
| 345 | /* found one. */ | ||
| 346 | if (type == X509_LU_X509) | ||
| 347 | { | ||
| 348 | if ((X509_load_cert_file(xl,b->data, | ||
| 349 | ctx->dirs_type[i])) == 0) | ||
| 350 | break; | ||
| 351 | } | ||
| 352 | else if (type == X509_LU_CRL) | ||
| 353 | { | ||
| 354 | if ((X509_load_crl_file(xl,b->data, | ||
| 355 | ctx->dirs_type[i])) == 0) | ||
| 356 | break; | ||
| 357 | } | ||
| 358 | /* else case will caught higher up */ | ||
| 359 | } | ||
| 360 | |||
| 361 | /* we have added it to the cache so now pull | ||
| 362 | * it out again */ | ||
| 363 | CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); | ||
| 364 | j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); | ||
| 365 | if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j); | ||
| 366 | else tmp = NULL; | ||
| 367 | CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); | ||
| 368 | |||
| 369 | if (tmp != NULL) | ||
| 370 | { | ||
| 371 | ok=1; | ||
| 372 | ret->type=tmp->type; | ||
| 373 | memcpy(&ret->data,&tmp->data,sizeof(ret->data)); | ||
| 374 | /* If we were going to up the reference count, | ||
| 375 | * we would need to do it on a perl 'type' | ||
| 376 | * basis */ | ||
| 377 | /* CRYPTO_add(&tmp->data.x509->references,1, | ||
| 378 | CRYPTO_LOCK_X509);*/ | ||
| 379 | goto finish; | ||
| 380 | } | ||
| 381 | } | ||
| 382 | finish: | ||
| 383 | if (b != NULL) BUF_MEM_free(b); | ||
| 384 | return(ok); | ||
| 385 | } | ||
| 386 | |||
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c deleted file mode 100644 index a5e0d4aefa..0000000000 --- a/src/lib/libcrypto/x509/by_file.c +++ /dev/null | |||
| @@ -1,300 +0,0 @@ | |||
| 1 | /* crypto/x509/by_file.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <time.h> | ||
| 61 | #include <errno.h> | ||
| 62 | |||
| 63 | #include "cryptlib.h" | ||
| 64 | #include <openssl/lhash.h> | ||
| 65 | #include <openssl/buffer.h> | ||
| 66 | #include <openssl/x509.h> | ||
| 67 | #include <openssl/pem.h> | ||
| 68 | |||
| 69 | #ifndef OPENSSL_NO_STDIO | ||
| 70 | |||
| 71 | static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, | ||
| 72 | long argl, char **ret); | ||
| 73 | X509_LOOKUP_METHOD x509_file_lookup= | ||
| 74 | { | ||
| 75 | "Load file into cache", | ||
| 76 | NULL, /* new */ | ||
| 77 | NULL, /* free */ | ||
| 78 | NULL, /* init */ | ||
| 79 | NULL, /* shutdown */ | ||
| 80 | by_file_ctrl, /* ctrl */ | ||
| 81 | NULL, /* get_by_subject */ | ||
| 82 | NULL, /* get_by_issuer_serial */ | ||
| 83 | NULL, /* get_by_fingerprint */ | ||
| 84 | NULL, /* get_by_alias */ | ||
| 85 | }; | ||
| 86 | |||
| 87 | X509_LOOKUP_METHOD *X509_LOOKUP_file(void) | ||
| 88 | { | ||
| 89 | return(&x509_file_lookup); | ||
| 90 | } | ||
| 91 | |||
| 92 | static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, | ||
| 93 | char **ret) | ||
| 94 | { | ||
| 95 | int ok=0; | ||
| 96 | char *file; | ||
| 97 | |||
| 98 | switch (cmd) | ||
| 99 | { | ||
| 100 | case X509_L_FILE_LOAD: | ||
| 101 | if (argl == X509_FILETYPE_DEFAULT) | ||
| 102 | { | ||
| 103 | file = (char *)Getenv(X509_get_default_cert_file_env()); | ||
| 104 | if (file) | ||
| 105 | ok = (X509_load_cert_crl_file(ctx,file, | ||
| 106 | X509_FILETYPE_PEM) != 0); | ||
| 107 | |||
| 108 | else | ||
| 109 | ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(), | ||
| 110 | X509_FILETYPE_PEM) != 0); | ||
| 111 | |||
| 112 | if (!ok) | ||
| 113 | { | ||
| 114 | X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); | ||
| 115 | } | ||
| 116 | } | ||
| 117 | else | ||
| 118 | { | ||
| 119 | if(argl == X509_FILETYPE_PEM) | ||
| 120 | ok = (X509_load_cert_crl_file(ctx,argp, | ||
| 121 | X509_FILETYPE_PEM) != 0); | ||
| 122 | else | ||
| 123 | ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0); | ||
| 124 | } | ||
| 125 | break; | ||
| 126 | } | ||
| 127 | return(ok); | ||
| 128 | } | ||
| 129 | |||
| 130 | int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) | ||
| 131 | { | ||
| 132 | int ret=0; | ||
| 133 | BIO *in=NULL; | ||
| 134 | int i,count=0; | ||
| 135 | X509 *x=NULL; | ||
| 136 | |||
| 137 | if (file == NULL) return(1); | ||
| 138 | in=BIO_new(BIO_s_file_internal()); | ||
| 139 | |||
| 140 | if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) | ||
| 141 | { | ||
| 142 | X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB); | ||
| 143 | goto err; | ||
| 144 | } | ||
| 145 | |||
| 146 | if (type == X509_FILETYPE_PEM) | ||
| 147 | { | ||
| 148 | for (;;) | ||
| 149 | { | ||
| 150 | x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL); | ||
| 151 | if (x == NULL) | ||
| 152 | { | ||
| 153 | if ((ERR_GET_REASON(ERR_peek_last_error()) == | ||
| 154 | PEM_R_NO_START_LINE) && (count > 0)) | ||
| 155 | { | ||
| 156 | ERR_clear_error(); | ||
| 157 | break; | ||
| 158 | } | ||
| 159 | else | ||
| 160 | { | ||
| 161 | X509err(X509_F_X509_LOAD_CERT_FILE, | ||
| 162 | ERR_R_PEM_LIB); | ||
| 163 | goto err; | ||
| 164 | } | ||
| 165 | } | ||
| 166 | i=X509_STORE_add_cert(ctx->store_ctx,x); | ||
| 167 | if (!i) goto err; | ||
| 168 | count++; | ||
| 169 | X509_free(x); | ||
| 170 | x=NULL; | ||
| 171 | } | ||
| 172 | ret=count; | ||
| 173 | } | ||
| 174 | else if (type == X509_FILETYPE_ASN1) | ||
| 175 | { | ||
| 176 | x=d2i_X509_bio(in,NULL); | ||
| 177 | if (x == NULL) | ||
| 178 | { | ||
| 179 | X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB); | ||
| 180 | goto err; | ||
| 181 | } | ||
| 182 | i=X509_STORE_add_cert(ctx->store_ctx,x); | ||
| 183 | if (!i) goto err; | ||
| 184 | ret=i; | ||
| 185 | } | ||
| 186 | else | ||
| 187 | { | ||
| 188 | X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE); | ||
| 189 | goto err; | ||
| 190 | } | ||
| 191 | err: | ||
| 192 | if (x != NULL) X509_free(x); | ||
| 193 | if (in != NULL) BIO_free(in); | ||
| 194 | return(ret); | ||
| 195 | } | ||
| 196 | |||
| 197 | int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) | ||
| 198 | { | ||
| 199 | int ret=0; | ||
| 200 | BIO *in=NULL; | ||
| 201 | int i,count=0; | ||
| 202 | X509_CRL *x=NULL; | ||
| 203 | |||
| 204 | if (file == NULL) return(1); | ||
| 205 | in=BIO_new(BIO_s_file_internal()); | ||
| 206 | |||
| 207 | if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) | ||
| 208 | { | ||
| 209 | X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB); | ||
| 210 | goto err; | ||
| 211 | } | ||
| 212 | |||
| 213 | if (type == X509_FILETYPE_PEM) | ||
| 214 | { | ||
| 215 | for (;;) | ||
| 216 | { | ||
| 217 | x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); | ||
| 218 | if (x == NULL) | ||
| 219 | { | ||
| 220 | if ((ERR_GET_REASON(ERR_peek_last_error()) == | ||
| 221 | PEM_R_NO_START_LINE) && (count > 0)) | ||
| 222 | { | ||
| 223 | ERR_clear_error(); | ||
| 224 | break; | ||
| 225 | } | ||
| 226 | else | ||
| 227 | { | ||
| 228 | X509err(X509_F_X509_LOAD_CRL_FILE, | ||
| 229 | ERR_R_PEM_LIB); | ||
| 230 | goto err; | ||
| 231 | } | ||
| 232 | } | ||
| 233 | i=X509_STORE_add_crl(ctx->store_ctx,x); | ||
| 234 | if (!i) goto err; | ||
| 235 | count++; | ||
| 236 | X509_CRL_free(x); | ||
| 237 | x=NULL; | ||
| 238 | } | ||
| 239 | ret=count; | ||
| 240 | } | ||
| 241 | else if (type == X509_FILETYPE_ASN1) | ||
| 242 | { | ||
| 243 | x=d2i_X509_CRL_bio(in,NULL); | ||
| 244 | if (x == NULL) | ||
| 245 | { | ||
| 246 | X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB); | ||
| 247 | goto err; | ||
| 248 | } | ||
| 249 | i=X509_STORE_add_crl(ctx->store_ctx,x); | ||
| 250 | if (!i) goto err; | ||
| 251 | ret=i; | ||
| 252 | } | ||
| 253 | else | ||
| 254 | { | ||
| 255 | X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE); | ||
| 256 | goto err; | ||
| 257 | } | ||
| 258 | err: | ||
| 259 | if (x != NULL) X509_CRL_free(x); | ||
| 260 | if (in != NULL) BIO_free(in); | ||
| 261 | return(ret); | ||
| 262 | } | ||
| 263 | |||
| 264 | int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) | ||
| 265 | { | ||
| 266 | STACK_OF(X509_INFO) *inf; | ||
| 267 | X509_INFO *itmp; | ||
| 268 | BIO *in; | ||
| 269 | int i, count = 0; | ||
| 270 | if(type != X509_FILETYPE_PEM) | ||
| 271 | return X509_load_cert_file(ctx, file, type); | ||
| 272 | in = BIO_new_file(file, "r"); | ||
| 273 | if(!in) { | ||
| 274 | X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB); | ||
| 275 | return 0; | ||
| 276 | } | ||
| 277 | inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); | ||
| 278 | BIO_free(in); | ||
| 279 | if(!inf) { | ||
| 280 | X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB); | ||
| 281 | return 0; | ||
| 282 | } | ||
| 283 | for(i = 0; i < sk_X509_INFO_num(inf); i++) { | ||
| 284 | itmp = sk_X509_INFO_value(inf, i); | ||
| 285 | if(itmp->x509) { | ||
| 286 | X509_STORE_add_cert(ctx->store_ctx, itmp->x509); | ||
| 287 | count++; | ||
| 288 | } | ||
| 289 | if(itmp->crl) { | ||
| 290 | X509_STORE_add_crl(ctx->store_ctx, itmp->crl); | ||
| 291 | count++; | ||
| 292 | } | ||
| 293 | } | ||
| 294 | sk_X509_INFO_pop_free(inf, X509_INFO_free); | ||
| 295 | return count; | ||
| 296 | } | ||
| 297 | |||
| 298 | |||
| 299 | #endif /* OPENSSL_NO_STDIO */ | ||
| 300 | |||
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h deleted file mode 100644 index e71b5257e5..0000000000 --- a/src/lib/libcrypto/x509/x509.h +++ /dev/null | |||
| @@ -1,1355 +0,0 @@ | |||
| 1 | /* crypto/x509/x509.h */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * ECDH support in OpenSSL originally developed by | ||
| 61 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 63 | |||
| 64 | #ifndef HEADER_X509_H | ||
| 65 | #define HEADER_X509_H | ||
| 66 | |||
| 67 | #include <openssl/e_os2.h> | ||
| 68 | #include <openssl/symhacks.h> | ||
| 69 | #ifndef OPENSSL_NO_BUFFER | ||
| 70 | #include <openssl/buffer.h> | ||
| 71 | #endif | ||
| 72 | #ifndef OPENSSL_NO_EVP | ||
| 73 | #include <openssl/evp.h> | ||
| 74 | #endif | ||
| 75 | #ifndef OPENSSL_NO_BIO | ||
| 76 | #include <openssl/bio.h> | ||
| 77 | #endif | ||
| 78 | #include <openssl/stack.h> | ||
| 79 | #include <openssl/asn1.h> | ||
| 80 | #include <openssl/safestack.h> | ||
| 81 | |||
| 82 | #ifndef OPENSSL_NO_EC | ||
| 83 | #include <openssl/ec.h> | ||
| 84 | #endif | ||
| 85 | |||
| 86 | #ifndef OPENSSL_NO_ECDSA | ||
| 87 | #include <openssl/ecdsa.h> | ||
| 88 | #endif | ||
| 89 | |||
| 90 | #ifndef OPENSSL_NO_ECDH | ||
| 91 | #include <openssl/ecdh.h> | ||
| 92 | #endif | ||
| 93 | |||
| 94 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 95 | #ifndef OPENSSL_NO_RSA | ||
| 96 | #include <openssl/rsa.h> | ||
| 97 | #endif | ||
| 98 | #ifndef OPENSSL_NO_DSA | ||
| 99 | #include <openssl/dsa.h> | ||
| 100 | #endif | ||
| 101 | #ifndef OPENSSL_NO_DH | ||
| 102 | #include <openssl/dh.h> | ||
| 103 | #endif | ||
| 104 | #endif | ||
| 105 | |||
| 106 | #ifndef OPENSSL_NO_SHA | ||
| 107 | #include <openssl/sha.h> | ||
| 108 | #endif | ||
| 109 | #include <openssl/ossl_typ.h> | ||
| 110 | |||
| 111 | #ifdef __cplusplus | ||
| 112 | extern "C" { | ||
| 113 | #endif | ||
| 114 | |||
| 115 | #ifdef OPENSSL_SYS_WIN32 | ||
| 116 | /* Under Win32 these are defined in wincrypt.h */ | ||
| 117 | #undef X509_NAME | ||
| 118 | #undef X509_CERT_PAIR | ||
| 119 | #endif | ||
| 120 | |||
| 121 | #define X509_FILETYPE_PEM 1 | ||
| 122 | #define X509_FILETYPE_ASN1 2 | ||
| 123 | #define X509_FILETYPE_DEFAULT 3 | ||
| 124 | |||
| 125 | #define X509v3_KU_DIGITAL_SIGNATURE 0x0080 | ||
| 126 | #define X509v3_KU_NON_REPUDIATION 0x0040 | ||
| 127 | #define X509v3_KU_KEY_ENCIPHERMENT 0x0020 | ||
| 128 | #define X509v3_KU_DATA_ENCIPHERMENT 0x0010 | ||
| 129 | #define X509v3_KU_KEY_AGREEMENT 0x0008 | ||
| 130 | #define X509v3_KU_KEY_CERT_SIGN 0x0004 | ||
| 131 | #define X509v3_KU_CRL_SIGN 0x0002 | ||
| 132 | #define X509v3_KU_ENCIPHER_ONLY 0x0001 | ||
| 133 | #define X509v3_KU_DECIPHER_ONLY 0x8000 | ||
| 134 | #define X509v3_KU_UNDEF 0xffff | ||
| 135 | |||
| 136 | typedef struct X509_objects_st | ||
| 137 | { | ||
| 138 | int nid; | ||
| 139 | int (*a2i)(void); | ||
| 140 | int (*i2a)(void); | ||
| 141 | } X509_OBJECTS; | ||
| 142 | |||
| 143 | struct X509_algor_st | ||
| 144 | { | ||
| 145 | ASN1_OBJECT *algorithm; | ||
| 146 | ASN1_TYPE *parameter; | ||
| 147 | } /* X509_ALGOR */; | ||
| 148 | |||
| 149 | DECLARE_ASN1_SET_OF(X509_ALGOR) | ||
| 150 | |||
| 151 | typedef STACK_OF(X509_ALGOR) X509_ALGORS; | ||
| 152 | |||
| 153 | typedef struct X509_val_st | ||
| 154 | { | ||
| 155 | ASN1_TIME *notBefore; | ||
| 156 | ASN1_TIME *notAfter; | ||
| 157 | } X509_VAL; | ||
| 158 | |||
| 159 | typedef struct X509_pubkey_st | ||
| 160 | { | ||
| 161 | X509_ALGOR *algor; | ||
| 162 | ASN1_BIT_STRING *public_key; | ||
| 163 | EVP_PKEY *pkey; | ||
| 164 | } X509_PUBKEY; | ||
| 165 | |||
| 166 | typedef struct X509_sig_st | ||
| 167 | { | ||
| 168 | X509_ALGOR *algor; | ||
| 169 | ASN1_OCTET_STRING *digest; | ||
| 170 | } X509_SIG; | ||
| 171 | |||
| 172 | typedef struct X509_name_entry_st | ||
| 173 | { | ||
| 174 | ASN1_OBJECT *object; | ||
| 175 | ASN1_STRING *value; | ||
| 176 | int set; | ||
| 177 | int size; /* temp variable */ | ||
| 178 | } X509_NAME_ENTRY; | ||
| 179 | |||
| 180 | DECLARE_STACK_OF(X509_NAME_ENTRY) | ||
| 181 | DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) | ||
| 182 | |||
| 183 | /* we always keep X509_NAMEs in 2 forms. */ | ||
| 184 | struct X509_name_st | ||
| 185 | { | ||
| 186 | STACK_OF(X509_NAME_ENTRY) *entries; | ||
| 187 | int modified; /* true if 'bytes' needs to be built */ | ||
| 188 | #ifndef OPENSSL_NO_BUFFER | ||
| 189 | BUF_MEM *bytes; | ||
| 190 | #else | ||
| 191 | char *bytes; | ||
| 192 | #endif | ||
| 193 | unsigned long hash; /* Keep the hash around for lookups */ | ||
| 194 | } /* X509_NAME */; | ||
| 195 | |||
| 196 | DECLARE_STACK_OF(X509_NAME) | ||
| 197 | |||
| 198 | #define X509_EX_V_NETSCAPE_HACK 0x8000 | ||
| 199 | #define X509_EX_V_INIT 0x0001 | ||
| 200 | typedef struct X509_extension_st | ||
| 201 | { | ||
| 202 | ASN1_OBJECT *object; | ||
| 203 | ASN1_BOOLEAN critical; | ||
| 204 | ASN1_OCTET_STRING *value; | ||
| 205 | } X509_EXTENSION; | ||
| 206 | |||
| 207 | typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; | ||
| 208 | |||
| 209 | DECLARE_STACK_OF(X509_EXTENSION) | ||
| 210 | DECLARE_ASN1_SET_OF(X509_EXTENSION) | ||
| 211 | |||
| 212 | /* a sequence of these are used */ | ||
| 213 | typedef struct x509_attributes_st | ||
| 214 | { | ||
| 215 | ASN1_OBJECT *object; | ||
| 216 | int single; /* 0 for a set, 1 for a single item (which is wrong) */ | ||
| 217 | union { | ||
| 218 | char *ptr; | ||
| 219 | /* 0 */ STACK_OF(ASN1_TYPE) *set; | ||
| 220 | /* 1 */ ASN1_TYPE *single; | ||
| 221 | } value; | ||
| 222 | } X509_ATTRIBUTE; | ||
| 223 | |||
| 224 | DECLARE_STACK_OF(X509_ATTRIBUTE) | ||
| 225 | DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) | ||
| 226 | |||
| 227 | |||
| 228 | typedef struct X509_req_info_st | ||
| 229 | { | ||
| 230 | ASN1_ENCODING enc; | ||
| 231 | ASN1_INTEGER *version; | ||
| 232 | X509_NAME *subject; | ||
| 233 | X509_PUBKEY *pubkey; | ||
| 234 | /* d=2 hl=2 l= 0 cons: cont: 00 */ | ||
| 235 | STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ | ||
| 236 | } X509_REQ_INFO; | ||
| 237 | |||
| 238 | typedef struct X509_req_st | ||
| 239 | { | ||
| 240 | X509_REQ_INFO *req_info; | ||
| 241 | X509_ALGOR *sig_alg; | ||
| 242 | ASN1_BIT_STRING *signature; | ||
| 243 | int references; | ||
| 244 | } X509_REQ; | ||
| 245 | |||
| 246 | typedef struct x509_cinf_st | ||
| 247 | { | ||
| 248 | ASN1_INTEGER *version; /* [ 0 ] default of v1 */ | ||
| 249 | ASN1_INTEGER *serialNumber; | ||
| 250 | X509_ALGOR *signature; | ||
| 251 | X509_NAME *issuer; | ||
| 252 | X509_VAL *validity; | ||
| 253 | X509_NAME *subject; | ||
| 254 | X509_PUBKEY *key; | ||
| 255 | ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ | ||
| 256 | ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ | ||
| 257 | STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ | ||
| 258 | } X509_CINF; | ||
| 259 | |||
| 260 | /* This stuff is certificate "auxiliary info" | ||
| 261 | * it contains details which are useful in certificate | ||
| 262 | * stores and databases. When used this is tagged onto | ||
| 263 | * the end of the certificate itself | ||
| 264 | */ | ||
| 265 | |||
| 266 | typedef struct x509_cert_aux_st | ||
| 267 | { | ||
| 268 | STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ | ||
| 269 | STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ | ||
| 270 | ASN1_UTF8STRING *alias; /* "friendly name" */ | ||
| 271 | ASN1_OCTET_STRING *keyid; /* key id of private key */ | ||
| 272 | STACK_OF(X509_ALGOR) *other; /* other unspecified info */ | ||
| 273 | } X509_CERT_AUX; | ||
| 274 | |||
| 275 | struct x509_st | ||
| 276 | { | ||
| 277 | X509_CINF *cert_info; | ||
| 278 | X509_ALGOR *sig_alg; | ||
| 279 | ASN1_BIT_STRING *signature; | ||
| 280 | int valid; | ||
| 281 | int references; | ||
| 282 | char *name; | ||
| 283 | CRYPTO_EX_DATA ex_data; | ||
| 284 | /* These contain copies of various extension values */ | ||
| 285 | long ex_pathlen; | ||
| 286 | long ex_pcpathlen; | ||
| 287 | unsigned long ex_flags; | ||
| 288 | unsigned long ex_kusage; | ||
| 289 | unsigned long ex_xkusage; | ||
| 290 | unsigned long ex_nscert; | ||
| 291 | ASN1_OCTET_STRING *skid; | ||
| 292 | struct AUTHORITY_KEYID_st *akid; | ||
| 293 | X509_POLICY_CACHE *policy_cache; | ||
| 294 | #ifndef OPENSSL_NO_RFC3779 | ||
| 295 | STACK_OF(IPAddressFamily) *rfc3779_addr; | ||
| 296 | struct ASIdentifiers_st *rfc3779_asid; | ||
| 297 | #endif | ||
| 298 | #ifndef OPENSSL_NO_SHA | ||
| 299 | unsigned char sha1_hash[SHA_DIGEST_LENGTH]; | ||
| 300 | #endif | ||
| 301 | X509_CERT_AUX *aux; | ||
| 302 | } /* X509 */; | ||
| 303 | |||
| 304 | DECLARE_STACK_OF(X509) | ||
| 305 | DECLARE_ASN1_SET_OF(X509) | ||
| 306 | |||
| 307 | /* This is used for a table of trust checking functions */ | ||
| 308 | |||
| 309 | typedef struct x509_trust_st { | ||
| 310 | int trust; | ||
| 311 | int flags; | ||
| 312 | int (*check_trust)(struct x509_trust_st *, X509 *, int); | ||
| 313 | char *name; | ||
| 314 | int arg1; | ||
| 315 | void *arg2; | ||
| 316 | } X509_TRUST; | ||
| 317 | |||
| 318 | DECLARE_STACK_OF(X509_TRUST) | ||
| 319 | |||
| 320 | typedef struct x509_cert_pair_st { | ||
| 321 | X509 *forward; | ||
| 322 | X509 *reverse; | ||
| 323 | } X509_CERT_PAIR; | ||
| 324 | |||
| 325 | /* standard trust ids */ | ||
| 326 | |||
| 327 | #define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ | ||
| 328 | |||
| 329 | #define X509_TRUST_COMPAT 1 | ||
| 330 | #define X509_TRUST_SSL_CLIENT 2 | ||
| 331 | #define X509_TRUST_SSL_SERVER 3 | ||
| 332 | #define X509_TRUST_EMAIL 4 | ||
| 333 | #define X509_TRUST_OBJECT_SIGN 5 | ||
| 334 | #define X509_TRUST_OCSP_SIGN 6 | ||
| 335 | #define X509_TRUST_OCSP_REQUEST 7 | ||
| 336 | |||
| 337 | /* Keep these up to date! */ | ||
| 338 | #define X509_TRUST_MIN 1 | ||
| 339 | #define X509_TRUST_MAX 7 | ||
| 340 | |||
| 341 | |||
| 342 | /* trust_flags values */ | ||
| 343 | #define X509_TRUST_DYNAMIC 1 | ||
| 344 | #define X509_TRUST_DYNAMIC_NAME 2 | ||
| 345 | |||
| 346 | /* check_trust return codes */ | ||
| 347 | |||
| 348 | #define X509_TRUST_TRUSTED 1 | ||
| 349 | #define X509_TRUST_REJECTED 2 | ||
| 350 | #define X509_TRUST_UNTRUSTED 3 | ||
| 351 | |||
| 352 | /* Flags for X509_print_ex() */ | ||
| 353 | |||
| 354 | #define X509_FLAG_COMPAT 0 | ||
| 355 | #define X509_FLAG_NO_HEADER 1L | ||
| 356 | #define X509_FLAG_NO_VERSION (1L << 1) | ||
| 357 | #define X509_FLAG_NO_SERIAL (1L << 2) | ||
| 358 | #define X509_FLAG_NO_SIGNAME (1L << 3) | ||
| 359 | #define X509_FLAG_NO_ISSUER (1L << 4) | ||
| 360 | #define X509_FLAG_NO_VALIDITY (1L << 5) | ||
| 361 | #define X509_FLAG_NO_SUBJECT (1L << 6) | ||
| 362 | #define X509_FLAG_NO_PUBKEY (1L << 7) | ||
| 363 | #define X509_FLAG_NO_EXTENSIONS (1L << 8) | ||
| 364 | #define X509_FLAG_NO_SIGDUMP (1L << 9) | ||
| 365 | #define X509_FLAG_NO_AUX (1L << 10) | ||
| 366 | #define X509_FLAG_NO_ATTRIBUTES (1L << 11) | ||
| 367 | |||
| 368 | /* Flags specific to X509_NAME_print_ex() */ | ||
| 369 | |||
| 370 | /* The field separator information */ | ||
| 371 | |||
| 372 | #define XN_FLAG_SEP_MASK (0xf << 16) | ||
| 373 | |||
| 374 | #define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */ | ||
| 375 | #define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */ | ||
| 376 | #define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */ | ||
| 377 | #define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */ | ||
| 378 | #define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */ | ||
| 379 | |||
| 380 | #define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */ | ||
| 381 | |||
| 382 | /* How the field name is shown */ | ||
| 383 | |||
| 384 | #define XN_FLAG_FN_MASK (0x3 << 21) | ||
| 385 | |||
| 386 | #define XN_FLAG_FN_SN 0 /* Object short name */ | ||
| 387 | #define XN_FLAG_FN_LN (1 << 21) /* Object long name */ | ||
| 388 | #define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */ | ||
| 389 | #define XN_FLAG_FN_NONE (3 << 21) /* No field names */ | ||
| 390 | |||
| 391 | #define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */ | ||
| 392 | |||
| 393 | /* This determines if we dump fields we don't recognise: | ||
| 394 | * RFC2253 requires this. | ||
| 395 | */ | ||
| 396 | |||
| 397 | #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) | ||
| 398 | |||
| 399 | #define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */ | ||
| 400 | |||
| 401 | /* Complete set of RFC2253 flags */ | ||
| 402 | |||
| 403 | #define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ | ||
| 404 | XN_FLAG_SEP_COMMA_PLUS | \ | ||
| 405 | XN_FLAG_DN_REV | \ | ||
| 406 | XN_FLAG_FN_SN | \ | ||
| 407 | XN_FLAG_DUMP_UNKNOWN_FIELDS) | ||
| 408 | |||
| 409 | /* readable oneline form */ | ||
| 410 | |||
| 411 | #define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ | ||
| 412 | ASN1_STRFLGS_ESC_QUOTE | \ | ||
| 413 | XN_FLAG_SEP_CPLUS_SPC | \ | ||
| 414 | XN_FLAG_SPC_EQ | \ | ||
| 415 | XN_FLAG_FN_SN) | ||
| 416 | |||
| 417 | /* readable multiline form */ | ||
| 418 | |||
| 419 | #define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ | ||
| 420 | ASN1_STRFLGS_ESC_MSB | \ | ||
| 421 | XN_FLAG_SEP_MULTILINE | \ | ||
| 422 | XN_FLAG_SPC_EQ | \ | ||
| 423 | XN_FLAG_FN_LN | \ | ||
| 424 | XN_FLAG_FN_ALIGN) | ||
| 425 | |||
| 426 | typedef struct X509_revoked_st | ||
| 427 | { | ||
| 428 | ASN1_INTEGER *serialNumber; | ||
| 429 | ASN1_TIME *revocationDate; | ||
| 430 | STACK_OF(X509_EXTENSION) /* optional */ *extensions; | ||
| 431 | int sequence; /* load sequence */ | ||
| 432 | } X509_REVOKED; | ||
| 433 | |||
| 434 | DECLARE_STACK_OF(X509_REVOKED) | ||
| 435 | DECLARE_ASN1_SET_OF(X509_REVOKED) | ||
| 436 | |||
| 437 | typedef struct X509_crl_info_st | ||
| 438 | { | ||
| 439 | ASN1_INTEGER *version; | ||
| 440 | X509_ALGOR *sig_alg; | ||
| 441 | X509_NAME *issuer; | ||
| 442 | ASN1_TIME *lastUpdate; | ||
| 443 | ASN1_TIME *nextUpdate; | ||
| 444 | STACK_OF(X509_REVOKED) *revoked; | ||
| 445 | STACK_OF(X509_EXTENSION) /* [0] */ *extensions; | ||
| 446 | ASN1_ENCODING enc; | ||
| 447 | } X509_CRL_INFO; | ||
| 448 | |||
| 449 | struct X509_crl_st | ||
| 450 | { | ||
| 451 | /* actual signature */ | ||
| 452 | X509_CRL_INFO *crl; | ||
| 453 | X509_ALGOR *sig_alg; | ||
| 454 | ASN1_BIT_STRING *signature; | ||
| 455 | int references; | ||
| 456 | } /* X509_CRL */; | ||
| 457 | |||
| 458 | DECLARE_STACK_OF(X509_CRL) | ||
| 459 | DECLARE_ASN1_SET_OF(X509_CRL) | ||
| 460 | |||
| 461 | typedef struct private_key_st | ||
| 462 | { | ||
| 463 | int version; | ||
| 464 | /* The PKCS#8 data types */ | ||
| 465 | X509_ALGOR *enc_algor; | ||
| 466 | ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ | ||
| 467 | |||
| 468 | /* When decrypted, the following will not be NULL */ | ||
| 469 | EVP_PKEY *dec_pkey; | ||
| 470 | |||
| 471 | /* used to encrypt and decrypt */ | ||
| 472 | int key_length; | ||
| 473 | char *key_data; | ||
| 474 | int key_free; /* true if we should auto free key_data */ | ||
| 475 | |||
| 476 | /* expanded version of 'enc_algor' */ | ||
| 477 | EVP_CIPHER_INFO cipher; | ||
| 478 | |||
| 479 | int references; | ||
| 480 | } X509_PKEY; | ||
| 481 | |||
| 482 | #ifndef OPENSSL_NO_EVP | ||
| 483 | typedef struct X509_info_st | ||
| 484 | { | ||
| 485 | X509 *x509; | ||
| 486 | X509_CRL *crl; | ||
| 487 | X509_PKEY *x_pkey; | ||
| 488 | |||
| 489 | EVP_CIPHER_INFO enc_cipher; | ||
| 490 | int enc_len; | ||
| 491 | char *enc_data; | ||
| 492 | |||
| 493 | int references; | ||
| 494 | } X509_INFO; | ||
| 495 | |||
| 496 | DECLARE_STACK_OF(X509_INFO) | ||
| 497 | #endif | ||
| 498 | |||
| 499 | /* The next 2 structures and their 8 routines were sent to me by | ||
| 500 | * Pat Richard <patr@x509.com> and are used to manipulate | ||
| 501 | * Netscapes spki structures - useful if you are writing a CA web page | ||
| 502 | */ | ||
| 503 | typedef struct Netscape_spkac_st | ||
| 504 | { | ||
| 505 | X509_PUBKEY *pubkey; | ||
| 506 | ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ | ||
| 507 | } NETSCAPE_SPKAC; | ||
| 508 | |||
| 509 | typedef struct Netscape_spki_st | ||
| 510 | { | ||
| 511 | NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ | ||
| 512 | X509_ALGOR *sig_algor; | ||
| 513 | ASN1_BIT_STRING *signature; | ||
| 514 | } NETSCAPE_SPKI; | ||
| 515 | |||
| 516 | /* Netscape certificate sequence structure */ | ||
| 517 | typedef struct Netscape_certificate_sequence | ||
| 518 | { | ||
| 519 | ASN1_OBJECT *type; | ||
| 520 | STACK_OF(X509) *certs; | ||
| 521 | } NETSCAPE_CERT_SEQUENCE; | ||
| 522 | |||
| 523 | /* Unused (and iv length is wrong) | ||
| 524 | typedef struct CBCParameter_st | ||
| 525 | { | ||
| 526 | unsigned char iv[8]; | ||
| 527 | } CBC_PARAM; | ||
| 528 | */ | ||
| 529 | |||
| 530 | /* Password based encryption structure */ | ||
| 531 | |||
| 532 | typedef struct PBEPARAM_st { | ||
| 533 | ASN1_OCTET_STRING *salt; | ||
| 534 | ASN1_INTEGER *iter; | ||
| 535 | } PBEPARAM; | ||
| 536 | |||
| 537 | /* Password based encryption V2 structures */ | ||
| 538 | |||
| 539 | typedef struct PBE2PARAM_st { | ||
| 540 | X509_ALGOR *keyfunc; | ||
| 541 | X509_ALGOR *encryption; | ||
| 542 | } PBE2PARAM; | ||
| 543 | |||
| 544 | typedef struct PBKDF2PARAM_st { | ||
| 545 | ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ | ||
| 546 | ASN1_INTEGER *iter; | ||
| 547 | ASN1_INTEGER *keylength; | ||
| 548 | X509_ALGOR *prf; | ||
| 549 | } PBKDF2PARAM; | ||
| 550 | |||
| 551 | |||
| 552 | /* PKCS#8 private key info structure */ | ||
| 553 | |||
| 554 | typedef struct pkcs8_priv_key_info_st | ||
| 555 | { | ||
| 556 | int broken; /* Flag for various broken formats */ | ||
| 557 | #define PKCS8_OK 0 | ||
| 558 | #define PKCS8_NO_OCTET 1 | ||
| 559 | #define PKCS8_EMBEDDED_PARAM 2 | ||
| 560 | #define PKCS8_NS_DB 3 | ||
| 561 | ASN1_INTEGER *version; | ||
| 562 | X509_ALGOR *pkeyalg; | ||
| 563 | ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ | ||
| 564 | STACK_OF(X509_ATTRIBUTE) *attributes; | ||
| 565 | } PKCS8_PRIV_KEY_INFO; | ||
| 566 | |||
| 567 | #ifdef __cplusplus | ||
| 568 | } | ||
| 569 | #endif | ||
| 570 | |||
| 571 | #include <openssl/x509_vfy.h> | ||
| 572 | #include <openssl/pkcs7.h> | ||
| 573 | |||
| 574 | #ifdef __cplusplus | ||
| 575 | extern "C" { | ||
| 576 | #endif | ||
| 577 | |||
| 578 | #ifdef SSLEAY_MACROS | ||
| 579 | #define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ | ||
| 580 | a->signature,(char *)a->cert_info,r) | ||
| 581 | #define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ | ||
| 582 | a->sig_alg,a->signature,(char *)a->req_info,r) | ||
| 583 | #define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ | ||
| 584 | a->sig_alg, a->signature,(char *)a->crl,r) | ||
| 585 | |||
| 586 | #define X509_sign(x,pkey,md) \ | ||
| 587 | ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ | ||
| 588 | x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) | ||
| 589 | #define X509_REQ_sign(x,pkey,md) \ | ||
| 590 | ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ | ||
| 591 | x->signature, (char *)x->req_info,pkey,md) | ||
| 592 | #define X509_CRL_sign(x,pkey,md) \ | ||
| 593 | ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ | ||
| 594 | x->signature, (char *)x->crl,pkey,md) | ||
| 595 | #define NETSCAPE_SPKI_sign(x,pkey,md) \ | ||
| 596 | ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ | ||
| 597 | x->signature, (char *)x->spkac,pkey,md) | ||
| 598 | |||
| 599 | #define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ | ||
| 600 | (char *(*)())d2i_X509,(char *)x509) | ||
| 601 | #define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ | ||
| 602 | (int (*)())i2d_X509_ATTRIBUTE, \ | ||
| 603 | (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) | ||
| 604 | #define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ | ||
| 605 | (int (*)())i2d_X509_EXTENSION, \ | ||
| 606 | (char *(*)())d2i_X509_EXTENSION,(char *)ex) | ||
| 607 | #define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ | ||
| 608 | (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) | ||
| 609 | #define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) | ||
| 610 | #define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ | ||
| 611 | (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) | ||
| 612 | #define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) | ||
| 613 | |||
| 614 | #define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ | ||
| 615 | (char *(*)())d2i_X509_CRL,(char *)crl) | ||
| 616 | #define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ | ||
| 617 | X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ | ||
| 618 | (unsigned char **)(crl)) | ||
| 619 | #define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ | ||
| 620 | (unsigned char *)crl) | ||
| 621 | #define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ | ||
| 622 | X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ | ||
| 623 | (unsigned char **)(crl)) | ||
| 624 | #define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ | ||
| 625 | (unsigned char *)crl) | ||
| 626 | |||
| 627 | #define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ | ||
| 628 | (char *(*)())d2i_PKCS7,(char *)p7) | ||
| 629 | #define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ | ||
| 630 | PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ | ||
| 631 | (unsigned char **)(p7)) | ||
| 632 | #define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ | ||
| 633 | (unsigned char *)p7) | ||
| 634 | #define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ | ||
| 635 | PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ | ||
| 636 | (unsigned char **)(p7)) | ||
| 637 | #define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ | ||
| 638 | (unsigned char *)p7) | ||
| 639 | |||
| 640 | #define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ | ||
| 641 | (char *(*)())d2i_X509_REQ,(char *)req) | ||
| 642 | #define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ | ||
| 643 | X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ | ||
| 644 | (unsigned char **)(req)) | ||
| 645 | #define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ | ||
| 646 | (unsigned char *)req) | ||
| 647 | #define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ | ||
| 648 | X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ | ||
| 649 | (unsigned char **)(req)) | ||
| 650 | #define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ | ||
| 651 | (unsigned char *)req) | ||
| 652 | |||
| 653 | #define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ | ||
| 654 | (char *(*)())d2i_RSAPublicKey,(char *)rsa) | ||
| 655 | #define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ | ||
| 656 | (char *(*)())d2i_RSAPrivateKey,(char *)rsa) | ||
| 657 | |||
| 658 | #define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ | ||
| 659 | RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ | ||
| 660 | (unsigned char **)(rsa)) | ||
| 661 | #define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ | ||
| 662 | (unsigned char *)rsa) | ||
| 663 | #define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ | ||
| 664 | RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ | ||
| 665 | (unsigned char **)(rsa)) | ||
| 666 | #define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ | ||
| 667 | (unsigned char *)rsa) | ||
| 668 | |||
| 669 | #define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ | ||
| 670 | RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ | ||
| 671 | (unsigned char **)(rsa)) | ||
| 672 | #define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ | ||
| 673 | (unsigned char *)rsa) | ||
| 674 | #define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ | ||
| 675 | RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ | ||
| 676 | (unsigned char **)(rsa)) | ||
| 677 | #define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ | ||
| 678 | (unsigned char *)rsa) | ||
| 679 | |||
| 680 | #define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ | ||
| 681 | DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ | ||
| 682 | (unsigned char **)(dsa)) | ||
| 683 | #define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ | ||
| 684 | (unsigned char *)dsa) | ||
| 685 | #define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ | ||
| 686 | DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ | ||
| 687 | (unsigned char **)(dsa)) | ||
| 688 | #define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ | ||
| 689 | (unsigned char *)dsa) | ||
| 690 | |||
| 691 | #define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\ | ||
| 692 | EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \ | ||
| 693 | (unsigned char **)(ecdsa)) | ||
| 694 | #define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \ | ||
| 695 | (unsigned char *)ecdsa) | ||
| 696 | #define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\ | ||
| 697 | EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \ | ||
| 698 | (unsigned char **)(ecdsa)) | ||
| 699 | #define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \ | ||
| 700 | (unsigned char *)ecdsa) | ||
| 701 | |||
| 702 | #define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ | ||
| 703 | (char *(*)())d2i_X509_ALGOR,(char *)xn) | ||
| 704 | |||
| 705 | #define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ | ||
| 706 | (char *(*)())d2i_X509_NAME,(char *)xn) | ||
| 707 | #define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ | ||
| 708 | (int (*)())i2d_X509_NAME_ENTRY, \ | ||
| 709 | (char *(*)())d2i_X509_NAME_ENTRY,\ | ||
| 710 | (char *)ne) | ||
| 711 | |||
| 712 | #define X509_digest(data,type,md,len) \ | ||
| 713 | ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) | ||
| 714 | #define X509_NAME_digest(data,type,md,len) \ | ||
| 715 | ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) | ||
| 716 | #ifndef PKCS7_ISSUER_AND_SERIAL_digest | ||
| 717 | #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ | ||
| 718 | ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ | ||
| 719 | (char *)data,md,len) | ||
| 720 | #endif | ||
| 721 | #endif | ||
| 722 | |||
| 723 | #define X509_EXT_PACK_UNKNOWN 1 | ||
| 724 | #define X509_EXT_PACK_STRING 2 | ||
| 725 | |||
| 726 | #define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) | ||
| 727 | /* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ | ||
| 728 | #define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) | ||
| 729 | #define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) | ||
| 730 | #define X509_extract_key(x) X509_get_pubkey(x) /*****/ | ||
| 731 | #define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) | ||
| 732 | #define X509_REQ_get_subject_name(x) ((x)->req_info->subject) | ||
| 733 | #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) | ||
| 734 | #define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) | ||
| 735 | #define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) | ||
| 736 | |||
| 737 | #define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) | ||
| 738 | #define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) | ||
| 739 | #define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) | ||
| 740 | #define X509_CRL_get_issuer(x) ((x)->crl->issuer) | ||
| 741 | #define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) | ||
| 742 | |||
| 743 | /* This one is only used so that a binary form can output, as in | ||
| 744 | * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ | ||
| 745 | #define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) | ||
| 746 | |||
| 747 | |||
| 748 | const char *X509_verify_cert_error_string(long n); | ||
| 749 | |||
| 750 | #ifndef SSLEAY_MACROS | ||
| 751 | #ifndef OPENSSL_NO_EVP | ||
| 752 | int X509_verify(X509 *a, EVP_PKEY *r); | ||
| 753 | |||
| 754 | int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); | ||
| 755 | int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); | ||
| 756 | int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); | ||
| 757 | |||
| 758 | NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len); | ||
| 759 | char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); | ||
| 760 | EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); | ||
| 761 | int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); | ||
| 762 | |||
| 763 | int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); | ||
| 764 | |||
| 765 | int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig); | ||
| 766 | |||
| 767 | int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); | ||
| 768 | int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); | ||
| 769 | int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); | ||
| 770 | int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); | ||
| 771 | |||
| 772 | int X509_pubkey_digest(const X509 *data,const EVP_MD *type, | ||
| 773 | unsigned char *md, unsigned int *len); | ||
| 774 | int X509_digest(const X509 *data,const EVP_MD *type, | ||
| 775 | unsigned char *md, unsigned int *len); | ||
| 776 | int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type, | ||
| 777 | unsigned char *md, unsigned int *len); | ||
| 778 | int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type, | ||
| 779 | unsigned char *md, unsigned int *len); | ||
| 780 | int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, | ||
| 781 | unsigned char *md, unsigned int *len); | ||
| 782 | #endif | ||
| 783 | |||
| 784 | #ifndef OPENSSL_NO_FP_API | ||
| 785 | X509 *d2i_X509_fp(FILE *fp, X509 **x509); | ||
| 786 | int i2d_X509_fp(FILE *fp,X509 *x509); | ||
| 787 | X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); | ||
| 788 | int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); | ||
| 789 | X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req); | ||
| 790 | int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); | ||
| 791 | #ifndef OPENSSL_NO_RSA | ||
| 792 | RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa); | ||
| 793 | int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); | ||
| 794 | RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); | ||
| 795 | int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); | ||
| 796 | RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa); | ||
| 797 | int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); | ||
| 798 | #endif | ||
| 799 | #ifndef OPENSSL_NO_DSA | ||
| 800 | DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); | ||
| 801 | int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); | ||
| 802 | DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); | ||
| 803 | int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); | ||
| 804 | #endif | ||
| 805 | #ifndef OPENSSL_NO_EC | ||
| 806 | EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); | ||
| 807 | int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); | ||
| 808 | EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); | ||
| 809 | int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); | ||
| 810 | #endif | ||
| 811 | X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); | ||
| 812 | int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); | ||
| 813 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, | ||
| 814 | PKCS8_PRIV_KEY_INFO **p8inf); | ||
| 815 | int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); | ||
| 816 | int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); | ||
| 817 | int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); | ||
| 818 | EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); | ||
| 819 | int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); | ||
| 820 | EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); | ||
| 821 | #endif | ||
| 822 | |||
| 823 | #ifndef OPENSSL_NO_BIO | ||
| 824 | X509 *d2i_X509_bio(BIO *bp,X509 **x509); | ||
| 825 | int i2d_X509_bio(BIO *bp,X509 *x509); | ||
| 826 | X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl); | ||
| 827 | int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); | ||
| 828 | X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req); | ||
| 829 | int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); | ||
| 830 | #ifndef OPENSSL_NO_RSA | ||
| 831 | RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); | ||
| 832 | int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); | ||
| 833 | RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); | ||
| 834 | int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); | ||
| 835 | RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa); | ||
| 836 | int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa); | ||
| 837 | #endif | ||
| 838 | #ifndef OPENSSL_NO_DSA | ||
| 839 | DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); | ||
| 840 | int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); | ||
| 841 | DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); | ||
| 842 | int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); | ||
| 843 | #endif | ||
| 844 | #ifndef OPENSSL_NO_EC | ||
| 845 | EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); | ||
| 846 | int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); | ||
| 847 | EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); | ||
| 848 | int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); | ||
| 849 | #endif | ||
| 850 | X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); | ||
| 851 | int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); | ||
| 852 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, | ||
| 853 | PKCS8_PRIV_KEY_INFO **p8inf); | ||
| 854 | int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); | ||
| 855 | int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); | ||
| 856 | int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); | ||
| 857 | EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); | ||
| 858 | int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); | ||
| 859 | EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); | ||
| 860 | #endif | ||
| 861 | |||
| 862 | X509 *X509_dup(X509 *x509); | ||
| 863 | X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); | ||
| 864 | X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); | ||
| 865 | X509_CRL *X509_CRL_dup(X509_CRL *crl); | ||
| 866 | X509_REQ *X509_REQ_dup(X509_REQ *req); | ||
| 867 | X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); | ||
| 868 | int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); | ||
| 869 | void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, | ||
| 870 | X509_ALGOR *algor); | ||
| 871 | |||
| 872 | X509_NAME *X509_NAME_dup(X509_NAME *xn); | ||
| 873 | X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); | ||
| 874 | |||
| 875 | #endif /* !SSLEAY_MACROS */ | ||
| 876 | |||
| 877 | int X509_cmp_time(ASN1_TIME *s, time_t *t); | ||
| 878 | int X509_cmp_current_time(ASN1_TIME *s); | ||
| 879 | ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t); | ||
| 880 | ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj); | ||
| 881 | |||
| 882 | const char * X509_get_default_cert_area(void ); | ||
| 883 | const char * X509_get_default_cert_dir(void ); | ||
| 884 | const char * X509_get_default_cert_file(void ); | ||
| 885 | const char * X509_get_default_cert_dir_env(void ); | ||
| 886 | const char * X509_get_default_cert_file_env(void ); | ||
| 887 | const char * X509_get_default_private_dir(void ); | ||
| 888 | |||
| 889 | X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); | ||
| 890 | X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); | ||
| 891 | |||
| 892 | DECLARE_ASN1_FUNCTIONS(X509_ALGOR) | ||
| 893 | DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) | ||
| 894 | DECLARE_ASN1_FUNCTIONS(X509_VAL) | ||
| 895 | |||
| 896 | DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) | ||
| 897 | |||
| 898 | int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); | ||
| 899 | EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); | ||
| 900 | int X509_get_pubkey_parameters(EVP_PKEY *pkey, | ||
| 901 | STACK_OF(X509) *chain); | ||
| 902 | int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); | ||
| 903 | EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, | ||
| 904 | long length); | ||
| 905 | #ifndef OPENSSL_NO_RSA | ||
| 906 | int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); | ||
| 907 | RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp, | ||
| 908 | long length); | ||
| 909 | #endif | ||
| 910 | #ifndef OPENSSL_NO_DSA | ||
| 911 | int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); | ||
| 912 | DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp, | ||
| 913 | long length); | ||
| 914 | #endif | ||
| 915 | #ifndef OPENSSL_NO_EC | ||
| 916 | int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); | ||
| 917 | EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, | ||
| 918 | long length); | ||
| 919 | #endif | ||
| 920 | |||
| 921 | DECLARE_ASN1_FUNCTIONS(X509_SIG) | ||
| 922 | DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) | ||
| 923 | DECLARE_ASN1_FUNCTIONS(X509_REQ) | ||
| 924 | |||
| 925 | DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) | ||
| 926 | X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); | ||
| 927 | |||
| 928 | DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) | ||
| 929 | DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) | ||
| 930 | |||
| 931 | DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) | ||
| 932 | |||
| 933 | DECLARE_ASN1_FUNCTIONS(X509_NAME) | ||
| 934 | |||
| 935 | int X509_NAME_set(X509_NAME **xn, X509_NAME *name); | ||
| 936 | |||
| 937 | DECLARE_ASN1_FUNCTIONS(X509_CINF) | ||
| 938 | |||
| 939 | DECLARE_ASN1_FUNCTIONS(X509) | ||
| 940 | DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) | ||
| 941 | |||
| 942 | DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) | ||
| 943 | |||
| 944 | int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 945 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
| 946 | int X509_set_ex_data(X509 *r, int idx, void *arg); | ||
| 947 | void *X509_get_ex_data(X509 *r, int idx); | ||
| 948 | int i2d_X509_AUX(X509 *a,unsigned char **pp); | ||
| 949 | X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); | ||
| 950 | |||
| 951 | int X509_alias_set1(X509 *x, unsigned char *name, int len); | ||
| 952 | int X509_keyid_set1(X509 *x, unsigned char *id, int len); | ||
| 953 | unsigned char * X509_alias_get0(X509 *x, int *len); | ||
| 954 | unsigned char * X509_keyid_get0(X509 *x, int *len); | ||
| 955 | int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); | ||
| 956 | int X509_TRUST_set(int *t, int trust); | ||
| 957 | int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); | ||
| 958 | int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); | ||
| 959 | void X509_trust_clear(X509 *x); | ||
| 960 | void X509_reject_clear(X509 *x); | ||
| 961 | |||
| 962 | DECLARE_ASN1_FUNCTIONS(X509_REVOKED) | ||
| 963 | DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) | ||
| 964 | DECLARE_ASN1_FUNCTIONS(X509_CRL) | ||
| 965 | |||
| 966 | int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); | ||
| 967 | |||
| 968 | X509_PKEY * X509_PKEY_new(void ); | ||
| 969 | void X509_PKEY_free(X509_PKEY *a); | ||
| 970 | int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); | ||
| 971 | X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length); | ||
| 972 | |||
| 973 | DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) | ||
| 974 | DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) | ||
| 975 | DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) | ||
| 976 | |||
| 977 | #ifndef OPENSSL_NO_EVP | ||
| 978 | X509_INFO * X509_INFO_new(void); | ||
| 979 | void X509_INFO_free(X509_INFO *a); | ||
| 980 | char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); | ||
| 981 | |||
| 982 | int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, | ||
| 983 | ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); | ||
| 984 | |||
| 985 | int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data, | ||
| 986 | unsigned char *md,unsigned int *len); | ||
| 987 | |||
| 988 | int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, | ||
| 989 | X509_ALGOR *algor2, ASN1_BIT_STRING *signature, | ||
| 990 | char *data,EVP_PKEY *pkey, const EVP_MD *type); | ||
| 991 | |||
| 992 | int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, | ||
| 993 | unsigned char *md,unsigned int *len); | ||
| 994 | |||
| 995 | int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, | ||
| 996 | ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey); | ||
| 997 | |||
| 998 | int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | ||
| 999 | ASN1_BIT_STRING *signature, | ||
| 1000 | void *data, EVP_PKEY *pkey, const EVP_MD *type); | ||
| 1001 | #endif | ||
| 1002 | |||
| 1003 | int X509_set_version(X509 *x,long version); | ||
| 1004 | int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); | ||
| 1005 | ASN1_INTEGER * X509_get_serialNumber(X509 *x); | ||
| 1006 | int X509_set_issuer_name(X509 *x, X509_NAME *name); | ||
| 1007 | X509_NAME * X509_get_issuer_name(X509 *a); | ||
| 1008 | int X509_set_subject_name(X509 *x, X509_NAME *name); | ||
| 1009 | X509_NAME * X509_get_subject_name(X509 *a); | ||
| 1010 | int X509_set_notBefore(X509 *x, ASN1_TIME *tm); | ||
| 1011 | int X509_set_notAfter(X509 *x, ASN1_TIME *tm); | ||
| 1012 | int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); | ||
| 1013 | EVP_PKEY * X509_get_pubkey(X509 *x); | ||
| 1014 | ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x); | ||
| 1015 | int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); | ||
| 1016 | |||
| 1017 | int X509_REQ_set_version(X509_REQ *x,long version); | ||
| 1018 | int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); | ||
| 1019 | int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); | ||
| 1020 | EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); | ||
| 1021 | int X509_REQ_extension_nid(int nid); | ||
| 1022 | int * X509_REQ_get_extension_nids(void); | ||
| 1023 | void X509_REQ_set_extension_nids(int *nids); | ||
| 1024 | STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); | ||
| 1025 | int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, | ||
| 1026 | int nid); | ||
| 1027 | int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); | ||
| 1028 | int X509_REQ_get_attr_count(const X509_REQ *req); | ||
| 1029 | int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, | ||
| 1030 | int lastpos); | ||
| 1031 | int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, | ||
| 1032 | int lastpos); | ||
| 1033 | X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); | ||
| 1034 | X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); | ||
| 1035 | int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); | ||
| 1036 | int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, | ||
| 1037 | const ASN1_OBJECT *obj, int type, | ||
| 1038 | const unsigned char *bytes, int len); | ||
| 1039 | int X509_REQ_add1_attr_by_NID(X509_REQ *req, | ||
| 1040 | int nid, int type, | ||
| 1041 | const unsigned char *bytes, int len); | ||
| 1042 | int X509_REQ_add1_attr_by_txt(X509_REQ *req, | ||
| 1043 | const char *attrname, int type, | ||
| 1044 | const unsigned char *bytes, int len); | ||
| 1045 | |||
| 1046 | int X509_CRL_set_version(X509_CRL *x, long version); | ||
| 1047 | int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); | ||
| 1048 | int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm); | ||
| 1049 | int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm); | ||
| 1050 | int X509_CRL_sort(X509_CRL *crl); | ||
| 1051 | |||
| 1052 | int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); | ||
| 1053 | int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); | ||
| 1054 | |||
| 1055 | int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); | ||
| 1056 | |||
| 1057 | int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); | ||
| 1058 | |||
| 1059 | int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); | ||
| 1060 | unsigned long X509_issuer_and_serial_hash(X509 *a); | ||
| 1061 | |||
| 1062 | int X509_issuer_name_cmp(const X509 *a, const X509 *b); | ||
| 1063 | unsigned long X509_issuer_name_hash(X509 *a); | ||
| 1064 | |||
| 1065 | int X509_subject_name_cmp(const X509 *a, const X509 *b); | ||
| 1066 | unsigned long X509_subject_name_hash(X509 *x); | ||
| 1067 | |||
| 1068 | int X509_cmp(const X509 *a, const X509 *b); | ||
| 1069 | int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); | ||
| 1070 | unsigned long X509_NAME_hash(X509_NAME *x); | ||
| 1071 | |||
| 1072 | int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); | ||
| 1073 | #ifndef OPENSSL_NO_FP_API | ||
| 1074 | int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); | ||
| 1075 | int X509_print_fp(FILE *bp,X509 *x); | ||
| 1076 | int X509_CRL_print_fp(FILE *bp,X509_CRL *x); | ||
| 1077 | int X509_REQ_print_fp(FILE *bp,X509_REQ *req); | ||
| 1078 | int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); | ||
| 1079 | #endif | ||
| 1080 | |||
| 1081 | #ifndef OPENSSL_NO_BIO | ||
| 1082 | int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); | ||
| 1083 | int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); | ||
| 1084 | int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); | ||
| 1085 | int X509_print(BIO *bp,X509 *x); | ||
| 1086 | int X509_ocspid_print(BIO *bp,X509 *x); | ||
| 1087 | int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); | ||
| 1088 | int X509_CRL_print(BIO *bp,X509_CRL *x); | ||
| 1089 | int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); | ||
| 1090 | int X509_REQ_print(BIO *bp,X509_REQ *req); | ||
| 1091 | #endif | ||
| 1092 | |||
| 1093 | int X509_NAME_entry_count(X509_NAME *name); | ||
| 1094 | int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, | ||
| 1095 | char *buf,int len); | ||
| 1096 | int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, | ||
| 1097 | char *buf,int len); | ||
| 1098 | |||
| 1099 | /* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use | ||
| 1100 | * lastpos, search after that position on. */ | ||
| 1101 | int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); | ||
| 1102 | int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, | ||
| 1103 | int lastpos); | ||
| 1104 | X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); | ||
| 1105 | X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); | ||
| 1106 | int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, | ||
| 1107 | int loc, int set); | ||
| 1108 | int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, | ||
| 1109 | unsigned char *bytes, int len, int loc, int set); | ||
| 1110 | int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, | ||
| 1111 | unsigned char *bytes, int len, int loc, int set); | ||
| 1112 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, | ||
| 1113 | const char *field, int type, const unsigned char *bytes, int len); | ||
| 1114 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, | ||
| 1115 | int type,unsigned char *bytes, int len); | ||
| 1116 | int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, | ||
| 1117 | const unsigned char *bytes, int len, int loc, int set); | ||
| 1118 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, | ||
| 1119 | ASN1_OBJECT *obj, int type,const unsigned char *bytes, | ||
| 1120 | int len); | ||
| 1121 | int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, | ||
| 1122 | ASN1_OBJECT *obj); | ||
| 1123 | int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, | ||
| 1124 | const unsigned char *bytes, int len); | ||
| 1125 | ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); | ||
| 1126 | ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); | ||
| 1127 | |||
| 1128 | int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); | ||
| 1129 | int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, | ||
| 1130 | int nid, int lastpos); | ||
| 1131 | int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, | ||
| 1132 | ASN1_OBJECT *obj,int lastpos); | ||
| 1133 | int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, | ||
| 1134 | int crit, int lastpos); | ||
| 1135 | X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); | ||
| 1136 | X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); | ||
| 1137 | STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, | ||
| 1138 | X509_EXTENSION *ex, int loc); | ||
| 1139 | |||
| 1140 | int X509_get_ext_count(X509 *x); | ||
| 1141 | int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); | ||
| 1142 | int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); | ||
| 1143 | int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); | ||
| 1144 | X509_EXTENSION *X509_get_ext(X509 *x, int loc); | ||
| 1145 | X509_EXTENSION *X509_delete_ext(X509 *x, int loc); | ||
| 1146 | int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); | ||
| 1147 | void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); | ||
| 1148 | int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, | ||
| 1149 | unsigned long flags); | ||
| 1150 | |||
| 1151 | int X509_CRL_get_ext_count(X509_CRL *x); | ||
| 1152 | int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); | ||
| 1153 | int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos); | ||
| 1154 | int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); | ||
| 1155 | X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); | ||
| 1156 | X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); | ||
| 1157 | int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); | ||
| 1158 | void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); | ||
| 1159 | int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, | ||
| 1160 | unsigned long flags); | ||
| 1161 | |||
| 1162 | int X509_REVOKED_get_ext_count(X509_REVOKED *x); | ||
| 1163 | int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); | ||
| 1164 | int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos); | ||
| 1165 | int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); | ||
| 1166 | X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); | ||
| 1167 | X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); | ||
| 1168 | int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); | ||
| 1169 | void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); | ||
| 1170 | int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, | ||
| 1171 | unsigned long flags); | ||
| 1172 | |||
| 1173 | X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, | ||
| 1174 | int nid, int crit, ASN1_OCTET_STRING *data); | ||
| 1175 | X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, | ||
| 1176 | ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data); | ||
| 1177 | int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj); | ||
| 1178 | int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); | ||
| 1179 | int X509_EXTENSION_set_data(X509_EXTENSION *ex, | ||
| 1180 | ASN1_OCTET_STRING *data); | ||
| 1181 | ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); | ||
| 1182 | ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); | ||
| 1183 | int X509_EXTENSION_get_critical(X509_EXTENSION *ex); | ||
| 1184 | |||
| 1185 | int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); | ||
| 1186 | int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, | ||
| 1187 | int lastpos); | ||
| 1188 | int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, | ||
| 1189 | int lastpos); | ||
| 1190 | X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); | ||
| 1191 | X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); | ||
| 1192 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, | ||
| 1193 | X509_ATTRIBUTE *attr); | ||
| 1194 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, | ||
| 1195 | const ASN1_OBJECT *obj, int type, | ||
| 1196 | const unsigned char *bytes, int len); | ||
| 1197 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, | ||
| 1198 | int nid, int type, | ||
| 1199 | const unsigned char *bytes, int len); | ||
| 1200 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, | ||
| 1201 | const char *attrname, int type, | ||
| 1202 | const unsigned char *bytes, int len); | ||
| 1203 | void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, | ||
| 1204 | ASN1_OBJECT *obj, int lastpos, int type); | ||
| 1205 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, | ||
| 1206 | int atrtype, const void *data, int len); | ||
| 1207 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, | ||
| 1208 | const ASN1_OBJECT *obj, int atrtype, const void *data, int len); | ||
| 1209 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, | ||
| 1210 | const char *atrname, int type, const unsigned char *bytes, int len); | ||
| 1211 | int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); | ||
| 1212 | int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len); | ||
| 1213 | void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, | ||
| 1214 | int atrtype, void *data); | ||
| 1215 | int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); | ||
| 1216 | ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); | ||
| 1217 | ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); | ||
| 1218 | |||
| 1219 | int EVP_PKEY_get_attr_count(const EVP_PKEY *key); | ||
| 1220 | int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, | ||
| 1221 | int lastpos); | ||
| 1222 | int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, | ||
| 1223 | int lastpos); | ||
| 1224 | X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); | ||
| 1225 | X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); | ||
| 1226 | int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); | ||
| 1227 | int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, | ||
| 1228 | const ASN1_OBJECT *obj, int type, | ||
| 1229 | const unsigned char *bytes, int len); | ||
| 1230 | int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, | ||
| 1231 | int nid, int type, | ||
| 1232 | const unsigned char *bytes, int len); | ||
| 1233 | int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, | ||
| 1234 | const char *attrname, int type, | ||
| 1235 | const unsigned char *bytes, int len); | ||
| 1236 | |||
| 1237 | int X509_verify_cert(X509_STORE_CTX *ctx); | ||
| 1238 | |||
| 1239 | /* lookup a cert from a X509 STACK */ | ||
| 1240 | X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, | ||
| 1241 | ASN1_INTEGER *serial); | ||
| 1242 | X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); | ||
| 1243 | |||
| 1244 | DECLARE_ASN1_FUNCTIONS(PBEPARAM) | ||
| 1245 | DECLARE_ASN1_FUNCTIONS(PBE2PARAM) | ||
| 1246 | DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) | ||
| 1247 | |||
| 1248 | X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); | ||
| 1249 | X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | ||
| 1250 | unsigned char *salt, int saltlen); | ||
| 1251 | |||
| 1252 | /* PKCS#8 utilities */ | ||
| 1253 | |||
| 1254 | DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) | ||
| 1255 | |||
| 1256 | EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); | ||
| 1257 | PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); | ||
| 1258 | PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); | ||
| 1259 | PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); | ||
| 1260 | |||
| 1261 | int X509_check_trust(X509 *x, int id, int flags); | ||
| 1262 | int X509_TRUST_get_count(void); | ||
| 1263 | X509_TRUST * X509_TRUST_get0(int idx); | ||
| 1264 | int X509_TRUST_get_by_id(int id); | ||
| 1265 | int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | ||
| 1266 | char *name, int arg1, void *arg2); | ||
| 1267 | void X509_TRUST_cleanup(void); | ||
| 1268 | int X509_TRUST_get_flags(X509_TRUST *xp); | ||
| 1269 | char *X509_TRUST_get0_name(X509_TRUST *xp); | ||
| 1270 | int X509_TRUST_get_trust(X509_TRUST *xp); | ||
| 1271 | |||
| 1272 | /* BEGIN ERROR CODES */ | ||
| 1273 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 1274 | * made after this point may be overwritten when the script is next run. | ||
| 1275 | */ | ||
| 1276 | void ERR_load_X509_strings(void); | ||
| 1277 | |||
| 1278 | /* Error codes for the X509 functions. */ | ||
| 1279 | |||
| 1280 | /* Function codes. */ | ||
| 1281 | #define X509_F_ADD_CERT_DIR 100 | ||
| 1282 | #define X509_F_BY_FILE_CTRL 101 | ||
| 1283 | #define X509_F_CHECK_POLICY 145 | ||
| 1284 | #define X509_F_DIR_CTRL 102 | ||
| 1285 | #define X509_F_GET_CERT_BY_SUBJECT 103 | ||
| 1286 | #define X509_F_NETSCAPE_SPKI_B64_DECODE 129 | ||
| 1287 | #define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 | ||
| 1288 | #define X509_F_X509AT_ADD1_ATTR 135 | ||
| 1289 | #define X509_F_X509V3_ADD_EXT 104 | ||
| 1290 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 | ||
| 1291 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 | ||
| 1292 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 | ||
| 1293 | #define X509_F_X509_ATTRIBUTE_GET0_DATA 139 | ||
| 1294 | #define X509_F_X509_ATTRIBUTE_SET1_DATA 138 | ||
| 1295 | #define X509_F_X509_CHECK_PRIVATE_KEY 128 | ||
| 1296 | #define X509_F_X509_CRL_PRINT_FP 147 | ||
| 1297 | #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 | ||
| 1298 | #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 | ||
| 1299 | #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 | ||
| 1300 | #define X509_F_X509_LOAD_CERT_CRL_FILE 132 | ||
| 1301 | #define X509_F_X509_LOAD_CERT_FILE 111 | ||
| 1302 | #define X509_F_X509_LOAD_CRL_FILE 112 | ||
| 1303 | #define X509_F_X509_NAME_ADD_ENTRY 113 | ||
| 1304 | #define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 | ||
| 1305 | #define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 | ||
| 1306 | #define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 | ||
| 1307 | #define X509_F_X509_NAME_ONELINE 116 | ||
| 1308 | #define X509_F_X509_NAME_PRINT 117 | ||
| 1309 | #define X509_F_X509_PRINT_EX_FP 118 | ||
| 1310 | #define X509_F_X509_PUBKEY_GET 119 | ||
| 1311 | #define X509_F_X509_PUBKEY_SET 120 | ||
| 1312 | #define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 | ||
| 1313 | #define X509_F_X509_REQ_PRINT_EX 121 | ||
| 1314 | #define X509_F_X509_REQ_PRINT_FP 122 | ||
| 1315 | #define X509_F_X509_REQ_TO_X509 123 | ||
| 1316 | #define X509_F_X509_STORE_ADD_CERT 124 | ||
| 1317 | #define X509_F_X509_STORE_ADD_CRL 125 | ||
| 1318 | #define X509_F_X509_STORE_CTX_GET1_ISSUER 146 | ||
| 1319 | #define X509_F_X509_STORE_CTX_INIT 143 | ||
| 1320 | #define X509_F_X509_STORE_CTX_NEW 142 | ||
| 1321 | #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 | ||
| 1322 | #define X509_F_X509_TO_X509_REQ 126 | ||
| 1323 | #define X509_F_X509_TRUST_ADD 133 | ||
| 1324 | #define X509_F_X509_TRUST_SET 141 | ||
| 1325 | #define X509_F_X509_VERIFY_CERT 127 | ||
| 1326 | |||
| 1327 | /* Reason codes. */ | ||
| 1328 | #define X509_R_BAD_X509_FILETYPE 100 | ||
| 1329 | #define X509_R_BASE64_DECODE_ERROR 118 | ||
| 1330 | #define X509_R_CANT_CHECK_DH_KEY 114 | ||
| 1331 | #define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 | ||
| 1332 | #define X509_R_ERR_ASN1_LIB 102 | ||
| 1333 | #define X509_R_INVALID_DIRECTORY 113 | ||
| 1334 | #define X509_R_INVALID_FIELD_NAME 119 | ||
| 1335 | #define X509_R_INVALID_TRUST 123 | ||
| 1336 | #define X509_R_KEY_TYPE_MISMATCH 115 | ||
| 1337 | #define X509_R_KEY_VALUES_MISMATCH 116 | ||
| 1338 | #define X509_R_LOADING_CERT_DIR 103 | ||
| 1339 | #define X509_R_LOADING_DEFAULTS 104 | ||
| 1340 | #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 | ||
| 1341 | #define X509_R_SHOULD_RETRY 106 | ||
| 1342 | #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 | ||
| 1343 | #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 | ||
| 1344 | #define X509_R_UNKNOWN_KEY_TYPE 117 | ||
| 1345 | #define X509_R_UNKNOWN_NID 109 | ||
| 1346 | #define X509_R_UNKNOWN_PURPOSE_ID 121 | ||
| 1347 | #define X509_R_UNKNOWN_TRUST_ID 120 | ||
| 1348 | #define X509_R_UNSUPPORTED_ALGORITHM 111 | ||
| 1349 | #define X509_R_WRONG_LOOKUP_TYPE 112 | ||
| 1350 | #define X509_R_WRONG_TYPE 122 | ||
| 1351 | |||
| 1352 | #ifdef __cplusplus | ||
| 1353 | } | ||
| 1354 | #endif | ||
| 1355 | #endif | ||
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c deleted file mode 100644 index 98460e8921..0000000000 --- a/src/lib/libcrypto/x509/x509_att.c +++ /dev/null | |||
| @@ -1,359 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_att.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <openssl/stack.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/objects.h> | ||
| 64 | #include <openssl/evp.h> | ||
| 65 | #include <openssl/x509.h> | ||
| 66 | #include <openssl/x509v3.h> | ||
| 67 | |||
| 68 | int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) | ||
| 69 | { | ||
| 70 | return sk_X509_ATTRIBUTE_num(x); | ||
| 71 | } | ||
| 72 | |||
| 73 | int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, | ||
| 74 | int lastpos) | ||
| 75 | { | ||
| 76 | ASN1_OBJECT *obj; | ||
| 77 | |||
| 78 | obj=OBJ_nid2obj(nid); | ||
| 79 | if (obj == NULL) return(-2); | ||
| 80 | return(X509at_get_attr_by_OBJ(x,obj,lastpos)); | ||
| 81 | } | ||
| 82 | |||
| 83 | int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, | ||
| 84 | int lastpos) | ||
| 85 | { | ||
| 86 | int n; | ||
| 87 | X509_ATTRIBUTE *ex; | ||
| 88 | |||
| 89 | if (sk == NULL) return(-1); | ||
| 90 | lastpos++; | ||
| 91 | if (lastpos < 0) | ||
| 92 | lastpos=0; | ||
| 93 | n=sk_X509_ATTRIBUTE_num(sk); | ||
| 94 | for ( ; lastpos < n; lastpos++) | ||
| 95 | { | ||
| 96 | ex=sk_X509_ATTRIBUTE_value(sk,lastpos); | ||
| 97 | if (OBJ_cmp(ex->object,obj) == 0) | ||
| 98 | return(lastpos); | ||
| 99 | } | ||
| 100 | return(-1); | ||
| 101 | } | ||
| 102 | |||
| 103 | X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) | ||
| 104 | { | ||
| 105 | if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) | ||
| 106 | return NULL; | ||
| 107 | else | ||
| 108 | return sk_X509_ATTRIBUTE_value(x,loc); | ||
| 109 | } | ||
| 110 | |||
| 111 | X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) | ||
| 112 | { | ||
| 113 | X509_ATTRIBUTE *ret; | ||
| 114 | |||
| 115 | if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) | ||
| 116 | return(NULL); | ||
| 117 | ret=sk_X509_ATTRIBUTE_delete(x,loc); | ||
| 118 | return(ret); | ||
| 119 | } | ||
| 120 | |||
| 121 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, | ||
| 122 | X509_ATTRIBUTE *attr) | ||
| 123 | { | ||
| 124 | X509_ATTRIBUTE *new_attr=NULL; | ||
| 125 | STACK_OF(X509_ATTRIBUTE) *sk=NULL; | ||
| 126 | |||
| 127 | if (x == NULL) | ||
| 128 | { | ||
| 129 | X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER); | ||
| 130 | goto err2; | ||
| 131 | } | ||
| 132 | |||
| 133 | if (*x == NULL) | ||
| 134 | { | ||
| 135 | if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL) | ||
| 136 | goto err; | ||
| 137 | } | ||
| 138 | else | ||
| 139 | sk= *x; | ||
| 140 | |||
| 141 | if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL) | ||
| 142 | goto err2; | ||
| 143 | if (!sk_X509_ATTRIBUTE_push(sk,new_attr)) | ||
| 144 | goto err; | ||
| 145 | if (*x == NULL) | ||
| 146 | *x=sk; | ||
| 147 | return(sk); | ||
| 148 | err: | ||
| 149 | X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE); | ||
| 150 | err2: | ||
| 151 | if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr); | ||
| 152 | if (sk != NULL) sk_X509_ATTRIBUTE_free(sk); | ||
| 153 | return(NULL); | ||
| 154 | } | ||
| 155 | |||
| 156 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, | ||
| 157 | const ASN1_OBJECT *obj, int type, | ||
| 158 | const unsigned char *bytes, int len) | ||
| 159 | { | ||
| 160 | X509_ATTRIBUTE *attr; | ||
| 161 | STACK_OF(X509_ATTRIBUTE) *ret; | ||
| 162 | attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); | ||
| 163 | if(!attr) return 0; | ||
| 164 | ret = X509at_add1_attr(x, attr); | ||
| 165 | X509_ATTRIBUTE_free(attr); | ||
| 166 | return ret; | ||
| 167 | } | ||
| 168 | |||
| 169 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, | ||
| 170 | int nid, int type, | ||
| 171 | const unsigned char *bytes, int len) | ||
| 172 | { | ||
| 173 | X509_ATTRIBUTE *attr; | ||
| 174 | STACK_OF(X509_ATTRIBUTE) *ret; | ||
