summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3
diff options
context:
space:
mode:
authorbeck <>2000-03-19 11:13:58 +0000
committerbeck <>2000-03-19 11:13:58 +0000
commit796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/x509v3
parent5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
downloadopenbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libcrypto/x509v3')
-rw-r--r--src/lib/libcrypto/x509v3/Makefile.ssl43
-rw-r--r--src/lib/libcrypto/x509v3/README4
-rw-r--r--src/lib/libcrypto/x509v3/ext_dat.h97
-rw-r--r--src/lib/libcrypto/x509v3/tabtest.c88
-rw-r--r--src/lib/libcrypto/x509v3/v3_akey.c12
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c9
-rw-r--r--src/lib/libcrypto/x509v3/v3_bcons.c4
-rw-r--r--src/lib/libcrypto/x509v3/v3_bitst.c10
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c34
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c14
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c18
-rw-r--r--src/lib/libcrypto/x509v3/v3_enum.c13
-rw-r--r--src/lib/libcrypto/x509v3/v3_genn.c70
-rw-r--r--src/lib/libcrypto/x509v3/v3_ia5.c13
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c236
-rw-r--r--src/lib/libcrypto/x509v3/v3_int.c13
-rw-r--r--src/lib/libcrypto/x509v3/v3_lib.c88
-rw-r--r--src/lib/libcrypto/x509v3/v3_pku.c6
-rw-r--r--src/lib/libcrypto/x509v3/v3_prn.c16
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c456
-rw-r--r--src/lib/libcrypto/x509v3/v3_skey.c21
-rw-r--r--src/lib/libcrypto/x509v3/v3_sxnet.c28
-rw-r--r--src/lib/libcrypto/x509v3/v3_utl.c2
-rw-r--r--src/lib/libcrypto/x509v3/v3err.c4
-rw-r--r--src/lib/libcrypto/x509v3/x509v3.h135
25 files changed, 1284 insertions, 150 deletions
diff --git a/src/lib/libcrypto/x509v3/Makefile.ssl b/src/lib/libcrypto/x509v3/Makefile.ssl
index 72871edbc1..1bb746d52d 100644
--- a/src/lib/libcrypto/x509v3/Makefile.ssl
+++ b/src/lib/libcrypto/x509v3/Makefile.ssl
@@ -24,10 +24,10 @@ APPS=
24LIB=$(TOP)/libcrypto.a 24LIB=$(TOP)/libcrypto.a
25LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ 25LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
26v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ 26v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
27v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c 27v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
28LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ 28LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
29v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ 29v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
30v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o 30v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o
31 31
32SRC= $(LIBSRC) 32SRC= $(LIBSRC)
33 33
@@ -285,6 +285,25 @@ v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
285v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 285v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
286v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 286v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
287v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h 287v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
288v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
289v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
290v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
291v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
292v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
293v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
294v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
295v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
296v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
297v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
298v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
299v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
300v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
301v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
302v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
303v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
304v3_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
305v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
306v3_info.o: ../cryptlib.h
288v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 307v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
289v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 308v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
290v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 309v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -320,7 +339,7 @@ v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
320v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 339v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
321v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 340v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
322v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 341v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
323v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h 342v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h
324v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h 343v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
325v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h 344v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
326v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h 345v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -358,6 +377,24 @@ v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
358v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 377v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
359v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 378v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
360v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h 379v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h
380v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
381v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
382v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
383v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
384v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
385v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
386v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
387v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
388v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
389v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
390v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
391v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
392v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
393v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
394v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
395v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
396v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
397v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h
361v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 398v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
362v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 399v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
363v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 400v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
diff --git a/src/lib/libcrypto/x509v3/README b/src/lib/libcrypto/x509v3/README
index 3b2cc047be..e69de29bb2 100644
--- a/src/lib/libcrypto/x509v3/README
+++ b/src/lib/libcrypto/x509v3/README
@@ -1,4 +0,0 @@
1WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
2
3This is ***VERY*** new experimental code and is likely to change
4considerably or vanish altogether.
