This commit was manufactured by cvs2git to create branch 'OPENBSD_5_7'.libressl-v2.1.5

author: cvs2svn <admin@example.com> 2015-03-08 16:48:49 +0000
committer: cvs2svn <admin@example.com> 2015-03-08 16:48:49 +0000
commit: decf84ba5550c1656a7fdb51b5b81969590c3f03 (patch)
tree: 44872802e872bdfd60730fa9cf01d9d5751251c1 /src/lib/libcrypto/x509v3/v3_crld.c
parent: 7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427 (diff)
download: openbsd-libressl-v2.1.5.tar.gz
openbsd-libressl-v2.1.5.tar.bz2
openbsd-libressl-v2.1.5.zip
1 files changed, 0 insertions, 685 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
deleted file mode 100644
index b2e4370658..0000000000
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ /dev/null
@@ -1,685 +0,0 @@
-/* $OpenBSD: v3_crld.c,v 1.16 2015/02/14 15:19:04 miod Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-static void *v2i_crld(const X509V3_EXT_METHOD *method,
-    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-    int indent);
-const X509V3_EXT_METHOD v3_crld = {
-        NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
-        0, 0, 0, 0,
-        0, 0,
-        0,
-        v2i_crld,
-        i2r_crldp, 0,
-        NULL
-};
-const X509V3_EXT_METHOD v3_freshest_crl = {
-        NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
-        0, 0, 0, 0,
-        0, 0,
-        0,
-        v2i_crld,
-        i2r_crldp, 0,
-        NULL
-};
-static
-STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
-{
-        STACK_OF(CONF_VALUE) *gnsect;
-        STACK_OF(GENERAL_NAME) *gens;
-        if (*sect == '@')
-                gnsect = X509V3_get_section(ctx, sect + 1);
-        else
-                gnsect = X509V3_parse_list(sect);
-        if (!gnsect) {
-                X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
-                    X509V3_R_SECTION_NOT_FOUND);
-                return NULL;
-        }
-        gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
-        if (*sect == '@')
-                X509V3_section_free(ctx, gnsect);
-        else
-                sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
-        return gens;
-}
-static int
-set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf)
-{
-        STACK_OF(GENERAL_NAME) *fnm = NULL;
-        STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
-        if (!strncmp(cnf->name, "fullname", 9)) {
-                fnm = gnames_from_sectname(ctx, cnf->value);
-                if (!fnm)
-                        goto err;
-        } else if (!strcmp(cnf->name, "relativename")) {
-                int ret;
-                STACK_OF(CONF_VALUE) *dnsect;
-                X509_NAME *nm;
-                nm = X509_NAME_new();
-                if (!nm)
-                        return -1;
-                dnsect = X509V3_get_section(ctx, cnf->value);
-                if (!dnsect) {
-                        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-                            X509V3_R_SECTION_NOT_FOUND);
-                        X509_NAME_free(nm);
-                        return -1;
-                }
-                ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
-                X509V3_section_free(ctx, dnsect);
-                rnm = nm->entries;
-                nm->entries = NULL;
-                X509_NAME_free(nm);
-                if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
-                        goto err;
-                /* Since its a name fragment can't have more than one
-                 * RDNSequence
-                 */
-                if (sk_X509_NAME_ENTRY_value(rnm,
-                    sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
-                        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-                            X509V3_R_INVALID_MULTIPLE_RDNS);
-                        goto err;
-                }
-        } else
-                return 0;
-        if (*pdp) {
-                X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-                    X509V3_R_DISTPOINT_ALREADY_SET);
-                goto err;
-        }
-        *pdp = DIST_POINT_NAME_new();
-        if (!*pdp)
-                goto err;
-        if (fnm) {
-                (*pdp)->type = 0;
-                (*pdp)->name.fullname = fnm;
-        } else {
-                (*pdp)->type = 1;
-                (*pdp)->name.relativename = rnm;
-        }
-        return 1;
-err:
-        if (fnm)
-                sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
-        if (rnm)
-                sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
-        return -1;
-}
-static const BIT_STRING_BITNAME reason_flags[] = {
-        {0, "Unused", "unused"},
-        {1, "Key Compromise", "keyCompromise"},
-        {2, "CA Compromise", "CACompromise"},
-        {3, "Affiliation Changed", "affiliationChanged"},
-        {4, "Superseded", "superseded"},
-        {5, "Cessation Of Operation", "cessationOfOperation"},
-        {6, "Certificate Hold", "certificateHold"},
-        {7, "Privilege Withdrawn", "privilegeWithdrawn"},
-        {8, "AA Compromise", "AACompromise"},
-        {-1, NULL, NULL}
-};
-static int
-set_reasons(ASN1_BIT_STRING **preas, char *value)
-{
-        STACK_OF(CONF_VALUE) *rsk = NULL;
-        const BIT_STRING_BITNAME *pbn;