| 175 | attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); | ||
| 176 | if(!attr) return 0; | ||
| 177 | ret = X509at_add1_attr(x, attr); | ||
| 178 | X509_ATTRIBUTE_free(attr); | ||
| 179 | return ret; | ||
| 180 | } | ||
| 181 | |||
| 182 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, | ||
| 183 | const char *attrname, int type, | ||
| 184 | const unsigned char *bytes, int len) | ||
| 185 | { | ||
| 186 | X509_ATTRIBUTE *attr; | ||
| 187 | STACK_OF(X509_ATTRIBUTE) *ret; | ||
| 188 | attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); | ||
| 189 | if(!attr) return 0; | ||
| 190 | ret = X509at_add1_attr(x, attr); | ||
| 191 | X509_ATTRIBUTE_free(attr); | ||
| 192 | return ret; | ||
| 193 | } | ||
| 194 | |||
| 195 | void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, | ||
| 196 | ASN1_OBJECT *obj, int lastpos, int type) | ||
| 197 | { | ||
| 198 | int i; | ||
| 199 | X509_ATTRIBUTE *at; | ||
| 200 | i = X509at_get_attr_by_OBJ(x, obj, lastpos); | ||
| 201 | if (i == -1) | ||
| 202 | return NULL; | ||
| 203 | if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) | ||
| 204 | return NULL; | ||
| 205 | at = X509at_get_attr(x, i); | ||
| 206 | if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) | ||
| 207 | return NULL; | ||
| 208 | return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); | ||
| 209 | } | ||
| 210 | |||
| 211 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, | ||
| 212 | int atrtype, const void *data, int len) | ||
| 213 | { | ||
| 214 | ASN1_OBJECT *obj; | ||
| 215 | X509_ATTRIBUTE *ret; | ||
| 216 | |||
| 217 | obj=OBJ_nid2obj(nid); | ||
| 218 | if (obj == NULL) | ||
| 219 | { | ||
| 220 | X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID); | ||
| 221 | return(NULL); | ||
| 222 | } | ||
| 223 | ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len); | ||
| 224 | if (ret == NULL) ASN1_OBJECT_free(obj); | ||
| 225 | return(ret); | ||
| 226 | } | ||
| 227 | |||
| 228 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, | ||
| 229 | const ASN1_OBJECT *obj, int atrtype, const void *data, int len) | ||
| 230 | { | ||
| 231 | X509_ATTRIBUTE *ret; | ||
| 232 | |||
| 233 | if ((attr == NULL) || (*attr == NULL)) | ||
| 234 | { | ||
| 235 | if ((ret=X509_ATTRIBUTE_new()) == NULL) | ||
| 236 | { | ||
| 237 | X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE); | ||
| 238 | return(NULL); | ||
| 239 | } | ||
| 240 | } | ||
| 241 | else | ||
| 242 | ret= *attr; | ||
| 243 | |||
| 244 | if (!X509_ATTRIBUTE_set1_object(ret,obj)) | ||
| 245 | goto err; | ||
| 246 | if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len)) | ||
| 247 | goto err; | ||
| 248 | |||
| 249 | if ((attr != NULL) && (*attr == NULL)) *attr=ret; | ||
| 250 | return(ret); | ||
| 251 | err: | ||
| 252 | if ((attr == NULL) || (ret != *attr)) | ||
| 253 | X509_ATTRIBUTE_free(ret); | ||
| 254 | return(NULL); | ||
| 255 | } | ||
| 256 | |||
| 257 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, | ||
| 258 | const char *atrname, int type, const unsigned char *bytes, int len) | ||
| 259 | { | ||
| 260 | ASN1_OBJECT *obj; | ||
| 261 | X509_ATTRIBUTE *nattr; | ||
| 262 | |||
| 263 | obj=OBJ_txt2obj(atrname, 0); | ||
| 264 | if (obj == NULL) | ||
| 265 | { | ||
| 266 | X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, | ||
| 267 | X509_R_INVALID_FIELD_NAME); | ||
| 268 | ERR_add_error_data(2, "name=", atrname); | ||
| 269 | return(NULL); | ||
| 270 | } | ||
| 271 | nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len); | ||
| 272 | ASN1_OBJECT_free(obj); | ||
| 273 | return nattr; | ||
| 274 | } | ||
| 275 | |||
| 276 | int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) | ||
| 277 | { | ||
| 278 | if ((attr == NULL) || (obj == NULL)) | ||
| 279 | return(0); | ||
| 280 | ASN1_OBJECT_free(attr->object); | ||
| 281 | attr->object=OBJ_dup(obj); | ||
| 282 | return(1); | ||
| 283 | } | ||
| 284 | |||
| 285 | int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len) | ||
| 286 | { | ||
| 287 | ASN1_TYPE *ttmp; | ||
| 288 | ASN1_STRING *stmp = NULL; | ||
| 289 | int atype = 0; | ||
| 290 | if (!attr) return 0; | ||
| 291 | if(attrtype & MBSTRING_FLAG) { | ||
| 292 | stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, | ||
| 293 | OBJ_obj2nid(attr->object)); | ||
| 294 | if(!stmp) { | ||
| 295 | X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB); | ||
| 296 | return 0; | ||
| 297 | } | ||
| 298 | atype = stmp->type; | ||
| 299 | } else if (len != -1){ | ||
| 300 | if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err; | ||
| 301 | if(!ASN1_STRING_set(stmp, data, len)) goto err; | ||
| 302 | atype = attrtype; | ||
| 303 | } | ||
| 304 | if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; | ||
| 305 | attr->single = 0; | ||
| 306 | /* This is a bit naughty because the attribute should really have | ||
| 307 | * at least one value but some types use and zero length SET and | ||
| 308 | * require this. | ||
| 309 | */ | ||
| 310 | if (attrtype == 0) | ||
| 311 | return 1; | ||
| 312 | if(!(ttmp = ASN1_TYPE_new())) goto err; | ||
| 313 | if ((len == -1) && !(attrtype & MBSTRING_FLAG)) | ||
| 314 | { | ||
| 315 | if (!ASN1_TYPE_set1(ttmp, attrtype, data)) | ||
| 316 | goto err; | ||
| 317 | } | ||
| 318 | else | ||
| 319 | ASN1_TYPE_set(ttmp, atype, stmp); | ||
| 320 | if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; | ||
| 321 | return 1; | ||
| 322 | err: | ||
| 323 | X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); | ||
| 324 | return 0; | ||
| 325 | } | ||
| 326 | |||
| 327 | int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) | ||
| 328 | { | ||
| 329 | if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set); | ||
| 330 | if(attr->value.single) return 1; | ||
| 331 | return 0; | ||
| 332 | } | ||
| 333 | |||
| 334 | ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) | ||
| 335 | { | ||
| 336 | if (attr == NULL) return(NULL); | ||
| 337 | return(attr->object); | ||
| 338 | } | ||
| 339 | |||
| 340 | void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, | ||
| 341 | int atrtype, void *data) | ||
| 342 | { | ||
| 343 | ASN1_TYPE *ttmp; | ||
| 344 | ttmp = X509_ATTRIBUTE_get0_type(attr, idx); | ||
| 345 | if(!ttmp) return NULL; | ||
| 346 | if(atrtype != ASN1_TYPE_get(ttmp)){ | ||
| 347 | X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); | ||
| 348 | return NULL; | ||
| 349 | } | ||
| 350 | return ttmp->value.ptr; | ||
| 351 | } | ||
| 352 | |||
| 353 | ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) | ||
| 354 | { | ||
| 355 | if (attr == NULL) return(NULL); | ||
| 356 | if(idx >= X509_ATTRIBUTE_count(attr)) return NULL; | ||
| 357 | if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx); | ||
| 358 | else return attr->value.single; | ||
| 359 | } | ||
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c deleted file mode 100644 index 2faf92514a..0000000000 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ /dev/null | |||
| @@ -1,432 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_cmp.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <ctype.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/objects.h> | ||
| 64 | #include <openssl/x509.h> | ||
| 65 | #include <openssl/x509v3.h> | ||
| 66 | |||
| 67 | int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) | ||
| 68 | { | ||
| 69 | int i; | ||
| 70 | X509_CINF *ai,*bi; | ||
| 71 | |||
| 72 | ai=a->cert_info; | ||
| 73 | bi=b->cert_info; | ||
| 74 | i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); | ||
| 75 | if (i) return(i); | ||
| 76 | return(X509_NAME_cmp(ai->issuer,bi->issuer)); | ||
| 77 | } | ||
| 78 | |||
| 79 | #ifndef OPENSSL_NO_MD5 | ||
| 80 | unsigned long X509_issuer_and_serial_hash(X509 *a) | ||
| 81 | { | ||
| 82 | unsigned long ret=0; | ||
| 83 | EVP_MD_CTX ctx; | ||
| 84 | unsigned char md[16]; | ||
| 85 | char *f; | ||
| 86 | |||
| 87 | EVP_MD_CTX_init(&ctx); | ||
| 88 | f=X509_NAME_oneline(a->cert_info->issuer,NULL,0); | ||
| 89 | ret=strlen(f); | ||
| 90 | EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); | ||
| 91 | EVP_DigestUpdate(&ctx,(unsigned char *)f,ret); | ||
| 92 | OPENSSL_free(f); | ||
| 93 | EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, | ||
| 94 | (unsigned long)a->cert_info->serialNumber->length); | ||
| 95 | EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); | ||
| 96 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | ||
| 97 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | ||
| 98 | )&0xffffffffL; | ||
| 99 | EVP_MD_CTX_cleanup(&ctx); | ||
| 100 | return(ret); | ||
| 101 | } | ||
| 102 | #endif | ||
| 103 | |||
| 104 | int X509_issuer_name_cmp(const X509 *a, const X509 *b) | ||
| 105 | { | ||
| 106 | return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); | ||
| 107 | } | ||
| 108 | |||
| 109 | int X509_subject_name_cmp(const X509 *a, const X509 *b) | ||
| 110 | { | ||
| 111 | return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); | ||
| 112 | } | ||
| 113 | |||
| 114 | int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) | ||
| 115 | { | ||
| 116 | return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); | ||
| 117 | } | ||
| 118 | |||
| 119 | X509_NAME *X509_get_issuer_name(X509 *a) | ||
| 120 | { | ||
| 121 | return(a->cert_info->issuer); | ||
| 122 | } | ||
| 123 | |||
| 124 | unsigned long X509_issuer_name_hash(X509 *x) | ||
| 125 | { | ||
| 126 | return(X509_NAME_hash(x->cert_info->issuer)); | ||
| 127 | } | ||
| 128 | |||
| 129 | X509_NAME *X509_get_subject_name(X509 *a) | ||
| 130 | { | ||
| 131 | return(a->cert_info->subject); | ||
| 132 | } | ||
| 133 | |||
| 134 | ASN1_INTEGER *X509_get_serialNumber(X509 *a) | ||
| 135 | { | ||
| 136 | return(a->cert_info->serialNumber); | ||
| 137 | } | ||
| 138 | |||
| 139 | unsigned long X509_subject_name_hash(X509 *x) | ||
| 140 | { | ||
| 141 | return(X509_NAME_hash(x->cert_info->subject)); | ||
| 142 | } | ||
| 143 | |||
| 144 | #ifndef OPENSSL_NO_SHA | ||
| 145 | /* Compare two certificates: they must be identical for | ||
| 146 | * this to work. NB: Although "cmp" operations are generally | ||
| 147 | * prototyped to take "const" arguments (eg. for use in | ||
| 148 | * STACKs), the way X509 handling is - these operations may | ||
| 149 | * involve ensuring the hashes are up-to-date and ensuring | ||
| 150 | * certain cert information is cached. So this is the point | ||
| 151 | * where the "depth-first" constification tree has to halt | ||
| 152 | * with an evil cast. | ||
| 153 | */ | ||
| 154 | int X509_cmp(const X509 *a, const X509 *b) | ||
| 155 | { | ||
| 156 | /* ensure hash is valid */ | ||
| 157 | X509_check_purpose((X509 *)a, -1, 0); | ||
| 158 | X509_check_purpose((X509 *)b, -1, 0); | ||
| 159 | |||
| 160 | return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); | ||
| 161 | } | ||
| 162 | #endif | ||
| 163 | |||
| 164 | |||
| 165 | /* Case insensitive string comparision */ | ||
| 166 | static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) | ||
| 167 | { | ||
| 168 | int i; | ||
| 169 | |||
| 170 | if (a->length != b->length) | ||
| 171 | return (a->length - b->length); | ||
| 172 | |||
| 173 | for (i=0; i<a->length; i++) | ||
| 174 | { | ||
| 175 | int ca, cb; | ||
| 176 | |||
| 177 | ca = tolower(a->data[i]); | ||
| 178 | cb = tolower(b->data[i]); | ||
| 179 | |||
| 180 | if (ca != cb) | ||
| 181 | return(ca-cb); | ||
| 182 | } | ||
| 183 | return 0; | ||
| 184 | } | ||
| 185 | |||
| 186 | /* Case insensitive string comparision with space normalization | ||
| 187 | * Space normalization - ignore leading, trailing spaces, | ||
| 188 | * multiple spaces between characters are replaced by single space | ||
| 189 | */ | ||
| 190 | static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) | ||
| 191 | { | ||
| 192 | unsigned char *pa = NULL, *pb = NULL; | ||
| 193 | int la, lb; | ||
| 194 | |||
| 195 | la = a->length; | ||
| 196 | lb = b->length; | ||
| 197 | pa = a->data; | ||
| 198 | pb = b->data; | ||
| 199 | |||
| 200 | /* skip leading spaces */ | ||
| 201 | while (la > 0 && isspace(*pa)) | ||
| 202 | { | ||
| 203 | la--; | ||
| 204 | pa++; | ||
| 205 | } | ||
| 206 | while (lb > 0 && isspace(*pb)) | ||
| 207 | { | ||
| 208 | lb--; | ||
| 209 | pb++; | ||
| 210 | } | ||
| 211 | |||
| 212 | /* skip trailing spaces */ | ||
| 213 | while (la > 0 && isspace(pa[la-1])) | ||
| 214 | la--; | ||
| 215 | while (lb > 0 && isspace(pb[lb-1])) | ||
| 216 | lb--; | ||
| 217 | |||
| 218 | /* compare strings with space normalization */ | ||
| 219 | while (la > 0 && lb > 0) | ||
| 220 | { | ||
| 221 | int ca, cb; | ||
| 222 | |||
| 223 | /* compare character */ | ||
| 224 | ca = tolower(*pa); | ||
| 225 | cb = tolower(*pb); | ||
| 226 | if (ca != cb) | ||
| 227 | return (ca - cb); | ||
| 228 | |||
| 229 | pa++; pb++; | ||
| 230 | la--; lb--; | ||
| 231 | |||
| 232 | if (la <= 0 || lb <= 0) | ||
| 233 | break; | ||
| 234 | |||
| 235 | /* is white space next character ? */ | ||
| 236 | if (isspace(*pa) && isspace(*pb)) | ||
| 237 | { | ||
| 238 | /* skip remaining white spaces */ | ||
| 239 | while (la > 0 && isspace(*pa)) | ||
| 240 | { | ||
| 241 | la--; | ||
| 242 | pa++; | ||
| 243 | } | ||
| 244 | while (lb > 0 && isspace(*pb)) | ||
| 245 | { | ||
| 246 | lb--; | ||
| 247 | pb++; | ||
| 248 | } | ||
| 249 | } | ||
| 250 | } | ||
| 251 | if (la > 0 || lb > 0) | ||
| 252 | return la - lb; | ||
| 253 | |||
| 254 | return 0; | ||
| 255 | } | ||
| 256 | |||
| 257 | static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b) | ||
| 258 | { | ||
| 259 | int j; | ||
| 260 | j = a->length - b->length; | ||
| 261 | if (j) | ||
| 262 | return j; | ||
| 263 | return memcmp(a->data, b->data, a->length); | ||
| 264 | } | ||
| 265 | |||
| 266 | #define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING) | ||
| 267 | |||
| 268 | int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) | ||
| 269 | { | ||
| 270 | int i,j; | ||
| 271 | X509_NAME_ENTRY *na,*nb; | ||
| 272 | |||
| 273 | unsigned long nabit, nbbit; | ||
| 274 | |||
| 275 | j = sk_X509_NAME_ENTRY_num(a->entries) | ||
| 276 | - sk_X509_NAME_ENTRY_num(b->entries); | ||
| 277 | if (j) | ||
| 278 | return j; | ||
| 279 | for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) | ||
| 280 | { | ||
| 281 | na=sk_X509_NAME_ENTRY_value(a->entries,i); | ||
| 282 | nb=sk_X509_NAME_ENTRY_value(b->entries,i); | ||
| 283 | j=na->value->type-nb->value->type; | ||
| 284 | if (j) | ||
| 285 | { | ||
| 286 | nabit = ASN1_tag2bit(na->value->type); | ||
| 287 | nbbit = ASN1_tag2bit(nb->value->type); | ||
| 288 | if (!(nabit & STR_TYPE_CMP) || | ||
| 289 | !(nbbit & STR_TYPE_CMP)) | ||
| 290 | return j; | ||
| 291 | if (!asn1_string_memcmp(na->value, nb->value)) | ||
| 292 | j = 0; | ||
| 293 | } | ||
| 294 | else if (na->value->type == V_ASN1_PRINTABLESTRING) | ||
| 295 | j=nocase_spacenorm_cmp(na->value, nb->value); | ||
| 296 | else if (na->value->type == V_ASN1_IA5STRING | ||
| 297 | && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) | ||
| 298 | j=nocase_cmp(na->value, nb->value); | ||
| 299 | else | ||
| 300 | j = asn1_string_memcmp(na->value, nb->value); | ||
| 301 | if (j) return(j); | ||
| 302 | j=na->set-nb->set; | ||
| 303 | if (j) return(j); | ||
| 304 | } | ||
| 305 | |||
| 306 | /* We will check the object types after checking the values | ||
| 307 | * since the values will more often be different than the object | ||
| 308 | * types. */ | ||
| 309 | for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) | ||
| 310 | { | ||
| 311 | na=sk_X509_NAME_ENTRY_value(a->entries,i); | ||
| 312 | nb=sk_X509_NAME_ENTRY_value(b->entries,i); | ||
| 313 | j=OBJ_cmp(na->object,nb->object); | ||
| 314 | if (j) return(j); | ||
| 315 | } | ||
| 316 | return(0); | ||
| 317 | } | ||
| 318 | |||
| 319 | #ifndef OPENSSL_NO_MD5 | ||
| 320 | /* I now DER encode the name and hash it. Since I cache the DER encoding, | ||
| 321 | * this is reasonably efficient. */ | ||
| 322 | unsigned long X509_NAME_hash(X509_NAME *x) | ||
| 323 | { | ||
| 324 | unsigned long ret=0; | ||
| 325 | unsigned char md[16]; | ||
| 326 | EVP_MD_CTX md_ctx; | ||
| 327 | |||
| 328 | /* Make sure X509_NAME structure contains valid cached encoding */ | ||
| 329 | i2d_X509_NAME(x,NULL); | ||
| 330 | EVP_MD_CTX_init(&md_ctx); | ||
| 331 | EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 332 | EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); | ||
| 333 | EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); | ||
| 334 | EVP_DigestFinal_ex(&md_ctx,md,NULL); | ||
| 335 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 336 | |||
| 337 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | ||
| 338 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | ||
| 339 | )&0xffffffffL; | ||
| 340 | return(ret); | ||
| 341 | } | ||
| 342 | #endif | ||
| 343 | |||
| 344 | /* Search a stack of X509 for a match */ | ||
| 345 | X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, | ||
| 346 | ASN1_INTEGER *serial) | ||
| 347 | { | ||
| 348 | int i; | ||
| 349 | X509_CINF cinf; | ||
| 350 | X509 x,*x509=NULL; | ||
| 351 | |||
| 352 | if(!sk) return NULL; | ||
| 353 | |||
| 354 | x.cert_info= &cinf; | ||
| 355 | cinf.serialNumber=serial; | ||
| 356 | cinf.issuer=name; | ||
| 357 | |||
| 358 | for (i=0; i<sk_X509_num(sk); i++) | ||
| 359 | { | ||
| 360 | x509=sk_X509_value(sk,i); | ||
| 361 | if (X509_issuer_and_serial_cmp(x509,&x) == 0) | ||
| 362 | return(x509); | ||
| 363 | } | ||
| 364 | return(NULL); | ||
| 365 | } | ||
| 366 | |||
| 367 | X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) | ||
| 368 | { | ||
| 369 | X509 *x509; | ||
| 370 | int i; | ||
| 371 | |||
| 372 | for (i=0; i<sk_X509_num(sk); i++) | ||
| 373 | { | ||
| 374 | x509=sk_X509_value(sk,i); | ||
| 375 | if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0) | ||
| 376 | return(x509); | ||
| 377 | } | ||
| 378 | return(NULL); | ||
| 379 | } | ||
| 380 | |||
| 381 | EVP_PKEY *X509_get_pubkey(X509 *x) | ||
| 382 | { | ||
| 383 | if ((x == NULL) || (x->cert_info == NULL)) | ||
| 384 | return(NULL); | ||
| 385 | return(X509_PUBKEY_get(x->cert_info->key)); | ||
| 386 | } | ||
| 387 | |||
| 388 | ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) | ||
| 389 | { | ||
| 390 | if(!x) return NULL; | ||
| 391 | return x->cert_info->key->public_key; | ||
| 392 | } | ||
| 393 | |||
| 394 | int X509_check_private_key(X509 *x, EVP_PKEY *k) | ||
| 395 | { | ||
| 396 | EVP_PKEY *xk=NULL; | ||
| 397 | int ok=0; | ||
| 398 | |||
| 399 | xk=X509_get_pubkey(x); | ||
| 400 | switch (EVP_PKEY_cmp(xk, k)) | ||
| 401 | { | ||
| 402 | case 1: | ||
| 403 | ok=1; | ||
| 404 | break; | ||
| 405 | case 0: | ||
| 406 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 407 | break; | ||
| 408 | case -1: | ||
| 409 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); | ||
| 410 | break; | ||
| 411 | case -2: | ||
| 412 | #ifndef OPENSSL_NO_EC | ||
| 413 | if (k->type == EVP_PKEY_EC) | ||
| 414 | { | ||
| 415 | X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); | ||
| 416 | break; | ||
| 417 | } | ||
| 418 | #endif | ||
| 419 | #ifndef OPENSSL_NO_DH | ||
| 420 | if (k->type == EVP_PKEY_DH) | ||
| 421 | { | ||
| 422 | /* No idea */ | ||
| 423 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); | ||
| 424 | break; | ||
| 425 | } | ||
| 426 | #endif | ||
| 427 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); | ||
| 428 | } | ||
| 429 | |||
| 430 | EVP_PKEY_free(xk); | ||
| 431 | return(ok); | ||
| 432 | } | ||
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c deleted file mode 100644 index 51410cfd1a..0000000000 --- a/src/lib/libcrypto/x509/x509_d2.c +++ /dev/null | |||
| @@ -1,107 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_d2.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/crypto.h> | ||
| 62 | #include <openssl/x509.h> | ||
| 63 | |||
| 64 | #ifndef OPENSSL_NO_STDIO | ||
| 65 | int X509_STORE_set_default_paths(X509_STORE *ctx) | ||
| 66 | { | ||
| 67 | X509_LOOKUP *lookup; | ||
| 68 | |||
| 69 | lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); | ||
| 70 | if (lookup == NULL) return(0); | ||
| 71 | X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); | ||
| 72 | |||
| 73 | lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); | ||
| 74 | if (lookup == NULL) return(0); | ||
| 75 | X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); | ||
| 76 | |||
| 77 | /* clear any errors */ | ||
| 78 | ERR_clear_error(); | ||
| 79 | |||
| 80 | return(1); | ||
| 81 | } | ||
| 82 | |||
| 83 | int X509_STORE_load_locations(X509_STORE *ctx, const char *file, | ||
| 84 | const char *path) | ||
| 85 | { | ||
| 86 | X509_LOOKUP *lookup; | ||
| 87 | |||
| 88 | if (file != NULL) | ||
| 89 | { | ||
| 90 | lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); | ||
| 91 | if (lookup == NULL) return(0); | ||
| 92 | if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1) | ||
| 93 | return(0); | ||
| 94 | } | ||
| 95 | if (path != NULL) | ||
| 96 | { | ||
| 97 | lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); | ||
| 98 | if (lookup == NULL) return(0); | ||
| 99 | if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1) | ||
| 100 | return(0); | ||
| 101 | } | ||
| 102 | if ((path == NULL) && (file == NULL)) | ||
| 103 | return(0); | ||
| 104 | return(1); | ||
| 105 | } | ||
| 106 | |||
| 107 | #endif | ||
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c deleted file mode 100644 index e0ac151a76..0000000000 --- a/src/lib/libcrypto/x509/x509_def.c +++ /dev/null | |||
| @@ -1,81 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_def.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/crypto.h> | ||
| 62 | #include <openssl/x509.h> | ||
| 63 | |||
| 64 | const char *X509_get_default_private_dir(void) | ||
| 65 | { return(X509_PRIVATE_DIR); } | ||
| 66 | |||
| 67 | const char *X509_get_default_cert_area(void) | ||
| 68 | { return(X509_CERT_AREA); } | ||
| 69 | |||
| 70 | const char *X509_get_default_cert_dir(void) | ||
| 71 | { return(X509_CERT_DIR); } | ||
| 72 | |||
| 73 | const char *X509_get_default_cert_file(void) | ||
| 74 | { return(X509_CERT_FILE); } | ||
| 75 | |||
| 76 | const char *X509_get_default_cert_dir_env(void) | ||
| 77 | { return(X509_CERT_DIR_EVP); } | ||
| 78 | |||
| 79 | const char *X509_get_default_cert_file_env(void) | ||
| 80 | { return(X509_CERT_FILE_EVP); } | ||
| 81 | |||
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c deleted file mode 100644 index fb377292da..0000000000 --- a/src/lib/libcrypto/x509/x509_err.c +++ /dev/null | |||
| @@ -1,161 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_err.c */ | ||
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@OpenSSL.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 61 | #include <stdio.h> | ||
| 62 | #include <openssl/err.h> | ||
| 63 | #include <openssl/x509.h> | ||
| 64 | |||
| 65 | /* BEGIN ERROR CODES */ | ||
| 66 | #ifndef OPENSSL_NO_ERR | ||
| 67 | |||
| 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) | ||
| 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) | ||
| 70 | |||
| 71 | static ERR_STRING_DATA X509_str_functs[]= | ||
| 72 | { | ||
| 73 | {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, | ||
| 74 | {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, | ||
| 75 | {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, | ||
| 76 | {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, | ||
| 77 | {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, | ||
| 78 | {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, | ||
| 79 | {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, | ||
| 80 | {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, | ||
| 81 | {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, | ||
| 82 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, | ||
| 83 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, | ||
| 84 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, | ||
| 85 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, | ||
| 86 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, | ||
| 87 | {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, | ||
| 88 | {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, | ||
| 89 | {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, | ||
| 90 | {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, | ||
| 91 | {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, | ||
| 92 | {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, | ||
| 93 | {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, | ||
| 94 | {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, | ||
| 95 | {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, | ||
| 96 | {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, | ||
| 97 | {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"}, | ||
| 98 | {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, | ||
| 99 | {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, | ||
| 100 | {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, | ||
| 101 | {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, | ||
| 102 | {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, | ||
| 103 | {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, | ||
| 104 | {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, | ||
| 105 | {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, | ||
| 106 | {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, | ||
| 107 | {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, | ||
| 108 | {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, | ||
| 109 | {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, | ||
| 110 | {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, | ||
| 111 | {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, | ||
| 112 | {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, | ||
| 113 | {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, | ||
| 114 | {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, | ||
| 115 | {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, | ||
| 116 | {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, | ||
| 117 | {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, | ||
| 118 | {0,NULL} | ||
| 119 | }; | ||
| 120 | |||
| 121 | static ERR_STRING_DATA X509_str_reasons[]= | ||
| 122 | { | ||
| 123 | {ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"}, | ||
| 124 | {ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"}, | ||
| 125 | {ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"}, | ||
| 126 | {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"}, | ||
| 127 | {ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"}, | ||
| 128 | {ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"}, | ||
| 129 | {ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"}, | ||
| 130 | {ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"}, | ||
| 131 | {ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"}, | ||
| 132 | {ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, | ||
| 133 | {ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, | ||
| 134 | {ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, | ||
| 135 | {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, | ||
| 136 | {ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, | ||
| 137 | {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"}, | ||
| 138 | {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"}, | ||
| 139 | {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"}, | ||
| 140 | {ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"}, | ||
| 141 | {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"}, | ||
| 142 | {ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"}, | ||
| 143 | {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"}, | ||
| 144 | {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"}, | ||
| 145 | {ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"}, | ||
| 146 | {0,NULL} | ||
| 147 | }; | ||
| 148 | |||
| 149 | #endif | ||
| 150 | |||
| 151 | void ERR_load_X509_strings(void) | ||
| 152 | { | ||
| 153 | #ifndef OPENSSL_NO_ERR | ||
| 154 | |||
| 155 | if (ERR_func_error_string(X509_str_functs[0].error) == NULL) | ||
| 156 | { | ||
| 157 | ERR_load_strings(0,X509_str_functs); | ||
| 158 | ERR_load_strings(0,X509_str_reasons); | ||
| 159 | } | ||
| 160 | #endif | ||
| 161 | } | ||
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c deleted file mode 100644 index e7fdacb5e4..0000000000 --- a/src/lib/libcrypto/x509/x509_ext.c +++ /dev/null | |||
| @@ -1,210 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_ext.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <openssl/stack.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/objects.h> | ||
| 64 | #include <openssl/evp.h> | ||
| 65 | #include <openssl/x509.h> | ||
| 66 | #include <openssl/x509v3.h> | ||
| 67 | |||
| 68 | |||
| 69 | int X509_CRL_get_ext_count(X509_CRL *x) | ||
| 70 | { | ||
| 71 | return(X509v3_get_ext_count(x->crl->extensions)); | ||
| 72 | } | ||
| 73 | |||
| 74 | int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) | ||
| 75 | { | ||
| 76 | return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); | ||
| 77 | } | ||
| 78 | |||
| 79 | int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) | ||
| 80 | { | ||
| 81 | return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); | ||
| 82 | } | ||
| 83 | |||
| 84 | int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) | ||
| 85 | { | ||
| 86 | return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); | ||
| 87 | } | ||
| 88 | |||
| 89 | X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) | ||
| 90 | { | ||
| 91 | return(X509v3_get_ext(x->crl->extensions,loc)); | ||
| 92 | } | ||
| 93 | |||
| 94 | X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) | ||
| 95 | { | ||
| 96 | return(X509v3_delete_ext(x->crl->extensions,loc)); | ||
| 97 | } | ||
| 98 | |||
| 99 | void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) | ||
| 100 | { | ||
| 101 | return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); | ||
| 102 | } | ||
| 103 | |||
| 104 | int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, | ||
| 105 | unsigned long flags) | ||
| 106 | { | ||
| 107 | return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); | ||
| 108 | } | ||
| 109 | |||
| 110 | int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) | ||
| 111 | { | ||
| 112 | return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); | ||
| 113 | } | ||
| 114 | |||
| 115 | int X509_get_ext_count(X509 *x) | ||
| 116 | { | ||
| 117 | return(X509v3_get_ext_count(x->cert_info->extensions)); | ||
| 118 | } | ||
| 119 | |||
| 120 | int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) | ||
| 121 | { | ||
| 122 | return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); | ||
| 123 | } | ||
| 124 | |||
| 125 | int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) | ||
| 126 | { | ||
| 127 | return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); | ||
| 128 | } | ||
| 129 | |||
| 130 | int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) | ||
| 131 | { | ||
| 132 | return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); | ||
| 133 | } | ||
| 134 | |||
| 135 | X509_EXTENSION *X509_get_ext(X509 *x, int loc) | ||
| 136 | { | ||
| 137 | return(X509v3_get_ext(x->cert_info->extensions,loc)); | ||
| 138 | } | ||
| 139 | |||
| 140 | X509_EXTENSION *X509_delete_ext(X509 *x, int loc) | ||
| 141 | { | ||
| 142 | return(X509v3_delete_ext(x->cert_info->extensions,loc)); | ||
| 143 | } | ||
| 144 | |||
| 145 | int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) | ||
| 146 | { | ||
| 147 | return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); | ||
| 148 | } | ||
| 149 | |||
| 150 | void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) | ||
| 151 | { | ||
| 152 | return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); | ||
| 153 | } | ||
| 154 | |||
| 155 | int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, | ||
| 156 | unsigned long flags) | ||
| 157 | { | ||
| 158 | return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, | ||
| 159 | flags); | ||
| 160 | } | ||
| 161 | |||
| 162 | int X509_REVOKED_get_ext_count(X509_REVOKED *x) | ||
| 163 | { | ||
| 164 | return(X509v3_get_ext_count(x->extensions)); | ||
| 165 | } | ||
| 166 | |||
| 167 | int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) | ||
| 168 | { | ||
| 169 | return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); | ||
| 170 | } | ||
| 171 | |||
| 172 | int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, | ||
| 173 | int lastpos) | ||
| 174 | { | ||
| 175 | return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); | ||
| 176 | } | ||
| 177 | |||
| 178 | int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) | ||
| 179 | { | ||
| 180 | return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); | ||
| 181 | } | ||
| 182 | |||
| 183 | X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) | ||
| 184 | { | ||
| 185 | return(X509v3_get_ext(x->extensions,loc)); | ||
| 186 | } | ||
| 187 | |||
| 188 | X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) | ||
| 189 | { | ||
| 190 | return(X509v3_delete_ext(x->extensions,loc)); | ||
| 191 | } | ||
| 192 | |||
| 193 | int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) | ||
| 194 | { | ||
| 195 | return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); | ||
| 196 | } | ||
| 197 | |||
| 198 | void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) | ||
| 199 | { | ||
| 200 | return X509V3_get_d2i(x->extensions, nid, crit, idx); | ||
| 201 | } | ||
| 202 | |||
| 203 | int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, | ||
| 204 | unsigned long flags) | ||
| 205 | { | ||
| 206 | return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); | ||
| 207 | } | ||
| 208 | |||
| 209 | IMPLEMENT_STACK_OF(X509_EXTENSION) | ||
| 210 | IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) | ||
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c deleted file mode 100644 index cd2cfb6d85..0000000000 --- a/src/lib/libcrypto/x509/x509_lu.c +++ /dev/null | |||
| @@ -1,567 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_lu.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/lhash.h> | ||
| 62 | #include <openssl/x509.h> | ||
| 63 | #include <openssl/x509v3.h> | ||
| 64 | |||
| 65 | X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) | ||
| 66 | { | ||
| 67 | X509_LOOKUP *ret; | ||
| 68 | |||
| 69 | ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP)); | ||
| 70 | if (ret == NULL) return NULL; | ||
| 71 | |||
| 72 | ret->init=0; | ||
| 73 | ret->skip=0; | ||
| 74 | ret->method=method; | ||
| 75 | ret->method_data=NULL; | ||
| 76 | ret->store_ctx=NULL; | ||
| 77 | if ((method->new_item != NULL) && !method->new_item(ret)) | ||
| 78 | { | ||
| 79 | OPENSSL_free(ret); | ||
| 80 | return NULL; | ||
| 81 | } | ||
| 82 | return ret; | ||
| 83 | } | ||
| 84 | |||
| 85 | void X509_LOOKUP_free(X509_LOOKUP *ctx) | ||
| 86 | { | ||
| 87 | if (ctx == NULL) return; | ||
| 88 | if ( (ctx->method != NULL) && | ||
| 89 | (ctx->method->free != NULL)) | ||
| 90 | ctx->method->free(ctx); | ||
| 91 | OPENSSL_free(ctx); | ||
| 92 | } | ||
| 93 | |||
| 94 | int X509_LOOKUP_init(X509_LOOKUP *ctx) | ||
| 95 | { | ||
| 96 | if (ctx->method == NULL) return 0; | ||
| 97 | if (ctx->method->init != NULL) | ||
| 98 | return ctx->method->init(ctx); | ||
| 99 | else | ||
| 100 | return 1; | ||
| 101 | } | ||
| 102 | |||
| 103 | int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) | ||
| 104 | { | ||
| 105 | if (ctx->method == NULL) return 0; | ||
| 106 | if (ctx->method->shutdown != NULL) | ||
| 107 | return ctx->method->shutdown(ctx); | ||
| 108 | else | ||
| 109 | return 1; | ||
| 110 | } | ||
| 111 | |||
| 112 | int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, | ||
| 113 | char **ret) | ||
| 114 | { | ||
| 115 | if (ctx->method == NULL) return -1; | ||
| 116 | if (ctx->method->ctrl != NULL) | ||
| 117 | return ctx->method->ctrl(ctx,cmd,argc,argl,ret); | ||
| 118 | else | ||
| 119 | return 1; | ||
| 120 | } | ||
| 121 | |||
| 122 | int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, | ||
| 123 | X509_OBJECT *ret) | ||
| 124 | { | ||
| 125 | if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) | ||
| 126 | return X509_LU_FAIL; | ||
| 127 | if (ctx->skip) return 0; | ||
| 128 | return ctx->method->get_by_subject(ctx,type,name,ret); | ||
| 129 | } | ||
| 130 | |||
| 131 | int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, | ||
| 132 | ASN1_INTEGER *serial, X509_OBJECT *ret) | ||
| 133 | { | ||
| 134 | if ((ctx->method == NULL) || | ||
| 135 | (ctx->method->get_by_issuer_serial == NULL)) | ||
| 136 | return X509_LU_FAIL; | ||
| 137 | return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); | ||
| 138 | } | ||
| 139 | |||
| 140 | int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, | ||
| 141 | unsigned char *bytes, int len, X509_OBJECT *ret) | ||
| 142 | { | ||
| 143 | if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) | ||
| 144 | return X509_LU_FAIL; | ||
| 145 | return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); | ||
| 146 | } | ||
| 147 | |||
| 148 | int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, | ||
| 149 | X509_OBJECT *ret) | ||
| 150 | { | ||
| 151 | if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) | ||
| 152 | return X509_LU_FAIL; | ||
| 153 | return ctx->method->get_by_alias(ctx,type,str,len,ret); | ||
| 154 | } | ||
| 155 | |||
| 156 | |||
| 157 | static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) | ||
| 158 | { | ||
| 159 | int ret; | ||
| 160 | |||
| 161 | ret=((*a)->type - (*b)->type); | ||
| 162 | if (ret) return ret; | ||
| 163 | switch ((*a)->type) | ||
| 164 | { | ||
| 165 | case X509_LU_X509: | ||
| 166 | ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); | ||
| 167 | break; | ||
| 168 | case X509_LU_CRL: | ||
| 169 | ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); | ||
| 170 | break; | ||
| 171 | default: | ||
| 172 | /* abort(); */ | ||
| 173 | return 0; | ||
| 174 | } | ||
| 175 | return ret; | ||
| 176 | } | ||
| 177 | |||
| 178 | X509_STORE *X509_STORE_new(void) | ||
| 179 | { | ||
| 180 | X509_STORE *ret; | ||
| 181 | |||
| 182 | if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) | ||
| 183 | return NULL; | ||
| 184 | ret->objs = sk_X509_OBJECT_new(x509_object_cmp); | ||
| 185 | ret->cache=1; | ||
| 186 | ret->get_cert_methods=sk_X509_LOOKUP_new_null(); | ||
| 187 | ret->verify=0; | ||
| 188 | ret->verify_cb=0; | ||
| 189 | |||
| 190 | if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) | ||
| 191 | return NULL; | ||
| 192 | |||
| 193 | ret->get_issuer = 0; | ||
| 194 | ret->check_issued = 0; | ||
| 195 | ret->check_revocation = 0; | ||
| 196 | ret->get_crl = 0; | ||
| 197 | ret->check_crl = 0; | ||
| 198 | ret->cert_crl = 0; | ||
| 199 | ret->cleanup = 0; | ||
| 200 | |||
| 201 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data); | ||
| 202 | ret->references=1; | ||
| 203 | return ret; | ||
| 204 | } | ||
| 205 | |||
| 206 | static void cleanup(X509_OBJECT *a) | ||
| 207 | { | ||
| 208 | if (a->type == X509_LU_X509) | ||
| 209 | { | ||
| 210 | X509_free(a->data.x509); | ||
| 211 | } | ||
| 212 | else if (a->type == X509_LU_CRL) | ||
| 213 | { | ||
| 214 | X509_CRL_free(a->data.crl); | ||
| 215 | } | ||
| 216 | else | ||
| 217 | { | ||
| 218 | /* abort(); */ | ||
| 219 | } | ||
| 220 | |||
| 221 | OPENSSL_free(a); | ||
| 222 | } | ||
| 223 | |||
| 224 | void X509_STORE_free(X509_STORE *vfy) | ||
| 225 | { | ||
| 226 | int i; | ||
| 227 | STACK_OF(X509_LOOKUP) *sk; | ||
| 228 | X509_LOOKUP *lu; | ||
| 229 | |||
| 230 | if (vfy == NULL) | ||
| 231 | return; | ||
| 232 | |||
| 233 | sk=vfy->get_cert_methods; | ||
| 234 | for (i=0; i<sk_X509_LOOKUP_num(sk); i++) | ||
| 235 | { | ||
| 236 | lu=sk_X509_LOOKUP_value(sk,i); | ||
| 237 | X509_LOOKUP_shutdown(lu); | ||
| 238 | X509_LOOKUP_free(lu); | ||
| 239 | } | ||
| 240 | sk_X509_LOOKUP_free(sk); | ||
| 241 | sk_X509_OBJECT_pop_free(vfy->objs, cleanup); | ||
| 242 | |||
| 243 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); | ||
| 244 | if (vfy->param) | ||
| 245 | X509_VERIFY_PARAM_free(vfy->param); | ||
| 246 | OPENSSL_free(vfy); | ||
| 247 | } | ||
| 248 | |||
| 249 | X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) | ||
| 250 | { | ||
| 251 | int i; | ||
| 252 | STACK_OF(X509_LOOKUP) *sk; | ||
| 253 | X509_LOOKUP *lu; | ||
| 254 | |||
| 255 | sk=v->get_cert_methods; | ||
| 256 | for (i=0; i<sk_X509_LOOKUP_num(sk); i++) | ||
| 257 | { | ||
| 258 | lu=sk_X509_LOOKUP_value(sk,i); | ||
| 259 | if (m == lu->method) | ||
| 260 | { | ||
| 261 | return lu; | ||
| 262 | } | ||
| 263 | } | ||
| 264 | /* a new one */ | ||
| 265 | lu=X509_LOOKUP_new(m); | ||
| 266 | if (lu == NULL) | ||
| 267 | return NULL; | ||
| 268 | else | ||
| 269 | { | ||
| 270 | lu->store_ctx=v; | ||
| 271 | if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) | ||
| 272 | return lu; | ||
| 273 | else | ||
| 274 | { | ||
| 275 | X509_LOOKUP_free(lu); | ||
| 276 | return NULL; | ||
| 277 | } | ||
| 278 | } | ||
| 279 | } | ||
| 280 | |||
| 281 | int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, | ||
| 282 | X509_OBJECT *ret) | ||
| 283 | { | ||
| 284 | X509_STORE *ctx=vs->ctx; | ||
| 285 | X509_LOOKUP *lu; | ||
| 286 | X509_OBJECT stmp,*tmp; | ||
| 287 | int i,j; | ||
| 288 | |||
| 289 | tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); | ||
| 290 | |||
| 291 | if (tmp == NULL) | ||
| 292 | { | ||
| 293 | for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) | ||
| 294 | { | ||
| 295 | lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); | ||
| 296 | j=X509_LOOKUP_by_subject(lu,type,name,&stmp); | ||
| 297 | if (j < 0) | ||
| 298 | { | ||
| 299 | vs->current_method=j; | ||
| 300 | return j; | ||
| 301 | } | ||
| 302 | else if (j) | ||
| 303 | { | ||
| 304 | tmp= &stmp; | ||
| 305 | break; | ||
| 306 | } | ||
| 307 | } | ||
| 308 | vs->current_method=0; | ||
| 309 | if (tmp == NULL) | ||
| 310 | return 0; | ||
| 311 | } | ||
| 312 | |||
| 313 | /* if (ret->data.ptr != NULL) | ||
| 314 | X509_OBJECT_free_contents(ret); */ | ||
| 315 | |||
| 316 | ret->type=tmp->type; | ||
| 317 | ret->data.ptr=tmp->data.ptr; | ||
| 318 | |||
| 319 | X509_OBJECT_up_ref_count(ret); | ||
| 320 | |||
| 321 | return 1; | ||
| 322 | } | ||
| 323 | |||
| 324 | int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) | ||
| 325 | { | ||
| 326 | X509_OBJECT *obj; | ||
| 327 | int ret=1; | ||
| 328 | |||
| 329 | if (x == NULL) return 0; | ||
| 330 | obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); | ||
| 331 | if (obj == NULL) | ||
| 332 | { | ||
| 333 | X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); | ||
| 334 | return 0; | ||
| 335 | } | ||
| 336 | obj->type=X509_LU_X509; | ||
| 337 | obj->data.x509=x; | ||
| 338 | |||
| 339 | CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); | ||
| 340 | |||
| 341 | X509_OBJECT_up_ref_count(obj); | ||
| 342 | |||
| 343 | |||
| 344 | if (X509_OBJECT_retrieve_match(ctx->objs, obj)) | ||
| 345 | { | ||
| 346 | X509_OBJECT_free_contents(obj); | ||
| 347 | OPENSSL_free(obj); | ||
| 348 | X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); | ||
| 349 | ret=0; | ||
| 350 | } | ||
| 351 | else sk_X509_OBJECT_push(ctx->objs, obj); | ||
| 352 | |||
| 353 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); | ||
| 354 | |||
| 355 | return ret; | ||
| 356 | } | ||
| 357 | |||
| 358 | int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) | ||
| 359 | { | ||
| 360 | X509_OBJECT *obj; | ||
| 361 | int ret=1; | ||
| 362 | |||
| 363 | if (x == NULL) return 0; | ||
| 364 | obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); | ||
| 365 | if (obj == NULL) | ||
| 366 | { | ||
| 367 | X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); | ||
| 368 | return 0; | ||
| 369 | } | ||
| 370 | obj->type=X509_LU_CRL; | ||
| 371 | obj->data.crl=x; | ||
| 372 | |||
| 373 | CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); | ||
| 374 | |||
| 375 | X509_OBJECT_up_ref_count(obj); | ||
| 376 | |||
| 377 | if (X509_OBJECT_retrieve_match(ctx->objs, obj)) | ||
| 378 | { | ||
| 379 | X509_OBJECT_free_contents(obj); | ||
| 380 | OPENSSL_free(obj); | ||
| 381 | X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); | ||
| 382 | ret=0; | ||
| 383 | } | ||
| 384 | else sk_X509_OBJECT_push(ctx->objs, obj); | ||
| 385 | |||
| 386 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); | ||
| 387 | |||
| 388 | return ret; | ||
| 389 | } | ||
| 390 | |||
| 391 | void X509_OBJECT_up_ref_count(X509_OBJECT *a) | ||
| 392 | { | ||
| 393 | switch (a->type) | ||
| 394 | { | ||
| 395 | case X509_LU_X509: | ||
| 396 | CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509); | ||
| 397 | break; | ||
| 398 | case X509_LU_CRL: | ||
| 399 | CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); | ||
| 400 | break; | ||
| 401 | } | ||
| 402 | } | ||
| 403 | |||
| 404 | void X509_OBJECT_free_contents(X509_OBJECT *a) | ||
| 405 | { | ||
| 406 | switch (a->type) | ||
| 407 | { | ||
| 408 | case X509_LU_X509: | ||
| 409 | X509_free(a->data.x509); | ||
| 410 | break; | ||
| 411 | case X509_LU_CRL: | ||
| 412 | X509_CRL_free(a->data.crl); | ||
| 413 | break; | ||
| 414 | } | ||
| 415 | } | ||
| 416 | |||
| 417 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, | ||
| 418 | X509_NAME *name) | ||
| 419 | { | ||
| 420 | X509_OBJECT stmp; | ||
| 421 | X509 x509_s; | ||
| 422 | X509_CINF cinf_s; | ||
| 423 | X509_CRL crl_s; | ||
| 424 | X509_CRL_INFO crl_info_s; | ||
| 425 | |||
| 426 | stmp.type=type; | ||
| 427 | switch (type) | ||
| 428 | { | ||
| 429 | case X509_LU_X509: | ||
| 430 | stmp.data.x509= &x509_s; | ||
| 431 | x509_s.cert_info= &cinf_s; | ||
| 432 | cinf_s.subject=name; | ||
| 433 | break; | ||
| 434 | case X509_LU_CRL: | ||
| 435 | stmp.data.crl= &crl_s; | ||
| 436 | crl_s.crl= &crl_info_s; | ||
| 437 | crl_info_s.issuer=name; | ||
| 438 | break; | ||
| 439 | default: | ||
| 440 | /* abort(); */ | ||
| 441 | return -1; | ||
| 442 | } | ||
| 443 | |||
| 444 | return sk_X509_OBJECT_find(h,&stmp); | ||
| 445 | } | ||
| 446 | |||
| 447 | X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, | ||
| 448 | X509_NAME *name) | ||
| 449 | { | ||
| 450 | int idx; | ||
| 451 | idx = X509_OBJECT_idx_by_subject(h, type, name); | ||
| 452 | if (idx==-1) return NULL; | ||
| 453 | return sk_X509_OBJECT_value(h, idx); | ||
| 454 | } | ||
| 455 | |||
| 456 | X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) | ||
| 457 | { | ||
| 458 | int idx, i; | ||
| 459 | X509_OBJECT *obj; | ||
| 460 | idx = sk_X509_OBJECT_find(h, x); | ||
| 461 | if (idx == -1) return NULL; | ||
| 462 | if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx); | ||
| 463 | for (i = idx; i < sk_X509_OBJECT_num(h); i++) | ||
| 464 | { | ||
| 465 | obj = sk_X509_OBJECT_value(h, i); | ||
| 466 | if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) | ||
| 467 | return NULL; | ||
| 468 | if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509)) | ||
| 469 | return obj; | ||
| 470 | } | ||
| 471 | return NULL; | ||
| 472 | } | ||
| 473 | |||
| 474 | |||
| 475 | /* Try to get issuer certificate from store. Due to limitations | ||
| 476 | * of the API this can only retrieve a single certificate matching | ||
| 477 | * a given subject name. However it will fill the cache with all | ||
| 478 | * matching certificates, so we can examine the cache for all | ||
| 479 | * matches. | ||
| 480 | * | ||
| 481 | * Return values are: | ||
| 482 | * 1 lookup successful. | ||
| 483 | * 0 certificate not found. | ||
| 484 | * -1 some other error. | ||
| 485 | */ | ||
| 486 | |||
| 487 | |||
| 488 | int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) | ||
| 489 | { | ||
| 490 | X509_NAME *xn; | ||
| 491 | X509_OBJECT obj, *pobj; | ||
| 492 | int i, ok, idx; | ||
| 493 | xn=X509_get_issuer_name(x); | ||
| 494 | ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); | ||
| 495 | if (ok != X509_LU_X509) | ||
| 496 | { | ||
| 497 | if (ok == X509_LU_RETRY) | ||
| 498 | { | ||
| 499 | X509_OBJECT_free_contents(&obj); | ||
| 500 | X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY); | ||
| 501 | return -1; | ||
| 502 | } | ||
| 503 | else if (ok != X509_LU_FAIL) | ||
| 504 | { | ||
| 505 | X509_OBJECT_free_contents(&obj); | ||
| 506 | /* not good :-(, break anyway */ | ||
| 507 | return -1; | ||
| 508 | } | ||
| 509 | return 0; | ||
| 510 | } | ||
| 511 | /* If certificate matches all OK */ | ||
| 512 | if (ctx->check_issued(ctx, x, obj.data.x509)) | ||
| 513 | { | ||
| 514 | *issuer = obj.data.x509; | ||
| 515 | return 1; | ||
| 516 | } | ||
| 517 | X509_OBJECT_free_contents(&obj); | ||
| 518 | /* Else find index of first matching cert */ | ||
| 519 | idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); | ||
| 520 | /* This shouldn't normally happen since we already have one match */ | ||
| 521 | if (idx == -1) return 0; | ||
| 522 | |||
| 523 | /* Look through all matching certificates for a suitable issuer */ | ||
| 524 | for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) | ||
| 525 | { | ||
| 526 | pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); | ||
| 527 | /* See if we've ran out of matches */ | ||
| 528 | if (pobj->type != X509_LU_X509) return 0; | ||
| 529 | if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0; | ||
| 530 | if (ctx->check_issued(ctx, x, pobj->data.x509)) | ||
| 531 | { | ||
| 532 | *issuer = pobj->data.x509; | ||
| 533 | X509_OBJECT_up_ref_count(pobj); | ||
| 534 | return 1; | ||
| 535 | } | ||
| 536 | } | ||
| 537 | return 0; | ||
| 538 | } | ||
| 539 | |||
| 540 | int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) | ||
| 541 | { | ||
| 542 | return X509_VERIFY_PARAM_set_flags(ctx->param, flags); | ||
| 543 | } | ||
| 544 | |||
| 545 | int X509_STORE_set_depth(X509_STORE *ctx, int depth) | ||
| 546 | { | ||
| 547 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); | ||
| 548 | return 1; | ||
| 549 | } | ||
| 550 | |||
| 551 | int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) | ||
| 552 | { | ||
| 553 | return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); | ||
| 554 | } | ||
| 555 | |||
| 556 | int X509_STORE_set_trust(X509_STORE *ctx, int trust) | ||
| 557 | { | ||
| 558 | return X509_VERIFY_PARAM_set_trust(ctx->param, trust); | ||
| 559 | } | ||
| 560 | |||
| 561 | int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) | ||
| 562 | { | ||
| 563 | return X509_VERIFY_PARAM_set1(ctx->param, param); | ||
| 564 | } | ||
| 565 | |||
| 566 | IMPLEMENT_STACK_OF(X509_LOOKUP) | ||
| 567 | IMPLEMENT_STACK_OF(X509_OBJECT) | ||
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c deleted file mode 100644 index 1e718f76eb..0000000000 --- a/src/lib/libcrypto/x509/x509_obj.c +++ /dev/null | |||
| @@ -1,226 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_obj.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/lhash.h> | ||
| 62 | #include <openssl/objects.h> | ||
| 63 | #include <openssl/x509.h> | ||
| 64 | #include <openssl/buffer.h> | ||
| 65 | |||
| 66 | char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) | ||
| 67 | { | ||
| 68 | X509_NAME_ENTRY *ne; | ||
| 69 | int i; | ||
| 70 | int n,lold,l,l1,l2,num,j,type; | ||
| 71 | const char *s; | ||
| 72 | char *p; | ||
| 73 | unsigned char *q; | ||
| 74 | BUF_MEM *b=NULL; | ||
| 75 | static char hex[17]="0123456789ABCDEF"; | ||
| 76 | int gs_doit[4]; | ||
| 77 | char tmp_buf[80]; | ||
| 78 | #ifdef CHARSET_EBCDIC | ||
| 79 | char ebcdic_buf[1024]; | ||
| 80 | #endif | ||
| 81 | |||
| 82 | if (buf == NULL) | ||
| 83 | { | ||
| 84 | if ((b=BUF_MEM_new()) == NULL) goto err; | ||
| 85 | if (!BUF_MEM_grow(b,200)) goto err; | ||
| 86 | b->data[0]='\0'; | ||
| 87 | len=200; | ||
| 88 | } | ||
| 89 | if (a == NULL) | ||
| 90 | { | ||
| 91 | if(b) | ||
| 92 | { | ||
| 93 | buf=b->data; | ||
| 94 | OPENSSL_free(b); | ||
| 95 | } | ||
| 96 | strncpy(buf,"NO X509_NAME",len); | ||
| 97 | buf[len-1]='\0'; | ||
| 98 | return buf; | ||
| 99 | } | ||
| 100 | |||
| 101 | len--; /* space for '\0' */ | ||
| 102 | l=0; | ||
| 103 | for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++) | ||
| 104 | { | ||
| 105 | ne=sk_X509_NAME_ENTRY_value(a->entries,i); | ||
| 106 | n=OBJ_obj2nid(ne->object); | ||
| 107 | if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) | ||
| 108 | { | ||
| 109 | i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object); | ||
| 110 | s=tmp_buf; | ||
| 111 | } | ||
| 112 | l1=strlen(s); | ||
| 113 | |||
| 114 | type=ne->value->type; | ||
| 115 | num=ne->value->length; | ||
| 116 | q=ne->value->data; | ||
| 117 | #ifdef CHARSET_EBCDIC | ||
| 118 | if (type == V_ASN1_GENERALSTRING || | ||
| 119 | type == V_ASN1_VISIBLESTRING || | ||
| 120 | type == V_ASN1_PRINTABLESTRING || | ||
| 121 | type == V_ASN1_TELETEXSTRING || | ||
| 122 | type == V_ASN1_VISIBLESTRING || | ||
| 123 | type == V_ASN1_IA5STRING) { | ||
| 124 | ascii2ebcdic(ebcdic_buf, q, | ||
| 125 | (num > sizeof ebcdic_buf) | ||
| 126 | ? sizeof ebcdic_buf : num); | ||
| 127 | q=ebcdic_buf; | ||
| 128 | } | ||
| 129 | #endif | ||
| 130 | |||
| 131 | if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) | ||
| 132 | { | ||
| 133 | gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0; | ||
| 134 | for (j=0; j<num; j++) | ||
| 135 | if (q[j] != 0) gs_doit[j&3]=1; | ||
| 136 | |||
| 137 | if (gs_doit[0]|gs_doit[1]|gs_doit[2]) | ||
| 138 | gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; | ||
| 139 | else | ||
| 140 | { | ||
| 141 | gs_doit[0]=gs_doit[1]=gs_doit[2]=0; | ||
| 142 | gs_doit[3]=1; | ||
| 143 | } | ||
| 144 | } | ||
| 145 | else | ||
| 146 | gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; | ||
| 147 | |||
| 148 | for (l2=j=0; j<num; j++) | ||
| 149 | { | ||
| 150 | if (!gs_doit[j&3]) continue; | ||
| 151 | l2++; | ||
| 152 | #ifndef CHARSET_EBCDIC | ||
| 153 | if ((q[j] < ' ') || (q[j] > '~')) l2+=3; | ||
| 154 | #else | ||
| 155 | if ((os_toascii[q[j]] < os_toascii[' ']) || | ||
| 156 | (os_toascii[q[j]] > os_toascii['~'])) l2+=3; | ||
| 157 | #endif | ||
| 158 | } | ||
| 159 | |||
| 160 | lold=l; | ||
| 161 | l+=1+l1+1+l2; | ||
| 162 | if (b != NULL) | ||
| 163 | { | ||
| 164 | if (!BUF_MEM_grow(b,l+1)) goto err; | ||
| 165 | p= &(b->data[lold]); | ||
| 166 | } | ||
| 167 | else if (l > len) | ||
| 168 | { | ||
| 169 | break; | ||
| 170 | } | ||
| 171 | else | ||
| 172 | p= &(buf[lold]); | ||
| 173 | *(p++)='/'; | ||
| 174 | memcpy(p,s,(unsigned int)l1); p+=l1; | ||
| 175 | *(p++)='='; | ||
| 176 | |||
| 177 | #ifndef CHARSET_EBCDIC /* q was assigned above already. */ | ||
| 178 | q=ne->value->data; | ||
| 179 | #endif | ||
| 180 | |||
| 181 | for (j=0; j<num; j++) | ||
| 182 | { | ||
| 183 | if (!gs_doit[j&3]) continue; | ||
| 184 | #ifndef CHARSET_EBCDIC | ||
| 185 | n=q[j]; | ||
| 186 | if ((n < ' ') || (n > '~')) | ||
| 187 | { | ||
| 188 | *(p++)='\\'; | ||
| 189 | *(p++)='x'; | ||
| 190 | *(p++)=hex[(n>>4)&0x0f]; | ||
| 191 | *(p++)=hex[n&0x0f]; | ||
| 192 | } | ||
| 193 | else | ||
| 194 | *(p++)=n; | ||
| 195 | #else | ||
| 196 | n=os_toascii[q[j]]; | ||
| 197 | if ((n < os_toascii[' ']) || | ||
| 198 | (n > os_toascii['~'])) | ||
| 199 | { | ||
| 200 | *(p++)='\\'; | ||
| 201 | *(p++)='x'; | ||
| 202 | *(p++)=hex[(n>>4)&0x0f]; | ||
| 203 | *(p++)=hex[n&0x0f]; | ||
| 204 | } | ||
| 205 | else | ||
| 206 | *(p++)=q[j]; | ||
| 207 | #endif | ||
| 208 | } | ||
| 209 | *p='\0'; | ||
| 210 | } | ||
| 211 | if (b != NULL) | ||
| 212 | { | ||
| 213 | p=b->data; | ||
| 214 | OPENSSL_free(b); | ||
| 215 | } | ||
| 216 | else | ||
| 217 | p=buf; | ||
| 218 | if (i == 0) | ||
| 219 | *p = '\0'; | ||
| 220 | return(p); | ||
| 221 | err: | ||
| 222 | X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); | ||
| 223 | if (b != NULL) BUF_MEM_free(b); | ||
| 224 | return(NULL); | ||
| 225 | } | ||
| 226 | |||
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c deleted file mode 100644 index 254a14693d..0000000000 --- a/src/lib/libcrypto/x509/x509_r2x.c +++ /dev/null | |||
| @@ -1,114 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_r2x.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/bn.h> | ||
| 62 | #include <openssl/evp.h> | ||
| 63 | #include <openssl/asn1.h> | ||
| 64 | #include <openssl/x509.h> | ||
| 65 | #include <openssl/objects.h> | ||
| 66 | #include <openssl/buffer.h> | ||
| 67 | |||
| 68 | X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) | ||
| 69 | { | ||
| 70 | X509 *ret=NULL; | ||
| 71 | X509_CINF *xi=NULL; | ||
| 72 | X509_NAME *xn; | ||
| 73 | |||
| 74 | if ((ret=X509_new()) == NULL) | ||
| 75 | { | ||
| 76 | X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE); | ||
| 77 | goto err; | ||
| 78 | } | ||
| 79 | |||
| 80 | /* duplicate the request */ | ||
| 81 | xi=ret->cert_info; | ||
| 82 | |||
| 83 | if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) | ||
| 84 | { | ||
| 85 | if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err; | ||
| 86 | if (!ASN1_INTEGER_set(xi->version,2)) goto err; | ||
| 87 | /* xi->extensions=ri->attributes; <- bad, should not ever be done | ||
| 88 | ri->attributes=NULL; */ | ||
| 89 | } | ||
| 90 | |||
| 91 | xn=X509_REQ_get_subject_name(r); | ||
| 92 | if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0) | ||
| 93 | goto err; | ||
| 94 | if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0) | ||
| 95 | goto err; | ||
| 96 | |||
| 97 | if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) | ||
| 98 | goto err; | ||
| 99 | if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL) | ||
| 100 | goto err; | ||
| 101 | |||
| 102 | X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); | ||
| 103 | |||
| 104 | if (!X509_sign(ret,pkey,EVP_md5())) | ||
| 105 | goto err; | ||
| 106 | if (0) | ||
| 107 | { | ||
| 108 | err: | ||
| 109 | X509_free(ret); | ||
| 110 | ret=NULL; | ||
| 111 | } | ||
| 112 | return(ret); | ||
| 113 | } | ||
| 114 | |||
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c deleted file mode 100644 index 3872e1fb64..0000000000 --- a/src/lib/libcrypto/x509/x509_req.c +++ /dev/null | |||
| @@ -1,324 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_req.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/bn.h> | ||
| 62 | #include <openssl/evp.h> | ||
| 63 | #include <openssl/asn1.h> | ||
| 64 | #include <openssl/x509.h> | ||
| 65 | #include <openssl/objects.h> | ||
| 66 | #include <openssl/buffer.h> | ||
| 67 | #include <openssl/pem.h> | ||
| 68 | |||
| 69 | X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) | ||
| 70 | { | ||
| 71 | X509_REQ *ret; | ||
| 72 | X509_REQ_INFO *ri; | ||
| 73 | int i; | ||
| 74 | EVP_PKEY *pktmp; | ||
| 75 | |||
| 76 | ret=X509_REQ_new(); | ||
| 77 | if (ret == NULL) | ||
| 78 | { | ||
| 79 | X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE); | ||
| 80 | goto err; | ||
| 81 | } | ||
| 82 | |||
| 83 | ri=ret->req_info; | ||
| 84 | |||
| 85 | ri->version->length=1; | ||
| 86 | ri->version->data=(unsigned char *)OPENSSL_malloc(1); | ||
| 87 | if (ri->version->data == NULL) goto err; | ||
| 88 | ri->version->data[0]=0; /* version == 0 */ | ||
| 89 | |||
| 90 | if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) | ||
| 91 | goto err; | ||
| 92 | |||
| 93 | pktmp = X509_get_pubkey(x); | ||
| 94 | i=X509_REQ_set_pubkey(ret,pktmp); | ||
| 95 | EVP_PKEY_free(pktmp); | ||
| 96 | if (!i) goto err; | ||
| 97 | |||
| 98 | if (pkey != NULL) | ||
| 99 | { | ||
| 100 | if (!X509_REQ_sign(ret,pkey,md)) | ||
| 101 | goto err; | ||
| 102 | } | ||
| 103 | return(ret); | ||
| 104 | err: | ||
| 105 | X509_REQ_free(ret); | ||
| 106 | return(NULL); | ||
| 107 | } | ||
| 108 | |||
| 109 | EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) | ||
| 110 | { | ||
| 111 | if ((req == NULL) || (req->req_info == NULL)) | ||
| 112 | return(NULL); | ||
| 113 | return(X509_PUBKEY_get(req->req_info->pubkey)); | ||
| 114 | } | ||
| 115 | |||
| 116 | int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) | ||
| 117 | { | ||
| 118 | EVP_PKEY *xk=NULL; | ||
| 119 | int ok=0; | ||
| 120 | |||
| 121 | xk=X509_REQ_get_pubkey(x); | ||
| 122 | switch (EVP_PKEY_cmp(xk, k)) | ||
| 123 | { | ||
| 124 | case 1: | ||
| 125 | ok=1; | ||
| 126 | break; | ||
| 127 | case 0: | ||
| 128 | X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 129 | break; | ||
| 130 | case -1: | ||
| 131 | X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); | ||
| 132 | break; | ||
| 133 | case -2: | ||
| 134 | #ifndef OPENSSL_NO_EC | ||
| 135 | if (k->type == EVP_PKEY_EC) | ||
| 136 | { | ||
| 137 | X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); | ||
| 138 | break; | ||
| 139 | } | ||
| 140 | #endif | ||
| 141 | #ifndef OPENSSL_NO_DH | ||
| 142 | if (k->type == EVP_PKEY_DH) | ||
| 143 | { | ||
| 144 | /* No idea */ | ||
| 145 | X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); | ||
| 146 | break; | ||
| 147 | } | ||
| 148 | #endif | ||
| 149 | X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); | ||
| 150 | } | ||
| 151 | |||
| 152 | EVP_PKEY_free(xk); | ||
| 153 | return(ok); | ||
| 154 | } | ||
| 155 | |||
| 156 | /* It seems several organisations had the same idea of including a list of | ||
| 157 | * extensions in a certificate request. There are at least two OIDs that are | ||
| 158 | * used and there may be more: so the list is configurable. | ||
| 159 | */ | ||
| 160 | |||
| 161 | static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef}; | ||
| 162 | |||
| 163 | static int *ext_nids = ext_nid_list; | ||
| 164 | |||
| 165 | int X509_REQ_extension_nid(int req_nid) | ||
| 166 | { | ||
| 167 | int i, nid; | ||
| 168 | for(i = 0; ; i++) { | ||
| 169 | nid = ext_nids[i]; | ||
| 170 | if(nid == NID_undef) return 0; | ||
| 171 | else if (req_nid == nid) return 1; | ||
| 172 | } | ||
| 173 | } | ||
| 174 | |||
| 175 | int *X509_REQ_get_extension_nids(void) | ||
| 176 | { | ||
| 177 | return ext_nids; | ||
| 178 | } | ||
| 179 | |||
| 180 | void X509_REQ_set_extension_nids(int *nids) | ||
| 181 | { | ||
| 182 | ext_nids = nids; | ||
| 183 | } | ||
| 184 | |||
| 185 | STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) | ||
| 186 | { | ||
| 187 | X509_ATTRIBUTE *attr; | ||
| 188 | ASN1_TYPE *ext = NULL; | ||
| 189 | int idx, *pnid; | ||
| 190 | const unsigned char *p; | ||
| 191 | |||
| 192 | if ((req == NULL) || (req->req_info == NULL) || !ext_nids) | ||
| 193 | return(NULL); | ||
| 194 | for (pnid = ext_nids; *pnid != NID_undef; pnid++) | ||
| 195 | { | ||
| 196 | idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); | ||
| 197 | if (idx == -1) | ||
| 198 | continue; | ||
| 199 | attr = X509_REQ_get_attr(req, idx); | ||
| 200 | if(attr->single) ext = attr->value.single; | ||
| 201 | else if(sk_ASN1_TYPE_num(attr->value.set)) | ||
| 202 | ext = sk_ASN1_TYPE_value(attr->value.set, 0); | ||
| 203 | break; | ||
| 204 | } | ||
| 205 | if(!ext || (ext->type != V_ASN1_SEQUENCE)) | ||
| 206 | return NULL; | ||
| 207 | p = ext->value.sequence->data; | ||
| 208 | return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, | ||
| 209 | ext->value.sequence->length, | ||
| 210 | d2i_X509_EXTENSION, X509_EXTENSION_free, | ||
| 211 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 212 | } | ||
| 213 | |||
| 214 | /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs | ||
| 215 | * in case we want to create a non standard one. | ||
| 216 | */ | ||
| 217 | |||
| 218 | int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, | ||
| 219 | int nid) | ||
| 220 | { | ||
| 221 | unsigned char *p = NULL, *q; | ||
| 222 | long len; | ||
| 223 | ASN1_TYPE *at = NULL; | ||
| 224 | X509_ATTRIBUTE *attr = NULL; | ||
| 225 | if(!(at = ASN1_TYPE_new()) || | ||
| 226 | !(at->value.sequence = ASN1_STRING_new())) goto err; | ||
| 227 | |||
| 228 | at->type = V_ASN1_SEQUENCE; | ||
| 229 | /* Generate encoding of extensions */ | ||
| 230 | len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, | ||
| 231 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
| 232 | if(!(p = OPENSSL_malloc(len))) goto err; | ||
| 233 | q = p; | ||
| 234 | i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, | ||
| 235 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
| 236 | at->value.sequence->data = p; | ||
| 237 | p = NULL; | ||
| 238 | at->value.sequence->length = len; | ||
| 239 | if(!(attr = X509_ATTRIBUTE_new())) goto err; | ||
| 240 | if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; | ||
| 241 | if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; | ||
| 242 | at = NULL; | ||
| 243 | attr->single = 0; | ||
| 244 | attr->object = OBJ_nid2obj(nid); | ||
| 245 | if (!req->req_info->attributes) | ||
| 246 | { | ||
| 247 | if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) | ||
| 248 | goto err; | ||
| 249 | } | ||
| 250 | if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; | ||
| 251 | return 1; | ||
| 252 | err: | ||
| 253 | if(p) OPENSSL_free(p); | ||
| 254 | X509_ATTRIBUTE_free(attr); | ||
| 255 | ASN1_TYPE_free(at); | ||
| 256 | return 0; | ||
| 257 | } | ||
| 258 | /* This is the normal usage: use the "official" OID */ | ||
| 259 | int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) | ||
| 260 | { | ||
| 261 | return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); | ||
| 262 | } | ||
| 263 | |||
| 264 | /* Request attribute functions */ | ||
| 265 | |||
| 266 | int X509_REQ_get_attr_count(const X509_REQ *req) | ||
| 267 | { | ||
| 268 | return X509at_get_attr_count(req->req_info->attributes); | ||
| 269 | } | ||
| 270 | |||
| 271 | int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, | ||
| 272 | int lastpos) | ||
| 273 | { | ||
| 274 | return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); | ||
| 275 | } | ||
| 276 | |||
| 277 | int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, | ||
| 278 | int lastpos) | ||
| 279 | { | ||
| 280 | return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); | ||
| 281 | } | ||
| 282 | |||
| 283 | X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) | ||
| 284 | { | ||
| 285 | return X509at_get_attr(req->req_info->attributes, loc); | ||
| 286 | } | ||
| 287 | |||
| 288 | X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) | ||
| 289 | { | ||
| 290 | return X509at_delete_attr(req->req_info->attributes, loc); | ||
| 291 | } | ||
| 292 | |||
| 293 | int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) | ||
| 294 | { | ||
| 295 | if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1; | ||
| 296 | return 0; | ||
| 297 | } | ||
| 298 | |||
| 299 | int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, | ||
| 300 | const ASN1_OBJECT *obj, int type, | ||
| 301 | const unsigned char *bytes, int len) | ||
| 302 | { | ||
| 303 | if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, | ||
| 304 | type, bytes, len)) return 1; | ||
| 305 | return 0; | ||
| 306 | } | ||
| 307 | |||
| 308 | int X509_REQ_add1_attr_by_NID(X509_REQ *req, | ||
| 309 | int nid, int type, | ||
| 310 | const unsigned char *bytes, int len) | ||
| 311 | { | ||
| 312 | if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid, | ||
| 313 | type, bytes, len)) return 1; | ||
| 314 | return 0; | ||
| 315 | } | ||
| 316 | |||
| 317 | int X509_REQ_add1_attr_by_txt(X509_REQ *req, | ||
| 318 | const char *attrname, int type, | ||
| 319 | const unsigned char *bytes, int len) | ||
| 320 | { | ||
| 321 | if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, | ||
| 322 | type, bytes, len)) return 1; | ||
| 323 | return 0; | ||
| 324 | } | ||
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c deleted file mode 100644 index aaf61ca062..0000000000 --- a/src/lib/libcrypto/x509/x509_set.c +++ /dev/null | |||
| @@ -1,150 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_set.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/asn1.h> | ||
| 62 | #include <openssl/objects.h> | ||
| 63 | #include <openssl/evp.h> | ||
| 64 | #include <openssl/x509.h> | ||
| 65 | |||
| 66 | int X509_set_version(X509 *x, long version) | ||
| 67 | { | ||
| 68 | if (x == NULL) return(0); | ||
| 69 | if (x->cert_info->version == NULL) | ||
| 70 | { | ||
| 71 | if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL) | ||
| 72 | return(0); | ||
| 73 | } | ||
| 74 | return(ASN1_INTEGER_set(x->cert_info->version,version)); | ||
| 75 | } | ||
| 76 | |||
| 77 | int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) | ||
| 78 | { | ||
| 79 | ASN1_INTEGER *in; | ||
| 80 | |||
| 81 | if (x == NULL) return(0); | ||
| 82 | in=x->cert_info->serialNumber; | ||
| 83 | if (in != serial) | ||
| 84 | { | ||
| 85 | in=M_ASN1_INTEGER_dup(serial); | ||
| 86 | if (in != NULL) | ||
| 87 | { | ||
| 88 | M_ASN1_INTEGER_free(x->cert_info->serialNumber); | ||
| 89 | x->cert_info->serialNumber=in; | ||
| 90 | } | ||
| 91 | } | ||
| 92 | return(in != NULL); | ||
| 93 | } | ||
| 94 | |||
| 95 | int X509_set_issuer_name(X509 *x, X509_NAME *name) | ||
| 96 | { | ||
| 97 | if ((x == NULL) || (x->cert_info == NULL)) return(0); | ||
| 98 | return(X509_NAME_set(&x->cert_info->issuer,name)); | ||
| 99 | } | ||
| 100 | |||
| 101 | int X509_set_subject_name(X509 *x, X509_NAME *name) | ||
| 102 | { | ||
| 103 | if ((x == NULL) || (x->cert_info == NULL)) return(0); | ||
| 104 | return(X509_NAME_set(&x->cert_info->subject,name)); | ||
| 105 | } | ||
| 106 | |||
| 107 | int X509_set_notBefore(X509 *x, ASN1_TIME *tm) | ||
| 108 | { | ||
| 109 | ASN1_TIME *in; | ||
| 110 | |||
| 111 | if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); | ||
| 112 | in=x->cert_info->validity->notBefore; | ||
| 113 | if (in != tm) | ||
| 114 | { | ||
| 115 | in=M_ASN1_TIME_dup(tm); | ||
| 116 | if (in != NULL) | ||
| 117 | { | ||
| 118 | M_ASN1_TIME_free(x->cert_info->validity->notBefore); | ||
| 119 | x->cert_info->validity->notBefore=in; | ||
| 120 | } | ||
| 121 | } | ||
| 122 | return(in != NULL); | ||
| 123 | } | ||
| 124 | |||
| 125 | int X509_set_notAfter(X509 *x, ASN1_TIME *tm) | ||
| 126 | { | ||
| 127 | ASN1_TIME *in; | ||
| 128 | |||
| 129 | if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); | ||
| 130 | in=x->cert_info->validity->notAfter; | ||
| 131 | if (in != tm) | ||
| 132 | { | ||
| 133 | in=M_ASN1_TIME_dup(tm); | ||
| 134 | if (in != NULL) | ||
| 135 | { | ||
| 136 | M_ASN1_TIME_free(x->cert_info->validity->notAfter); | ||
| 137 | x->cert_info->validity->notAfter=in; | ||
| 138 | } | ||
| 139 | } | ||
| 140 | return(in != NULL); | ||
| 141 | } | ||
| 142 | |||
| 143 | int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) | ||
| 144 | { | ||
| 145 | if ((x == NULL) || (x->cert_info == NULL)) return(0); | ||
| 146 | return(X509_PUBKEY_set(&(x->cert_info->key),pkey)); | ||
| 147 | } | ||
| 148 | |||
| 149 | |||
| 150 | |||
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c deleted file mode 100644 index ed18700585..0000000000 --- a/src/lib/libcrypto/x509/x509_trs.c +++ /dev/null | |||
| @@ -1,287 +0,0 @@ | |||
| 1 | /* x509_trs.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/x509v3.h> | ||
| 62 | |||
| 63 | |||
| 64 | static int tr_cmp(const X509_TRUST * const *a, | ||
| 65 | const X509_TRUST * const *b); | ||
| 66 | static void trtable_free(X509_TRUST *p); | ||
| 67 | |||
| 68 | static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); | ||
| 69 | static int trust_1oid(X509_TRUST *trust, X509 *x, int flags); | ||
| 70 | static int trust_compat(X509_TRUST *trust, X509 *x, int flags); | ||
| 71 | |||
| 72 | static int obj_trust(int id, X509 *x, int flags); | ||
| 73 | static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; | ||
| 74 | |||
| 75 | /* WARNING: the following table should be kept in order of trust | ||
| 76 | * and without any gaps so we can just subtract the minimum trust | ||
| 77 | * value to get an index into the table | ||
| 78 | */ | ||
| 79 | |||
| 80 | static X509_TRUST trstandard[] = { | ||
| 81 | {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, | ||
| 82 | {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, | ||
| 83 | {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, | ||
| 84 | {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, | ||
| 85 | {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, | ||
| 86 | {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, | ||
| 87 | {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} | ||
| 88 | }; | ||
| 89 | |||
| 90 | #define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) | ||
| 91 | |||
| 92 | IMPLEMENT_STACK_OF(X509_TRUST) | ||
| 93 | |||
| 94 | static STACK_OF(X509_TRUST) *trtable = NULL; | ||
| 95 | |||
| 96 | static int tr_cmp(const X509_TRUST * const *a, | ||
| 97 | const X509_TRUST * const *b) | ||
| 98 | { | ||
| 99 | return (*a)->trust - (*b)->trust; | ||
| 100 | } | ||
| 101 | |||
| 102 | int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) | ||
| 103 | { | ||
| 104 | int (*oldtrust)(int , X509 *, int); | ||
| 105 | oldtrust = default_trust; | ||
| 106 | default_trust = trust; | ||
| 107 | return oldtrust; | ||
| 108 | } | ||
| 109 | |||
| 110 | |||
| 111 | int X509_check_trust(X509 *x, int id, int flags) | ||
| 112 | { | ||
| 113 | X509_TRUST *pt; | ||
| 114 | int idx; | ||
| 115 | if(id == -1) return 1; | ||
| 116 | idx = X509_TRUST_get_by_id(id); | ||