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
new file mode 100644
index 0000000000..801a585a52
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/ext_dat.h
@@ -0,0 +1,97 @@
1/* ext_dat.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* This file contains a table of "standard" extensions */
59
60extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
61extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
62extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
63extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
64
65/* This table will be searched using OBJ_bsearch so it *must* kept in
66 * order of the ext_nid values.
67 */
68
69static X509V3_EXT_METHOD *standard_exts[] = {
70&v3_nscert,
71&v3_ns_ia5_list[0],
72&v3_ns_ia5_list[1],
73&v3_ns_ia5_list[2],
74&v3_ns_ia5_list[3],
75&v3_ns_ia5_list[4],
76&v3_ns_ia5_list[5],
77&v3_ns_ia5_list[6],
78&v3_skey_id,
79&v3_key_usage,
80&v3_pkey_usage_period,
81&v3_alt[0],
82&v3_alt[1],
83&v3_bcons,
84&v3_crl_num,
85&v3_cpols,
86&v3_akey_id,
87&v3_crld,
88&v3_ext_ku,
89&v3_crl_reason,
90&v3_sxnet,
91&v3_info,
92};
93
94/* Number of standard extensions */
95
96#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
97
diff --git a/src/lib/libcrypto/x509v3/tabtest.c b/src/lib/libcrypto/x509v3/tabtest.c
new file mode 100644
index 0000000000..dad0d38dd5
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/tabtest.c
@@ -0,0 +1,88 @@
1/* tabtest.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59/* Simple program to check the ext_dat.h is correct and print out
60 * problems if it is not.
61 */
62
63#include <stdio.h>
64
65#include <openssl/x509v3.h>
66
67#include "ext_dat.h"
68
69main()
70{
71 int i, prev = -1, bad = 0;
72 X509V3_EXT_METHOD **tmp;
73 i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);
74 if(i != STANDARD_EXTENSION_COUNT)
75 fprintf(stderr, "Extension number invalid expecting %d\n", i);
76 tmp = standard_exts;
77 for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
78 if((*tmp)->ext_nid < prev) bad = 1;
79 prev = (*tmp)->ext_nid;
80
81 }
82 if(bad) {
83 tmp = standard_exts;
84 fprintf(stderr, "Extensions out of order!\n");
85 for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
86 printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
87 } else fprintf(stderr, "Order OK\n");
88}
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
index 4099e6019e..96c04fe4f5 100644
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -129,10 +129,10 @@ AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp,
129void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a) 129void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
130{ 130{
131 if (a == NULL) return; 131 if (a == NULL) return;
132 ASN1_OCTET_STRING_free(a->keyid); 132 M_ASN1_OCTET_STRING_free(a->keyid);
133 sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free); 133 sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free);
134 ASN1_INTEGER_free (a->serial); 134 M_ASN1_INTEGER_free (a->serial);
135 Free ((char *)a); 135 Free (a);
136} 136}
137 137
138static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 138static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
@@ -214,7 +214,7 @@ if(keyid) {
214 214
215if((issuer && !ikeyid) || (issuer == 2)) { 215if((issuer && !ikeyid) || (issuer == 2)) {
216 isname = X509_NAME_dup(X509_get_issuer_name(cert)); 216 isname = X509_NAME_dup(X509_get_issuer_name(cert));
217 serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); 217 serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
218 if(!isname || !serial) { 218 if(!isname || !serial) {
219 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); 219 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
220 goto err; 220 goto err;
@@ -241,8 +241,8 @@ return akeyid;
241 241
242err: 242err:
243X509_NAME_free(isname); 243X509_NAME_free(isname);
244ASN1_INTEGER_free(serial); 244M_ASN1_INTEGER_free(serial);