-        const char *bnam;
-        int i, ret = 0;
-        if (*preas != NULL)
-                return 0;
-        rsk = X509V3_parse_list(value);
-        if (rsk == NULL)
-                return 0;
-        for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
-                bnam = sk_CONF_VALUE_value(rsk, i)->name;
-                if (!*preas) {
-                        *preas = ASN1_BIT_STRING_new();
-                        if (!*preas)
-                                goto err;
-                }
-                for (pbn = reason_flags; pbn->lname; pbn++) {
-                        if (!strcmp(pbn->sname, bnam)) {
-                                if (!ASN1_BIT_STRING_set_bit(*preas,
-                                    pbn->bitnum, 1))
-                                        goto err;
-                                break;
-                        }
-                }
-                if (!pbn->lname)
-                        goto err;
-        }
-        ret = 1;
-err:
-        sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
-        return ret;
-}
-static int
-print_reasons(BIO *out, const char *rname, ASN1_BIT_STRING *rflags, int indent)
-{
-        int first = 1;
-        const BIT_STRING_BITNAME *pbn;
-        BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
-        for (pbn = reason_flags; pbn->lname; pbn++) {
-                if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
-                        if (first)
-                                first = 0;
-                        else
-                                BIO_puts(out, ", ");
-                        BIO_puts(out, pbn->lname);
-                }
-        }
-        if (first)
-                BIO_puts(out, "<EMPTY>\n");
-        else
-                BIO_puts(out, "\n");
-        return 1;
-}
-static DIST_POINT *
-crldp_from_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-        int i;
-        CONF_VALUE *cnf;
-        DIST_POINT *point = NULL;
-        point = DIST_POINT_new();
-        if (!point)
-                goto err;
-        for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                int ret;
-                cnf = sk_CONF_VALUE_value(nval, i);
-                ret = set_dist_point_name(&point->distpoint, ctx, cnf);
-                if (ret > 0)
-                        continue;
-                if (ret < 0)
-                        goto err;
-                if (!strcmp(cnf->name, "reasons")) {
-                        if (!set_reasons(&point->reasons, cnf->value))
-                                goto err;
-                }
-                else if (!strcmp(cnf->name, "CRLissuer")) {
-                        point->CRLissuer =
-                            gnames_from_sectname(ctx, cnf->value);
-                        if (!point->CRLissuer)
-                                goto err;
-                }
-        }
-        return point;
-err:
-        if (point)
-                DIST_POINT_free(point);
-        return NULL;
-}
-static void *
-v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-    STACK_OF(CONF_VALUE) *nval)
-{
-        STACK_OF(DIST_POINT) *crld = NULL;
-        GENERAL_NAMES *gens = NULL;
-        GENERAL_NAME *gen = NULL;
-        CONF_VALUE *cnf;
-        int i;
-        if (!(crld = sk_DIST_POINT_new_null()))
-                goto merr;
-        for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                DIST_POINT *point;
-                cnf = sk_CONF_VALUE_value(nval, i);
-                if (!cnf->value) {
-                        STACK_OF(CONF_VALUE) *dpsect;
-                        dpsect = X509V3_get_section(ctx, cnf->name);
-                        if (!dpsect)
-                                goto err;
-                        point = crldp_from_section(ctx, dpsect);
-                        X509V3_section_free(ctx, dpsect);
-                        if (!point)
-                                goto err;
-                        if (!sk_DIST_POINT_push(crld, point)) {
-                                DIST_POINT_free(point);
-                                goto merr;
-                        }
-                } else {
-                        if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
-                                goto err;
-                        if (!(gens = GENERAL_NAMES_new()))
-                                goto merr;
-                        if (!sk_GENERAL_NAME_push(gens, gen))
-                                goto merr;
-                        gen = NULL;
-                        if (!(point = DIST_POINT_new()))
-                                goto merr;
-                        if (!sk_DIST_POINT_push(crld, point)) {
-                                DIST_POINT_free(point);
-                                goto merr;
-                        }
-                        if (!(point->distpoint = DIST_POINT_NAME_new()))
-                                goto merr;
-                        point->distpoint->name.fullname = gens;
-                        point->distpoint->type = 0;
-                        gens = NULL;
-                }
-        }
-        return crld;
-merr:
-        X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
-err:
-        GENERAL_NAME_free(gen);
-        GENERAL_NAMES_free(gens);
-        sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