| 117 | if(idx == -1) return default_trust(id, x, flags); | ||
| 118 | pt = X509_TRUST_get0(idx); | ||
| 119 | return pt->check_trust(pt, x, flags); | ||
| 120 | } | ||
| 121 | |||
| 122 | int X509_TRUST_get_count(void) | ||
| 123 | { | ||
| 124 | if(!trtable) return X509_TRUST_COUNT; | ||
| 125 | return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; | ||
| 126 | } | ||
| 127 | |||
| 128 | X509_TRUST * X509_TRUST_get0(int idx) | ||
| 129 | { | ||
| 130 | if(idx < 0) return NULL; | ||
| 131 | if(idx < (int)X509_TRUST_COUNT) return trstandard + idx; | ||
| 132 | return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); | ||
| 133 | } | ||
| 134 | |||
| 135 | int X509_TRUST_get_by_id(int id) | ||
| 136 | { | ||
| 137 | X509_TRUST tmp; | ||
| 138 | int idx; | ||
| 139 | if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) | ||
| 140 | return id - X509_TRUST_MIN; | ||
| 141 | tmp.trust = id; | ||
| 142 | if(!trtable) return -1; | ||
| 143 | idx = sk_X509_TRUST_find(trtable, &tmp); | ||
| 144 | if(idx == -1) return -1; | ||
| 145 | return idx + X509_TRUST_COUNT; | ||
| 146 | } | ||
| 147 | |||
| 148 | int X509_TRUST_set(int *t, int trust) | ||
| 149 | { | ||
| 150 | if(X509_TRUST_get_by_id(trust) == -1) { | ||
| 151 | X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST); | ||
| 152 | return 0; | ||
| 153 | } | ||
| 154 | *t = trust; | ||
| 155 | return 1; | ||
| 156 | } | ||
| 157 | |||
| 158 | int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | ||
| 159 | char *name, int arg1, void *arg2) | ||
| 160 | { | ||
| 161 | int idx; | ||
| 162 | X509_TRUST *trtmp; | ||
| 163 | /* This is set according to what we change: application can't set it */ | ||
| 164 | flags &= ~X509_TRUST_DYNAMIC; | ||
| 165 | /* This will always be set for application modified trust entries */ | ||
| 166 | flags |= X509_TRUST_DYNAMIC_NAME; | ||
| 167 | /* Get existing entry if any */ | ||
| 168 | idx = X509_TRUST_get_by_id(id); | ||
| 169 | /* Need a new entry */ | ||
| 170 | if(idx == -1) { | ||
| 171 | if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { | ||
| 172 | X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); | ||
| 173 | return 0; | ||
| 174 | } | ||
| 175 | trtmp->flags = X509_TRUST_DYNAMIC; | ||
| 176 | } else trtmp = X509_TRUST_get0(idx); | ||
| 177 | |||
| 178 | /* OPENSSL_free existing name if dynamic */ | ||
| 179 | if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name); | ||
| 180 | /* dup supplied name */ | ||
| 181 | if(!(trtmp->name = BUF_strdup(name))) { | ||
| 182 | X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); | ||
| 183 | return 0; | ||
| 184 | } | ||
| 185 | /* Keep the dynamic flag of existing entry */ | ||
| 186 | trtmp->flags &= X509_TRUST_DYNAMIC; | ||
| 187 | /* Set all other flags */ | ||
| 188 | trtmp->flags |= flags; | ||
| 189 | |||
| 190 | trtmp->trust = id; | ||
| 191 | trtmp->check_trust = ck; | ||
| 192 | trtmp->arg1 = arg1; | ||
| 193 | trtmp->arg2 = arg2; | ||
| 194 | |||
| 195 | /* If its a new entry manage the dynamic table */ | ||
| 196 | if(idx == -1) { | ||
| 197 | if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { | ||
| 198 | X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); | ||
| 199 | return 0; | ||
| 200 | } | ||
| 201 | if (!sk_X509_TRUST_push(trtable, trtmp)) { | ||
| 202 | X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); | ||
| 203 | return 0; | ||
| 204 | } | ||
| 205 | } | ||
| 206 | return 1; | ||
| 207 | } | ||
| 208 | |||
| 209 | static void trtable_free(X509_TRUST *p) | ||
| 210 | { | ||
| 211 | if(!p) return; | ||
| 212 | if (p->flags & X509_TRUST_DYNAMIC) | ||
| 213 | { | ||
| 214 | if (p->flags & X509_TRUST_DYNAMIC_NAME) | ||
| 215 | OPENSSL_free(p->name); | ||
| 216 | OPENSSL_free(p); | ||
| 217 | } | ||
| 218 | } | ||
| 219 | |||
| 220 | void X509_TRUST_cleanup(void) | ||
| 221 | { | ||
| 222 | unsigned int i; | ||
| 223 | for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); | ||
| 224 | sk_X509_TRUST_pop_free(trtable, trtable_free); | ||
| 225 | trtable = NULL; | ||
| 226 | } | ||
| 227 | |||
| 228 | int X509_TRUST_get_flags(X509_TRUST *xp) | ||
| 229 | { | ||
| 230 | return xp->flags; | ||
| 231 | } | ||
| 232 | |||
| 233 | char *X509_TRUST_get0_name(X509_TRUST *xp) | ||
| 234 | { | ||
| 235 | return xp->name; | ||
| 236 | } | ||
| 237 | |||
| 238 | int X509_TRUST_get_trust(X509_TRUST *xp) | ||
| 239 | { | ||
| 240 | return xp->trust; | ||
| 241 | } | ||
| 242 | |||
| 243 | static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) | ||
| 244 | { | ||
| 245 | if(x->aux && (x->aux->trust || x->aux->reject)) | ||
| 246 | return obj_trust(trust->arg1, x, flags); | ||
| 247 | /* we don't have any trust settings: for compatibility | ||
| 248 | * we return trusted if it is self signed | ||
| 249 | */ | ||
| 250 | return trust_compat(trust, x, flags); | ||
| 251 | } | ||
| 252 | |||
| 253 | static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) | ||
| 254 | { | ||
| 255 | if(x->aux) return obj_trust(trust->arg1, x, flags); | ||
| 256 | return X509_TRUST_UNTRUSTED; | ||
| 257 | } | ||
| 258 | |||
| 259 | static int trust_compat(X509_TRUST *trust, X509 *x, int flags) | ||
| 260 | { | ||
| 261 | X509_check_purpose(x, -1, 0); | ||
| 262 | if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; | ||
| 263 | else return X509_TRUST_UNTRUSTED; | ||
| 264 | } | ||
| 265 | |||
| 266 | static int obj_trust(int id, X509 *x, int flags) | ||
| 267 | { | ||
| 268 | ASN1_OBJECT *obj; | ||
| 269 | int i; | ||
| 270 | X509_CERT_AUX *ax; | ||
| 271 | ax = x->aux; | ||
| 272 | if(!ax) return X509_TRUST_UNTRUSTED; | ||
| 273 | if(ax->reject) { | ||
| 274 | for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { | ||
| 275 | obj = sk_ASN1_OBJECT_value(ax->reject, i); | ||
| 276 | if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED; | ||
| 277 | } | ||
| 278 | } | ||
| 279 | if(ax->trust) { | ||
| 280 | for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { | ||
| 281 | obj = sk_ASN1_OBJECT_value(ax->trust, i); | ||
| 282 | if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED; | ||
| 283 | } | ||
| 284 | } | ||
| 285 | return X509_TRUST_UNTRUSTED; | ||
| 286 | } | ||
| 287 | |||
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c deleted file mode 100644 index 73a8ec726f..0000000000 --- a/src/lib/libcrypto/x509/x509_txt.c +++ /dev/null | |||
| @@ -1,173 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_txt.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <time.h> | ||
| 61 | #include <errno.h> | ||
| 62 | |||
| 63 | #include "cryptlib.h" | ||
| 64 | #include <openssl/lhash.h> | ||
| 65 | #include <openssl/buffer.h> | ||
| 66 | #include <openssl/evp.h> | ||
| 67 | #include <openssl/asn1.h> | ||
| 68 | #include <openssl/x509.h> | ||
| 69 | #include <openssl/objects.h> | ||
| 70 | |||
| 71 | const char *X509_verify_cert_error_string(long n) | ||
| 72 | { | ||
| 73 | static char buf[100]; | ||
| 74 | |||
| 75 | switch ((int)n) | ||
| 76 | { | ||
| 77 | case X509_V_OK: | ||
| 78 | return("ok"); | ||
| 79 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: | ||
| 80 | return("unable to get issuer certificate"); | ||
| 81 | case X509_V_ERR_UNABLE_TO_GET_CRL: | ||
| 82 | return("unable to get certificate CRL"); | ||
| 83 | case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: | ||
| 84 | return("unable to decrypt certificate's signature"); | ||
| 85 | case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: | ||
| 86 | return("unable to decrypt CRL's signature"); | ||
| 87 | case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: | ||
| 88 | return("unable to decode issuer public key"); | ||
| 89 | case X509_V_ERR_CERT_SIGNATURE_FAILURE: | ||
| 90 | return("certificate signature failure"); | ||
| 91 | case X509_V_ERR_CRL_SIGNATURE_FAILURE: | ||
| 92 | return("CRL signature failure"); | ||
| 93 | case X509_V_ERR_CERT_NOT_YET_VALID: | ||
| 94 | return("certificate is not yet valid"); | ||
| 95 | case X509_V_ERR_CRL_NOT_YET_VALID: | ||
| 96 | return("CRL is not yet valid"); | ||
| 97 | case X509_V_ERR_CERT_HAS_EXPIRED: | ||
| 98 | return("certificate has expired"); | ||
| 99 | case X509_V_ERR_CRL_HAS_EXPIRED: | ||
| 100 | return("CRL has expired"); | ||
| 101 | case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: | ||
| 102 | return("format error in certificate's notBefore field"); | ||
| 103 | case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: | ||
| 104 | return("format error in certificate's notAfter field"); | ||
| 105 | case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: | ||
| 106 | return("format error in CRL's lastUpdate field"); | ||
| 107 | case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: | ||
| 108 | return("format error in CRL's nextUpdate field"); | ||
| 109 | case X509_V_ERR_OUT_OF_MEM: | ||
| 110 | return("out of memory"); | ||
| 111 | case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: | ||
| 112 | return("self signed certificate"); | ||
| 113 | case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: | ||
| 114 | return("self signed certificate in certificate chain"); | ||
| 115 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: | ||
| 116 | return("unable to get local issuer certificate"); | ||
| 117 | case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: | ||
| 118 | return("unable to verify the first certificate"); | ||
| 119 | case X509_V_ERR_CERT_CHAIN_TOO_LONG: | ||
| 120 | return("certificate chain too long"); | ||
| 121 | case X509_V_ERR_CERT_REVOKED: | ||
| 122 | return("certificate revoked"); | ||
| 123 | case X509_V_ERR_INVALID_CA: | ||
| 124 | return ("invalid CA certificate"); | ||
| 125 | case X509_V_ERR_INVALID_NON_CA: | ||
| 126 | return ("invalid non-CA certificate (has CA markings)"); | ||
| 127 | case X509_V_ERR_PATH_LENGTH_EXCEEDED: | ||
| 128 | return ("path length constraint exceeded"); | ||
| 129 | case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: | ||
| 130 | return("proxy path length constraint exceeded"); | ||
| 131 | case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: | ||
| 132 | return("proxy certificates not allowed, please set the appropriate flag"); | ||
| 133 | case X509_V_ERR_INVALID_PURPOSE: | ||
| 134 | return ("unsupported certificate purpose"); | ||
| 135 | case X509_V_ERR_CERT_UNTRUSTED: | ||
| 136 | return ("certificate not trusted"); | ||
| 137 | case X509_V_ERR_CERT_REJECTED: | ||
| 138 | return ("certificate rejected"); | ||
| 139 | case X509_V_ERR_APPLICATION_VERIFICATION: | ||
| 140 | return("application verification failure"); | ||
| 141 | case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: | ||
| 142 | return("subject issuer mismatch"); | ||
| 143 | case X509_V_ERR_AKID_SKID_MISMATCH: | ||
| 144 | return("authority and subject key identifier mismatch"); | ||
| 145 | case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: | ||
| 146 | return("authority and issuer serial number mismatch"); | ||
| 147 | case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: | ||
| 148 | return("key usage does not include certificate signing"); | ||
| 149 | case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: | ||
| 150 | return("unable to get CRL issuer certificate"); | ||
| 151 | case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: | ||
| 152 | return("unhandled critical extension"); | ||
| 153 | case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: | ||
| 154 | return("key usage does not include CRL signing"); | ||
| 155 | case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: | ||
| 156 | return("key usage does not include digital signature"); | ||
| 157 | case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: | ||
| 158 | return("unhandled critical CRL extension"); | ||
| 159 | case X509_V_ERR_INVALID_EXTENSION: | ||
| 160 | return("invalid or inconsistent certificate extension"); | ||
| 161 | case X509_V_ERR_INVALID_POLICY_EXTENSION: | ||
| 162 | return("invalid or inconsistent certificate policy extension"); | ||
| 163 | case X509_V_ERR_NO_EXPLICIT_POLICY: | ||
| 164 | return("no explicit policy"); | ||
| 165 | case X509_V_ERR_UNNESTED_RESOURCE: | ||
| 166 | return("RFC 3779 resource not subset of parent's resources"); | ||
| 167 | default: | ||
| 168 | BIO_snprintf(buf,sizeof buf,"error number %ld",n); | ||
| 169 | return(buf); | ||
| 170 | } | ||
| 171 | } | ||
| 172 | |||
| 173 | |||
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c deleted file mode 100644 index 42e6f0ab05..0000000000 --- a/src/lib/libcrypto/x509/x509_v3.c +++ /dev/null | |||
| @@ -1,274 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_v3.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <openssl/stack.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/objects.h> | ||
| 64 | #include <openssl/evp.h> | ||
| 65 | #include <openssl/x509.h> | ||
| 66 | #include <openssl/x509v3.h> | ||
| 67 | |||
| 68 | int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) | ||
| 69 | { | ||
| 70 | if (x == NULL) return(0); | ||
| 71 | return(sk_X509_EXTENSION_num(x)); | ||
| 72 | } | ||
| 73 | |||
| 74 | int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, | ||
| 75 | int lastpos) | ||
| 76 | { | ||
| 77 | ASN1_OBJECT *obj; | ||
| 78 | |||
| 79 | obj=OBJ_nid2obj(nid); | ||
| 80 | if (obj == NULL) return(-2); | ||
| 81 | return(X509v3_get_ext_by_OBJ(x,obj,lastpos)); | ||
| 82 | } | ||
| 83 | |||
| 84 | int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj, | ||
| 85 | int lastpos) | ||
| 86 | { | ||
| 87 | int n; | ||
| 88 | X509_EXTENSION *ex; | ||
| 89 | |||
| 90 | if (sk == NULL) return(-1); | ||
| 91 | lastpos++; | ||
| 92 | if (lastpos < 0) | ||
| 93 | lastpos=0; | ||
| 94 | n=sk_X509_EXTENSION_num(sk); | ||
| 95 | for ( ; lastpos < n; lastpos++) | ||
| 96 | { | ||
| 97 | ex=sk_X509_EXTENSION_value(sk,lastpos); | ||
| 98 | if (OBJ_cmp(ex->object,obj) == 0) | ||
| 99 | return(lastpos); | ||
| 100 | } | ||
| 101 | return(-1); | ||
| 102 | } | ||
| 103 | |||
| 104 | int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, | ||
| 105 | int lastpos) | ||
| 106 | { | ||
| 107 | int n; | ||
| 108 | X509_EXTENSION *ex; | ||
| 109 | |||
| 110 | if (sk == NULL) return(-1); | ||
| 111 | lastpos++; | ||
| 112 | if (lastpos < 0) | ||
| 113 | lastpos=0; | ||
| 114 | n=sk_X509_EXTENSION_num(sk); | ||
| 115 | for ( ; lastpos < n; lastpos++) | ||
| 116 | { | ||
| 117 | ex=sk_X509_EXTENSION_value(sk,lastpos); | ||
| 118 | if ( ((ex->critical > 0) && crit) || | ||
| 119 | ((ex->critical <= 0) && !crit)) | ||
| 120 | return(lastpos); | ||
| 121 | } | ||
| 122 | return(-1); | ||
| 123 | } | ||
| 124 | |||
| 125 | X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) | ||
| 126 | { | ||
| 127 | if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) | ||
| 128 | return NULL; | ||
| 129 | else | ||
| 130 | return sk_X509_EXTENSION_value(x,loc); | ||
| 131 | } | ||
| 132 | |||
| 133 | X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) | ||
| 134 | { | ||
| 135 | X509_EXTENSION *ret; | ||
| 136 | |||
| 137 | if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) | ||
| 138 | return(NULL); | ||
| 139 | ret=sk_X509_EXTENSION_delete(x,loc); | ||
| 140 | return(ret); | ||
| 141 | } | ||
| 142 | |||
| 143 | STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, | ||
| 144 | X509_EXTENSION *ex, int loc) | ||
| 145 | { | ||
| 146 | X509_EXTENSION *new_ex=NULL; | ||
| 147 | int n; | ||
| 148 | STACK_OF(X509_EXTENSION) *sk=NULL; | ||
| 149 | |||
| 150 | if (x == NULL) | ||
| 151 | { | ||
| 152 | X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER); | ||
| 153 | goto err2; | ||
| 154 | } | ||
| 155 | |||
| 156 | if (*x == NULL) | ||
| 157 | { | ||
| 158 | if ((sk=sk_X509_EXTENSION_new_null()) == NULL) | ||
| 159 | goto err; | ||
| 160 | } | ||
| 161 | else | ||
| 162 | sk= *x; | ||
| 163 | |||
| 164 | n=sk_X509_EXTENSION_num(sk); | ||
| 165 | if (loc > n) loc=n; | ||
| 166 | else if (loc < 0) loc=n; | ||
| 167 | |||
| 168 | if ((new_ex=X509_EXTENSION_dup(ex)) == NULL) | ||
| 169 | goto err2; | ||
| 170 | if (!sk_X509_EXTENSION_insert(sk,new_ex,loc)) | ||
| 171 | goto err; | ||
| 172 | if (*x == NULL) | ||
| 173 | *x=sk; | ||
| 174 | return(sk); | ||
| 175 | err: | ||
| 176 | X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); | ||
| 177 | err2: | ||
| 178 | if (new_ex != NULL) X509_EXTENSION_free(new_ex); | ||
| 179 | if (sk != NULL) sk_X509_EXTENSION_free(sk); | ||
| 180 | return(NULL); | ||
| 181 | } | ||
| 182 | |||
| 183 | X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, | ||
| 184 | int crit, ASN1_OCTET_STRING *data) | ||
| 185 | { | ||
| 186 | ASN1_OBJECT *obj; | ||
| 187 | X509_EXTENSION *ret; | ||
| 188 | |||
| 189 | obj=OBJ_nid2obj(nid); | ||
| 190 | if (obj == NULL) | ||
| 191 | { | ||
| 192 | X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID); | ||
| 193 | return(NULL); | ||
| 194 | } | ||
| 195 | ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data); | ||
| 196 | if (ret == NULL) ASN1_OBJECT_free(obj); | ||
| 197 | return(ret); | ||
| 198 | } | ||
| 199 | |||
| 200 | X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, | ||
| 201 | ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data) | ||
| 202 | { | ||
| 203 | X509_EXTENSION *ret; | ||
| 204 | |||
| 205 | if ((ex == NULL) || (*ex == NULL)) | ||
| 206 | { | ||
| 207 | if ((ret=X509_EXTENSION_new()) == NULL) | ||
| 208 | { | ||
| 209 | X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE); | ||
| 210 | return(NULL); | ||
| 211 | } | ||
| 212 | } | ||
| 213 | else | ||
| 214 | ret= *ex; | ||
| 215 | |||
| 216 | if (!X509_EXTENSION_set_object(ret,obj)) | ||
| 217 | goto err; | ||
| 218 | if (!X509_EXTENSION_set_critical(ret,crit)) | ||
| 219 | goto err; | ||
| 220 | if (!X509_EXTENSION_set_data(ret,data)) | ||
| 221 | goto err; | ||
| 222 | |||
| 223 | if ((ex != NULL) && (*ex == NULL)) *ex=ret; | ||
| 224 | return(ret); | ||
| 225 | err: | ||
| 226 | if ((ex == NULL) || (ret != *ex)) | ||
| 227 | X509_EXTENSION_free(ret); | ||
| 228 | return(NULL); | ||
| 229 | } | ||
| 230 | |||
| 231 | int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj) | ||
| 232 | { | ||
| 233 | if ((ex == NULL) || (obj == NULL)) | ||
| 234 | return(0); | ||
| 235 | ASN1_OBJECT_free(ex->object); | ||
| 236 | ex->object=OBJ_dup(obj); | ||
| 237 | return(1); | ||
| 238 | } | ||
| 239 | |||
| 240 | int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) | ||
| 241 | { | ||
| 242 | if (ex == NULL) return(0); | ||
| 243 | ex->critical=(crit)?0xFF:-1; | ||
| 244 | return(1); | ||
| 245 | } | ||
| 246 | |||
| 247 | int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) | ||
| 248 | { | ||
| 249 | int i; | ||
| 250 | |||
| 251 | if (ex == NULL) return(0); | ||
| 252 | i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length); | ||
| 253 | if (!i) return(0); | ||
| 254 | return(1); | ||
| 255 | } | ||
| 256 | |||
| 257 | ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) | ||
| 258 | { | ||
| 259 | if (ex == NULL) return(NULL); | ||
| 260 | return(ex->object); | ||
| 261 | } | ||
| 262 | |||
| 263 | ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) | ||
| 264 | { | ||
| 265 | if (ex == NULL) return(NULL); | ||
| 266 | return(ex->value); | ||
| 267 | } | ||
| 268 | |||
| 269 | int X509_EXTENSION_get_critical(X509_EXTENSION *ex) | ||
| 270 | { | ||
| 271 | if (ex == NULL) return(0); | ||
| 272 | if(ex->critical > 0) return 1; | ||
| 273 | return 0; | ||
| 274 | } | ||
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c deleted file mode 100644 index 336c40ddd7..0000000000 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ /dev/null | |||
| @@ -1,1552 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_vfy.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <time.h> | ||
| 61 | #include <errno.h> | ||
| 62 | |||
| 63 | #include "cryptlib.h" | ||
| 64 | #include <openssl/crypto.h> | ||
| 65 | #include <openssl/lhash.h> | ||
| 66 | #include <openssl/buffer.h> | ||
| 67 | #include <openssl/evp.h> | ||
| 68 | #include <openssl/asn1.h> | ||
| 69 | #include <openssl/x509.h> | ||
| 70 | #include <openssl/x509v3.h> | ||
| 71 | #include <openssl/objects.h> | ||
| 72 | |||
| 73 | static int null_callback(int ok,X509_STORE_CTX *e); | ||
| 74 | static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); | ||
| 75 | static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); | ||
| 76 | static int check_chain_extensions(X509_STORE_CTX *ctx); | ||
| 77 | static int check_trust(X509_STORE_CTX *ctx); | ||
| 78 | static int check_revocation(X509_STORE_CTX *ctx); | ||
| 79 | static int check_cert(X509_STORE_CTX *ctx); | ||
| 80 | static int check_policy(X509_STORE_CTX *ctx); | ||
| 81 | static int internal_verify(X509_STORE_CTX *ctx); | ||
| 82 | const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT; | ||
| 83 | |||
| 84 | |||
| 85 | static int null_callback(int ok, X509_STORE_CTX *e) | ||
| 86 | { | ||
| 87 | return ok; | ||
| 88 | } | ||
| 89 | |||
| 90 | #if 0 | ||
| 91 | static int x509_subject_cmp(X509 **a, X509 **b) | ||
| 92 | { | ||
| 93 | return X509_subject_name_cmp(*a,*b); | ||
| 94 | } | ||
| 95 | #endif | ||
| 96 | |||
| 97 | int X509_verify_cert(X509_STORE_CTX *ctx) | ||
| 98 | { | ||
| 99 | X509 *x,*xtmp,*chain_ss=NULL; | ||
| 100 | X509_NAME *xn; | ||
| 101 | int bad_chain = 0; | ||
| 102 | X509_VERIFY_PARAM *param = ctx->param; | ||
| 103 | int depth,i,ok=0; | ||
| 104 | int num; | ||
| 105 | int (*cb)(int xok,X509_STORE_CTX *xctx); | ||
| 106 | STACK_OF(X509) *sktmp=NULL; | ||
| 107 | if (ctx->cert == NULL) | ||
| 108 | { | ||
| 109 | X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); | ||
| 110 | return -1; | ||
| 111 | } | ||
| 112 | |||
| 113 | cb=ctx->verify_cb; | ||
| 114 | |||
| 115 | /* first we make sure the chain we are going to build is | ||
| 116 | * present and that the first entry is in place */ | ||
| 117 | if (ctx->chain == NULL) | ||
| 118 | { | ||
| 119 | if ( ((ctx->chain=sk_X509_new_null()) == NULL) || | ||
| 120 | (!sk_X509_push(ctx->chain,ctx->cert))) | ||
| 121 | { | ||
| 122 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); | ||
| 123 | goto end; | ||
| 124 | } | ||
| 125 | CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509); | ||
| 126 | ctx->last_untrusted=1; | ||
| 127 | } | ||
| 128 | |||
| 129 | /* We use a temporary STACK so we can chop and hack at it */ | ||
| 130 | if (ctx->untrusted != NULL | ||
| 131 | && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) | ||
| 132 | { | ||
| 133 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); | ||
| 134 | goto end; | ||
| 135 | } | ||
| 136 | |||
| 137 | num=sk_X509_num(ctx->chain); | ||
| 138 | x=sk_X509_value(ctx->chain,num-1); | ||
| 139 | depth=param->depth; | ||
| 140 | |||
| 141 | |||
| 142 | for (;;) | ||
| 143 | { | ||
| 144 | /* If we have enough, we break */ | ||
| 145 | if (depth < num) break; /* FIXME: If this happens, we should take | ||
| 146 | * note of it and, if appropriate, use the | ||
| 147 | * X509_V_ERR_CERT_CHAIN_TOO_LONG error | ||
| 148 | * code later. | ||
| 149 | */ | ||
| 150 | |||
| 151 | /* If we are self signed, we break */ | ||
| 152 | xn=X509_get_issuer_name(x); | ||
| 153 | if (ctx->check_issued(ctx, x,x)) break; | ||
| 154 | |||
| 155 | /* If we were passed a cert chain, use it first */ | ||
| 156 | if (ctx->untrusted != NULL) | ||
| 157 | { | ||
| 158 | xtmp=find_issuer(ctx, sktmp,x); | ||
| 159 | if (xtmp != NULL) | ||
| 160 | { | ||
| 161 | if (!sk_X509_push(ctx->chain,xtmp)) | ||
| 162 | { | ||
| 163 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); | ||
| 164 | goto end; | ||
| 165 | } | ||
| 166 | CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); | ||
| 167 | (void)sk_X509_delete_ptr(sktmp,xtmp); | ||
| 168 | ctx->last_untrusted++; | ||
| 169 | x=xtmp; | ||
| 170 | num++; | ||
| 171 | /* reparse the full chain for | ||
| 172 | * the next one */ | ||
| 173 | continue; | ||
| 174 | } | ||
| 175 | } | ||
| 176 | break; | ||
| 177 | } | ||
| 178 | |||
| 179 | /* at this point, chain should contain a list of untrusted | ||
| 180 | * certificates. We now need to add at least one trusted one, | ||
| 181 | * if possible, otherwise we complain. */ | ||
| 182 | |||
| 183 | /* Examine last certificate in chain and see if it | ||
| 184 | * is self signed. | ||
| 185 | */ | ||
| 186 | |||
| 187 | i=sk_X509_num(ctx->chain); | ||
| 188 | x=sk_X509_value(ctx->chain,i-1); | ||
| 189 | xn = X509_get_subject_name(x); | ||
| 190 | if (ctx->check_issued(ctx, x, x)) | ||
| 191 | { | ||
| 192 | /* we have a self signed certificate */ | ||
| 193 | if (sk_X509_num(ctx->chain) == 1) | ||
| 194 | { | ||
| 195 | /* We have a single self signed certificate: see if | ||
| 196 | * we can find it in the store. We must have an exact | ||
| 197 | * match to avoid possible impersonation. | ||
| 198 | */ | ||
| 199 | ok = ctx->get_issuer(&xtmp, ctx, x); | ||
| 200 | if ((ok <= 0) || X509_cmp(x, xtmp)) | ||
| 201 | { | ||
| 202 | ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; | ||
| 203 | ctx->current_cert=x; | ||
| 204 | ctx->error_depth=i-1; | ||
| 205 | if (ok == 1) X509_free(xtmp); | ||
| 206 | bad_chain = 1; | ||
| 207 | ok=cb(0,ctx); | ||
| 208 | if (!ok) goto end; | ||
| 209 | } | ||
| 210 | else | ||
| 211 | { | ||
| 212 | /* We have a match: replace certificate with store version | ||
| 213 | * so we get any trust settings. | ||
| 214 | */ | ||
| 215 | X509_free(x); | ||
| 216 | x = xtmp; | ||
| 217 | (void)sk_X509_set(ctx->chain, i - 1, x); | ||
| 218 | ctx->last_untrusted=0; | ||
| 219 | } | ||
| 220 | } | ||
| 221 | else | ||
| 222 | { | ||
| 223 | /* extract and save self signed certificate for later use */ | ||
| 224 | chain_ss=sk_X509_pop(ctx->chain); | ||
| 225 | ctx->last_untrusted--; | ||
| 226 | num--; | ||
| 227 | x=sk_X509_value(ctx->chain,num-1); | ||
| 228 | } | ||
| 229 | } | ||
| 230 | |||
| 231 | /* We now lookup certs from the certificate store */ | ||
| 232 | for (;;) | ||
| 233 | { | ||
| 234 | /* If we have enough, we break */ | ||
| 235 | if (depth < num) break; | ||
| 236 | |||
| 237 | /* If we are self signed, we break */ | ||
| 238 | xn=X509_get_issuer_name(x); | ||
| 239 | if (ctx->check_issued(ctx,x,x)) break; | ||
| 240 | |||
| 241 | ok = ctx->get_issuer(&xtmp, ctx, x); | ||
| 242 | |||
| 243 | if (ok < 0) return ok; | ||
| 244 | if (ok == 0) break; | ||
| 245 | |||
| 246 | x = xtmp; | ||
| 247 | if (!sk_X509_push(ctx->chain,x)) | ||
| 248 | { | ||
| 249 | X509_free(xtmp); | ||
| 250 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); | ||
| 251 | return 0; | ||
| 252 | } | ||
| 253 | num++; | ||
| 254 | } | ||
| 255 | |||
| 256 | /* we now have our chain, lets check it... */ | ||
| 257 | xn=X509_get_issuer_name(x); | ||
| 258 | |||
| 259 | /* Is last certificate looked up self signed? */ | ||
| 260 | if (!ctx->check_issued(ctx,x,x)) | ||
| 261 | { | ||
| 262 | if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) | ||
| 263 | { | ||
| 264 | if (ctx->last_untrusted >= num) | ||
| 265 | ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; | ||
| 266 | else | ||
| 267 | ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; | ||
| 268 | ctx->current_cert=x; | ||
| 269 | } | ||
| 270 | else | ||
| 271 | { | ||
| 272 | |||
| 273 | sk_X509_push(ctx->chain,chain_ss); | ||
| 274 | num++; | ||
| 275 | ctx->last_untrusted=num; | ||
| 276 | ctx->current_cert=chain_ss; | ||
| 277 | ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; | ||
| 278 | chain_ss=NULL; | ||
| 279 | } | ||
| 280 | |||
| 281 | ctx->error_depth=num-1; | ||
| 282 | bad_chain = 1; | ||
| 283 | ok=cb(0,ctx); | ||
| 284 | if (!ok) goto end; | ||
| 285 | } | ||
| 286 | |||
| 287 | /* We have the chain complete: now we need to check its purpose */ | ||
| 288 | ok = check_chain_extensions(ctx); | ||
| 289 | |||
| 290 | if (!ok) goto end; | ||
| 291 | |||
| 292 | /* The chain extensions are OK: check trust */ | ||
| 293 | |||
| 294 | if (param->trust > 0) ok = check_trust(ctx); | ||
| 295 | |||
| 296 | if (!ok) goto end; | ||
| 297 | |||
| 298 | /* We may as well copy down any DSA parameters that are required */ | ||
| 299 | X509_get_pubkey_parameters(NULL,ctx->chain); | ||
| 300 | |||
| 301 | /* Check revocation status: we do this after copying parameters | ||
| 302 | * because they may be needed for CRL signature verification. | ||
| 303 | */ | ||
| 304 | |||
| 305 | ok = ctx->check_revocation(ctx); | ||
| 306 | if(!ok) goto end; | ||
| 307 | |||
| 308 | /* At this point, we have a chain and need to verify it */ | ||
| 309 | if (ctx->verify != NULL) | ||
| 310 | ok=ctx->verify(ctx); | ||
| 311 | else | ||
| 312 | ok=internal_verify(ctx); | ||
| 313 | if(!ok) goto end; | ||
| 314 | |||
| 315 | #ifndef OPENSSL_NO_RFC3779 | ||
| 316 | /* RFC 3779 path validation, now that CRL check has been done */ | ||
| 317 | ok = v3_asid_validate_path(ctx); | ||
| 318 | if (!ok) goto end; | ||
| 319 | ok = v3_addr_validate_path(ctx); | ||
| 320 | if (!ok) goto end; | ||
| 321 | #endif | ||
| 322 | |||
| 323 | /* If we get this far evaluate policies */ | ||
| 324 | if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) | ||
| 325 | ok = ctx->check_policy(ctx); | ||
| 326 | if(!ok) goto end; | ||
| 327 | if (0) | ||
| 328 | { | ||
| 329 | end: | ||
| 330 | X509_get_pubkey_parameters(NULL,ctx->chain); | ||
| 331 | } | ||
| 332 | if (sktmp != NULL) sk_X509_free(sktmp); | ||
| 333 | if (chain_ss != NULL) X509_free(chain_ss); | ||
| 334 | return ok; | ||
| 335 | } | ||
| 336 | |||
| 337 | |||
| 338 | /* Given a STACK_OF(X509) find the issuer of cert (if any) | ||
| 339 | */ | ||
| 340 | |||
| 341 | static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) | ||
| 342 | { | ||
| 343 | int i; | ||
| 344 | X509 *issuer; | ||
| 345 | for (i = 0; i < sk_X509_num(sk); i++) | ||
| 346 | { | ||
| 347 | issuer = sk_X509_value(sk, i); | ||
| 348 | if (ctx->check_issued(ctx, x, issuer)) | ||
| 349 | return issuer; | ||
| 350 | } | ||
| 351 | return NULL; | ||
| 352 | } | ||
| 353 | |||
| 354 | /* Given a possible certificate and issuer check them */ | ||
| 355 | |||
| 356 | static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) | ||
| 357 | { | ||
| 358 | int ret; | ||
| 359 | ret = X509_check_issued(issuer, x); | ||
| 360 | if (ret == X509_V_OK) | ||
| 361 | return 1; | ||
| 362 | /* If we haven't asked for issuer errors don't set ctx */ | ||
| 363 | if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) | ||
| 364 | return 0; | ||
| 365 | |||
| 366 | ctx->error = ret; | ||
| 367 | ctx->current_cert = x; | ||
| 368 | ctx->current_issuer = issuer; | ||
| 369 | return ctx->verify_cb(0, ctx); | ||
| 370 | return 0; | ||
| 371 | } | ||
| 372 | |||
| 373 | /* Alternative lookup method: look from a STACK stored in other_ctx */ | ||
| 374 | |||
| 375 | static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) | ||
| 376 | { | ||
| 377 | *issuer = find_issuer(ctx, ctx->other_ctx, x); | ||
| 378 | if (*issuer) | ||
| 379 | { | ||
| 380 | CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509); | ||
| 381 | return 1; | ||
| 382 | } | ||
| 383 | else | ||
| 384 | return 0; | ||
| 385 | } | ||
| 386 | |||
| 387 | |||
| 388 | /* Check a certificate chains extensions for consistency | ||
| 389 | * with the supplied purpose | ||
| 390 | */ | ||
| 391 | |||
| 392 | static int check_chain_extensions(X509_STORE_CTX *ctx) | ||
| 393 | { | ||
| 394 | #ifdef OPENSSL_NO_CHAIN_VERIFY | ||
| 395 | return 1; | ||
| 396 | #else | ||
| 397 | int i, ok=0, must_be_ca, plen = 0; | ||
| 398 | X509 *x; | ||
| 399 | int (*cb)(int xok,X509_STORE_CTX *xctx); | ||
| 400 | int proxy_path_length = 0; | ||
| 401 | int allow_proxy_certs = | ||
| 402 | !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); | ||
| 403 | cb=ctx->verify_cb; | ||
| 404 | |||
| 405 | /* must_be_ca can have 1 of 3 values: | ||
| 406 | -1: we accept both CA and non-CA certificates, to allow direct | ||
| 407 | use of self-signed certificates (which are marked as CA). | ||
| 408 | 0: we only accept non-CA certificates. This is currently not | ||
| 409 | used, but the possibility is present for future extensions. | ||
| 410 | 1: we only accept CA certificates. This is currently used for | ||
| 411 | all certificates in the chain except the leaf certificate. | ||
| 412 | */ | ||
| 413 | must_be_ca = -1; | ||
| 414 | |||
| 415 | /* A hack to keep people who don't want to modify their software | ||
| 416 | happy */ | ||
| 417 | if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) | ||
| 418 | allow_proxy_certs = 1; | ||
| 419 | |||
| 420 | /* Check all untrusted certificates */ | ||
| 421 | for (i = 0; i < ctx->last_untrusted; i++) | ||
| 422 | { | ||
| 423 | int ret; | ||
| 424 | x = sk_X509_value(ctx->chain, i); | ||
| 425 | if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) | ||
| 426 | && (x->ex_flags & EXFLAG_CRITICAL)) | ||
| 427 | { | ||
| 428 | ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; | ||
| 429 | ctx->error_depth = i; | ||
| 430 | ctx->current_cert = x; | ||
| 431 | ok=cb(0,ctx); | ||
| 432 | if (!ok) goto end; | ||
| 433 | } | ||
| 434 | if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) | ||
| 435 | { | ||
| 436 | ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; | ||
| 437 | ctx->error_depth = i; | ||
| 438 | ctx->current_cert = x; | ||
| 439 | ok=cb(0,ctx); | ||
| 440 | if (!ok) goto end; | ||
| 441 | } | ||
| 442 | ret = X509_check_ca(x); | ||
| 443 | switch(must_be_ca) | ||
| 444 | { | ||
| 445 | case -1: | ||
| 446 | if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) | ||
| 447 | && (ret != 1) && (ret != 0)) | ||
| 448 | { | ||
| 449 | ret = 0; | ||
| 450 | ctx->error = X509_V_ERR_INVALID_CA; | ||
| 451 | } | ||
| 452 | else | ||
| 453 | ret = 1; | ||
| 454 | break; | ||
| 455 | case 0: | ||
| 456 | if (ret != 0) | ||
| 457 | { | ||
| 458 | ret = 0; | ||
| 459 | ctx->error = X509_V_ERR_INVALID_NON_CA; | ||
| 460 | } | ||
| 461 | else | ||
| 462 | ret = 1; | ||
| 463 | break; | ||
| 464 | default: | ||
| 465 | if ((ret == 0) | ||
| 466 | || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) | ||
| 467 | && (ret != 1))) | ||
| 468 | { | ||
| 469 | ret = 0; | ||
| 470 | ctx->error = X509_V_ERR_INVALID_CA; | ||
| 471 | } | ||
| 472 | else | ||
| 473 | ret = 1; | ||
| 474 | break; | ||
| 475 | } | ||
| 476 | if (ret == 0) | ||
| 477 | { | ||
| 478 | ctx->error_depth = i; | ||
| 479 | ctx->current_cert = x; | ||
| 480 | ok=cb(0,ctx); | ||
| 481 | if (!ok) goto end; | ||
| 482 | } | ||
| 483 | if (ctx->param->purpose > 0) | ||
| 484 | { | ||
| 485 | ret = X509_check_purpose(x, ctx->param->purpose, | ||
| 486 | must_be_ca > 0); | ||
| 487 | if ((ret == 0) | ||
| 488 | || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) | ||
| 489 | && (ret != 1))) | ||
| 490 | { | ||
| 491 | ctx->error = X509_V_ERR_INVALID_PURPOSE; | ||
| 492 | ctx->error_depth = i; | ||
| 493 | ctx->current_cert = x; | ||
| 494 | ok=cb(0,ctx); | ||
| 495 | if (!ok) goto end; | ||
| 496 | } | ||
| 497 | } | ||
| 498 | /* Check pathlen if not self issued */ | ||
| 499 | if ((i > 1) && !(x->ex_flags & EXFLAG_SI) | ||
| 500 | && (x->ex_pathlen != -1) | ||
| 501 | && (plen > (x->ex_pathlen + proxy_path_length + 1))) | ||
| 502 | { | ||
| 503 | ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; | ||
| 504 | ctx->error_depth = i; | ||
| 505 | ctx->current_cert = x; | ||
| 506 | ok=cb(0,ctx); | ||
| 507 | if (!ok) goto end; | ||
| 508 | } | ||
| 509 | /* Increment path length if not self issued */ | ||
| 510 | if (!(x->ex_flags & EXFLAG_SI)) | ||
| 511 | plen++; | ||
| 512 | /* If this certificate is a proxy certificate, the next | ||
| 513 | certificate must be another proxy certificate or a EE | ||
| 514 | certificate. If not, the next certificate must be a | ||
| 515 | CA certificate. */ | ||
| 516 | if (x->ex_flags & EXFLAG_PROXY) | ||
| 517 | { | ||
| 518 | if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) | ||
| 519 | { | ||
| 520 | ctx->error = | ||
| 521 | X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; | ||
| 522 | ctx->error_depth = i; | ||
| 523 | ctx->current_cert = x; | ||
| 524 | ok=cb(0,ctx); | ||
| 525 | if (!ok) goto end; | ||
| 526 | } | ||
| 527 | proxy_path_length++; | ||
| 528 | must_be_ca = 0; | ||
| 529 | } | ||
| 530 | else | ||
| 531 | must_be_ca = 1; | ||
| 532 | } | ||
| 533 | ok = 1; | ||
| 534 | end: | ||
| 535 | return ok; | ||
| 536 | #endif | ||
| 537 | } | ||
| 538 | |||
| 539 | static int check_trust(X509_STORE_CTX *ctx) | ||
| 540 | { | ||
| 541 | #ifdef OPENSSL_NO_CHAIN_VERIFY | ||
| 542 | return 1; | ||
| 543 | #else | ||
| 544 | int i, ok; | ||
| 545 | X509 *x; | ||
| 546 | int (*cb)(int xok,X509_STORE_CTX *xctx); | ||
| 547 | cb=ctx->verify_cb; | ||
| 548 | /* For now just check the last certificate in the chain */ | ||
| 549 | i = sk_X509_num(ctx->chain) - 1; | ||
| 550 | x = sk_X509_value(ctx->chain, i); | ||
| 551 | ok = X509_check_trust(x, ctx->param->trust, 0); | ||
| 552 | if (ok == X509_TRUST_TRUSTED) | ||
| 553 | return 1; | ||
| 554 | ctx->error_depth = i; | ||
| 555 | ctx->current_cert = x; | ||
| 556 | if (ok == X509_TRUST_REJECTED) | ||
| 557 | ctx->error = X509_V_ERR_CERT_REJECTED; | ||
| 558 | else | ||
| 559 | ctx->error = X509_V_ERR_CERT_UNTRUSTED; | ||
| 560 | ok = cb(0, ctx); | ||
| 561 | return ok; | ||
| 562 | #endif | ||
| 563 | } | ||
| 564 | |||
| 565 | static int check_revocation(X509_STORE_CTX *ctx) | ||
| 566 | { | ||
| 567 | int i, last, ok; | ||
| 568 | if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) | ||
| 569 | return 1; | ||
| 570 | if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) | ||
| 571 | last = sk_X509_num(ctx->chain) - 1; | ||
| 572 | else | ||
| 573 | last = 0; | ||
| 574 | for(i = 0; i <= last; i++) | ||
| 575 | { | ||
| 576 | ctx->error_depth = i; | ||
| 577 | ok = check_cert(ctx); | ||
| 578 | if (!ok) return ok; | ||
| 579 | } | ||
| 580 | return 1; | ||
| 581 | } | ||
| 582 | |||
| 583 | static int check_cert(X509_STORE_CTX *ctx) | ||
| 584 | { | ||
| 585 | X509_CRL *crl = NULL; | ||
| 586 | X509 *x; | ||
| 587 | int ok, cnum; | ||
| 588 | cnum = ctx->error_depth; | ||
| 589 | x = sk_X509_value(ctx->chain, cnum); | ||
| 590 | ctx->current_cert = x; | ||
| 591 | /* Try to retrieve relevant CRL */ | ||
| 592 | ok = ctx->get_crl(ctx, &crl, x); | ||
| 593 | /* If error looking up CRL, nothing we can do except | ||
| 594 | * notify callback | ||
| 595 | */ | ||
| 596 | if(!ok) | ||
| 597 | { | ||
| 598 | ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; | ||
| 599 | ok = ctx->verify_cb(0, ctx); | ||
| 600 | goto err; | ||
| 601 | } | ||
| 602 | ctx->current_crl = crl; | ||
| 603 | ok = ctx->check_crl(ctx, crl); | ||
| 604 | if (!ok) goto err; | ||
| 605 | ok = ctx->cert_crl(ctx, crl, x); | ||
| 606 | err: | ||
| 607 | ctx->current_crl = NULL; | ||
| 608 | X509_CRL_free(crl); | ||
| 609 | return ok; | ||
| 610 | |||
| 611 | } | ||
| 612 | |||
| 613 | /* Check CRL times against values in X509_STORE_CTX */ | ||
| 614 | |||
| 615 | static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) | ||
| 616 | { | ||
| 617 | time_t *ptime; | ||
| 618 | int i; | ||
| 619 | ctx->current_crl = crl; | ||
| 620 | if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) | ||
| 621 | ptime = &ctx->param->check_time; | ||
| 622 | else | ||
| 623 | ptime = NULL; | ||
| 624 | |||
| 625 | i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); | ||
| 626 | if (i == 0) | ||
| 627 | { | ||
| 628 | ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; | ||
| 629 | if (!notify || !ctx->verify_cb(0, ctx)) | ||
| 630 | return 0; | ||
| 631 | } | ||
| 632 | |||
| 633 | if (i > 0) | ||
| 634 | { | ||
| 635 | ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; | ||
| 636 | if (!notify || !ctx->verify_cb(0, ctx)) | ||
| 637 | return 0; | ||
| 638 | } | ||
| 639 | |||
| 640 | if(X509_CRL_get_nextUpdate(crl)) | ||
| 641 | { | ||
| 642 | i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); | ||
| 643 | |||
| 644 | if (i == 0) | ||
| 645 | { | ||
| 646 | ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; | ||
| 647 | if (!notify || !ctx->verify_cb(0, ctx)) | ||
| 648 | return 0; | ||
| 649 | } | ||
| 650 | |||
| 651 | if (i < 0) | ||
| 652 | { | ||
| 653 | ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; | ||
| 654 | if (!notify || !ctx->verify_cb(0, ctx)) | ||
| 655 | return 0; | ||
| 656 | } | ||
| 657 | } | ||
| 658 | |||
| 659 | ctx->current_crl = NULL; | ||
| 660 | |||
| 661 | return 1; | ||
| 662 | } | ||
| 663 | |||
| 664 | /* Lookup CRLs from the supplied list. Look for matching isser name | ||
| 665 | * and validity. If we can't find a valid CRL return the last one | ||
| 666 | * with matching name. This gives more meaningful error codes. Otherwise | ||
| 667 | * we'd get a CRL not found error if a CRL existed with matching name but | ||
| 668 | * was invalid. | ||
| 669 | */ | ||
| 670 | |||
| 671 | static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, | ||
| 672 | X509_NAME *nm, STACK_OF(X509_CRL) *crls) | ||
| 673 | { | ||
| 674 | int i; | ||
| 675 | X509_CRL *crl, *best_crl = NULL; | ||
| 676 | for (i = 0; i < sk_X509_CRL_num(crls); i++) | ||
| 677 | { | ||
| 678 | crl = sk_X509_CRL_value(crls, i); | ||
| 679 | if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) | ||
| 680 | continue; | ||
| 681 | if (check_crl_time(ctx, crl, 0)) | ||
| 682 | { | ||
| 683 | *pcrl = crl; | ||
| 684 | CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); | ||
| 685 | return 1; | ||
| 686 | } | ||
| 687 | best_crl = crl; | ||
| 688 | } | ||
| 689 | if (best_crl) | ||
| 690 | { | ||
| 691 | *pcrl = best_crl; | ||
| 692 | CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); | ||
| 693 | } | ||
| 694 | |||
| 695 | return 0; | ||
| 696 | } | ||
| 697 | |||
| 698 | /* Retrieve CRL corresponding to certificate: currently just a | ||
| 699 | * subject lookup: maybe use AKID later... | ||
| 700 | */ | ||
| 701 | static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) | ||
| 702 | { | ||
| 703 | int ok; | ||
| 704 | X509_CRL *crl = NULL; | ||
| 705 | X509_OBJECT xobj; | ||
| 706 | X509_NAME *nm; | ||
| 707 | nm = X509_get_issuer_name(x); | ||
| 708 | ok = get_crl_sk(ctx, &crl, nm, ctx->crls); | ||
| 709 | if (ok) | ||
| 710 | { | ||
| 711 | *pcrl = crl; | ||
| 712 | return 1; | ||
| 713 | } | ||
| 714 | |||
| 715 | ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); | ||
| 716 | |||
| 717 | if (!ok) | ||
| 718 | { | ||
| 719 | /* If we got a near match from get_crl_sk use that */ | ||
| 720 | if (crl) | ||
| 721 | { | ||
| 722 | *pcrl = crl; | ||
| 723 | return 1; | ||
| 724 | } | ||
| 725 | return 0; | ||
| 726 | } | ||
| 727 | |||
| 728 | *pcrl = xobj.data.crl; | ||
| 729 | if (crl) | ||
| 730 | X509_CRL_free(crl); | ||
| 731 | return 1; | ||
| 732 | } | ||
| 733 | |||
| 734 | /* Check CRL validity */ | ||
| 735 | static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) | ||
| 736 | { | ||
| 737 | X509 *issuer = NULL; | ||
| 738 | EVP_PKEY *ikey = NULL; | ||
| 739 | int ok = 0, chnum, cnum; | ||
| 740 | cnum = ctx->error_depth; | ||
| 741 | chnum = sk_X509_num(ctx->chain) - 1; | ||
| 742 | /* Find CRL issuer: if not last certificate then issuer | ||
| 743 | * is next certificate in chain. | ||
| 744 | */ | ||
| 745 | if(cnum < chnum) | ||
| 746 | issuer = sk_X509_value(ctx->chain, cnum + 1); | ||
| 747 | else | ||
| 748 | { | ||
| 749 | issuer = sk_X509_value(ctx->chain, chnum); | ||
| 750 | /* If not self signed, can't check signature */ | ||
| 751 | if(!ctx->check_issued(ctx, issuer, issuer)) | ||
| 752 | { | ||
| 753 | ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; | ||
| 754 | ok = ctx->verify_cb(0, ctx); | ||
| 755 | if(!ok) goto err; | ||
| 756 | } | ||
| 757 | } | ||
| 758 | |||
| 759 | if(issuer) | ||
| 760 | { | ||
| 761 | /* Check for cRLSign bit if keyUsage present */ | ||
| 762 | if ((issuer->ex_flags & EXFLAG_KUSAGE) && | ||
| 763 | !(issuer->ex_kusage & KU_CRL_SIGN)) | ||
| 764 | { | ||
| 765 | ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; | ||
| 766 | ok = ctx->verify_cb(0, ctx); | ||
| 767 | if(!ok) goto err; | ||
| 768 | } | ||
| 769 | |||
| 770 | /* Attempt to get issuer certificate public key */ | ||
| 771 | ikey = X509_get_pubkey(issuer); | ||
| 772 | |||
| 773 | if(!ikey) | ||
| 774 | { | ||
| 775 | ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; | ||
| 776 | ok = ctx->verify_cb(0, ctx); | ||
| 777 | if (!ok) goto err; | ||
| 778 | } | ||
| 779 | else | ||
| 780 | { | ||
| 781 | /* Verify CRL signature */ | ||
| 782 | if(X509_CRL_verify(crl, ikey) <= 0) | ||
| 783 | { | ||
| 784 | ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE; | ||
| 785 | ok = ctx->verify_cb(0, ctx); | ||
| 786 | if (!ok) goto err; | ||
| 787 | } | ||
| 788 | } | ||
| 789 | } | ||
| 790 | |||
| 791 | ok = check_crl_time(ctx, crl, 1); | ||
| 792 | if (!ok) | ||
| 793 | goto err; | ||
| 794 | |||
| 795 | ok = 1; | ||
| 796 | |||
| 797 | err: | ||
| 798 | EVP_PKEY_free(ikey); | ||
| 799 | return ok; | ||
| 800 | } | ||
| 801 | |||
| 802 | /* Check certificate against CRL */ | ||
| 803 | static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) | ||
| 804 | { | ||
| 805 | int idx, ok; | ||
| 806 | X509_REVOKED rtmp; | ||
| 807 | STACK_OF(X509_EXTENSION) *exts; | ||
| 808 | X509_EXTENSION *ext; | ||
| 809 | /* Look for serial number of certificate in CRL */ | ||
| 810 | rtmp.serialNumber = X509_get_serialNumber(x); | ||
| 811 | /* Sort revoked into serial number order if not already sorted. | ||
| 812 | * Do this under a lock to avoid race condition. | ||
| 813 | */ | ||
| 814 | if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) | ||
| 815 | { | ||
| 816 | CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); | ||
| 817 | sk_X509_REVOKED_sort(crl->crl->revoked); | ||
| 818 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); | ||
| 819 | } | ||
| 820 | idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); | ||
| 821 | /* If found assume revoked: want something cleverer than | ||
| 822 | * this to handle entry extensions in V2 CRLs. | ||
| 823 | */ | ||
| 824 | if(idx >= 0) | ||
| 825 | { | ||
| 826 | ctx->error = X509_V_ERR_CERT_REVOKED; | ||
| 827 | ok = ctx->verify_cb(0, ctx); | ||
| 828 | if (!ok) return 0; | ||
| 829 | } | ||
| 830 | |||
| 831 | if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) | ||
| 832 | return 1; | ||
| 833 | |||
| 834 | /* See if we have any critical CRL extensions: since we | ||
| 835 | * currently don't handle any CRL extensions the CRL must be | ||
| 836 | * rejected. | ||
| 837 | * This code accesses the X509_CRL structure directly: applications | ||
| 838 | * shouldn't do this. | ||
| 839 | */ | ||
| 840 | |||
| 841 | exts = crl->crl->extensions; | ||
| 842 | |||
| 843 | for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) | ||
| 844 | { | ||
| 845 | ext = sk_X509_EXTENSION_value(exts, idx); | ||
| 846 | if (ext->critical > 0) | ||
| 847 | { | ||
| 848 | ctx->error = | ||
| 849 | X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; | ||
| 850 | ok = ctx->verify_cb(0, ctx); | ||
| 851 | if(!ok) return 0; | ||
| 852 | break; | ||
| 853 | } | ||
| 854 | } | ||
| 855 | return 1; | ||
| 856 | } | ||
| 857 | |||
| 858 | static int check_policy(X509_STORE_CTX *ctx) | ||
| 859 | { | ||
| 860 | int ret; | ||
| 861 | ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, | ||
| 862 | ctx->param->policies, ctx->param->flags); | ||
| 863 | if (ret == 0) | ||
| 864 | { | ||
| 865 | X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE); | ||
| 866 | return 0; | ||
| 867 | } | ||
| 868 | /* Invalid or inconsistent extensions */ | ||
| 869 | if (ret == -1) | ||
| 870 | { | ||
| 871 | /* Locate certificates with bad extensions and notify | ||
| 872 | * callback. | ||
| 873 | */ | ||
| 874 | X509 *x; | ||
| 875 | int i; | ||
| 876 | for (i = 1; i < sk_X509_num(ctx->chain); i++) | ||
| 877 | { | ||
| 878 | x = sk_X509_value(ctx->chain, i); | ||
| 879 | if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) | ||
| 880 | continue; | ||
| 881 | ctx->current_cert = x; | ||
| 882 | ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; | ||
| 883 | ret = ctx->verify_cb(0, ctx); | ||
| 884 | } | ||
| 885 | return 1; | ||
| 886 | } | ||
| 887 | if (ret == -2) | ||
| 888 | { | ||
| 889 | ctx->current_cert = NULL; | ||
| 890 | ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; | ||
| 891 | return ctx->verify_cb(0, ctx); | ||
| 892 | } | ||
| 893 | |||
| 894 | if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) | ||
| 895 | { | ||
| 896 | ctx->current_cert = NULL; | ||
| 897 | ctx->error = X509_V_OK; | ||
| 898 | if (!ctx->verify_cb(2, ctx)) | ||
| 899 | return 0; | ||
| 900 | } | ||
| 901 | |||
| 902 | return 1; | ||
| 903 | } | ||
| 904 | |||
| 905 | static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) | ||
| 906 | { | ||
| 907 | time_t *ptime; | ||
| 908 | int i; | ||
| 909 | |||
| 910 | if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) | ||
| 911 | ptime = &ctx->param->check_time; | ||
| 912 | else | ||
| 913 | ptime = NULL; | ||
| 914 | |||
| 915 | i=X509_cmp_time(X509_get_notBefore(x), ptime); | ||
| 916 | if (i == 0) | ||
| 917 | { | ||
| 918 | ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; | ||
| 919 | ctx->current_cert=x; | ||
| 920 | if (!ctx->verify_cb(0, ctx)) | ||
| 921 | return 0; | ||
| 922 | } | ||
| 923 | |||
| 924 | if (i > 0) | ||
| 925 | { | ||
| 926 | ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; | ||
| 927 | ctx->current_cert=x; | ||
| 928 | if (!ctx->verify_cb(0, ctx)) | ||
| 929 | return 0; | ||
| 930 | } | ||
| 931 | |||
| 932 | i=X509_cmp_time(X509_get_notAfter(x), ptime); | ||
| 933 | if (i == 0) | ||
| 934 | { | ||
| 935 | ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; | ||
| 936 | ctx->current_cert=x; | ||
| 937 | if (!ctx->verify_cb(0, ctx)) | ||
| 938 | return 0; | ||
| 939 | } | ||
| 940 | |||
| 941 | if (i < 0) | ||
| 942 | { | ||
| 943 | ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; | ||
| 944 | ctx->current_cert=x; | ||
| 945 | if (!ctx->verify_cb(0, ctx)) | ||
| 946 | return 0; | ||
| 947 | } | ||
| 948 | |||
| 949 | return 1; | ||
| 950 | } | ||
| 951 | |||
| 952 | static int internal_verify(X509_STORE_CTX *ctx) | ||
| 953 | { | ||
| 954 | int ok=0,n; | ||
| 955 | X509 *xs,*xi; | ||
| 956 | EVP_PKEY *pkey=NULL; | ||
| 957 | int (*cb)(int xok,X509_STORE_CTX *xctx); | ||
| 958 | |||
| 959 | cb=ctx->verify_cb; | ||
| 960 | |||
| 961 | n=sk_X509_num(ctx->chain); | ||
| 962 | ctx->error_depth=n-1; | ||
| 963 | n--; | ||
| 964 | xi=sk_X509_value(ctx->chain,n); | ||
| 965 | |||
| 966 | if (ctx->check_issued(ctx, xi, xi)) | ||
| 967 | xs=xi; | ||
| 968 | else | ||
| 969 | { | ||
| 970 | if (n <= 0) | ||
| 971 | { | ||
| 972 | ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; | ||
| 973 | ctx->current_cert=xi; | ||
| 974 | ok=cb(0,ctx); | ||
| 975 | goto end; | ||
| 976 | } | ||
| 977 | else | ||
| 978 | { | ||
| 979 | n--; | ||
| 980 | ctx->error_depth=n; | ||
| 981 | xs=sk_X509_value(ctx->chain,n); | ||
| 982 | } | ||
| 983 | } | ||
| 984 | |||
| 985 | /* ctx->error=0; not needed */ | ||
| 986 | while (n >= 0) | ||
| 987 | { | ||
| 988 | ctx->error_depth=n; | ||
| 989 | if (!xs->valid) | ||
| 990 | { | ||
| 991 | if ((pkey=X509_get_pubkey(xi)) == NULL) | ||
| 992 | { | ||
| 993 | ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; | ||
| 994 | ctx->current_cert=xi; | ||
| 995 | ok=(*cb)(0,ctx); | ||
| 996 | if (!ok) goto end; | ||
| 997 | } | ||
| 998 | else if (X509_verify(xs,pkey) <= 0) | ||
| 999 | /* XXX For the final trusted self-signed cert, | ||
| 1000 | * this is a waste of time. That check should | ||
| 1001 | * optional so that e.g. 'openssl x509' can be | ||
| 1002 | * used to detect invalid self-signatures, but | ||
| 1003 | * we don't verify again and again in SSL | ||
| 1004 | * handshakes and the like once the cert has | ||
| 1005 | * been declared trusted. */ | ||
| 1006 | { | ||
| 1007 | ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; | ||
| 1008 | ctx->current_cert=xs; | ||
| 1009 | ok=(*cb)(0,ctx); | ||
| 1010 | if (!ok) | ||
| 1011 | { | ||
| 1012 | EVP_PKEY_free(pkey); | ||
| 1013 | goto end; | ||
| 1014 | } | ||
| 1015 | } | ||
| 1016 | EVP_PKEY_free(pkey); | ||
| 1017 | pkey=NULL; | ||
| 1018 | } | ||
| 1019 | |||
| 1020 | xs->valid = 1; | ||
| 1021 | |||
| 1022 | ok = check_cert_time(ctx, xs); | ||
| 1023 | if (!ok) | ||
| 1024 | goto end; | ||
| 1025 | |||
| 1026 | /* The last error (if any) is still in the error value */ | ||
| 1027 | ctx->current_issuer=xi; | ||
| 1028 | ctx->current_cert=xs; | ||
| 1029 | ok=(*cb)(1,ctx); | ||
| 1030 | if (!ok) goto end; | ||
| 1031 | |||
| 1032 | n--; | ||
| 1033 | if (n >= 0) | ||
| 1034 | { | ||
| 1035 | xi=xs; | ||
| 1036 | xs=sk_X509_value(ctx->chain,n); | ||
| 1037 | } | ||
| 1038 | } | ||
| 1039 | ok=1; | ||
| 1040 | end: | ||
| 1041 | return ok; | ||
| 1042 | } | ||
| 1043 | |||
| 1044 | int X509_cmp_current_time(ASN1_TIME *ctm) | ||
| 1045 | { | ||
| 1046 | return X509_cmp_time(ctm, NULL); | ||
| 1047 | } | ||
| 1048 | |||
| 1049 | int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) | ||
| 1050 | { | ||
| 1051 | char *str; | ||
| 1052 | ASN1_TIME atm; | ||
| 1053 | long offset; | ||
| 1054 | char buff1[24],buff2[24],*p; | ||
| 1055 | int i,j; | ||
| 1056 | |||
| 1057 | p=buff1; | ||
| 1058 | i=ctm->length; | ||
| 1059 | str=(char *)ctm->data; | ||
| 1060 | if (ctm->type == V_ASN1_UTCTIME) | ||
| 1061 | { | ||
| 1062 | if ((i < 11) || (i > 17)) return 0; | ||
| 1063 | memcpy(p,str,10); | ||
| 1064 | p+=10; | ||
| 1065 | str+=10; | ||
| 1066 | } | ||
| 1067 | else | ||
| 1068 | { | ||
| 1069 | if (i < 13) return 0; | ||
| 1070 | memcpy(p,str,12); | ||
| 1071 | p+=12; | ||
| 1072 | str+=12; | ||
| 1073 | } | ||
| 1074 | |||
| 1075 | if ((*str == 'Z') || (*str == '-') || (*str == '+')) | ||
| 1076 | { *(p++)='0'; *(p++)='0'; } | ||
| 1077 | else | ||
| 1078 | { | ||
| 1079 | *(p++)= *(str++); | ||
| 1080 | *(p++)= *(str++); | ||
| 1081 | /* Skip any fractional seconds... */ | ||
| 1082 | if (*str == '.') | ||
| 1083 | { | ||
| 1084 | str++; | ||
| 1085 | while ((*str >= '0') && (*str <= '9')) str++; | ||
| 1086 | } | ||
| 1087 | |||
| 1088 | } | ||
| 1089 | *(p++)='Z'; | ||
| 1090 | *(p++)='\0'; | ||
| 1091 | |||
| 1092 | if (*str == 'Z') | ||
| 1093 | offset=0; | ||
| 1094 | else | ||
| 1095 | { | ||
| 1096 | if ((*str != '+') && (*str != '-')) | ||
| 1097 | return 0; | ||
| 1098 | offset=((str[1]-'0')*10+(str[2]-'0'))*60; | ||
| 1099 | offset+=(str[3]-'0')*10+(str[4]-'0'); | ||
| 1100 | if (*str == '-') | ||
| 1101 | offset= -offset; | ||
| 1102 | } | ||
| 1103 | atm.type=ctm->type; | ||
| 1104 | atm.length=sizeof(buff2); | ||
| 1105 | atm.data=(unsigned char *)buff2; | ||
| 1106 | |||
| 1107 | if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL) | ||
| 1108 | return 0; | ||
| 1109 | |||
| 1110 | if (ctm->type == V_ASN1_UTCTIME) | ||
| 1111 | { | ||
| 1112 | i=(buff1[0]-'0')*10+(buff1[1]-'0'); | ||
| 1113 | if (i < 50) i+=100; /* cf. RFC 2459 */ | ||
| 1114 | j=(buff2[0]-'0')*10+(buff2[1]-'0'); | ||
| 1115 | if (j < 50) j+=100; | ||
| 1116 | |||
| 1117 | if (i < j) return -1; | ||
| 1118 | if (i > j) return 1; | ||
| 1119 | } | ||
| 1120 | i=strcmp(buff1,buff2); | ||
| 1121 | if (i == 0) /* wait a second then return younger :-) */ | ||
| 1122 | return -1; | ||
| 1123 | else | ||
| 1124 | return i; | ||
| 1125 | } | ||
| 1126 | |||
| 1127 | ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) | ||
| 1128 | { | ||
| 1129 | return X509_time_adj(s, adj, NULL); | ||
| 1130 | } | ||
| 1131 | |||
| 1132 | ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) | ||
| 1133 | { | ||
| 1134 | time_t t; | ||
| 1135 | int type = -1; | ||
| 1136 | |||
| 1137 | if (in_tm) t = *in_tm; | ||
| 1138 | else time(&t); | ||
| 1139 | |||
| 1140 | t+=adj; | ||
| 1141 | if (s) type = s->type; | ||
| 1142 | if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); | ||
| 1143 | if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t); | ||
| 1144 | return ASN1_TIME_set(s, t); | ||
| 1145 | } | ||
| 1146 | |||
| 1147 | int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) | ||
| 1148 | { | ||
| 1149 | EVP_PKEY *ktmp=NULL,*ktmp2; | ||
| 1150 | int i,j; | ||
| 1151 | |||
| 1152 | if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1; | ||
| 1153 | |||
| 1154 | for (i=0; i<sk_X509_num(chain); i++) | ||
| 1155 | { | ||
| 1156 | ktmp=X509_get_pubkey(sk_X509_value(chain,i)); | ||
| 1157 | if (ktmp == NULL) | ||
| 1158 | { | ||
| 1159 | X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); | ||
| 1160 | return 0; | ||
| 1161 | } | ||
| 1162 | if (!EVP_PKEY_missing_parameters(ktmp)) | ||
| 1163 | break; | ||
| 1164 | else | ||
| 1165 | { | ||
| 1166 | EVP_PKEY_free(ktmp); | ||
| 1167 | ktmp=NULL; | ||
| 1168 | } | ||
| 1169 | } | ||
| 1170 | if (ktmp == NULL) | ||
| 1171 | { | ||
| 1172 | X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); | ||
| 1173 | return 0; | ||
| 1174 | } | ||
| 1175 | |||
| 1176 | /* first, populate the other certs */ | ||
| 1177 | for (j=i-1; j >= 0; j--) | ||
| 1178 | { | ||
| 1179 | ktmp2=X509_get_pubkey(sk_X509_value(chain,j)); | ||
| 1180 | EVP_PKEY_copy_parameters(ktmp2,ktmp); | ||
| 1181 | EVP_PKEY_free(ktmp2); | ||
| 1182 | } | ||
| 1183 | |||
| 1184 | if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp); | ||
| 1185 | EVP_PKEY_free(ktmp); | ||
| 1186 | return 1; | ||
| 1187 | } | ||
| 1188 | |||
| 1189 | int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 1190 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | ||
| 1191 | { | ||
| 1192 | /* This function is (usually) called only once, by | ||
| 1193 | * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ | ||
| 1194 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, | ||
| 1195 | new_func, dup_func, free_func); | ||
| 1196 | } | ||
| 1197 | |||
| 1198 | int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) | ||
| 1199 | { | ||
| 1200 | return CRYPTO_set_ex_data(&ctx->ex_data,idx,data); | ||
| 1201 | } | ||
| 1202 | |||
| 1203 | void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) | ||
| 1204 | { | ||
| 1205 | return CRYPTO_get_ex_data(&ctx->ex_data,idx); | ||
| 1206 | } | ||
| 1207 | |||
| 1208 | int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) | ||
| 1209 | { | ||
| 1210 | return ctx->error; | ||
| 1211 | } | ||
| 1212 | |||
| 1213 | void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) | ||
| 1214 | { | ||
| 1215 | ctx->error=err; | ||
| 1216 | } | ||
| 1217 | |||
| 1218 | int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) | ||
| 1219 | { | ||
| 1220 | return ctx->error_depth; | ||
| 1221 | } | ||
| 1222 | |||
| 1223 | X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) | ||
| 1224 | { | ||
| 1225 | return ctx->current_cert; | ||
| 1226 | } | ||
| 1227 | |||
| 1228 | STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) | ||
| 1229 | { | ||
| 1230 | return ctx->chain; | ||
| 1231 | } | ||
| 1232 | |||
| 1233 | STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) | ||
| 1234 | { | ||
| 1235 | int i; | ||
| 1236 | X509 *x; | ||
| 1237 | STACK_OF(X509) *chain; | ||
| 1238 | if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; | ||
| 1239 | for (i = 0; i < sk_X509_num(chain); i++) | ||
| 1240 | { | ||
| 1241 | x = sk_X509_value(chain, i); | ||
| 1242 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | ||
| 1243 | } | ||
| 1244 | return chain; | ||
| 1245 | } | ||
| 1246 | |||
| 1247 | void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) | ||
| 1248 | { | ||
| 1249 | ctx->cert=x; | ||
| 1250 | } | ||
| 1251 | |||
| 1252 | void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) | ||
| 1253 | { | ||
| 1254 | ctx->untrusted=sk; | ||
| 1255 | } | ||
| 1256 | |||
| 1257 | void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) | ||
| 1258 | { | ||
| 1259 | ctx->crls=sk; | ||
| 1260 | } | ||
| 1261 | |||
| 1262 | int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) | ||
| 1263 | { | ||
| 1264 | return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); | ||
| 1265 | } | ||
| 1266 | |||
| 1267 | int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) | ||
| 1268 | { | ||
| 1269 | return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); | ||
| 1270 | } | ||
| 1271 | |||
| 1272 | /* This function is used to set the X509_STORE_CTX purpose and trust | ||
| 1273 | * values. This is intended to be used when another structure has its | ||
| 1274 | * own trust and purpose values which (if set) will be inherited by | ||
| 1275 | * the ctx. If they aren't set then we will usually have a default | ||
| 1276 | * purpose in mind which should then be used to set the trust value. | ||
| 1277 | * An example of this is SSL use: an SSL structure will have its own | ||
| 1278 | * purpose and trust settings which the application can set: if they | ||
| 1279 | * aren't set then we use the default of SSL client/server. | ||
| 1280 | */ | ||
| 1281 | |||
| 1282 | int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, | ||
| 1283 | int purpose, int trust) | ||
| 1284 | { | ||
| 1285 | int idx; | ||
| 1286 | /* If purpose not set use default */ | ||
| 1287 | if (!purpose) purpose = def_purpose; | ||
| 1288 | /* If we have a purpose then check it is valid */ | ||
| 1289 | if (purpose) | ||
| 1290 | { | ||
| 1291 | X509_PURPOSE *ptmp; | ||
| 1292 | idx = X509_PURPOSE_get_by_id(purpose); | ||
| 1293 | if (idx == -1) | ||
| 1294 | { | ||
| 1295 | X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, | ||
| 1296 | X509_R_UNKNOWN_PURPOSE_ID); | ||
| 1297 | return 0; | ||
| 1298 | } | ||
| 1299 | ptmp = X509_PURPOSE_get0(idx); | ||
| 1300 | if (ptmp->trust == X509_TRUST_DEFAULT) | ||
| 1301 | { | ||
| 1302 | idx = X509_PURPOSE_get_by_id(def_purpose); | ||
| 1303 | if (idx == -1) | ||
| 1304 | { | ||
| 1305 | X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, | ||
| 1306 | X509_R_UNKNOWN_PURPOSE_ID); | ||
| 1307 | return 0; | ||
| 1308 | } | ||
| 1309 | ptmp = X509_PURPOSE_get0(idx); | ||
| 1310 | } | ||
| 1311 | /* If trust not set then get from purpose default */ | ||
| 1312 | if (!trust) trust = ptmp->trust; | ||
| 1313 | } | ||
| 1314 | if (trust) | ||
| 1315 | { | ||
| 1316 | idx = X509_TRUST_get_by_id(trust); | ||
| 1317 | if (idx == -1) | ||
| 1318 | { | ||
| 1319 | X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, | ||
| 1320 | X509_R_UNKNOWN_TRUST_ID); | ||
| 1321 | return 0; | ||
| 1322 | } | ||
| 1323 | } | ||
| 1324 | |||
| 1325 | if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose; | ||
| 1326 | if (trust && !ctx->param->trust) ctx->param->trust = trust; | ||
| 1327 | return 1; | ||
| 1328 | } | ||
| 1329 | |||
| 1330 | X509_STORE_CTX *X509_STORE_CTX_new(void) | ||
| 1331 | { | ||
| 1332 | X509_STORE_CTX *ctx; | ||
| 1333 | ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); | ||
| 1334 | if (!ctx) | ||
| 1335 | { | ||
| 1336 | X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE); | ||
| 1337 | return NULL; | ||
| 1338 | } | ||
| 1339 | memset(ctx, 0, sizeof(X509_STORE_CTX)); | ||
| 1340 | return ctx; | ||
| 1341 | } | ||
| 1342 | |||
| 1343 | void X509_STORE_CTX_free(X509_STORE_CTX *ctx) | ||
| 1344 | { | ||
| 1345 | X509_STORE_CTX_cleanup(ctx); | ||
| 1346 | OPENSSL_free(ctx); | ||
| 1347 | } | ||
| 1348 | |||
| 1349 | int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, | ||
| 1350 | STACK_OF(X509) *chain) | ||
| 1351 | { | ||
| 1352 | int ret = 1; | ||
| 1353 | ctx->ctx=store; | ||
| 1354 | ctx->current_method=0; | ||
| 1355 | ctx->cert=x509; | ||
| 1356 | ctx->untrusted=chain; | ||
| 1357 | ctx->crls = NULL; | ||
| 1358 | ctx->last_untrusted=0; | ||
| 1359 | ctx->other_ctx=NULL; | ||
| 1360 | ctx->valid=0; | ||
| 1361 | ctx->chain=NULL; | ||
| 1362 | ctx->error=0; | ||
| 1363 | ctx->explicit_policy=0; | ||
| 1364 | ctx->error_depth=0; | ||
| 1365 | ctx->current_cert=NULL; | ||
| 1366 | ctx->current_issuer=NULL; | ||
| 1367 | ctx->tree = NULL; | ||
| 1368 | |||
| 1369 | ctx->param = X509_VERIFY_PARAM_new(); | ||
| 1370 | |||
| 1371 | if (!ctx->param) | ||
| 1372 | { | ||
| 1373 | X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); | ||
| 1374 | return 0; | ||
| 1375 | } | ||
| 1376 | |||
| 1377 | /* Inherit callbacks and flags from X509_STORE if not set | ||
| 1378 | * use defaults. | ||
| 1379 | */ | ||
| 1380 | |||
| 1381 | |||
| 1382 | if (store) | ||
| 1383 | ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); | ||
| 1384 | else | ||
| 1385 | ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; | ||
| 1386 | |||
| 1387 | if (store) | ||
| 1388 | { | ||
| 1389 | ctx->verify_cb = store->verify_cb; | ||
| 1390 | ctx->cleanup = store->cleanup; | ||
| 1391 | } | ||
| 1392 | else | ||
| 1393 | ctx->cleanup = 0; | ||
| 1394 | |||
| 1395 | if (ret) | ||
| 1396 | ret = X509_VERIFY_PARAM_inherit(ctx->param, | ||
| 1397 | X509_VERIFY_PARAM_lookup("default")); | ||
| 1398 | |||
| 1399 | if (ret == 0) | ||
| 1400 | { | ||
| 1401 | X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); | ||
| 1402 | return 0; | ||
| 1403 | } | ||
| 1404 | |||
| 1405 | if (store && store->check_issued) | ||
| 1406 | ctx->check_issued = store->check_issued; | ||
| 1407 | else | ||
| 1408 | ctx->check_issued = check_issued; | ||
| 1409 | |||
| 1410 | if (store && store->get_issuer) | ||
| 1411 | ctx->get_issuer = store->get_issuer; | ||
| 1412 | else | ||
| 1413 | ctx->get_issuer = X509_STORE_CTX_get1_issuer; | ||
| 1414 | |||
| 1415 | if (store && store->verify_cb) | ||
| 1416 | ctx->verify_cb = store->verify_cb; | ||
| 1417 | else | ||
| 1418 | ctx->verify_cb = null_callback; | ||
| 1419 | |||
| 1420 | if (store && store->verify) | ||
| 1421 | ctx->verify = store->verify; | ||
| 1422 | else | ||
| 1423 | ctx->verify = internal_verify; | ||
| 1424 | |||
| 1425 | if (store && store->check_revocation) | ||
| 1426 | ctx->check_revocation = store->check_revocation; | ||
| 1427 | else | ||
| 1428 | ctx->check_revocation = check_revocation; | ||
| 1429 | |||
| 1430 | if (store && store->get_crl) | ||
| 1431 | ctx->get_crl = store->get_crl; | ||
| 1432 | else | ||
| 1433 | ctx->get_crl = get_crl; | ||
| 1434 | |||
| 1435 | if (store && store->check_crl) | ||
| 1436 | ctx->check_crl = store->check_crl; | ||
| 1437 | else | ||
| 1438 | ctx->check_crl = check_crl; | ||
| 1439 | |||
| 1440 | if (store && store->cert_crl) | ||
| 1441 | ctx->cert_crl = store->cert_crl; | ||
| 1442 | else | ||
| 1443 | ctx->cert_crl = cert_crl; | ||
| 1444 | |||
| 1445 | ctx->check_policy = check_policy; | ||
| 1446 | |||
| 1447 | |||
| 1448 | /* This memset() can't make any sense anyway, so it's removed. As | ||
| 1449 | * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a | ||
| 1450 | * corresponding "new" here and remove this bogus initialisation. */ | ||
| 1451 | /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ | ||
| 1452 | if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, | ||
| 1453 | &(ctx->ex_data))) | ||
| 1454 | { | ||
| 1455 | OPENSSL_free(ctx); | ||
| 1456 | X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); | ||
| 1457 | return 0; | ||
| 1458 | } | ||
| 1459 | return 1; | ||
| 1460 | } | ||
| 1461 | |||
| 1462 | /* Set alternative lookup method: just a STACK of trusted certificates. | ||
| 1463 | * This avoids X509_STORE nastiness where it isn't needed. | ||
| 1464 | */ | ||
| 1465 | |||
| 1466 | void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) | ||
| 1467 | { | ||
| 1468 | ctx->other_ctx = sk; | ||
| 1469 | ctx->get_issuer = get_issuer_sk; | ||
| 1470 | } | ||
| 1471 | |||
| 1472 | void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) | ||
| 1473 | { | ||
| 1474 | if (ctx->cleanup) ctx->cleanup(ctx); | ||
| 1475 | if (ctx->param != NULL) | ||
| 1476 | { | ||
| 1477 | X509_VERIFY_PARAM_free(ctx->param); | ||
| 1478 | ctx->param=NULL; | ||
| 1479 | } | ||
| 1480 | if (ctx->tree != NULL) | ||
| 1481 | { | ||
| 1482 | X509_policy_tree_free(ctx->tree); | ||
| 1483 | ctx->tree=NULL; | ||
| 1484 | } | ||
| 1485 | if (ctx->chain != NULL) | ||
| 1486 | { | ||
| 1487 | sk_X509_pop_free(ctx->chain,X509_free); | ||
| 1488 | ctx->chain=NULL; | ||
| 1489 | } | ||
| 1490 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); | ||
| 1491 | memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); | ||
| 1492 | } | ||
| 1493 | |||
| 1494 | void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) | ||
| 1495 | { | ||
| 1496 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); | ||
| 1497 | } | ||
| 1498 | |||
| 1499 | void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) | ||
| 1500 | { | ||
| 1501 | X509_VERIFY_PARAM_set_flags(ctx->param, flags); | ||
| 1502 | } | ||
| 1503 | |||
| 1504 | void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) | ||
| 1505 | { | ||
| 1506 | X509_VERIFY_PARAM_set_time(ctx->param, t); | ||
| 1507 | } | ||
| 1508 | |||
| 1509 | void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, | ||
| 1510 | int (*verify_cb)(int, X509_STORE_CTX *)) | ||
| 1511 | { | ||
| 1512 | ctx->verify_cb=verify_cb; | ||
| 1513 | } | ||
| 1514 | |||
| 1515 | X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) | ||
| 1516 | { | ||
| 1517 | return ctx->tree; | ||
| 1518 | } | ||
| 1519 | |||
| 1520 | int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) | ||
| 1521 | { | ||
| 1522 | return ctx->explicit_policy; | ||
| 1523 | } | ||
| 1524 | |||
| 1525 | int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) | ||
| 1526 | { | ||
| 1527 | const X509_VERIFY_PARAM *param; | ||
| 1528 | param = X509_VERIFY_PARAM_lookup(name); | ||
| 1529 | if (!param) | ||
| 1530 | return 0; | ||
| 1531 | return X509_VERIFY_PARAM_inherit(ctx->param, param); | ||
| 1532 | } | ||
| 1533 | |||
| 1534 | X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) | ||
| 1535 | { | ||
| 1536 | return ctx->param; | ||
| 1537 | } | ||
| 1538 | |||
| 1539 | void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) | ||
| 1540 | { | ||
| 1541 | if (ctx->param) | ||
| 1542 | X509_VERIFY_PARAM_free(ctx->param); | ||
| 1543 | ctx->param = param; | ||
| 1544 | } | ||
| 1545 | |||
| 1546 | IMPLEMENT_STACK_OF(X509) | ||
| 1547 | IMPLEMENT_ASN1_SET_OF(X509) | ||
| 1548 | |||
| 1549 | IMPLEMENT_STACK_OF(X509_NAME) | ||
| 1550 | |||
| 1551 | IMPLEMENT_STACK_OF(X509_ATTRIBUTE) | ||
| 1552 | IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) | ||
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h deleted file mode 100644 index 76c76e1719..0000000000 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ /dev/null | |||
| @@ -1,531 +0,0 @@ | |||
| 1 | /* crypto/x509/x509_vfy.h */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #ifndef HEADER_X509_H | ||
| 60 | #include <openssl/x509.h> | ||
| 61 | /* openssl/x509.h ends up #include-ing this file at about the only | ||
| 62 | * appropriate moment. */ | ||
| 63 | #endif | ||
| 64 | |||
| 65 | #ifndef HEADER_X509_VFY_H | ||
| 66 | #define HEADER_X509_VFY_H | ||
| 67 | |||
| 68 | #include <openssl/opensslconf.h> | ||
| 69 | #ifndef OPENSSL_NO_LHASH | ||
| 70 | #include <openssl/lhash.h> | ||
| 71 | #endif | ||
| 72 | #include <openssl/bio.h> | ||
| 73 | #include <openssl/crypto.h> | ||
| 74 | #include <openssl/symhacks.h> | ||
| 75 | |||
| 76 | #ifdef __cplusplus | ||
| 77 | extern "C" { | ||
| 78 | #endif | ||
| 79 | |||
| 80 | /* Outer object */ | ||
| 81 | typedef struct x509_hash_dir_st | ||
| 82 | { | ||
| 83 | int num_dirs; | ||
| 84 | char **dirs; | ||
| 85 | int *dirs_type; | ||
| 86 | int num_dirs_alloced; | ||
| 87 | } X509_HASH_DIR_CTX; | ||
| 88 | |||
| 89 | typedef struct x509_file_st | ||
| 90 | { | ||
| 91 | int num_paths; /* number of paths to files or directories */ | ||
| 92 | int num_alloced; | ||
| 93 | char **paths; /* the list of paths or directories */ | ||
| 94 | int *path_type; | ||
| 95 | } X509_CERT_FILE_CTX; | ||
| 96 | |||
| 97 | /*******************************/ | ||
| 98 | /* | ||
| 99 | SSL_CTX -> X509_STORE | ||
| 100 | -> X509_LOOKUP | ||
| 101 | ->X509_LOOKUP_METHOD | ||
| 102 | -> X509_LOOKUP | ||
| 103 | ->X509_LOOKUP_METHOD | ||
| 104 | |||
| 105 | SSL -> X509_STORE_CTX | ||
| 106 | ->X509_STORE | ||
| 107 | |||
| 108 | The X509_STORE holds the tables etc for verification stuff. | ||
| 109 | A X509_STORE_CTX is used while validating a single certificate. | ||
| 110 | The X509_STORE has X509_LOOKUPs for looking up certs. | ||
| 111 | The X509_STORE then calls a function to actually verify the | ||
| 112 | certificate chain. | ||
| 113 | */ | ||
| 114 | |||
| 115 | #define X509_LU_RETRY -1 | ||
| 116 | #define X509_LU_FAIL 0 | ||
| 117 | #define X509_LU_X509 1 | ||
| 118 | #define X509_LU_CRL 2 | ||
| 119 | #define X509_LU_PKEY 3 | ||
| 120 | |||
| 121 | typedef struct x509_object_st | ||
| 122 | { | ||
| 123 | /* one of the above types */ | ||
| 124 | int type; | ||
| 125 | union { | ||
| 126 | char *ptr; | ||
| 127 | X509 *x509; | ||
| 128 | X509_CRL *crl; | ||
| 129 | EVP_PKEY *pkey; | ||
| 130 | } data; | ||
| 131 | } X509_OBJECT; | ||
| 132 | |||
| 133 | typedef struct x509_lookup_st X509_LOOKUP; | ||
| 134 | |||
| 135 | DECLARE_STACK_OF(X509_LOOKUP) | ||
| 136 | DECLARE_STACK_OF(X509_OBJECT) | ||
| 137 | |||
| 138 | /* This is a static that defines the function interface */ | ||
| 139 | typedef struct x509_lookup_method_st | ||