245ASN1_OCTET_STRING_free(ikeyid); 245M_ASN1_OCTET_STRING_free(ikeyid);
246return NULL; 246return NULL;
247 247
248} 248}
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index b5e1f8af96..5ccd1e0e3d 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -84,7 +84,6 @@ NULL, NULL,
84(X509V3_EXT_I2V)i2v_GENERAL_NAMES, 84(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
85(X509V3_EXT_V2I)v2i_issuer_alt, 85(X509V3_EXT_V2I)v2i_issuer_alt,
86NULL, NULL, NULL}, 86NULL, NULL, NULL},
87EXT_END
88}; 87};
89 88
90STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, 89STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
@@ -273,7 +272,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
273 while((i = X509_NAME_get_index_by_NID(nm, 272 while((i = X509_NAME_get_index_by_NID(nm,
274 NID_pkcs9_emailAddress, i)) > 0) { 273 NID_pkcs9_emailAddress, i)) > 0) {
275 ne = X509_NAME_get_entry(nm, i); 274 ne = X509_NAME_get_entry(nm, i);
276 email = ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); 275 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
277 if(!email || !(gen = GENERAL_NAME_new())) { 276 if(!email || !(gen = GENERAL_NAME_new())) {
278 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); 277 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
279 goto err; 278 goto err;
@@ -293,7 +292,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
293 292
294 err: 293 err:
295 GENERAL_NAME_free(gen); 294 GENERAL_NAME_free(gen);
296 ASN1_IA5STRING_free(email); 295 M_ASN1_IA5STRING_free(email);
297 return 0; 296 return 0;
298 297
299} 298}
@@ -371,7 +370,7 @@ if(!name_cmp(name, "email")) {
371 goto err; 370 goto err;
372 } 371 }
373 ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; 372 ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
374 if(!(gen->d.ip = ASN1_OCTET_STRING_new()) || 373 if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
375 !ASN1_STRING_set(gen->d.ip, ip, 4)) { 374 !ASN1_STRING_set(gen->d.ip, ip, 4)) {
376 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); 375 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
377 goto err; 376 goto err;
@@ -384,7 +383,7 @@ if(!name_cmp(name, "email")) {
384} 383}
385 384
386if(is_string) { 385if(is_string) {
387 if(!(gen->d.ia5 = ASN1_IA5STRING_new()) || 386 if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
388 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, 387 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
389 strlen(value))) { 388 strlen(value))) {
390 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); 389 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
index de2f855c35..1e3edc205f 100644
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ b/src/lib/libcrypto/x509v3/v3_bcons.c
@@ -122,8 +122,8 @@ BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a,
122void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a) 122void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
123{ 123{
124 if (a == NULL) return; 124 if (a == NULL) return;
125 ASN1_INTEGER_free (a->pathlen); 125 M_ASN1_INTEGER_free (a->pathlen);
126 Free ((char *)a); 126 Free (a);
127} 127}
128 128
129static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, 129static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
index 9828ba15b3..0e1167d05c 100644
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ b/src/lib/libcrypto/x509v3/v3_bitst.c
@@ -61,7 +61,6 @@
61#include <openssl/conf.h> 61#include <openssl/conf.h>
62#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
63 63
64static ASN1_BIT_STRING *asn1_bit_string_new(void);
65static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 64static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
66 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 65 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
67static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 66static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
@@ -97,11 +96,6 @@ static BIT_STRING_BITNAME key_usage_type_table[] = {