-        return NULL;
-}
-static int
-dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
-{
-        DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
-        switch (operation) {
-        case ASN1_OP_NEW_POST:
-                dpn->dpname = NULL;
-                break;
-        case ASN1_OP_FREE_POST:
-                if (dpn->dpname)
-                        X509_NAME_free(dpn->dpname);
-                break;
-        }
-        return 1;
-}
-ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
-        ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
-        ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
-} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type)
-DIST_POINT_NAME *
-d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, const unsigned char **in, long len)
-{
-        return (DIST_POINT_NAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &DIST_POINT_NAME_it);
-}
-int
-i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIST_POINT_NAME_it);
-}
-DIST_POINT_NAME *
-DIST_POINT_NAME_new(void)
-{
-        return (DIST_POINT_NAME *)ASN1_item_new(&DIST_POINT_NAME_it);
-}
-void
-DIST_POINT_NAME_free(DIST_POINT_NAME *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &DIST_POINT_NAME_it);
-}
-ASN1_SEQUENCE(DIST_POINT) = {
-        ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
-        ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
-        ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
-} ASN1_SEQUENCE_END(DIST_POINT)
-DIST_POINT *
-d2i_DIST_POINT(DIST_POINT **a, const unsigned char **in, long len)
-{
-        return (DIST_POINT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &DIST_POINT_it);
-}
-int
-i2d_DIST_POINT(DIST_POINT *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIST_POINT_it);
-}
-DIST_POINT *
-DIST_POINT_new(void)
-{
-        return (DIST_POINT *)ASN1_item_new(&DIST_POINT_it);
-}
-void
-DIST_POINT_free(DIST_POINT *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &DIST_POINT_it);
-}
-ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
-    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints,
-        DIST_POINT)
-ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
-CRL_DIST_POINTS *
-d2i_CRL_DIST_POINTS(CRL_DIST_POINTS **a, const unsigned char **in, long len)
-{
-        return (CRL_DIST_POINTS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &CRL_DIST_POINTS_it);
-}
-int
-i2d_CRL_DIST_POINTS(CRL_DIST_POINTS *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &CRL_DIST_POINTS_it);
-}
-CRL_DIST_POINTS *
-CRL_DIST_POINTS_new(void)
-{
-        return (CRL_DIST_POINTS *)ASN1_item_new(&CRL_DIST_POINTS_it);
-}
-void
-CRL_DIST_POINTS_free(CRL_DIST_POINTS *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &CRL_DIST_POINTS_it);
-}
-ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
-        ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
-        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),
-        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),
-        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),
-        ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),
-        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
-} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
-ISSUING_DIST_POINT *
-d2i_ISSUING_DIST_POINT(ISSUING_DIST_POINT **a, const unsigned char **in, long len)
-{
-        return (ISSUING_DIST_POINT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &ISSUING_DIST_POINT_it);
-}
-int
-i2d_ISSUING_DIST_POINT(ISSUING_DIST_POINT *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &ISSUING_DIST_POINT_it);
-}
-ISSUING_DIST_POINT *
-ISSUING_DIST_POINT_new(void)
-{
-        return (ISSUING_DIST_POINT *)ASN1_item_new(&ISSUING_DIST_POINT_it);
-}
-void
-ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &ISSUING_DIST_POINT_it);
-}
-static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
-    int indent);
-static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-    STACK_OF(CONF_VALUE) *nval);
-const X509V3_EXT_METHOD v3_idp = {
-        NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
-        ASN1_ITEM_ref(ISSUING_DIST_POINT),
-        0, 0, 0, 0,
-        0, 0,
-        0,
-        v2i_idp,
-        i2r_idp, 0,
-        NULL
-};
-static void *
-v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-    STACK_OF(CONF_VALUE) *nval)
-{
-        ISSUING_DIST_POINT *idp = NULL;
-        CONF_VALUE *cnf;
-        char *name, *val;
-        int i, ret;
-        idp = ISSUING_DIST_POINT_new();
-        if (!idp)
-                goto merr;
-        for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-                cnf = sk_CONF_VALUE_value(nval, i);
-                name = cnf->name;
-                val = cnf->value;
-                ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
-                if (ret > 0)
-                        continue;
-                if (ret < 0)
-                        goto err;
-                if (!strcmp(name, "onlyuser")) {
-                        if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
-                                goto err;
-                }
-                else if (!strcmp(name, "onlyCA")) {
-                        if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
-                                goto err;