| 140 | { | ||
| 141 | const char *name; | ||
| 142 | int (*new_item)(X509_LOOKUP *ctx); | ||
| 143 | void (*free)(X509_LOOKUP *ctx); | ||
| 144 | int (*init)(X509_LOOKUP *ctx); | ||
| 145 | int (*shutdown)(X509_LOOKUP *ctx); | ||
| 146 | int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl, | ||
| 147 | char **ret); | ||
| 148 | int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name, | ||
| 149 | X509_OBJECT *ret); | ||
| 150 | int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name, | ||
| 151 | ASN1_INTEGER *serial,X509_OBJECT *ret); | ||
| 152 | int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type, | ||
| 153 | unsigned char *bytes,int len, | ||
| 154 | X509_OBJECT *ret); | ||
| 155 | int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len, | ||
| 156 | X509_OBJECT *ret); | ||
| 157 | } X509_LOOKUP_METHOD; | ||
| 158 | |||
| 159 | /* This structure hold all parameters associated with a verify operation | ||
| 160 | * by including an X509_VERIFY_PARAM structure in related structures the | ||
| 161 | * parameters used can be customized | ||
| 162 | */ | ||
| 163 | |||
| 164 | typedef struct X509_VERIFY_PARAM_st | ||
| 165 | { | ||
| 166 | char *name; | ||
| 167 | time_t check_time; /* Time to use */ | ||
| 168 | unsigned long inh_flags; /* Inheritance flags */ | ||
| 169 | unsigned long flags; /* Various verify flags */ | ||
| 170 | int purpose; /* purpose to check untrusted certificates */ | ||
| 171 | int trust; /* trust setting to check */ | ||
| 172 | int depth; /* Verify depth */ | ||
| 173 | STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ | ||
| 174 | } X509_VERIFY_PARAM; | ||
| 175 | |||
| 176 | DECLARE_STACK_OF(X509_VERIFY_PARAM) | ||
| 177 | |||
| 178 | /* This is used to hold everything. It is used for all certificate | ||
| 179 | * validation. Once we have a certificate chain, the 'verify' | ||
| 180 | * function is then called to actually check the cert chain. */ | ||
| 181 | struct x509_store_st | ||
| 182 | { | ||
| 183 | /* The following is a cache of trusted certs */ | ||
| 184 | int cache; /* if true, stash any hits */ | ||
| 185 | STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ | ||
| 186 | |||
| 187 | /* These are external lookup methods */ | ||
| 188 | STACK_OF(X509_LOOKUP) *get_cert_methods; | ||
| 189 | |||
| 190 | X509_VERIFY_PARAM *param; | ||
| 191 | |||
| 192 | /* Callbacks for various operations */ | ||
| 193 | int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ | ||
| 194 | int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ | ||
| 195 | int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ | ||
| 196 | int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ | ||
| 197 | int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ | ||
| 198 | int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ | ||
| 199 | int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ | ||
| 200 | int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ | ||
| 201 | int (*cleanup)(X509_STORE_CTX *ctx); | ||
| 202 | |||
| 203 | CRYPTO_EX_DATA ex_data; | ||
| 204 | int references; | ||
| 205 | } /* X509_STORE */; | ||
| 206 | |||
| 207 | int X509_STORE_set_depth(X509_STORE *store, int depth); | ||
| 208 | |||
| 209 | #define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) | ||
| 210 | #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) | ||
| 211 | |||
| 212 | /* This is the functions plus an instance of the local variables. */ | ||
| 213 | struct x509_lookup_st | ||
| 214 | { | ||
| 215 | int init; /* have we been started */ | ||
| 216 | int skip; /* don't use us. */ | ||
| 217 | X509_LOOKUP_METHOD *method; /* the functions */ | ||
| 218 | char *method_data; /* method data */ | ||
| 219 | |||
| 220 | X509_STORE *store_ctx; /* who owns us */ | ||
| 221 | } /* X509_LOOKUP */; | ||
| 222 | |||
| 223 | /* This is a used when verifying cert chains. Since the | ||
| 224 | * gathering of the cert chain can take some time (and have to be | ||
| 225 | * 'retried', this needs to be kept and passed around. */ | ||
| 226 | struct x509_store_ctx_st /* X509_STORE_CTX */ | ||
| 227 | { | ||
| 228 | X509_STORE *ctx; | ||
| 229 | int current_method; /* used when looking up certs */ | ||
| 230 | |||
| 231 | /* The following are set by the caller */ | ||
| 232 | X509 *cert; /* The cert to check */ | ||
| 233 | STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ | ||
| 234 | STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ | ||
| 235 | |||
| 236 | X509_VERIFY_PARAM *param; | ||
| 237 | void *other_ctx; /* Other info for use with get_issuer() */ | ||
| 238 | |||
| 239 | /* Callbacks for various operations */ | ||
| 240 | int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ | ||
| 241 | int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ | ||
| 242 | int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ | ||
| 243 | int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ | ||
| 244 | int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ | ||
| 245 | int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ | ||
| 246 | int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ | ||
| 247 | int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ | ||
| 248 | int (*check_policy)(X509_STORE_CTX *ctx); | ||
| 249 | int (*cleanup)(X509_STORE_CTX *ctx); | ||
| 250 | |||
| 251 | /* The following is built up */ | ||
| 252 | int valid; /* if 0, rebuild chain */ | ||
| 253 | int last_untrusted; /* index of last untrusted cert */ | ||
| 254 | STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ | ||
| 255 | X509_POLICY_TREE *tree; /* Valid policy tree */ | ||
| 256 | |||
| 257 | int explicit_policy; /* Require explicit policy value */ | ||
| 258 | |||
| 259 | /* When something goes wrong, this is why */ | ||
| 260 | int error_depth; | ||
| 261 | int error; | ||
| 262 | X509 *current_cert; | ||
| 263 | X509 *current_issuer; /* cert currently being tested as valid issuer */ | ||
| 264 | X509_CRL *current_crl; /* current CRL */ | ||
| 265 | |||
| 266 | CRYPTO_EX_DATA ex_data; | ||
| 267 | } /* X509_STORE_CTX */; | ||
| 268 | |||
| 269 | void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); | ||
| 270 | |||
| 271 | #define X509_STORE_CTX_set_app_data(ctx,data) \ | ||
| 272 | X509_STORE_CTX_set_ex_data(ctx,0,data) | ||
| 273 | #define X509_STORE_CTX_get_app_data(ctx) \ | ||
| 274 | X509_STORE_CTX_get_ex_data(ctx,0) | ||
| 275 | |||
| 276 | #define X509_L_FILE_LOAD 1 | ||
| 277 | #define X509_L_ADD_DIR 2 | ||
| 278 | |||
| 279 | #define X509_LOOKUP_load_file(x,name,type) \ | ||
| 280 | X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) | ||
| 281 | |||
| 282 | #define X509_LOOKUP_add_dir(x,name,type) \ | ||
| 283 | X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) | ||
| 284 | |||
| 285 | #define X509_V_OK 0 | ||
| 286 | /* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */ | ||
| 287 | |||
| 288 | #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 | ||
| 289 | #define X509_V_ERR_UNABLE_TO_GET_CRL 3 | ||
| 290 | #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 | ||
| 291 | #define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 | ||
| 292 | #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 | ||
| 293 | #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 | ||
| 294 | #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 | ||
| 295 | #define X509_V_ERR_CERT_NOT_YET_VALID 9 | ||
| 296 | #define X509_V_ERR_CERT_HAS_EXPIRED 10 | ||
| 297 | #define X509_V_ERR_CRL_NOT_YET_VALID 11 | ||
| 298 | #define X509_V_ERR_CRL_HAS_EXPIRED 12 | ||
| 299 | #define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 | ||
| 300 | #define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 | ||
| 301 | #define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 | ||
| 302 | #define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 | ||
| 303 | #define X509_V_ERR_OUT_OF_MEM 17 | ||
| 304 | #define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 | ||
| 305 | #define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 | ||
| 306 | #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 | ||
| 307 | #define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 | ||
| 308 | #define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 | ||
| 309 | #define X509_V_ERR_CERT_REVOKED 23 | ||
| 310 | #define X509_V_ERR_INVALID_CA 24 | ||
| 311 | #define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 | ||
| 312 | #define X509_V_ERR_INVALID_PURPOSE 26 | ||
| 313 | #define X509_V_ERR_CERT_UNTRUSTED 27 | ||
| 314 | #define X509_V_ERR_CERT_REJECTED 28 | ||
| 315 | /* These are 'informational' when looking for issuer cert */ | ||
| 316 | #define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 | ||
| 317 | #define X509_V_ERR_AKID_SKID_MISMATCH 30 | ||
| 318 | #define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 | ||
| 319 | #define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 | ||
| 320 | |||
| 321 | #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 | ||
| 322 | #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 | ||
| 323 | #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 | ||
| 324 | #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 | ||
| 325 | #define X509_V_ERR_INVALID_NON_CA 37 | ||
| 326 | #define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 | ||
| 327 | #define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 | ||
| 328 | #define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 | ||
| 329 | |||
| 330 | #define X509_V_ERR_INVALID_EXTENSION 41 | ||
| 331 | #define X509_V_ERR_INVALID_POLICY_EXTENSION 42 | ||
| 332 | #define X509_V_ERR_NO_EXPLICIT_POLICY 43 | ||
| 333 | |||
| 334 | #define X509_V_ERR_UNNESTED_RESOURCE 44 | ||
| 335 | |||
| 336 | /* The application is not happy */ | ||
| 337 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 | ||
| 338 | |||
| 339 | /* Certificate verify flags */ | ||
| 340 | |||
| 341 | /* Send issuer+subject checks to verify_cb */ | ||
| 342 | #define X509_V_FLAG_CB_ISSUER_CHECK 0x1 | ||
| 343 | /* Use check time instead of current time */ | ||
| 344 | #define X509_V_FLAG_USE_CHECK_TIME 0x2 | ||
| 345 | /* Lookup CRLs */ | ||
| 346 | #define X509_V_FLAG_CRL_CHECK 0x4 | ||
| 347 | /* Lookup CRLs for whole chain */ | ||
| 348 | #define X509_V_FLAG_CRL_CHECK_ALL 0x8 | ||
| 349 | /* Ignore unhandled critical extensions */ | ||
| 350 | #define X509_V_FLAG_IGNORE_CRITICAL 0x10 | ||
| 351 | /* Disable workarounds for broken certificates */ | ||
| 352 | #define X509_V_FLAG_X509_STRICT 0x20 | ||
| 353 | /* Enable proxy certificate validation */ | ||
| 354 | #define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 | ||
| 355 | /* Enable policy checking */ | ||
| 356 | #define X509_V_FLAG_POLICY_CHECK 0x80 | ||
| 357 | /* Policy variable require-explicit-policy */ | ||
| 358 | #define X509_V_FLAG_EXPLICIT_POLICY 0x100 | ||
| 359 | /* Policy variable inhibit-any-policy */ | ||
| 360 | #define X509_V_FLAG_INHIBIT_ANY 0x200 | ||
| 361 | /* Policy variable inhibit-policy-mapping */ | ||
| 362 | #define X509_V_FLAG_INHIBIT_MAP 0x400 | ||
| 363 | /* Notify callback that policy is OK */ | ||
| 364 | #define X509_V_FLAG_NOTIFY_POLICY 0x800 | ||
| 365 | |||
| 366 | #define X509_VP_FLAG_DEFAULT 0x1 | ||
| 367 | #define X509_VP_FLAG_OVERWRITE 0x2 | ||
| 368 | #define X509_VP_FLAG_RESET_FLAGS 0x4 | ||
| 369 | #define X509_VP_FLAG_LOCKED 0x8 | ||
| 370 | #define X509_VP_FLAG_ONCE 0x10 | ||
| 371 | |||
| 372 | /* Internal use: mask of policy related options */ | ||
| 373 | #define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ | ||
| 374 | | X509_V_FLAG_EXPLICIT_POLICY \ | ||
| 375 | | X509_V_FLAG_INHIBIT_ANY \ | ||
| 376 | | X509_V_FLAG_INHIBIT_MAP) | ||
| 377 | |||
| 378 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, | ||
| 379 | X509_NAME *name); | ||
| 380 | X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name); | ||
| 381 | X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); | ||
| 382 | void X509_OBJECT_up_ref_count(X509_OBJECT *a); | ||
| 383 | void X509_OBJECT_free_contents(X509_OBJECT *a); | ||
| 384 | X509_STORE *X509_STORE_new(void ); | ||
| 385 | void X509_STORE_free(X509_STORE *v); | ||
| 386 | |||
| 387 | int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); | ||
| 388 | int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); | ||
| 389 | int X509_STORE_set_trust(X509_STORE *ctx, int trust); | ||
| 390 | int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); | ||
| 391 | |||
| 392 | X509_STORE_CTX *X509_STORE_CTX_new(void); | ||
| 393 | |||
| 394 | int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); | ||
| 395 | |||
| 396 | void X509_STORE_CTX_free(X509_STORE_CTX *ctx); | ||
| 397 | int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, | ||
| 398 | X509 *x509, STACK_OF(X509) *chain); | ||
| 399 | void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); | ||
| 400 | void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); | ||
| 401 | |||
| 402 | X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); | ||
| 403 | |||
| 404 | X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); | ||
| 405 | X509_LOOKUP_METHOD *X509_LOOKUP_file(void); | ||
| 406 | |||
| 407 | int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); | ||
| 408 | int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); | ||
| 409 | |||
| 410 | int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, | ||
| 411 | X509_OBJECT *ret); | ||
| 412 | |||
| 413 | int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, | ||
| 414 | long argl, char **ret); | ||
| 415 | |||
| 416 | #ifndef OPENSSL_NO_STDIO | ||
| 417 | int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); | ||
| 418 | int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); | ||
| 419 | int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); | ||
| 420 | #endif | ||
| 421 | |||
| 422 | |||
| 423 | X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); | ||
| 424 | void X509_LOOKUP_free(X509_LOOKUP *ctx); | ||
| 425 | int X509_LOOKUP_init(X509_LOOKUP *ctx); | ||
| 426 | int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, | ||
| 427 | X509_OBJECT *ret); | ||
| 428 | int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, | ||
| 429 | ASN1_INTEGER *serial, X509_OBJECT *ret); | ||
| 430 | int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, | ||
| 431 | unsigned char *bytes, int len, X509_OBJECT *ret); | ||
| 432 | int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, | ||
| 433 | int len, X509_OBJECT *ret); | ||
| 434 | int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); | ||
| 435 | |||
| 436 | #ifndef OPENSSL_NO_STDIO | ||
| 437 | int X509_STORE_load_locations (X509_STORE *ctx, | ||
| 438 | const char *file, const char *dir); | ||
| 439 | int X509_STORE_set_default_paths(X509_STORE *ctx); | ||
| 440 | #endif | ||
| 441 | |||
| 442 | int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 443 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
| 444 | int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data); | ||
| 445 | void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); | ||
| 446 | int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); | ||
| 447 | void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); | ||
| 448 | int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); | ||
| 449 | X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); | ||
| 450 | STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); | ||
| 451 | STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); | ||
| 452 | void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); | ||
| 453 | void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); | ||
| 454 | void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk); | ||
| 455 | int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); | ||
| 456 | int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); | ||
| 457 | int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, | ||
| 458 | int purpose, int trust); | ||
| 459 | void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); | ||
| 460 | void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, | ||
| 461 | time_t t); | ||
| 462 | void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, | ||
| 463 | int (*verify_cb)(int, X509_STORE_CTX *)); | ||
| 464 | |||
| 465 | X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); | ||
| 466 | int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); | ||
| 467 | |||
| 468 | X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); | ||
| 469 | void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); | ||
| 470 | int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); | ||
| 471 | |||
| 472 | /* X509_VERIFY_PARAM functions */ | ||
| 473 | |||
| 474 | X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); | ||
| 475 | void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); | ||
| 476 | int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, | ||
| 477 | const X509_VERIFY_PARAM *from); | ||
| 478 | int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, | ||
| 479 | const X509_VERIFY_PARAM *from); | ||
| 480 | int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); | ||
| 481 | int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); | ||
| 482 | int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, | ||
| 483 | unsigned long flags); | ||
| 484 | unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); | ||
| 485 | int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); | ||
| 486 | int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); | ||
| 487 | void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); | ||
| 488 | void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); | ||
| 489 | int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, | ||
| 490 | ASN1_OBJECT *policy); | ||
| 491 | int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, | ||
| 492 | STACK_OF(ASN1_OBJECT) *policies); | ||
| 493 | int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); | ||
| 494 | |||
| 495 | int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); | ||
| 496 | const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); | ||
| 497 | void X509_VERIFY_PARAM_table_cleanup(void); | ||
| 498 | |||
| 499 | int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, | ||
| 500 | STACK_OF(X509) *certs, | ||
| 501 | STACK_OF(ASN1_OBJECT) *policy_oids, | ||
| 502 | unsigned int flags); | ||
| 503 | |||
| 504 | void X509_policy_tree_free(X509_POLICY_TREE *tree); | ||
| 505 | |||
| 506 | int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); | ||
| 507 | X509_POLICY_LEVEL * | ||
| 508 | X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i); | ||
| 509 | |||
| 510 | STACK_OF(X509_POLICY_NODE) * | ||
| 511 | X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); | ||
| 512 | |||
| 513 | STACK_OF(X509_POLICY_NODE) * | ||
| 514 | X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); | ||
| 515 | |||
| 516 | int X509_policy_level_node_count(X509_POLICY_LEVEL *level); | ||
| 517 | |||
| 518 | X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i); | ||
| 519 | |||
| 520 | const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); | ||
| 521 | |||
| 522 | STACK_OF(POLICYQUALINFO) * | ||
| 523 | X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); | ||
| 524 | const X509_POLICY_NODE * | ||
| 525 | X509_policy_node_get0_parent(const X509_POLICY_NODE *node); | ||
| 526 | |||
| 527 | #ifdef __cplusplus | ||
| 528 | } | ||
| 529 | #endif | ||
| 530 | #endif | ||
| 531 | |||
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c deleted file mode 100644 index 2b06718aec..0000000000 --- a/src/lib/libcrypto/x509/x509_vpm.c +++ /dev/null | |||
| @@ -1,430 +0,0 @@ | |||
| 1 | /* x509_vpm.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 2004. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | |||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/crypto.h> | ||
| 63 | #include <openssl/lhash.h> | ||
| 64 | #include <openssl/buffer.h> | ||
| 65 | #include <openssl/x509.h> | ||
| 66 | #include <openssl/x509v3.h> | ||
| 67 | |||
| 68 | /* X509_VERIFY_PARAM functions */ | ||
| 69 | |||
| 70 | static void x509_verify_param_zero(X509_VERIFY_PARAM *param) | ||
| 71 | { | ||
| 72 | if (!param) | ||
| 73 | return; | ||
| 74 | param->name = NULL; | ||
| 75 | param->purpose = 0; | ||
| 76 | param->trust = 0; | ||
| 77 | param->inh_flags = 0; | ||
| 78 | param->flags = 0; | ||
| 79 | param->depth = -1; | ||
| 80 | if (param->policies) | ||
| 81 | { | ||
| 82 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); | ||
| 83 | param->policies = NULL; | ||
| 84 | } | ||
| 85 | } | ||
| 86 | |||
| 87 | X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) | ||
| 88 | { | ||
| 89 | X509_VERIFY_PARAM *param; | ||
| 90 | param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); | ||
| 91 | memset(param, 0, sizeof(X509_VERIFY_PARAM)); | ||
| 92 | x509_verify_param_zero(param); | ||
| 93 | return param; | ||
| 94 | } | ||
| 95 | |||
| 96 | void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) | ||
| 97 | { | ||
| 98 | x509_verify_param_zero(param); | ||
| 99 | OPENSSL_free(param); | ||
| 100 | } | ||
| 101 | |||
| 102 | /* This function determines how parameters are "inherited" from one structure | ||
| 103 | * to another. There are several different ways this can happen. | ||
| 104 | * | ||
| 105 | * 1. If a child structure needs to have its values initialized from a parent | ||
| 106 | * they are simply copied across. For example SSL_CTX copied to SSL. | ||
| 107 | * 2. If the structure should take on values only if they are currently unset. | ||
| 108 | * For example the values in an SSL structure will take appropriate value | ||
| 109 | * for SSL servers or clients but only if the application has not set new | ||
| 110 | * ones. | ||
| 111 | * | ||
| 112 | * The "inh_flags" field determines how this function behaves. | ||
| 113 | * | ||
| 114 | * Normally any values which are set in the default are not copied from the | ||
| 115 | * destination and verify flags are ORed together. | ||
| 116 | * | ||
| 117 | * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied | ||
| 118 | * to the destination. Effectively the values in "to" become default values | ||
| 119 | * which will be used only if nothing new is set in "from". | ||
| 120 | * | ||
| 121 | * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether | ||
| 122 | * they are set or not. Flags is still Ored though. | ||
| 123 | * | ||
| 124 | * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead | ||
| 125 | * of ORed. | ||
| 126 | * | ||
| 127 | * If X509_VP_FLAG_LOCKED is set then no values are copied. | ||
| 128 | * | ||
| 129 | * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed | ||
| 130 | * after the next call. | ||
| 131 | */ | ||
| 132 | |||
| 133 | /* Macro to test if a field should be copied from src to dest */ | ||
| 134 | |||
| 135 | #define test_x509_verify_param_copy(field, def) \ | ||
| 136 | (to_overwrite || \ | ||
| 137 | ((src->field != def) && (to_default || (dest->field == def)))) | ||
| 138 | |||
| 139 | /* Macro to test and copy a field if necessary */ | ||
| 140 | |||
| 141 | #define x509_verify_param_copy(field, def) \ | ||
| 142 | if (test_x509_verify_param_copy(field, def)) \ | ||
| 143 | dest->field = src->field | ||
| 144 | |||
| 145 | |||
| 146 | int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, | ||
| 147 | const X509_VERIFY_PARAM *src) | ||
| 148 | { | ||
| 149 | unsigned long inh_flags; | ||
| 150 | int to_default, to_overwrite; | ||
| 151 | if (!src) | ||
| 152 | return 1; | ||
| 153 | inh_flags = dest->inh_flags | src->inh_flags; | ||
| 154 | |||
| 155 | if (inh_flags & X509_VP_FLAG_ONCE) | ||
| 156 | dest->inh_flags = 0; | ||
| 157 | |||
| 158 | if (inh_flags & X509_VP_FLAG_LOCKED) | ||
| 159 | return 1; | ||
| 160 | |||
| 161 | if (inh_flags & X509_VP_FLAG_DEFAULT) | ||
| 162 | to_default = 1; | ||
| 163 | else | ||
| 164 | to_default = 0; | ||
| 165 | |||
| 166 | if (inh_flags & X509_VP_FLAG_OVERWRITE) | ||
| 167 | to_overwrite = 1; | ||
| 168 | else | ||
| 169 | to_overwrite = 0; | ||
| 170 | |||
| 171 | x509_verify_param_copy(purpose, 0); | ||
| 172 | x509_verify_param_copy(trust, 0); | ||
| 173 | x509_verify_param_copy(depth, -1); | ||
| 174 | |||
| 175 | /* If overwrite or check time not set, copy across */ | ||
| 176 | |||
| 177 | if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) | ||
| 178 | { | ||
| 179 | dest->check_time = src->check_time; | ||
| 180 | dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; | ||
| 181 | /* Don't need to copy flag: that is done below */ | ||
| 182 | } | ||
| 183 | |||
| 184 | if (inh_flags & X509_VP_FLAG_RESET_FLAGS) | ||
| 185 | dest->flags = 0; | ||
| 186 | |||
| 187 | dest->flags |= src->flags; | ||
| 188 | |||
| 189 | if (test_x509_verify_param_copy(policies, NULL)) | ||
| 190 | { | ||
| 191 | if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) | ||
| 192 | return 0; | ||
| 193 | } | ||
| 194 | |||
| 195 | return 1; | ||
| 196 | } | ||
| 197 | |||
| 198 | int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, | ||
| 199 | const X509_VERIFY_PARAM *from) | ||
| 200 | { | ||
| 201 | to->inh_flags |= X509_VP_FLAG_DEFAULT; | ||
| 202 | return X509_VERIFY_PARAM_inherit(to, from); | ||
| 203 | } | ||
| 204 | |||
| 205 | int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) | ||
| 206 | { | ||
| 207 | if (param->name) | ||
| 208 | OPENSSL_free(param->name); | ||
| 209 | param->name = BUF_strdup(name); | ||
| 210 | if (param->name) | ||
| 211 | return 1; | ||
| 212 | return 0; | ||
| 213 | } | ||
| 214 | |||
| 215 | int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) | ||
| 216 | { | ||
| 217 | param->flags |= flags; | ||
| 218 | if (flags & X509_V_FLAG_POLICY_MASK) | ||
| 219 | param->flags |= X509_V_FLAG_POLICY_CHECK; | ||
| 220 | return 1; | ||
| 221 | } | ||
| 222 | |||
| 223 | int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags) | ||
| 224 | { | ||
| 225 | param->flags &= ~flags; | ||
| 226 | return 1; | ||
| 227 | } | ||
| 228 | |||
| 229 | unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) | ||
| 230 | { | ||
| 231 | return param->flags; | ||
| 232 | } | ||
| 233 | |||
| 234 | int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) | ||
| 235 | { | ||
| 236 | return X509_PURPOSE_set(¶m->purpose, purpose); | ||
| 237 | } | ||
| 238 | |||
| 239 | int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) | ||
| 240 | { | ||
| 241 | return X509_TRUST_set(¶m->trust, trust); | ||
| 242 | } | ||
| 243 | |||
| 244 | void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) | ||
| 245 | { | ||
| 246 | param->depth = depth; | ||
| 247 | } | ||
| 248 | |||
| 249 | void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) | ||
| 250 | { | ||
| 251 | param->check_time = t; | ||
| 252 | param->flags |= X509_V_FLAG_USE_CHECK_TIME; | ||
| 253 | } | ||
| 254 | |||
| 255 | int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) | ||
| 256 | { | ||
| 257 | if (!param->policies) | ||
| 258 | { | ||
| 259 | param->policies = sk_ASN1_OBJECT_new_null(); | ||
| 260 | if (!param->policies) | ||
| 261 | return 0; | ||
| 262 | } | ||
| 263 | if (!sk_ASN1_OBJECT_push(param->policies, policy)) | ||
| 264 | return 0; | ||
| 265 | return 1; | ||
| 266 | } | ||
| 267 | |||
| 268 | int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, | ||
| 269 | STACK_OF(ASN1_OBJECT) *policies) | ||
| 270 | { | ||
| 271 | int i; | ||
| 272 | ASN1_OBJECT *oid, *doid; | ||
| 273 | if (!param) | ||
| 274 | return 0; | ||
| 275 | if (param->policies) | ||
| 276 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); | ||
| 277 | |||
| 278 | if (!policies) | ||
| 279 | { | ||
| 280 | param->policies = NULL; | ||
| 281 | return 1; | ||
| 282 | } | ||
| 283 | |||
| 284 | param->policies = sk_ASN1_OBJECT_new_null(); | ||
| 285 | if (!param->policies) | ||
| 286 | return 0; | ||
| 287 | |||
| 288 | for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) | ||
| 289 | { | ||
| 290 | oid = sk_ASN1_OBJECT_value(policies, i); | ||
| 291 | doid = OBJ_dup(oid); | ||
| 292 | if (!doid) | ||
| 293 | return 0; | ||
| 294 | if (!sk_ASN1_OBJECT_push(param->policies, doid)) | ||
| 295 | { | ||
| 296 | ASN1_OBJECT_free(doid); | ||
| 297 | return 0; | ||
| 298 | } | ||
| 299 | } | ||
| 300 | param->flags |= X509_V_FLAG_POLICY_CHECK; | ||
| 301 | return 1; | ||
| 302 | } | ||
| 303 | |||
| 304 | int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) | ||
| 305 | { | ||
| 306 | return param->depth; | ||
| 307 | } | ||
| 308 | |||
| 309 | /* Default verify parameters: these are used for various | ||
| 310 | * applications and can be overridden by the user specified table. | ||
| 311 | * NB: the 'name' field *must* be in alphabetical order because it | ||
| 312 | * will be searched using OBJ_search. | ||
| 313 | */ | ||
| 314 | |||
| 315 | static const X509_VERIFY_PARAM default_table[] = { | ||
| 316 | { | ||
| 317 | "default", /* X509 default parameters */ | ||
| 318 | 0, /* Check time */ | ||
| 319 | 0, /* internal flags */ | ||
| 320 | 0, /* flags */ | ||
| 321 | 0, /* purpose */ | ||
| 322 | 0, /* trust */ | ||
| 323 | 100, /* depth */ | ||
| 324 | NULL /* policies */ | ||
| 325 | }, | ||
| 326 | { | ||
| 327 | "pkcs7", /* S/MIME signing parameters */ | ||
| 328 | 0, /* Check time */ | ||
| 329 | 0, /* internal flags */ | ||
| 330 | 0, /* flags */ | ||
| 331 | X509_PURPOSE_SMIME_SIGN, /* purpose */ | ||
| 332 | X509_TRUST_EMAIL, /* trust */ | ||
| 333 | -1, /* depth */ | ||
| 334 | NULL /* policies */ | ||
| 335 | }, | ||
| 336 | { | ||
| 337 | "smime_sign", /* S/MIME signing parameters */ | ||
| 338 | 0, /* Check time */ | ||
| 339 | 0, /* internal flags */ | ||
| 340 | 0, /* flags */ | ||
| 341 | X509_PURPOSE_SMIME_SIGN, /* purpose */ | ||
| 342 | X509_TRUST_EMAIL, /* trust */ | ||
| 343 | -1, /* depth */ | ||
| 344 | NULL /* policies */ | ||
| 345 | }, | ||
| 346 | { | ||
| 347 | "ssl_client", /* SSL/TLS client parameters */ | ||
| 348 | 0, /* Check time */ | ||
| 349 | 0, /* internal flags */ | ||
| 350 | 0, /* flags */ | ||
| 351 | X509_PURPOSE_SSL_CLIENT, /* purpose */ | ||
| 352 | X509_TRUST_SSL_CLIENT, /* trust */ | ||
| 353 | -1, /* depth */ | ||
| 354 | NULL /* policies */ | ||
| 355 | }, | ||
| 356 | { | ||
| 357 | "ssl_server", /* SSL/TLS server parameters */ | ||
| 358 | 0, /* Check time */ | ||
| 359 | 0, /* internal flags */ | ||
| 360 | 0, /* flags */ | ||
| 361 | X509_PURPOSE_SSL_SERVER, /* purpose */ | ||
| 362 | X509_TRUST_SSL_SERVER, /* trust */ | ||
| 363 | -1, /* depth */ | ||
| 364 | NULL /* policies */ | ||
| 365 | }}; | ||
| 366 | |||
| 367 | static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; | ||
| 368 | |||
| 369 | static int table_cmp(const void *pa, const void *pb) | ||
| 370 | { | ||
| 371 | const X509_VERIFY_PARAM *a = pa, *b = pb; | ||
| 372 | return strcmp(a->name, b->name); | ||
| 373 | } | ||
| 374 | |||
| 375 | static int param_cmp(const X509_VERIFY_PARAM * const *a, | ||
| 376 | const X509_VERIFY_PARAM * const *b) | ||
| 377 | { | ||
| 378 | return strcmp((*a)->name, (*b)->name); | ||
| 379 | } | ||
| 380 | |||
| 381 | int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) | ||
| 382 | { | ||
| 383 | int idx; | ||
| 384 | X509_VERIFY_PARAM *ptmp; | ||
| 385 | if (!param_table) | ||
| 386 | { | ||
| 387 | param_table = sk_X509_VERIFY_PARAM_new(param_cmp); | ||
| 388 | if (!param_table) | ||
| 389 | return 0; | ||
| 390 | } | ||
| 391 | else | ||
| 392 | { | ||
| 393 | idx = sk_X509_VERIFY_PARAM_find(param_table, param); | ||
| 394 | if (idx != -1) | ||
| 395 | { | ||
| 396 | ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); | ||
| 397 | X509_VERIFY_PARAM_free(ptmp); | ||
| 398 | (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); | ||
| 399 | } | ||
| 400 | } | ||
| 401 | if (!sk_X509_VERIFY_PARAM_push(param_table, param)) | ||
| 402 | return 0; | ||
| 403 | return 1; | ||
| 404 | } | ||
| 405 | |||
| 406 | const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) | ||
| 407 | { | ||
| 408 | int idx; | ||
| 409 | X509_VERIFY_PARAM pm; | ||
| 410 | pm.name = (char *)name; | ||
| 411 | if (param_table) | ||
| 412 | { | ||
| 413 | idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); | ||
| 414 | if (idx != -1) | ||
| 415 | return sk_X509_VERIFY_PARAM_value(param_table, idx); | ||
| 416 | } | ||
| 417 | return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm, | ||
| 418 | (char *)&default_table, | ||
| 419 | sizeof(default_table)/sizeof(X509_VERIFY_PARAM), | ||
| 420 | sizeof(X509_VERIFY_PARAM), | ||
| 421 | table_cmp); | ||
| 422 | } | ||
| 423 | |||
| 424 | void X509_VERIFY_PARAM_table_cleanup(void) | ||
| 425 | { | ||
| 426 | if (param_table) | ||
| 427 | sk_X509_VERIFY_PARAM_pop_free(param_table, | ||
| 428 | X509_VERIFY_PARAM_free); | ||
| 429 | param_table = NULL; | ||
| 430 | } | ||
diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c deleted file mode 100644 index 7f4004b291..0000000000 --- a/src/lib/libcrypto/x509/x509cset.c +++ /dev/null | |||
| @@ -1,170 +0,0 @@ | |||
| 1 | /* crypto/x509/x509cset.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 2001. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2001 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/asn1.h> | ||
| 62 | #include <openssl/objects.h> | ||
| 63 | #include <openssl/evp.h> | ||
| 64 | #include <openssl/x509.h> | ||
| 65 | |||
| 66 | int X509_CRL_set_version(X509_CRL *x, long version) | ||
| 67 | { | ||
| 68 | if (x == NULL) return(0); | ||
| 69 | if (x->crl->version == NULL) | ||
| 70 | { | ||
| 71 | if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL) | ||
| 72 | return(0); | ||
| 73 | } | ||
| 74 | return(ASN1_INTEGER_set(x->crl->version,version)); | ||
| 75 | } | ||
| 76 | |||
| 77 | int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) | ||
| 78 | { | ||
| 79 | if ((x == NULL) || (x->crl == NULL)) return(0); | ||
| 80 | return(X509_NAME_set(&x->crl->issuer,name)); | ||
| 81 | } | ||
| 82 | |||
| 83 | |||
| 84 | int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm) | ||
| 85 | { | ||
| 86 | ASN1_TIME *in; | ||
| 87 | |||
| 88 | if (x == NULL) return(0); | ||
| 89 | in=x->crl->lastUpdate; | ||
| 90 | if (in != tm) | ||
| 91 | { | ||
| 92 | in=M_ASN1_TIME_dup(tm); | ||
| 93 | if (in != NULL) | ||
| 94 | { | ||
| 95 | M_ASN1_TIME_free(x->crl->lastUpdate); | ||
| 96 | x->crl->lastUpdate=in; | ||
| 97 | } | ||
| 98 | } | ||
| 99 | return(in != NULL); | ||
| 100 | } | ||
| 101 | |||
| 102 | int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm) | ||
| 103 | { | ||
| 104 | ASN1_TIME *in; | ||
| 105 | |||
| 106 | if (x == NULL) return(0); | ||
| 107 | in=x->crl->nextUpdate; | ||
| 108 | if (in != tm) | ||
| 109 | { | ||
| 110 | in=M_ASN1_TIME_dup(tm); | ||
| 111 | if (in != NULL) | ||
| 112 | { | ||
| 113 | M_ASN1_TIME_free(x->crl->nextUpdate); | ||
| 114 | x->crl->nextUpdate=in; | ||
| 115 | } | ||
| 116 | } | ||
| 117 | return(in != NULL); | ||
| 118 | } | ||
| 119 | |||
| 120 | int X509_CRL_sort(X509_CRL *c) | ||
| 121 | { | ||
| 122 | int i; | ||
| 123 | X509_REVOKED *r; | ||
| 124 | /* sort the data so it will be written in serial | ||
| 125 | * number order */ | ||
| 126 | sk_X509_REVOKED_sort(c->crl->revoked); | ||
| 127 | for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++) | ||
| 128 | { | ||
| 129 | r=sk_X509_REVOKED_value(c->crl->revoked,i); | ||
| 130 | r->sequence=i; | ||
| 131 | } | ||
| 132 | c->crl->enc.modified = 1; | ||
| 133 | return 1; | ||
| 134 | } | ||
| 135 | |||
| 136 | int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) | ||
| 137 | { | ||
| 138 | ASN1_TIME *in; | ||
| 139 | |||
| 140 | if (x == NULL) return(0); | ||
| 141 | in=x->revocationDate; | ||
| 142 | if (in != tm) | ||
| 143 | { | ||
| 144 | in=M_ASN1_TIME_dup(tm); | ||
| 145 | if (in != NULL) | ||
| 146 | { | ||
| 147 | M_ASN1_TIME_free(x->revocationDate); | ||
| 148 | x->revocationDate=in; | ||
| 149 | } | ||
| 150 | } | ||
| 151 | return(in != NULL); | ||
| 152 | } | ||
| 153 | |||
| 154 | int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) | ||
| 155 | { | ||
| 156 | ASN1_INTEGER *in; | ||
| 157 | |||
| 158 | if (x == NULL) return(0); | ||
| 159 | in=x->serialNumber; | ||
| 160 | if (in != serial) | ||
| 161 | { | ||
| 162 | in=M_ASN1_INTEGER_dup(serial); | ||
| 163 | if (in != NULL) | ||
| 164 | { | ||
| 165 | M_ASN1_INTEGER_free(x->serialNumber); | ||
| 166 | x->serialNumber=in; | ||
| 167 | } | ||
| 168 | } | ||
| 169 | return(in != NULL); | ||
| 170 | } | ||
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c deleted file mode 100644 index 068abfe5f0..0000000000 --- a/src/lib/libcrypto/x509/x509name.c +++ /dev/null | |||
| @@ -1,383 +0,0 @@ | |||
| 1 | /* crypto/x509/x509name.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <openssl/stack.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/objects.h> | ||
| 64 | #include <openssl/evp.h> | ||
| 65 | #include <openssl/x509.h> | ||
| 66 | |||
| 67 | int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) | ||
| 68 | { | ||
| 69 | ASN1_OBJECT *obj; | ||
| 70 | |||
| 71 | obj=OBJ_nid2obj(nid); | ||
| 72 | if (obj == NULL) return(-1); | ||
| 73 | return(X509_NAME_get_text_by_OBJ(name,obj,buf,len)); | ||
| 74 | } | ||
| 75 | |||
| 76 | int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf, | ||
| 77 | int len) | ||
| 78 | { | ||
| 79 | int i; | ||
| 80 | ASN1_STRING *data; | ||
| 81 | |||
| 82 | i=X509_NAME_get_index_by_OBJ(name,obj,-1); | ||
| 83 | if (i < 0) return(-1); | ||
| 84 | data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i)); | ||
| 85 | i=(data->length > (len-1))?(len-1):data->length; | ||
| 86 | if (buf == NULL) return(data->length); | ||
| 87 | memcpy(buf,data->data,i); | ||
| 88 | buf[i]='\0'; | ||
| 89 | return(i); | ||
| 90 | } | ||
| 91 | |||
| 92 | int X509_NAME_entry_count(X509_NAME *name) | ||
| 93 | { | ||
| 94 | if (name == NULL) return(0); | ||
| 95 | return(sk_X509_NAME_ENTRY_num(name->entries)); | ||
| 96 | } | ||
| 97 | |||
| 98 | int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) | ||
| 99 | { | ||
| 100 | ASN1_OBJECT *obj; | ||
| 101 | |||
| 102 | obj=OBJ_nid2obj(nid); | ||
| 103 | if (obj == NULL) return(-2); | ||
| 104 | return(X509_NAME_get_index_by_OBJ(name,obj,lastpos)); | ||
| 105 | } | ||
| 106 | |||
| 107 | /* NOTE: you should be passsing -1, not 0 as lastpos */ | ||
| 108 | int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, | ||
| 109 | int lastpos) | ||
| 110 | { | ||
| 111 | int n; | ||
| 112 | X509_NAME_ENTRY *ne; | ||
| 113 | STACK_OF(X509_NAME_ENTRY) *sk; | ||
| 114 | |||
| 115 | if (name == NULL) return(-1); | ||
| 116 | if (lastpos < 0) | ||
| 117 | lastpos= -1; | ||
| 118 | sk=name->entries; | ||
| 119 | n=sk_X509_NAME_ENTRY_num(sk); | ||
| 120 | for (lastpos++; lastpos < n; lastpos++) | ||
| 121 | { | ||
| 122 | ne=sk_X509_NAME_ENTRY_value(sk,lastpos); | ||
| 123 | if (OBJ_cmp(ne->object,obj) == 0) | ||
| 124 | return(lastpos); | ||
| 125 | } | ||
| 126 | return(-1); | ||
| 127 | } | ||
| 128 | |||
| 129 | X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) | ||
| 130 | { | ||
| 131 | if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc | ||
| 132 | || loc < 0) | ||
| 133 | return(NULL); | ||
| 134 | else | ||
| 135 | return(sk_X509_NAME_ENTRY_value(name->entries,loc)); | ||
| 136 | } | ||
| 137 | |||
| 138 | X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) | ||
| 139 | { | ||
| 140 | X509_NAME_ENTRY *ret; | ||
| 141 | int i,n,set_prev,set_next; | ||
| 142 | STACK_OF(X509_NAME_ENTRY) *sk; | ||
| 143 | |||
| 144 | if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc | ||
| 145 | || loc < 0) | ||
| 146 | return(NULL); | ||
| 147 | sk=name->entries; | ||
| 148 | ret=sk_X509_NAME_ENTRY_delete(sk,loc); | ||
| 149 | n=sk_X509_NAME_ENTRY_num(sk); | ||
| 150 | name->modified=1; | ||
| 151 | if (loc == n) return(ret); | ||
| 152 | |||
| 153 | /* else we need to fixup the set field */ | ||
| 154 | if (loc != 0) | ||
| 155 | set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set; | ||
| 156 | else | ||
| 157 | set_prev=ret->set-1; | ||
| 158 | set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set; | ||
| 159 | |||
| 160 | /* set_prev is the previous set | ||
| 161 | * set is the current set | ||
| 162 | * set_next is the following | ||
| 163 | * prev 1 1 1 1 1 1 1 1 | ||
| 164 | * set 1 1 2 2 | ||
| 165 | * next 1 1 2 2 2 2 3 2 | ||
| 166 | * so basically only if prev and next differ by 2, then | ||
| 167 | * re-number down by 1 */ | ||
| 168 | if (set_prev+1 < set_next) | ||
| 169 | for (i=loc; i<n; i++) | ||
| 170 | sk_X509_NAME_ENTRY_value(sk,i)->set--; | ||
| 171 | return(ret); | ||
| 172 | } | ||
| 173 | |||
| 174 | int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, | ||
| 175 | unsigned char *bytes, int len, int loc, int set) | ||
| 176 | { | ||
| 177 | X509_NAME_ENTRY *ne; | ||
| 178 | int ret; | ||
| 179 | ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); | ||
| 180 | if(!ne) return 0; | ||
| 181 | ret = X509_NAME_add_entry(name, ne, loc, set); | ||
| 182 | X509_NAME_ENTRY_free(ne); | ||
| 183 | return ret; | ||
| 184 | } | ||
| 185 | |||
| 186 | int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, | ||
| 187 | unsigned char *bytes, int len, int loc, int set) | ||
| 188 | { | ||
| 189 | X509_NAME_ENTRY *ne; | ||
| 190 | int ret; | ||
| 191 | ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); | ||
| 192 | if(!ne) return 0; | ||
| 193 | ret = X509_NAME_add_entry(name, ne, loc, set); | ||
| 194 | X509_NAME_ENTRY_free(ne); | ||
| 195 | return ret; | ||
| 196 | } | ||
| 197 | |||
| 198 | int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, | ||
| 199 | const unsigned char *bytes, int len, int loc, int set) | ||
| 200 | { | ||
| 201 | X509_NAME_ENTRY *ne; | ||
| 202 | int ret; | ||
| 203 | ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len); | ||
| 204 | if(!ne) return 0; | ||
| 205 | ret = X509_NAME_add_entry(name, ne, loc, set); | ||
| 206 | X509_NAME_ENTRY_free(ne); | ||
| 207 | return ret; | ||
| 208 | } | ||
| 209 | |||
| 210 | /* if set is -1, append to previous set, 0 'a new one', and 1, | ||
| 211 | * prepend to the guy we are about to stomp on. */ | ||
| 212 | int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, | ||
| 213 | int set) | ||
| 214 | { | ||
| 215 | X509_NAME_ENTRY *new_name=NULL; | ||
| 216 | int n,i,inc; | ||
| 217 | STACK_OF(X509_NAME_ENTRY) *sk; | ||
| 218 | |||
| 219 | if (name == NULL) return(0); | ||
| 220 | sk=name->entries; | ||
| 221 | n=sk_X509_NAME_ENTRY_num(sk); | ||
| 222 | if (loc > n) loc=n; | ||
| 223 | else if (loc < 0) loc=n; | ||
| 224 | |||
| 225 | name->modified=1; | ||
| 226 | |||
| 227 | if (set == -1) | ||
| 228 | { | ||
| 229 | if (loc == 0) | ||
| 230 | { | ||
| 231 | set=0; | ||
| 232 | inc=1; | ||
| 233 | } | ||
| 234 | else | ||
| 235 | { | ||
| 236 | set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set; | ||
| 237 | inc=0; | ||
| 238 | } | ||
| 239 | } | ||
| 240 | else /* if (set >= 0) */ | ||
| 241 | { | ||
| 242 | if (loc >= n) | ||
| 243 | { | ||
| 244 | if (loc != 0) | ||
| 245 | set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1; | ||
| 246 | else | ||
| 247 | set=0; | ||
| 248 | } | ||
| 249 | else | ||
| 250 | set=sk_X509_NAME_ENTRY_value(sk,loc)->set; | ||
| 251 | inc=(set == 0)?1:0; | ||
| 252 | } | ||
| 253 | |||
| 254 | if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL) | ||
| 255 | goto err; | ||
| 256 | new_name->set=set; | ||
| 257 | if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc)) | ||
| 258 | { | ||
| 259 | X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); | ||
| 260 | goto err; | ||
| 261 | } | ||
| 262 | if (inc) | ||
| 263 | { | ||
| 264 | n=sk_X509_NAME_ENTRY_num(sk); | ||
| 265 | for (i=loc+1; i<n; i++) | ||
| 266 | sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1; | ||
| 267 | } | ||
| 268 | return(1); | ||
| 269 | err: | ||
| 270 | if (new_name != NULL) | ||
| 271 | X509_NAME_ENTRY_free(new_name); | ||
| 272 | return(0); | ||
| 273 | } | ||
| 274 | |||
| 275 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, | ||
| 276 | const char *field, int type, const unsigned char *bytes, int len) | ||
| 277 | { | ||
| 278 | ASN1_OBJECT *obj; | ||
| 279 | X509_NAME_ENTRY *nentry; | ||
| 280 | |||
| 281 | obj=OBJ_txt2obj(field, 0); | ||
| 282 | if (obj == NULL) | ||
| 283 | { | ||
| 284 | X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, | ||
| 285 | X509_R_INVALID_FIELD_NAME); | ||
| 286 | ERR_add_error_data(2, "name=", field); | ||
| 287 | return(NULL); | ||
| 288 | } | ||
| 289 | nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); | ||
| 290 | ASN1_OBJECT_free(obj); | ||
| 291 | return nentry; | ||
| 292 | } | ||
| 293 | |||
| 294 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, | ||
| 295 | int type, unsigned char *bytes, int len) | ||
| 296 | { | ||
| 297 | ASN1_OBJECT *obj; | ||
| 298 | X509_NAME_ENTRY *nentry; | ||
| 299 | |||
| 300 | obj=OBJ_nid2obj(nid); | ||
| 301 | if (obj == NULL) | ||
| 302 | { | ||
| 303 | X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); | ||
| 304 | return(NULL); | ||
| 305 | } | ||
| 306 | nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); | ||
| 307 | ASN1_OBJECT_free(obj); | ||
| 308 | return nentry; | ||
| 309 | } | ||
| 310 | |||
| 311 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, | ||
| 312 | ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) | ||
| 313 | { | ||
| 314 | X509_NAME_ENTRY *ret; | ||
| 315 | |||
| 316 | if ((ne == NULL) || (*ne == NULL)) | ||
| 317 | { | ||
| 318 | if ((ret=X509_NAME_ENTRY_new()) == NULL) | ||
| 319 | return(NULL); | ||
| 320 | } | ||
| 321 | else | ||
| 322 | ret= *ne; | ||
| 323 | |||
| 324 | if (!X509_NAME_ENTRY_set_object(ret,obj)) | ||
| 325 | goto err; | ||
| 326 | if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) | ||
| 327 | goto err; | ||
| 328 | |||
| 329 | if ((ne != NULL) && (*ne == NULL)) *ne=ret; | ||
| 330 | return(ret); | ||
| 331 | err: | ||
| 332 | if ((ne == NULL) || (ret != *ne)) | ||
| 333 | X509_NAME_ENTRY_free(ret); | ||
| 334 | return(NULL); | ||
| 335 | } | ||
| 336 | |||
| 337 | int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) | ||
| 338 | { | ||
| 339 | if ((ne == NULL) || (obj == NULL)) | ||
| 340 | { | ||
| 341 | X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER); | ||
| 342 | return(0); | ||
| 343 | } | ||
| 344 | ASN1_OBJECT_free(ne->object); | ||
| 345 | ne->object=OBJ_dup(obj); | ||
| 346 | return((ne->object == NULL)?0:1); | ||
| 347 | } | ||
| 348 | |||
| 349 | int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, | ||
| 350 | const unsigned char *bytes, int len) | ||
| 351 | { | ||
| 352 | int i; | ||
| 353 | |||
| 354 | if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); | ||
| 355 | if((type > 0) && (type & MBSTRING_FLAG)) | ||
| 356 | return ASN1_STRING_set_by_NID(&ne->value, bytes, | ||
| 357 | len, type, | ||
| 358 | OBJ_obj2nid(ne->object)) ? 1 : 0; | ||
| 359 | if (len < 0) len=strlen((char *)bytes); | ||
| 360 | i=ASN1_STRING_set(ne->value,bytes,len); | ||
| 361 | if (!i) return(0); | ||
| 362 | if (type != V_ASN1_UNDEF) | ||
| 363 | { | ||
| 364 | if (type == V_ASN1_APP_CHOOSE) | ||
| 365 | ne->value->type=ASN1_PRINTABLE_type(bytes,len); | ||
| 366 | else | ||
| 367 | ne->value->type=type; | ||
| 368 | } | ||
| 369 | return(1); | ||
| 370 | } | ||
| 371 | |||
| 372 | ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) | ||
| 373 | { | ||
| 374 | if (ne == NULL) return(NULL); | ||
| 375 | return(ne->object); | ||
| 376 | } | ||
| 377 | |||
| 378 | ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) | ||
| 379 | { | ||
| 380 | if (ne == NULL) return(NULL); | ||
| 381 | return(ne->value); | ||
| 382 | } | ||
| 383 | |||
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c deleted file mode 100644 index d9f6b57372..0000000000 --- a/src/lib/libcrypto/x509/x509rset.c +++ /dev/null | |||
| @@ -1,83 +0,0 @@ | |||
| 1 | /* crypto/x509/x509rset.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/asn1.h> | ||
| 62 | #include <openssl/objects.h> | ||
| 63 | #include <openssl/evp.h> | ||
| 64 | #include <openssl/x509.h> | ||
| 65 | |||
| 66 | int X509_REQ_set_version(X509_REQ *x, long version) | ||
| 67 | { | ||
| 68 | if (x == NULL) return(0); | ||
| 69 | return(ASN1_INTEGER_set(x->req_info->version,version)); | ||
| 70 | } | ||
| 71 | |||
| 72 | int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) | ||
| 73 | { | ||
| 74 | if ((x == NULL) || (x->req_info == NULL)) return(0); | ||
| 75 | return(X509_NAME_set(&x->req_info->subject,name)); | ||
| 76 | } | ||
| 77 | |||
| 78 | int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) | ||
| 79 | { | ||
| 80 | if ((x == NULL) || (x->req_info == NULL)) return(0); | ||
| 81 | return(X509_PUBKEY_set(&x->req_info->pubkey,pkey)); | ||
| 82 | } | ||
| 83 | |||
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c deleted file mode 100644 index 02a203d72c..0000000000 --- a/src/lib/libcrypto/x509/x509spki.c +++ /dev/null | |||
| @@ -1,121 +0,0 @@ | |||
| 1 | /* x509spki.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/x509.h> | ||
| 62 | |||
| 63 | int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) | ||
| 64 | { | ||
| 65 | if ((x == NULL) || (x->spkac == NULL)) return(0); | ||
| 66 | return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey)); | ||
| 67 | } | ||
| 68 | |||
| 69 | EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) | ||
| 70 | { | ||
| 71 | if ((x == NULL) || (x->spkac == NULL)) | ||
| 72 | return(NULL); | ||
| 73 | return(X509_PUBKEY_get(x->spkac->pubkey)); | ||
| 74 | } | ||
| 75 | |||
| 76 | /* Load a Netscape SPKI from a base64 encoded string */ | ||
| 77 | |||
| 78 | NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) | ||
| 79 | { | ||
| 80 | unsigned char *spki_der; | ||
| 81 | const unsigned char *p; | ||
| 82 | int spki_len; | ||
| 83 | NETSCAPE_SPKI *spki; | ||
| 84 | if(len <= 0) len = strlen(str); | ||
| 85 | if (!(spki_der = OPENSSL_malloc(len + 1))) { | ||
| 86 | X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); | ||
| 87 | return NULL; | ||
| 88 | } | ||
| 89 | spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len); | ||
| 90 | if(spki_len < 0) { | ||
| 91 | X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, | ||
| 92 | X509_R_BASE64_DECODE_ERROR); | ||
| 93 | OPENSSL_free(spki_der); | ||
| 94 | return NULL; | ||
| 95 | } | ||
| 96 | p = spki_der; | ||
| 97 | spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); | ||
| 98 | OPENSSL_free(spki_der); | ||
| 99 | return spki; | ||
| 100 | } | ||
| 101 | |||
| 102 | /* Generate a base64 encoded string from an SPKI */ | ||
| 103 | |||
| 104 | char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) | ||
| 105 | { | ||
| 106 | unsigned char *der_spki, *p; | ||
| 107 | char *b64_str; | ||
| 108 | int der_len; | ||
| 109 | der_len = i2d_NETSCAPE_SPKI(spki, NULL); | ||
| 110 | der_spki = OPENSSL_malloc(der_len); | ||
| 111 | b64_str = OPENSSL_malloc(der_len * 2); | ||
| 112 | if(!der_spki || !b64_str) { | ||
| 113 | X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); | ||
| 114 | return NULL; | ||
| 115 | } | ||
| 116 | p = der_spki; | ||
| 117 | i2d_NETSCAPE_SPKI(spki, &p); | ||
| 118 | EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); | ||
| 119 | OPENSSL_free(der_spki); | ||
| 120 | return b64_str; | ||
| 121 | } | ||
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c deleted file mode 100644 index 2cd994c5b0..0000000000 --- a/src/lib/libcrypto/x509/x509type.c +++ /dev/null | |||
| @@ -1,121 +0,0 @@ | |||
| 1 | /* crypto/x509/x509type.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/evp.h> | ||
| 62 | #include <openssl/objects.h> | ||
| 63 | #include <openssl/x509.h> | ||
| 64 | |||
| 65 | int X509_certificate_type(X509 *x, EVP_PKEY *pkey) | ||
| 66 | { | ||
| 67 | EVP_PKEY *pk; | ||
| 68 | int ret=0,i; | ||
| 69 | |||
| 70 | if (x == NULL) return(0); | ||
| 71 | |||
| 72 | if (pkey == NULL) | ||
| 73 | pk=X509_get_pubkey(x); | ||
| 74 | else | ||
| 75 | pk=pkey; | ||
| 76 | |||
| 77 | if (pk == NULL) return(0); | ||
| 78 | |||
| 79 | switch (pk->type) | ||
| 80 | { | ||
| 81 | case EVP_PKEY_RSA: | ||
| 82 | ret=EVP_PK_RSA|EVP_PKT_SIGN; | ||
| 83 | /* if (!sign only extension) */ | ||
| 84 | ret|=EVP_PKT_ENC; | ||
| 85 | break; | ||
| 86 | case EVP_PKEY_DSA: | ||
| 87 | ret=EVP_PK_DSA|EVP_PKT_SIGN; | ||
| 88 | break; | ||
| 89 | case EVP_PKEY_EC: | ||
| 90 | ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH; | ||
| 91 | break; | ||
| 92 | case EVP_PKEY_DH: | ||
| 93 | ret=EVP_PK_DH|EVP_PKT_EXCH; | ||
| 94 | break; | ||
| 95 | default: | ||
| 96 | break; | ||
| 97 | } | ||
| 98 | |||
| 99 | i=X509_get_signature_type(x); | ||
| 100 | switch (i) | ||
| 101 | { | ||
| 102 | case EVP_PKEY_RSA: | ||
| 103 | ret|=EVP_PKS_RSA; | ||
| 104 | break; | ||
| 105 | case EVP_PKEY_DSA: | ||
| 106 | ret|=EVP_PKS_DSA; | ||
| 107 | break; | ||
| 108 | case EVP_PKEY_EC: | ||
| 109 | ret|=EVP_PKS_EC; | ||
| 110 | break; | ||
| 111 | default: | ||
| 112 | break; | ||
| 113 | } | ||
| 114 | |||
| 115 | if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look | ||
| 116 | for, not bytes */ | ||
| 117 | ret|=EVP_PKT_EXP; | ||
| 118 | if(pkey==NULL) EVP_PKEY_free(pk); | ||
| 119 | return(ret); | ||
| 120 | } | ||
| 121 | |||
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c deleted file mode 100644 index 9039caad60..0000000000 --- a/src/lib/libcrypto/x509/x_all.c +++ /dev/null | |||
| @@ -1,522 +0,0 @@ | |||
| 1 | /* crypto/x509/x_all.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #undef SSLEAY_MACROS | ||
| 61 | #include <openssl/stack.h> | ||
| 62 | #include "cryptlib.h" | ||
| 63 | #include <openssl/buffer.h> | ||
| 64 | #include <openssl/asn1.h> | ||
| 65 | #include <openssl/evp.h> | ||
| 66 | #include <openssl/x509.h> | ||
| 67 | #ifndef OPENSSL_NO_RSA | ||
| 68 | #include <openssl/rsa.h> | ||
| 69 | #endif | ||
| 70 | #ifndef OPENSSL_NO_DSA | ||
| 71 | #include <openssl/dsa.h> | ||
| 72 | #endif | ||
| 73 | |||
| 74 | int X509_verify(X509 *a, EVP_PKEY *r) | ||
| 75 | { | ||
| 76 | return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, | ||
| 77 | a->signature,a->cert_info,r)); | ||
| 78 | } | ||
| 79 | |||
| 80 | int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) | ||
| 81 | { | ||
| 82 | return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), | ||
| 83 | a->sig_alg,a->signature,a->req_info,r)); | ||
| 84 | } | ||
| 85 | |||
| 86 | int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r) | ||
| 87 | { | ||
| 88 | return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), | ||
| 89 | a->sig_alg, a->signature,a->crl,r)); | ||
| 90 | } | ||
| 91 | |||
| 92 | int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) | ||
| 93 | { | ||
| 94 | return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), | ||
| 95 | a->sig_algor,a->signature,a->spkac,r)); | ||
| 96 | } | ||
| 97 | |||
| 98 | int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) | ||
| 99 | { | ||
| 100 | return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, | ||
| 101 | x->sig_alg, x->signature, x->cert_info,pkey,md)); | ||
| 102 | } | ||
| 103 | |||
| 104 | int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) | ||
| 105 | { | ||
| 106 | return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL, | ||
| 107 | x->signature, x->req_info,pkey,md)); | ||
| 108 | } | ||
| 109 | |||
| 110 | int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) | ||
| 111 | { | ||
| 112 | x->crl->enc.modified = 1; | ||
| 113 | return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg, | ||
| 114 | x->sig_alg, x->signature, x->crl,pkey,md)); | ||
| 115 | } | ||
| 116 | |||
| 117 | int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) | ||
| 118 | { | ||
| 119 | return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL, | ||
| 120 | x->signature, x->spkac,pkey,md)); | ||
| 121 | } | ||
| 122 | |||
| 123 | #ifndef OPENSSL_NO_FP_API | ||
| 124 | X509 *d2i_X509_fp(FILE *fp, X509 **x509) | ||
| 125 | { | ||
| 126 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); | ||
| 127 | } | ||
| 128 | |||
| 129 | int i2d_X509_fp(FILE *fp, X509 *x509) | ||
| 130 | { | ||
| 131 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); | ||
| 132 | } | ||
| 133 | #endif | ||
| 134 | |||
| 135 | X509 *d2i_X509_bio(BIO *bp, X509 **x509) | ||
| 136 | { | ||
| 137 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); | ||
| 138 | } | ||
| 139 | |||
| 140 | int i2d_X509_bio(BIO *bp, X509 *x509) | ||
| 141 | { | ||
| 142 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); | ||
| 143 | } | ||
| 144 | |||
| 145 | #ifndef OPENSSL_NO_FP_API | ||
| 146 | X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) | ||
| 147 | { | ||
| 148 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); | ||
| 149 | } | ||
| 150 | |||
| 151 | int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) | ||
| 152 | { | ||
| 153 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); | ||
| 154 | } | ||
| 155 | #endif | ||
| 156 | |||
| 157 | X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) | ||
| 158 | { | ||
| 159 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); | ||
| 160 | } | ||
| 161 | |||
| 162 | int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) | ||
| 163 | { | ||
| 164 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); | ||
| 165 | } | ||
| 166 | |||
| 167 | #ifndef OPENSSL_NO_FP_API | ||
| 168 | PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) | ||
| 169 | { | ||
| 170 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); | ||
| 171 | } | ||
| 172 | |||
| 173 | int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7) | ||
| 174 | { | ||
| 175 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); | ||
| 176 | } | ||
| 177 | #endif | ||
| 178 | |||
| 179 | PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) | ||
| 180 | { | ||
| 181 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); | ||
| 182 | } | ||
| 183 | |||
| 184 | int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) | ||
| 185 | { | ||
| 186 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); | ||
| 187 | } | ||
| 188 | |||
| 189 | #ifndef OPENSSL_NO_FP_API | ||
| 190 | X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) | ||
| 191 | { | ||
| 192 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); | ||
| 193 | } | ||
| 194 | |||
| 195 | int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) | ||
| 196 | { | ||
| 197 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); | ||
| 198 | } | ||
| 199 | #endif | ||
| 200 | |||
| 201 | X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) | ||
| 202 | { | ||
| 203 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); | ||
| 204 | } | ||
| 205 | |||
| 206 | int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) | ||
| 207 | { | ||
| 208 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); | ||
| 209 | } | ||
| 210 | |||
| 211 | #ifndef OPENSSL_NO_RSA | ||
| 212 | |||
| 213 | #ifndef OPENSSL_NO_FP_API | ||
| 214 | RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) | ||
| 215 | { | ||
| 216 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); | ||
| 217 | } | ||
| 218 | |||
| 219 | int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) | ||
| 220 | { | ||
| 221 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); | ||
| 222 | } | ||
| 223 | |||
| 224 | RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) | ||
| 225 | { | ||
| 226 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); | ||
| 227 | } | ||
| 228 | |||
| 229 | |||
| 230 | RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) | ||
| 231 | { | ||
| 232 | return ASN1_d2i_fp((void *(*)(void)) | ||
| 233 | RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp, | ||
| 234 | (void **)rsa); | ||
| 235 | } | ||
| 236 | |||
| 237 | int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) | ||
| 238 | { | ||
| 239 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); | ||
| 240 | } | ||
| 241 | |||
| 242 | int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) | ||
| 243 | { | ||
| 244 | return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa); | ||
| 245 | } | ||
| 246 | #endif | ||
| 247 | |||
| 248 | RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) | ||
| 249 | { | ||
| 250 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); | ||
| 251 | } | ||
| 252 | |||
| 253 | int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) | ||
| 254 | { | ||
| 255 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); | ||
| 256 | } | ||
| 257 | |||
| 258 | RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) | ||
| 259 | { | ||
| 260 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); | ||
| 261 | } | ||
| 262 | |||
| 263 | |||
| 264 | RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) | ||
| 265 | { | ||
| 266 | return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa); | ||
| 267 | } | ||
| 268 | |||
| 269 | int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) | ||
| 270 | { | ||
| 271 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); | ||
| 272 | } | ||
| 273 | |||
| 274 | int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) | ||
| 275 | { | ||
| 276 | return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa); | ||
| 277 | } | ||
| 278 | #endif | ||
| 279 | |||
| 280 | #ifndef OPENSSL_NO_DSA | ||
| 281 | #ifndef OPENSSL_NO_FP_API | ||
| 282 | DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) | ||
| 283 | { | ||
| 284 | return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa); | ||
| 285 | } | ||
| 286 | |||
| 287 | int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) | ||
| 288 | { | ||
| 289 | return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa); | ||
| 290 | } | ||
| 291 | |||
| 292 | DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) | ||
| 293 | { | ||
| 294 | return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa); | ||
| 295 | } | ||
| 296 | |||
| 297 | int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) | ||
| 298 | { | ||
| 299 | return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa); | ||
| 300 | } | ||
| 301 | #endif | ||
| 302 | |||
| 303 | DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) | ||
| 304 | { | ||
| 305 | return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa | ||
| 306 | ); | ||
| 307 | } | ||
| 308 | |||
| 309 | int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) | ||
| 310 | { | ||
| 311 | return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa); | ||
| 312 | } | ||
| 313 | |||
| 314 | DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) | ||
| 315 | { | ||
| 316 | return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa); | ||
| 317 | } | ||
| 318 | |||
| 319 | int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) | ||
| 320 | { | ||
| 321 | return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa); | ||
| 322 | } | ||
| 323 | |||
| 324 | #endif | ||
| 325 | |||
| 326 | #ifndef OPENSSL_NO_EC | ||
| 327 | #ifndef OPENSSL_NO_FP_API | ||
| 328 | EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) | ||
| 329 | { | ||
| 330 | return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey); | ||
| 331 | } | ||
| 332 | |||
| 333 | int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) | ||
| 334 | { | ||
| 335 | return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey); | ||
| 336 | } | ||
| 337 | |||
| 338 | EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) | ||
| 339 | { | ||
| 340 | return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey); | ||
| 341 | } | ||
| 342 | |||
| 343 | int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) | ||
| 344 | { | ||
| 345 | return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey); | ||
| 346 | } | ||
| 347 | #endif | ||
| 348 | EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) | ||
| 349 | { | ||
| 350 | return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey); | ||
| 351 | } | ||
| 352 | |||
| 353 | int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) | ||
| 354 | { | ||
| 355 | return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa); | ||
| 356 | } | ||
| 357 | |||
| 358 | EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) | ||
| 359 | { | ||
| 360 | return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey); | ||
| 361 | } | ||
| 362 | |||
| 363 | int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey) | ||
| 364 | { | ||
| 365 | return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey); | ||
| 366 | } | ||
| 367 | #endif | ||
| 368 | |||
| 369 | |||
| 370 | int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, | ||
| 371 | unsigned int *len) | ||
| 372 | { | ||
| 373 | ASN1_BIT_STRING *key; | ||
| 374 | key = X509_get0_pubkey_bitstr(data); | ||
| 375 | if(!key) return 0; | ||
| 376 | return EVP_Digest(key->data, key->length, md, len, type, NULL); | ||
| 377 | } | ||
| 378 | |||
| 379 | int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, | ||
| 380 | unsigned int *len) | ||
| 381 | { | ||
| 382 | return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len)); | ||
| 383 | } | ||
| 384 | |||
| 385 | int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, | ||
| 386 | unsigned int *len) | ||
| 387 | { | ||
| 388 | return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len)); | ||
| 389 | } | ||
| 390 | |||
| 391 | int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, | ||
| 392 | unsigned int *len) | ||
| 393 | { | ||
| 394 | return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len)); | ||
| 395 | } | ||
| 396 | |||
| 397 | int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, | ||
| 398 | unsigned int *len) | ||
| 399 | { | ||
| 400 | return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len)); | ||
| 401 | } | ||
| 402 | |||
| 403 | int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, | ||
| 404 | unsigned char *md, unsigned int *len) | ||
| 405 | { | ||
| 406 | return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type, | ||
| 407 | (char *)data,md,len)); | ||
| 408 | } | ||
| 409 | |||
| 410 | |||
| 411 | #ifndef OPENSSL_NO_FP_API | ||
| 412 | X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) | ||
| 413 | { | ||
| 414 | return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8); | ||
| 415 | } | ||
| 416 | |||
| 417 | int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) | ||
| 418 | { | ||
| 419 | return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8); | ||
| 420 | } | ||
| 421 | #endif | ||
| 422 | |||
| 423 | X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) | ||
| 424 | { | ||
| 425 | return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8); | ||
| 426 | } | ||
| 427 | |||
| 428 | int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) | ||
| 429 | { | ||
| 430 | return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8); | ||
| 431 | } | ||
| 432 | |||
| 433 | #ifndef OPENSSL_NO_FP_API | ||
| 434 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, | ||
| 435 | PKCS8_PRIV_KEY_INFO **p8inf) | ||
| 436 | { | ||
| 437 | return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, | ||
| 438 | d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf); | ||
| 439 | } | ||
| 440 | |||
| 441 | int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) | ||
| 442 | { | ||
| 443 | return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp, | ||
| 444 | p8inf); | ||
| 445 | } | ||
| 446 | |||
| 447 | int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) | ||
| 448 | { | ||
| 449 | PKCS8_PRIV_KEY_INFO *p8inf; | ||
| 450 | int ret; | ||
| 451 | p8inf = EVP_PKEY2PKCS8(key); | ||
| 452 | if(!p8inf) return 0; | ||
| 453 | ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); | ||
| 454 | PKCS8_PRIV_KEY_INFO_free(p8inf); | ||
| 455 | return ret; | ||
| 456 | } | ||
| 457 | |||
| 458 | int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) | ||
| 459 | { | ||
| 460 | return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey); | ||
| 461 | } | ||
| 462 | |||
| 463 | EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) | ||
| 464 | { | ||
| 465 | return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a); | ||
| 466 | } | ||
| 467 | |||
| 468 | int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) | ||
| 469 | { | ||
| 470 | return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey); | ||
| 471 | } | ||
| 472 | |||
| 473 | EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) | ||
| 474 | { | ||
| 475 | return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a); | ||
| 476 | } | ||
| 477 | |||
| 478 | #endif | ||
| 479 | |||
| 480 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, | ||
| 481 | PKCS8_PRIV_KEY_INFO **p8inf) | ||
| 482 | { | ||
| 483 | return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, | ||
| 484 | d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf); | ||
| 485 | } | ||
| 486 | |||
| 487 | int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) | ||
| 488 | { | ||
| 489 | return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp, | ||
| 490 | p8inf); | ||
| 491 | } | ||
| 492 | |||
| 493 | int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) | ||
| 494 | { | ||
| 495 | PKCS8_PRIV_KEY_INFO *p8inf; | ||
| 496 | int ret; | ||
| 497 | p8inf = EVP_PKEY2PKCS8(key); | ||
| 498 | if(!p8inf) return 0; | ||
| 499 | ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); | ||
| 500 | PKCS8_PRIV_KEY_INFO_free(p8inf); | ||
| 501 | return ret; | ||
| 502 | } | ||
| 503 | |||
| 504 | int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) | ||
| 505 | { | ||
| 506 | return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey); | ||
| 507 | } | ||
| 508 | |||
| 509 | EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) | ||
| 510 | { | ||
| 511 | return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a); | ||
| 512 | } | ||
| 513 | |||
| 514 | int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) | ||
| 515 | { | ||
| 516 | return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey); | ||
| 517 | } | ||
| 518 | |||
| 519 | EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) | ||
| 520 | { | ||
| 521 | return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a); | ||
| 522 | } | ||
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h deleted file mode 100644 index 3eaec46f8a..0000000000 --- a/src/lib/libcrypto/x509v3/ext_dat.h +++ /dev/null | |||
| @@ -1,131 +0,0 @@ | |||
| 1 | /* ext_dat.h */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | /* This file contains a table of "standard" extensions */ | ||
| 59 | |||
| 60 | extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; | ||
| 61 | extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; | ||
| 62 | extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; | ||
| 63 | extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; | ||
| 64 | extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld; | ||
| 65 | extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; | ||
| 66 | extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; | ||
| 67 | extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; | ||
| 68 | extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; | ||
| 69 | extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp; | ||
| 70 | #ifndef OPENSSL_NO_RFC3779 | ||
| 71 | extern X509V3_EXT_METHOD v3_addr, v3_asid; | ||
| 72 | #endif | ||
| 73 | |||
| 74 | /* This table will be searched using OBJ_bsearch so it *must* kept in | ||
| 75 | * order of the ext_nid values. | ||
| 76 | */ | ||
| 77 | |||
| 78 | static X509V3_EXT_METHOD *standard_exts[] = { | ||
| 79 | &v3_nscert, | ||
| 80 | &v3_ns_ia5_list[0], | ||
| 81 | &v3_ns_ia5_list[1], | ||
| 82 | &v3_ns_ia5_list[2], | ||
| 83 | &v3_ns_ia5_list[3], | ||
| 84 | &v3_ns_ia5_list[4], | ||
| 85 | &v3_ns_ia5_list[5], | ||
| 86 | &v3_ns_ia5_list[6], | ||
| 87 | &v3_skey_id, | ||
| 88 | &v3_key_usage, | ||
| 89 | &v3_pkey_usage_period, | ||
| 90 | &v3_alt[0], | ||
| 91 | &v3_alt[1], | ||
| 92 | &v3_bcons, | ||
| 93 | &v3_crl_num, | ||
| 94 | &v3_cpols, | ||
| 95 | &v3_akey_id, | ||
| 96 | &v3_crld, | ||
| 97 | &v3_ext_ku, | ||
| 98 | &v3_delta_crl, | ||
| 99 | &v3_crl_reason, | ||
| 100 | #ifndef OPENSSL_NO_OCSP | ||
| 101 | &v3_crl_invdate, | ||
| 102 | #endif | ||
| 103 | &v3_sxnet, | ||
| 104 | &v3_info, | ||
| 105 | #ifndef OPENSSL_NO_RFC3779 | ||
| 106 | &v3_addr, | ||
| 107 | &v3_asid, | ||
| 108 | #endif | ||
| 109 | #ifndef OPENSSL_NO_OCSP | ||
| 110 | &v3_ocsp_nonce, | ||
| 111 | &v3_ocsp_crlid, | ||
| 112 | &v3_ocsp_accresp, | ||
| 113 | &v3_ocsp_nocheck, | ||
| 114 | &v3_ocsp_acutoff, | ||
| 115 | &v3_ocsp_serviceloc, | ||
| 116 | #endif | ||
| 117 | &v3_sinfo, | ||
| 118 | &v3_policy_constraints, | ||
| 119 | #ifndef OPENSSL_NO_OCSP | ||
| 120 | &v3_crl_hold, | ||
| 121 | #endif | ||
| 122 | &v3_pci, | ||
| 123 | &v3_name_constraints, | ||
| 124 | &v3_policy_mappings, | ||
| 125 | &v3_inhibit_anyp | ||
| 126 | }; | ||
| 127 | |||
| 128 | /* Number of standard extensions */ | ||
| 129 | |||