97X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); 96X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
98X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); 97X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
99 98
100static ASN1_BIT_STRING *asn1_bit_string_new(void)
101{
102 return ASN1_BIT_STRING_new();
103}
104
105static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 99static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
106 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) 100 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
107{ 101{
@@ -120,7 +114,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
120 ASN1_BIT_STRING *bs; 114 ASN1_BIT_STRING *bs;
121 int i; 115 int i;
122 BIT_STRING_BITNAME *bnam; 116 BIT_STRING_BITNAME *bnam;
123 if(!(bs = ASN1_BIT_STRING_new())) { 117 if(!(bs = M_ASN1_BIT_STRING_new())) {
124 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); 118 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
125 return NULL; 119 return NULL;
126 } 120 }
@@ -137,7 +131,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
137 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, 131 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
138 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); 132 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
139 X509V3_conf_err(val); 133 X509V3_conf_err(val);
140 ASN1_BIT_STRING_free(bs); 134 M_ASN1_BIT_STRING_free(bs);
141 return NULL; 135 return NULL;
142 } 136 }
143 } 137 }
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index f19bb3ad84..b2f03010cc 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -170,13 +170,13 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
170 if(!(ext_der = Malloc(ext_len))) goto merr; 170 if(!(ext_der = Malloc(ext_len))) goto merr;
171 p = ext_der; 171 p = ext_der;
172 method->i2d(ext_struc, &p); 172 method->i2d(ext_struc, &p);
173 if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr; 173 if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
174 ext_oct->data = ext_der; 174 ext_oct->data = ext_der;
175 ext_oct->length = ext_len; 175 ext_oct->length = ext_len;
176 176
177 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); 177 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
178 if(!ext) goto merr; 178 if(!ext) goto merr;
179 ASN1_OCTET_STRING_free(ext_oct); 179 M_ASN1_OCTET_STRING_free(ext_oct);
180 180
181 return ext; 181 return ext;
182 182
@@ -220,7 +220,7 @@ static int v3_check_generic(char **value)
220 return 1; 220 return 1;
221} 221}
222 222
223/* Create a generic extension: for now just handle RAW type */ 223/* Create a generic extension: for now just handle DER type */
224static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, 224static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
225 int crit, int type) 225 int crit, int type)
226{ 226{
@@ -241,7 +241,7 @@ if(!(ext_der = string_to_hex(value, &ext_len))) {
241 goto err; 241 goto err;
242} 242}
243 243
244if(!(oct = ASN1_OCTET_STRING_new())) { 244if(!(oct = M_ASN1_OCTET_STRING_new())) {
245 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); 245 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
246 goto err; 246 goto err;
247} 247}
@@ -254,7 +254,7 @@ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
254 254
255err: 255err:
256ASN1_OBJECT_free(obj); 256ASN1_OBJECT_free(obj);
257ASN1_OCTET_STRING_free(oct); 257M_ASN1_OCTET_STRING_free(oct);
258if(ext_der) Free(ext_der); 258if(ext_der) Free(ext_der);
259return extension; 259return extension;
260} 260}
@@ -302,6 +302,30 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
302 return 1; 302 return 1;
303} 303}
304 304
305/* Add extensions to certificate request */
306
307int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
308 X509_REQ *req)
309{
310 X509_EXTENSION *ext;
311 STACK_OF(X509_EXTENSION) *extlist = NULL;
312 STACK_OF(CONF_VALUE) *nval;
313 CONF_VALUE *val;