-                }
-                else if (!strcmp(name, "onlyAA")) {
-                        if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
-                                goto err;
-                }
-                else if (!strcmp(name, "indirectCRL")) {
-                        if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
-                                goto err;
-                }
-                else if (!strcmp(name, "onlysomereasons")) {
-                        if (!set_reasons(&idp->onlysomereasons, val))
-                                goto err;
-                } else {
-                        X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-        }
-        return idp;
-merr:
-        X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE);
-err:
-        ISSUING_DIST_POINT_free(idp);
-        return NULL;
-}
-static int
-print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
-{
-        int i;
-        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-                BIO_printf(out, "%*s", indent + 2, "");
-                GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
-                BIO_puts(out, "\n");
-        }
-        return 1;
-}
-static int
-print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
-{
-        if (dpn->type == 0) {
-                BIO_printf(out, "%*sFull Name:\n", indent, "");
-                print_gens(out, dpn->name.fullname, indent);
-        } else {
-                X509_NAME ntmp;
-                ntmp.entries = dpn->name.relativename;
-                BIO_printf(out, "%*sRelative Name:\n%*s",
-                    indent, "", indent + 2, "");
-                X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
-                BIO_puts(out, "\n");
-        }
-        return 1;
-}
-static int
-i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
-{
-        ISSUING_DIST_POINT *idp = pidp;
-        if (idp->distpoint)
-                print_distpoint(out, idp->distpoint, indent);
-        if (idp->onlyuser > 0)
-                BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
-        if (idp->onlyCA > 0)
-                BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
-        if (idp->indirectCRL > 0)
-                BIO_printf(out, "%*sIndirect CRL\n", indent, "");
-        if (idp->onlysomereasons)
-                print_reasons(out, "Only Some Reasons",
-            idp->onlysomereasons, indent);
-        if (idp->onlyattr > 0)
-                BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
-        if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) &&
-            (idp->indirectCRL <= 0) && !idp->onlysomereasons &&
-            (idp->onlyattr <= 0))
-                BIO_printf(out, "%*s<EMPTY>\n", indent, "");
-        return 1;
-}
-static int
-i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent)
-{
-        STACK_OF(DIST_POINT) *crld = pcrldp;
-        DIST_POINT *point;
-        int i;
-        for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
-                BIO_puts(out, "\n");
-                point = sk_DIST_POINT_value(crld, i);
-                if (point->distpoint)
-                        print_distpoint(out, point->distpoint, indent);
-                if (point->reasons)
-                        print_reasons(out, "Reasons", point->reasons,
-                    indent);
-                if (point->CRLissuer) {
-                        BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
-                        print_gens(out, point->CRLissuer, indent);
-                }
-        }
-        return 1;
-}
-int
-DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
-{
-        int i;
-        STACK_OF(X509_NAME_ENTRY) *frag;
-        X509_NAME_ENTRY *ne;
-        if (!dpn || (dpn->type != 1))
-                return 1;
-        frag = dpn->name.relativename;
-        dpn->dpname = X509_NAME_dup(iname);
-        if (!dpn->dpname)
-                return 0;
-        for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) {
-                ne = sk_X509_NAME_ENTRY_value(frag, i);
-                if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) {
-                        X509_NAME_free(dpn->dpname);
-                        dpn->dpname = NULL;
-                        return 0;
-                }
-        }
-        /* generate cached encoding of name */
-        if (i2d_X509_NAME(dpn->dpname, NULL) < 0) {
-                X509_NAME_free(dpn->dpname);
-                dpn->dpname = NULL;
-                return 0;
-        }
-        return 1;
-}
author	cvs2svn <admin@example.com>	2015-03-08 16:48:49 +0000
committer	cvs2svn <admin@example.com>	2015-03-08 16:48:49 +0000
commit	decf84ba5550c1656a7fdb51b5b81969590c3f03 (patch)
tree	44872802e872bdfd60730fa9cf01d9d5751251c1 /src/lib/libcrypto/x509v3/v3_crld.c
parent	7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427 (diff)
download	openbsd-libressl-v2.1.5.tar.gz openbsd-libressl-v2.1.5.tar.bz2 openbsd-libressl-v2.1.5.zip

diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c deleted file mode 100644 index b2e4370658..0000000000 --- a/src/lib/libcrypto/x509v3/v3_crld.c +++ /dev/null
@@ -1,685 +0,0 @@
1	/* $OpenBSD: v3_crld.c,v 1.16 2015/02/14 15:19:04 miod Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.