| 130 | #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) | ||
| 131 | |||
diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c deleted file mode 100644 index 1030931b71..0000000000 --- a/src/lib/libcrypto/x509v3/pcy_cache.c +++ /dev/null | |||
| @@ -1,287 +0,0 @@ | |||
| 1 | /* pcy_cache.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 2004. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include "cryptlib.h" | ||
| 60 | #include <openssl/x509.h> | ||
| 61 | #include <openssl/x509v3.h> | ||
| 62 | |||
| 63 | #include "pcy_int.h" | ||
| 64 | |||
| 65 | static int policy_data_cmp(const X509_POLICY_DATA * const *a, | ||
| 66 | const X509_POLICY_DATA * const *b); | ||
| 67 | static int policy_cache_set_int(long *out, ASN1_INTEGER *value); | ||
| 68 | |||
| 69 | /* Set cache entry according to CertificatePolicies extension. | ||
| 70 | * Note: this destroys the passed CERTIFICATEPOLICIES structure. | ||
| 71 | */ | ||
| 72 | |||
| 73 | static int policy_cache_create(X509 *x, | ||
| 74 | CERTIFICATEPOLICIES *policies, int crit) | ||
| 75 | { | ||
| 76 | int i; | ||
| 77 | int ret = 0; | ||
| 78 | X509_POLICY_CACHE *cache = x->policy_cache; | ||
| 79 | X509_POLICY_DATA *data = NULL; | ||
| 80 | POLICYINFO *policy; | ||
| 81 | if (sk_POLICYINFO_num(policies) == 0) | ||
| 82 | goto bad_policy; | ||
| 83 | cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); | ||
| 84 | if (!cache->data) | ||
| 85 | goto bad_policy; | ||
| 86 | for (i = 0; i < sk_POLICYINFO_num(policies); i++) | ||
| 87 | { | ||
| 88 | policy = sk_POLICYINFO_value(policies, i); | ||
| 89 | data = policy_data_new(policy, NULL, crit); | ||
| 90 | if (!data) | ||
| 91 | goto bad_policy; | ||
| 92 | /* Duplicate policy OIDs are illegal: reject if matches | ||
| 93 | * found. | ||
| 94 | */ | ||
| 95 | if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) | ||
| 96 | { | ||
| 97 | if (cache->anyPolicy) | ||
| 98 | { | ||
| 99 | ret = -1; | ||
| 100 | goto bad_policy; | ||
| 101 | } | ||
| 102 | cache->anyPolicy = data; | ||
| 103 | } | ||
| 104 | else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) | ||
| 105 | { | ||
| 106 | ret = -1; | ||
| 107 | goto bad_policy; | ||
| 108 | } | ||
| 109 | else if (!sk_X509_POLICY_DATA_push(cache->data, data)) | ||
| 110 | goto bad_policy; | ||
| 111 | data = NULL; | ||
| 112 | } | ||
| 113 | ret = 1; | ||
| 114 | bad_policy: | ||
| 115 | if (ret == -1) | ||
| 116 | x->ex_flags |= EXFLAG_INVALID_POLICY; | ||
| 117 | if (data) | ||
| 118 | policy_data_free(data); | ||
| 119 | sk_POLICYINFO_pop_free(policies, POLICYINFO_free); | ||
| 120 | if (ret <= 0) | ||
| 121 | { | ||
| 122 | sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); | ||
| 123 | cache->data = NULL; | ||
| 124 | } | ||
| 125 | return ret; | ||
| 126 | } | ||
| 127 | |||
| 128 | |||
| 129 | static int policy_cache_new(X509 *x) | ||
| 130 | { | ||
| 131 | X509_POLICY_CACHE *cache; | ||
| 132 | ASN1_INTEGER *ext_any = NULL; | ||
| 133 | POLICY_CONSTRAINTS *ext_pcons = NULL; | ||
| 134 | CERTIFICATEPOLICIES *ext_cpols = NULL; | ||
| 135 | POLICY_MAPPINGS *ext_pmaps = NULL; | ||
| 136 | int i; | ||
| 137 | cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); | ||
| 138 | if (!cache) | ||
| 139 | return 0; | ||
| 140 | cache->anyPolicy = NULL; | ||
| 141 | cache->data = NULL; | ||
| 142 | cache->maps = NULL; | ||
| 143 | cache->any_skip = -1; | ||
| 144 | cache->explicit_skip = -1; | ||
| 145 | cache->map_skip = -1; | ||
| 146 | |||
| 147 | x->policy_cache = cache; | ||
| 148 | |||
| 149 | /* Handle requireExplicitPolicy *first*. Need to process this | ||
| 150 | * even if we don't have any policies. | ||
| 151 | */ | ||
| 152 | ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); | ||
| 153 | |||
| 154 | if (!ext_pcons) | ||
| 155 | { | ||
| 156 | if (i != -1) | ||
| 157 | goto bad_cache; | ||
| 158 | } | ||
| 159 | else | ||
| 160 | { | ||
| 161 | if (!ext_pcons->requireExplicitPolicy | ||
| 162 | && !ext_pcons->inhibitPolicyMapping) | ||
| 163 | goto bad_cache; | ||
| 164 | if (!policy_cache_set_int(&cache->explicit_skip, | ||
| 165 | ext_pcons->requireExplicitPolicy)) | ||
| 166 | goto bad_cache; | ||
| 167 | if (!policy_cache_set_int(&cache->map_skip, | ||
| 168 | ext_pcons->inhibitPolicyMapping)) | ||
| 169 | goto bad_cache; | ||
| 170 | } | ||
| 171 | |||
| 172 | /* Process CertificatePolicies */ | ||
| 173 | |||
| 174 | ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL); | ||
| 175 | /* If no CertificatePolicies extension or problem decoding then | ||
| 176 | * there is no point continuing because the valid policies will be | ||
| 177 | * NULL. | ||
| 178 | */ | ||
| 179 | if (!ext_cpols) | ||
| 180 | { | ||
| 181 | /* If not absent some problem with extension */ | ||
| 182 | if (i != -1) | ||
| 183 | goto bad_cache; | ||
| 184 | return 1; | ||
| 185 | } | ||
| 186 | |||
| 187 | i = policy_cache_create(x, ext_cpols, i); | ||
| 188 | |||
| 189 | /* NB: ext_cpols freed by policy_cache_set_policies */ | ||
| 190 | |||
| 191 | if (i <= 0) | ||
| 192 | return i; | ||
| 193 | |||
| 194 | ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); | ||
| 195 | |||
| 196 | if (!ext_pmaps) | ||
| 197 | { | ||
| 198 | /* If not absent some problem with extension */ | ||
| 199 | if (i != -1) | ||
| 200 | goto bad_cache; | ||
| 201 | } | ||
| 202 | else | ||
| 203 | { | ||
| 204 | i = policy_cache_set_mapping(x, ext_pmaps); | ||
| 205 | if (i <= 0) | ||
| 206 | goto bad_cache; | ||
| 207 | } | ||
| 208 | |||
| 209 | ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); | ||
| 210 | |||
| 211 | if (!ext_any) | ||
| 212 | { | ||
| 213 | if (i != -1) | ||
| 214 | goto bad_cache; | ||
| 215 | } | ||
| 216 | else if (!policy_cache_set_int(&cache->any_skip, ext_any)) | ||
| 217 | goto bad_cache; | ||
| 218 | |||
| 219 | if (0) | ||
| 220 | { | ||
| 221 | bad_cache: | ||
| 222 | x->ex_flags |= EXFLAG_INVALID_POLICY; | ||
| 223 | } | ||
| 224 | |||
| 225 | if(ext_pcons) | ||
| 226 | POLICY_CONSTRAINTS_free(ext_pcons); | ||
| 227 | |||
| 228 | if (ext_any) | ||
| 229 | ASN1_INTEGER_free(ext_any); | ||
| 230 | |||
| 231 | return 1; | ||
| 232 | |||
| 233 | |||
| 234 | } | ||
| 235 | |||
| 236 | void policy_cache_free(X509_POLICY_CACHE *cache) | ||
| 237 | { | ||
| 238 | if (!cache) | ||
| 239 | return; | ||
| 240 | if (cache->anyPolicy) | ||
| 241 | policy_data_free(cache->anyPolicy); | ||
| 242 | if (cache->data) | ||
| 243 | sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); | ||
| 244 | OPENSSL_free(cache); | ||
| 245 | } | ||
| 246 | |||
| 247 | const X509_POLICY_CACHE *policy_cache_set(X509 *x) | ||
| 248 | { | ||
| 249 | |||
| 250 | if (x->policy_cache == NULL) | ||
| 251 | { | ||
| 252 | CRYPTO_w_lock(CRYPTO_LOCK_X509); | ||
| 253 | policy_cache_new(x); | ||
| 254 | CRYPTO_w_unlock(CRYPTO_LOCK_X509); | ||
| 255 | } | ||
| 256 | |||
| 257 | return x->policy_cache; | ||
| 258 | |||
| 259 | } | ||
| 260 | |||
| 261 | X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, | ||
| 262 | const ASN1_OBJECT *id) | ||
| 263 | { | ||
| 264 | int idx; | ||
| 265 | X509_POLICY_DATA tmp; | ||
| 266 | tmp.valid_policy = (ASN1_OBJECT *)id; | ||
| 267 | idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); | ||
| 268 | if (idx == -1) | ||
| 269 | return NULL; | ||
| 270 | return sk_X509_POLICY_DATA_value(cache->data, idx); | ||
| 271 | } | ||
| 272 | |||
| 273 | static int policy_data_cmp(const X509_POLICY_DATA * const *a, | ||
| 274 | const X509_POLICY_DATA * const *b) | ||
| 275 | { | ||
| 276 | return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); | ||
| 277 | } | ||
| 278 | |||
| 279 | static int policy_cache_set_int(long *out, ASN1_INTEGER *value) | ||
| 280 | { | ||
| 281 | if (value == NULL) | ||
| 282 | return 1; | ||
| 283 | if (value->type == V_ASN1_NEG_INTEGER) | ||
| 284 | return 0; | ||
| 285 | *out = ASN1_INTEGER_get(value); | ||
| 286 | return 1; | ||
| 287 | } | ||
diff --git a/src/lib/libcrypto/x509v3/pcy_data.c b/src/lib/libcrypto/x509v3/pcy_data.c deleted file mode 100644 index fb392b901f..0000000000 --- a/src/lib/libcrypto/x509v3/pcy_data.c +++ /dev/null | |||
| @@ -1,131 +0,0 @@ | |||
| 1 | /* pcy_data.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 2004. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include "cryptlib.h" | ||
| 60 | #include <openssl/x509.h> | ||
| 61 | #include <openssl/x509v3.h> | ||
| 62 | |||
| 63 | #include "pcy_int.h" | ||
| 64 | |||
| 65 | /* Policy Node routines */ | ||
| 66 | |||
| 67 | void policy_data_free(X509_POLICY_DATA *data) | ||
| 68 | { | ||
| 69 | ASN1_OBJECT_free(data->valid_policy); | ||
| 70 | /* Don't free qualifiers if shared */ | ||
| 71 | if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) | ||
| 72 | sk_POLICYQUALINFO_pop_free(data->qualifier_set, | ||
| 73 | POLICYQUALINFO_free); | ||
| 74 | sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free); | ||
| 75 | OPENSSL_free(data); | ||
| 76 | } | ||
| 77 | |||
| 78 | /* Create a data based on an existing policy. If 'id' is NULL use the | ||
| 79 | * oid in the policy, otherwise use 'id'. This behaviour covers the two | ||
| 80 | * types of data in RFC3280: data with from a CertificatePolcies extension | ||
| 81 | * and additional data with just the qualifiers of anyPolicy and ID from | ||
| 82 | * another source. | ||
| 83 | */ | ||
| 84 | |||
| 85 | X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit) | ||
| 86 | { | ||
| 87 | X509_POLICY_DATA *ret; | ||
| 88 | if (!policy && !id) | ||
| 89 | return NULL; | ||
| 90 | if (id) | ||
| 91 | { | ||
| 92 | id = OBJ_dup(id); | ||
| 93 | if (!id) | ||
| 94 | return NULL; | ||
| 95 | } | ||
| 96 | ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); | ||
| 97 | if (!ret) | ||
| 98 | return NULL; | ||
| 99 | ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); | ||
| 100 | if (!ret->expected_policy_set) | ||
| 101 | { | ||
| 102 | OPENSSL_free(ret); | ||
| 103 | if (id) | ||
| 104 | ASN1_OBJECT_free(id); | ||
| 105 | return NULL; | ||
| 106 | } | ||
| 107 | |||
| 108 | if (crit) | ||
| 109 | ret->flags = POLICY_DATA_FLAG_CRITICAL; | ||
| 110 | else | ||
| 111 | ret->flags = 0; | ||
| 112 | |||
| 113 | if (id) | ||
| 114 | ret->valid_policy = id; | ||
| 115 | else | ||
| 116 | { | ||
| 117 | ret->valid_policy = policy->policyid; | ||
| 118 | policy->policyid = NULL; | ||
| 119 | } | ||
| 120 | |||
| 121 | if (policy) | ||
| 122 | { | ||
| 123 | ret->qualifier_set = policy->qualifiers; | ||
| 124 | policy->qualifiers = NULL; | ||
| 125 | } | ||
| 126 | else | ||
| 127 | ret->qualifier_set = NULL; | ||
| 128 | |||
| 129 | return ret; | ||
| 130 | } | ||
| 131 | |||
diff --git a/src/lib/libcrypto/x509v3/pcy_int.h b/src/lib/libcrypto/x509v3/pcy_int.h deleted file mode 100644 index 3780de4fcd..0000000000 --- a/src/lib/libcrypto/x509v3/pcy_int.h +++ /dev/null | |||
| @@ -1,223 +0,0 @@ | |||
| 1 | /* pcy_int.h */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 2004. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | DECLARE_STACK_OF(X509_POLICY_DATA) | ||
| 60 | DECLARE_STACK_OF(X509_POLICY_REF) | ||
| 61 | DECLARE_STACK_OF(X509_POLICY_NODE) | ||
| 62 | |||
| 63 | typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; | ||
| 64 | typedef struct X509_POLICY_REF_st X509_POLICY_REF; | ||
| 65 | |||
| 66 | /* Internal structures */ | ||
| 67 | |||
| 68 | /* This structure and the field names correspond to the Policy 'node' of | ||
| 69 | * RFC3280. NB this structure contains no pointers to parent or child | ||
| 70 | * data: X509_POLICY_NODE contains that. This means that the main policy data | ||
| 71 | * can be kept static and cached with the certificate. | ||
| 72 | */ | ||
| 73 | |||
| 74 | struct X509_POLICY_DATA_st | ||
| 75 | { | ||
| 76 | unsigned int flags; | ||
| 77 | /* Policy OID and qualifiers for this data */ | ||
| 78 | ASN1_OBJECT *valid_policy; | ||
| 79 | STACK_OF(POLICYQUALINFO) *qualifier_set; | ||
| 80 | STACK_OF(ASN1_OBJECT) *expected_policy_set; | ||
| 81 | }; | ||
| 82 | |||
| 83 | /* X509_POLICY_DATA flags values */ | ||
| 84 | |||
| 85 | /* This flag indicates the structure has been mapped using a policy mapping | ||
| 86 | * extension. If policy mapping is not active its references get deleted. | ||
| 87 | */ | ||
| 88 | |||
| 89 | #define POLICY_DATA_FLAG_MAPPED 0x1 | ||
| 90 | |||
| 91 | /* This flag indicates the data doesn't correspond to a policy in Certificate | ||
| 92 | * Policies: it has been mapped to any policy. | ||
| 93 | */ | ||
| 94 | |||
| 95 | #define POLICY_DATA_FLAG_MAPPED_ANY 0x2 | ||
| 96 | |||
| 97 | /* AND with flags to see if any mapping has occurred */ | ||
| 98 | |||
| 99 | #define POLICY_DATA_FLAG_MAP_MASK 0x3 | ||
| 100 | |||
| 101 | /* qualifiers are shared and shouldn't be freed */ | ||
| 102 | |||
| 103 | #define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 | ||
| 104 | |||
| 105 | /* Parent node is an extra node and should be freed */ | ||
| 106 | |||
| 107 | #define POLICY_DATA_FLAG_EXTRA_NODE 0x8 | ||
| 108 | |||
| 109 | /* Corresponding CertificatePolicies is critical */ | ||
| 110 | |||
| 111 | #define POLICY_DATA_FLAG_CRITICAL 0x10 | ||
| 112 | |||
| 113 | /* This structure is an entry from a table of mapped policies which | ||
| 114 | * cross reference the policy it refers to. | ||
| 115 | */ | ||
| 116 | |||
| 117 | struct X509_POLICY_REF_st | ||
| 118 | { | ||
| 119 | ASN1_OBJECT *subjectDomainPolicy; | ||
| 120 | const X509_POLICY_DATA *data; | ||
| 121 | }; | ||
| 122 | |||
| 123 | /* This structure is cached with a certificate */ | ||
| 124 | |||
| 125 | struct X509_POLICY_CACHE_st { | ||
| 126 | /* anyPolicy data or NULL if no anyPolicy */ | ||
| 127 | X509_POLICY_DATA *anyPolicy; | ||
| 128 | /* other policy data */ | ||
| 129 | STACK_OF(X509_POLICY_DATA) *data; | ||
| 130 | /* If policyMappings extension present a table of mapped policies */ | ||
| 131 | STACK_OF(X509_POLICY_REF) *maps; | ||
| 132 | /* If InhibitAnyPolicy present this is its value or -1 if absent. */ | ||
| 133 | long any_skip; | ||
| 134 | /* If policyConstraints and requireExplicitPolicy present this is its | ||
| 135 | * value or -1 if absent. | ||
| 136 | */ | ||
| 137 | long explicit_skip; | ||
| 138 | /* If policyConstraints and policyMapping present this is its | ||
| 139 | * value or -1 if absent. | ||
| 140 | */ | ||
| 141 | long map_skip; | ||
| 142 | }; | ||
| 143 | |||
| 144 | /*#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL*/ | ||
| 145 | |||
| 146 | /* This structure represents the relationship between nodes */ | ||
| 147 | |||
| 148 | struct X509_POLICY_NODE_st | ||
| 149 | { | ||
| 150 | /* node data this refers to */ | ||
| 151 | const X509_POLICY_DATA *data; | ||
| 152 | /* Parent node */ | ||
| 153 | X509_POLICY_NODE *parent; | ||
| 154 | /* Number of child nodes */ | ||
| 155 | int nchild; | ||
| 156 | }; | ||
| 157 | |||
| 158 | struct X509_POLICY_LEVEL_st | ||
| 159 | { | ||
| 160 | /* Cert for this level */ | ||
| 161 | X509 *cert; | ||
| 162 | /* nodes at this level */ | ||
| 163 | STACK_OF(X509_POLICY_NODE) *nodes; | ||
| 164 | /* anyPolicy node */ | ||
| 165 | X509_POLICY_NODE *anyPolicy; | ||
| 166 | /* Extra data */ | ||
| 167 | /*STACK_OF(X509_POLICY_DATA) *extra_data;*/ | ||
| 168 | unsigned int flags; | ||
| 169 | }; | ||
| 170 | |||
| 171 | struct X509_POLICY_TREE_st | ||
| 172 | { | ||
| 173 | /* This is the tree 'level' data */ | ||
| 174 | X509_POLICY_LEVEL *levels; | ||
| 175 | int nlevel; | ||
| 176 | /* Extra policy data when additional nodes (not from the certificate) | ||
| 177 | * are required. | ||
| 178 | */ | ||
| 179 | STACK_OF(X509_POLICY_DATA) *extra_data; | ||
| 180 | /* This is the authority constained policy set */ | ||
| 181 | STACK_OF(X509_POLICY_NODE) *auth_policies; | ||
| 182 | STACK_OF(X509_POLICY_NODE) *user_policies; | ||
| 183 | unsigned int flags; | ||
| 184 | }; | ||
| 185 | |||
| 186 | /* Set if anyPolicy present in user policies */ | ||
| 187 | #define POLICY_FLAG_ANY_POLICY 0x2 | ||
| 188 | |||
| 189 | /* Useful macros */ | ||
| 190 | |||
| 191 | #define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL) | ||
| 192 | #define node_critical(node) node_data_critical(node->data) | ||
| 193 | |||
| 194 | /* Internal functions */ | ||
| 195 | |||
| 196 | X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, | ||
| 197 | int crit); | ||
| 198 | void policy_data_free(X509_POLICY_DATA *data); | ||
| 199 | |||
| 200 | X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, | ||
| 201 | const ASN1_OBJECT *id); | ||
| 202 | int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps); | ||
| 203 | |||
| 204 | |||
| 205 | STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void); | ||
| 206 | |||
| 207 | void policy_cache_init(void); | ||
| 208 | |||
| 209 | void policy_cache_free(X509_POLICY_CACHE *cache); | ||
| 210 | |||
| 211 | X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, | ||
| 212 | const ASN1_OBJECT *id); | ||
| 213 | |||
| 214 | X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, | ||
| 215 | const ASN1_OBJECT *id); | ||
| 216 | |||
| 217 | X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, | ||
| 218 | X509_POLICY_DATA *data, | ||
| 219 | X509_POLICY_NODE *parent, | ||
| 220 | X509_POLICY_TREE *tree); | ||
| 221 | void policy_node_free(X509_POLICY_NODE *node); | ||
| 222 | |||
| 223 | const X509_POLICY_CACHE *policy_cache_set(X509 *x); | ||
diff --git a/src/lib/libcrypto/x509v3/pcy_lib.c b/src/lib/libcrypto/x509v3/pcy_lib.c deleted file mode 100644 index 93bfd92703..0000000000 --- a/src/lib/libcrypto/x509v3/pcy_lib.c +++ /dev/null | |||
| @@ -1,167 +0,0 @@ | |||
| 1 | /* pcy_lib.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 2004. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | |||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/x509.h> | ||
| 62 | #include <openssl/x509v3.h> | ||
| 63 | |||
| 64 | #include "pcy_int.h" | ||
| 65 | |||
| 66 | /* accessor functions */ | ||
| 67 | |||
| 68 | /* X509_POLICY_TREE stuff */ | ||
| 69 | |||
| 70 | int X509_policy_tree_level_count(const X509_POLICY_TREE *tree) | ||
| 71 | { | ||
| 72 | if (!tree) | ||
| 73 | return 0; | ||
| 74 | return tree->nlevel; | ||
| 75 | } | ||
| 76 | |||
| 77 | X509_POLICY_LEVEL * | ||
| 78 | X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i) | ||
| 79 | { | ||
| 80 | if (!tree || (i < 0) || (i >= tree->nlevel)) | ||
| 81 | return NULL; | ||
| 82 | return tree->levels + i; | ||
| 83 | } | ||
| 84 | |||
| 85 | STACK_OF(X509_POLICY_NODE) * | ||
| 86 | X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree) | ||
| 87 | { | ||
| 88 | if (!tree) | ||
| 89 | return NULL; | ||
| 90 | return tree->auth_policies; | ||
| 91 | } | ||
| 92 | |||
| 93 | STACK_OF(X509_POLICY_NODE) * | ||
| 94 | X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree) | ||
| 95 | { | ||
| 96 | if (!tree) | ||
| 97 | return NULL; | ||
| 98 | if (tree->flags & POLICY_FLAG_ANY_POLICY) | ||
| 99 | return tree->auth_policies; | ||
| 100 | else | ||
| 101 | return tree->user_policies; | ||
| 102 | } | ||
| 103 | |||
| 104 | /* X509_POLICY_LEVEL stuff */ | ||
| 105 | |||
| 106 | int X509_policy_level_node_count(X509_POLICY_LEVEL *level) | ||
| 107 | { | ||
| 108 | int n; | ||
| 109 | if (!level) | ||
| 110 | return 0; | ||
| 111 | if (level->anyPolicy) | ||
| 112 | n = 1; | ||
| 113 | else | ||
| 114 | n = 0; | ||
| 115 | if (level->nodes) | ||
| 116 | n += sk_X509_POLICY_NODE_num(level->nodes); | ||
| 117 | return n; | ||
| 118 | } | ||
| 119 | |||
| 120 | X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i) | ||
| 121 | { | ||
| 122 | if (!level) | ||
| 123 | return NULL; | ||
| 124 | if (level->anyPolicy) | ||
| 125 | { | ||
| 126 | if (i == 0) | ||
| 127 | return level->anyPolicy; | ||
| 128 | i--; | ||
| 129 | } | ||
| 130 | return sk_X509_POLICY_NODE_value(level->nodes, i); | ||
| 131 | } | ||
| 132 | |||
| 133 | /* X509_POLICY_NODE stuff */ | ||
| 134 | |||
| 135 | const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) | ||
| 136 | { | ||
| 137 | if (!node) | ||
| 138 | return NULL; | ||
| 139 | return node->data->valid_policy; | ||
| 140 | } | ||
| 141 | |||
| 142 | #if 0 | ||
| 143 | int X509_policy_node_get_critical(const X509_POLICY_NODE *node) | ||
| 144 | { | ||
| 145 | if (node_critical(node)) | ||
| 146 | return 1; | ||
| 147 | return 0; | ||
| 148 | } | ||
| 149 | #endif | ||
| 150 | |||
| 151 | STACK_OF(POLICYQUALINFO) * | ||
| 152 | X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node) | ||
| 153 | { | ||
| 154 | if (!node) | ||
| 155 | return NULL; | ||
| 156 | return node->data->qualifier_set; | ||
| 157 | } | ||
| 158 | |||
| 159 | const X509_POLICY_NODE * | ||
| 160 | X509_policy_node_get0_parent(const X509_POLICY_NODE *node) | ||
| 161 | { | ||
| 162 | if (!node) | ||
| 163 | return NULL; | ||
| 164 | return node->parent; | ||
| 165 | } | ||
| 166 | |||
| 167 | |||
diff --git a/src/lib/libcrypto/x509v3/pcy_map.c b/src/lib/libcrypto/x509v3/pcy_map.c deleted file mode 100644 index f28796e6d4..0000000000 --- a/src/lib/libcrypto/x509v3/pcy_map.c +++ /dev/null | |||
| @@ -1,186 +0,0 @@ | |||
| 1 | /* pcy_map.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 2004. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include "cryptlib.h" | ||
| 60 | #include <openssl/x509.h> | ||
| 61 | #include <openssl/x509v3.h> | ||
| 62 | |||
| 63 | #include "pcy_int.h" | ||
| 64 | |||
| 65 | static int ref_cmp(const X509_POLICY_REF * const *a, | ||
| 66 | const X509_POLICY_REF * const *b) | ||
| 67 | { | ||
| 68 | return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); | ||
| 69 | } | ||
| 70 | |||
| 71 | static void policy_map_free(X509_POLICY_REF *map) | ||
| 72 | { | ||
| 73 | if (map->subjectDomainPolicy) | ||
| 74 | ASN1_OBJECT_free(map->subjectDomainPolicy); | ||
| 75 | OPENSSL_free(map); | ||
| 76 | } | ||
| 77 | |||
| 78 | static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id) | ||
| 79 | { | ||
| 80 | X509_POLICY_REF tmp; | ||
| 81 | int idx; | ||
| 82 | tmp.subjectDomainPolicy = id; | ||
| 83 | |||
| 84 | idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); | ||
| 85 | if (idx == -1) | ||
| 86 | return NULL; | ||
| 87 | return sk_X509_POLICY_REF_value(cache->maps, idx); | ||
| 88 | } | ||
| 89 | |||
| 90 | /* Set policy mapping entries in cache. | ||
| 91 | * Note: this modifies the passed POLICY_MAPPINGS structure | ||
| 92 | */ | ||
| 93 | |||
| 94 | int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) | ||
| 95 | { | ||
| 96 | POLICY_MAPPING *map; | ||
| 97 | X509_POLICY_REF *ref = NULL; | ||
| 98 | X509_POLICY_DATA *data; | ||
| 99 | X509_POLICY_CACHE *cache = x->policy_cache; | ||
| 100 | int i; | ||
| 101 | int ret = 0; | ||
| 102 | if (sk_POLICY_MAPPING_num(maps) == 0) | ||
| 103 | { | ||
| 104 | ret = -1; | ||
| 105 | goto bad_mapping; | ||
| 106 | } | ||
| 107 | cache->maps = sk_X509_POLICY_REF_new(ref_cmp); | ||
| 108 | for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) | ||
| 109 | { | ||
| 110 | map = sk_POLICY_MAPPING_value(maps, i); | ||
| 111 | /* Reject if map to or from anyPolicy */ | ||
| 112 | if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) | ||
| 113 | || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) | ||
| 114 | { | ||
| 115 | ret = -1; | ||
| 116 | goto bad_mapping; | ||
| 117 | } | ||
| 118 | |||
| 119 | /* If we've already mapped from this OID bad mapping */ | ||
| 120 | if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) | ||
| 121 | { | ||
| 122 | ret = -1; | ||
| 123 | goto bad_mapping; | ||
| 124 | } | ||
| 125 | |||
| 126 | /* Attempt to find matching policy data */ | ||
| 127 | data = policy_cache_find_data(cache, map->issuerDomainPolicy); | ||
| 128 | /* If we don't have anyPolicy can't map */ | ||
| 129 | if (!data && !cache->anyPolicy) | ||
| 130 | continue; | ||
| 131 | |||
| 132 | /* Create a NODE from anyPolicy */ | ||
| 133 | if (!data) | ||
| 134 | { | ||
| 135 | data = policy_data_new(NULL, map->issuerDomainPolicy, | ||
| 136 | cache->anyPolicy->flags | ||
| 137 | & POLICY_DATA_FLAG_CRITICAL); | ||
| 138 | if (!data) | ||
| 139 | goto bad_mapping; | ||
| 140 | data->qualifier_set = cache->anyPolicy->qualifier_set; | ||
| 141 | map->issuerDomainPolicy = NULL; | ||
| 142 | data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; | ||
| 143 | data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; | ||
| 144 | if (!sk_X509_POLICY_DATA_push(cache->data, data)) | ||
| 145 | { | ||
| 146 | policy_data_free(data); | ||
| 147 | goto bad_mapping; | ||
| 148 | } | ||
| 149 | } | ||
| 150 | else | ||
| 151 | data->flags |= POLICY_DATA_FLAG_MAPPED; | ||
| 152 | |||
| 153 | if (!sk_ASN1_OBJECT_push(data->expected_policy_set, | ||
| 154 | map->subjectDomainPolicy)) | ||
| 155 | goto bad_mapping; | ||
| 156 | |||
| 157 | ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); | ||
| 158 | if (!ref) | ||
| 159 | goto bad_mapping; | ||
| 160 | |||
| 161 | ref->subjectDomainPolicy = map->subjectDomainPolicy; | ||
| 162 | map->subjectDomainPolicy = NULL; | ||
| 163 | ref->data = data; | ||
| 164 | |||
| 165 | if (!sk_X509_POLICY_REF_push(cache->maps, ref)) | ||
| 166 | goto bad_mapping; | ||
| 167 | |||
| 168 | ref = NULL; | ||
| 169 | |||
| 170 | } | ||
| 171 | |||
| 172 | ret = 1; | ||
| 173 | bad_mapping: | ||
| 174 | if (ret == -1) | ||
| 175 | x->ex_flags |= EXFLAG_INVALID_POLICY; | ||
| 176 | if (ref) | ||
| 177 | policy_map_free(ref); | ||
| 178 | if (ret <= 0) | ||
| 179 | { | ||
| 180 | sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); | ||
| 181 | cache->maps = NULL; | ||
| 182 | } | ||
| 183 | sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); | ||
| 184 | return ret; | ||
| 185 | |||
| 186 | } | ||
diff --git a/src/lib/libcrypto/x509v3/pcy_node.c b/src/lib/libcrypto/x509v3/pcy_node.c deleted file mode 100644 index 6587cb05ab..0000000000 --- a/src/lib/libcrypto/x509v3/pcy_node.c +++ /dev/null | |||
| @@ -1,158 +0,0 @@ | |||
| 1 | /* pcy_node.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 2004. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <openssl/asn1.h> | ||
| 60 | #include <openssl/x509.h> | ||
| 61 | #include <openssl/x509v3.h> | ||
| 62 | |||
| 63 | #include "pcy_int.h" | ||
| 64 | |||
| 65 | static int node_cmp(const X509_POLICY_NODE * const *a, | ||
| 66 | const X509_POLICY_NODE * const *b) | ||
| 67 | { | ||
| 68 | return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy); | ||
| 69 | } | ||
| 70 | |||
| 71 | STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void) | ||
| 72 | { | ||
| 73 | return sk_X509_POLICY_NODE_new(node_cmp); | ||
| 74 | } | ||
| 75 | |||
| 76 | X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, | ||
| 77 | const ASN1_OBJECT *id) | ||
| 78 | { | ||
| 79 | X509_POLICY_DATA n; | ||
| 80 | X509_POLICY_NODE l; | ||
| 81 | int idx; | ||
| 82 | |||
| 83 | n.valid_policy = (ASN1_OBJECT *)id; | ||
| 84 | l.data = &n; | ||
| 85 | |||
| 86 | idx = sk_X509_POLICY_NODE_find(nodes, &l); | ||
| 87 | if (idx == -1) | ||
| 88 | return NULL; | ||
| 89 | |||
| 90 | return sk_X509_POLICY_NODE_value(nodes, idx); | ||
| 91 | |||
| 92 | } | ||
| 93 | |||
| 94 | X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, | ||
| 95 | const ASN1_OBJECT *id) | ||
| 96 | { | ||
| 97 | return tree_find_sk(level->nodes, id); | ||
| 98 | } | ||
| 99 | |||
| 100 | X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, | ||
| 101 | X509_POLICY_DATA *data, | ||
| 102 | X509_POLICY_NODE *parent, | ||
| 103 | X509_POLICY_TREE *tree) | ||
| 104 | { | ||
| 105 | X509_POLICY_NODE *node; | ||
| 106 | node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); | ||
| 107 | if (!node) | ||
| 108 | return NULL; | ||
| 109 | node->data = data; | ||
| 110 | node->parent = parent; | ||
| 111 | node->nchild = 0; | ||
| 112 | if (level) | ||
| 113 | { | ||
| 114 | if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) | ||
| 115 | { | ||
| 116 | if (level->anyPolicy) | ||
| 117 | goto node_error; | ||
| 118 | level->anyPolicy = node; | ||
| 119 | } | ||
| 120 | else | ||
| 121 | { | ||
| 122 | |||
| 123 | if (!level->nodes) | ||
| 124 | level->nodes = policy_node_cmp_new(); | ||
| 125 | if (!level->nodes) | ||
| 126 | goto node_error; | ||
| 127 | if (!sk_X509_POLICY_NODE_push(level->nodes, node)) | ||
| 128 | goto node_error; | ||
| 129 | } | ||
| 130 | } | ||
| 131 | |||
| 132 | if (tree) | ||
| 133 | { | ||
| 134 | if (!tree->extra_data) | ||
| 135 | tree->extra_data = sk_X509_POLICY_DATA_new_null(); | ||
| 136 | if (!tree->extra_data) | ||
| 137 | goto node_error; | ||
| 138 | if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) | ||
| 139 | goto node_error; | ||
| 140 | } | ||
| 141 | |||
| 142 | if (parent) | ||
| 143 | parent->nchild++; | ||
| 144 | |||
| 145 | return node; | ||
| 146 | |||
| 147 | node_error: | ||
| 148 | policy_node_free(node); | ||
| 149 | return 0; | ||
| 150 | |||
| 151 | } | ||
| 152 | |||
| 153 | void policy_node_free(X509_POLICY_NODE *node) | ||
| 154 | { | ||
| 155 | OPENSSL_free(node); | ||
| 156 | } | ||
| 157 | |||
| 158 | |||
diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c deleted file mode 100644 index 6c87a7f506..0000000000 --- a/src/lib/libcrypto/x509v3/pcy_tree.c +++ /dev/null | |||
| @@ -1,694 +0,0 @@ | |||
| 1 | /* pcy_tree.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 2004. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include "cryptlib.h" | ||
| 60 | #include <openssl/x509.h> | ||
| 61 | #include <openssl/x509v3.h> | ||
| 62 | |||
| 63 | #include "pcy_int.h" | ||
| 64 | |||
| 65 | /* Initialize policy tree. Return values: | ||
| 66 | * 0 Some internal error occured. | ||
| 67 | * -1 Inconsistent or invalid extensions in certificates. | ||
| 68 | * 1 Tree initialized OK. | ||
| 69 | * 2 Policy tree is empty. | ||
| 70 | * 5 Tree OK and requireExplicitPolicy true. | ||
| 71 | * 6 Tree empty and requireExplicitPolicy true. | ||
| 72 | */ | ||
| 73 | |||
| 74 | static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, | ||
| 75 | unsigned int flags) | ||
| 76 | { | ||
| 77 | X509_POLICY_TREE *tree; | ||
| 78 | X509_POLICY_LEVEL *level; | ||
| 79 | const X509_POLICY_CACHE *cache; | ||
| 80 | X509_POLICY_DATA *data = NULL; | ||
| 81 | X509 *x; | ||
| 82 | int ret = 1; | ||
| 83 | int i, n; | ||
| 84 | int explicit_policy; | ||
| 85 | int any_skip; | ||
| 86 | int map_skip; | ||
| 87 | *ptree = NULL; | ||
| 88 | n = sk_X509_num(certs); | ||
| 89 | |||
| 90 | /* Disable policy mapping for now... */ | ||
| 91 | flags |= X509_V_FLAG_INHIBIT_MAP; | ||
| 92 | |||
| 93 | if (flags & X509_V_FLAG_EXPLICIT_POLICY) | ||
| 94 | explicit_policy = 0; | ||
| 95 | else | ||
| 96 | explicit_policy = n + 1; | ||
| 97 | |||
| 98 | if (flags & X509_V_FLAG_INHIBIT_ANY) | ||
| 99 | any_skip = 0; | ||
| 100 | else | ||
| 101 | any_skip = n + 1; | ||
| 102 | |||
| 103 | if (flags & X509_V_FLAG_INHIBIT_MAP) | ||
| 104 | map_skip = 0; | ||
| 105 | else | ||
| 106 | map_skip = n + 1; | ||
| 107 | |||
| 108 | /* Can't do anything with just a trust anchor */ | ||
| 109 | if (n == 1) | ||
| 110 | return 1; | ||
| 111 | /* First setup policy cache in all certificates apart from the | ||
| 112 | * trust anchor. Note any bad cache results on the way. Also can | ||
| 113 | * calculate explicit_policy value at this point. | ||
| 114 | */ | ||
| 115 | for (i = n - 2; i >= 0; i--) | ||
| 116 | { | ||
| 117 | x = sk_X509_value(certs, i); | ||
| 118 | X509_check_purpose(x, -1, -1); | ||
| 119 | cache = policy_cache_set(x); | ||
| 120 | /* If cache NULL something bad happened: return immediately */ | ||
| 121 | if (cache == NULL) | ||
| 122 | return 0; | ||
| 123 | /* If inconsistent extensions keep a note of it but continue */ | ||
| 124 | if (x->ex_flags & EXFLAG_INVALID_POLICY) | ||
| 125 | ret = -1; | ||
| 126 | /* Otherwise if we have no data (hence no CertificatePolicies) | ||
| 127 | * and haven't already set an inconsistent code note it. | ||
| 128 | */ | ||
| 129 | else if ((ret == 1) && !cache->data) | ||
| 130 | ret = 2; | ||
| 131 | if (explicit_policy > 0) | ||
| 132 | { | ||
| 133 | if (!(x->ex_flags & EXFLAG_SI)) | ||
| 134 | explicit_policy--; | ||
| 135 | if ((cache->explicit_skip != -1) | ||
| 136 | && (cache->explicit_skip < explicit_policy)) | ||
| 137 | explicit_policy = cache->explicit_skip; | ||
| 138 | } | ||
| 139 | } | ||
| 140 | |||
| 141 | if (ret != 1) | ||
| 142 | { | ||
| 143 | if (ret == 2 && !explicit_policy) | ||
| 144 | return 6; | ||
| 145 | return ret; | ||
| 146 | } | ||
| 147 | |||
| 148 | |||
| 149 | /* If we get this far initialize the tree */ | ||
| 150 | |||
| 151 | tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); | ||
| 152 | |||
| 153 | if (!tree) | ||
| 154 | return 0; | ||
| 155 | |||
| 156 | tree->flags = 0; | ||
| 157 | tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); | ||
| 158 | tree->nlevel = 0; | ||
| 159 | tree->extra_data = NULL; | ||
| 160 | tree->auth_policies = NULL; | ||
| 161 | tree->user_policies = NULL; | ||
| 162 | |||
| 163 | if (!tree) | ||
| 164 | { | ||
| 165 | OPENSSL_free(tree); | ||
| 166 | return 0; | ||
| 167 | } | ||
| 168 | |||
| 169 | memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); | ||
| 170 | |||
| 171 | tree->nlevel = n; | ||
| 172 | |||
| 173 | level = tree->levels; | ||
| 174 | |||
| 175 | /* Root data: initialize to anyPolicy */ | ||
| 176 | |||
| 177 | data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); | ||
| 178 | |||
| 179 | if (!data || !level_add_node(level, data, NULL, tree)) | ||
| 180 | goto bad_tree; | ||
| 181 | |||
| 182 | for (i = n - 2; i >= 0; i--) | ||
| 183 | { | ||
| 184 | level++; | ||
| 185 | x = sk_X509_value(certs, i); | ||
| 186 | cache = policy_cache_set(x); | ||
| 187 | |||
| 188 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | ||
| 189 | level->cert = x; | ||
| 190 | |||
| 191 | if (!cache->anyPolicy) | ||
| 192 | level->flags |= X509_V_FLAG_INHIBIT_ANY; | ||
| 193 | |||
| 194 | /* Determine inhibit any and inhibit map flags */ | ||
| 195 | if (any_skip == 0) | ||
| 196 | { | ||
| 197 | /* Any matching allowed if certificate is self | ||
| 198 | * issued and not the last in the chain. | ||
| 199 | */ | ||
| 200 | if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) | ||
| 201 | level->flags |= X509_V_FLAG_INHIBIT_ANY; | ||
| 202 | } | ||
| 203 | else | ||
| 204 | { | ||
| 205 | if (!(x->ex_flags & EXFLAG_SI)) | ||
| 206 | any_skip--; | ||
| 207 | if ((cache->any_skip >= 0) | ||
| 208 | && (cache->any_skip < any_skip)) | ||
| 209 | any_skip = cache->any_skip; | ||
| 210 | } | ||
| 211 | |||
| 212 | if (map_skip == 0) | ||
| 213 | level->flags |= X509_V_FLAG_INHIBIT_MAP; | ||
| 214 | else | ||
| 215 | { | ||
| 216 | map_skip--; | ||
| 217 | if ((cache->map_skip >= 0) | ||
| 218 | && (cache->map_skip < map_skip)) | ||
| 219 | map_skip = cache->map_skip; | ||
| 220 | } | ||
| 221 | |||
| 222 | |||
| 223 | } | ||
| 224 | |||
| 225 | *ptree = tree; | ||
| 226 | |||
| 227 | if (explicit_policy) | ||
| 228 | return 1; | ||
| 229 | else | ||
| 230 | return 5; | ||
| 231 | |||
| 232 | bad_tree: | ||
| 233 | |||
| 234 | X509_policy_tree_free(tree); | ||
| 235 | |||
| 236 | return 0; | ||
| 237 | |||
| 238 | } | ||
| 239 | |||
| 240 | /* This corresponds to RFC3280 XXXX XXXXX: | ||
| 241 | * link any data from CertificatePolicies onto matching parent | ||
| 242 | * or anyPolicy if no match. | ||
| 243 | */ | ||
| 244 | |||
| 245 | static int tree_link_nodes(X509_POLICY_LEVEL *curr, | ||
| 246 | const X509_POLICY_CACHE *cache) | ||
| 247 | { | ||
| 248 | int i; | ||
| 249 | X509_POLICY_LEVEL *last; | ||
| 250 | X509_POLICY_DATA *data; | ||
| 251 | X509_POLICY_NODE *parent; | ||
| 252 | last = curr - 1; | ||
| 253 | for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) | ||
| 254 | { | ||
| 255 | data = sk_X509_POLICY_DATA_value(cache->data, i); | ||
| 256 | /* If a node is mapped any it doesn't have a corresponding | ||
| 257 | * CertificatePolicies entry. | ||
| 258 | * However such an identical node would be created | ||
| 259 | * if anyPolicy matching is enabled because there would be | ||
| 260 | * no match with the parent valid_policy_set. So we create | ||
| 261 | * link because then it will have the mapping flags | ||
| 262 | * right and we can prune it later. | ||
| 263 | */ | ||
| 264 | if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) | ||
| 265 | && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) | ||
| 266 | continue; | ||
| 267 | /* Look for matching node in parent */ | ||
| 268 | parent = level_find_node(last, data->valid_policy); | ||
| 269 | /* If no match link to anyPolicy */ | ||
| 270 | if (!parent) | ||
| 271 | parent = last->anyPolicy; | ||
| 272 | if (parent && !level_add_node(curr, data, parent, NULL)) | ||
| 273 | return 0; | ||
| 274 | } | ||
| 275 | return 1; | ||
| 276 | } | ||
| 277 | |||
| 278 | /* This corresponds to RFC3280 XXXX XXXXX: | ||
| 279 | * Create new data for any unmatched policies in the parent and link | ||
| 280 | * to anyPolicy. | ||
| 281 | */ | ||
| 282 | |||
| 283 | static int tree_link_any(X509_POLICY_LEVEL *curr, | ||
| 284 | const X509_POLICY_CACHE *cache, | ||
| 285 | X509_POLICY_TREE *tree) | ||
| 286 | { | ||
| 287 | int i; | ||
| 288 | X509_POLICY_DATA *data; | ||
| 289 | X509_POLICY_NODE *node; | ||
| 290 | X509_POLICY_LEVEL *last; | ||
| 291 | |||
| 292 | last = curr - 1; | ||
| 293 | |||
| 294 | for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) | ||
| 295 | { | ||
| 296 | node = sk_X509_POLICY_NODE_value(last->nodes, i); | ||
| 297 | |||
| 298 | /* Skip any node with any children: we only want unmathced | ||
| 299 | * nodes. | ||
| 300 | * | ||
| 301 | * Note: need something better for policy mapping | ||
| 302 | * because each node may have multiple children | ||
| 303 | */ | ||
| 304 | if (node->nchild) | ||
| 305 | continue; | ||
| 306 | /* Create a new node with qualifiers from anyPolicy and | ||
| 307 | * id from unmatched node. | ||
| 308 | */ | ||
| 309 | data = policy_data_new(NULL, node->data->valid_policy, | ||
| 310 | node_critical(node)); | ||
| 311 | |||
| 312 | if (data == NULL) | ||
| 313 | return 0; | ||
| 314 | /* Curr may not have anyPolicy */ | ||
| 315 | data->qualifier_set = cache->anyPolicy->qualifier_set; | ||
| 316 | data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; | ||
| 317 | if (!level_add_node(curr, data, node, tree)) | ||
| 318 | { | ||
| 319 | policy_data_free(data); | ||
| 320 | return 0; | ||
| 321 | } | ||
| 322 | } | ||
| 323 | /* Finally add link to anyPolicy */ | ||
| 324 | if (last->anyPolicy) | ||
| 325 | { | ||
| 326 | if (!level_add_node(curr, cache->anyPolicy, | ||
| 327 | last->anyPolicy, NULL)) | ||
| 328 | return 0; | ||
| 329 | } | ||
| 330 | return 1; | ||
| 331 | } | ||
| 332 | |||
| 333 | /* Prune the tree: delete any child mapped child data on the current level | ||
| 334 | * then proceed up the tree deleting any data with no children. If we ever | ||
| 335 | * have no data on a level we can halt because the tree will be empty. | ||
| 336 | */ | ||
| 337 | |||
| 338 | static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) | ||
| 339 | { | ||
| 340 | X509_POLICY_NODE *node; | ||
| 341 | int i; | ||
| 342 | for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) | ||
| 343 | { | ||
| 344 | node = sk_X509_POLICY_NODE_value(curr->nodes, i); | ||
| 345 | /* Delete any mapped data: see RFC3280 XXXX */ | ||
| 346 | if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) | ||
| 347 | { | ||
| 348 | node->parent->nchild--; | ||
| 349 | OPENSSL_free(node); | ||
| 350 | (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); | ||
| 351 | } | ||
| 352 | } | ||
| 353 | |||
| 354 | for(;;) { | ||
| 355 | --curr; | ||
| 356 | for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) | ||
| 357 | { | ||
| 358 | node = sk_X509_POLICY_NODE_value(curr->nodes, i); | ||
| 359 | if (node->nchild == 0) | ||
| 360 | { | ||
| 361 | node->parent->nchild--; | ||
| 362 | OPENSSL_free(node); | ||
| 363 | (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); | ||
| 364 | } | ||
| 365 | } | ||
| 366 | if (curr->anyPolicy && !curr->anyPolicy->nchild) | ||
| 367 | { | ||
| 368 | if (curr->anyPolicy->parent) | ||
| 369 | curr->anyPolicy->parent->nchild--; | ||
| 370 | OPENSSL_free(curr->anyPolicy); | ||
| 371 | curr->anyPolicy = NULL; | ||
| 372 | } | ||
| 373 | if (curr == tree->levels) | ||
| 374 | { | ||
| 375 | /* If we zapped anyPolicy at top then tree is empty */ | ||
| 376 | if (!curr->anyPolicy) | ||
| 377 | return 2; | ||
| 378 | return 1; | ||
| 379 | } | ||
| 380 | } | ||
| 381 | |||
| 382 | return 1; | ||
| 383 | |||
| 384 | } | ||
| 385 | |||
| 386 | static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, | ||
| 387 | X509_POLICY_NODE *pcy) | ||
| 388 | { | ||
| 389 | if (!*pnodes) | ||
| 390 | { | ||
| 391 | *pnodes = policy_node_cmp_new(); | ||
| 392 | if (!*pnodes) | ||
| 393 | return 0; | ||
| 394 | } | ||
| 395 | else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) | ||
| 396 | return 1; | ||
| 397 | |||
| 398 | if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) | ||
| 399 | return 0; | ||
| 400 | |||
| 401 | return 1; | ||
| 402 | |||
| 403 | } | ||
| 404 | |||
| 405 | /* Calculate the authority set based on policy tree. | ||
| 406 | * The 'pnodes' parameter is used as a store for the set of policy nodes | ||
| 407 | * used to calculate the user set. If the authority set is not anyPolicy | ||
| 408 | * then pnodes will just point to the authority set. If however the authority | ||
| 409 | * set is anyPolicy then the set of valid policies (other than anyPolicy) | ||
| 410 | * is store in pnodes. The return value of '2' is used in this case to indicate | ||
| 411 | * that pnodes should be freed. | ||
| 412 | */ | ||
| 413 | |||
| 414 | static int tree_calculate_authority_set(X509_POLICY_TREE *tree, | ||
| 415 | STACK_OF(X509_POLICY_NODE) **pnodes) | ||
| 416 | { | ||
| 417 | X509_POLICY_LEVEL *curr; | ||
| 418 | X509_POLICY_NODE *node, *anyptr; | ||
| 419 | STACK_OF(X509_POLICY_NODE) **addnodes; | ||
| 420 | int i, j; | ||
| 421 | curr = tree->levels + tree->nlevel - 1; | ||
| 422 | |||
| 423 | /* If last level contains anyPolicy set is anyPolicy */ | ||
| 424 | if (curr->anyPolicy) | ||
| 425 | { | ||
| 426 | if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) | ||
| 427 | return 0; | ||
| 428 | addnodes = pnodes; | ||
| 429 | } | ||
| 430 | else | ||
| 431 | /* Add policies to authority set */ | ||
| 432 | addnodes = &tree->auth_policies; | ||
| 433 | |||
| 434 | curr = tree->levels; | ||
| 435 | for (i = 1; i < tree->nlevel; i++) | ||
| 436 | { | ||
| 437 | /* If no anyPolicy node on this this level it can't | ||
| 438 | * appear on lower levels so end search. | ||
| 439 | */ | ||
| 440 | if (!(anyptr = curr->anyPolicy)) | ||
| 441 | break; | ||
| 442 | curr++; | ||
| 443 | for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) | ||
| 444 | { | ||
| 445 | node = sk_X509_POLICY_NODE_value(curr->nodes, j); | ||
| 446 | if ((node->parent == anyptr) | ||
| 447 | && !tree_add_auth_node(addnodes, node)) | ||
| 448 | return 0; | ||
| 449 | } | ||
| 450 | } | ||
| 451 | |||
| 452 | if (addnodes == pnodes) | ||
| 453 | return 2; | ||
| 454 | |||
| 455 | *pnodes = tree->auth_policies; | ||
| 456 | |||
| 457 | return 1; | ||
| 458 | } | ||
| 459 | |||
| 460 | static int tree_calculate_user_set(X509_POLICY_TREE *tree, | ||
| 461 | STACK_OF(ASN1_OBJECT) *policy_oids, | ||
| 462 | STACK_OF(X509_POLICY_NODE) *auth_nodes) | ||
| 463 | { | ||
| 464 | int i; | ||
| 465 | X509_POLICY_NODE *node; | ||
| 466 | ASN1_OBJECT *oid; | ||
| 467 | |||
| 468 | X509_POLICY_NODE *anyPolicy; | ||
| 469 | X509_POLICY_DATA *extra; | ||
| 470 | |||
| 471 | /* Check if anyPolicy present in authority constrained policy set: | ||
| 472 | * this will happen if it is a leaf node. | ||
| 473 | */ | ||
| 474 | |||
| 475 | if (sk_ASN1_OBJECT_num(policy_oids) <= 0) | ||
| 476 | return 1; | ||
| 477 | |||
| 478 | anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy; | ||
| 479 | |||
| 480 | for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) | ||
| 481 | { | ||
| 482 | oid = sk_ASN1_OBJECT_value(policy_oids, i); | ||
| 483 | if (OBJ_obj2nid(oid) == NID_any_policy) | ||
| 484 | { | ||
| 485 | tree->flags |= POLICY_FLAG_ANY_POLICY; | ||
| 486 | return 1; | ||
| 487 | } | ||
| 488 | } | ||
| 489 | |||
| 490 | for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) | ||
| 491 | { | ||
| 492 | oid = sk_ASN1_OBJECT_value(policy_oids, i); | ||
| 493 | node = tree_find_sk(auth_nodes, oid); | ||
| 494 | if (!node) | ||
| 495 | { | ||
| 496 | if (!anyPolicy) | ||
| 497 | continue; | ||
| 498 | /* Create a new node with policy ID from user set | ||
| 499 | * and qualifiers from anyPolicy. | ||
| 500 | */ | ||
| 501 | extra = policy_data_new(NULL, oid, | ||
| 502 | node_critical(anyPolicy)); | ||
| 503 | if (!extra) | ||
| 504 | return 0; | ||
| 505 | extra->qualifier_set = anyPolicy->data->qualifier_set; | ||
| 506 | extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS | ||
| 507 | | POLICY_DATA_FLAG_EXTRA_NODE; | ||
| 508 | node = level_add_node(NULL, extra, anyPolicy->parent, | ||
| 509 | tree); | ||
| 510 | } | ||
| 511 | if (!tree->user_policies) | ||
| 512 | { | ||
| 513 | tree->user_policies = sk_X509_POLICY_NODE_new_null(); | ||
| 514 | if (!tree->user_policies) | ||
| 515 | return 1; | ||
| 516 | } | ||
| 517 | if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) | ||
| 518 | return 0; | ||
| 519 | } | ||
| 520 | return 1; | ||
| 521 | |||
| 522 | } | ||
| 523 | |||
| 524 | static int tree_evaluate(X509_POLICY_TREE *tree) | ||
| 525 | { | ||
| 526 | int ret, i; | ||
| 527 | X509_POLICY_LEVEL *curr = tree->levels + 1; | ||
| 528 | const X509_POLICY_CACHE *cache; | ||
| 529 | |||
| 530 | for(i = 1; i < tree->nlevel; i++, curr++) | ||
| 531 | { | ||
| 532 | cache = policy_cache_set(curr->cert); | ||
| 533 | if (!tree_link_nodes(curr, cache)) | ||
| 534 | return 0; | ||
| 535 | |||
| 536 | if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) | ||
| 537 | && !tree_link_any(curr, cache, tree)) | ||
| 538 | return 0; | ||
| 539 | ret = tree_prune(tree, curr); | ||
| 540 | if (ret != 1) | ||
| 541 | return ret; | ||
| 542 | } | ||
| 543 | |||
| 544 | return 1; | ||
| 545 | |||
| 546 | } | ||
| 547 | |||
| 548 | static void exnode_free(X509_POLICY_NODE *node) | ||
| 549 | { | ||
| 550 | if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE)) | ||
| 551 | OPENSSL_free(node); | ||
| 552 | } | ||
| 553 | |||
| 554 | |||
| 555 | void X509_policy_tree_free(X509_POLICY_TREE *tree) | ||
| 556 | { | ||
| 557 | X509_POLICY_LEVEL *curr; | ||
| 558 | int i; | ||
| 559 | |||
| 560 | if (!tree) | ||
| 561 | return; | ||
| 562 | |||
| 563 | sk_X509_POLICY_NODE_free(tree->auth_policies); | ||
| 564 | sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); | ||
| 565 | |||
| 566 | for(i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) | ||
| 567 | { | ||
| 568 | if (curr->cert) | ||
| 569 | X509_free(curr->cert); | ||
| 570 | if (curr->nodes) | ||
| 571 | sk_X509_POLICY_NODE_pop_free(curr->nodes, | ||
| 572 | policy_node_free); | ||
| 573 | if (curr->anyPolicy) | ||
| 574 | policy_node_free(curr->anyPolicy); | ||
| 575 | } | ||
| 576 | |||
| 577 | if (tree->extra_data) | ||
| 578 | sk_X509_POLICY_DATA_pop_free(tree->extra_data, | ||
| 579 | policy_data_free); | ||
| 580 | |||
| 581 | OPENSSL_free(tree->levels); | ||
| 582 | OPENSSL_free(tree); | ||
| 583 | |||
| 584 | } | ||
| 585 | |||
| 586 | /* Application policy checking function. | ||
| 587 | * Return codes: | ||
| 588 | * 0 Internal Error. | ||
| 589 | * 1 Successful. | ||
| 590 | * -1 One or more certificates contain invalid or inconsistent extensions | ||
| 591 | * -2 User constrained policy set empty and requireExplicit true. | ||
| 592 | */ | ||
| 593 | |||
| 594 | int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, | ||
| 595 | STACK_OF(X509) *certs, | ||
| 596 | STACK_OF(ASN1_OBJECT) *policy_oids, | ||
| 597 | unsigned int flags) | ||
| 598 | { | ||
| 599 | int ret; | ||
| 600 | X509_POLICY_TREE *tree = NULL; | ||
| 601 | STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; | ||
| 602 | *ptree = NULL; | ||
| 603 | |||
| 604 | *pexplicit_policy = 0; | ||
| 605 | ret = tree_init(&tree, certs, flags); | ||
| 606 | |||
| 607 | |||
| 608 | switch (ret) | ||
| 609 | { | ||
| 610 | |||
| 611 | /* Tree empty requireExplicit False: OK */ | ||
| 612 | case 2: | ||
| 613 | return 1; | ||
| 614 | |||
| 615 | /* Some internal error */ | ||
| 616 | case 0: | ||
| 617 | return 0; | ||
| 618 | |||
| 619 | /* Tree empty requireExplicit True: Error */ | ||
| 620 | |||
| 621 | case 6: | ||
| 622 | *pexplicit_policy = 1; | ||
| 623 | return -2; | ||
| 624 | |||
| 625 | /* Tree OK requireExplicit True: OK and continue */ | ||
| 626 | case 5: | ||
| 627 | *pexplicit_policy = 1; | ||
| 628 | break; | ||
| 629 | |||
| 630 | /* Tree OK: continue */ | ||
| 631 | |||
| 632 | case 1: | ||
| 633 | if (!tree) | ||
| 634 | /* | ||
| 635 | * tree_init() returns success and a null tree | ||
| 636 | * if it's just looking at a trust anchor. | ||
| 637 | * I'm not sure that returning success here is | ||
| 638 | * correct, but I'm sure that reporting this | ||
| 639 | * as an internal error which our caller | ||
| 640 | * interprets as a malloc failure is wrong. | ||
| 641 | */ | ||
| 642 | return 1; | ||
| 643 | break; | ||
| 644 | } | ||
| 645 | |||
| 646 | if (!tree) goto error; | ||
| 647 | ret = tree_evaluate(tree); | ||
| 648 | |||
| 649 | if (ret <= 0) | ||
| 650 | goto error; | ||
| 651 | |||
| 652 | /* Return value 2 means tree empty */ | ||
| 653 | if (ret == 2) | ||
| 654 | { | ||
| 655 | X509_policy_tree_free(tree); | ||
| 656 | if (*pexplicit_policy) | ||
| 657 | return -2; | ||
| 658 | else | ||
| 659 | return 1; | ||
| 660 | } | ||
| 661 | |||
| 662 | /* Tree is not empty: continue */ | ||
| 663 | |||
| 664 | ret = tree_calculate_authority_set(tree, &auth_nodes); | ||
| 665 | |||
| 666 | if (!ret) | ||
| 667 | goto error; | ||
| 668 | |||
| 669 | if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) | ||
| 670 | goto error; | ||
| 671 | |||
| 672 | if (ret == 2) | ||
| 673 | sk_X509_POLICY_NODE_free(auth_nodes); | ||
| 674 | |||
| 675 | if (tree) | ||
| 676 | *ptree = tree; | ||
| 677 | |||
| 678 | if (*pexplicit_policy) | ||
| 679 | { | ||
| 680 | nodes = X509_policy_tree_get0_user_policies(tree); | ||
| 681 | if (sk_X509_POLICY_NODE_num(nodes) <= 0) | ||
| 682 | return -2; | ||
| 683 | } | ||
| 684 | |||
| 685 | return 1; | ||
| 686 | |||
| 687 | error: | ||
| 688 | |||
| 689 | X509_policy_tree_free(tree); | ||
| 690 | |||
| 691 | return 0; | ||
| 692 | |||
| 693 | } | ||
| 694 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c deleted file mode 100644 index c6b68ee221..0000000000 --- a/src/lib/libcrypto/x509v3/v3_akey.c +++ /dev/null | |||
| @@ -1,208 +0,0 @@ | |||
| 1 | /* v3_akey.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/conf.h> | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/asn1t.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | ||
| 67 | AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist); | ||
| 68 | static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | ||
| 69 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); | ||
| 70 | |||
| 71 | const X509V3_EXT_METHOD v3_akey_id = | ||
| 72 | { | ||
| 73 | NID_authority_key_identifier, | ||
| 74 | X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), | ||
| 75 | 0,0,0,0, | ||
| 76 | 0,0, | ||
| 77 | (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, | ||
| 78 | (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, | ||
| 79 | 0,0, | ||
| 80 | NULL | ||
| 81 | }; | ||
| 82 | |||
| 83 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | ||
| 84 | AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) | ||
| 85 | { | ||
| 86 | char *tmp; | ||
| 87 | if(akeyid->keyid) { | ||
| 88 | tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); | ||
| 89 | X509V3_add_value("keyid", tmp, &extlist); | ||
| 90 | OPENSSL_free(tmp); | ||
| 91 | } | ||
| 92 | if(akeyid->issuer) | ||
| 93 | extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); | ||
| 94 | if(akeyid->serial) { | ||
| 95 | tmp = hex_to_string(akeyid->serial->data, | ||
| 96 | akeyid->serial->length); | ||
| 97 | X509V3_add_value("serial", tmp, &extlist); | ||
| 98 | OPENSSL_free(tmp); | ||
| 99 | } | ||
| 100 | return extlist; | ||
| 101 | } | ||
| 102 | |||
| 103 | /* Currently two options: | ||
| 104 | * keyid: use the issuers subject keyid, the value 'always' means its is | ||
| 105 | * an error if the issuer certificate doesn't have a key id. | ||
| 106 | * issuer: use the issuers cert issuer and serial number. The default is | ||
| 107 | * to only use this if keyid is not present. With the option 'always' | ||
| 108 | * this is always included. | ||
| 109 | */ | ||
| 110 | |||
| 111 | static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | ||
| 112 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) | ||
| 113 | { | ||
| 114 | char keyid=0, issuer=0; | ||
| 115 | int i; | ||
| 116 | CONF_VALUE *cnf; | ||
| 117 | ASN1_OCTET_STRING *ikeyid = NULL; | ||
| 118 | X509_NAME *isname = NULL; | ||
| 119 | GENERAL_NAMES * gens = NULL; | ||
| 120 | GENERAL_NAME *gen = NULL; | ||
| 121 | ASN1_INTEGER *serial = NULL; | ||
| 122 | X509_EXTENSION *ext; | ||
| 123 | X509 *cert; | ||
| 124 | AUTHORITY_KEYID *akeyid; | ||
| 125 | |||
| 126 | for(i = 0; i < sk_CONF_VALUE_num(values); i++) | ||
| 127 | { | ||
| 128 | cnf = sk_CONF_VALUE_value(values, i); | ||
| 129 | if(!strcmp(cnf->name, "keyid")) | ||
| 130 | { | ||
| 131 | keyid = 1; | ||
| 132 | if(cnf->value && !strcmp(cnf->value, "always")) | ||
| 133 | keyid = 2; | ||
| 134 | } | ||
| 135 | else if(!strcmp(cnf->name, "issuer")) | ||
| 136 | { | ||
| 137 | issuer = 1; | ||
| 138 | if(cnf->value && !strcmp(cnf->value, "always")) | ||
| 139 | issuer = 2; | ||
| 140 | } | ||
| 141 | else | ||
| 142 | { | ||
| 143 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); | ||
| 144 | ERR_add_error_data(2, "name=", cnf->name); | ||
| 145 | return NULL; | ||
| 146 | } | ||
| 147 | } | ||
| 148 | |||
| 149 | if(!ctx || !ctx->issuer_cert) | ||
| 150 | { | ||
| 151 | if(ctx && (ctx->flags==CTX_TEST)) | ||
| 152 | return AUTHORITY_KEYID_new(); | ||
| 153 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); | ||
| 154 | return NULL; | ||
| 155 | } | ||
| 156 | |||
| 157 | cert = ctx->issuer_cert; | ||
| 158 | |||
| 159 | if(keyid) | ||
| 160 | { | ||
| 161 | i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); | ||
| 162 | if((i >= 0) && (ext = X509_get_ext(cert, i))) | ||
| 163 | ikeyid = X509V3_EXT_d2i(ext); | ||
| 164 | if(keyid==2 && !ikeyid) | ||
| 165 | { | ||
| 166 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); | ||
| 167 | return NULL; | ||
| 168 | } | ||
| 169 | } | ||
| 170 | |||
| 171 | if((issuer && !ikeyid) || (issuer == 2)) | ||
| 172 | { | ||
| 173 | isname = X509_NAME_dup(X509_get_issuer_name(cert)); | ||
| 174 | serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); | ||
| 175 | if(!isname || !serial) | ||
| 176 | { | ||
| 177 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); | ||
| 178 | goto err; | ||
| 179 | } | ||
| 180 | } | ||
| 181 | |||
| 182 | if(!(akeyid = AUTHORITY_KEYID_new())) goto err; | ||
| 183 | |||
| 184 | if(isname) | ||
| 185 | { | ||
| 186 | if(!(gens = sk_GENERAL_NAME_new_null()) | ||
| 187 | || !(gen = GENERAL_NAME_new()) | ||
| 188 | || !sk_GENERAL_NAME_push(gens, gen)) | ||
| 189 | { | ||
| 190 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); | ||
| 191 | goto err; | ||
| 192 | } | ||
| 193 | gen->type = GEN_DIRNAME; | ||
| 194 | gen->d.dirn = isname; | ||
| 195 | } | ||
| 196 | |||
| 197 | akeyid->issuer = gens; | ||
| 198 | akeyid->serial = serial; | ||
| 199 | akeyid->keyid = ikeyid; | ||
| 200 | |||
| 201 | return akeyid; | ||
| 202 | |||
| 203 | err: | ||
| 204 | X509_NAME_free(isname); | ||
| 205 | M_ASN1_INTEGER_free(serial); | ||
| 206 | M_ASN1_OCTET_STRING_free(ikeyid); | ||
| 207 | return NULL; | ||
| 208 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_akeya.c b/src/lib/libcrypto/x509v3/v3_akeya.c deleted file mode 100644 index 2c50f7360e..0000000000 --- a/src/lib/libcrypto/x509v3/v3_akeya.c +++ /dev/null | |||
| @@ -1,72 +0,0 @@ | |||
| 1 | /* v3_akey_asn1.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/conf.h> | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/asn1t.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | ASN1_SEQUENCE(AUTHORITY_KEYID) = { | ||
| 67 | ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), | ||
| 68 | ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), | ||
| 69 | ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2) | ||
| 70 | } ASN1_SEQUENCE_END(AUTHORITY_KEYID) | ||
| 71 | |||
| 72 | IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID) | ||
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c deleted file mode 100644 index 75fda7f268..0000000000 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ /dev/null | |||
| @@ -1,582 +0,0 @@ | |||
| 1 | /* v3_alt.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/conf.h> | ||
| 62 | #include <openssl/x509v3.h> | ||
| 63 | |||
| 64 | static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 65 | static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 66 | static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); | ||
| 67 | static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); | ||
| 68 | static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); | ||
| 69 | static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); | ||
| 70 | |||
| 71 | const X509V3_EXT_METHOD v3_alt[] = { | ||
| 72 | { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), | ||
| 73 | 0,0,0,0, | ||
| 74 | 0,0, | ||
| 75 | (X509V3_EXT_I2V)i2v_GENERAL_NAMES, | ||
| 76 | (X509V3_EXT_V2I)v2i_subject_alt, | ||
| 77 | NULL, NULL, NULL}, | ||
| 78 | |||
| 79 | { NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), | ||
| 80 | 0,0,0,0, | ||
| 81 | 0,0, | ||
| 82 | (X509V3_EXT_I2V)i2v_GENERAL_NAMES, | ||
| 83 | (X509V3_EXT_V2I)v2i_issuer_alt, | ||
| 84 | NULL, NULL, NULL}, | ||
| 85 | }; | ||
| 86 | |||
| 87 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, | ||
| 88 | GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret) | ||
| 89 | { | ||
| 90 | int i; | ||
| 91 | GENERAL_NAME *gen; | ||
| 92 | for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { | ||
| 93 | gen = sk_GENERAL_NAME_value(gens, i); | ||
| 94 | ret = i2v_GENERAL_NAME(method, gen, ret); | ||
| 95 | } | ||
| 96 | if(!ret) return sk_CONF_VALUE_new_null(); | ||
| 97 | return ret; | ||
| 98 | } | ||
| 99 | |||
| 100 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, | ||
| 101 | GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) | ||
| 102 | { | ||
| 103 | unsigned char *p; | ||
| 104 | char oline[256], htmp[5]; | ||
| 105 | int i; | ||
| 106 | switch (gen->type) | ||
| 107 | { | ||
| 108 | case GEN_OTHERNAME: | ||
| 109 | X509V3_add_value("othername","<unsupported>", &ret); | ||
| 110 | break; | ||
| 111 | |||
| 112 | case GEN_X400: | ||
| 113 | X509V3_add_value("X400Name","<unsupported>", &ret); | ||
| 114 | break; | ||
| 115 | |||
| 116 | case GEN_EDIPARTY: | ||
| 117 | X509V3_add_value("EdiPartyName","<unsupported>", &ret); | ||
| 118 | break; | ||
| 119 | |||
| 120 | case GEN_EMAIL: | ||
| 121 | X509V3_add_value_uchar("email",gen->d.ia5->data, &ret); | ||
| 122 | break; | ||
| 123 | |||
| 124 | case GEN_DNS: | ||
| 125 | X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret); | ||
| 126 | break; | ||
| 127 | |||
| 128 | case GEN_URI: | ||
| 129 | X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret); | ||
| 130 | break; | ||
| 131 | |||
| 132 | case GEN_DIRNAME: | ||
| 133 | X509_NAME_oneline(gen->d.dirn, oline, 256); | ||
| 134 | X509V3_add_value("DirName",oline, &ret); | ||
| 135 | break; | ||
| 136 | |||
| 137 | case GEN_IPADD: | ||
| 138 | p = gen->d.ip->data; | ||
| 139 | if(gen->d.ip->length == 4) | ||
| 140 | BIO_snprintf(oline, sizeof oline, | ||
| 141 | "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); | ||
| 142 | else if(gen->d.ip->length == 16) | ||
| 143 | { | ||
| 144 | oline[0] = 0; | ||
| 145 | for (i = 0; i < 8; i++) | ||
| 146 | { | ||
| 147 | BIO_snprintf(htmp, sizeof htmp, | ||
| 148 | "%X", p[0] << 8 | p[1]); | ||
| 149 | p += 2; | ||
| 150 | strlcat(oline, htmp, sizeof oline); | ||
| 151 | if (i != 7) | ||
| 152 | strlcat(oline, ":", sizeof oline); | ||
| 153 | } | ||
| 154 | } | ||
| 155 | else | ||
| 156 | { | ||
| 157 | X509V3_add_value("IP Address","<invalid>", &ret); | ||
| 158 | break; | ||
| 159 | } | ||
| 160 | X509V3_add_value("IP Address",oline, &ret); | ||
| 161 | break; | ||
| 162 | |||
| 163 | case GEN_RID: | ||
| 164 | i2t_ASN1_OBJECT(oline, 256, gen->d.rid); | ||
| 165 | X509V3_add_value("Registered ID",oline, &ret); | ||
| 166 | break; | ||
| 167 | } | ||
| 168 | return ret; | ||
| 169 | } | ||
| 170 | |||
| 171 | int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) | ||
| 172 | { | ||
| 173 | unsigned char *p; | ||
| 174 | int i; | ||
| 175 | switch (gen->type) | ||
| 176 | { | ||
| 177 | case GEN_OTHERNAME: | ||
| 178 | BIO_printf(out, "othername:<unsupported>"); | ||
| 179 | break; | ||
| 180 | |||
| 181 | case GEN_X400: | ||
| 182 | BIO_printf(out, "X400Name:<unsupported>"); | ||
| 183 | break; | ||
| 184 | |||
| 185 | case GEN_EDIPARTY: | ||
| 186 | /* Maybe fix this: it is supported now */ | ||
| 187 | BIO_printf(out, "EdiPartyName:<unsupported>"); | ||
| 188 | break; | ||
| 189 | |||
| 190 | case GEN_EMAIL: | ||
| 191 | BIO_printf(out, "email:%s",gen->d.ia5->data); | ||
| 192 | break; | ||
| 193 | |||
| 194 | case GEN_DNS: | ||
| 195 | BIO_printf(out, "DNS:%s",gen->d.ia5->data); | ||
| 196 | break; | ||
| 197 | |||
| 198 | case GEN_URI: | ||
| 199 | BIO_printf(out, "URI:%s",gen->d.ia5->data); | ||
| 200 | break; | ||
| 201 | |||
| 202 | case GEN_DIRNAME: | ||
| 203 | BIO_printf(out, "DirName: "); | ||
| 204 | X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); | ||
| 205 | break; | ||
| 206 | |||
| 207 | case GEN_IPADD: | ||
| 208 | p = gen->d.ip->data; | ||
| 209 | if(gen->d.ip->length == 4) | ||
| 210 | BIO_printf(out, "IP Address:%d.%d.%d.%d", | ||
| 211 | p[0], p[1], p[2], p[3]); | ||
| 212 | else if(gen->d.ip->length == 16) | ||
| 213 | { | ||
| 214 | BIO_printf(out, "IP Address"); | ||
| 215 | for (i = 0; i < 8; i++) | ||
| 216 | { | ||
| 217 | BIO_printf(out, ":%X", p[0] << 8 | p[1]); | ||
| 218 | p += 2; | ||
| 219 | } | ||
| 220 | BIO_puts(out, "\n"); | ||
| 221 | } | ||
| 222 | else | ||
| 223 | { | ||
| 224 | BIO_printf(out,"IP Address:<invalid>"); | ||
| 225 | break; | ||
| 226 | } | ||
| 227 | break; | ||
| 228 | |||
| 229 | case GEN_RID: | ||
| 230 | BIO_printf(out, "Registered ID"); | ||
| 231 | i2a_ASN1_OBJECT(out, gen->d.rid); | ||
| 232 | break; | ||
| 233 | } | ||
| 234 | return 1; | ||
| 235 | } | ||
| 236 | |||
| 237 | static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, | ||
| 238 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | ||
| 239 | { | ||
| 240 | GENERAL_NAMES *gens = NULL; | ||
| 241 | CONF_VALUE *cnf; | ||
| 242 | int i; | ||
| 243 | if(!(gens = sk_GENERAL_NAME_new_null())) { | ||
| 244 | X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE); | ||
| 245 | return NULL; | ||
| 246 | } | ||
| 247 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
| 248 | cnf = sk_CONF_VALUE_value(nval, i); | ||
| 249 | if(!name_cmp(cnf->name, "issuer") && cnf->value && | ||
| 250 | !strcmp(cnf->value, "copy")) { | ||
| 251 | if(!copy_issuer(ctx, gens)) goto err; | ||
| 252 | } else { | ||
| 253 | GENERAL_NAME *gen; | ||
| 254 | if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) | ||
| 255 | goto err; | ||
| 256 | sk_GENERAL_NAME_push(gens, gen); | ||
| 257 | } | ||
| 258 | } | ||
| 259 | return gens; | ||
| 260 | err: | ||
| 261 | sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | ||
| 262 | return NULL; | ||
| 263 | } | ||
| 264 | |||
| 265 | /* Append subject altname of issuer to issuer alt name of subject */ | ||
| 266 | |||
| 267 | static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) | ||
| 268 | { | ||
| 269 | GENERAL_NAMES *ialt; | ||
| 270 | GENERAL_NAME *gen; | ||
| 271 | X509_EXTENSION *ext; | ||
| 272 | int i; | ||
| 273 | if(ctx && (ctx->flags == CTX_TEST)) return 1; | ||
| 274 | if(!ctx || !ctx->issuer_cert) { | ||
| 275 | X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS); | ||
| 276 | goto err; | ||
| 277 | } | ||
| 278 | i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); | ||
| 279 | if(i < 0) return 1; | ||
| 280 | if(!(ext = X509_get_ext(ctx->issuer_cert, i)) || | ||
| 281 | !(ialt = X509V3_EXT_d2i(ext)) ) { | ||
| 282 | X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR); | ||
| 283 | goto err; | ||
| 284 | } | ||
| 285 | |||
| 286 | for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { | ||
| 287 | gen = sk_GENERAL_NAME_value(ialt, i); | ||
| 288 | if(!sk_GENERAL_NAME_push(gens, gen)) { | ||
| 289 | X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE); | ||
| 290 | goto err; | ||
| 291 | } | ||
| 292 | } | ||
| 293 | sk_GENERAL_NAME_free(ialt); | ||
| 294 | |||
| 295 | return 1; | ||
| 296 | |||
| 297 | err: | ||
| 298 | return 0; | ||
| 299 | |||
| 300 | } | ||
| 301 | |||
| 302 | static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, | ||
| 303 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | ||
| 304 | { | ||
| 305 | GENERAL_NAMES *gens = NULL; | ||
| 306 | CONF_VALUE *cnf; | ||
| 307 | int i; | ||
| 308 | if(!(gens = sk_GENERAL_NAME_new_null())) { | ||
| 309 | X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE); | ||
| 310 | return NULL; | ||
| 311 | } | ||
| 312 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
| 313 | cnf = sk_CONF_VALUE_value(nval, i); | ||
| 314 | if(!name_cmp(cnf->name, "email") && cnf->value && | ||
| 315 | !strcmp(cnf->value, "copy")) { | ||
| 316 | if(!copy_email(ctx, gens, 0)) goto err; | ||
| 317 | } else if(!name_cmp(cnf->name, "email") && cnf->value && | ||
| 318 | !strcmp(cnf->value, "move")) { | ||
| 319 | if(!copy_email(ctx, gens, 1)) goto err; | ||
| 320 | } else { | ||
| 321 | GENERAL_NAME *gen; | ||
| 322 | if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) | ||
| 323 | goto err; | ||
| 324 | sk_GENERAL_NAME_push(gens, gen); | ||
| 325 | } | ||
| 326 | } | ||
| 327 | return gens; | ||
| 328 | err: | ||
| 329 | sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | ||
| 330 | return NULL; | ||
| 331 | } | ||
| 332 | |||
| 333 | /* Copy any email addresses in a certificate or request to | ||
| 334 | * GENERAL_NAMES | ||
| 335 | */ | ||
| 336 | |||
| 337 | static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) | ||
| 338 | { | ||
| 339 | X509_NAME *nm; | ||
| 340 | ASN1_IA5STRING *email = NULL; | ||
| 341 | X509_NAME_ENTRY *ne; | ||
| 342 | GENERAL_NAME *gen = NULL; | ||
| 343 | int i; | ||
| 344 | if(ctx != NULL && ctx->flags == CTX_TEST) | ||
| 345 | return 1; | ||
| 346 | if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { | ||
| 347 | X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); | ||
| 348 | goto err; | ||
| 349 | } | ||
| 350 | /* Find the subject name */ | ||
| 351 | if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert); | ||
| 352 | else nm = X509_REQ_get_subject_name(ctx->subject_req); | ||
| 353 | |||
| 354 | /* Now add any email address(es) to STACK */ | ||
| 355 | i = -1; | ||
| 356 | while((i = X509_NAME_get_index_by_NID(nm, | ||
| 357 | NID_pkcs9_emailAddress, i)) >= 0) { | ||
| 358 | ne = X509_NAME_get_entry(nm, i); | ||
| 359 | email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); | ||
| 360 | if (move_p) | ||
| 361 | { | ||
| 362 | X509_NAME_delete_entry(nm, i); | ||
| 363 | i--; | ||
| 364 | } | ||
| 365 | if(!email || !(gen = GENERAL_NAME_new())) { | ||
| 366 | X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); | ||
| 367 | goto err; | ||
| 368 | } | ||
| 369 | gen->d.ia5 = email; | ||
| 370 | email = NULL; | ||
| 371 | gen->type = GEN_EMAIL; | ||
| 372 | if(!sk_GENERAL_NAME_push(gens, gen)) { | ||
| 373 | X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); | ||
| 374 | goto err; | ||
| 375 | } | ||
| 376 | gen = NULL; | ||
| 377 | } | ||
| 378 | |||
| 379 | |||
| 380 | return 1; | ||
| 381 | |||
| 382 | err: | ||
| 383 | GENERAL_NAME_free(gen); | ||
| 384 | M_ASN1_IA5STRING_free(email); | ||
| 385 | return 0; | ||
| 386 | |||
| 387 | } | ||
| 388 | |||
| 389 | GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, | ||
| 390 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | ||
| 391 | { | ||
| 392 | GENERAL_NAME *gen; | ||
| 393 | GENERAL_NAMES *gens = NULL; | ||
| 394 | CONF_VALUE *cnf; | ||
| 395 | int i; | ||
| 396 | if(!(gens = sk_GENERAL_NAME_new_null())) { | ||
| 397 | X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); | ||
| 398 | return NULL; | ||
| 399 | } | ||
| 400 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
| 401 | cnf = sk_CONF_VALUE_value(nval, i); | ||
| 402 | if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; | ||
| 403 | sk_GENERAL_NAME_push(gens, gen); | ||
| 404 | } | ||
| 405 | return gens; | ||
| 406 | err: | ||
| 407 | sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | ||
| 408 | return NULL; | ||
| 409 | } | ||
| 410 | |||
| 411 | GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | ||
| 412 | CONF_VALUE *cnf) | ||
| 413 | { | ||
| 414 | return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); | ||
| 415 | } | ||
| 416 | |||
| 417 | GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, | ||
| 418 | X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | ||
| 419 | CONF_VALUE *cnf, int is_nc) | ||
| 420 | { | ||
| 421 | char is_string = 0; | ||
| 422 | int type; | ||
| 423 | GENERAL_NAME *gen = NULL; | ||
| 424 | |||
| 425 | char *name, *value; | ||
| 426 | |||
| 427 | name = cnf->name; | ||
| 428 | value = cnf->value; | ||
| 429 | |||
| 430 | if(!value) | ||
| 431 | { | ||
| 432 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE); | ||
| 433 | return NULL; | ||
| 434 | } | ||
| 435 | |||
| 436 | if (out) | ||
| 437 | gen = out; | ||
| 438 | else | ||
| 439 | { | ||
| 440 | gen = GENERAL_NAME_new(); | ||
| 441 | if(gen == NULL) | ||
| 442 | { | ||
| 443 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); | ||
| 444 | return NULL; | ||
| 445 | } | ||
| 446 | } | ||
| 447 | |||
| 448 | if(!name_cmp(name, "email")) | ||
| 449 | { | ||
| 450 | is_string = 1; | ||
| 451 | type = GEN_EMAIL; | ||
| 452 | } | ||
| 453 | else if(!name_cmp(name, "URI")) | ||
| 454 | { | ||
| 455 | is_string = 1; | ||
| 456 | type = GEN_URI; | ||
| 457 | } | ||
| 458 | else if(!name_cmp(name, "DNS")) | ||
| 459 | { | ||
| 460 | is_string = 1; | ||
| 461 | type = GEN_DNS; | ||
| 462 | } | ||
| 463 | else if(!name_cmp(name, "RID")) | ||
| 464 | { | ||
| 465 | ASN1_OBJECT *obj; | ||
| 466 | if(!(obj = OBJ_txt2obj(value,0))) | ||
| 467 | { | ||
| 468 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT); | ||
| 469 | ERR_add_error_data(2, "value=", value); | ||
| 470 | goto err; | ||
| 471 | } | ||
| 472 | gen->d.rid = obj; | ||
| 473 | type = GEN_RID; | ||
| 474 | } | ||
| 475 | else if(!name_cmp(name, "IP")) | ||
| 476 | { | ||
| 477 | if (is_nc) | ||
| 478 | gen->d.ip = a2i_IPADDRESS_NC(value); | ||
| 479 | else | ||
| 480 | gen->d.ip = a2i_IPADDRESS(value); | ||
| 481 | if(gen->d.ip == NULL) | ||
| 482 | { | ||
| 483 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS); | ||
| 484 | ERR_add_error_data(2, "value=", value); | ||
| 485 | goto err; | ||
| 486 | } | ||
| 487 | type = GEN_IPADD; | ||
| 488 | } | ||
| 489 | else if(!name_cmp(name, "dirName")) | ||
| 490 | { | ||
| 491 | type = GEN_DIRNAME; | ||
| 492 | if (!do_dirname(gen, value, ctx)) | ||
| 493 | { | ||
| 494 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR); | ||
| 495 | goto err; | ||
| 496 | } | ||
| 497 | } | ||
| 498 | else if(!name_cmp(name, "otherName")) | ||
| 499 | { | ||
| 500 | if (!do_othername(gen, value, ctx)) | ||
| 501 | { | ||
| 502 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR); | ||
| 503 | goto err; | ||
| 504 | } | ||
| 505 | type = GEN_OTHERNAME; | ||
| 506 | } | ||
| 507 | else | ||
| 508 | { | ||
| 509 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION); | ||
| 510 | ERR_add_error_data(2, "name=", name); | ||
| 511 | goto err; | ||
| 512 | } | ||
| 513 | |||
| 514 | if(is_string) | ||
| 515 | { | ||
| 516 | if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || | ||
| 517 | !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, | ||
| 518 | strlen(value))) | ||
| 519 | { | ||
| 520 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); | ||
| 521 | goto err; | ||
| 522 | } | ||
| 523 | } | ||
| 524 | |||
| 525 | gen->type = type; | ||
| 526 | |||
| 527 | return gen; | ||
| 528 | |||
| 529 | err: | ||
| 530 | if (!out) | ||
| 531 | GENERAL_NAME_free(gen); | ||
| 532 | return NULL; | ||
| 533 | } | ||
| 534 | |||
| 535 | static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) | ||
| 536 | { | ||
| 537 | char *objtmp = NULL, *p; | ||
| 538 | int objlen; | ||
| 539 | if (!(p = strchr(value, ';'))) | ||
| 540 | return 0; | ||
| 541 | if (!(gen->d.otherName = OTHERNAME_new())) | ||