314 int i;
315 if(!(nval = CONF_get_section(conf, section))) return 0;
316 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
317 val = sk_CONF_VALUE_value(nval, i);
318 if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
319 return 0;
320 if(!extlist) extlist = sk_X509_EXTENSION_new_null();
321 sk_X509_EXTENSION_push(extlist, ext);
322 }
323 if(req) i = X509_REQ_add_extensions(req, extlist);
324 else i = 1;
325 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
326 return i;
327}
328
305/* Config database functions */ 329/* Config database functions */
306 330
307char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) 331char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index b4d4883545..466713b50d 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -169,7 +169,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
169 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) 169 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
170 goto merr; 170 goto merr;
171 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); 171 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
172 qual->d.cpsuri = ASN1_IA5STRING_new(); 172 qual->d.cpsuri = M_ASN1_IA5STRING_new();
173 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, 173 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
174 strlen(cnf->value))) goto merr; 174 strlen(cnf->value))) goto merr;
175 } else if(!name_cmp(cnf->name, "userNotice")) { 175 } else if(!name_cmp(cnf->name, "userNotice")) {
@@ -229,7 +229,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
229 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { 229 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
230 cnf = sk_CONF_VALUE_value(unot, i); 230 cnf = sk_CONF_VALUE_value(unot, i);
231 if(!strcmp(cnf->name, "explicitText")) { 231 if(!strcmp(cnf->name, "explicitText")) {
232 not->exptext = ASN1_VISIBLESTRING_new(); 232 not->exptext = M_ASN1_VISIBLESTRING_new();
233 if(!ASN1_STRING_set(not->exptext, cnf->value, 233 if(!ASN1_STRING_set(not->exptext, cnf->value,
234 strlen(cnf->value))) goto merr; 234 strlen(cnf->value))) goto merr;
235 } else if(!strcmp(cnf->name, "organization")) { 235 } else if(!strcmp(cnf->name, "organization")) {
@@ -238,8 +238,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
238 if(!(nref = NOTICEREF_new())) goto merr; 238 if(!(nref = NOTICEREF_new())) goto merr;
239 not->noticeref = nref; 239 not->noticeref = nref;
240 } else nref = not->noticeref; 240 } else nref = not->noticeref;
241 if(ia5org) nref->organization = ASN1_IA5STRING_new(); 241 if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
242 else nref->organization = ASN1_VISIBLESTRING_new(); 242 else nref->organization = M_ASN1_VISIBLESTRING_new();
243 if(!ASN1_STRING_set(nref->organization, cnf->value, 243 if(!ASN1_STRING_set(nref->organization, cnf->value,
244 strlen(cnf->value))) goto merr; 244 strlen(cnf->value))) goto merr;
245 } else if(!strcmp(cnf->name, "noticeNumbers")) { 245 } else if(!strcmp(cnf->name, "noticeNumbers")) {
@@ -538,7 +538,7 @@ void POLICYQUALINFO_free(POLICYQUALINFO *a)
538 if (a == NULL) return; 538 if (a == NULL) return;
539 switch(OBJ_obj2nid(a->pqualid)) { 539 switch(OBJ_obj2nid(a->pqualid)) {
540 case NID_id_qt_cps: 540 case NID_id_qt_cps:
541 ASN1_IA5STRING_free(a->d.cpsuri); 541 M_ASN1_IA5STRING_free(a->d.cpsuri);
542 break; 542 break;
543 543
544 case NID_id_qt_unotice: 544 case NID_id_qt_unotice:
@@ -596,7 +596,7 @@ void USERNOTICE_free(USERNOTICE *a)
596{ 596{
597 if (a == NULL) return; 597 if (a == NULL) return;
598 NOTICEREF_free(a->noticeref); 598 NOTICEREF_free(a->noticeref);
599 DISPLAYTEXT_free(a->exptext); 599 M_DISPLAYTEXT_free(a->exptext);
600 Free (a); 600 Free (a);
601} 601}
602 602
@@ -646,7 +646,7 @@ NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
646void NOTICEREF_free(NOTICEREF *a) 646void NOTICEREF_free(NOTICEREF *a)
647{ 647{
648 if (a == NULL) return; 648 if (a == NULL) return;