4	*/
5	/* ====================================================================
6	* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <stdio.h>
60	#include <string.h>
61
62	#include <openssl/asn1.h>
63	#include <openssl/asn1t.h>
64	#include <openssl/conf.h>
65	#include <openssl/err.h>
66	#include <openssl/x509v3.h>
67
68	static void v2i_crld(const X509V3_EXT_METHOD method,
69	X509V3_CTX ctx, STACK_OF(CONF_VALUE) nval);
70	static int i2r_crldp(const X509V3_EXT_METHOD method, void pcrldp, BIO *out,
71	int indent);
72
73	const X509V3_EXT_METHOD v3_crld = {
74	NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
75	0, 0, 0, 0,
76	0, 0,
77	0,
78	v2i_crld,
79	i2r_crldp, 0,
80	NULL
81	};
82
83	const X509V3_EXT_METHOD v3_freshest_crl = {
84	NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
85	0, 0, 0, 0,
86	0, 0,
87	0,
88	v2i_crld,
89	i2r_crldp, 0,
90	NULL
91	};
92
93	static
94	STACK_OF(GENERAL_NAME) gnames_from_sectname(X509V3_CTX ctx, char *sect)
95	{
96	STACK_OF(CONF_VALUE) *gnsect;
97	STACK_OF(GENERAL_NAME) *gens;
98
99	if (*sect == '@')
100	gnsect = X509V3_get_section(ctx, sect + 1);
101	else
102	gnsect = X509V3_parse_list(sect);
103	if (!gnsect) {
104	X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
105	X509V3_R_SECTION_NOT_FOUND);
106	return NULL;
107	}
108	gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
109	if (*sect == '@')
110	X509V3_section_free(ctx, gnsect);
111	else
112	sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
113	return gens;
114	}
115
116	static int
117	set_dist_point_name(DIST_POINT_NAME *pdp, X509V3_CTX ctx, CONF_VALUE *cnf)
118	{
119	STACK_OF(GENERAL_NAME) *fnm = NULL;
120	STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
121
122	if (!strncmp(cnf->name, "fullname", 9)) {
123	fnm = gnames_from_sectname(ctx, cnf->value);
124	if (!fnm)
125	goto err;
126	} else if (!strcmp(cnf->name, "relativename")) {
127	int ret;
128	STACK_OF(CONF_VALUE) *dnsect;
129	X509_NAME *nm;
130	nm = X509_NAME_new();
131	if (!nm)
132	return -1;
133	dnsect = X509V3_get_section(ctx, cnf->value);
134	if (!dnsect) {
135	X509V3err(X509V3_F_SET_DIST_POINT_NAME,
136	X509V3_R_SECTION_NOT_FOUND);
137	X509_NAME_free(nm);
138	return -1;
139	}
140	ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
141	X509V3_section_free(ctx, dnsect);
142	rnm = nm->entries;
143	nm->entries = NULL;
144	X509_NAME_free(nm);
145	if (!ret \|\| sk_X509_NAME_ENTRY_num(rnm) <= 0)
146	goto err;
147	/* Since its a name fragment can't have more than one
148	* RDNSequence
149	*/
150	if (sk_X509_NAME_ENTRY_value(rnm,
151	sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
152	X509V3err(X509V3_F_SET_DIST_POINT_NAME,
153	X509V3_R_INVALID_MULTIPLE_RDNS);
154	goto err;
155	}
156	} else
157	return 0;
158
159	if (*pdp) {
160	X509V3err(X509V3_F_SET_DIST_POINT_NAME,
161	X509V3_R_DISTPOINT_ALREADY_SET);
162	goto err;
163	}
164
165	*pdp = DIST_POINT_NAME_new();
166	if (!*pdp)
167	goto err;
168	if (fnm) {
169	(*pdp)->type = 0;
170	(*pdp)->name.fullname = fnm;
171	} else {
172	(*pdp)->type = 1;
173	(*pdp)->name.relativename = rnm;
174	}
175
176	return 1;
177
178	err:
179	if (fnm)
180	sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
181	if (rnm)
182	sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
183	return -1;
184	}
185
186	static const BIT_STRING_BITNAME reason_flags[] = {
187	{0, "Unused", "unused"},
188	{1, "Key Compromise", "keyCompromise"},
189	{2, "CA Compromise", "CACompromise"},
190	{3, "Affiliation Changed", "affiliationChanged"},
191	{4, "Superseded", "superseded"},
192	{5, "Cessation Of Operation", "cessationOfOperation"},
193	{6, "Certificate Hold", "certificateHold"},
194	{7, "Privilege Withdrawn", "privilegeWithdrawn"},
195	{8, "AA Compromise", "AACompromise"},
196	{-1, NULL, NULL}
197	};
198
199	static int
200	set_reasons(ASN1_BIT_STRING *preas, char value)
201	{
202	STACK_OF(CONF_VALUE) *rsk = NULL;
203	const BIT_STRING_BITNAME *pbn;
204	const char *bnam;
205	int i, ret = 0;
206
207	if (*preas != NULL)
208	return 0;
209	rsk = X509V3_parse_list(value);
210	if (rsk == NULL)
211	return 0;
212	for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
213	bnam = sk_CONF_VALUE_value(rsk, i)->name;