| 542 | return 0; | ||
| 543 | /* Free this up because we will overwrite it. | ||
| 544 | * no need to free type_id because it is static | ||
| 545 | */ | ||
| 546 | ASN1_TYPE_free(gen->d.otherName->value); | ||
| 547 | if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) | ||
| 548 | return 0; | ||
| 549 | objlen = p - value; | ||
| 550 | objtmp = OPENSSL_malloc(objlen + 1); | ||
| 551 | strncpy(objtmp, value, objlen); | ||
| 552 | objtmp[objlen] = 0; | ||
| 553 | gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); | ||
| 554 | OPENSSL_free(objtmp); | ||
| 555 | if (!gen->d.otherName->type_id) | ||
| 556 | return 0; | ||
| 557 | return 1; | ||
| 558 | } | ||
| 559 | |||
| 560 | static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) | ||
| 561 | { | ||
| 562 | int ret; | ||
| 563 | STACK_OF(CONF_VALUE) *sk; | ||
| 564 | X509_NAME *nm; | ||
| 565 | if (!(nm = X509_NAME_new())) | ||
| 566 | return 0; | ||
| 567 | sk = X509V3_get_section(ctx, value); | ||
| 568 | if (!sk) | ||
| 569 | { | ||
| 570 | X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND); | ||
| 571 | ERR_add_error_data(2, "section=", value); | ||
| 572 | X509_NAME_free(nm); | ||
| 573 | return 0; | ||
| 574 | } | ||
| 575 | /* FIXME: should allow other character types... */ | ||
| 576 | ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); | ||
| 577 | if (!ret) | ||
| 578 | X509_NAME_free(nm); | ||
| 579 | gen->d.dirn = nm; | ||
| 580 | |||
| 581 | return ret; | ||
| 582 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c deleted file mode 100644 index 82aa488f75..0000000000 --- a/src/lib/libcrypto/x509v3/v3_bcons.c +++ /dev/null | |||
| @@ -1,124 +0,0 @@ | |||
| 1 | /* v3_bcons.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/asn1t.h> | ||
| 64 | #include <openssl/conf.h> | ||
| 65 | #include <openssl/x509v3.h> | ||
| 66 | |||
| 67 | static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); | ||
| 68 | static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); | ||
| 69 | |||
| 70 | const X509V3_EXT_METHOD v3_bcons = { | ||
| 71 | NID_basic_constraints, 0, | ||
| 72 | ASN1_ITEM_ref(BASIC_CONSTRAINTS), | ||
| 73 | 0,0,0,0, | ||
| 74 | 0,0, | ||
| 75 | (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, | ||
| 76 | (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, | ||
| 77 | NULL,NULL, | ||
| 78 | NULL | ||
| 79 | }; | ||
| 80 | |||
| 81 | ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { | ||
| 82 | ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), | ||
| 83 | ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) | ||
| 84 | } ASN1_SEQUENCE_END(BASIC_CONSTRAINTS) | ||
| 85 | |||
| 86 | IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) | ||
| 87 | |||
| 88 | |||
| 89 | static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, | ||
| 90 | BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) | ||
| 91 | { | ||
| 92 | X509V3_add_value_bool("CA", bcons->ca, &extlist); | ||
| 93 | X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); | ||
| 94 | return extlist; | ||
| 95 | } | ||
| 96 | |||
| 97 | static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, | ||
| 98 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) | ||
| 99 | { | ||
| 100 | BASIC_CONSTRAINTS *bcons=NULL; | ||
| 101 | CONF_VALUE *val; | ||
| 102 | int i; | ||
| 103 | if(!(bcons = BASIC_CONSTRAINTS_new())) { | ||
| 104 | X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); | ||
| 105 | return NULL; | ||
| 106 | } | ||
| 107 | for(i = 0; i < sk_CONF_VALUE_num(values); i++) { | ||
| 108 | val = sk_CONF_VALUE_value(values, i); | ||
| 109 | if(!strcmp(val->name, "CA")) { | ||
| 110 | if(!X509V3_get_value_bool(val, &bcons->ca)) goto err; | ||
| 111 | } else if(!strcmp(val->name, "pathlen")) { | ||
| 112 | if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; | ||
| 113 | } else { | ||
| 114 | X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); | ||
| 115 | X509V3_conf_err(val); | ||
| 116 | goto err; | ||
| 117 | } | ||
| 118 | } | ||
| 119 | return bcons; | ||
| 120 | err: | ||
| 121 | BASIC_CONSTRAINTS_free(bcons); | ||
| 122 | return NULL; | ||
| 123 | } | ||
| 124 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c deleted file mode 100644 index 058d0d4dce..0000000000 --- a/src/lib/libcrypto/x509v3/v3_bitst.c +++ /dev/null | |||
| @@ -1,141 +0,0 @@ | |||
| 1 | /* v3_bitst.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/conf.h> | ||
| 62 | #include <openssl/x509v3.h> | ||
| 63 | |||
| 64 | static BIT_STRING_BITNAME ns_cert_type_table[] = { | ||
| 65 | {0, "SSL Client", "client"}, | ||
| 66 | {1, "SSL Server", "server"}, | ||
| 67 | {2, "S/MIME", "email"}, | ||
| 68 | {3, "Object Signing", "objsign"}, | ||
| 69 | {4, "Unused", "reserved"}, | ||
| 70 | {5, "SSL CA", "sslCA"}, | ||
| 71 | {6, "S/MIME CA", "emailCA"}, | ||
| 72 | {7, "Object Signing CA", "objCA"}, | ||
| 73 | {-1, NULL, NULL} | ||
| 74 | }; | ||
| 75 | |||
| 76 | static BIT_STRING_BITNAME key_usage_type_table[] = { | ||
| 77 | {0, "Digital Signature", "digitalSignature"}, | ||
| 78 | {1, "Non Repudiation", "nonRepudiation"}, | ||
| 79 | {2, "Key Encipherment", "keyEncipherment"}, | ||
| 80 | {3, "Data Encipherment", "dataEncipherment"}, | ||
| 81 | {4, "Key Agreement", "keyAgreement"}, | ||
| 82 | {5, "Certificate Sign", "keyCertSign"}, | ||
| 83 | {6, "CRL Sign", "cRLSign"}, | ||
| 84 | {7, "Encipher Only", "encipherOnly"}, | ||
| 85 | {8, "Decipher Only", "decipherOnly"}, | ||
| 86 | {-1, NULL, NULL} | ||
| 87 | }; | ||
| 88 | |||
| 89 | |||
| 90 | |||
| 91 | const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); | ||
| 92 | const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); | ||
| 93 | |||
| 94 | STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | ||
| 95 | ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) | ||
| 96 | { | ||
| 97 | BIT_STRING_BITNAME *bnam; | ||
| 98 | for(bnam =method->usr_data; bnam->lname; bnam++) { | ||
| 99 | if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) | ||
| 100 | X509V3_add_value(bnam->lname, NULL, &ret); | ||
| 101 | } | ||
| 102 | return ret; | ||
| 103 | } | ||
| 104 | |||
| 105 | ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | ||
| 106 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | ||
| 107 | { | ||
| 108 | CONF_VALUE *val; | ||
| 109 | ASN1_BIT_STRING *bs; | ||
| 110 | int i; | ||
| 111 | BIT_STRING_BITNAME *bnam; | ||
| 112 | if(!(bs = M_ASN1_BIT_STRING_new())) { | ||
| 113 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); | ||
| 114 | return NULL; | ||
| 115 | } | ||
| 116 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
| 117 | val = sk_CONF_VALUE_value(nval, i); | ||
| 118 | for(bnam = method->usr_data; bnam->lname; bnam++) { | ||
| 119 | if(!strcmp(bnam->sname, val->name) || | ||
| 120 | !strcmp(bnam->lname, val->name) ) { | ||
| 121 | if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { | ||
| 122 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, | ||
| 123 | ERR_R_MALLOC_FAILURE); | ||
| 124 | M_ASN1_BIT_STRING_free(bs); | ||
| 125 | return NULL; | ||
| 126 | } | ||
| 127 | break; | ||
| 128 | } | ||
| 129 | } | ||
| 130 | if(!bnam->lname) { | ||
| 131 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, | ||
| 132 | X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); | ||
| 133 | X509V3_conf_err(val); | ||
| 134 | M_ASN1_BIT_STRING_free(bs); | ||
| 135 | return NULL; | ||
| 136 | } | ||
| 137 | } | ||
| 138 | return bs; | ||
| 139 | } | ||
| 140 | |||
| 141 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c deleted file mode 100644 index 11eb6b7fd5..0000000000 --- a/src/lib/libcrypto/x509v3/v3_conf.c +++ /dev/null | |||
| @@ -1,524 +0,0 @@ | |||
| 1 | /* v3_conf.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | /* extension creation utilities */ | ||
| 59 | |||
| 60 | |||
| 61 | |||
| 62 | #include <stdio.h> | ||
| 63 | #include <ctype.h> | ||
| 64 | #include "cryptlib.h" | ||
| 65 | #include <openssl/conf.h> | ||
| 66 | #include <openssl/x509.h> | ||
| 67 | #include <openssl/x509v3.h> | ||
| 68 | |||
| 69 | static int v3_check_critical(char **value); | ||
| 70 | static int v3_check_generic(char **value); | ||
| 71 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); | ||
| 72 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); | ||
| 73 | static char *conf_lhash_get_string(void *db, char *section, char *value); | ||
| 74 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); | ||
| 75 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | ||
| 76 | int crit, void *ext_struc); | ||
| 77 | static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); | ||
| 78 | /* CONF *conf: Config file */ | ||
| 79 | /* char *name: Name */ | ||
| 80 | /* char *value: Value */ | ||
| 81 | X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, | ||
| 82 | char *value) | ||
| 83 | { | ||
| 84 | int crit; | ||
| 85 | int ext_type; | ||
| 86 | X509_EXTENSION *ret; | ||
| 87 | crit = v3_check_critical(&value); | ||
| 88 | if ((ext_type = v3_check_generic(&value))) | ||
| 89 | return v3_generic_extension(name, value, crit, ext_type, ctx); | ||
| 90 | ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); | ||
| 91 | if (!ret) | ||
| 92 | { | ||
| 93 | X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); | ||
| 94 | ERR_add_error_data(4,"name=", name, ", value=", value); | ||
| 95 | } | ||
| 96 | return ret; | ||
| 97 | } | ||
| 98 | |||
| 99 | /* CONF *conf: Config file */ | ||
| 100 | /* char *value: Value */ | ||
| 101 | X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, | ||
| 102 | char *value) | ||
| 103 | { | ||
| 104 | int crit; | ||
| 105 | int ext_type; | ||
| 106 | crit = v3_check_critical(&value); | ||
| 107 | if ((ext_type = v3_check_generic(&value))) | ||
| 108 | return v3_generic_extension(OBJ_nid2sn(ext_nid), | ||
| 109 | value, crit, ext_type, ctx); | ||
| 110 | return do_ext_nconf(conf, ctx, ext_nid, crit, value); | ||
| 111 | } | ||
| 112 | |||
| 113 | /* CONF *conf: Config file */ | ||
| 114 | /* char *value: Value */ | ||
| 115 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | ||
| 116 | int crit, char *value) | ||
| 117 | { | ||
| 118 | X509V3_EXT_METHOD *method; | ||
| 119 | X509_EXTENSION *ext; | ||
| 120 | STACK_OF(CONF_VALUE) *nval; | ||
| 121 | void *ext_struc; | ||
| 122 | if (ext_nid == NID_undef) | ||
| 123 | { | ||
| 124 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); | ||
| 125 | return NULL; | ||
| 126 | } | ||
| 127 | if (!(method = X509V3_EXT_get_nid(ext_nid))) | ||
| 128 | { | ||
| 129 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION); | ||
| 130 | return NULL; | ||
| 131 | } | ||
| 132 | /* Now get internal extension representation based on type */ | ||
| 133 | if (method->v2i) | ||
| 134 | { | ||
| 135 | if(*value == '@') nval = NCONF_get_section(conf, value + 1); | ||
| 136 | else nval = X509V3_parse_list(value); | ||
| 137 | if(sk_CONF_VALUE_num(nval) <= 0) | ||
| 138 | { | ||
| 139 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); | ||
| 140 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); | ||
| 141 | return NULL; | ||
| 142 | } | ||
| 143 | ext_struc = method->v2i(method, ctx, nval); | ||
| 144 | if(*value != '@') sk_CONF_VALUE_pop_free(nval, | ||
| 145 | X509V3_conf_free); | ||
| 146 | if(!ext_struc) return NULL; | ||
| 147 | } | ||
| 148 | else if(method->s2i) | ||
| 149 | { | ||
| 150 | if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; | ||
| 151 | } | ||
| 152 | else if(method->r2i) | ||
| 153 | { | ||
| 154 | if(!ctx->db || !ctx->db_meth) | ||
| 155 | { | ||
| 156 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); | ||
| 157 | return NULL; | ||
| 158 | } | ||
| 159 | if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; | ||
| 160 | } | ||
| 161 | else | ||
| 162 | { | ||
| 163 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); | ||
| 164 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); | ||
| 165 | return NULL; | ||
| 166 | } | ||
| 167 | |||
| 168 | ext = do_ext_i2d(method, ext_nid, crit, ext_struc); | ||
| 169 | if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); | ||
| 170 | else method->ext_free(ext_struc); | ||
| 171 | return ext; | ||
| 172 | |||
| 173 | } | ||
| 174 | |||
| 175 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | ||
| 176 | int crit, void *ext_struc) | ||
| 177 | { | ||
| 178 | unsigned char *ext_der; | ||
| 179 | int ext_len; | ||
| 180 | ASN1_OCTET_STRING *ext_oct; | ||
| 181 | X509_EXTENSION *ext; | ||
| 182 | /* Convert internal representation to DER */ | ||
| 183 | if (method->it) | ||
| 184 | { | ||
| 185 | ext_der = NULL; | ||
| 186 | ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); | ||
| 187 | if (ext_len < 0) goto merr; | ||
| 188 | } | ||
| 189 | else | ||
| 190 | { | ||
| 191 | unsigned char *p; | ||
| 192 | ext_len = method->i2d(ext_struc, NULL); | ||
| 193 | if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr; | ||
| 194 | p = ext_der; | ||
| 195 | method->i2d(ext_struc, &p); | ||
| 196 | } | ||
| 197 | if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; | ||
| 198 | ext_oct->data = ext_der; | ||
| 199 | ext_oct->length = ext_len; | ||
| 200 | |||
| 201 | ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); | ||
| 202 | if (!ext) goto merr; | ||
| 203 | M_ASN1_OCTET_STRING_free(ext_oct); | ||
| 204 | |||
| 205 | return ext; | ||
| 206 | |||
| 207 | merr: | ||
| 208 | X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); | ||
| 209 | return NULL; | ||
| 210 | |||
| 211 | } | ||
| 212 | |||
| 213 | /* Given an internal structure, nid and critical flag create an extension */ | ||
| 214 | |||
| 215 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) | ||
| 216 | { | ||
| 217 | X509V3_EXT_METHOD *method; | ||
| 218 | if (!(method = X509V3_EXT_get_nid(ext_nid))) { | ||
| 219 | X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); | ||
| 220 | return NULL; | ||
| 221 | } | ||
| 222 | return do_ext_i2d(method, ext_nid, crit, ext_struc); | ||
| 223 | } | ||
| 224 | |||
| 225 | /* Check the extension string for critical flag */ | ||
| 226 | static int v3_check_critical(char **value) | ||
| 227 | { | ||
| 228 | char *p = *value; | ||
| 229 | if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; | ||
| 230 | p+=9; | ||
| 231 | while(isspace((unsigned char)*p)) p++; | ||
| 232 | *value = p; | ||
| 233 | return 1; | ||
| 234 | } | ||
| 235 | |||
| 236 | /* Check extension string for generic extension and return the type */ | ||
| 237 | static int v3_check_generic(char **value) | ||
| 238 | { | ||
| 239 | int gen_type = 0; | ||
| 240 | char *p = *value; | ||
| 241 | if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) | ||
| 242 | { | ||
| 243 | p+=4; | ||
| 244 | gen_type = 1; | ||
| 245 | } | ||
| 246 | else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) | ||
| 247 | { | ||
| 248 | p+=5; | ||
| 249 | gen_type = 2; | ||
| 250 | } | ||
| 251 | else | ||
| 252 | return 0; | ||
| 253 | |||
| 254 | while (isspace((unsigned char)*p)) p++; | ||
| 255 | *value = p; | ||
| 256 | return gen_type; | ||
| 257 | } | ||
| 258 | |||
| 259 | /* Create a generic extension: for now just handle DER type */ | ||
| 260 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | ||
| 261 | int crit, int gen_type, X509V3_CTX *ctx) | ||
| 262 | { | ||
| 263 | unsigned char *ext_der=NULL; | ||
| 264 | long ext_len; | ||
| 265 | ASN1_OBJECT *obj=NULL; | ||
| 266 | ASN1_OCTET_STRING *oct=NULL; | ||
| 267 | X509_EXTENSION *extension=NULL; | ||
| 268 | if (!(obj = OBJ_txt2obj(ext, 0))) | ||
| 269 | { | ||
| 270 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); | ||
| 271 | ERR_add_error_data(2, "name=", ext); | ||
| 272 | goto err; | ||
| 273 | } | ||
| 274 | |||
| 275 | if (gen_type == 1) | ||
| 276 | ext_der = string_to_hex(value, &ext_len); | ||
| 277 | else if (gen_type == 2) | ||
| 278 | ext_der = generic_asn1(value, ctx, &ext_len); | ||
| 279 | |||
| 280 | if (ext_der == NULL) | ||
| 281 | { | ||
| 282 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); | ||
| 283 | ERR_add_error_data(2, "value=", value); | ||
| 284 | goto err; | ||
| 285 | } | ||
| 286 | |||
| 287 | if (!(oct = M_ASN1_OCTET_STRING_new())) | ||
| 288 | { | ||
| 289 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); | ||
| 290 | goto err; | ||
| 291 | } | ||
| 292 | |||
| 293 | oct->data = ext_der; | ||
| 294 | oct->length = ext_len; | ||
| 295 | ext_der = NULL; | ||
| 296 | |||
| 297 | extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); | ||
| 298 | |||
| 299 | err: | ||
| 300 | ASN1_OBJECT_free(obj); | ||
| 301 | M_ASN1_OCTET_STRING_free(oct); | ||
| 302 | if(ext_der) OPENSSL_free(ext_der); | ||
| 303 | return extension; | ||
| 304 | |||
| 305 | } | ||
| 306 | |||
| 307 | static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) | ||
| 308 | { | ||
| 309 | ASN1_TYPE *typ; | ||
| 310 | unsigned char *ext_der = NULL; | ||
| 311 | typ = ASN1_generate_v3(value, ctx); | ||
| 312 | if (typ == NULL) | ||
| 313 | return NULL; | ||
| 314 | *ext_len = i2d_ASN1_TYPE(typ, &ext_der); | ||
| 315 | ASN1_TYPE_free(typ); | ||
| 316 | return ext_der; | ||
| 317 | } | ||
| 318 | |||
| 319 | /* This is the main function: add a bunch of extensions based on a config file | ||
| 320 | * section to an extension STACK. | ||
| 321 | */ | ||
| 322 | |||
| 323 | |||
| 324 | int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, | ||
| 325 | STACK_OF(X509_EXTENSION) **sk) | ||
| 326 | { | ||
| 327 | X509_EXTENSION *ext; | ||
| 328 | STACK_OF(CONF_VALUE) *nval; | ||
| 329 | CONF_VALUE *val; | ||
| 330 | int i; | ||
| 331 | if (!(nval = NCONF_get_section(conf, section))) return 0; | ||
| 332 | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) | ||
| 333 | { | ||
| 334 | val = sk_CONF_VALUE_value(nval, i); | ||
| 335 | if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) | ||
| 336 | return 0; | ||
| 337 | if (sk) X509v3_add_ext(sk, ext, -1); | ||
| 338 | X509_EXTENSION_free(ext); | ||
| 339 | } | ||
| 340 | return 1; | ||
| 341 | } | ||
| 342 | |||
| 343 | /* Convenience functions to add extensions to a certificate, CRL and request */ | ||
| 344 | |||
| 345 | int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | ||
| 346 | X509 *cert) | ||
| 347 | { | ||
| 348 | STACK_OF(X509_EXTENSION) **sk = NULL; | ||
| 349 | if (cert) | ||
| 350 | sk = &cert->cert_info->extensions; | ||
| 351 | return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); | ||
| 352 | } | ||
| 353 | |||
| 354 | /* Same as above but for a CRL */ | ||
| 355 | |||
| 356 | int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | ||
| 357 | X509_CRL *crl) | ||
| 358 | { | ||
| 359 | STACK_OF(X509_EXTENSION) **sk = NULL; | ||
| 360 | if (crl) | ||
| 361 | sk = &crl->crl->extensions; | ||
| 362 | return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); | ||
| 363 | } | ||
| 364 | |||
| 365 | /* Add extensions to certificate request */ | ||
| 366 | |||
| 367 | int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | ||
| 368 | X509_REQ *req) | ||
| 369 | { | ||
| 370 | STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; | ||
| 371 | int i; | ||
| 372 | if (req) | ||
| 373 | sk = &extlist; | ||
| 374 | i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); | ||
| 375 | if (!i || !sk) | ||
| 376 | return i; | ||
| 377 | i = X509_REQ_add_extensions(req, extlist); | ||
| 378 | sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); | ||
| 379 | return i; | ||
| 380 | } | ||
| 381 | |||
| 382 | /* Config database functions */ | ||
| 383 | |||
| 384 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) | ||
| 385 | { | ||
| 386 | if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) | ||
| 387 | { | ||
| 388 | X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); | ||
| 389 | return NULL; | ||
| 390 | } | ||
| 391 | if (ctx->db_meth->get_string) | ||
| 392 | return ctx->db_meth->get_string(ctx->db, name, section); | ||
| 393 | return NULL; | ||
| 394 | } | ||
| 395 | |||
| 396 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) | ||
| 397 | { | ||
| 398 | if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) | ||
| 399 | { | ||
| 400 | X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); | ||
| 401 | return NULL; | ||
| 402 | } | ||
| 403 | if (ctx->db_meth->get_section) | ||
| 404 | return ctx->db_meth->get_section(ctx->db, section); | ||
| 405 | return NULL; | ||
| 406 | } | ||
| 407 | |||
| 408 | void X509V3_string_free(X509V3_CTX *ctx, char *str) | ||
| 409 | { | ||
| 410 | if (!str) return; | ||
| 411 | if (ctx->db_meth->free_string) | ||
| 412 | ctx->db_meth->free_string(ctx->db, str); | ||
| 413 | } | ||
| 414 | |||
| 415 | void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) | ||
| 416 | { | ||
| 417 | if (!section) return; | ||
| 418 | if (ctx->db_meth->free_section) | ||
| 419 | ctx->db_meth->free_section(ctx->db, section); | ||
| 420 | } | ||
| 421 | |||
| 422 | static char *nconf_get_string(void *db, char *section, char *value) | ||
| 423 | { | ||
| 424 | return NCONF_get_string(db, section, value); | ||
| 425 | } | ||
| 426 | |||
| 427 | static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) | ||
| 428 | { | ||
| 429 | return NCONF_get_section(db, section); | ||
| 430 | } | ||
| 431 | |||
| 432 | static X509V3_CONF_METHOD nconf_method = { | ||
| 433 | nconf_get_string, | ||
| 434 | nconf_get_section, | ||
| 435 | NULL, | ||
| 436 | NULL | ||
| 437 | }; | ||
| 438 | |||
| 439 | void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) | ||
| 440 | { | ||
| 441 | ctx->db_meth = &nconf_method; | ||
| 442 | ctx->db = conf; | ||
| 443 | } | ||
| 444 | |||
| 445 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, | ||
| 446 | X509_CRL *crl, int flags) | ||
| 447 | { | ||
| 448 | ctx->issuer_cert = issuer; | ||
| 449 | ctx->subject_cert = subj; | ||
| 450 | ctx->crl = crl; | ||
| 451 | ctx->subject_req = req; | ||
| 452 | ctx->flags = flags; | ||
| 453 | } | ||
| 454 | |||
| 455 | /* Old conf compatibility functions */ | ||
| 456 | |||
| 457 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, | ||
| 458 | char *value) | ||
| 459 | { | ||
| 460 | CONF ctmp; | ||
| 461 | CONF_set_nconf(&ctmp, conf); | ||
| 462 | return X509V3_EXT_nconf(&ctmp, ctx, name, value); | ||
| 463 | } | ||
| 464 | |||
| 465 | /* LHASH *conf: Config file */ | ||
| 466 | /* char *value: Value */ | ||
| 467 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, | ||
| 468 | char *value) | ||
| 469 | { | ||
| 470 | CONF ctmp; | ||
| 471 | CONF_set_nconf(&ctmp, conf); | ||
| 472 | return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); | ||
| 473 | } | ||
| 474 | |||
| 475 | static char *conf_lhash_get_string(void *db, char *section, char *value) | ||
| 476 | { | ||
| 477 | return CONF_get_string(db, section, value); | ||
| 478 | } | ||
| 479 | |||
| 480 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) | ||
| 481 | { | ||
| 482 | return CONF_get_section(db, section); | ||
| 483 | } | ||
| 484 | |||
| 485 | static X509V3_CONF_METHOD conf_lhash_method = { | ||
| 486 | conf_lhash_get_string, | ||
| 487 | conf_lhash_get_section, | ||
| 488 | NULL, | ||
| 489 | NULL | ||
| 490 | }; | ||
| 491 | |||
| 492 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) | ||
| 493 | { | ||
| 494 | ctx->db_meth = &conf_lhash_method; | ||
| 495 | ctx->db = lhash; | ||
| 496 | } | ||
| 497 | |||
| 498 | int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | ||
| 499 | X509 *cert) | ||
| 500 | { | ||
| 501 | CONF ctmp; | ||
| 502 | CONF_set_nconf(&ctmp, conf); | ||
| 503 | return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); | ||
| 504 | } | ||
| 505 | |||
| 506 | /* Same as above but for a CRL */ | ||
| 507 | |||
| 508 | int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | ||
| 509 | X509_CRL *crl) | ||
| 510 | { | ||
| 511 | CONF ctmp; | ||
| 512 | CONF_set_nconf(&ctmp, conf); | ||
| 513 | return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); | ||
| 514 | } | ||
| 515 | |||
| 516 | /* Add extensions to certificate request */ | ||
| 517 | |||
| 518 | int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | ||
| 519 | X509_REQ *req) | ||
| 520 | { | ||
| 521 | CONF ctmp; | ||
| 522 | CONF_set_nconf(&ctmp, conf); | ||
| 523 | return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); | ||
| 524 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c deleted file mode 100644 index ad0506d75c..0000000000 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ /dev/null | |||
| @@ -1,454 +0,0 @@ | |||
| 1 | /* v3_cpols.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/conf.h> | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/asn1t.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | #include "pcy_int.h" | ||
| 67 | |||
| 68 | /* Certificate policies extension support: this one is a bit complex... */ | ||
| 69 | |||
| 70 | static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); | ||
| 71 | static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); | ||
| 72 | static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); | ||
| 73 | static void print_notice(BIO *out, USERNOTICE *notice, int indent); | ||
| 74 | static POLICYINFO *policy_section(X509V3_CTX *ctx, | ||
| 75 | STACK_OF(CONF_VALUE) *polstrs, int ia5org); | ||
| 76 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | ||
| 77 | STACK_OF(CONF_VALUE) *unot, int ia5org); | ||
| 78 | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); | ||
| 79 | |||
| 80 | const X509V3_EXT_METHOD v3_cpols = { | ||
| 81 | NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), | ||
| 82 | 0,0,0,0, | ||
| 83 | 0,0, | ||
| 84 | 0,0, | ||
| 85 | (X509V3_EXT_I2R)i2r_certpol, | ||
| 86 | (X509V3_EXT_R2I)r2i_certpol, | ||
| 87 | NULL | ||
| 88 | }; | ||
| 89 | |||
| 90 | ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = | ||
| 91 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) | ||
| 92 | ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) | ||
| 93 | |||
| 94 | IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) | ||
| 95 | |||
| 96 | ASN1_SEQUENCE(POLICYINFO) = { | ||
| 97 | ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), | ||
| 98 | ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) | ||
| 99 | } ASN1_SEQUENCE_END(POLICYINFO) | ||
| 100 | |||
| 101 | IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) | ||
| 102 | |||
| 103 | ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); | ||
| 104 | |||
| 105 | ASN1_ADB(POLICYQUALINFO) = { | ||
| 106 | ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), | ||
| 107 | ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) | ||
| 108 | } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); | ||
| 109 | |||
| 110 | ASN1_SEQUENCE(POLICYQUALINFO) = { | ||
| 111 | ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), | ||
| 112 | ASN1_ADB_OBJECT(POLICYQUALINFO) | ||
| 113 | } ASN1_SEQUENCE_END(POLICYQUALINFO) | ||
| 114 | |||
| 115 | IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) | ||
| 116 | |||
| 117 | ASN1_SEQUENCE(USERNOTICE) = { | ||
| 118 | ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), | ||
| 119 | ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) | ||
| 120 | } ASN1_SEQUENCE_END(USERNOTICE) | ||
| 121 | |||
| 122 | IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) | ||
| 123 | |||
| 124 | ASN1_SEQUENCE(NOTICEREF) = { | ||
| 125 | ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), | ||
| 126 | ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) | ||
| 127 | } ASN1_SEQUENCE_END(NOTICEREF) | ||
| 128 | |||
| 129 | IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) | ||
| 130 | |||
| 131 | static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, | ||
| 132 | X509V3_CTX *ctx, char *value) | ||
| 133 | { | ||
| 134 | STACK_OF(POLICYINFO) *pols = NULL; | ||
| 135 | char *pstr; | ||
| 136 | POLICYINFO *pol; | ||
| 137 | ASN1_OBJECT *pobj; | ||
| 138 | STACK_OF(CONF_VALUE) *vals; | ||
| 139 | CONF_VALUE *cnf; | ||
| 140 | int i, ia5org; | ||
| 141 | pols = sk_POLICYINFO_new_null(); | ||
| 142 | if (pols == NULL) { | ||
| 143 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); | ||
| 144 | return NULL; | ||
| 145 | } | ||
| 146 | vals = X509V3_parse_list(value); | ||
| 147 | if (vals == NULL) { | ||
| 148 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); | ||
| 149 | goto err; | ||
| 150 | } | ||
| 151 | ia5org = 0; | ||
| 152 | for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { | ||
| 153 | cnf = sk_CONF_VALUE_value(vals, i); | ||
| 154 | if(cnf->value || !cnf->name ) { | ||
| 155 | X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); | ||
| 156 | X509V3_conf_err(cnf); | ||
| 157 | goto err; | ||
| 158 | } | ||
| 159 | pstr = cnf->name; | ||
| 160 | if(!strcmp(pstr,"ia5org")) { | ||
| 161 | ia5org = 1; | ||
| 162 | continue; | ||
| 163 | } else if(*pstr == '@') { | ||
| 164 | STACK_OF(CONF_VALUE) *polsect; | ||
| 165 | polsect = X509V3_get_section(ctx, pstr + 1); | ||
| 166 | if(!polsect) { | ||
| 167 | X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); | ||
| 168 | |||
| 169 | X509V3_conf_err(cnf); | ||
| 170 | goto err; | ||
| 171 | } | ||
| 172 | pol = policy_section(ctx, polsect, ia5org); | ||
| 173 | X509V3_section_free(ctx, polsect); | ||
| 174 | if(!pol) goto err; | ||
| 175 | } else { | ||
| 176 | if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { | ||
| 177 | X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 178 | X509V3_conf_err(cnf); | ||
| 179 | goto err; | ||
| 180 | } | ||
| 181 | pol = POLICYINFO_new(); | ||
| 182 | pol->policyid = pobj; | ||
| 183 | } | ||
| 184 | if (!sk_POLICYINFO_push(pols, pol)){ | ||
| 185 | POLICYINFO_free(pol); | ||
| 186 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); | ||
| 187 | goto err; | ||
| 188 | } | ||
| 189 | } | ||
| 190 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | ||
| 191 | return pols; | ||
| 192 | err: | ||
| 193 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | ||
| 194 | sk_POLICYINFO_pop_free(pols, POLICYINFO_free); | ||
| 195 | return NULL; | ||
| 196 | } | ||
| 197 | |||
| 198 | static POLICYINFO *policy_section(X509V3_CTX *ctx, | ||
| 199 | STACK_OF(CONF_VALUE) *polstrs, int ia5org) | ||
| 200 | { | ||
| 201 | int i; | ||
| 202 | CONF_VALUE *cnf; | ||
| 203 | POLICYINFO *pol; | ||
| 204 | POLICYQUALINFO *qual; | ||
| 205 | if(!(pol = POLICYINFO_new())) goto merr; | ||
| 206 | for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { | ||
| 207 | cnf = sk_CONF_VALUE_value(polstrs, i); | ||
| 208 | if(!strcmp(cnf->name, "policyIdentifier")) { | ||
| 209 | ASN1_OBJECT *pobj; | ||
| 210 | if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { | ||
| 211 | X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 212 | X509V3_conf_err(cnf); | ||
| 213 | goto err; | ||
| 214 | } | ||
| 215 | pol->policyid = pobj; | ||
| 216 | |||
| 217 | } else if(!name_cmp(cnf->name, "CPS")) { | ||
| 218 | if(!pol->qualifiers) pol->qualifiers = | ||
| 219 | sk_POLICYQUALINFO_new_null(); | ||
| 220 | if(!(qual = POLICYQUALINFO_new())) goto merr; | ||
| 221 | if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) | ||
| 222 | goto merr; | ||
| 223 | qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); | ||
| 224 | qual->d.cpsuri = M_ASN1_IA5STRING_new(); | ||
| 225 | if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, | ||
| 226 | strlen(cnf->value))) goto merr; | ||
| 227 | } else if(!name_cmp(cnf->name, "userNotice")) { | ||
| 228 | STACK_OF(CONF_VALUE) *unot; | ||
| 229 | if(*cnf->value != '@') { | ||
| 230 | X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); | ||
| 231 | X509V3_conf_err(cnf); | ||
| 232 | goto err; | ||
| 233 | } | ||
| 234 | unot = X509V3_get_section(ctx, cnf->value + 1); | ||
| 235 | if(!unot) { | ||
| 236 | X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION); | ||
| 237 | |||
| 238 | X509V3_conf_err(cnf); | ||
| 239 | goto err; | ||
| 240 | } | ||
| 241 | qual = notice_section(ctx, unot, ia5org); | ||
| 242 | X509V3_section_free(ctx, unot); | ||
| 243 | if(!qual) goto err; | ||
| 244 | if(!pol->qualifiers) pol->qualifiers = | ||
| 245 | sk_POLICYQUALINFO_new_null(); | ||
| 246 | if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) | ||
| 247 | goto merr; | ||
| 248 | } else { | ||
| 249 | X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION); | ||
| 250 | |||
| 251 | X509V3_conf_err(cnf); | ||
| 252 | goto err; | ||
| 253 | } | ||
| 254 | } | ||
| 255 | if(!pol->policyid) { | ||
| 256 | X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER); | ||
| 257 | goto err; | ||
| 258 | } | ||
| 259 | |||
| 260 | return pol; | ||
| 261 | |||
| 262 | merr: | ||
| 263 | X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); | ||
| 264 | |||
| 265 | err: | ||
| 266 | POLICYINFO_free(pol); | ||
| 267 | return NULL; | ||
| 268 | |||
| 269 | |||
| 270 | } | ||
| 271 | |||
| 272 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | ||
| 273 | STACK_OF(CONF_VALUE) *unot, int ia5org) | ||
| 274 | { | ||
| 275 | int i, ret; | ||
| 276 | CONF_VALUE *cnf; | ||
| 277 | USERNOTICE *not; | ||
| 278 | POLICYQUALINFO *qual; | ||
| 279 | if(!(qual = POLICYQUALINFO_new())) goto merr; | ||
| 280 | qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); | ||
| 281 | if(!(not = USERNOTICE_new())) goto merr; | ||
| 282 | qual->d.usernotice = not; | ||
| 283 | for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { | ||
| 284 | cnf = sk_CONF_VALUE_value(unot, i); | ||
| 285 | if(!strcmp(cnf->name, "explicitText")) { | ||
| 286 | not->exptext = M_ASN1_VISIBLESTRING_new(); | ||
| 287 | if(!ASN1_STRING_set(not->exptext, cnf->value, | ||
| 288 | strlen(cnf->value))) goto merr; | ||
| 289 | } else if(!strcmp(cnf->name, "organization")) { | ||
| 290 | NOTICEREF *nref; | ||
| 291 | if(!not->noticeref) { | ||
| 292 | if(!(nref = NOTICEREF_new())) goto merr; | ||
| 293 | not->noticeref = nref; | ||
| 294 | } else nref = not->noticeref; | ||
| 295 | if(ia5org) nref->organization->type = V_ASN1_IA5STRING; | ||
| 296 | else nref->organization->type = V_ASN1_VISIBLESTRING; | ||
| 297 | if(!ASN1_STRING_set(nref->organization, cnf->value, | ||
| 298 | strlen(cnf->value))) goto merr; | ||
| 299 | } else if(!strcmp(cnf->name, "noticeNumbers")) { | ||
| 300 | NOTICEREF *nref; | ||
| 301 | STACK_OF(CONF_VALUE) *nos; | ||
| 302 | if(!not->noticeref) { | ||
| 303 | if(!(nref = NOTICEREF_new())) goto merr; | ||
| 304 | not->noticeref = nref; | ||
| 305 | } else nref = not->noticeref; | ||
| 306 | nos = X509V3_parse_list(cnf->value); | ||
| 307 | if(!nos || !sk_CONF_VALUE_num(nos)) { | ||
| 308 | X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); | ||
| 309 | X509V3_conf_err(cnf); | ||
| 310 | goto err; | ||
| 311 | } | ||
| 312 | ret = nref_nos(nref->noticenos, nos); | ||
| 313 | sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); | ||
| 314 | if (!ret) | ||
| 315 | goto err; | ||
| 316 | } else { | ||
| 317 | X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); | ||
| 318 | X509V3_conf_err(cnf); | ||
| 319 | goto err; | ||
| 320 | } | ||
| 321 | } | ||
| 322 | |||
| 323 | if(not->noticeref && | ||
| 324 | (!not->noticeref->noticenos || !not->noticeref->organization)) { | ||
| 325 | X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); | ||
| 326 | goto err; | ||
| 327 | } | ||
| 328 | |||
| 329 | return qual; | ||
| 330 | |||
| 331 | merr: | ||
| 332 | X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); | ||
| 333 | |||
| 334 | err: | ||
| 335 | POLICYQUALINFO_free(qual); | ||
| 336 | return NULL; | ||
| 337 | } | ||
| 338 | |||
| 339 | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) | ||
| 340 | { | ||
| 341 | CONF_VALUE *cnf; | ||
| 342 | ASN1_INTEGER *aint; | ||
| 343 | |||
| 344 | int i; | ||
| 345 | |||
| 346 | for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { | ||
| 347 | cnf = sk_CONF_VALUE_value(nos, i); | ||
| 348 | if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { | ||
| 349 | X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); | ||
| 350 | goto err; | ||
| 351 | } | ||
| 352 | if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; | ||
| 353 | } | ||
| 354 | return 1; | ||
| 355 | |||
| 356 | merr: | ||
| 357 | X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE); | ||
| 358 | |||
| 359 | err: | ||
| 360 | sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); | ||
| 361 | return 0; | ||
| 362 | } | ||
| 363 | |||
| 364 | |||
| 365 | static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, | ||
| 366 | BIO *out, int indent) | ||
| 367 | { | ||
| 368 | int i; | ||
| 369 | POLICYINFO *pinfo; | ||
| 370 | /* First print out the policy OIDs */ | ||
| 371 | for(i = 0; i < sk_POLICYINFO_num(pol); i++) { | ||
| 372 | pinfo = sk_POLICYINFO_value(pol, i); | ||
| 373 | BIO_printf(out, "%*sPolicy: ", indent, ""); | ||
| 374 | i2a_ASN1_OBJECT(out, pinfo->policyid); | ||
| 375 | BIO_puts(out, "\n"); | ||
| 376 | if(pinfo->qualifiers) | ||
| 377 | print_qualifiers(out, pinfo->qualifiers, indent + 2); | ||
| 378 | } | ||
| 379 | return 1; | ||
| 380 | } | ||
| 381 | |||
| 382 | static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, | ||
| 383 | int indent) | ||
| 384 | { | ||
| 385 | POLICYQUALINFO *qualinfo; | ||
| 386 | int i; | ||
| 387 | for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { | ||
| 388 | qualinfo = sk_POLICYQUALINFO_value(quals, i); | ||
| 389 | switch(OBJ_obj2nid(qualinfo->pqualid)) | ||
| 390 | { | ||
| 391 | case NID_id_qt_cps: | ||
| 392 | BIO_printf(out, "%*sCPS: %s\n", indent, "", | ||
| 393 | qualinfo->d.cpsuri->data); | ||
| 394 | break; | ||
| 395 | |||
| 396 | case NID_id_qt_unotice: | ||
| 397 | BIO_printf(out, "%*sUser Notice:\n", indent, ""); | ||
| 398 | print_notice(out, qualinfo->d.usernotice, indent + 2); | ||
| 399 | break; | ||
| 400 | |||
| 401 | default: | ||
| 402 | BIO_printf(out, "%*sUnknown Qualifier: ", | ||
| 403 | indent + 2, ""); | ||
| 404 | |||
| 405 | i2a_ASN1_OBJECT(out, qualinfo->pqualid); | ||
| 406 | BIO_puts(out, "\n"); | ||
| 407 | break; | ||
| 408 | } | ||
| 409 | } | ||
| 410 | } | ||
| 411 | |||
| 412 | static void print_notice(BIO *out, USERNOTICE *notice, int indent) | ||
| 413 | { | ||
| 414 | int i; | ||
| 415 | if(notice->noticeref) { | ||
| 416 | NOTICEREF *ref; | ||
| 417 | ref = notice->noticeref; | ||
| 418 | BIO_printf(out, "%*sOrganization: %s\n", indent, "", | ||
| 419 | ref->organization->data); | ||
| 420 | BIO_printf(out, "%*sNumber%s: ", indent, "", | ||
| 421 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); | ||
| 422 | for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { | ||
| 423 | ASN1_INTEGER *num; | ||
| 424 | char *tmp; | ||
| 425 | num = sk_ASN1_INTEGER_value(ref->noticenos, i); | ||
| 426 | if(i) BIO_puts(out, ", "); | ||
| 427 | tmp = i2s_ASN1_INTEGER(NULL, num); | ||
| 428 | BIO_puts(out, tmp); | ||
| 429 | OPENSSL_free(tmp); | ||
| 430 | } | ||
| 431 | BIO_puts(out, "\n"); | ||
| 432 | } | ||
| 433 | if(notice->exptext) | ||
| 434 | BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", | ||
| 435 | notice->exptext->data); | ||
| 436 | } | ||
| 437 | |||
| 438 | void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) | ||
| 439 | { | ||
| 440 | const X509_POLICY_DATA *dat = node->data; | ||
| 441 | |||
| 442 | BIO_printf(out, "%*sPolicy: ", indent, ""); | ||
| 443 | |||
| 444 | i2a_ASN1_OBJECT(out, dat->valid_policy); | ||
| 445 | BIO_puts(out, "\n"); | ||
| 446 | BIO_printf(out, "%*s%s\n", indent + 2, "", | ||
| 447 | node_data_critical(dat) ? "Critical" : "Non Critical"); | ||
| 448 | if (dat->qualifier_set) | ||
| 449 | print_qualifiers(out, dat->qualifier_set, indent + 2); | ||
| 450 | else | ||
| 451 | BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); | ||
| 452 | } | ||
| 453 | |||
| 454 | IMPLEMENT_STACK_OF(X509_POLICY_NODE) | ||
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c deleted file mode 100644 index 181a8977b1..0000000000 --- a/src/lib/libcrypto/x509v3/v3_crld.c +++ /dev/null | |||
| @@ -1,162 +0,0 @@ | |||
| 1 | /* v3_crld.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/conf.h> | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/asn1t.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, | ||
| 67 | STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist); | ||
| 68 | static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, | ||
| 69 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 70 | |||
| 71 | const X509V3_EXT_METHOD v3_crld = { | ||
| 72 | NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS), | ||
| 73 | 0,0,0,0, | ||
| 74 | 0,0, | ||
| 75 | (X509V3_EXT_I2V)i2v_crld, | ||
| 76 | (X509V3_EXT_V2I)v2i_crld, | ||
| 77 | 0,0, | ||
| 78 | NULL | ||
| 79 | }; | ||
| 80 | |||
| 81 | static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, | ||
| 82 | STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts) | ||
| 83 | { | ||
| 84 | DIST_POINT *point; | ||
| 85 | int i; | ||
| 86 | for(i = 0; i < sk_DIST_POINT_num(crld); i++) { | ||
| 87 | point = sk_DIST_POINT_value(crld, i); | ||
| 88 | if(point->distpoint) { | ||
| 89 | if(point->distpoint->type == 0) | ||
| 90 | exts = i2v_GENERAL_NAMES(NULL, | ||
| 91 | point->distpoint->name.fullname, exts); | ||
| 92 | else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts); | ||
| 93 | } | ||
| 94 | if(point->reasons) | ||
| 95 | X509V3_add_value("reasons","<UNSUPPORTED>", &exts); | ||
| 96 | if(point->CRLissuer) | ||
| 97 | X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts); | ||
| 98 | } | ||
| 99 | return exts; | ||
| 100 | } | ||
| 101 | |||
| 102 | static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, | ||
| 103 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | ||
| 104 | { | ||
| 105 | STACK_OF(DIST_POINT) *crld = NULL; | ||
| 106 | GENERAL_NAMES *gens = NULL; | ||
| 107 | GENERAL_NAME *gen = NULL; | ||
| 108 | CONF_VALUE *cnf; | ||
| 109 | int i; | ||
| 110 | if(!(crld = sk_DIST_POINT_new_null())) goto merr; | ||
| 111 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
| 112 | DIST_POINT *point; | ||
| 113 | cnf = sk_CONF_VALUE_value(nval, i); | ||
| 114 | if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; | ||
| 115 | if(!(gens = GENERAL_NAMES_new())) goto merr; | ||
| 116 | if(!sk_GENERAL_NAME_push(gens, gen)) goto merr; | ||
| 117 | gen = NULL; | ||
| 118 | if(!(point = DIST_POINT_new())) goto merr; | ||
| 119 | if(!sk_DIST_POINT_push(crld, point)) { | ||
| 120 | DIST_POINT_free(point); | ||
| 121 | goto merr; | ||
| 122 | } | ||
| 123 | if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr; | ||
| 124 | point->distpoint->name.fullname = gens; | ||
| 125 | point->distpoint->type = 0; | ||
| 126 | gens = NULL; | ||
| 127 | } | ||
| 128 | return crld; | ||
| 129 | |||
| 130 | merr: | ||
| 131 | X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); | ||
| 132 | err: | ||
| 133 | GENERAL_NAME_free(gen); | ||
| 134 | GENERAL_NAMES_free(gens); | ||
| 135 | sk_DIST_POINT_pop_free(crld, DIST_POINT_free); | ||
| 136 | return NULL; | ||
| 137 | } | ||
| 138 | |||
| 139 | IMPLEMENT_STACK_OF(DIST_POINT) | ||
| 140 | IMPLEMENT_ASN1_SET_OF(DIST_POINT) | ||
| 141 | |||
| 142 | |||
| 143 | ASN1_CHOICE(DIST_POINT_NAME) = { | ||
| 144 | ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), | ||
| 145 | ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) | ||
| 146 | } ASN1_CHOICE_END(DIST_POINT_NAME) | ||
| 147 | |||
| 148 | IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME) | ||
| 149 | |||
| 150 | ASN1_SEQUENCE(DIST_POINT) = { | ||
| 151 | ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), | ||
| 152 | ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), | ||
| 153 | ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2) | ||
| 154 | } ASN1_SEQUENCE_END(DIST_POINT) | ||
| 155 | |||
| 156 | IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) | ||
| 157 | |||
| 158 | ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = | ||
| 159 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) | ||
| 160 | ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) | ||
| 161 | |||
| 162 | IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) | ||
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c deleted file mode 100644 index 36576eaa4d..0000000000 --- a/src/lib/libcrypto/x509v3/v3_enum.c +++ /dev/null | |||
| @@ -1,94 +0,0 @@ | |||
| 1 | /* v3_enum.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/x509v3.h> | ||
| 62 | |||
| 63 | static ENUMERATED_NAMES crl_reasons[] = { | ||
| 64 | {0, "Unspecified", "unspecified"}, | ||
| 65 | {1, "Key Compromise", "keyCompromise"}, | ||
| 66 | {2, "CA Compromise", "CACompromise"}, | ||
| 67 | {3, "Affiliation Changed", "affiliationChanged"}, | ||
| 68 | {4, "Superseded", "superseded"}, | ||
| 69 | {5, "Cessation Of Operation", "cessationOfOperation"}, | ||
| 70 | {6, "Certificate Hold", "certificateHold"}, | ||
| 71 | {8, "Remove From CRL", "removeFromCRL"}, | ||
| 72 | {-1, NULL, NULL} | ||
| 73 | }; | ||
| 74 | |||
| 75 | const X509V3_EXT_METHOD v3_crl_reason = { | ||
| 76 | NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED), | ||
| 77 | 0,0,0,0, | ||
| 78 | (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, | ||
| 79 | 0, | ||
| 80 | 0,0,0,0, | ||
| 81 | crl_reasons}; | ||
| 82 | |||
| 83 | |||
| 84 | char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, | ||
| 85 | ASN1_ENUMERATED *e) | ||
| 86 | { | ||
| 87 | ENUMERATED_NAMES *enam; | ||
| 88 | long strval; | ||
| 89 | strval = ASN1_ENUMERATED_get(e); | ||
| 90 | for(enam = method->usr_data; enam->lname; enam++) { | ||
| 91 | if(strval == enam->bitnum) return BUF_strdup(enam->lname); | ||
| 92 | } | ||
| 93 | return i2s_ASN1_ENUMERATED(method, e); | ||
| 94 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c deleted file mode 100644 index c0d14500ed..0000000000 --- a/src/lib/libcrypto/x509v3/v3_extku.c +++ /dev/null | |||
| @@ -1,142 +0,0 @@ | |||
| 1 | /* v3_extku.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1t.h> | ||
| 63 | #include <openssl/conf.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, | ||
| 67 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 68 | static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, | ||
| 69 | void *eku, STACK_OF(CONF_VALUE) *extlist); | ||
| 70 | |||
| 71 | const X509V3_EXT_METHOD v3_ext_ku = { | ||
| 72 | NID_ext_key_usage, 0, | ||
| 73 | ASN1_ITEM_ref(EXTENDED_KEY_USAGE), | ||
| 74 | 0,0,0,0, | ||
| 75 | 0,0, | ||
| 76 | i2v_EXTENDED_KEY_USAGE, | ||
| 77 | v2i_EXTENDED_KEY_USAGE, | ||
| 78 | 0,0, | ||
| 79 | NULL | ||
| 80 | }; | ||
| 81 | |||
| 82 | /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */ | ||
| 83 | const X509V3_EXT_METHOD v3_ocsp_accresp = { | ||
| 84 | NID_id_pkix_OCSP_acceptableResponses, 0, | ||
| 85 | ASN1_ITEM_ref(EXTENDED_KEY_USAGE), | ||
| 86 | 0,0,0,0, | ||
| 87 | 0,0, | ||
| 88 | i2v_EXTENDED_KEY_USAGE, | ||
| 89 | v2i_EXTENDED_KEY_USAGE, | ||
| 90 | 0,0, | ||
| 91 | NULL | ||
| 92 | }; | ||
| 93 | |||
| 94 | ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = | ||
| 95 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT) | ||
| 96 | ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE) | ||
| 97 | |||
| 98 | IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) | ||
| 99 | |||
| 100 | static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, | ||
| 101 | void *a, STACK_OF(CONF_VALUE) *ext_list) | ||
| 102 | { | ||
| 103 | EXTENDED_KEY_USAGE *eku = a; | ||
| 104 | int i; | ||
| 105 | ASN1_OBJECT *obj; | ||
| 106 | char obj_tmp[80]; | ||
| 107 | for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { | ||
| 108 | obj = sk_ASN1_OBJECT_value(eku, i); | ||
| 109 | i2t_ASN1_OBJECT(obj_tmp, 80, obj); | ||
| 110 | X509V3_add_value(NULL, obj_tmp, &ext_list); | ||
| 111 | } | ||
| 112 | return ext_list; | ||
| 113 | } | ||
| 114 | |||
| 115 | static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, | ||
| 116 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | ||
| 117 | { | ||
| 118 | EXTENDED_KEY_USAGE *extku; | ||
| 119 | char *extval; | ||
| 120 | ASN1_OBJECT *objtmp; | ||
| 121 | CONF_VALUE *val; | ||
| 122 | int i; | ||
| 123 | |||
| 124 | if(!(extku = sk_ASN1_OBJECT_new_null())) { | ||
| 125 | X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE); | ||
| 126 | return NULL; | ||
| 127 | } | ||
| 128 | |||
| 129 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
| 130 | val = sk_CONF_VALUE_value(nval, i); | ||
| 131 | if(val->value) extval = val->value; | ||
| 132 | else extval = val->name; | ||
| 133 | if(!(objtmp = OBJ_txt2obj(extval, 0))) { | ||
| 134 | sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); | ||
| 135 | X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 136 | X509V3_conf_err(val); | ||
| 137 | return NULL; | ||
| 138 | } | ||
| 139 | sk_ASN1_OBJECT_push(extku, objtmp); | ||
| 140 | } | ||
| 141 | return extku; | ||
| 142 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c deleted file mode 100644 index 84b4b1c881..0000000000 --- a/src/lib/libcrypto/x509v3/v3_genn.c +++ /dev/null | |||
| @@ -1,101 +0,0 @@ | |||
| 1 | /* v3_genn.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1t.h> | ||
| 63 | #include <openssl/conf.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | ASN1_SEQUENCE(OTHERNAME) = { | ||
| 67 | ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT), | ||
| 68 | /* Maybe have a true ANY DEFINED BY later */ | ||
| 69 | ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0) | ||
| 70 | } ASN1_SEQUENCE_END(OTHERNAME) | ||
| 71 | |||
| 72 | IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) | ||
| 73 | |||
| 74 | ASN1_SEQUENCE(EDIPARTYNAME) = { | ||
| 75 | ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), | ||
| 76 | ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) | ||
| 77 | } ASN1_SEQUENCE_END(EDIPARTYNAME) | ||
| 78 | |||
| 79 | IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) | ||
| 80 | |||
| 81 | ASN1_CHOICE(GENERAL_NAME) = { | ||
| 82 | ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME), | ||
| 83 | ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL), | ||
| 84 | ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS), | ||
| 85 | /* Don't decode this */ | ||
| 86 | ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400), | ||
| 87 | /* X509_NAME is a CHOICE type so use EXPLICIT */ | ||
| 88 | ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME), | ||
| 89 | ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY), | ||
| 90 | ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI), | ||
| 91 | ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD), | ||
| 92 | ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID) | ||
| 93 | } ASN1_CHOICE_END(GENERAL_NAME) | ||
| 94 | |||
| 95 | IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME) | ||
| 96 | |||
| 97 | ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = | ||
| 98 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME) | ||
| 99 | ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES) | ||
| 100 | |||
| 101 | IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES) | ||
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c deleted file mode 100644 index 4ff12b52b5..0000000000 --- a/src/lib/libcrypto/x509v3/v3_ia5.c +++ /dev/null | |||
| @@ -1,116 +0,0 @@ | |||
| 1 | /* v3_ia5.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/conf.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); | ||
| 67 | static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | ||
| 68 | const X509V3_EXT_METHOD v3_ns_ia5_list[] = { | ||
| 69 | EXT_IA5STRING(NID_netscape_base_url), | ||
| 70 | EXT_IA5STRING(NID_netscape_revocation_url), | ||
| 71 | EXT_IA5STRING(NID_netscape_ca_revocation_url), | ||
| 72 | EXT_IA5STRING(NID_netscape_renewal_url), | ||
| 73 | EXT_IA5STRING(NID_netscape_ca_policy_url), | ||
| 74 | EXT_IA5STRING(NID_netscape_ssl_server_name), | ||
| 75 | EXT_IA5STRING(NID_netscape_comment), | ||
| 76 | EXT_END | ||
| 77 | }; | ||
| 78 | |||
| 79 | |||
| 80 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, | ||
| 81 | ASN1_IA5STRING *ia5) | ||
| 82 | { | ||
| 83 | char *tmp; | ||
| 84 | if(!ia5 || !ia5->length) return NULL; | ||
| 85 | if(!(tmp = OPENSSL_malloc(ia5->length + 1))) { | ||
| 86 | X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); | ||
| 87 | return NULL; | ||
| 88 | } | ||
| 89 | memcpy(tmp, ia5->data, ia5->length); | ||
| 90 | tmp[ia5->length] = 0; | ||
| 91 | return tmp; | ||
| 92 | } | ||
| 93 | |||
| 94 | static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, | ||
| 95 | X509V3_CTX *ctx, char *str) | ||
| 96 | { | ||
| 97 | ASN1_IA5STRING *ia5; | ||
| 98 | if(!str) { | ||
| 99 | X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); | ||
| 100 | return NULL; | ||
| 101 | } | ||
| 102 | if(!(ia5 = M_ASN1_IA5STRING_new())) goto err; | ||
| 103 | if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, | ||
| 104 | strlen(str))) { | ||
| 105 | M_ASN1_IA5STRING_free(ia5); | ||
| 106 | goto err; | ||
| 107 | } | ||
| 108 | #ifdef CHARSET_EBCDIC | ||
| 109 | ebcdic2ascii(ia5->data, ia5->data, ia5->length); | ||
| 110 | #endif /*CHARSET_EBCDIC*/ | ||
| 111 | return ia5; | ||
| 112 | err: | ||
| 113 | X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); | ||
| 114 | return NULL; | ||
| 115 | } | ||
| 116 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c deleted file mode 100644 index e1b8699f92..0000000000 --- a/src/lib/libcrypto/x509v3/v3_info.c +++ /dev/null | |||
| @@ -1,193 +0,0 @@ | |||
| 1 | /* v3_info.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/conf.h> | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/asn1t.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | ||
| 67 | AUTHORITY_INFO_ACCESS *ainfo, | ||
| 68 | STACK_OF(CONF_VALUE) *ret); | ||
| 69 | static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | ||
| 70 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 71 | |||
| 72 | const X509V3_EXT_METHOD v3_info = | ||
| 73 | { NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), | ||
| 74 | 0,0,0,0, | ||
| 75 | 0,0, | ||
| 76 | (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, | ||
| 77 | (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, | ||
| 78 | 0,0, | ||
| 79 | NULL}; | ||
| 80 | |||
| 81 | const X509V3_EXT_METHOD v3_sinfo = | ||
| 82 | { NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), | ||
| 83 | 0,0,0,0, | ||
| 84 | 0,0, | ||
| 85 | (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, | ||
| 86 | (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, | ||
| 87 | 0,0, | ||
| 88 | NULL}; | ||
| 89 | |||
| 90 | ASN1_SEQUENCE(ACCESS_DESCRIPTION) = { | ||
| 91 | ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT), | ||
| 92 | ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME) | ||
| 93 | } ASN1_SEQUENCE_END(ACCESS_DESCRIPTION) | ||
| 94 | |||
| 95 | IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) | ||
| 96 | |||
| 97 | ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = | ||
| 98 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION) | ||
| 99 | ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS) | ||
| 100 | |||
| 101 | IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) | ||
| 102 | |||
| 103 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | ||
| 104 | AUTHORITY_INFO_ACCESS *ainfo, | ||
| 105 | STACK_OF(CONF_VALUE) *ret) | ||
| 106 | { | ||
| 107 | ACCESS_DESCRIPTION *desc; | ||
| 108 | int i,nlen; | ||
| 109 | char objtmp[80], *ntmp; | ||
| 110 | CONF_VALUE *vtmp; | ||
| 111 | for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { | ||
| 112 | desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); | ||
| 113 | ret = i2v_GENERAL_NAME(method, desc->location, ret); | ||
| 114 | if(!ret) break; | ||
| 115 | vtmp = sk_CONF_VALUE_value(ret, i); | ||
| 116 | i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); | ||
| 117 | nlen = strlen(objtmp) + strlen(vtmp->name) + 5; | ||
| 118 | ntmp = OPENSSL_malloc(nlen); | ||
| 119 | if(!ntmp) { | ||
| 120 | X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, | ||
| 121 | ERR_R_MALLOC_FAILURE); | ||
| 122 | return NULL; | ||
| 123 | } | ||
| 124 | BUF_strlcpy(ntmp, objtmp, nlen); | ||
| 125 | BUF_strlcat(ntmp, " - ", nlen); | ||
| 126 | BUF_strlcat(ntmp, vtmp->name, nlen); | ||
| 127 | OPENSSL_free(vtmp->name); | ||
| 128 | vtmp->name = ntmp; | ||
| 129 | |||
| 130 | } | ||
| 131 | if(!ret) return sk_CONF_VALUE_new_null(); | ||
| 132 | return ret; | ||
| 133 | } | ||
| 134 | |||
| 135 | static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | ||
| 136 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | ||
| 137 | { | ||
| 138 | AUTHORITY_INFO_ACCESS *ainfo = NULL; | ||
| 139 | CONF_VALUE *cnf, ctmp; | ||
| 140 | ACCESS_DESCRIPTION *acc; | ||
| 141 | int i, objlen; | ||
| 142 | char *objtmp, *ptmp; | ||
| 143 | if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { | ||
| 144 | X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); | ||
| 145 | return NULL; | ||
| 146 | } | ||
| 147 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
| 148 | cnf = sk_CONF_VALUE_value(nval, i); | ||
| 149 | if(!(acc = ACCESS_DESCRIPTION_new()) | ||
| 150 | || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { | ||
| 151 | X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); | ||
| 152 | goto err; | ||
| 153 | } | ||
| 154 | ptmp = strchr(cnf->name, ';'); | ||
| 155 | if(!ptmp) { | ||
| 156 | X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX); | ||
| 157 | goto err; | ||
| 158 | } | ||
| 159 | objlen = ptmp - cnf->name; | ||
| 160 | ctmp.name = ptmp + 1; | ||
| 161 | ctmp.value = cnf->value; | ||
| 162 | if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) | ||
| 163 | goto err; | ||
| 164 | if(!(objtmp = OPENSSL_malloc(objlen + 1))) { | ||
| 165 | X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); | ||
| 166 | goto err; | ||
| 167 | } | ||
| 168 | strncpy(objtmp, cnf->name, objlen); | ||
| 169 | objtmp[objlen] = 0; | ||
| 170 | acc->method = OBJ_txt2obj(objtmp, 0); | ||
| 171 | if(!acc->method) { | ||
| 172 | X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT); | ||
| 173 | ERR_add_error_data(2, "value=", objtmp); | ||
| 174 | OPENSSL_free(objtmp); | ||
| 175 | goto err; | ||
| 176 | } | ||
| 177 | OPENSSL_free(objtmp); | ||
| 178 | |||
| 179 | } | ||
| 180 | return ainfo; | ||
| 181 | err: | ||
| 182 | sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); | ||
| 183 | return NULL; | ||
| 184 | } | ||
| 185 | |||
| 186 | int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a) | ||
| 187 | { | ||
| 188 | i2a_ASN1_OBJECT(bp, a->method); | ||
| 189 | #ifdef UNDEF | ||
| 190 | i2a_GENERAL_NAME(bp, a->location); | ||
| 191 | #endif | ||
| 192 | return 2; | ||
| 193 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c deleted file mode 100644 index 4bfd14cf46..0000000000 --- a/src/lib/libcrypto/x509v3/v3_int.c +++ /dev/null | |||
| @@ -1,89 +0,0 @@ | |||
| 1 | /* v3_int.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/x509v3.h> | ||
| 62 | |||
| 63 | const X509V3_EXT_METHOD v3_crl_num = { | ||
| 64 | NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), | ||
| 65 | 0,0,0,0, | ||
| 66 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | ||
| 67 | 0, | ||
| 68 | 0,0,0,0, NULL}; | ||
| 69 | |||
| 70 | const X509V3_EXT_METHOD v3_delta_crl = { | ||
| 71 | NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER), | ||
| 72 | 0,0,0,0, | ||
| 73 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | ||
| 74 | 0, | ||
| 75 | 0,0,0,0, NULL}; | ||
| 76 | |||
| 77 | static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value) | ||
| 78 | { | ||
| 79 | return s2i_ASN1_INTEGER(meth, value); | ||
| 80 | } | ||
| 81 | |||
| 82 | const X509V3_EXT_METHOD v3_inhibit_anyp = { | ||
| 83 | NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER), | ||
| 84 | 0,0,0,0, | ||
| 85 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | ||
| 86 | (X509V3_EXT_S2I)s2i_asn1_int, | ||
| 87 | 0,0,0,0, NULL}; | ||
| 88 | |||
| 89 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c deleted file mode 100644 index df3a48f43e..0000000000 --- a/src/lib/libcrypto/x509v3/v3_lib.c +++ /dev/null | |||
| @@ -1,303 +0,0 @@ | |||
| 1 | /* v3_lib.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | /* X509 v3 extension utilities */ | ||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/conf.h> | ||
| 63 | #include <openssl/x509v3.h> | ||
| 64 | |||
| 65 | #include "ext_dat.h" | ||
| 66 | |||
| 67 | static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; | ||
| 68 | |||
| 69 | static int ext_cmp(const X509V3_EXT_METHOD * const *a, | ||
| 70 | const X509V3_EXT_METHOD * const *b); | ||
| 71 | static void ext_list_free(X509V3_EXT_METHOD *ext); | ||
| 72 | |||
| 73 | int X509V3_EXT_add(X509V3_EXT_METHOD *ext) | ||
| 74 | { | ||
| 75 | if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { | ||
| 76 | X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); | ||
| 77 | return 0; | ||
| 78 | } | ||
| 79 | if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { | ||
| 80 | X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); | ||
| 81 | return 0; | ||
| 82 | } | ||
| 83 | return 1; | ||
| 84 | } | ||
| 85 | |||
| 86 | static int ext_cmp(const X509V3_EXT_METHOD * const *a, | ||
| 87 | const X509V3_EXT_METHOD * const *b) | ||
| 88 | { | ||
| 89 | return ((*a)->ext_nid - (*b)->ext_nid); | ||
| 90 | } | ||
| 91 | |||
| 92 | X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) | ||
| 93 | { | ||
| 94 | X509V3_EXT_METHOD tmp, *t = &tmp, **ret; | ||
| 95 | int idx; | ||
| 96 | if(nid < 0) return NULL; | ||
| 97 | tmp.ext_nid = nid; | ||
| 98 | ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t, | ||
| 99 | (char *)standard_exts, STANDARD_EXTENSION_COUNT, | ||
| 100 | sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp); | ||
| 101 | if(ret) return *ret; | ||
| 102 | if(!ext_list) return NULL; | ||
| 103 | idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); | ||
| 104 | if(idx == -1) return NULL; | ||
| 105 | return sk_X509V3_EXT_METHOD_value(ext_list, idx); | ||
| 106 | } | ||
| 107 | |||
| 108 | X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) | ||
| 109 | { | ||
| 110 | int nid; | ||
| 111 | if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; | ||
| 112 | return X509V3_EXT_get_nid(nid); | ||
| 113 | } | ||
| 114 | |||
| 115 | |||
| 116 | int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) | ||
| 117 | { | ||
| 118 | for(;extlist->ext_nid!=-1;extlist++) | ||
| 119 | if(!X509V3_EXT_add(extlist)) return 0; | ||
| 120 | return 1; | ||
| 121 | } | ||
| 122 | |||
| 123 | int X509V3_EXT_add_alias(int nid_to, int nid_from) | ||
| 124 | { | ||
| 125 | X509V3_EXT_METHOD *ext, *tmpext; | ||
| 126 | if(!(ext = X509V3_EXT_get_nid(nid_from))) { | ||
| 127 | X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); | ||
| 128 | return 0; | ||
| 129 | } | ||
| 130 | if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { | ||
| 131 | X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE); | ||
| 132 | return 0; | ||
| 133 | } | ||
| 134 | *tmpext = *ext; | ||
| 135 | tmpext->ext_nid = nid_to; | ||
| 136 | tmpext->ext_flags |= X509V3_EXT_DYNAMIC; | ||
| 137 | return X509V3_EXT_add(tmpext); | ||
| 138 | } | ||
| 139 | |||
| 140 | void X509V3_EXT_cleanup(void) | ||
| 141 | { | ||
| 142 | sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); | ||
| 143 | ext_list = NULL; | ||
| 144 | } | ||
| 145 | |||
| 146 | static void ext_list_free(X509V3_EXT_METHOD *ext) | ||
| 147 | { | ||
| 148 | if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext); | ||
| 149 | } | ||
| 150 | |||
| 151 | /* Legacy function: we don't need to add standard extensions | ||
| 152 | * any more because they are now kept in ext_dat.h. | ||
| 153 | */ | ||
| 154 | |||
| 155 | int X509V3_add_standard_extensions(void) | ||
| 156 | { | ||
| 157 | return 1; | ||
| 158 | } | ||
| 159 | |||
| 160 | /* Return an extension internal structure */ | ||
| 161 | |||
| 162 | void *X509V3_EXT_d2i(X509_EXTENSION *ext) | ||
| 163 | { | ||
| 164 | X509V3_EXT_METHOD *method; | ||
| 165 | const unsigned char *p; | ||
| 166 | |||
| 167 | if(!(method = X509V3_EXT_get(ext))) return NULL; | ||
| 168 | p = ext->value->data; | ||
| 169 | if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); | ||
| 170 | return method->d2i(NULL, &p, ext->value->length); | ||
| 171 | } | ||
| 172 | |||
| 173 | /* Get critical flag and decoded version of extension from a NID. | ||
| 174 | * The "idx" variable returns the last found extension and can | ||
| 175 | * be used to retrieve multiple extensions of the same NID. | ||
| 176 | * However multiple extensions with the same NID is usually | ||
| 177 | * due to a badly encoded certificate so if idx is NULL we | ||
| 178 | * choke if multiple extensions exist. | ||
| 179 | * The "crit" variable is set to the critical value. | ||
| 180 | * The return value is the decoded extension or NULL on | ||
| 181 | * error. The actual error can have several different causes, | ||
| 182 | * the value of *crit reflects the cause: | ||
| 183 | * >= 0, extension found but not decoded (reflects critical value). | ||
| 184 | * -1 extension not found. | ||
| 185 | * -2 extension occurs more than once. | ||
| 186 | */ | ||
| 187 | |||
| 188 | void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) | ||
| 189 | { | ||
| 190 | int lastpos, i; | ||
| 191 | X509_EXTENSION *ex, *found_ex = NULL; | ||
| 192 | if(!x) { | ||
| 193 | if(idx) *idx = -1; | ||
| 194 | if(crit) *crit = -1; | ||
| 195 | return NULL; | ||
| 196 | } | ||
| 197 | if(idx) lastpos = *idx + 1; | ||
| 198 | else lastpos = 0; | ||
| 199 | if(lastpos < 0) lastpos = 0; | ||
| 200 | for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) | ||
| 201 | { | ||
| 202 | ex = sk_X509_EXTENSION_value(x, i); | ||
| 203 | if(OBJ_obj2nid(ex->object) == nid) { | ||
| 204 | if(idx) { | ||
| 205 | *idx = i; | ||
| 206 | found_ex = ex; | ||
| 207 | break; | ||
| 208 | } else if(found_ex) { | ||
| 209 | /* Found more than one */ | ||
| 210 | if(crit) *crit = -2; | ||
| 211 | return NULL; | ||
| 212 | } | ||
| 213 | found_ex = ex; | ||
| 214 | } | ||
| 215 | } | ||
| 216 | if(found_ex) { | ||
| 217 | /* Found it */ | ||
| 218 | if(crit) *crit = X509_EXTENSION_get_critical(found_ex); | ||
| 219 | return X509V3_EXT_d2i(found_ex); | ||
| 220 | } | ||
| 221 | |||
| 222 | /* Extension not found */ | ||
| 223 | if(idx) *idx = -1; | ||
| 224 | if(crit) *crit = -1; | ||
| 225 | return NULL; | ||
| 226 | } | ||
| 227 | |||
| 228 | /* This function is a general extension append, replace and delete utility. | ||
| 229 | * The precise operation is governed by the 'flags' value. The 'crit' and | ||
| 230 | * 'value' arguments (if relevant) are the extensions internal structure. | ||
| 231 | */ | ||
| 232 | |||
| 233 | int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, | ||
| 234 | int crit, unsigned long flags) | ||
| 235 | { | ||
| 236 | int extidx = -1; | ||
| 237 | int errcode; | ||
| 238 | X509_EXTENSION *ext, *extmp; | ||
| 239 | unsigned long ext_op = flags & X509V3_ADD_OP_MASK; | ||
| 240 | |||
| 241 | /* If appending we don't care if it exists, otherwise | ||
| 242 | * look for existing extension. | ||
| 243 | */ | ||
| 244 | if(ext_op != X509V3_ADD_APPEND) | ||
| 245 | extidx = X509v3_get_ext_by_NID(*x, nid, -1); | ||
| 246 | |||
| 247 | /* See if extension exists */ | ||
| 248 | if(extidx >= 0) { | ||
| 249 | /* If keep existing, nothing to do */ | ||
| 250 | if(ext_op == X509V3_ADD_KEEP_EXISTING) | ||
| 251 | return 1; | ||
| 252 | /* If default then its an error */ | ||
| 253 | if(ext_op == X509V3_ADD_DEFAULT) { | ||
| 254 | errcode = X509V3_R_EXTENSION_EXISTS; | ||
| 255 | goto err; | ||
| 256 | } | ||
| 257 | /* If delete, just delete it */ | ||
| 258 | if(ext_op == X509V3_ADD_DELETE) { | ||
| 259 | if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1; | ||
| 260 | return 1; | ||
| 261 | } | ||
| 262 | } else { | ||
| 263 | /* If replace existing or delete, error since | ||
| 264 | * extension must exist | ||
| 265 | */ | ||
| 266 | if((ext_op == X509V3_ADD_REPLACE_EXISTING) || | ||
| 267 | (ext_op == X509V3_ADD_DELETE)) { | ||
| 268 | errcode = X509V3_R_EXTENSION_NOT_FOUND; | ||
| 269 | goto err; | ||
| 270 | } | ||
| 271 | } | ||
| 272 | |||
| 273 | /* If we get this far then we have to create an extension: | ||
| 274 | * could have some flags for alternative encoding schemes... | ||
| 275 | */ | ||
| 276 | |||
| 277 | ext = X509V3_EXT_i2d(nid, crit, value); | ||
| 278 | |||
| 279 | if(!ext) { | ||
| 280 | X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION); | ||
| 281 | return 0; | ||
| 282 | } | ||
| 283 | |||
| 284 | /* If extension exists replace it.. */ | ||
| 285 | if(extidx >= 0) { | ||
| 286 | extmp = sk_X509_EXTENSION_value(*x, extidx); | ||
| 287 | X509_EXTENSION_free(extmp); | ||
| 288 | if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1; | ||
| 289 | return 1; | ||
| 290 | } | ||
| 291 | |||
| 292 | if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1; | ||
| 293 | if(!sk_X509_EXTENSION_push(*x, ext)) return -1; | ||
| 294 | |||
| 295 | return 1; | ||
| 296 | |||
| 297 | err: | ||
| 298 | if(!(flags & X509V3_ADD_SILENT)) | ||
| 299 | X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); | ||
| 300 | return 0; | ||
| 301 | } | ||
| 302 | |||
| 303 | IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) | ||
diff --git a/src/lib/libcrypto/x509v3/v3_ncons.c b/src/lib/libcrypto/x509v3/v3_ncons.c deleted file mode 100644 index 4e706be3e1..0000000000 --- a/src/lib/libcrypto/x509v3/v3_ncons.c +++ /dev/null | |||
| @@ -1,220 +0,0 @@ | |||
| 1 | /* v3_ncons.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1t.h> | ||
| 63 | #include <openssl/conf.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, | ||
| 67 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 68 | static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, | ||
| 69 | void *a, BIO *bp, int ind); | ||
| 70 | static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, | ||
| 71 | STACK_OF(GENERAL_SUBTREE) *trees, | ||
| 72 | BIO *bp, int ind, char *name); | ||
| 73 | static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); | ||
| 74 | |||
| 75 | const X509V3_EXT_METHOD v3_name_constraints = { | ||
| 76 | NID_name_constraints, 0, | ||
| 77 | ASN1_ITEM_ref(NAME_CONSTRAINTS), | ||
| 78 | 0,0,0,0, | ||
| 79 | 0,0, | ||
| 80 | 0, v2i_NAME_CONSTRAINTS, | ||
| 81 | i2r_NAME_CONSTRAINTS,0, | ||
| 82 | NULL | ||
| 83 | }; | ||
| 84 | |||
| 85 | ASN1_SEQUENCE(GENERAL_SUBTREE) = { | ||
| 86 | ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME), | ||
| 87 | ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0), | ||
| 88 | ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1) | ||
| 89 | } ASN1_SEQUENCE_END(GENERAL_SUBTREE) | ||
| 90 | |||
| 91 | ASN1_SEQUENCE(NAME_CONSTRAINTS) = { | ||
| 92 | ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, | ||
| 93 | GENERAL_SUBTREE, 0), | ||
| 94 | ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, | ||
| 95 | GENERAL_SUBTREE, 1), | ||
| 96 | } ASN1_SEQUENCE_END(NAME_CONSTRAINTS) | ||
| 97 | |||
| 98 | |||
| 99 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) | ||
| 100 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) | ||
| 101 | |||
| 102 | static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, | ||
| 103 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | ||
| 104 | { | ||
| 105 | int i; | ||
| 106 | CONF_VALUE tval, *val; | ||
| 107 | STACK_OF(GENERAL_SUBTREE) **ptree = NULL; | ||
| 108 | NAME_CONSTRAINTS *ncons = NULL; | ||
| 109 | GENERAL_SUBTREE *sub = NULL; | ||
| 110 | ncons = NAME_CONSTRAINTS_new(); | ||
| 111 | if (!ncons) | ||
| 112 | goto memerr; | ||
| 113 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) | ||
| 114 | { | ||
| 115 | val = sk_CONF_VALUE_value(nval, i); | ||
| 116 | if (!strncmp(val->name, "permitted", 9) && val->name[9]) | ||
| 117 | { | ||
| 118 | ptree = &ncons->permittedSubtrees; | ||
| 119 | tval.name = val->name + 10; | ||
| 120 | } | ||
| 121 | else if (!strncmp(val->name, "excluded", 8) && val->name[8]) | ||
| 122 | { | ||
| 123 | ptree = &ncons->excludedSubtrees; | ||
| 124 | tval.name = val->name + 9; | ||
| 125 | } | ||
| 126 | else | ||
| 127 | { | ||
| 128 | X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); | ||
| 129 | goto err; | ||
| 130 | } | ||
| 131 | tval.value = val->value; | ||
| 132 | sub = GENERAL_SUBTREE_new(); | ||
| 133 | if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) | ||
| 134 | goto err; | ||
| 135 | if (!*ptree) | ||
| 136 | *ptree = sk_GENERAL_SUBTREE_new_null(); | ||
| 137 | if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) | ||
| 138 | goto memerr; | ||
| 139 | sub = NULL; | ||
| 140 | } | ||
| 141 | |||
| 142 | return ncons; | ||
| 143 | |||
| 144 | memerr: | ||
| 145 | X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); | ||
| 146 | err: | ||
| 147 | if (ncons) | ||
| 148 | NAME_CONSTRAINTS_free(ncons); | ||
| 149 | if (sub) | ||
| 150 | GENERAL_SUBTREE_free(sub); | ||
| 151 | |||
| 152 | return NULL; | ||
| 153 | } | ||
| 154 | |||
| 155 | |||
| 156 | |||
| 157 | |||
| 158 | static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, | ||
| 159 | void *a, BIO *bp, int ind) | ||
| 160 | { | ||