214	if (!*preas) {
215	*preas = ASN1_BIT_STRING_new();
216	if (!*preas)
217	goto err;
218	}
219	for (pbn = reason_flags; pbn->lname; pbn++) {
220	if (!strcmp(pbn->sname, bnam)) {
221	if (!ASN1_BIT_STRING_set_bit(*preas,
222	pbn->bitnum, 1))
223	goto err;
224	break;
225	}
226	}
227	if (!pbn->lname)
228	goto err;
229	}
230	ret = 1;
231
232	err:
233	sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
234	return ret;
235	}
236
237	static int
238	print_reasons(BIO out, const char rname, ASN1_BIT_STRING *rflags, int indent)
239	{
240	int first = 1;
241	const BIT_STRING_BITNAME *pbn;
242
243	BIO_printf(out, "%s%s:\n%s", indent, "", rname, indent + 2, "");
244	for (pbn = reason_flags; pbn->lname; pbn++) {
245	if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
246	if (first)
247	first = 0;
248	else
249	BIO_puts(out, ", ");
250	BIO_puts(out, pbn->lname);
251	}
252	}
253	if (first)
254	BIO_puts(out, "<EMPTY>\n");
255	else
256	BIO_puts(out, "\n");
257	return 1;
258	}
259
260	static DIST_POINT *
261	crldp_from_section(X509V3_CTX ctx, STACK_OF(CONF_VALUE) nval)
262	{
263	int i;
264	CONF_VALUE *cnf;
265	DIST_POINT *point = NULL;
266
267	point = DIST_POINT_new();
268	if (!point)
269	goto err;
270	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
271	int ret;
272	cnf = sk_CONF_VALUE_value(nval, i);
273	ret = set_dist_point_name(&point->distpoint, ctx, cnf);
274	if (ret > 0)
275	continue;
276	if (ret < 0)
277	goto err;
278	if (!strcmp(cnf->name, "reasons")) {
279	if (!set_reasons(&point->reasons, cnf->value))
280	goto err;
281	}
282	else if (!strcmp(cnf->name, "CRLissuer")) {
283	point->CRLissuer =
284	gnames_from_sectname(ctx, cnf->value);
285	if (!point->CRLissuer)
286	goto err;
287	}
288	}
289
290	return point;
291
292	err:
293	if (point)
294	DIST_POINT_free(point);
295	return NULL;
296	}
297
298	static void *
299	v2i_crld(const X509V3_EXT_METHOD method, X509V3_CTX ctx,
300	STACK_OF(CONF_VALUE) *nval)
301	{
302	STACK_OF(DIST_POINT) *crld = NULL;
303	GENERAL_NAMES *gens = NULL;
304	GENERAL_NAME *gen = NULL;
305	CONF_VALUE *cnf;
306	int i;
307
308	if (!(crld = sk_DIST_POINT_new_null()))
309	goto merr;
310	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
311	DIST_POINT *point;
312	cnf = sk_CONF_VALUE_value(nval, i);
313	if (!cnf->value) {
314	STACK_OF(CONF_VALUE) *dpsect;
315	dpsect = X509V3_get_section(ctx, cnf->name);
316	if (!dpsect)
317	goto err;
318	point = crldp_from_section(ctx, dpsect);
319	X509V3_section_free(ctx, dpsect);
320	if (!point)
321	goto err;
322	if (!sk_DIST_POINT_push(crld, point)) {
323	DIST_POINT_free(point);
324	goto merr;
325	}
326	} else {
327	if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
328	goto err;
329	if (!(gens = GENERAL_NAMES_new()))
330	goto merr;
331	if (!sk_GENERAL_NAME_push(gens, gen))
332	goto merr;
333	gen = NULL;
334	if (!(point = DIST_POINT_new()))
335	goto merr;
336	if (!sk_DIST_POINT_push(crld, point)) {
337	DIST_POINT_free(point);
338	goto merr;
339	}
340	if (!(point->distpoint = DIST_POINT_NAME_new()))
341	goto merr;
342	point->distpoint->name.fullname = gens;
343	point->distpoint->type = 0;
344	gens = NULL;
345	}
346	}
347	return crld;
348
349	merr:
350	X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
351	err:
352	GENERAL_NAME_free(gen);
353	GENERAL_NAMES_free(gens);
354	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
355	return NULL;
356	}
357
358	static int
359	dpn_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it, void *exarg)
360	{
361	DIST_POINT_NAME dpn = (DIST_POINT_NAME )*pval;
362
363	switch (operation) {
364	case ASN1_OP_NEW_POST:
365	dpn->dpname = NULL;
366	break;
367
368	case ASN1_OP_FREE_POST:
369	if (dpn->dpname)
370	X509_NAME_free(dpn->dpname);
371	break;
372	}
373	return 1;
374	}
375
376
377	ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
378	ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
379	ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
380	} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type)
381
382
383
384	DIST_POINT_NAME *
385	d2i_DIST_POINT_NAME(DIST_POINT_NAME a, const unsigned char in, long len)
386	{