| 161 | NAME_CONSTRAINTS *ncons = a; | ||
| 162 | do_i2r_name_constraints(method, ncons->permittedSubtrees, | ||
| 163 | bp, ind, "Permitted"); | ||
| 164 | do_i2r_name_constraints(method, ncons->excludedSubtrees, | ||
| 165 | bp, ind, "Excluded"); | ||
| 166 | return 1; | ||
| 167 | } | ||
| 168 | |||
| 169 | static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, | ||
| 170 | STACK_OF(GENERAL_SUBTREE) *trees, | ||
| 171 | BIO *bp, int ind, char *name) | ||
| 172 | { | ||
| 173 | GENERAL_SUBTREE *tree; | ||
| 174 | int i; | ||
| 175 | if (sk_GENERAL_SUBTREE_num(trees) > 0) | ||
| 176 | BIO_printf(bp, "%*s%s:\n", ind, "", name); | ||
| 177 | for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) | ||
| 178 | { | ||
| 179 | tree = sk_GENERAL_SUBTREE_value(trees, i); | ||
| 180 | BIO_printf(bp, "%*s", ind + 2, ""); | ||
| 181 | if (tree->base->type == GEN_IPADD) | ||
| 182 | print_nc_ipadd(bp, tree->base->d.ip); | ||
| 183 | else | ||
| 184 | GENERAL_NAME_print(bp, tree->base); | ||
| 185 | tree = sk_GENERAL_SUBTREE_value(trees, i); | ||
| 186 | BIO_puts(bp, "\n"); | ||
| 187 | } | ||
| 188 | return 1; | ||
| 189 | } | ||
| 190 | |||
| 191 | static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) | ||
| 192 | { | ||
| 193 | int i, len; | ||
| 194 | unsigned char *p; | ||
| 195 | p = ip->data; | ||
| 196 | len = ip->length; | ||
| 197 | BIO_puts(bp, "IP:"); | ||
| 198 | if(len == 8) | ||
| 199 | { | ||
| 200 | BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", | ||
| 201 | p[0], p[1], p[2], p[3], | ||
| 202 | p[4], p[5], p[6], p[7]); | ||
| 203 | } | ||
| 204 | else if(len == 32) | ||
| 205 | { | ||
| 206 | for (i = 0; i < 16; i++) | ||
| 207 | { | ||
| 208 | BIO_printf(bp, "%X", p[0] << 8 | p[1]); | ||
| 209 | p += 2; | ||
| 210 | if (i == 7) | ||
| 211 | BIO_puts(bp, "/"); | ||
| 212 | else if (i != 15) | ||
| 213 | BIO_puts(bp, ":"); | ||
| 214 | } | ||
| 215 | } | ||
| 216 | else | ||
| 217 | BIO_printf(bp, "IP Address:<invalid>"); | ||
| 218 | return 1; | ||
| 219 | } | ||
| 220 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c deleted file mode 100644 index e426ea930c..0000000000 --- a/src/lib/libcrypto/x509v3/v3_ocsp.c +++ /dev/null | |||
| @@ -1,275 +0,0 @@ | |||
| 1 | /* v3_ocsp.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #ifndef OPENSSL_NO_OCSP | ||
| 60 | |||
| 61 | #include <stdio.h> | ||
| 62 | #include "cryptlib.h" | ||
| 63 | #include <openssl/conf.h> | ||
| 64 | #include <openssl/asn1.h> | ||
| 65 | #include <openssl/ocsp.h> | ||
| 66 | #include <openssl/x509v3.h> | ||
| 67 | |||
| 68 | /* OCSP extensions and a couple of CRL entry extensions | ||
| 69 | */ | ||
| 70 | |||
| 71 | static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); | ||
| 72 | static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); | ||
| 73 | static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent); | ||
| 74 | |||
| 75 | static void *ocsp_nonce_new(void); | ||
| 76 | static int i2d_ocsp_nonce(void *a, unsigned char **pp); | ||
| 77 | static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); | ||
| 78 | static void ocsp_nonce_free(void *a); | ||
| 79 | static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); | ||
| 80 | |||
| 81 | static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent); | ||
| 82 | static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str); | ||
| 83 | static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind); | ||
| 84 | |||
| 85 | const X509V3_EXT_METHOD v3_ocsp_crlid = { | ||
| 86 | NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), | ||
| 87 | 0,0,0,0, | ||
| 88 | 0,0, | ||
| 89 | 0,0, | ||
| 90 | i2r_ocsp_crlid,0, | ||
| 91 | NULL | ||
| 92 | }; | ||
| 93 | |||
| 94 | const X509V3_EXT_METHOD v3_ocsp_acutoff = { | ||
| 95 | NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), | ||
| 96 | 0,0,0,0, | ||
| 97 | 0,0, | ||
| 98 | 0,0, | ||
| 99 | i2r_ocsp_acutoff,0, | ||
| 100 | NULL | ||
| 101 | }; | ||
| 102 | |||
| 103 | const X509V3_EXT_METHOD v3_crl_invdate = { | ||
| 104 | NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), | ||
| 105 | 0,0,0,0, | ||
| 106 | 0,0, | ||
| 107 | 0,0, | ||
| 108 | i2r_ocsp_acutoff,0, | ||
| 109 | NULL | ||
| 110 | }; | ||
| 111 | |||
| 112 | const X509V3_EXT_METHOD v3_crl_hold = { | ||
| 113 | NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), | ||
| 114 | 0,0,0,0, | ||
| 115 | 0,0, | ||
| 116 | 0,0, | ||
| 117 | i2r_object,0, | ||
| 118 | NULL | ||
| 119 | }; | ||
| 120 | |||
| 121 | const X509V3_EXT_METHOD v3_ocsp_nonce = { | ||
| 122 | NID_id_pkix_OCSP_Nonce, 0, NULL, | ||
| 123 | ocsp_nonce_new, | ||
| 124 | ocsp_nonce_free, | ||
| 125 | d2i_ocsp_nonce, | ||
| 126 | i2d_ocsp_nonce, | ||
| 127 | 0,0, | ||
| 128 | 0,0, | ||
| 129 | i2r_ocsp_nonce,0, | ||
| 130 | NULL | ||
| 131 | }; | ||
| 132 | |||
| 133 | const X509V3_EXT_METHOD v3_ocsp_nocheck = { | ||
| 134 | NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), | ||
| 135 | 0,0,0,0, | ||
| 136 | 0,s2i_ocsp_nocheck, | ||
| 137 | 0,0, | ||
| 138 | i2r_ocsp_nocheck,0, | ||
| 139 | NULL | ||
| 140 | }; | ||
| 141 | |||
| 142 | const X509V3_EXT_METHOD v3_ocsp_serviceloc = { | ||
| 143 | NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), | ||
| 144 | 0,0,0,0, | ||
| 145 | 0,0, | ||
| 146 | 0,0, | ||
| 147 | i2r_ocsp_serviceloc,0, | ||
| 148 | NULL | ||
| 149 | }; | ||
| 150 | |||
| 151 | static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) | ||
| 152 | { | ||
| 153 | OCSP_CRLID *a = in; | ||
| 154 | if (a->crlUrl) | ||
| 155 | { | ||
| 156 | if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err; | ||
| 157 | if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err; | ||
| 158 | if (!BIO_write(bp, "\n", 1)) goto err; | ||
| 159 | } | ||
| 160 | if (a->crlNum) | ||
| 161 | { | ||
| 162 | if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err; | ||
| 163 | if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err; | ||
| 164 | if (!BIO_write(bp, "\n", 1)) goto err; | ||
| 165 | } | ||
| 166 | if (a->crlTime) | ||
| 167 | { | ||
| 168 | if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err; | ||
| 169 | if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err; | ||
| 170 | if (!BIO_write(bp, "\n", 1)) goto err; | ||
| 171 | } | ||
| 172 | return 1; | ||
| 173 | err: | ||
| 174 | return 0; | ||
| 175 | } | ||
| 176 | |||
| 177 | static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind) | ||
| 178 | { | ||
| 179 | if (!BIO_printf(bp, "%*s", ind, "")) return 0; | ||
| 180 | if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0; | ||
| 181 | return 1; | ||
| 182 | } | ||
| 183 | |||
| 184 | |||
| 185 | static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) | ||
| 186 | { | ||
| 187 | if (!BIO_printf(bp, "%*s", ind, "")) return 0; | ||
| 188 | if(!i2a_ASN1_OBJECT(bp, oid)) return 0; | ||
| 189 | return 1; | ||
| 190 | } | ||
| 191 | |||
| 192 | /* OCSP nonce. This is needs special treatment because it doesn't have | ||
| 193 | * an ASN1 encoding at all: it just contains arbitrary data. | ||
| 194 | */ | ||
| 195 | |||
| 196 | static void *ocsp_nonce_new(void) | ||
| 197 | { | ||
| 198 | return ASN1_OCTET_STRING_new(); | ||
| 199 | } | ||
| 200 | |||
| 201 | static int i2d_ocsp_nonce(void *a, unsigned char **pp) | ||
| 202 | { | ||
| 203 | ASN1_OCTET_STRING *os = a; | ||
| 204 | if(pp) { | ||
| 205 | memcpy(*pp, os->data, os->length); | ||
| 206 | *pp += os->length; | ||
| 207 | } | ||
| 208 | return os->length; | ||
| 209 | } | ||
| 210 | |||
| 211 | static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) | ||
| 212 | { | ||
| 213 | ASN1_OCTET_STRING *os, **pos; | ||
| 214 | pos = a; | ||
| 215 | if(!pos || !*pos) os = ASN1_OCTET_STRING_new(); | ||
| 216 | else os = *pos; | ||
| 217 | if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err; | ||
| 218 | |||
| 219 | *pp += length; | ||
| 220 | |||
| 221 | if(pos) *pos = os; | ||
| 222 | return os; | ||
| 223 | |||
| 224 | err: | ||
| 225 | if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os); | ||
| 226 | OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); | ||
| 227 | return NULL; | ||
| 228 | } | ||
| 229 | |||
| 230 | static void ocsp_nonce_free(void *a) | ||
| 231 | { | ||
| 232 | M_ASN1_OCTET_STRING_free(a); | ||
| 233 | } | ||
| 234 | |||
| 235 | static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent) | ||
| 236 | { | ||
| 237 | if(BIO_printf(out, "%*s", indent, "") <= 0) return 0; | ||
| 238 | if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0; | ||
| 239 | return 1; | ||
| 240 | } | ||
| 241 | |||
| 242 | /* Nocheck is just a single NULL. Don't print anything and always set it */ | ||
| 243 | |||
| 244 | static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent) | ||
| 245 | { | ||
| 246 | return 1; | ||
| 247 | } | ||
| 248 | |||
| 249 | static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) | ||
| 250 | { | ||
| 251 | return ASN1_NULL_new(); | ||
| 252 | } | ||
| 253 | |||
| 254 | static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) | ||
| 255 | { | ||
| 256 | int i; | ||
| 257 | OCSP_SERVICELOC *a = in; | ||
| 258 | ACCESS_DESCRIPTION *ad; | ||
| 259 | |||
| 260 | if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err; | ||
| 261 | if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err; | ||
| 262 | for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) | ||
| 263 | { | ||
| 264 | ad = sk_ACCESS_DESCRIPTION_value(a->locator,i); | ||
| 265 | if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) | ||
| 266 | goto err; | ||
| 267 | if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err; | ||
| 268 | if(BIO_puts(bp, " - ") <= 0) goto err; | ||
| 269 | if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err; | ||
| 270 | } | ||
| 271 | return 1; | ||
| 272 | err: | ||
| 273 | return 0; | ||
| 274 | } | ||
| 275 | #endif | ||
diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c deleted file mode 100644 index 601211f416..0000000000 --- a/src/lib/libcrypto/x509v3/v3_pci.c +++ /dev/null | |||
| @@ -1,302 +0,0 @@ | |||
| 1 | /* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */ | ||
| 2 | /* Contributed to the OpenSSL Project 2004 | ||
| 3 | * by Richard Levitte (richard@levitte.org) | ||
| 4 | */ | ||
| 5 | /* Copyright (c) 2004 Kungliga Tekniska Högskolan | ||
| 6 | * (Royal Institute of Technology, Stockholm, Sweden). | ||
| 7 | * All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in the | ||
| 18 | * documentation and/or other materials provided with the distribution. | ||
| 19 | * | ||
| 20 | * 3. Neither the name of the Institute nor the names of its contributors | ||
| 21 | * may be used to endorse or promote products derived from this software | ||
| 22 | * without specific prior written permission. | ||
| 23 | * | ||
| 24 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | ||
| 25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | ||
| 28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 34 | * SUCH DAMAGE. | ||
| 35 | */ | ||
| 36 | |||
| 37 | #include <stdio.h> | ||
| 38 | #include "cryptlib.h" | ||
| 39 | #include <openssl/conf.h> | ||
| 40 | #include <openssl/x509v3.h> | ||
| 41 | |||
| 42 | static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, | ||
| 43 | BIO *out, int indent); | ||
| 44 | static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, | ||
| 45 | X509V3_CTX *ctx, char *str); | ||
| 46 | |||
| 47 | const X509V3_EXT_METHOD v3_pci = | ||
| 48 | { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), | ||
| 49 | 0,0,0,0, | ||
| 50 | 0,0, | ||
| 51 | NULL, NULL, | ||
| 52 | (X509V3_EXT_I2R)i2r_pci, | ||
| 53 | (X509V3_EXT_R2I)r2i_pci, | ||
| 54 | NULL, | ||
| 55 | }; | ||
| 56 | |||
| 57 | static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, | ||
| 58 | BIO *out, int indent) | ||
| 59 | { | ||
| 60 | BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); | ||
| 61 | if (pci->pcPathLengthConstraint) | ||
| 62 | i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); | ||
| 63 | else | ||
| 64 | BIO_printf(out, "infinite"); | ||
| 65 | BIO_puts(out, "\n"); | ||
| 66 | BIO_printf(out, "%*sPolicy Language: ", indent, ""); | ||
| 67 | i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); | ||
| 68 | BIO_puts(out, "\n"); | ||
| 69 | if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) | ||
| 70 | BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", | ||
| 71 | pci->proxyPolicy->policy->data); | ||
| 72 | return 1; | ||
| 73 | } | ||
| 74 | |||
| 75 | static int process_pci_value(CONF_VALUE *val, | ||
| 76 | ASN1_OBJECT **language, ASN1_INTEGER **pathlen, | ||
| 77 | ASN1_OCTET_STRING **policy) | ||
| 78 | { | ||
| 79 | int free_policy = 0; | ||
| 80 | |||
| 81 | if (strcmp(val->name, "language") == 0) | ||
| 82 | { | ||
| 83 | if (*language) | ||
| 84 | { | ||
| 85 | X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); | ||
| 86 | X509V3_conf_err(val); | ||
| 87 | return 0; | ||
| 88 | } | ||
| 89 | if (!(*language = OBJ_txt2obj(val->value, 0))) | ||
| 90 | { | ||
| 91 | X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 92 | X509V3_conf_err(val); | ||
| 93 | return 0; | ||
| 94 | } | ||
| 95 | } | ||
| 96 | else if (strcmp(val->name, "pathlen") == 0) | ||
| 97 | { | ||
| 98 | if (*pathlen) | ||
| 99 | { | ||
| 100 | X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); | ||
| 101 | X509V3_conf_err(val); | ||
| 102 | return 0; | ||
| 103 | } | ||
| 104 | if (!X509V3_get_value_int(val, pathlen)) | ||
| 105 | { | ||
| 106 | X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH); | ||
| 107 | X509V3_conf_err(val); | ||
| 108 | return 0; | ||
| 109 | } | ||
| 110 | } | ||
| 111 | else if (strcmp(val->name, "policy") == 0) | ||
| 112 | { | ||
| 113 | unsigned char *tmp_data = NULL; | ||
| 114 | long val_len; | ||
| 115 | if (!*policy) | ||
| 116 | { | ||
| 117 | *policy = ASN1_OCTET_STRING_new(); | ||
| 118 | if (!*policy) | ||
| 119 | { | ||
| 120 | X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); | ||
| 121 | X509V3_conf_err(val); | ||
| 122 | return 0; | ||
| 123 | } | ||
| 124 | free_policy = 1; | ||
| 125 | } | ||
| 126 | if (strncmp(val->value, "hex:", 4) == 0) | ||
| 127 | { | ||
| 128 | unsigned char *tmp_data2 = | ||
| 129 | string_to_hex(val->value + 4, &val_len); | ||
| 130 | |||
| 131 | if (!tmp_data2) goto err; | ||
| 132 | |||
| 133 | tmp_data = OPENSSL_realloc((*policy)->data, | ||
| 134 | (*policy)->length + val_len + 1); | ||
| 135 | if (tmp_data) | ||
| 136 | { | ||
| 137 | (*policy)->data = tmp_data; | ||
| 138 | memcpy(&(*policy)->data[(*policy)->length], | ||
| 139 | tmp_data2, val_len); | ||
| 140 | (*policy)->length += val_len; | ||
| 141 | (*policy)->data[(*policy)->length] = '\0'; | ||
| 142 | } | ||
| 143 | } | ||
| 144 | else if (strncmp(val->value, "file:", 5) == 0) | ||
| 145 | { | ||
| 146 | unsigned char buf[2048]; | ||
| 147 | int n; | ||
| 148 | BIO *b = BIO_new_file(val->value + 5, "r"); | ||
| 149 | if (!b) | ||
| 150 | { | ||
| 151 | X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB); | ||
| 152 | X509V3_conf_err(val); | ||
| 153 | goto err; | ||
| 154 | } | ||
| 155 | while((n = BIO_read(b, buf, sizeof(buf))) > 0 | ||
| 156 | || (n == 0 && BIO_should_retry(b))) | ||
| 157 | { | ||
| 158 | if (!n) continue; | ||
| 159 | |||
| 160 | tmp_data = OPENSSL_realloc((*policy)->data, | ||
| 161 | (*policy)->length + n + 1); | ||
| 162 | |||
| 163 | if (!tmp_data) | ||
| 164 | break; | ||
| 165 | |||
| 166 | (*policy)->data = tmp_data; | ||
| 167 | memcpy(&(*policy)->data[(*policy)->length], | ||
| 168 | buf, n); | ||
| 169 | (*policy)->length += n; | ||
| 170 | (*policy)->data[(*policy)->length] = '\0'; | ||
| 171 | } | ||
| 172 | |||
| 173 | if (n < 0) | ||
| 174 | { | ||
| 175 | X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB); | ||
| 176 | X509V3_conf_err(val); | ||
| 177 | goto err; | ||
| 178 | } | ||
| 179 | } | ||
| 180 | else if (strncmp(val->value, "text:", 5) == 0) | ||
| 181 | { | ||
| 182 | val_len = strlen(val->value + 5); | ||
| 183 | tmp_data = OPENSSL_realloc((*policy)->data, | ||
| 184 | (*policy)->length + val_len + 1); | ||
| 185 | if (tmp_data) | ||
| 186 | { | ||
| 187 | (*policy)->data = tmp_data; | ||
| 188 | memcpy(&(*policy)->data[(*policy)->length], | ||
| 189 | val->value + 5, val_len); | ||
| 190 | (*policy)->length += val_len; | ||
| 191 | (*policy)->data[(*policy)->length] = '\0'; | ||
| 192 | } | ||
| 193 | } | ||
| 194 | else | ||
| 195 | { | ||
| 196 | X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); | ||
| 197 | X509V3_conf_err(val); | ||
| 198 | goto err; | ||
| 199 | } | ||
| 200 | if (!tmp_data) | ||
| 201 | { | ||
| 202 | X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); | ||
| 203 | X509V3_conf_err(val); | ||
| 204 | goto err; | ||
| 205 | } | ||
| 206 | } | ||
| 207 | return 1; | ||
| 208 | err: | ||
| 209 | if (free_policy) | ||
| 210 | { | ||
| 211 | ASN1_OCTET_STRING_free(*policy); | ||
| 212 | *policy = NULL; | ||
| 213 | } | ||
| 214 | return 0; | ||
| 215 | } | ||
| 216 | |||
| 217 | static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, | ||
| 218 | X509V3_CTX *ctx, char *value) | ||
| 219 | { | ||
| 220 | PROXY_CERT_INFO_EXTENSION *pci = NULL; | ||
| 221 | STACK_OF(CONF_VALUE) *vals; | ||
| 222 | ASN1_OBJECT *language = NULL; | ||
| 223 | ASN1_INTEGER *pathlen = NULL; | ||
| 224 | ASN1_OCTET_STRING *policy = NULL; | ||
| 225 | int i, j; | ||
| 226 | |||
| 227 | vals = X509V3_parse_list(value); | ||
| 228 | for (i = 0; i < sk_CONF_VALUE_num(vals); i++) | ||
| 229 | { | ||
| 230 | CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); | ||
| 231 | if (!cnf->name || (*cnf->name != '@' && !cnf->value)) | ||
| 232 | { | ||
| 233 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING); | ||
| 234 | X509V3_conf_err(cnf); | ||
| 235 | goto err; | ||
| 236 | } | ||
| 237 | if (*cnf->name == '@') | ||
| 238 | { | ||
| 239 | STACK_OF(CONF_VALUE) *sect; | ||
| 240 | int success_p = 1; | ||
| 241 | |||
| 242 | sect = X509V3_get_section(ctx, cnf->name + 1); | ||
| 243 | if (!sect) | ||
| 244 | { | ||
| 245 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION); | ||
| 246 | X509V3_conf_err(cnf); | ||
| 247 | goto err; | ||
| 248 | } | ||
| 249 | for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) | ||
| 250 | { | ||
| 251 | success_p = | ||
| 252 | process_pci_value(sk_CONF_VALUE_value(sect, j), | ||
| 253 | &language, &pathlen, &policy); | ||
| 254 | } | ||
| 255 | X509V3_section_free(ctx, sect); | ||
| 256 | if (!success_p) | ||
| 257 | goto err; | ||
| 258 | } | ||
| 259 | else | ||
| 260 | { | ||
| 261 | if (!process_pci_value(cnf, | ||
| 262 | &language, &pathlen, &policy)) | ||
| 263 | { | ||
| 264 | X509V3_conf_err(cnf); | ||
| 265 | goto err; | ||
| 266 | } | ||
| 267 | } | ||
| 268 | } | ||
| 269 | |||
| 270 | /* Language is mandatory */ | ||
| 271 | if (!language) | ||
| 272 | { | ||
| 273 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); | ||
| 274 | goto err; | ||
| 275 | } | ||
| 276 | i = OBJ_obj2nid(language); | ||
| 277 | if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) | ||
| 278 | { | ||
| 279 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); | ||
| 280 | goto err; | ||
| 281 | } | ||
| 282 | |||
| 283 | pci = PROXY_CERT_INFO_EXTENSION_new(); | ||
| 284 | if (!pci) | ||
| 285 | { | ||
| 286 | X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); | ||
| 287 | goto err; | ||
| 288 | } | ||
| 289 | |||
| 290 | pci->proxyPolicy->policyLanguage = language; language = NULL; | ||
| 291 | pci->proxyPolicy->policy = policy; policy = NULL; | ||
| 292 | pci->pcPathLengthConstraint = pathlen; pathlen = NULL; | ||
| 293 | goto end; | ||
| 294 | err: | ||
| 295 | if (language) { ASN1_OBJECT_free(language); language = NULL; } | ||
| 296 | if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; } | ||
| 297 | if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; } | ||
| 298 | if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; } | ||
| 299 | end: | ||
| 300 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | ||
| 301 | return pci; | ||
| 302 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_pcia.c b/src/lib/libcrypto/x509v3/v3_pcia.c deleted file mode 100644 index bb362e0e5a..0000000000 --- a/src/lib/libcrypto/x509v3/v3_pcia.c +++ /dev/null | |||
| @@ -1,55 +0,0 @@ | |||
| 1 | /* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */ | ||
| 2 | /* Contributed to the OpenSSL Project 2004 | ||
| 3 | * by Richard Levitte (richard@levitte.org) | ||
| 4 | */ | ||
| 5 | /* Copyright (c) 2004 Kungliga Tekniska Högskolan | ||
| 6 | * (Royal Institute of Technology, Stockholm, Sweden). | ||
| 7 | * All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in the | ||
| 18 | * documentation and/or other materials provided with the distribution. | ||
| 19 | * | ||
| 20 | * 3. Neither the name of the Institute nor the names of its contributors | ||
| 21 | * may be used to endorse or promote products derived from this software | ||
| 22 | * without specific prior written permission. | ||
| 23 | * | ||
| 24 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | ||
| 25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | ||
| 28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 34 | * SUCH DAMAGE. | ||
| 35 | */ | ||
| 36 | |||
| 37 | #include <openssl/asn1.h> | ||
| 38 | #include <openssl/asn1t.h> | ||
| 39 | #include <openssl/x509v3.h> | ||
| 40 | |||
| 41 | ASN1_SEQUENCE(PROXY_POLICY) = | ||
| 42 | { | ||
| 43 | ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), | ||
| 44 | ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) | ||
| 45 | } ASN1_SEQUENCE_END(PROXY_POLICY) | ||
| 46 | |||
| 47 | IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY) | ||
| 48 | |||
| 49 | ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) = | ||
| 50 | { | ||
| 51 | ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), | ||
| 52 | ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) | ||
| 53 | } ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION) | ||
| 54 | |||
| 55 | IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) | ||
diff --git a/src/lib/libcrypto/x509v3/v3_pcons.c b/src/lib/libcrypto/x509v3/v3_pcons.c deleted file mode 100644 index 86c0ff70e6..0000000000 --- a/src/lib/libcrypto/x509v3/v3_pcons.c +++ /dev/null | |||
| @@ -1,136 +0,0 @@ | |||
| 1 | /* v3_pcons.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/asn1t.h> | ||
| 64 | #include <openssl/conf.h> | ||
| 65 | #include <openssl/x509v3.h> | ||
| 66 | |||
| 67 | static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, | ||
| 68 | void *bcons, STACK_OF(CONF_VALUE) *extlist); | ||
| 69 | static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, | ||
| 70 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); | ||
| 71 | |||
| 72 | const X509V3_EXT_METHOD v3_policy_constraints = { | ||
| 73 | NID_policy_constraints, 0, | ||
| 74 | ASN1_ITEM_ref(POLICY_CONSTRAINTS), | ||
| 75 | 0,0,0,0, | ||
| 76 | 0,0, | ||
| 77 | i2v_POLICY_CONSTRAINTS, | ||
| 78 | v2i_POLICY_CONSTRAINTS, | ||
| 79 | NULL,NULL, | ||
| 80 | NULL | ||
| 81 | }; | ||
| 82 | |||
| 83 | ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { | ||
| 84 | ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0), | ||
| 85 | ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1) | ||
| 86 | } ASN1_SEQUENCE_END(POLICY_CONSTRAINTS) | ||
| 87 | |||
| 88 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) | ||
| 89 | |||
| 90 | |||
| 91 | static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, | ||
| 92 | void *a, STACK_OF(CONF_VALUE) *extlist) | ||
| 93 | { | ||
| 94 | POLICY_CONSTRAINTS *pcons = a; | ||
| 95 | X509V3_add_value_int("Require Explicit Policy", | ||
| 96 | pcons->requireExplicitPolicy, &extlist); | ||
| 97 | X509V3_add_value_int("Inhibit Policy Mapping", | ||
| 98 | pcons->inhibitPolicyMapping, &extlist); | ||
| 99 | return extlist; | ||
| 100 | } | ||
| 101 | |||
| 102 | static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, | ||
| 103 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) | ||
| 104 | { | ||
| 105 | POLICY_CONSTRAINTS *pcons=NULL; | ||
| 106 | CONF_VALUE *val; | ||
| 107 | int i; | ||
| 108 | if(!(pcons = POLICY_CONSTRAINTS_new())) { | ||
| 109 | X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); | ||
| 110 | return NULL; | ||
| 111 | } | ||
| 112 | for(i = 0; i < sk_CONF_VALUE_num(values); i++) { | ||
| 113 | val = sk_CONF_VALUE_value(values, i); | ||
| 114 | if(!strcmp(val->name, "requireExplicitPolicy")) { | ||
| 115 | if(!X509V3_get_value_int(val, | ||
| 116 | &pcons->requireExplicitPolicy)) goto err; | ||
| 117 | } else if(!strcmp(val->name, "inhibitPolicyMapping")) { | ||
| 118 | if(!X509V3_get_value_int(val, | ||
| 119 | &pcons->inhibitPolicyMapping)) goto err; | ||
| 120 | } else { | ||
| 121 | X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME); | ||
| 122 | X509V3_conf_err(val); | ||
| 123 | goto err; | ||
| 124 | } | ||
| 125 | } | ||
| 126 | if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { | ||
| 127 | X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION); | ||
| 128 | goto err; | ||
| 129 | } | ||
| 130 | |||
| 131 | return pcons; | ||
| 132 | err: | ||
| 133 | POLICY_CONSTRAINTS_free(pcons); | ||
| 134 | return NULL; | ||
| 135 | } | ||
| 136 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c deleted file mode 100644 index 076f3ff48e..0000000000 --- a/src/lib/libcrypto/x509v3/v3_pku.c +++ /dev/null | |||
| @@ -1,108 +0,0 @@ | |||
| 1 | /* v3_pku.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/asn1.h> | ||
| 62 | #include <openssl/asn1t.h> | ||
| 63 | #include <openssl/x509v3.h> | ||
| 64 | |||
| 65 | static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent); | ||
| 66 | /* | ||
| 67 | static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); | ||
| 68 | */ | ||
| 69 | const X509V3_EXT_METHOD v3_pkey_usage_period = { | ||
| 70 | NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), | ||
| 71 | 0,0,0,0, | ||
| 72 | 0,0,0,0, | ||
| 73 | (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, | ||
| 74 | NULL | ||
| 75 | }; | ||
| 76 | |||
| 77 | ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = { | ||
| 78 | ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), | ||
| 79 | ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) | ||
| 80 | } ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD) | ||
| 81 | |||
| 82 | IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) | ||
| 83 | |||
| 84 | static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, | ||
| 85 | PKEY_USAGE_PERIOD *usage, BIO *out, int indent) | ||
| 86 | { | ||
| 87 | BIO_printf(out, "%*s", indent, ""); | ||
| 88 | if(usage->notBefore) { | ||
| 89 | BIO_write(out, "Not Before: ", 12); | ||
| 90 | ASN1_GENERALIZEDTIME_print(out, usage->notBefore); | ||
| 91 | if(usage->notAfter) BIO_write(out, ", ", 2); | ||
| 92 | } | ||
| 93 | if(usage->notAfter) { | ||
| 94 | BIO_write(out, "Not After: ", 11); | ||
| 95 | ASN1_GENERALIZEDTIME_print(out, usage->notAfter); | ||
| 96 | } | ||
| 97 | return 1; | ||
| 98 | } | ||
| 99 | |||
| 100 | /* | ||
| 101 | static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values) | ||
| 102 | X509V3_EXT_METHOD *method; | ||
| 103 | X509V3_CTX *ctx; | ||
| 104 | STACK_OF(CONF_VALUE) *values; | ||
| 105 | { | ||
| 106 | return NULL; | ||
| 107 | } | ||
| 108 | */ | ||
diff --git a/src/lib/libcrypto/x509v3/v3_pmaps.c b/src/lib/libcrypto/x509v3/v3_pmaps.c deleted file mode 100644 index da03bbc35d..0000000000 --- a/src/lib/libcrypto/x509v3/v3_pmaps.c +++ /dev/null | |||
| @@ -1,153 +0,0 @@ | |||
| 1 | /* v3_pmaps.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1t.h> | ||
| 63 | #include <openssl/conf.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, | ||
| 67 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 68 | static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, | ||
| 69 | void *pmps, STACK_OF(CONF_VALUE) *extlist); | ||
| 70 | |||
| 71 | const X509V3_EXT_METHOD v3_policy_mappings = { | ||
| 72 | NID_policy_mappings, 0, | ||
| 73 | ASN1_ITEM_ref(POLICY_MAPPINGS), | ||
| 74 | 0,0,0,0, | ||
| 75 | 0,0, | ||
| 76 | i2v_POLICY_MAPPINGS, | ||
| 77 | v2i_POLICY_MAPPINGS, | ||
| 78 | 0,0, | ||
| 79 | NULL | ||
| 80 | }; | ||
| 81 | |||
| 82 | ASN1_SEQUENCE(POLICY_MAPPING) = { | ||
| 83 | ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), | ||
| 84 | ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) | ||
| 85 | } ASN1_SEQUENCE_END(POLICY_MAPPING) | ||
| 86 | |||
| 87 | ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = | ||
| 88 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, | ||
| 89 | POLICY_MAPPING) | ||
| 90 | ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) | ||
| 91 | |||
| 92 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) | ||
| 93 | |||
| 94 | |||
| 95 | static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, | ||
| 96 | void *a, STACK_OF(CONF_VALUE) *ext_list) | ||
| 97 | { | ||
| 98 | POLICY_MAPPINGS *pmaps = a; | ||
| 99 | POLICY_MAPPING *pmap; | ||
| 100 | int i; | ||
| 101 | char obj_tmp1[80]; | ||
| 102 | char obj_tmp2[80]; | ||
| 103 | for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { | ||
| 104 | pmap = sk_POLICY_MAPPING_value(pmaps, i); | ||
| 105 | i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); | ||
| 106 | i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy); | ||
| 107 | X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list); | ||
| 108 | } | ||
| 109 | return ext_list; | ||
| 110 | } | ||
| 111 | |||
| 112 | static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, | ||
| 113 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | ||
| 114 | { | ||
| 115 | POLICY_MAPPINGS *pmaps; | ||
| 116 | POLICY_MAPPING *pmap; | ||
| 117 | ASN1_OBJECT *obj1, *obj2; | ||
| 118 | CONF_VALUE *val; | ||
| 119 | int i; | ||
| 120 | |||
| 121 | if(!(pmaps = sk_POLICY_MAPPING_new_null())) { | ||
| 122 | X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); | ||
| 123 | return NULL; | ||
| 124 | } | ||
| 125 | |||
| 126 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
| 127 | val = sk_CONF_VALUE_value(nval, i); | ||
| 128 | if(!val->value || !val->name) { | ||
| 129 | sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); | ||
| 130 | X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 131 | X509V3_conf_err(val); | ||
| 132 | return NULL; | ||
| 133 | } | ||
| 134 | obj1 = OBJ_txt2obj(val->name, 0); | ||
| 135 | obj2 = OBJ_txt2obj(val->value, 0); | ||
| 136 | if(!obj1 || !obj2) { | ||
| 137 | sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); | ||
| 138 | X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 139 | X509V3_conf_err(val); | ||
| 140 | return NULL; | ||
| 141 | } | ||
| 142 | pmap = POLICY_MAPPING_new(); | ||
| 143 | if (!pmap) { | ||
| 144 | sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); | ||
| 145 | X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); | ||
| 146 | return NULL; | ||
| 147 | } | ||
| 148 | pmap->issuerDomainPolicy = obj1; | ||
| 149 | pmap->subjectDomainPolicy = obj2; | ||
| 150 | sk_POLICY_MAPPING_push(pmaps, pmap); | ||
| 151 | } | ||
| 152 | return pmaps; | ||
| 153 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c deleted file mode 100644 index c1bb17f105..0000000000 --- a/src/lib/libcrypto/x509v3/v3_prn.c +++ /dev/null | |||
| @@ -1,234 +0,0 @@ | |||
| 1 | /* v3_prn.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | /* X509 v3 extension utilities */ | ||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/conf.h> | ||
| 63 | #include <openssl/x509v3.h> | ||
| 64 | |||
| 65 | /* Extension printing routines */ | ||
| 66 | |||
| 67 | static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported); | ||
| 68 | |||
| 69 | /* Print out a name+value stack */ | ||
| 70 | |||
| 71 | void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) | ||
| 72 | { | ||
| 73 | int i; | ||
| 74 | CONF_VALUE *nval; | ||
| 75 | if(!val) return; | ||
| 76 | if(!ml || !sk_CONF_VALUE_num(val)) { | ||
| 77 | BIO_printf(out, "%*s", indent, ""); | ||
| 78 | if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n"); | ||
| 79 | } | ||
| 80 | for(i = 0; i < sk_CONF_VALUE_num(val); i++) { | ||
| 81 | if(ml) BIO_printf(out, "%*s", indent, ""); | ||
| 82 | else if(i > 0) BIO_printf(out, ", "); | ||
| 83 | nval = sk_CONF_VALUE_value(val, i); | ||
| 84 | if(!nval->name) BIO_puts(out, nval->value); | ||
| 85 | else if(!nval->value) BIO_puts(out, nval->name); | ||
| 86 | #ifndef CHARSET_EBCDIC | ||
| 87 | else BIO_printf(out, "%s:%s", nval->name, nval->value); | ||
| 88 | #else | ||
| 89 | else { | ||
| 90 | int len; | ||
| 91 | char *tmp; | ||
| 92 | len = strlen(nval->value)+1; | ||
| 93 | tmp = OPENSSL_malloc(len); | ||
| 94 | if (tmp) | ||
| 95 | { | ||
| 96 | ascii2ebcdic(tmp, nval->value, len); | ||
| 97 | BIO_printf(out, "%s:%s", nval->name, tmp); | ||
| 98 | OPENSSL_free(tmp); | ||
| 99 | } | ||
| 100 | } | ||
| 101 | #endif | ||
| 102 | if(ml) BIO_puts(out, "\n"); | ||
| 103 | } | ||
| 104 | } | ||
| 105 | |||
| 106 | /* Main routine: print out a general extension */ | ||
| 107 | |||
| 108 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent) | ||
| 109 | { | ||
| 110 | void *ext_str = NULL; | ||
| 111 | char *value = NULL; | ||
| 112 | const unsigned char *p; | ||
| 113 | X509V3_EXT_METHOD *method; | ||
| 114 | STACK_OF(CONF_VALUE) *nval = NULL; | ||
| 115 | int ok = 1; | ||
| 116 | |||
| 117 | if(!(method = X509V3_EXT_get(ext))) | ||
| 118 | return unknown_ext_print(out, ext, flag, indent, 0); | ||
| 119 | p = ext->value->data; | ||
| 120 | if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); | ||
| 121 | else ext_str = method->d2i(NULL, &p, ext->value->length); | ||
| 122 | |||
| 123 | if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1); | ||
| 124 | |||
| 125 | if(method->i2s) { | ||
| 126 | if(!(value = method->i2s(method, ext_str))) { | ||
| 127 | ok = 0; | ||
| 128 | goto err; | ||
| 129 | } | ||
| 130 | #ifndef CHARSET_EBCDIC | ||
| 131 | BIO_printf(out, "%*s%s", indent, "", value); | ||
| 132 | #else | ||
| 133 | { | ||
| 134 | int len; | ||
| 135 | char *tmp; | ||
| 136 | len = strlen(value)+1; | ||
| 137 | tmp = OPENSSL_malloc(len); | ||
| 138 | if (tmp) | ||
| 139 | { | ||
| 140 | ascii2ebcdic(tmp, value, len); | ||
| 141 | BIO_printf(out, "%*s%s", indent, "", tmp); | ||
| 142 | OPENSSL_free(tmp); | ||
| 143 | } | ||
| 144 | } | ||
| 145 | #endif | ||
| 146 | } else if(method->i2v) { | ||
| 147 | if(!(nval = method->i2v(method, ext_str, NULL))) { | ||
| 148 | ok = 0; | ||
| 149 | goto err; | ||
| 150 | } | ||
| 151 | X509V3_EXT_val_prn(out, nval, indent, | ||
| 152 | method->ext_flags & X509V3_EXT_MULTILINE); | ||
| 153 | } else if(method->i2r) { | ||
| 154 | if(!method->i2r(method, ext_str, out, indent)) ok = 0; | ||
| 155 | } else ok = 0; | ||
| 156 | |||
| 157 | err: | ||
| 158 | sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); | ||
| 159 | if(value) OPENSSL_free(value); | ||
| 160 | if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); | ||
| 161 | else method->ext_free(ext_str); | ||
| 162 | return ok; | ||
| 163 | } | ||
| 164 | |||
| 165 | int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) | ||
| 166 | { | ||
| 167 | int i, j; | ||
| 168 | |||
| 169 | if(sk_X509_EXTENSION_num(exts) <= 0) return 1; | ||
| 170 | |||
| 171 | if(title) | ||
| 172 | { | ||
| 173 | BIO_printf(bp,"%*s%s:\n",indent, "", title); | ||
| 174 | indent += 4; | ||
| 175 | } | ||
| 176 | |||
| 177 | for (i=0; i<sk_X509_EXTENSION_num(exts); i++) | ||
| 178 | { | ||
| 179 | ASN1_OBJECT *obj; | ||
| 180 | X509_EXTENSION *ex; | ||
| 181 | ex=sk_X509_EXTENSION_value(exts, i); | ||
| 182 | if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0; | ||
| 183 | obj=X509_EXTENSION_get_object(ex); | ||
| 184 | i2a_ASN1_OBJECT(bp,obj); | ||
| 185 | j=X509_EXTENSION_get_critical(ex); | ||
| 186 | if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) | ||
| 187 | return 0; | ||
| 188 | if(!X509V3_EXT_print(bp, ex, flag, indent + 4)) | ||
| 189 | { | ||
| 190 | BIO_printf(bp, "%*s", indent + 4, ""); | ||
| 191 | M_ASN1_OCTET_STRING_print(bp,ex->value); | ||
| 192 | } | ||
| 193 | if (BIO_write(bp,"\n",1) <= 0) return 0; | ||
| 194 | } | ||
| 195 | return 1; | ||
| 196 | } | ||
| 197 | |||
| 198 | static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported) | ||
| 199 | { | ||
| 200 | switch(flag & X509V3_EXT_UNKNOWN_MASK) { | ||
| 201 | |||
| 202 | case X509V3_EXT_DEFAULT: | ||
| 203 | return 0; | ||
| 204 | |||
| 205 | case X509V3_EXT_ERROR_UNKNOWN: | ||
| 206 | if(supported) | ||
| 207 | BIO_printf(out, "%*s<Parse Error>", indent, ""); | ||
| 208 | else | ||
| 209 | BIO_printf(out, "%*s<Not Supported>", indent, ""); | ||
| 210 | return 1; | ||
| 211 | |||
| 212 | case X509V3_EXT_PARSE_UNKNOWN: | ||
| 213 | return ASN1_parse_dump(out, | ||
| 214 | ext->value->data, ext->value->length, indent, -1); | ||
| 215 | case X509V3_EXT_DUMP_UNKNOWN: | ||
| 216 | return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent); | ||
| 217 | |||
| 218 | default: | ||
| 219 | return 1; | ||
| 220 | } | ||
| 221 | } | ||
| 222 | |||
| 223 | |||
| 224 | #ifndef OPENSSL_NO_FP_API | ||
| 225 | int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) | ||
| 226 | { | ||
| 227 | BIO *bio_tmp; | ||
| 228 | int ret; | ||
| 229 | if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0; | ||
| 230 | ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); | ||
| 231 | BIO_free(bio_tmp); | ||
| 232 | return ret; | ||
| 233 | } | ||
| 234 | #endif | ||
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c deleted file mode 100644 index e18751e01c..0000000000 --- a/src/lib/libcrypto/x509v3/v3_purp.c +++ /dev/null | |||
| @@ -1,663 +0,0 @@ | |||
| 1 | /* v3_purp.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 2001. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/x509v3.h> | ||
| 62 | #include <openssl/x509_vfy.h> | ||
| 63 | |||
| 64 | static void x509v3_cache_extensions(X509 *x); | ||
| 65 | |||
| 66 | static int check_ssl_ca(const X509 *x); | ||
| 67 | static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); | ||
| 68 | static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); | ||
| 69 | static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); | ||
| 70 | static int purpose_smime(const X509 *x, int ca); | ||
| 71 | static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca); | ||
| 72 | static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca); | ||
| 73 | static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca); | ||
| 74 | static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); | ||
| 75 | static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca); | ||
| 76 | |||
| 77 | static int xp_cmp(const X509_PURPOSE * const *a, | ||
| 78 | const X509_PURPOSE * const *b); | ||
| 79 | static void xptable_free(X509_PURPOSE *p); | ||
| 80 | |||
| 81 | static X509_PURPOSE xstandard[] = { | ||
| 82 | {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL}, | ||
| 83 | {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL}, | ||
| 84 | {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, | ||
| 85 | {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, | ||
| 86 | {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, | ||
| 87 | {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, | ||
| 88 | {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL}, | ||
| 89 | {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL}, | ||
| 90 | }; | ||
| 91 | |||
| 92 | #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) | ||
| 93 | |||
| 94 | IMPLEMENT_STACK_OF(X509_PURPOSE) | ||
| 95 | |||
| 96 | static STACK_OF(X509_PURPOSE) *xptable = NULL; | ||
| 97 | |||
| 98 | static int xp_cmp(const X509_PURPOSE * const *a, | ||
| 99 | const X509_PURPOSE * const *b) | ||
| 100 | { | ||
| 101 | return (*a)->purpose - (*b)->purpose; | ||
| 102 | } | ||
| 103 | |||
| 104 | /* As much as I'd like to make X509_check_purpose use a "const" X509* | ||
| 105 | * I really can't because it does recalculate hashes and do other non-const | ||
| 106 | * things. */ | ||
| 107 | int X509_check_purpose(X509 *x, int id, int ca) | ||
| 108 | { | ||
| 109 | int idx; | ||
| 110 | const X509_PURPOSE *pt; | ||
| 111 | if(!(x->ex_flags & EXFLAG_SET)) { | ||
| 112 | CRYPTO_w_lock(CRYPTO_LOCK_X509); | ||
| 113 | x509v3_cache_extensions(x); | ||
| 114 | CRYPTO_w_unlock(CRYPTO_LOCK_X509); | ||
| 115 | } | ||
| 116 | if(id == -1) return 1; | ||
| 117 | idx = X509_PURPOSE_get_by_id(id); | ||
| 118 | if(idx == -1) return -1; | ||
| 119 | pt = X509_PURPOSE_get0(idx); | ||
| 120 | return pt->check_purpose(pt, x, ca); | ||
| 121 | } | ||
| 122 | |||
| 123 | int X509_PURPOSE_set(int *p, int purpose) | ||
| 124 | { | ||
| 125 | if(X509_PURPOSE_get_by_id(purpose) == -1) { | ||
| 126 | X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE); | ||
| 127 | return 0; | ||
| 128 | } | ||
| 129 | *p = purpose; | ||
| 130 | return 1; | ||
| 131 | } | ||
| 132 | |||
| 133 | int X509_PURPOSE_get_count(void) | ||
| 134 | { | ||
| 135 | if(!xptable) return X509_PURPOSE_COUNT; | ||
| 136 | return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; | ||
| 137 | } | ||
| 138 | |||
| 139 | X509_PURPOSE * X509_PURPOSE_get0(int idx) | ||
| 140 | { | ||
| 141 | if(idx < 0) return NULL; | ||
| 142 | if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx; | ||
| 143 | return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); | ||
| 144 | } | ||
| 145 | |||
| 146 | int X509_PURPOSE_get_by_sname(char *sname) | ||
| 147 | { | ||
| 148 | int i; | ||
| 149 | X509_PURPOSE *xptmp; | ||
| 150 | for(i = 0; i < X509_PURPOSE_get_count(); i++) { | ||
| 151 | xptmp = X509_PURPOSE_get0(i); | ||
| 152 | if(!strcmp(xptmp->sname, sname)) return i; | ||
| 153 | } | ||
| 154 | return -1; | ||
| 155 | } | ||
| 156 | |||
| 157 | int X509_PURPOSE_get_by_id(int purpose) | ||
| 158 | { | ||
| 159 | X509_PURPOSE tmp; | ||
| 160 | int idx; | ||
| 161 | if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) | ||
| 162 | return purpose - X509_PURPOSE_MIN; | ||
| 163 | tmp.purpose = purpose; | ||
| 164 | if(!xptable) return -1; | ||
| 165 | idx = sk_X509_PURPOSE_find(xptable, &tmp); | ||
| 166 | if(idx == -1) return -1; | ||
| 167 | return idx + X509_PURPOSE_COUNT; | ||
| 168 | } | ||
| 169 | |||
| 170 | int X509_PURPOSE_add(int id, int trust, int flags, | ||
| 171 | int (*ck)(const X509_PURPOSE *, const X509 *, int), | ||
| 172 | char *name, char *sname, void *arg) | ||
| 173 | { | ||
| 174 | int idx; | ||
| 175 | X509_PURPOSE *ptmp; | ||
| 176 | /* This is set according to what we change: application can't set it */ | ||
| 177 | flags &= ~X509_PURPOSE_DYNAMIC; | ||
| 178 | /* This will always be set for application modified trust entries */ | ||
| 179 | flags |= X509_PURPOSE_DYNAMIC_NAME; | ||
| 180 | /* Get existing entry if any */ | ||
| 181 | idx = X509_PURPOSE_get_by_id(id); | ||
| 182 | /* Need a new entry */ | ||
| 183 | if(idx == -1) { | ||
| 184 | if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { | ||
| 185 | X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); | ||
| 186 | return 0; | ||
| 187 | } | ||
| 188 | ptmp->flags = X509_PURPOSE_DYNAMIC; | ||
| 189 | } else ptmp = X509_PURPOSE_get0(idx); | ||
| 190 | |||
| 191 | /* OPENSSL_free existing name if dynamic */ | ||
| 192 | if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { | ||
| 193 | OPENSSL_free(ptmp->name); | ||
| 194 | OPENSSL_free(ptmp->sname); | ||
| 195 | } | ||
| 196 | /* dup supplied name */ | ||
| 197 | ptmp->name = BUF_strdup(name); | ||
| 198 | ptmp->sname = BUF_strdup(sname); | ||
| 199 | if(!ptmp->name || !ptmp->sname) { | ||
| 200 | X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); | ||
| 201 | return 0; | ||
| 202 | } | ||
| 203 | /* Keep the dynamic flag of existing entry */ | ||
| 204 | ptmp->flags &= X509_PURPOSE_DYNAMIC; | ||
| 205 | /* Set all other flags */ | ||
| 206 | ptmp->flags |= flags; | ||
| 207 | |||
| 208 | ptmp->purpose = id; | ||
| 209 | ptmp->trust = trust; | ||
| 210 | ptmp->check_purpose = ck; | ||
| 211 | ptmp->usr_data = arg; | ||
| 212 | |||
| 213 | /* If its a new entry manage the dynamic table */ | ||
| 214 | if(idx == -1) { | ||
| 215 | if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { | ||
| 216 | X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); | ||
| 217 | return 0; | ||
| 218 | } | ||
| 219 | if (!sk_X509_PURPOSE_push(xptable, ptmp)) { | ||
| 220 | X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); | ||
| 221 | return 0; | ||
| 222 | } | ||
| 223 | } | ||
| 224 | return 1; | ||
| 225 | } | ||
| 226 | |||
| 227 | static void xptable_free(X509_PURPOSE *p) | ||
| 228 | { | ||
| 229 | if(!p) return; | ||
| 230 | if (p->flags & X509_PURPOSE_DYNAMIC) | ||
| 231 | { | ||
| 232 | if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { | ||
| 233 | OPENSSL_free(p->name); | ||
| 234 | OPENSSL_free(p->sname); | ||
| 235 | } | ||
| 236 | OPENSSL_free(p); | ||
| 237 | } | ||
| 238 | } | ||
| 239 | |||
| 240 | void X509_PURPOSE_cleanup(void) | ||
| 241 | { | ||
| 242 | unsigned int i; | ||
| 243 | sk_X509_PURPOSE_pop_free(xptable, xptable_free); | ||
| 244 | for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); | ||
| 245 | xptable = NULL; | ||
| 246 | } | ||
| 247 | |||
| 248 | int X509_PURPOSE_get_id(X509_PURPOSE *xp) | ||
| 249 | { | ||
| 250 | return xp->purpose; | ||
| 251 | } | ||
| 252 | |||
| 253 | char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) | ||
| 254 | { | ||
| 255 | return xp->name; | ||
| 256 | } | ||
| 257 | |||
| 258 | char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) | ||
| 259 | { | ||
| 260 | return xp->sname; | ||
| 261 | } | ||
| 262 | |||
| 263 | int X509_PURPOSE_get_trust(X509_PURPOSE *xp) | ||
| 264 | { | ||
| 265 | return xp->trust; | ||
| 266 | } | ||
| 267 | |||
| 268 | static int nid_cmp(int *a, int *b) | ||
| 269 | { | ||
| 270 | return *a - *b; | ||
| 271 | } | ||
| 272 | |||
| 273 | int X509_supported_extension(X509_EXTENSION *ex) | ||
| 274 | { | ||
| 275 | /* This table is a list of the NIDs of supported extensions: | ||
| 276 | * that is those which are used by the verify process. If | ||
| 277 | * an extension is critical and doesn't appear in this list | ||
| 278 | * then the verify process will normally reject the certificate. | ||
| 279 | * The list must be kept in numerical order because it will be | ||
| 280 | * searched using bsearch. | ||
| 281 | */ | ||
| 282 | |||
| 283 | static int supported_nids[] = { | ||
| 284 | NID_netscape_cert_type, /* 71 */ | ||
| 285 | NID_key_usage, /* 83 */ | ||
| 286 | NID_subject_alt_name, /* 85 */ | ||
| 287 | NID_basic_constraints, /* 87 */ | ||
| 288 | NID_certificate_policies, /* 89 */ | ||
| 289 | NID_ext_key_usage, /* 126 */ | ||
| 290 | #ifndef OPENSSL_NO_RFC3779 | ||
| 291 | NID_sbgp_ipAddrBlock, /* 290 */ | ||
| 292 | NID_sbgp_autonomousSysNum, /* 291 */ | ||
| 293 | #endif | ||
| 294 | NID_policy_constraints, /* 401 */ | ||
| 295 | NID_proxyCertInfo, /* 661 */ | ||
| 296 | NID_inhibit_any_policy /* 748 */ | ||
| 297 | }; | ||
| 298 | |||
| 299 | int ex_nid; | ||
| 300 | |||
| 301 | ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); | ||
| 302 | |||
| 303 | if (ex_nid == NID_undef) | ||
| 304 | return 0; | ||
| 305 | |||
| 306 | if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids, | ||
| 307 | sizeof(supported_nids)/sizeof(int), sizeof(int), | ||
| 308 | (int (*)(const void *, const void *))nid_cmp)) | ||
| 309 | return 1; | ||
| 310 | return 0; | ||
| 311 | } | ||
| 312 | |||
| 313 | |||
| 314 | static void x509v3_cache_extensions(X509 *x) | ||
| 315 | { | ||
| 316 | BASIC_CONSTRAINTS *bs; | ||
| 317 | PROXY_CERT_INFO_EXTENSION *pci; | ||
| 318 | ASN1_BIT_STRING *usage; | ||
| 319 | ASN1_BIT_STRING *ns; | ||
| 320 | EXTENDED_KEY_USAGE *extusage; | ||
| 321 | X509_EXTENSION *ex; | ||
| 322 | |||
| 323 | int i; | ||
| 324 | if(x->ex_flags & EXFLAG_SET) return; | ||
| 325 | #ifndef OPENSSL_NO_SHA | ||
| 326 | X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); | ||
| 327 | #endif | ||
| 328 | /* Does subject name match issuer ? */ | ||
| 329 | if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) | ||
| 330 | x->ex_flags |= EXFLAG_SI; | ||
| 331 | /* V1 should mean no extensions ... */ | ||
| 332 | if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; | ||
| 333 | /* Handle basic constraints */ | ||
| 334 | if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { | ||
| 335 | if(bs->ca) x->ex_flags |= EXFLAG_CA; | ||
| 336 | if(bs->pathlen) { | ||
| 337 | if((bs->pathlen->type == V_ASN1_NEG_INTEGER) | ||
| 338 | || !bs->ca) { | ||
| 339 | x->ex_flags |= EXFLAG_INVALID; | ||
| 340 | x->ex_pathlen = 0; | ||
| 341 | } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); | ||
| 342 | } else x->ex_pathlen = -1; | ||
| 343 | BASIC_CONSTRAINTS_free(bs); | ||
| 344 | x->ex_flags |= EXFLAG_BCONS; | ||
| 345 | } | ||
| 346 | /* Handle proxy certificates */ | ||
| 347 | if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { | ||
| 348 | if (x->ex_flags & EXFLAG_CA | ||
| 349 | || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 | ||
| 350 | || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { | ||
| 351 | x->ex_flags |= EXFLAG_INVALID; | ||
| 352 | } | ||
| 353 | if (pci->pcPathLengthConstraint) { | ||
| 354 | x->ex_pcpathlen = | ||
| 355 | ASN1_INTEGER_get(pci->pcPathLengthConstraint); | ||
| 356 | } else x->ex_pcpathlen = -1; | ||
| 357 | PROXY_CERT_INFO_EXTENSION_free(pci); | ||
| 358 | x->ex_flags |= EXFLAG_PROXY; | ||
| 359 | } | ||
| 360 | /* Handle key usage */ | ||
| 361 | if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { | ||
| 362 | if(usage->length > 0) { | ||
| 363 | x->ex_kusage = usage->data[0]; | ||
| 364 | if(usage->length > 1) | ||
| 365 | x->ex_kusage |= usage->data[1] << 8; | ||
| 366 | } else x->ex_kusage = 0; | ||
| 367 | x->ex_flags |= EXFLAG_KUSAGE; | ||
| 368 | ASN1_BIT_STRING_free(usage); | ||
| 369 | } | ||
| 370 | x->ex_xkusage = 0; | ||
| 371 | if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { | ||
| 372 | x->ex_flags |= EXFLAG_XKUSAGE; | ||
| 373 | for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { | ||
| 374 | switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) { | ||
| 375 | case NID_server_auth: | ||
| 376 | x->ex_xkusage |= XKU_SSL_SERVER; | ||
| 377 | break; | ||
| 378 | |||
| 379 | case NID_client_auth: | ||
| 380 | x->ex_xkusage |= XKU_SSL_CLIENT; | ||
| 381 | break; | ||
| 382 | |||
| 383 | case NID_email_protect: | ||
| 384 | x->ex_xkusage |= XKU_SMIME; | ||
| 385 | break; | ||
| 386 | |||
| 387 | case NID_code_sign: | ||
| 388 | x->ex_xkusage |= XKU_CODE_SIGN; | ||
| 389 | break; | ||
| 390 | |||
| 391 | case NID_ms_sgc: | ||
| 392 | case NID_ns_sgc: | ||
| 393 | x->ex_xkusage |= XKU_SGC; | ||
| 394 | break; | ||
| 395 | |||
| 396 | case NID_OCSP_sign: | ||
| 397 | x->ex_xkusage |= XKU_OCSP_SIGN; | ||
| 398 | break; | ||
| 399 | |||
| 400 | case NID_time_stamp: | ||
| 401 | x->ex_xkusage |= XKU_TIMESTAMP; | ||
| 402 | break; | ||
| 403 | |||
| 404 | case NID_dvcs: | ||
| 405 | x->ex_xkusage |= XKU_DVCS; | ||
| 406 | break; | ||
| 407 | } | ||
| 408 | } | ||
| 409 | sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); | ||
| 410 | } | ||
| 411 | |||
| 412 | if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { | ||
| 413 | if(ns->length > 0) x->ex_nscert = ns->data[0]; | ||
| 414 | else x->ex_nscert = 0; | ||
| 415 | x->ex_flags |= EXFLAG_NSCERT; | ||
| 416 | ASN1_BIT_STRING_free(ns); | ||
| 417 | } | ||
| 418 | x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); | ||
| 419 | x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); | ||
| 420 | #ifndef OPENSSL_NO_RFC3779 | ||
| 421 | x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); | ||
| 422 | x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, | ||
| 423 | NULL, NULL); | ||
| 424 | #endif | ||
| 425 | for (i = 0; i < X509_get_ext_count(x); i++) | ||
| 426 | { | ||
| 427 | ex = X509_get_ext(x, i); | ||
| 428 | if (!X509_EXTENSION_get_critical(ex)) | ||
| 429 | continue; | ||
| 430 | if (!X509_supported_extension(ex)) | ||
| 431 | { | ||
| 432 | x->ex_flags |= EXFLAG_CRITICAL; | ||
| 433 | break; | ||
| 434 | } | ||
| 435 | } | ||
| 436 | x->ex_flags |= EXFLAG_SET; | ||
| 437 | } | ||
| 438 | |||
| 439 | /* CA checks common to all purposes | ||
| 440 | * return codes: | ||
| 441 | * 0 not a CA | ||
| 442 | * 1 is a CA | ||
| 443 | * 2 basicConstraints absent so "maybe" a CA | ||
| 444 | * 3 basicConstraints absent but self signed V1. | ||
| 445 | * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. | ||
| 446 | */ | ||
| 447 | |||
| 448 | #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) | ||
| 449 | #define ku_reject(x, usage) \ | ||
| 450 | (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) | ||
| 451 | #define xku_reject(x, usage) \ | ||
| 452 | (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) | ||
| 453 | #define ns_reject(x, usage) \ | ||
| 454 | (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) | ||
| 455 | |||
| 456 | static int check_ca(const X509 *x) | ||
| 457 | { | ||
| 458 | /* keyUsage if present should allow cert signing */ | ||
| 459 | if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; | ||
| 460 | if(x->ex_flags & EXFLAG_BCONS) { | ||
| 461 | if(x->ex_flags & EXFLAG_CA) return 1; | ||
| 462 | /* If basicConstraints says not a CA then say so */ | ||
| 463 | else return 0; | ||
| 464 | } else { | ||
| 465 | /* we support V1 roots for... uh, I don't really know why. */ | ||
| 466 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; | ||
| 467 | /* If key usage present it must have certSign so tolerate it */ | ||
| 468 | else if (x->ex_flags & EXFLAG_KUSAGE) return 4; | ||
| 469 | /* Older certificates could have Netscape-specific CA types */ | ||
| 470 | else if (x->ex_flags & EXFLAG_NSCERT | ||
| 471 | && x->ex_nscert & NS_ANY_CA) return 5; | ||
| 472 | /* can this still be regarded a CA certificate? I doubt it */ | ||
| 473 | return 0; | ||
| 474 | } | ||
| 475 | } | ||
| 476 | |||
| 477 | int X509_check_ca(X509 *x) | ||
| 478 | { | ||
| 479 | if(!(x->ex_flags & EXFLAG_SET)) { | ||
| 480 | CRYPTO_w_lock(CRYPTO_LOCK_X509); | ||
| 481 | x509v3_cache_extensions(x); | ||
| 482 | CRYPTO_w_unlock(CRYPTO_LOCK_X509); | ||
| 483 | } | ||
| 484 | |||
| 485 | return check_ca(x); | ||
| 486 | } | ||
| 487 | |||
| 488 | /* Check SSL CA: common checks for SSL client and server */ | ||
| 489 | static int check_ssl_ca(const X509 *x) | ||
| 490 | { | ||
| 491 | int ca_ret; | ||
| 492 | ca_ret = check_ca(x); | ||
| 493 | if(!ca_ret) return 0; | ||
| 494 | /* check nsCertType if present */ | ||
| 495 | if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret; | ||
| 496 | else return 0; | ||
| 497 | } | ||
| 498 | |||
| 499 | |||
| 500 | static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 501 | { | ||
| 502 | if(xku_reject(x,XKU_SSL_CLIENT)) return 0; | ||
| 503 | if(ca) return check_ssl_ca(x); | ||
| 504 | /* We need to do digital signatures with it */ | ||
| 505 | if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; | ||
| 506 | /* nsCertType if present should allow SSL client use */ | ||
| 507 | if(ns_reject(x, NS_SSL_CLIENT)) return 0; | ||
| 508 | return 1; | ||
| 509 | } | ||
| 510 | |||
| 511 | static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 512 | { | ||
| 513 | if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; | ||
| 514 | if(ca) return check_ssl_ca(x); | ||
| 515 | |||
| 516 | if(ns_reject(x, NS_SSL_SERVER)) return 0; | ||
| 517 | /* Now as for keyUsage: we'll at least need to sign OR encipher */ | ||
| 518 | if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0; | ||
| 519 | |||
| 520 | return 1; | ||
| 521 | |||
| 522 | } | ||
| 523 | |||
| 524 | static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 525 | { | ||
| 526 | int ret; | ||
| 527 | ret = check_purpose_ssl_server(xp, x, ca); | ||
| 528 | if(!ret || ca) return ret; | ||
| 529 | /* We need to encipher or Netscape complains */ | ||
| 530 | if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; | ||
| 531 | return ret; | ||
| 532 | } | ||
| 533 | |||
| 534 | /* common S/MIME checks */ | ||
| 535 | static int purpose_smime(const X509 *x, int ca) | ||
| 536 | { | ||
| 537 | if(xku_reject(x,XKU_SMIME)) return 0; | ||
| 538 | if(ca) { | ||
| 539 | int ca_ret; | ||
| 540 | ca_ret = check_ca(x); | ||
| 541 | if(!ca_ret) return 0; | ||
| 542 | /* check nsCertType if present */ | ||
| 543 | if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret; | ||
| 544 | else return 0; | ||
| 545 | } | ||
| 546 | if(x->ex_flags & EXFLAG_NSCERT) { | ||
| 547 | if(x->ex_nscert & NS_SMIME) return 1; | ||
| 548 | /* Workaround for some buggy certificates */ | ||
| 549 | if(x->ex_nscert & NS_SSL_CLIENT) return 2; | ||
| 550 | return 0; | ||
| 551 | } | ||
| 552 | return 1; | ||
| 553 | } | ||
| 554 | |||
| 555 | static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 556 | { | ||
| 557 | int ret; | ||
| 558 | ret = purpose_smime(x, ca); | ||
| 559 | if(!ret || ca) return ret; | ||
| 560 | if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0; | ||
| 561 | return ret; | ||
| 562 | } | ||
| 563 | |||
| 564 | static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 565 | { | ||
| 566 | int ret; | ||
| 567 | ret = purpose_smime(x, ca); | ||
| 568 | if(!ret || ca) return ret; | ||
| 569 | if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; | ||
| 570 | return ret; | ||
| 571 | } | ||
| 572 | |||
| 573 | static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 574 | { | ||
| 575 | if(ca) { | ||
| 576 | int ca_ret; | ||
| 577 | if((ca_ret = check_ca(x)) != 2) return ca_ret; | ||
| 578 | else return 0; | ||
| 579 | } | ||
| 580 | if(ku_reject(x, KU_CRL_SIGN)) return 0; | ||
| 581 | return 1; | ||
| 582 | } | ||
| 583 | |||
| 584 | /* OCSP helper: this is *not* a full OCSP check. It just checks that | ||
| 585 | * each CA is valid. Additional checks must be made on the chain. | ||
| 586 | */ | ||
| 587 | |||
| 588 | static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 589 | { | ||
| 590 | /* Must be a valid CA. Should we really support the "I don't know" | ||
| 591 | value (2)? */ | ||
| 592 | if(ca) return check_ca(x); | ||
| 593 | /* leaf certificate is checked in OCSP_verify() */ | ||
| 594 | return 1; | ||
| 595 | } | ||
| 596 | |||
| 597 | static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 598 | { | ||
| 599 | return 1; | ||
| 600 | } | ||
| 601 | |||
| 602 | /* Various checks to see if one certificate issued the second. | ||
| 603 | * This can be used to prune a set of possible issuer certificates | ||
| 604 | * which have been looked up using some simple method such as by | ||
| 605 | * subject name. | ||
| 606 | * These are: | ||
| 607 | * 1. Check issuer_name(subject) == subject_name(issuer) | ||
| 608 | * 2. If akid(subject) exists check it matches issuer | ||
| 609 | * 3. If key_usage(issuer) exists check it supports certificate signing | ||
| 610 | * returns 0 for OK, positive for reason for mismatch, reasons match | ||
| 611 | * codes for X509_verify_cert() | ||
| 612 | */ | ||
| 613 | |||
| 614 | int X509_check_issued(X509 *issuer, X509 *subject) | ||
| 615 | { | ||
| 616 | if(X509_NAME_cmp(X509_get_subject_name(issuer), | ||
| 617 | X509_get_issuer_name(subject))) | ||
| 618 | return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; | ||
| 619 | x509v3_cache_extensions(issuer); | ||
| 620 | x509v3_cache_extensions(subject); | ||
| 621 | if(subject->akid) { | ||
| 622 | /* Check key ids (if present) */ | ||
| 623 | if(subject->akid->keyid && issuer->skid && | ||
| 624 | ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) ) | ||
| 625 | return X509_V_ERR_AKID_SKID_MISMATCH; | ||
| 626 | /* Check serial number */ | ||
| 627 | if(subject->akid->serial && | ||
| 628 | ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), | ||
| 629 | subject->akid->serial)) | ||
| 630 | return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; | ||
| 631 | /* Check issuer name */ | ||
| 632 | if(subject->akid->issuer) { | ||
| 633 | /* Ugh, for some peculiar reason AKID includes | ||
| 634 | * SEQUENCE OF GeneralName. So look for a DirName. | ||
| 635 | * There may be more than one but we only take any | ||
| 636 | * notice of the first. | ||
| 637 | */ | ||
| 638 | GENERAL_NAMES *gens; | ||
| 639 | GENERAL_NAME *gen; | ||
| 640 | X509_NAME *nm = NULL; | ||
| 641 | int i; | ||
| 642 | gens = subject->akid->issuer; | ||
| 643 | for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { | ||
| 644 | gen = sk_GENERAL_NAME_value(gens, i); | ||
| 645 | if(gen->type == GEN_DIRNAME) { | ||
| 646 | nm = gen->d.dirn; | ||
| 647 | break; | ||
| 648 | } | ||
| 649 | } | ||
| 650 | if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) | ||
| 651 | return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; | ||
| 652 | } | ||
| 653 | } | ||
| 654 | if(subject->ex_flags & EXFLAG_PROXY) | ||
| 655 | { | ||
| 656 | if(ku_reject(issuer, KU_DIGITAL_SIGNATURE)) | ||
| 657 | return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; | ||
| 658 | } | ||
| 659 | else if(ku_reject(issuer, KU_KEY_CERT_SIGN)) | ||
| 660 | return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; | ||
| 661 | return X509_V_OK; | ||
| 662 | } | ||
| 663 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c deleted file mode 100644 index 202c9e4896..0000000000 --- a/src/lib/libcrypto/x509v3/v3_skey.c +++ /dev/null | |||
| @@ -1,144 +0,0 @@ | |||
| 1 | /* v3_skey.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/x509v3.h> | ||
| 63 | |||
| 64 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | ||
| 65 | const X509V3_EXT_METHOD v3_skey_id = { | ||
| 66 | NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), | ||
| 67 | 0,0,0,0, | ||
| 68 | (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, | ||
| 69 | (X509V3_EXT_S2I)s2i_skey_id, | ||
| 70 | 0,0,0,0, | ||
| 71 | NULL}; | ||
| 72 | |||
| 73 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | ||
| 74 | ASN1_OCTET_STRING *oct) | ||
| 75 | { | ||
| 76 | return hex_to_string(oct->data, oct->length); | ||
| 77 | } | ||
| 78 | |||
| 79 | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | ||
| 80 | X509V3_CTX *ctx, char *str) | ||
| 81 | { | ||
| 82 | ASN1_OCTET_STRING *oct; | ||
| 83 | long length; | ||
| 84 | |||
| 85 | if(!(oct = M_ASN1_OCTET_STRING_new())) { | ||
| 86 | X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); | ||
| 87 | return NULL; | ||
| 88 | } | ||
| 89 | |||
| 90 | if(!(oct->data = string_to_hex(str, &length))) { | ||
| 91 | M_ASN1_OCTET_STRING_free(oct); | ||
| 92 | return NULL; | ||
| 93 | } | ||
| 94 | |||
| 95 | oct->length = length; | ||
| 96 | |||
| 97 | return oct; | ||
| 98 | |||
| 99 | } | ||
| 100 | |||
| 101 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | ||
| 102 | X509V3_CTX *ctx, char *str) | ||
| 103 | { | ||
| 104 | ASN1_OCTET_STRING *oct; | ||
| 105 | ASN1_BIT_STRING *pk; | ||
| 106 | unsigned char pkey_dig[EVP_MAX_MD_SIZE]; | ||
| 107 | unsigned int diglen; | ||
| 108 | |||
| 109 | if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); | ||
| 110 | |||
| 111 | if(!(oct = M_ASN1_OCTET_STRING_new())) { | ||
| 112 | X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); | ||
| 113 | return NULL; | ||
| 114 | } | ||
| 115 | |||
| 116 | if(ctx && (ctx->flags == CTX_TEST)) return oct; | ||
| 117 | |||
| 118 | if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { | ||
| 119 | X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); | ||
| 120 | goto err; | ||
| 121 | } | ||
| 122 | |||
| 123 | if(ctx->subject_req) | ||
| 124 | pk = ctx->subject_req->req_info->pubkey->public_key; | ||
| 125 | else pk = ctx->subject_cert->cert_info->key->public_key; | ||
| 126 | |||
| 127 | if(!pk) { | ||
| 128 | X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); | ||
| 129 | goto err; | ||
| 130 | } | ||
| 131 | |||
| 132 | EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); | ||
| 133 | |||
| 134 | if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { | ||
| 135 | X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); | ||
| 136 | goto err; | ||
| 137 | } | ||
| 138 | |||
| 139 | return oct; | ||
| 140 | |||
| 141 | err: | ||
| 142 | M_ASN1_OCTET_STRING_free(oct); | ||
| 143 | return NULL; | ||
| 144 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c deleted file mode 100644 index 2a6bf11b65..0000000000 --- a/src/lib/libcrypto/x509v3/v3_sxnet.c +++ /dev/null | |||
| @@ -1,262 +0,0 @@ | |||
| 1 | /* v3_sxnet.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include <openssl/conf.h> | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/asn1t.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | /* Support for Thawte strong extranet extension */ | ||
| 67 | |||
| 68 | #define SXNET_TEST | ||
| 69 | |||
| 70 | static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent); | ||
| 71 | #ifdef SXNET_TEST | ||
| 72 | static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | ||
| 73 | STACK_OF(CONF_VALUE) *nval); | ||
| 74 | #endif | ||
| 75 | const X509V3_EXT_METHOD v3_sxnet = { | ||
| 76 | NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), | ||
| 77 | 0,0,0,0, | ||
| 78 | 0,0, | ||
| 79 | 0, | ||
| 80 | #ifdef SXNET_TEST | ||
| 81 | (X509V3_EXT_V2I)sxnet_v2i, | ||
| 82 | #else | ||
| 83 | 0, | ||
| 84 | #endif | ||
| 85 | (X509V3_EXT_I2R)sxnet_i2r, | ||
| 86 | 0, | ||
| 87 | NULL | ||
| 88 | }; | ||
| 89 | |||
| 90 | ASN1_SEQUENCE(SXNETID) = { | ||
| 91 | ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), | ||
| 92 | ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) | ||
| 93 | } ASN1_SEQUENCE_END(SXNETID) | ||
| 94 | |||
| 95 | IMPLEMENT_ASN1_FUNCTIONS(SXNETID) | ||
| 96 | |||
| 97 | ASN1_SEQUENCE(SXNET) = { | ||
| 98 | ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), | ||
| 99 | ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) | ||
| 100 | } ASN1_SEQUENCE_END(SXNET) | ||
| 101 | |||
| 102 | IMPLEMENT_ASN1_FUNCTIONS(SXNET) | ||
| 103 | |||
| 104 | static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, | ||
| 105 | int indent) | ||
| 106 | { | ||
| 107 | long v; | ||
| 108 | char *tmp; | ||
| 109 | SXNETID *id; | ||
| 110 | int i; | ||
| 111 | v = ASN1_INTEGER_get(sx->version); | ||
| 112 | BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); | ||
| 113 | for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { | ||
| 114 | id = sk_SXNETID_value(sx->ids, i); | ||
| 115 | tmp = i2s_ASN1_INTEGER(NULL, id->zone); | ||
| 116 | BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); | ||
| 117 | OPENSSL_free(tmp); | ||
| 118 | M_ASN1_OCTET_STRING_print(out, id->user); | ||
| 119 | } | ||
| 120 | return 1; | ||
| 121 | } | ||
| 122 | |||
| 123 | #ifdef SXNET_TEST | ||
| 124 | |||
| 125 | /* NBB: this is used for testing only. It should *not* be used for anything | ||
| 126 | * else because it will just take static IDs from the configuration file and | ||
| 127 | * they should really be separate values for each user. | ||
| 128 | */ | ||
| 129 | |||
| 130 | |||
| 131 | static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | ||
| 132 | STACK_OF(CONF_VALUE) *nval) | ||
| 133 | { | ||
| 134 | CONF_VALUE *cnf; | ||
| 135 | SXNET *sx = NULL; | ||
| 136 | int i; | ||
| 137 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
| 138 | cnf = sk_CONF_VALUE_value(nval, i); | ||
| 139 | if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) | ||
| 140 | return NULL; | ||
| 141 | } | ||
| 142 | return sx; | ||
| 143 | } | ||
| 144 | |||
| 145 | |||
| 146 | #endif | ||
| 147 | |||
| 148 | /* Strong Extranet utility functions */ | ||
| 149 | |||
| 150 | /* Add an id given the zone as an ASCII number */ | ||
| 151 | |||
| 152 | int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, | ||
| 153 | int userlen) | ||
| 154 | { | ||
| 155 | ASN1_INTEGER *izone = NULL; | ||
| 156 | if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { | ||
| 157 | X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); | ||
| 158 | return 0; | ||
| 159 | } | ||
| 160 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); | ||
| 161 | } | ||
| 162 | |||
| 163 | /* Add an id given the zone as an unsigned long */ | ||
| 164 | |||
| 165 | int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, | ||
| 166 | int userlen) | ||
| 167 | { | ||
| 168 | ASN1_INTEGER *izone = NULL; | ||
| 169 | if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { | ||
| 170 | X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); | ||
| 171 | M_ASN1_INTEGER_free(izone); | ||
| 172 | return 0; | ||
| 173 | } | ||
| 174 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); | ||
| 175 | |||
| 176 | } | ||
| 177 | |||
| 178 | /* Add an id given the zone as an ASN1_INTEGER. | ||
| 179 | * Note this version uses the passed integer and doesn't make a copy so don't | ||
| 180 | * free it up afterwards. | ||
| 181 | */ | ||
| 182 | |||
| 183 | int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, | ||
| 184 | int userlen) | ||
| 185 | { | ||
| 186 | SXNET *sx = NULL; | ||
| 187 | SXNETID *id = NULL; | ||
| 188 | if(!psx || !zone || !user) { | ||
| 189 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT); | ||
| 190 | return 0; | ||
| 191 | } | ||
| 192 | if(userlen == -1) userlen = strlen(user); | ||
| 193 | if(userlen > 64) { | ||
| 194 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG); | ||
| 195 | return 0; | ||
| 196 | } | ||
| 197 | if(!*psx) { | ||
| 198 | if(!(sx = SXNET_new())) goto err; | ||
| 199 | if(!ASN1_INTEGER_set(sx->version, 0)) goto err; | ||
| 200 | *psx = sx; | ||
| 201 | } else sx = *psx; | ||
| 202 | if(SXNET_get_id_INTEGER(sx, zone)) { | ||
| 203 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID); | ||
| 204 | return 0; | ||
| 205 | } | ||
| 206 | |||
| 207 | if(!(id = SXNETID_new())) goto err; | ||
| 208 | if(userlen == -1) userlen = strlen(user); | ||
| 209 | |||
| 210 | if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; | ||
| 211 | if(!sk_SXNETID_push(sx->ids, id)) goto err; | ||
| 212 | id->zone = zone; | ||
| 213 | return 1; | ||
| 214 | |||
| 215 | err: | ||
| 216 | X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE); | ||
| 217 | SXNETID_free(id); | ||
| 218 | SXNET_free(sx); | ||
| 219 | *psx = NULL; | ||
| 220 | return 0; | ||
| 221 | } | ||
| 222 | |||
| 223 | ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) | ||
| 224 | { | ||
| 225 | ASN1_INTEGER *izone = NULL; | ||
| 226 | ASN1_OCTET_STRING *oct; | ||
| 227 | if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { | ||
| 228 | X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); | ||
| 229 | return NULL; | ||
| 230 | } | ||
| 231 | oct = SXNET_get_id_INTEGER(sx, izone); | ||
| 232 | M_ASN1_INTEGER_free(izone); | ||
| 233 | return oct; | ||
| 234 | } | ||
| 235 | |||
| 236 | ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) | ||
| 237 | { | ||
| 238 | ASN1_INTEGER *izone = NULL; | ||
| 239 | ASN1_OCTET_STRING *oct; | ||
| 240 | if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { | ||
| 241 | X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); | ||
| 242 | M_ASN1_INTEGER_free(izone); | ||
| 243 | return NULL; | ||
| 244 | } | ||
| 245 | oct = SXNET_get_id_INTEGER(sx, izone); | ||
| 246 | M_ASN1_INTEGER_free(izone); | ||
| 247 | return oct; | ||
| 248 | } | ||
| 249 | |||
| 250 | ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) | ||
| 251 | { | ||
| 252 | SXNETID *id; | ||
| 253 | int i; | ||
| 254 | for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { | ||
| 255 | id = sk_SXNETID_value(sx->ids, i); | ||
| 256 | if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; | ||
| 257 | } | ||
| 258 | return NULL; | ||
| 259 | } | ||
| 260 | |||
| 261 | IMPLEMENT_STACK_OF(SXNETID) | ||
| 262 | IMPLEMENT_ASN1_SET_OF(SXNETID) | ||
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c deleted file mode 100644 index 2cb53008e3..0000000000 --- a/src/lib/libcrypto/x509v3/v3_utl.c +++ /dev/null | |||
| @@ -1,871 +0,0 @@ | |||
| 1 | /* v3_utl.c */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | /* X509 v3 extension utilities */ | ||
| 59 | |||
| 60 | |||
| 61 | #include <stdio.h> | ||
| 62 | #include <ctype.h> | ||
| 63 | #include "cryptlib.h" | ||
| 64 | #include <openssl/conf.h> | ||
| 65 | #include <openssl/x509v3.h> | ||
| 66 | #include <openssl/bn.h> | ||
| 67 | |||
| 68 | static char *strip_spaces(char *name); | ||
| 69 | static int sk_strcmp(const char * const *a, const char * const *b); | ||
| 70 | static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); | ||
| 71 | static void str_free(void *str); | ||
| 72 | static int append_ia5(STACK **sk, ASN1_IA5STRING *email); | ||
| 73 | |||
| 74 | static int ipv4_from_asc(unsigned char *v4, const char *in); | ||
| 75 | static int ipv6_from_asc(unsigned char *v6, const char *in); | ||
| 76 | static int ipv6_cb(const char *elem, int len, void *usr); | ||
| 77 | static int ipv6_hex(unsigned char *out, const char *in, int inlen); | ||
| 78 | |||
| 79 | /* Add a CONF_VALUE name value pair to stack */ | ||
| 80 | |||
| 81 | int X509V3_add_value(const char *name, const char *value, | ||
| 82 | STACK_OF(CONF_VALUE) **extlist) | ||