387	return (DIST_POINT_NAME )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
388	&DIST_POINT_NAME_it);
389	}
390
391	int
392	i2d_DIST_POINT_NAME(DIST_POINT_NAME a, unsigned char *out)
393	{
394	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIST_POINT_NAME_it);
395	}
396
397	DIST_POINT_NAME *
398	DIST_POINT_NAME_new(void)
399	{
400	return (DIST_POINT_NAME *)ASN1_item_new(&DIST_POINT_NAME_it);
401	}
402
403	void
404	DIST_POINT_NAME_free(DIST_POINT_NAME *a)
405	{
406	ASN1_item_free((ASN1_VALUE *)a, &DIST_POINT_NAME_it);
407	}
408
409	ASN1_SEQUENCE(DIST_POINT) = {
410	ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
411	ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
412	ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
413	} ASN1_SEQUENCE_END(DIST_POINT)
414
415
416	DIST_POINT *
417	d2i_DIST_POINT(DIST_POINT a, const unsigned char in, long len)
418	{
419	return (DIST_POINT )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
420	&DIST_POINT_it);
421	}
422
423	int
424	i2d_DIST_POINT(DIST_POINT a, unsigned char *out)
425	{
426	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIST_POINT_it);
427	}
428
429	DIST_POINT *
430	DIST_POINT_new(void)
431	{
432	return (DIST_POINT *)ASN1_item_new(&DIST_POINT_it);
433	}
434
435	void
436	DIST_POINT_free(DIST_POINT *a)
437	{
438	ASN1_item_free((ASN1_VALUE *)a, &DIST_POINT_it);
439	}
440
441	ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
442	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints,
443	DIST_POINT)
444	ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
445
446
447	CRL_DIST_POINTS *
448	d2i_CRL_DIST_POINTS(CRL_DIST_POINTS a, const unsigned char in, long len)
449	{
450	return (CRL_DIST_POINTS )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
451	&CRL_DIST_POINTS_it);
452	}
453
454	int
455	i2d_CRL_DIST_POINTS(CRL_DIST_POINTS a, unsigned char *out)
456	{
457	return ASN1_item_i2d((ASN1_VALUE *)a, out, &CRL_DIST_POINTS_it);
458	}
459
460	CRL_DIST_POINTS *
461	CRL_DIST_POINTS_new(void)
462	{
463	return (CRL_DIST_POINTS *)ASN1_item_new(&CRL_DIST_POINTS_it);
464	}
465
466	void
467	CRL_DIST_POINTS_free(CRL_DIST_POINTS *a)
468	{
469	ASN1_item_free((ASN1_VALUE *)a, &CRL_DIST_POINTS_it);
470	}
471
472	ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
473	ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
474	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),
475	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),
476	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),
477	ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),
478	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
479	} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
480
481
482	ISSUING_DIST_POINT *
483	d2i_ISSUING_DIST_POINT(ISSUING_DIST_POINT a, const unsigned char in, long len)
484	{
485	return (ISSUING_DIST_POINT )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
486	&ISSUING_DIST_POINT_it);
487	}
488
489	int
490	i2d_ISSUING_DIST_POINT(ISSUING_DIST_POINT a, unsigned char *out)
491	{
492	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ISSUING_DIST_POINT_it);
493	}
494
495	ISSUING_DIST_POINT *
496	ISSUING_DIST_POINT_new(void)
497	{
498	return (ISSUING_DIST_POINT *)ASN1_item_new(&ISSUING_DIST_POINT_it);
499	}
500
501	void
502	ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *a)
503	{
504	ASN1_item_free((ASN1_VALUE *)a, &ISSUING_DIST_POINT_it);
505	}
506
507	static int i2r_idp(const X509V3_EXT_METHOD method, void pidp, BIO *out,
508	int indent);
509	static void v2i_idp(const X509V3_EXT_METHOD method, X509V3_CTX *ctx,
510	STACK_OF(CONF_VALUE) *nval);
511
512	const X509V3_EXT_METHOD v3_idp = {
513	NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
514	ASN1_ITEM_ref(ISSUING_DIST_POINT),
515	0, 0, 0, 0,
516	0, 0,
517	0,
518	v2i_idp,
519	i2r_idp, 0,
520	NULL
521	};
522
523	static void *
524	v2i_idp(const X509V3_EXT_METHOD method, X509V3_CTX ctx,
525	STACK_OF(CONF_VALUE) *nval)
526	{
527	ISSUING_DIST_POINT *idp = NULL;
528	CONF_VALUE *cnf;
529	char name, val;
530	int i, ret;
531
532	idp = ISSUING_DIST_POINT_new();
533	if (!idp)
534	goto merr;
535	for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