| 83 | { | ||
| 84 | CONF_VALUE *vtmp = NULL; | ||
| 85 | char *tname = NULL, *tvalue = NULL; | ||
| 86 | if(name && !(tname = BUF_strdup(name))) goto err; | ||
| 87 | if(value && !(tvalue = BUF_strdup(value))) goto err; | ||
| 88 | if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err; | ||
| 89 | if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; | ||
| 90 | vtmp->section = NULL; | ||
| 91 | vtmp->name = tname; | ||
| 92 | vtmp->value = tvalue; | ||
| 93 | if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err; | ||
| 94 | return 1; | ||
| 95 | err: | ||
| 96 | X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); | ||
| 97 | if(vtmp) OPENSSL_free(vtmp); | ||
| 98 | if(tname) OPENSSL_free(tname); | ||
| 99 | if(tvalue) OPENSSL_free(tvalue); | ||
| 100 | return 0; | ||
| 101 | } | ||
| 102 | |||
| 103 | int X509V3_add_value_uchar(const char *name, const unsigned char *value, | ||
| 104 | STACK_OF(CONF_VALUE) **extlist) | ||
| 105 | { | ||
| 106 | return X509V3_add_value(name,(const char *)value,extlist); | ||
| 107 | } | ||
| 108 | |||
| 109 | /* Free function for STACK_OF(CONF_VALUE) */ | ||
| 110 | |||
| 111 | void X509V3_conf_free(CONF_VALUE *conf) | ||
| 112 | { | ||
| 113 | if(!conf) return; | ||
| 114 | if(conf->name) OPENSSL_free(conf->name); | ||
| 115 | if(conf->value) OPENSSL_free(conf->value); | ||
| 116 | if(conf->section) OPENSSL_free(conf->section); | ||
| 117 | OPENSSL_free(conf); | ||
| 118 | } | ||
| 119 | |||
| 120 | int X509V3_add_value_bool(const char *name, int asn1_bool, | ||
| 121 | STACK_OF(CONF_VALUE) **extlist) | ||
| 122 | { | ||
| 123 | if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); | ||
| 124 | return X509V3_add_value(name, "FALSE", extlist); | ||
| 125 | } | ||
| 126 | |||
| 127 | int X509V3_add_value_bool_nf(char *name, int asn1_bool, | ||
| 128 | STACK_OF(CONF_VALUE) **extlist) | ||
| 129 | { | ||
| 130 | if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); | ||
| 131 | return 1; | ||
| 132 | } | ||
| 133 | |||
| 134 | |||
| 135 | char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) | ||
| 136 | { | ||
| 137 | BIGNUM *bntmp = NULL; | ||
| 138 | char *strtmp = NULL; | ||
| 139 | if(!a) return NULL; | ||
| 140 | if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || | ||
| 141 | !(strtmp = BN_bn2dec(bntmp)) ) | ||
| 142 | X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); | ||
| 143 | BN_free(bntmp); | ||
| 144 | return strtmp; | ||
| 145 | } | ||
| 146 | |||
| 147 | char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) | ||
| 148 | { | ||
| 149 | BIGNUM *bntmp = NULL; | ||
| 150 | char *strtmp = NULL; | ||
| 151 | if(!a) return NULL; | ||
| 152 | if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || | ||
| 153 | !(strtmp = BN_bn2dec(bntmp)) ) | ||
| 154 | X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); | ||
| 155 | BN_free(bntmp); | ||
| 156 | return strtmp; | ||
| 157 | } | ||
| 158 | |||
| 159 | ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) | ||
| 160 | { | ||
| 161 | BIGNUM *bn = NULL; | ||
| 162 | ASN1_INTEGER *aint; | ||
| 163 | int isneg, ishex; | ||
| 164 | int ret; | ||
| 165 | if (!value) { | ||
| 166 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); | ||
| 167 | return 0; | ||
| 168 | } | ||
| 169 | bn = BN_new(); | ||
| 170 | if (value[0] == '-') { | ||
| 171 | value++; | ||
| 172 | isneg = 1; | ||
| 173 | } else isneg = 0; | ||
| 174 | |||
| 175 | if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { | ||
| 176 | value += 2; | ||
| 177 | ishex = 1; | ||
| 178 | } else ishex = 0; | ||
| 179 | |||
| 180 | if (ishex) ret = BN_hex2bn(&bn, value); | ||
| 181 | else ret = BN_dec2bn(&bn, value); | ||
| 182 | |||
| 183 | if (!ret || value[ret]) { | ||
| 184 | BN_free(bn); | ||
| 185 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); | ||
| 186 | return 0; | ||
| 187 | } | ||
| 188 | |||
| 189 | if (isneg && BN_is_zero(bn)) isneg = 0; | ||
| 190 | |||
| 191 | aint = BN_to_ASN1_INTEGER(bn, NULL); | ||
| 192 | BN_free(bn); | ||
| 193 | if (!aint) { | ||
| 194 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); | ||
| 195 | return 0; | ||
| 196 | } | ||
| 197 | if (isneg) aint->type |= V_ASN1_NEG; | ||
| 198 | return aint; | ||
| 199 | } | ||
| 200 | |||
| 201 | int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, | ||
| 202 | STACK_OF(CONF_VALUE) **extlist) | ||
| 203 | { | ||
| 204 | char *strtmp; | ||
| 205 | int ret; | ||
| 206 | if(!aint) return 1; | ||
| 207 | if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; | ||
| 208 | ret = X509V3_add_value(name, strtmp, extlist); | ||
| 209 | OPENSSL_free(strtmp); | ||
| 210 | return ret; | ||
| 211 | } | ||
| 212 | |||
| 213 | int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) | ||
| 214 | { | ||
| 215 | char *btmp; | ||
| 216 | if(!(btmp = value->value)) goto err; | ||
| 217 | if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") | ||
| 218 | || !strcmp(btmp, "Y") || !strcmp(btmp, "y") | ||
| 219 | || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { | ||
| 220 | *asn1_bool = 0xff; | ||
| 221 | return 1; | ||
| 222 | } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") | ||
| 223 | || !strcmp(btmp, "N") || !strcmp(btmp, "n") | ||
| 224 | || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { | ||
| 225 | *asn1_bool = 0; | ||
| 226 | return 1; | ||
| 227 | } | ||
| 228 | err: | ||
| 229 | X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING); | ||
| 230 | X509V3_conf_err(value); | ||
| 231 | return 0; | ||
| 232 | } | ||
| 233 | |||
| 234 | int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) | ||
| 235 | { | ||
| 236 | ASN1_INTEGER *itmp; | ||
| 237 | if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { | ||
| 238 | X509V3_conf_err(value); | ||
| 239 | return 0; | ||
| 240 | } | ||
| 241 | *aint = itmp; | ||
| 242 | return 1; | ||
| 243 | } | ||
| 244 | |||
| 245 | #define HDR_NAME 1 | ||
| 246 | #define HDR_VALUE 2 | ||
| 247 | |||
| 248 | /*#define DEBUG*/ | ||
| 249 | |||
| 250 | STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) | ||
| 251 | { | ||
| 252 | char *p, *q, c; | ||
| 253 | char *ntmp, *vtmp; | ||
| 254 | STACK_OF(CONF_VALUE) *values = NULL; | ||
| 255 | char *linebuf; | ||
| 256 | int state; | ||
| 257 | /* We are going to modify the line so copy it first */ | ||
| 258 | linebuf = BUF_strdup(line); | ||
| 259 | state = HDR_NAME; | ||
| 260 | ntmp = NULL; | ||
| 261 | /* Go through all characters */ | ||
| 262 | for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { | ||
| 263 | |||
| 264 | switch(state) { | ||
| 265 | case HDR_NAME: | ||
| 266 | if(c == ':') { | ||
| 267 | state = HDR_VALUE; | ||
| 268 | *p = 0; | ||
| 269 | ntmp = strip_spaces(q); | ||
| 270 | if(!ntmp) { | ||
| 271 | X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); | ||
| 272 | goto err; | ||
| 273 | } | ||
| 274 | q = p + 1; | ||
| 275 | } else if(c == ',') { | ||
| 276 | *p = 0; | ||
| 277 | ntmp = strip_spaces(q); | ||
| 278 | q = p + 1; | ||
| 279 | #if 0 | ||
| 280 | printf("%s\n", ntmp); | ||
| 281 | #endif | ||
| 282 | if(!ntmp) { | ||
| 283 | X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); | ||
| 284 | goto err; | ||
| 285 | } | ||
| 286 | X509V3_add_value(ntmp, NULL, &values); | ||
| 287 | } | ||
| 288 | break ; | ||
| 289 | |||
| 290 | case HDR_VALUE: | ||
| 291 | if(c == ',') { | ||
| 292 | state = HDR_NAME; | ||
| 293 | *p = 0; | ||
| 294 | vtmp = strip_spaces(q); | ||
| 295 | #if 0 | ||
| 296 | printf("%s\n", ntmp); | ||
| 297 | #endif | ||
| 298 | if(!vtmp) { | ||
| 299 | X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); | ||
| 300 | goto err; | ||
| 301 | } | ||
| 302 | X509V3_add_value(ntmp, vtmp, &values); | ||
| 303 | ntmp = NULL; | ||
| 304 | q = p + 1; | ||
| 305 | } | ||
| 306 | |||
| 307 | } | ||
| 308 | } | ||
| 309 | |||
| 310 | if(state == HDR_VALUE) { | ||
| 311 | vtmp = strip_spaces(q); | ||
| 312 | #if 0 | ||
| 313 | printf("%s=%s\n", ntmp, vtmp); | ||
| 314 | #endif | ||
| 315 | if(!vtmp) { | ||
| 316 | X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); | ||
| 317 | goto err; | ||
| 318 | } | ||
| 319 | X509V3_add_value(ntmp, vtmp, &values); | ||
| 320 | } else { | ||
| 321 | ntmp = strip_spaces(q); | ||
| 322 | #if 0 | ||
| 323 | printf("%s\n", ntmp); | ||
| 324 | #endif | ||
| 325 | if(!ntmp) { | ||
| 326 | X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); | ||
| 327 | goto err; | ||
| 328 | } | ||
| 329 | X509V3_add_value(ntmp, NULL, &values); | ||
| 330 | } | ||
| 331 | OPENSSL_free(linebuf); | ||
| 332 | return values; | ||
| 333 | |||
| 334 | err: | ||
| 335 | OPENSSL_free(linebuf); | ||
| 336 | sk_CONF_VALUE_pop_free(values, X509V3_conf_free); | ||
| 337 | return NULL; | ||
| 338 | |||
| 339 | } | ||
| 340 | |||
| 341 | /* Delete leading and trailing spaces from a string */ | ||
| 342 | static char *strip_spaces(char *name) | ||
| 343 | { | ||
| 344 | char *p, *q; | ||
| 345 | /* Skip over leading spaces */ | ||
| 346 | p = name; | ||
| 347 | while(isspace((unsigned char)*p)) p++; | ||
| 348 | if(!*p) return NULL; | ||
| 349 | q = p + strlen(p) - 1; | ||
| 350 | while((q != p) && isspace((unsigned char)*q)) q--; | ||
| 351 | if(p != q) q[1] = 0; | ||
| 352 | if(!*p) return NULL; | ||
| 353 | return p; | ||
| 354 | } | ||
| 355 | |||
| 356 | /* hex string utilities */ | ||
| 357 | |||
| 358 | /* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its | ||
| 359 | * hex representation | ||
| 360 | * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) | ||
| 361 | */ | ||
| 362 | |||
| 363 | char *hex_to_string(unsigned char *buffer, long len) | ||
| 364 | { | ||
| 365 | char *tmp, *q; | ||
| 366 | unsigned char *p; | ||
| 367 | int i; | ||
| 368 | const static char hexdig[] = "0123456789ABCDEF"; | ||
| 369 | if(!buffer || !len) return NULL; | ||
| 370 | if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { | ||
| 371 | X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); | ||
| 372 | return NULL; | ||
| 373 | } | ||
| 374 | q = tmp; | ||
| 375 | for(i = 0, p = buffer; i < len; i++,p++) { | ||
| 376 | *q++ = hexdig[(*p >> 4) & 0xf]; | ||
| 377 | *q++ = hexdig[*p & 0xf]; | ||
| 378 | *q++ = ':'; | ||
| 379 | } | ||
| 380 | q[-1] = 0; | ||
| 381 | #ifdef CHARSET_EBCDIC | ||
| 382 | ebcdic2ascii(tmp, tmp, q - tmp - 1); | ||
| 383 | #endif | ||
| 384 | |||
| 385 | return tmp; | ||
| 386 | } | ||
| 387 | |||
| 388 | /* Give a string of hex digits convert to | ||
| 389 | * a buffer | ||
| 390 | */ | ||
| 391 | |||
| 392 | unsigned char *string_to_hex(char *str, long *len) | ||
| 393 | { | ||
| 394 | unsigned char *hexbuf, *q; | ||
| 395 | unsigned char ch, cl, *p; | ||
| 396 | if(!str) { | ||
| 397 | X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); | ||
| 398 | return NULL; | ||
| 399 | } | ||
| 400 | if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err; | ||
| 401 | for(p = (unsigned char *)str, q = hexbuf; *p;) { | ||
| 402 | ch = *p++; | ||
| 403 | #ifdef CHARSET_EBCDIC | ||
| 404 | ch = os_toebcdic[ch]; | ||
| 405 | #endif | ||
| 406 | if(ch == ':') continue; | ||
| 407 | cl = *p++; | ||
| 408 | #ifdef CHARSET_EBCDIC | ||
| 409 | cl = os_toebcdic[cl]; | ||
| 410 | #endif | ||
| 411 | if(!cl) { | ||
| 412 | X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); | ||
| 413 | OPENSSL_free(hexbuf); | ||
| 414 | return NULL; | ||
| 415 | } | ||
| 416 | if(isupper(ch)) ch = tolower(ch); | ||
| 417 | if(isupper(cl)) cl = tolower(cl); | ||
| 418 | |||
| 419 | if((ch >= '0') && (ch <= '9')) ch -= '0'; | ||
| 420 | else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10; | ||
| 421 | else goto badhex; | ||
| 422 | |||
| 423 | if((cl >= '0') && (cl <= '9')) cl -= '0'; | ||
| 424 | else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10; | ||
| 425 | else goto badhex; | ||
| 426 | |||
| 427 | *q++ = (ch << 4) | cl; | ||
| 428 | } | ||
| 429 | |||
| 430 | if(len) *len = q - hexbuf; | ||
| 431 | |||
| 432 | return hexbuf; | ||
| 433 | |||
| 434 | err: | ||
| 435 | if(hexbuf) OPENSSL_free(hexbuf); | ||
| 436 | X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); | ||
| 437 | return NULL; | ||
| 438 | |||
| 439 | badhex: | ||
| 440 | OPENSSL_free(hexbuf); | ||
| 441 | X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); | ||
| 442 | return NULL; | ||
| 443 | |||
| 444 | } | ||
| 445 | |||
| 446 | /* V2I name comparison function: returns zero if 'name' matches | ||
| 447 | * cmp or cmp.* | ||
| 448 | */ | ||
| 449 | |||
| 450 | int name_cmp(const char *name, const char *cmp) | ||
| 451 | { | ||
| 452 | int len, ret; | ||
| 453 | char c; | ||
| 454 | len = strlen(cmp); | ||
| 455 | if((ret = strncmp(name, cmp, len))) return ret; | ||
| 456 | c = name[len]; | ||
| 457 | if(!c || (c=='.')) return 0; | ||
| 458 | return 1; | ||
| 459 | } | ||
| 460 | |||
| 461 | static int sk_strcmp(const char * const *a, const char * const *b) | ||
| 462 | { | ||
| 463 | return strcmp(*a, *b); | ||
| 464 | } | ||
| 465 | |||
| 466 | STACK *X509_get1_email(X509 *x) | ||
| 467 | { | ||
| 468 | GENERAL_NAMES *gens; | ||
| 469 | STACK *ret; | ||
| 470 | gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); | ||
| 471 | ret = get_email(X509_get_subject_name(x), gens); | ||
| 472 | sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | ||
| 473 | return ret; | ||
| 474 | } | ||
| 475 | |||
| 476 | STACK *X509_get1_ocsp(X509 *x) | ||
| 477 | { | ||
| 478 | AUTHORITY_INFO_ACCESS *info; | ||
| 479 | STACK *ret = NULL; | ||
| 480 | int i; | ||
| 481 | info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); | ||
| 482 | if (!info) | ||
| 483 | return NULL; | ||
| 484 | for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) | ||
| 485 | { | ||
| 486 | ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); | ||
| 487 | if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) | ||
| 488 | { | ||
| 489 | if (ad->location->type == GEN_URI) | ||
| 490 | { | ||
| 491 | if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier)) | ||
| 492 | break; | ||
| 493 | } | ||
| 494 | } | ||
| 495 | } | ||
| 496 | AUTHORITY_INFO_ACCESS_free(info); | ||
| 497 | return ret; | ||
| 498 | } | ||
| 499 | |||
| 500 | STACK *X509_REQ_get1_email(X509_REQ *x) | ||
| 501 | { | ||
| 502 | GENERAL_NAMES *gens; | ||
| 503 | STACK_OF(X509_EXTENSION) *exts; | ||
| 504 | STACK *ret; | ||
| 505 | exts = X509_REQ_get_extensions(x); | ||
| 506 | gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); | ||
| 507 | ret = get_email(X509_REQ_get_subject_name(x), gens); | ||
| 508 | sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | ||
| 509 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); | ||
| 510 | return ret; | ||
| 511 | } | ||
| 512 | |||
| 513 | |||
| 514 | static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) | ||
| 515 | { | ||
| 516 | STACK *ret = NULL; | ||
| 517 | X509_NAME_ENTRY *ne; | ||
| 518 | ASN1_IA5STRING *email; | ||
| 519 | GENERAL_NAME *gen; | ||
| 520 | int i; | ||
| 521 | /* Now add any email address(es) to STACK */ | ||
| 522 | i = -1; | ||
| 523 | /* First supplied X509_NAME */ | ||
| 524 | while((i = X509_NAME_get_index_by_NID(name, | ||
| 525 | NID_pkcs9_emailAddress, i)) >= 0) { | ||
| 526 | ne = X509_NAME_get_entry(name, i); | ||
| 527 | email = X509_NAME_ENTRY_get_data(ne); | ||
| 528 | if(!append_ia5(&ret, email)) return NULL; | ||
| 529 | } | ||
| 530 | for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) | ||
| 531 | { | ||
| 532 | gen = sk_GENERAL_NAME_value(gens, i); | ||
| 533 | if(gen->type != GEN_EMAIL) continue; | ||
| 534 | if(!append_ia5(&ret, gen->d.ia5)) return NULL; | ||
| 535 | } | ||
| 536 | return ret; | ||
| 537 | } | ||
| 538 | |||
| 539 | static void str_free(void *str) | ||
| 540 | { | ||
| 541 | OPENSSL_free(str); | ||
| 542 | } | ||
| 543 | |||
| 544 | static int append_ia5(STACK **sk, ASN1_IA5STRING *email) | ||
| 545 | { | ||
| 546 | char *emtmp; | ||
| 547 | /* First some sanity checks */ | ||
| 548 | if(email->type != V_ASN1_IA5STRING) return 1; | ||
| 549 | if(!email->data || !email->length) return 1; | ||
| 550 | if(!*sk) *sk = sk_new(sk_strcmp); | ||
| 551 | if(!*sk) return 0; | ||
| 552 | /* Don't add duplicates */ | ||
| 553 | if(sk_find(*sk, (char *)email->data) != -1) return 1; | ||
| 554 | emtmp = BUF_strdup((char *)email->data); | ||
| 555 | if(!emtmp || !sk_push(*sk, emtmp)) { | ||
| 556 | X509_email_free(*sk); | ||
| 557 | *sk = NULL; | ||
| 558 | return 0; | ||
| 559 | } | ||
| 560 | return 1; | ||
| 561 | } | ||
| 562 | |||
| 563 | void X509_email_free(STACK *sk) | ||
| 564 | { | ||
| 565 | sk_pop_free(sk, str_free); | ||
| 566 | } | ||
| 567 | |||
| 568 | /* Convert IP addresses both IPv4 and IPv6 into an | ||
| 569 | * OCTET STRING compatible with RFC3280. | ||
| 570 | */ | ||
| 571 | |||
| 572 | ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) | ||
| 573 | { | ||
| 574 | unsigned char ipout[16]; | ||
| 575 | ASN1_OCTET_STRING *ret; | ||
| 576 | int iplen; | ||
| 577 | |||
| 578 | /* If string contains a ':' assume IPv6 */ | ||
| 579 | |||
| 580 | iplen = a2i_ipadd(ipout, ipasc); | ||
| 581 | |||
| 582 | if (!iplen) | ||
| 583 | return NULL; | ||
| 584 | |||
| 585 | ret = ASN1_OCTET_STRING_new(); | ||
| 586 | if (!ret) | ||
| 587 | return NULL; | ||
| 588 | if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) | ||
| 589 | { | ||
| 590 | ASN1_OCTET_STRING_free(ret); | ||
| 591 | return NULL; | ||
| 592 | } | ||
| 593 | return ret; | ||
| 594 | } | ||
| 595 | |||
| 596 | ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) | ||
| 597 | { | ||
| 598 | ASN1_OCTET_STRING *ret = NULL; | ||
| 599 | unsigned char ipout[32]; | ||
| 600 | char *iptmp = NULL, *p; | ||
| 601 | int iplen1, iplen2; | ||
| 602 | p = strchr(ipasc,'/'); | ||
| 603 | if (!p) | ||
| 604 | return NULL; | ||
| 605 | iptmp = BUF_strdup(ipasc); | ||
| 606 | if (!iptmp) | ||
| 607 | return NULL; | ||
| 608 | p = iptmp + (p - ipasc); | ||
| 609 | *p++ = 0; | ||
| 610 | |||
| 611 | iplen1 = a2i_ipadd(ipout, iptmp); | ||
| 612 | |||
| 613 | if (!iplen1) | ||
| 614 | goto err; | ||
| 615 | |||
| 616 | iplen2 = a2i_ipadd(ipout + iplen1, p); | ||
| 617 | |||
| 618 | OPENSSL_free(iptmp); | ||
| 619 | iptmp = NULL; | ||
| 620 | |||
| 621 | if (!iplen2 || (iplen1 != iplen2)) | ||
| 622 | goto err; | ||
| 623 | |||
| 624 | ret = ASN1_OCTET_STRING_new(); | ||
| 625 | if (!ret) | ||
| 626 | goto err; | ||
| 627 | if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) | ||
| 628 | goto err; | ||
| 629 | |||
| 630 | return ret; | ||
| 631 | |||
| 632 | err: | ||
| 633 | if (iptmp) | ||
| 634 | OPENSSL_free(iptmp); | ||
| 635 | if (ret) | ||
| 636 | ASN1_OCTET_STRING_free(ret); | ||
| 637 | return NULL; | ||
| 638 | } | ||
| 639 | |||
| 640 | |||
| 641 | int a2i_ipadd(unsigned char *ipout, const char *ipasc) | ||
| 642 | { | ||
| 643 | /* If string contains a ':' assume IPv6 */ | ||
| 644 | |||
| 645 | if (strchr(ipasc, ':')) | ||
| 646 | { | ||
| 647 | if (!ipv6_from_asc(ipout, ipasc)) | ||
| 648 | return 0; | ||
| 649 | return 16; | ||
| 650 | } | ||
| 651 | else | ||
| 652 | { | ||
| 653 | if (!ipv4_from_asc(ipout, ipasc)) | ||
| 654 | return 0; | ||
| 655 | return 4; | ||
| 656 | } | ||
| 657 | } | ||
| 658 | |||
| 659 | static int ipv4_from_asc(unsigned char *v4, const char *in) | ||
| 660 | { | ||
| 661 | int a0, a1, a2, a3; | ||
| 662 | if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) | ||
| 663 | return 0; | ||
| 664 | if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) | ||
| 665 | || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) | ||
| 666 | return 0; | ||
| 667 | v4[0] = a0; | ||
| 668 | v4[1] = a1; | ||
| 669 | v4[2] = a2; | ||
| 670 | v4[3] = a3; | ||
| 671 | return 1; | ||
| 672 | } | ||
| 673 | |||
| 674 | typedef struct { | ||
| 675 | /* Temporary store for IPV6 output */ | ||
| 676 | unsigned char tmp[16]; | ||
| 677 | /* Total number of bytes in tmp */ | ||
| 678 | int total; | ||
| 679 | /* The position of a zero (corresponding to '::') */ | ||
| 680 | int zero_pos; | ||
| 681 | /* Number of zeroes */ | ||
| 682 | int zero_cnt; | ||
| 683 | } IPV6_STAT; | ||
| 684 | |||
| 685 | |||
| 686 | static int ipv6_from_asc(unsigned char *v6, const char *in) | ||
| 687 | { | ||
| 688 | IPV6_STAT v6stat; | ||
| 689 | v6stat.total = 0; | ||
| 690 | v6stat.zero_pos = -1; | ||
| 691 | v6stat.zero_cnt = 0; | ||
| 692 | /* Treat the IPv6 representation as a list of values | ||
| 693 | * separated by ':'. The presence of a '::' will parse | ||
| 694 | * as one, two or three zero length elements. | ||
| 695 | */ | ||
| 696 | if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) | ||
| 697 | return 0; | ||
| 698 | |||
| 699 | /* Now for some sanity checks */ | ||
| 700 | |||
| 701 | if (v6stat.zero_pos == -1) | ||
| 702 | { | ||
| 703 | /* If no '::' must have exactly 16 bytes */ | ||
| 704 | if (v6stat.total != 16) | ||
| 705 | return 0; | ||
| 706 | } | ||
| 707 | else | ||
| 708 | { | ||
| 709 | /* If '::' must have less than 16 bytes */ | ||
| 710 | if (v6stat.total == 16) | ||
| 711 | return 0; | ||
| 712 | /* More than three zeroes is an error */ | ||
| 713 | if (v6stat.zero_cnt > 3) | ||
| 714 | return 0; | ||
| 715 | /* Can only have three zeroes if nothing else present */ | ||
| 716 | else if (v6stat.zero_cnt == 3) | ||
| 717 | { | ||
| 718 | if (v6stat.total > 0) | ||
| 719 | return 0; | ||
| 720 | } | ||
| 721 | /* Can only have two zeroes if at start or end */ | ||
| 722 | else if (v6stat.zero_cnt == 2) | ||
| 723 | { | ||
| 724 | if ((v6stat.zero_pos != 0) | ||
| 725 | && (v6stat.zero_pos != v6stat.total)) | ||
| 726 | return 0; | ||
| 727 | } | ||
| 728 | else | ||
| 729 | /* Can only have one zero if *not* start or end */ | ||
| 730 | { | ||
| 731 | if ((v6stat.zero_pos == 0) | ||
| 732 | || (v6stat.zero_pos == v6stat.total)) | ||
| 733 | return 0; | ||
| 734 | } | ||
| 735 | } | ||
| 736 | |||
| 737 | /* Format result */ | ||
| 738 | |||
| 739 | if (v6stat.zero_pos >= 0) | ||
| 740 | { | ||
| 741 | /* Copy initial part */ | ||
| 742 | memcpy(v6, v6stat.tmp, v6stat.zero_pos); | ||
| 743 | /* Zero middle */ | ||
| 744 | memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); | ||
| 745 | /* Copy final part */ | ||
| 746 | if (v6stat.total != v6stat.zero_pos) | ||
| 747 | memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, | ||
| 748 | v6stat.tmp + v6stat.zero_pos, | ||
| 749 | v6stat.total - v6stat.zero_pos); | ||
| 750 | } | ||
| 751 | else | ||
| 752 | memcpy(v6, v6stat.tmp, 16); | ||
| 753 | |||
| 754 | return 1; | ||
| 755 | } | ||
| 756 | |||
| 757 | static int ipv6_cb(const char *elem, int len, void *usr) | ||
| 758 | { | ||
| 759 | IPV6_STAT *s = usr; | ||
| 760 | /* Error if 16 bytes written */ | ||
| 761 | if (s->total == 16) | ||
| 762 | return 0; | ||
| 763 | if (len == 0) | ||
| 764 | { | ||
| 765 | /* Zero length element, corresponds to '::' */ | ||
| 766 | if (s->zero_pos == -1) | ||
| 767 | s->zero_pos = s->total; | ||
| 768 | /* If we've already got a :: its an error */ | ||
| 769 | else if (s->zero_pos != s->total) | ||
| 770 | return 0; | ||
| 771 | s->zero_cnt++; | ||
| 772 | } | ||
| 773 | else | ||
| 774 | { | ||
| 775 | /* If more than 4 characters could be final a.b.c.d form */ | ||
| 776 | if (len > 4) | ||
| 777 | { | ||
| 778 | /* Need at least 4 bytes left */ | ||
| 779 | if (s->total > 12) | ||
| 780 | return 0; | ||
| 781 | /* Must be end of string */ | ||
| 782 | if (elem[len]) | ||
| 783 | return 0; | ||
| 784 | if (!ipv4_from_asc(s->tmp + s->total, elem)) | ||
| 785 | return 0; | ||
| 786 | s->total += 4; | ||
| 787 | } | ||
| 788 | else | ||
| 789 | { | ||
| 790 | if (!ipv6_hex(s->tmp + s->total, elem, len)) | ||
| 791 | return 0; | ||
| 792 | s->total += 2; | ||
| 793 | } | ||
| 794 | } | ||
| 795 | return 1; | ||
| 796 | } | ||
| 797 | |||
| 798 | /* Convert a string of up to 4 hex digits into the corresponding | ||
| 799 | * IPv6 form. | ||
| 800 | */ | ||
| 801 | |||
| 802 | static int ipv6_hex(unsigned char *out, const char *in, int inlen) | ||
| 803 | { | ||
| 804 | unsigned char c; | ||
| 805 | unsigned int num = 0; | ||
| 806 | if (inlen > 4) | ||
| 807 | return 0; | ||
| 808 | while(inlen--) | ||
| 809 | { | ||
| 810 | c = *in++; | ||
| 811 | num <<= 4; | ||
| 812 | if ((c >= '0') && (c <= '9')) | ||
| 813 | num |= c - '0'; | ||
| 814 | else if ((c >= 'A') && (c <= 'F')) | ||
| 815 | num |= c - 'A' + 10; | ||
| 816 | else if ((c >= 'a') && (c <= 'f')) | ||
| 817 | num |= c - 'a' + 10; | ||
| 818 | else | ||
| 819 | return 0; | ||
| 820 | } | ||
| 821 | out[0] = num >> 8; | ||
| 822 | out[1] = num & 0xff; | ||
| 823 | return 1; | ||
| 824 | } | ||
| 825 | |||
| 826 | |||
| 827 | int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, | ||
| 828 | unsigned long chtype) | ||
| 829 | { | ||
| 830 | CONF_VALUE *v; | ||
| 831 | int i, mval; | ||
| 832 | char *p, *type; | ||
| 833 | if (!nm) | ||
| 834 | return 0; | ||
| 835 | |||
| 836 | for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) | ||
| 837 | { | ||
| 838 | v=sk_CONF_VALUE_value(dn_sk,i); | ||
| 839 | type=v->name; | ||
| 840 | /* Skip past any leading X. X: X, etc to allow for | ||
| 841 | * multiple instances | ||
| 842 | */ | ||
| 843 | for(p = type; *p ; p++) | ||
| 844 | #ifndef CHARSET_EBCDIC | ||
| 845 | if ((*p == ':') || (*p == ',') || (*p == '.')) | ||
| 846 | #else | ||
| 847 | if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) | ||
| 848 | #endif | ||
| 849 | { | ||
| 850 | p++; | ||
| 851 | if(*p) type = p; | ||
| 852 | break; | ||
| 853 | } | ||
| 854 | #ifndef CHARSET_EBCDIC | ||
| 855 | if (*type == '+') | ||
| 856 | #else | ||
| 857 | if (*type == os_toascii['+']) | ||
| 858 | #endif | ||
| 859 | { | ||
| 860 | mval = -1; | ||
| 861 | type++; | ||
| 862 | } | ||
| 863 | else | ||
| 864 | mval = 0; | ||
| 865 | if (!X509_NAME_add_entry_by_txt(nm,type, chtype, | ||
| 866 | (unsigned char *) v->value,-1,-1,mval)) | ||
| 867 | return 0; | ||
| 868 | |||
| 869 | } | ||
| 870 | return 1; | ||
| 871 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c deleted file mode 100644 index d538ad8b80..0000000000 --- a/src/lib/libcrypto/x509v3/v3err.c +++ /dev/null | |||
| @@ -1,219 +0,0 @@ | |||
| 1 | /* crypto/x509v3/v3err.c */ | ||
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@OpenSSL.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 61 | #include <stdio.h> | ||
| 62 | #include <openssl/err.h> | ||
| 63 | #include <openssl/x509v3.h> | ||
| 64 | |||
| 65 | /* BEGIN ERROR CODES */ | ||
| 66 | #ifndef OPENSSL_NO_ERR | ||
| 67 | |||
| 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0) | ||
| 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason) | ||
| 70 | |||
| 71 | static ERR_STRING_DATA X509V3_str_functs[]= | ||
| 72 | { | ||
| 73 | {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), "ASIDENTIFIERCHOICE_CANONIZE"}, | ||
| 74 | {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), "ASIDENTIFIERCHOICE_IS_CANONICAL"}, | ||
| 75 | {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, | ||
| 76 | {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, | ||
| 77 | {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, | ||
| 78 | {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, | ||
| 79 | {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, | ||
| 80 | {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, | ||
| 81 | {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, | ||
| 82 | {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, | ||
| 83 | {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, | ||
| 84 | {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, | ||
| 85 | {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, | ||
| 86 | {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"}, | ||
| 87 | {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, | ||
| 88 | {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, | ||
| 89 | {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, | ||
| 90 | {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, | ||
| 91 | {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, | ||
| 92 | {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, | ||
| 93 | {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, | ||
| 94 | {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, | ||
| 95 | {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, | ||
| 96 | {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, | ||
| 97 | {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, | ||
| 98 | {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, | ||
| 99 | {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, | ||
| 100 | {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, | ||
| 101 | {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, | ||
| 102 | {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, | ||
| 103 | {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, | ||
| 104 | {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, | ||
| 105 | {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, | ||
| 106 | {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), "V2I_AUTHORITY_INFO_ACCESS"}, | ||
| 107 | {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, | ||
| 108 | {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, | ||
| 109 | {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, | ||
| 110 | {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, | ||
| 111 | {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, | ||
| 112 | {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, | ||
| 113 | {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, | ||
| 114 | {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, | ||
| 115 | {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, | ||
| 116 | {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, | ||
| 117 | {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, | ||
| 118 | {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, | ||
| 119 | {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), "V3_ADDR_VALIDATE_PATH_INTERNAL"}, | ||
| 120 | {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, | ||
| 121 | {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, | ||
| 122 | {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, | ||
| 123 | {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, | ||
| 124 | {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, | ||
| 125 | {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, | ||
| 126 | {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, | ||
| 127 | {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, | ||
| 128 | {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, | ||
| 129 | {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"}, | ||
| 130 | {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, | ||
| 131 | {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"}, | ||
| 132 | {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, | ||
| 133 | {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"}, | ||
| 134 | {0,NULL} | ||
| 135 | }; | ||
| 136 | |||
| 137 | static ERR_STRING_DATA X509V3_str_reasons[]= | ||
| 138 | { | ||
| 139 | {ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"}, | ||
| 140 | {ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"}, | ||
| 141 | {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"}, | ||
| 142 | {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"}, | ||
| 143 | {ERR_REASON(X509V3_R_DIRNAME_ERROR) ,"dirname error"}, | ||
| 144 | {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"}, | ||
| 145 | {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"}, | ||
| 146 | {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"}, | ||
| 147 | {ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"}, | ||
| 148 | {ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"}, | ||
| 149 | {ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"}, | ||
| 150 | {ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"}, | ||
| 151 | {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"}, | ||
| 152 | {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"}, | ||
| 153 | {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"}, | ||
| 154 | {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"}, | ||
| 155 | {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"}, | ||
| 156 | {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"}, | ||
| 157 | {ERR_REASON(X509V3_R_INVALID_ASNUMBER) ,"invalid asnumber"}, | ||
| 158 | {ERR_REASON(X509V3_R_INVALID_ASRANGE) ,"invalid asrange"}, | ||
| 159 | {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"}, | ||
| 160 | {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"}, | ||
| 161 | {ERR_REASON(X509V3_R_INVALID_INHERITANCE),"invalid inheritance"}, | ||
| 162 | {ERR_REASON(X509V3_R_INVALID_IPADDRESS) ,"invalid ipaddress"}, | ||
| 163 | {ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"}, | ||
| 164 | {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"}, | ||
| 165 | {ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"}, | ||
| 166 | {ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"}, | ||
| 167 | {ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"}, | ||
| 168 | {ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"}, | ||
| 169 | {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"}, | ||
| 170 | {ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"}, | ||
| 171 | {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"}, | ||
| 172 | {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"}, | ||
| 173 | {ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"}, | ||
| 174 | {ERR_REASON(X509V3_R_INVALID_SAFI) ,"invalid safi"}, | ||
| 175 | {ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"}, | ||
| 176 | {ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"}, | ||
| 177 | {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"}, | ||
| 178 | {ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"}, | ||
| 179 | {ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"}, | ||
| 180 | {ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"}, | ||
| 181 | {ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"}, | ||
| 182 | {ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"}, | ||
| 183 | {ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"}, | ||
| 184 | {ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"}, | ||
| 185 | {ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"}, | ||
| 186 | {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"}, | ||
| 187 | {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"}, | ||
| 188 | {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"}, | ||
| 189 | {ERR_REASON(X509V3_R_OTHERNAME_ERROR) ,"othername error"}, | ||
| 190 | {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"}, | ||
| 191 | {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"}, | ||
| 192 | {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"}, | ||
| 193 | {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"}, | ||
| 194 | {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"}, | ||
| 195 | {ERR_REASON(X509V3_R_SECTION_NOT_FOUND) ,"section not found"}, | ||
| 196 | {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"}, | ||
| 197 | {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"}, | ||
| 198 | {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"}, | ||
| 199 | {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"}, | ||
| 200 | {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"}, | ||
| 201 | {ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"}, | ||
| 202 | {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"}, | ||
| 203 | {ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"}, | ||
| 204 | {0,NULL} | ||
| 205 | }; | ||
| 206 | |||
| 207 | #endif | ||
| 208 | |||
| 209 | void ERR_load_X509V3_strings(void) | ||
| 210 | { | ||
| 211 | #ifndef OPENSSL_NO_ERR | ||
| 212 | |||
| 213 | if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) | ||
| 214 | { | ||
| 215 | ERR_load_strings(0,X509V3_str_functs); | ||
| 216 | ERR_load_strings(0,X509V3_str_reasons); | ||
| 217 | } | ||
| 218 | #endif | ||
| 219 | } | ||
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h deleted file mode 100644 index 9ef83da755..0000000000 --- a/src/lib/libcrypto/x509v3/x509v3.h +++ /dev/null | |||
| @@ -1,922 +0,0 @@ | |||
| 1 | /* x509v3.h */ | ||
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | * project 1999. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | #ifndef HEADER_X509V3_H | ||
| 59 | #define HEADER_X509V3_H | ||
| 60 | |||
| 61 | #include <openssl/bio.h> | ||
| 62 | #include <openssl/x509.h> | ||
| 63 | #include <openssl/conf.h> | ||
| 64 | |||
| 65 | #ifdef __cplusplus | ||
| 66 | extern "C" { | ||
| 67 | #endif | ||
| 68 | |||
| 69 | /* Forward reference */ | ||
| 70 | struct v3_ext_method; | ||
| 71 | struct v3_ext_ctx; | ||
| 72 | |||
| 73 | /* Useful typedefs */ | ||
| 74 | |||
| 75 | typedef void * (*X509V3_EXT_NEW)(void); | ||
| 76 | typedef void (*X509V3_EXT_FREE)(void *); | ||
| 77 | typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); | ||
| 78 | typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); | ||
| 79 | typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); | ||
| 80 | typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); | ||
| 81 | typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); | ||
| 82 | typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); | ||
| 83 | typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); | ||
| 84 | typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); | ||
| 85 | |||
| 86 | /* V3 extension structure */ | ||
| 87 | |||
| 88 | struct v3_ext_method { | ||
| 89 | int ext_nid; | ||
| 90 | int ext_flags; | ||
| 91 | /* If this is set the following four fields are ignored */ | ||
| 92 | ASN1_ITEM_EXP *it; | ||
| 93 | /* Old style ASN1 calls */ | ||
| 94 | X509V3_EXT_NEW ext_new; | ||
| 95 | X509V3_EXT_FREE ext_free; | ||
| 96 | X509V3_EXT_D2I d2i; | ||
| 97 | X509V3_EXT_I2D i2d; | ||
| 98 | |||
| 99 | /* The following pair is used for string extensions */ | ||
| 100 | X509V3_EXT_I2S i2s; | ||
| 101 | X509V3_EXT_S2I s2i; | ||
| 102 | |||
| 103 | /* The following pair is used for multi-valued extensions */ | ||
| 104 | X509V3_EXT_I2V i2v; | ||
| 105 | X509V3_EXT_V2I v2i; | ||
| 106 | |||
| 107 | /* The following are used for raw extensions */ | ||
| 108 | X509V3_EXT_I2R i2r; | ||
| 109 | X509V3_EXT_R2I r2i; | ||
| 110 | |||
| 111 | void *usr_data; /* Any extension specific data */ | ||
| 112 | }; | ||
| 113 | |||
| 114 | typedef struct X509V3_CONF_METHOD_st { | ||
| 115 | char * (*get_string)(void *db, char *section, char *value); | ||
| 116 | STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); | ||
| 117 | void (*free_string)(void *db, char * string); | ||
| 118 | void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); | ||
| 119 | } X509V3_CONF_METHOD; | ||
| 120 | |||
| 121 | /* Context specific info */ | ||
| 122 | struct v3_ext_ctx { | ||
| 123 | #define CTX_TEST 0x1 | ||
| 124 | int flags; | ||
| 125 | X509 *issuer_cert; | ||
| 126 | X509 *subject_cert; | ||
| 127 | X509_REQ *subject_req; | ||
| 128 | X509_CRL *crl; | ||
| 129 | X509V3_CONF_METHOD *db_meth; | ||
| 130 | void *db; | ||
| 131 | /* Maybe more here */ | ||
| 132 | }; | ||
| 133 | |||
| 134 | typedef struct v3_ext_method X509V3_EXT_METHOD; | ||
| 135 | |||
| 136 | DECLARE_STACK_OF(X509V3_EXT_METHOD) | ||
| 137 | |||
| 138 | /* ext_flags values */ | ||
| 139 | #define X509V3_EXT_DYNAMIC 0x1 | ||
| 140 | #define X509V3_EXT_CTX_DEP 0x2 | ||
| 141 | #define X509V3_EXT_MULTILINE 0x4 | ||
| 142 | |||
| 143 | typedef BIT_STRING_BITNAME ENUMERATED_NAMES; | ||
| 144 | |||
| 145 | typedef struct BASIC_CONSTRAINTS_st { | ||
| 146 | int ca; | ||
| 147 | ASN1_INTEGER *pathlen; | ||
| 148 | } BASIC_CONSTRAINTS; | ||
| 149 | |||
| 150 | |||
| 151 | typedef struct PKEY_USAGE_PERIOD_st { | ||
| 152 | ASN1_GENERALIZEDTIME *notBefore; | ||
| 153 | ASN1_GENERALIZEDTIME *notAfter; | ||
| 154 | } PKEY_USAGE_PERIOD; | ||
| 155 | |||
| 156 | typedef struct otherName_st { | ||
| 157 | ASN1_OBJECT *type_id; | ||
| 158 | ASN1_TYPE *value; | ||
| 159 | } OTHERNAME; | ||
| 160 | |||
| 161 | typedef struct EDIPartyName_st { | ||
| 162 | ASN1_STRING *nameAssigner; | ||
| 163 | ASN1_STRING *partyName; | ||
| 164 | } EDIPARTYNAME; | ||
| 165 | |||
| 166 | typedef struct GENERAL_NAME_st { | ||
| 167 | |||
| 168 | #define GEN_OTHERNAME 0 | ||
| 169 | #define GEN_EMAIL 1 | ||
| 170 | #define GEN_DNS 2 | ||
| 171 | #define GEN_X400 3 | ||
| 172 | #define GEN_DIRNAME 4 | ||
| 173 | #define GEN_EDIPARTY 5 | ||
| 174 | #define GEN_URI 6 | ||
| 175 | #define GEN_IPADD 7 | ||
| 176 | #define GEN_RID 8 | ||
| 177 | |||
| 178 | int type; | ||
| 179 | union { | ||
| 180 | char *ptr; | ||
| 181 | OTHERNAME *otherName; /* otherName */ | ||
| 182 | ASN1_IA5STRING *rfc822Name; | ||
| 183 | ASN1_IA5STRING *dNSName; | ||
| 184 | ASN1_TYPE *x400Address; | ||
| 185 | X509_NAME *directoryName; | ||
| 186 | EDIPARTYNAME *ediPartyName; | ||
| 187 | ASN1_IA5STRING *uniformResourceIdentifier; | ||
| 188 | ASN1_OCTET_STRING *iPAddress; | ||
| 189 | ASN1_OBJECT *registeredID; | ||
| 190 | |||
| 191 | /* Old names */ | ||
| 192 | ASN1_OCTET_STRING *ip; /* iPAddress */ | ||
| 193 | X509_NAME *dirn; /* dirn */ | ||
| 194 | ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */ | ||
| 195 | ASN1_OBJECT *rid; /* registeredID */ | ||
| 196 | ASN1_TYPE *other; /* x400Address */ | ||
| 197 | } d; | ||
| 198 | } GENERAL_NAME; | ||
| 199 | |||
| 200 | typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; | ||
| 201 | |||
| 202 | typedef struct ACCESS_DESCRIPTION_st { | ||
| 203 | ASN1_OBJECT *method; | ||
| 204 | GENERAL_NAME *location; | ||
| 205 | } ACCESS_DESCRIPTION; | ||
| 206 | |||
| 207 | typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; | ||
| 208 | |||
| 209 | typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; | ||
| 210 | |||
| 211 | DECLARE_STACK_OF(GENERAL_NAME) | ||
| 212 | DECLARE_ASN1_SET_OF(GENERAL_NAME) | ||
| 213 | |||
| 214 | DECLARE_STACK_OF(ACCESS_DESCRIPTION) | ||
| 215 | DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) | ||
| 216 | |||
| 217 | typedef struct DIST_POINT_NAME_st { | ||
| 218 | int type; | ||
| 219 | union { | ||
| 220 | GENERAL_NAMES *fullname; | ||
| 221 | STACK_OF(X509_NAME_ENTRY) *relativename; | ||
| 222 | } name; | ||
| 223 | } DIST_POINT_NAME; | ||
| 224 | |||
| 225 | typedef struct DIST_POINT_st { | ||
| 226 | DIST_POINT_NAME *distpoint; | ||
| 227 | ASN1_BIT_STRING *reasons; | ||
| 228 | GENERAL_NAMES *CRLissuer; | ||
| 229 | } DIST_POINT; | ||
| 230 | |||
| 231 | typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; | ||
| 232 | |||
| 233 | DECLARE_STACK_OF(DIST_POINT) | ||
| 234 | DECLARE_ASN1_SET_OF(DIST_POINT) | ||
| 235 | |||
| 236 | typedef struct AUTHORITY_KEYID_st { | ||
| 237 | ASN1_OCTET_STRING *keyid; | ||
| 238 | GENERAL_NAMES *issuer; | ||
| 239 | ASN1_INTEGER *serial; | ||
| 240 | } AUTHORITY_KEYID; | ||
| 241 | |||
| 242 | /* Strong extranet structures */ | ||
| 243 | |||
| 244 | typedef struct SXNET_ID_st { | ||
| 245 | ASN1_INTEGER *zone; | ||
| 246 | ASN1_OCTET_STRING *user; | ||
| 247 | } SXNETID; | ||
| 248 | |||
| 249 | DECLARE_STACK_OF(SXNETID) | ||
| 250 | DECLARE_ASN1_SET_OF(SXNETID) | ||
| 251 | |||
| 252 | typedef struct SXNET_st { | ||
| 253 | ASN1_INTEGER *version; | ||
| 254 | STACK_OF(SXNETID) *ids; | ||
| 255 | } SXNET; | ||
| 256 | |||
| 257 | typedef struct NOTICEREF_st { | ||
| 258 | ASN1_STRING *organization; | ||
| 259 | STACK_OF(ASN1_INTEGER) *noticenos; | ||
| 260 | } NOTICEREF; | ||
| 261 | |||
| 262 | typedef struct USERNOTICE_st { | ||
| 263 | NOTICEREF *noticeref; | ||
| 264 | ASN1_STRING *exptext; | ||
| 265 | } USERNOTICE; | ||
| 266 | |||
| 267 | typedef struct POLICYQUALINFO_st { | ||
| 268 | ASN1_OBJECT *pqualid; | ||
| 269 | union { | ||
| 270 | ASN1_IA5STRING *cpsuri; | ||
| 271 | USERNOTICE *usernotice; | ||
| 272 | ASN1_TYPE *other; | ||
| 273 | } d; | ||
| 274 | } POLICYQUALINFO; | ||
| 275 | |||
| 276 | DECLARE_STACK_OF(POLICYQUALINFO) | ||
| 277 | DECLARE_ASN1_SET_OF(POLICYQUALINFO) | ||
| 278 | |||
| 279 | typedef struct POLICYINFO_st { | ||
| 280 | ASN1_OBJECT *policyid; | ||
| 281 | STACK_OF(POLICYQUALINFO) *qualifiers; | ||
| 282 | } POLICYINFO; | ||
| 283 | |||
| 284 | typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; | ||
| 285 | |||
| 286 | DECLARE_STACK_OF(POLICYINFO) | ||
| 287 | DECLARE_ASN1_SET_OF(POLICYINFO) | ||
| 288 | |||
| 289 | typedef struct POLICY_MAPPING_st { | ||
| 290 | ASN1_OBJECT *issuerDomainPolicy; | ||
| 291 | ASN1_OBJECT *subjectDomainPolicy; | ||
| 292 | } POLICY_MAPPING; | ||
| 293 | |||
| 294 | DECLARE_STACK_OF(POLICY_MAPPING) | ||
| 295 | |||
| 296 | typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; | ||
| 297 | |||
| 298 | typedef struct GENERAL_SUBTREE_st { | ||
| 299 | GENERAL_NAME *base; | ||
| 300 | ASN1_INTEGER *minimum; | ||
| 301 | ASN1_INTEGER *maximum; | ||
| 302 | } GENERAL_SUBTREE; | ||
| 303 | |||
| 304 | DECLARE_STACK_OF(GENERAL_SUBTREE) | ||
| 305 | |||
| 306 | typedef struct NAME_CONSTRAINTS_st { | ||
| 307 | STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; | ||
| 308 | STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; | ||
| 309 | } NAME_CONSTRAINTS; | ||
| 310 | |||
| 311 | typedef struct POLICY_CONSTRAINTS_st { | ||
| 312 | ASN1_INTEGER *requireExplicitPolicy; | ||
| 313 | ASN1_INTEGER *inhibitPolicyMapping; | ||
| 314 | } POLICY_CONSTRAINTS; | ||
| 315 | |||
| 316 | /* Proxy certificate structures, see RFC 3820 */ | ||
| 317 | typedef struct PROXY_POLICY_st | ||
| 318 | { | ||
| 319 | ASN1_OBJECT *policyLanguage; | ||
| 320 | ASN1_OCTET_STRING *policy; | ||
| 321 | } PROXY_POLICY; | ||
| 322 | |||
| 323 | typedef struct PROXY_CERT_INFO_EXTENSION_st | ||
| 324 | { | ||
| 325 | ASN1_INTEGER *pcPathLengthConstraint; | ||
| 326 | PROXY_POLICY *proxyPolicy; | ||
| 327 | } PROXY_CERT_INFO_EXTENSION; | ||
| 328 | |||
| 329 | DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) | ||
| 330 | DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) | ||
| 331 | |||
| 332 | |||
| 333 | #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ | ||
| 334 | ",name:", val->name, ",value:", val->value); | ||
| 335 | |||
| 336 | #define X509V3_set_ctx_test(ctx) \ | ||
| 337 | X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) | ||
| 338 | #define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; | ||
| 339 | |||
| 340 | #define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ | ||
| 341 | 0,0,0,0, \ | ||
| 342 | 0,0, \ | ||
| 343 | (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ | ||
| 344 | (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ | ||
| 345 | NULL, NULL, \ | ||
| 346 | table} | ||
| 347 | |||
| 348 | #define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ | ||
| 349 | 0,0,0,0, \ | ||
| 350 | (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ | ||
| 351 | (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ | ||
| 352 | 0,0,0,0, \ | ||
| 353 | NULL} | ||
| 354 | |||
| 355 | #define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} | ||
| 356 | |||
| 357 | |||
| 358 | /* X509_PURPOSE stuff */ | ||
| 359 | |||
| 360 | #define EXFLAG_BCONS 0x1 | ||
| 361 | #define EXFLAG_KUSAGE 0x2 | ||
| 362 | #define EXFLAG_XKUSAGE 0x4 | ||
| 363 | #define EXFLAG_NSCERT 0x8 | ||
| 364 | |||
| 365 | #define EXFLAG_CA 0x10 | ||
| 366 | /* Really self issued not necessarily self signed */ | ||
| 367 | #define EXFLAG_SI 0x20 | ||
| 368 | #define EXFLAG_SS 0x20 | ||
| 369 | #define EXFLAG_V1 0x40 | ||
| 370 | #define EXFLAG_INVALID 0x80 | ||
| 371 | #define EXFLAG_SET 0x100 | ||
| 372 | #define EXFLAG_CRITICAL 0x200 | ||
| 373 | #define EXFLAG_PROXY 0x400 | ||
| 374 | |||
| 375 | #define EXFLAG_INVALID_POLICY 0x800 | ||
| 376 | |||
| 377 | #define KU_DIGITAL_SIGNATURE 0x0080 | ||
| 378 | #define KU_NON_REPUDIATION 0x0040 | ||
| 379 | #define KU_KEY_ENCIPHERMENT 0x0020 | ||
| 380 | #define KU_DATA_ENCIPHERMENT 0x0010 | ||
| 381 | #define KU_KEY_AGREEMENT 0x0008 | ||
| 382 | #define KU_KEY_CERT_SIGN 0x0004 | ||
| 383 | #define KU_CRL_SIGN 0x0002 | ||
| 384 | #define KU_ENCIPHER_ONLY 0x0001 | ||
| 385 | #define KU_DECIPHER_ONLY 0x8000 | ||
| 386 | |||
| 387 | #define NS_SSL_CLIENT 0x80 | ||
| 388 | #define NS_SSL_SERVER 0x40 | ||
| 389 | #define NS_SMIME 0x20 | ||
| 390 | #define NS_OBJSIGN 0x10 | ||
| 391 | #define NS_SSL_CA 0x04 | ||
| 392 | #define NS_SMIME_CA 0x02 | ||
| 393 | #define NS_OBJSIGN_CA 0x01 | ||
| 394 | #define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) | ||
| 395 | |||
| 396 | #define XKU_SSL_SERVER 0x1 | ||
| 397 | #define XKU_SSL_CLIENT 0x2 | ||
| 398 | #define XKU_SMIME 0x4 | ||
| 399 | #define XKU_CODE_SIGN 0x8 | ||
| 400 | #define XKU_SGC 0x10 | ||
| 401 | #define XKU_OCSP_SIGN 0x20 | ||
| 402 | #define XKU_TIMESTAMP 0x40 | ||
| 403 | #define XKU_DVCS 0x80 | ||
| 404 | |||
| 405 | #define X509_PURPOSE_DYNAMIC 0x1 | ||
| 406 | #define X509_PURPOSE_DYNAMIC_NAME 0x2 | ||
| 407 | |||
| 408 | typedef struct x509_purpose_st { | ||
| 409 | int purpose; | ||
| 410 | int trust; /* Default trust ID */ | ||
| 411 | int flags; | ||
| 412 | int (*check_purpose)(const struct x509_purpose_st *, | ||
| 413 | const X509 *, int); | ||
| 414 | char *name; | ||
| 415 | char *sname; | ||
| 416 | void *usr_data; | ||
| 417 | } X509_PURPOSE; | ||
| 418 | |||
| 419 | #define X509_PURPOSE_SSL_CLIENT 1 | ||
| 420 | #define X509_PURPOSE_SSL_SERVER 2 | ||
| 421 | #define X509_PURPOSE_NS_SSL_SERVER 3 | ||
| 422 | #define X509_PURPOSE_SMIME_SIGN 4 | ||
| 423 | #define X509_PURPOSE_SMIME_ENCRYPT 5 | ||
| 424 | #define X509_PURPOSE_CRL_SIGN 6 | ||
| 425 | #define X509_PURPOSE_ANY 7 | ||
| 426 | #define X509_PURPOSE_OCSP_HELPER 8 | ||
| 427 | |||
| 428 | #define X509_PURPOSE_MIN 1 | ||
| 429 | #define X509_PURPOSE_MAX 8 | ||
| 430 | |||
| 431 | /* Flags for X509V3_EXT_print() */ | ||
| 432 | |||
| 433 | #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) | ||
| 434 | /* Return error for unknown extensions */ | ||
| 435 | #define X509V3_EXT_DEFAULT 0 | ||
| 436 | /* Print error for unknown extensions */ | ||
| 437 | #define X509V3_EXT_ERROR_UNKNOWN (1L << 16) | ||
| 438 | /* ASN1 parse unknown extensions */ | ||
| 439 | #define X509V3_EXT_PARSE_UNKNOWN (2L << 16) | ||
| 440 | /* BIO_dump unknown extensions */ | ||
| 441 | #define X509V3_EXT_DUMP_UNKNOWN (3L << 16) | ||
| 442 | |||
| 443 | /* Flags for X509V3_add1_i2d */ | ||
| 444 | |||
| 445 | #define X509V3_ADD_OP_MASK 0xfL | ||
| 446 | #define X509V3_ADD_DEFAULT 0L | ||
| 447 | #define X509V3_ADD_APPEND 1L | ||
| 448 | #define X509V3_ADD_REPLACE 2L | ||
| 449 | #define X509V3_ADD_REPLACE_EXISTING 3L | ||
| 450 | #define X509V3_ADD_KEEP_EXISTING 4L | ||
| 451 | #define X509V3_ADD_DELETE 5L | ||
| 452 | #define X509V3_ADD_SILENT 0x10 | ||
| 453 | |||
| 454 | DECLARE_STACK_OF(X509_PURPOSE) | ||
| 455 | |||
| 456 | DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) | ||
| 457 | |||
| 458 | DECLARE_ASN1_FUNCTIONS(SXNET) | ||
| 459 | DECLARE_ASN1_FUNCTIONS(SXNETID) | ||
| 460 | |||
| 461 | int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); | ||
| 462 | int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); | ||
| 463 | int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); | ||
| 464 | |||
| 465 | ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); | ||
| 466 | ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); | ||
| 467 | ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); | ||
| 468 | |||
| 469 | DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) | ||
| 470 | |||
| 471 | DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) | ||
| 472 | |||
| 473 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) | ||
| 474 | |||
| 475 | |||
| 476 | ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | ||
| 477 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 478 | STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | ||
| 479 | ASN1_BIT_STRING *bits, | ||
| 480 | STACK_OF(CONF_VALUE) *extlist); | ||
| 481 | |||
| 482 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); | ||
| 483 | int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); | ||
| 484 | |||
| 485 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) | ||
| 486 | |||
| 487 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, | ||
| 488 | GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); | ||
| 489 | GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, | ||
| 490 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 491 | |||
| 492 | DECLARE_ASN1_FUNCTIONS(OTHERNAME) | ||
| 493 | DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) | ||
| 494 | |||
| 495 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); | ||
| 496 | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | ||
| 497 | |||
| 498 | DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) | ||
| 499 | int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); | ||
| 500 | |||
| 501 | DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) | ||
| 502 | DECLARE_ASN1_FUNCTIONS(POLICYINFO) | ||
| 503 | DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) | ||
| 504 | DECLARE_ASN1_FUNCTIONS(USERNOTICE) | ||
| 505 | DECLARE_ASN1_FUNCTIONS(NOTICEREF) | ||
| 506 | |||
| 507 | DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) | ||
| 508 | DECLARE_ASN1_FUNCTIONS(DIST_POINT) | ||
| 509 | DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) | ||
| 510 | |||
| 511 | DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) | ||
| 512 | DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) | ||
| 513 | |||
| 514 | DECLARE_ASN1_ITEM(POLICY_MAPPING) | ||
| 515 | DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) | ||
| 516 | DECLARE_ASN1_ITEM(POLICY_MAPPINGS) | ||
| 517 | |||
| 518 | DECLARE_ASN1_ITEM(GENERAL_SUBTREE) | ||
| 519 | DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) | ||
| 520 | |||
| 521 | DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) | ||
| 522 | DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) | ||
| 523 | |||
| 524 | DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) | ||
| 525 | DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) | ||
| 526 | |||
| 527 | #ifdef HEADER_CONF_H | ||
| 528 | GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | ||
| 529 | CONF_VALUE *cnf); | ||
| 530 | GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, | ||
| 531 | X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); | ||
| 532 | void X509V3_conf_free(CONF_VALUE *val); | ||
| 533 | |||
| 534 | X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); | ||
| 535 | X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); | ||
| 536 | int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); | ||
| 537 | int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); | ||
| 538 | int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); | ||
| 539 | int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); | ||
| 540 | |||
| 541 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); | ||
| 542 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); | ||
| 543 | int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); | ||
| 544 | int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); | ||
| 545 | int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); | ||
| 546 | |||
| 547 | int X509V3_add_value_bool_nf(char *name, int asn1_bool, | ||
| 548 | STACK_OF(CONF_VALUE) **extlist); | ||
| 549 | int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); | ||
| 550 | int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); | ||
| 551 | void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); | ||
| 552 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); | ||
| 553 | #endif | ||
| 554 | |||
| 555 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); | ||
| 556 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); | ||
| 557 | void X509V3_string_free(X509V3_CTX *ctx, char *str); | ||
| 558 | void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); | ||
| 559 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, | ||
| 560 | X509_REQ *req, X509_CRL *crl, int flags); | ||
| 561 | |||
| 562 | int X509V3_add_value(const char *name, const char *value, | ||
| 563 | STACK_OF(CONF_VALUE) **extlist); | ||
| 564 | int X509V3_add_value_uchar(const char *name, const unsigned char *value, | ||
| 565 | STACK_OF(CONF_VALUE) **extlist); | ||
| 566 | int X509V3_add_value_bool(const char *name, int asn1_bool, | ||
| 567 | STACK_OF(CONF_VALUE) **extlist); | ||
| 568 | int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, | ||
| 569 | STACK_OF(CONF_VALUE) **extlist); | ||
| 570 | char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); | ||
| 571 | ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); | ||
| 572 | char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); | ||
| 573 | char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); | ||
| 574 | int X509V3_EXT_add(X509V3_EXT_METHOD *ext); | ||
| 575 | int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); | ||
| 576 | int X509V3_EXT_add_alias(int nid_to, int nid_from); | ||
| 577 | void X509V3_EXT_cleanup(void); | ||
| 578 | |||
| 579 | X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); | ||
| 580 | X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); | ||
| 581 | int X509V3_add_standard_extensions(void); | ||
| 582 | STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); | ||
| 583 | void *X509V3_EXT_d2i(X509_EXTENSION *ext); | ||
| 584 | void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); | ||
| 585 | |||
| 586 | |||
| 587 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); | ||
| 588 | int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); | ||
| 589 | |||
| 590 | char *hex_to_string(unsigned char *buffer, long len); | ||
| 591 | unsigned char *string_to_hex(char *str, long *len); | ||
| 592 | int name_cmp(const char *name, const char *cmp); | ||
| 593 | |||
| 594 | void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, | ||
| 595 | int ml); | ||
| 596 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); | ||
| 597 | int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); | ||
| 598 | |||
| 599 | int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); | ||
| 600 | |||
| 601 | int X509_check_ca(X509 *x); | ||
| 602 | int X509_check_purpose(X509 *x, int id, int ca); | ||
| 603 | int X509_supported_extension(X509_EXTENSION *ex); | ||
| 604 | int X509_PURPOSE_set(int *p, int purpose); | ||
| 605 | int X509_check_issued(X509 *issuer, X509 *subject); | ||
| 606 | int X509_PURPOSE_get_count(void); | ||
| 607 | X509_PURPOSE * X509_PURPOSE_get0(int idx); | ||
| 608 | int X509_PURPOSE_get_by_sname(char *sname); | ||
| 609 | int X509_PURPOSE_get_by_id(int id); | ||
| 610 | int X509_PURPOSE_add(int id, int trust, int flags, | ||
| 611 | int (*ck)(const X509_PURPOSE *, const X509 *, int), | ||
| 612 | char *name, char *sname, void *arg); | ||
| 613 | char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); | ||
| 614 | char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); | ||
| 615 | int X509_PURPOSE_get_trust(X509_PURPOSE *xp); | ||
| 616 | void X509_PURPOSE_cleanup(void); | ||
| 617 | int X509_PURPOSE_get_id(X509_PURPOSE *); | ||
| 618 | |||
| 619 | STACK *X509_get1_email(X509 *x); | ||
| 620 | STACK *X509_REQ_get1_email(X509_REQ *x); | ||
| 621 | void X509_email_free(STACK *sk); | ||
| 622 | STACK *X509_get1_ocsp(X509 *x); | ||
| 623 | |||
| 624 | ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); | ||
| 625 | ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); | ||
| 626 | int a2i_ipadd(unsigned char *ipout, const char *ipasc); | ||
| 627 | int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, | ||
| 628 | unsigned long chtype); | ||
| 629 | |||
| 630 | void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); | ||
| 631 | |||
| 632 | #ifndef OPENSSL_NO_RFC3779 | ||
| 633 | |||
| 634 | typedef struct ASRange_st { | ||
| 635 | ASN1_INTEGER *min, *max; | ||
| 636 | } ASRange; | ||
| 637 | |||
| 638 | #define ASIdOrRange_id 0 | ||
| 639 | #define ASIdOrRange_range 1 | ||
| 640 | |||
| 641 | typedef struct ASIdOrRange_st { | ||
| 642 | int type; | ||
| 643 | union { | ||
| 644 | ASN1_INTEGER *id; | ||
| 645 | ASRange *range; | ||
| 646 | } u; | ||
| 647 | } ASIdOrRange; | ||
| 648 | |||
| 649 | typedef STACK_OF(ASIdOrRange) ASIdOrRanges; | ||
| 650 | DECLARE_STACK_OF(ASIdOrRange) | ||
| 651 | |||
| 652 | #define ASIdentifierChoice_inherit 0 | ||
| 653 | #define ASIdentifierChoice_asIdsOrRanges 1 | ||
| 654 | |||
| 655 | typedef struct ASIdentifierChoice_st { | ||
| 656 | int type; | ||
| 657 | union { | ||
| 658 | ASN1_NULL *inherit; | ||
| 659 | ASIdOrRanges *asIdsOrRanges; | ||
| 660 | } u; | ||
| 661 | } ASIdentifierChoice; | ||
| 662 | |||
| 663 | typedef struct ASIdentifiers_st { | ||
| 664 | ASIdentifierChoice *asnum, *rdi; | ||
| 665 | } ASIdentifiers; | ||
| 666 | |||
| 667 | DECLARE_ASN1_FUNCTIONS(ASRange) | ||
| 668 | DECLARE_ASN1_FUNCTIONS(ASIdOrRange) | ||
| 669 | DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) | ||
| 670 | DECLARE_ASN1_FUNCTIONS(ASIdentifiers) | ||
| 671 | |||
| 672 | |||
| 673 | typedef struct IPAddressRange_st { | ||
| 674 | ASN1_BIT_STRING *min, *max; | ||
| 675 | } IPAddressRange; | ||
| 676 | |||
| 677 | #define IPAddressOrRange_addressPrefix 0 | ||
| 678 | #define IPAddressOrRange_addressRange 1 | ||
| 679 | |||
| 680 | typedef struct IPAddressOrRange_st { | ||
| 681 | int type; | ||
| 682 | union { | ||
| 683 | ASN1_BIT_STRING *addressPrefix; | ||
| 684 | IPAddressRange *addressRange; | ||
| 685 | } u; | ||
| 686 | } IPAddressOrRange; | ||
| 687 | |||
| 688 | typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; | ||
| 689 | DECLARE_STACK_OF(IPAddressOrRange) | ||
| 690 | |||
| 691 | #define IPAddressChoice_inherit 0 | ||
| 692 | #define IPAddressChoice_addressesOrRanges 1 | ||
| 693 | |||
| 694 | typedef struct IPAddressChoice_st { | ||
| 695 | int type; | ||
| 696 | union { | ||
| 697 | ASN1_NULL *inherit; | ||
| 698 | IPAddressOrRanges *addressesOrRanges; | ||
| 699 | } u; | ||
| 700 | } IPAddressChoice; | ||
| 701 | |||
| 702 | typedef struct IPAddressFamily_st { | ||
| 703 | ASN1_OCTET_STRING *addressFamily; | ||
| 704 | IPAddressChoice *ipAddressChoice; | ||
| 705 | } IPAddressFamily; | ||
| 706 | |||
| 707 | typedef STACK_OF(IPAddressFamily) IPAddrBlocks; | ||
| 708 | DECLARE_STACK_OF(IPAddressFamily) | ||
| 709 | |||
| 710 | DECLARE_ASN1_FUNCTIONS(IPAddressRange) | ||
| 711 | DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) | ||
| 712 | DECLARE_ASN1_FUNCTIONS(IPAddressChoice) | ||
| 713 | DECLARE_ASN1_FUNCTIONS(IPAddressFamily) | ||
| 714 | |||
| 715 | /* | ||
| 716 | * API tag for elements of the ASIdentifer SEQUENCE. | ||
| 717 | */ | ||
| 718 | #define V3_ASID_ASNUM 0 | ||
| 719 | #define V3_ASID_RDI 1 | ||
| 720 | |||
| 721 | /* | ||
| 722 | * AFI values, assigned by IANA. It'd be nice to make the AFI | ||
| 723 | * handling code totally generic, but there are too many little things | ||
| 724 | * that would need to be defined for other address families for it to | ||
| 725 | * be worth the trouble. | ||
| 726 | */ | ||
| 727 | #define IANA_AFI_IPV4 1 | ||
| 728 | #define IANA_AFI_IPV6 2 | ||
| 729 | |||
| 730 | /* | ||
| 731 | * Utilities to construct and extract values from RFC3779 extensions, | ||
| 732 | * since some of the encodings (particularly for IP address prefixes | ||
| 733 | * and ranges) are a bit tedious to work with directly. | ||
| 734 | */ | ||
| 735 | int v3_asid_add_inherit(ASIdentifiers *asid, int which); | ||
| 736 | int v3_asid_add_id_or_range(ASIdentifiers *asid, int which, | ||
| 737 | ASN1_INTEGER *min, ASN1_INTEGER *max); | ||
| 738 | int v3_addr_add_inherit(IPAddrBlocks *addr, | ||
| 739 | const unsigned afi, const unsigned *safi); | ||
| 740 | int v3_addr_add_prefix(IPAddrBlocks *addr, | ||
| 741 | const unsigned afi, const unsigned *safi, | ||
| 742 | unsigned char *a, const int prefixlen); | ||
| 743 | int v3_addr_add_range(IPAddrBlocks *addr, | ||
| 744 | const unsigned afi, const unsigned *safi, | ||
| 745 | unsigned char *min, unsigned char *max); | ||
| 746 | unsigned v3_addr_get_afi(const IPAddressFamily *f); | ||
| 747 | int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, | ||
| 748 | unsigned char *min, unsigned char *max, | ||
| 749 | const int length); | ||
| 750 | |||
| 751 | /* | ||
| 752 | * Canonical forms. | ||
| 753 | */ | ||
| 754 | int v3_asid_is_canonical(ASIdentifiers *asid); | ||
| 755 | int v3_addr_is_canonical(IPAddrBlocks *addr); | ||
| 756 | int v3_asid_canonize(ASIdentifiers *asid); | ||
| 757 | int v3_addr_canonize(IPAddrBlocks *addr); | ||
| 758 | |||
| 759 | /* | ||
| 760 | * Tests for inheritance and containment. | ||
| 761 | */ | ||
| 762 | int v3_asid_inherits(ASIdentifiers *asid); | ||
| 763 | int v3_addr_inherits(IPAddrBlocks *addr); | ||
| 764 | int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); | ||
| 765 | int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); | ||
| 766 | |||
| 767 | /* | ||
| 768 | * Check whether RFC 3779 extensions nest properly in chains. | ||
| 769 | */ | ||
| 770 | int v3_asid_validate_path(X509_STORE_CTX *); | ||
| 771 | int v3_addr_validate_path(X509_STORE_CTX *); | ||
| 772 | int v3_asid_validate_resource_set(STACK_OF(X509) *chain, | ||
| 773 | ASIdentifiers *ext, | ||
| 774 | int allow_inheritance); | ||
| 775 | int v3_addr_validate_resource_set(STACK_OF(X509) *chain, | ||
| 776 | IPAddrBlocks *ext, | ||
| 777 | int allow_inheritance); | ||
| 778 | |||
| 779 | #endif /* OPENSSL_NO_RFC3779 */ | ||
| 780 | |||
| 781 | /* BEGIN ERROR CODES */ | ||
| 782 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 783 | * made after this point may be overwritten when the script is next run. | ||
| 784 | */ | ||
| 785 | void ERR_load_X509V3_strings(void); | ||
| 786 | |||
| 787 | /* Error codes for the X509V3 functions. */ | ||
| 788 | |||
| 789 | /* Function codes. */ | ||
| 790 | #define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156 | ||
| 791 | #define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157 | ||
| 792 | #define X509V3_F_COPY_EMAIL 122 | ||
| 793 | #define X509V3_F_COPY_ISSUER 123 | ||
| 794 | #define X509V3_F_DO_DIRNAME 144 | ||
| 795 | #define X509V3_F_DO_EXT_CONF 124 | ||
| 796 | #define X509V3_F_DO_EXT_I2D 135 | ||
| 797 | #define X509V3_F_DO_EXT_NCONF 151 | ||
| 798 | #define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 | ||
| 799 | #define X509V3_F_HEX_TO_STRING 111 | ||
| 800 | #define X509V3_F_I2S_ASN1_ENUMERATED 121 | ||
| 801 | #define X509V3_F_I2S_ASN1_IA5STRING 149 | ||
| 802 | #define X509V3_F_I2S_ASN1_INTEGER 120 | ||
| 803 | #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 | ||
| 804 | #define X509V3_F_NOTICE_SECTION 132 | ||
| 805 | #define X509V3_F_NREF_NOS 133 | ||
| 806 | #define X509V3_F_POLICY_SECTION 131 | ||
| 807 | #define X509V3_F_PROCESS_PCI_VALUE 150 | ||
| 808 | #define X509V3_F_R2I_CERTPOL 130 | ||
| 809 | #define X509V3_F_R2I_PCI 155 | ||
| 810 | #define X509V3_F_S2I_ASN1_IA5STRING 100 | ||
| 811 | #define X509V3_F_S2I_ASN1_INTEGER 108 | ||
| 812 | #define X509V3_F_S2I_ASN1_OCTET_STRING 112 | ||
| 813 | #define X509V3_F_S2I_ASN1_SKEY_ID 114 | ||
| 814 | #define X509V3_F_S2I_SKEY_ID 115 | ||
| 815 | #define X509V3_F_STRING_TO_HEX 113 | ||
| 816 | #define X509V3_F_SXNET_ADD_ID_ASC 125 | ||
| 817 | #define X509V3_F_SXNET_ADD_ID_INTEGER 126 | ||
| 818 | #define X509V3_F_SXNET_ADD_ID_ULONG 127 | ||
| 819 | #define X509V3_F_SXNET_GET_ID_ASC 128 | ||
| 820 | #define X509V3_F_SXNET_GET_ID_ULONG 129 | ||
| 821 | #define X509V3_F_V2I_ASIDENTIFIERS 158 | ||
| 822 | #define X509V3_F_V2I_ASN1_BIT_STRING 101 | ||
| 823 | #define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 | ||
| 824 | #define X509V3_F_V2I_AUTHORITY_KEYID 119 | ||
| 825 | #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 | ||
| 826 | #define X509V3_F_V2I_CRLD 134 | ||
| 827 | #define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 | ||
| 828 | #define X509V3_F_V2I_GENERAL_NAMES 118 | ||
| 829 | #define X509V3_F_V2I_GENERAL_NAME_EX 117 | ||
| 830 | #define X509V3_F_V2I_IPADDRBLOCKS 159 | ||
| 831 | #define X509V3_F_V2I_ISSUER_ALT 153 | ||
| 832 | #define X509V3_F_V2I_NAME_CONSTRAINTS 147 | ||
| 833 | #define X509V3_F_V2I_POLICY_CONSTRAINTS 146 | ||
| 834 | #define X509V3_F_V2I_POLICY_MAPPINGS 145 | ||
| 835 | #define X509V3_F_V2I_SUBJECT_ALT 154 | ||
| 836 | #define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 | ||
| 837 | #define X509V3_F_V3_GENERIC_EXTENSION 116 | ||
| 838 | #define X509V3_F_X509V3_ADD1_I2D 140 | ||
| 839 | #define X509V3_F_X509V3_ADD_VALUE 105 | ||
| 840 | #define X509V3_F_X509V3_EXT_ADD 104 | ||
| 841 | #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 | ||
| 842 | #define X509V3_F_X509V3_EXT_CONF 107 | ||
| 843 | #define X509V3_F_X509V3_EXT_I2D 136 | ||
| 844 | #define X509V3_F_X509V3_EXT_NCONF 152 | ||
| 845 | #define X509V3_F_X509V3_GET_SECTION 142 | ||
| 846 | #define X509V3_F_X509V3_GET_STRING 143 | ||
| 847 | #define X509V3_F_X509V3_GET_VALUE_BOOL 110 | ||
| 848 | #define X509V3_F_X509V3_PARSE_LIST 109 | ||
| 849 | #define X509V3_F_X509_PURPOSE_ADD 137 | ||
| 850 | #define X509V3_F_X509_PURPOSE_SET 141 | ||
| 851 | |||
| 852 | /* Reason codes. */ | ||
| 853 | #define X509V3_R_BAD_IP_ADDRESS 118 | ||
| 854 | #define X509V3_R_BAD_OBJECT 119 | ||
| 855 | #define X509V3_R_BN_DEC2BN_ERROR 100 | ||
| 856 | #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 | ||
| 857 | #define X509V3_R_DIRNAME_ERROR 149 | ||
| 858 | #define X509V3_R_DUPLICATE_ZONE_ID 133 | ||
| 859 | #define X509V3_R_ERROR_CONVERTING_ZONE 131 | ||
| 860 | #define X509V3_R_ERROR_CREATING_EXTENSION 144 | ||
| 861 | #define X509V3_R_ERROR_IN_EXTENSION 128 | ||
| 862 | #define X509V3_R_EXPECTED_A_SECTION_NAME 137 | ||
| 863 | #define X509V3_R_EXTENSION_EXISTS 145 | ||
| 864 | #define X509V3_R_EXTENSION_NAME_ERROR 115 | ||
| 865 | #define X509V3_R_EXTENSION_NOT_FOUND 102 | ||
| 866 | #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 | ||
| 867 | #define X509V3_R_EXTENSION_VALUE_ERROR 116 | ||
| 868 | #define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 | ||
| 869 | #define X509V3_R_ILLEGAL_HEX_DIGIT 113 | ||
| 870 | #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 | ||
| 871 | #define X509V3_R_INVALID_ASNUMBER 160 | ||
| 872 | #define X509V3_R_INVALID_ASRANGE 161 | ||
| 873 | #define X509V3_R_INVALID_BOOLEAN_STRING 104 | ||
| 874 | #define X509V3_R_INVALID_EXTENSION_STRING 105 | ||
| 875 | #define X509V3_R_INVALID_INHERITANCE 162 | ||
| 876 | #define X509V3_R_INVALID_IPADDRESS 163 | ||
| 877 | #define X509V3_R_INVALID_NAME 106 | ||
| 878 | #define X509V3_R_INVALID_NULL_ARGUMENT 107 | ||
| 879 | #define X509V3_R_INVALID_NULL_NAME 108 | ||
| 880 | #define X509V3_R_INVALID_NULL_VALUE 109 | ||
| 881 | #define X509V3_R_INVALID_NUMBER 140 | ||
| 882 | #define X509V3_R_INVALID_NUMBERS 141 | ||
| 883 | #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 | ||
| 884 | #define X509V3_R_INVALID_OPTION 138 | ||
| 885 | #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 | ||
| 886 | #define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 | ||
| 887 | #define X509V3_R_INVALID_PURPOSE 146 | ||
| 888 | #define X509V3_R_INVALID_SAFI 164 | ||
| 889 | #define X509V3_R_INVALID_SECTION 135 | ||
| 890 | #define X509V3_R_INVALID_SYNTAX 143 | ||
| 891 | #define X509V3_R_ISSUER_DECODE_ERROR 126 | ||
| 892 | #define X509V3_R_MISSING_VALUE 124 | ||
| 893 | #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 | ||
| 894 | #define X509V3_R_NO_CONFIG_DATABASE 136 | ||
| 895 | #define X509V3_R_NO_ISSUER_CERTIFICATE 121 | ||
| 896 | #define X509V3_R_NO_ISSUER_DETAILS 127 | ||
| 897 | #define X509V3_R_NO_POLICY_IDENTIFIER 139 | ||
| 898 | #define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 | ||
| 899 | #define X509V3_R_NO_PUBLIC_KEY 114 | ||
| 900 | #define X509V3_R_NO_SUBJECT_DETAILS 125 | ||
| 901 | #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 | ||
| 902 | #define X509V3_R_OPERATION_NOT_DEFINED 148 | ||
| 903 | #define X509V3_R_OTHERNAME_ERROR 147 | ||
| 904 | #define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 | ||
| 905 | #define X509V3_R_POLICY_PATH_LENGTH 156 | ||
| 906 | #define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 | ||
| 907 | #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 | ||
| 908 | #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 | ||
| 909 | #define X509V3_R_SECTION_NOT_FOUND 150 | ||
| 910 | #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 | ||
| 911 | #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 | ||
| 912 | #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 | ||
| 913 | #define X509V3_R_UNKNOWN_EXTENSION 129 | ||
| 914 | #define X509V3_R_UNKNOWN_EXTENSION_NAME 130 | ||
| 915 | #define X509V3_R_UNKNOWN_OPTION 120 | ||
| 916 | #define X509V3_R_UNSUPPORTED_OPTION 117 | ||
| 917 | #define X509V3_R_USER_TOO_LONG 132 | ||
| 918 | |||
| 919 | #ifdef __cplusplus | ||
| 920 | } | ||
| 921 | #endif | ||
| 922 | #endif | ||