536	cnf = sk_CONF_VALUE_value(nval, i);
537	name = cnf->name;
538	val = cnf->value;
539	ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
540	if (ret > 0)
541	continue;
542	if (ret < 0)
543	goto err;
544	if (!strcmp(name, "onlyuser")) {
545	if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
546	goto err;
547	}
548	else if (!strcmp(name, "onlyCA")) {
549	if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
550	goto err;
551	}
552	else if (!strcmp(name, "onlyAA")) {
553	if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
554	goto err;
555	}
556	else if (!strcmp(name, "indirectCRL")) {
557	if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
558	goto err;
559	}
560	else if (!strcmp(name, "onlysomereasons")) {
561	if (!set_reasons(&idp->onlysomereasons, val))
562	goto err;
563	} else {
564	X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
565	X509V3_conf_err(cnf);
566	goto err;
567	}
568	}
569	return idp;
570
571	merr:
572	X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE);
573	err:
574	ISSUING_DIST_POINT_free(idp);
575	return NULL;
576	}
577
578	static int
579	print_gens(BIO out, STACK_OF(GENERAL_NAME) gens, int indent)
580	{
581	int i;
582
583	for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
584	BIO_printf(out, "%*s", indent + 2, "");
585	GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
586	BIO_puts(out, "\n");
587	}
588	return 1;
589	}
590
591	static int
592	print_distpoint(BIO out, DIST_POINT_NAME dpn, int indent)
593	{
594	if (dpn->type == 0) {
595	BIO_printf(out, "%*sFull Name:\n", indent, "");
596	print_gens(out, dpn->name.fullname, indent);
597	} else {
598	X509_NAME ntmp;
599	ntmp.entries = dpn->name.relativename;
600	BIO_printf(out, "%sRelative Name:\n%s",
601	indent, "", indent + 2, "");
602	X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
603	BIO_puts(out, "\n");
604	}
605	return 1;
606	}
607
608	static int
609	i2r_idp(const X509V3_EXT_METHOD method, void pidp, BIO *out, int indent)
610	{
611	ISSUING_DIST_POINT *idp = pidp;
612
613	if (idp->distpoint)
614	print_distpoint(out, idp->distpoint, indent);
615	if (idp->onlyuser > 0)
616	BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
617	if (idp->onlyCA > 0)
618	BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
619	if (idp->indirectCRL > 0)
620	BIO_printf(out, "%*sIndirect CRL\n", indent, "");
621	if (idp->onlysomereasons)
622	print_reasons(out, "Only Some Reasons",
623	idp->onlysomereasons, indent);
624	if (idp->onlyattr > 0)
625	BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
626	if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) &&
627	(idp->indirectCRL <= 0) && !idp->onlysomereasons &&
628	(idp->onlyattr <= 0))
629	BIO_printf(out, "%*s<EMPTY>\n", indent, "");
630
631	return 1;
632	}
633
634	static int
635	i2r_crldp(const X509V3_EXT_METHOD method, void pcrldp, BIO *out, int indent)
636	{
637	STACK_OF(DIST_POINT) *crld = pcrldp;
638	DIST_POINT *point;
639	int i;
640
641	for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
642	BIO_puts(out, "\n");
643	point = sk_DIST_POINT_value(crld, i);
644	if (point->distpoint)
645	print_distpoint(out, point->distpoint, indent);
646	if (point->reasons)
647	print_reasons(out, "Reasons", point->reasons,
648	indent);
649	if (point->CRLissuer) {
650	BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
651	print_gens(out, point->CRLissuer, indent);
652	}
653	}
654	return 1;
655	}
656
657	int
658	DIST_POINT_set_dpname(DIST_POINT_NAME dpn, X509_NAME iname)
659	{
660	int i;
661	STACK_OF(X509_NAME_ENTRY) *frag;
662	X509_NAME_ENTRY *ne;
663
664	if (!dpn \|\| (dpn->type != 1))
665	return 1;
666	frag = dpn->name.relativename;
667	dpn->dpname = X509_NAME_dup(iname);
668	if (!dpn->dpname)
669	return 0;
670	for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) {
671	ne = sk_X509_NAME_ENTRY_value(frag, i);
672	if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) {
673	X509_NAME_free(dpn->dpname);
674	dpn->dpname = NULL;
675	return 0;
676	}
677	}
678	/* generate cached encoding of name */
679	if (i2d_X509_NAME(dpn->dpname, NULL) < 0) {
680	X509_NAME_free(dpn->dpname);
681	dpn->dpname = NULL;
682	return 0;
683	}
684	return 1;
685	}