649 DISPLAYTEXT_free(a->organization); 649 M_DISPLAYTEXT_free(a->organization);
650 sk_pop_free(a->noticenos, ASN1_STRING_free); 650 sk_pop_free(a->noticenos, ASN1_STRING_free);
651 Free (a); 651 Free (a);
652} 652}
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index 897ffb63e4..e459d2595a 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -211,20 +211,20 @@ void DIST_POINT_free(DIST_POINT *a)
211{ 211{
212 if (a == NULL) return; 212 if (a == NULL) return;
213 DIST_POINT_NAME_free(a->distpoint); 213 DIST_POINT_NAME_free(a->distpoint);
214 ASN1_BIT_STRING_free(a->reasons); 214 M_ASN1_BIT_STRING_free(a->reasons);
215 sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free); 215 sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
216 Free ((char *)a); 216 Free (a);
217} 217}
218 218
219int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp) 219int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
220{ 220{
221 int v = 0;
222 M_ASN1_I2D_vars(a); 221 M_ASN1_I2D_vars(a);
223 222
224 if(a->fullname) { 223 if(a->fullname) {
225 M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES); 224 M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES);
226 } else { 225 } else {
227 M_ASN1_I2D_len_EXP_opt (a->relativename, i2d_X509_NAME, 1, v); 226 M_ASN1_I2D_len_IMP_SET_opt_type(X509_NAME_ENTRY,
227 a->relativename, i2d_X509_NAME_ENTRY, 1);
228 } 228 }
229 229
230 /* Don't want a SEQUENCE so... */ 230 /* Don't want a SEQUENCE so... */
@@ -234,7 +234,8 @@ int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
234 if(a->fullname) { 234 if(a->fullname) {
235 M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0); 235 M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0);
236 } else { 236 } else {
237 M_ASN1_I2D_put_EXP_opt (a->relativename, i2d_X509_NAME, 1, v); 237 M_ASN1_I2D_put_IMP_SET_opt_type(X509_NAME_ENTRY,
238 a->relativename, i2d_X509_NAME_ENTRY, 1);
238 } 239 }
239 M_ASN1_I2D_finish(); 240 M_ASN1_I2D_finish();
240} 241}
@@ -253,9 +254,9 @@ DIST_POINT_NAME *DIST_POINT_NAME_new(void)
253void DIST_POINT_NAME_free(DIST_POINT_NAME *a) 254void DIST_POINT_NAME_free(DIST_POINT_NAME *a)
254{ 255{
255 if (a == NULL) return; 256 if (a == NULL) return;
256 X509_NAME_free(a->relativename); 257 sk_X509_NAME_ENTRY_pop_free(a->relativename, X509_NAME_ENTRY_free);
257 sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free); 258 sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free);
258 Free ((char *)a); 259 Free (a);
259} 260}
260 261
261DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, 262DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
@@ -273,7 +274,8 @@ DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
273 M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES, 274 M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES,
274 V_ASN1_SEQUENCE); 275 V_ASN1_SEQUENCE);
275 } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) { 276 } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) {
276 M_ASN1_D2I_get_EXP_opt (ret->relativename, d2i_X509_NAME, 1); 277 M_ASN1_D2I_get_IMP_set_opt_type (X509_NAME_ENTRY,
278 ret->relativename, d2i_X509_NAME_ENTRY, X509_NAME_ENTRY_free, 1);
277 } else { 279 } else {
278 c.error = ASN1_R_BAD_TAG; 280 c.error = ASN1_R_BAD_TAG;
279 goto err; 281 goto err;
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
index db423548ff..aecfdc87f8 100644
--- a/src/lib/libcrypto/x509v3/v3_enum.c
+++ b/src/lib/libcrypto/x509v3/v3_enum.c
@@ -60,8 +60,6 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/x509v3.h> 61#include <openssl/x509v3.h>
62 62
63static ASN1_ENUMERATED *asn1_enumerated_new(void);
64
65static ENUMERATED_NAMES crl_reasons[] = { 63static ENUMERATED_NAMES crl_reasons[] = {
66{0, "Unspecified", "unspecified"}, 64{0, "Unspecified", "unspecified"},
67{1, "Key Compromise", "keyCompromise"}, 65{1, "Key Compromise", "keyCompromise"},
@@ -76,20 +74,15 @@ static ENUMERATED_NAMES crl_reasons[] = {
76 74
77X509V3_EXT_METHOD v3_crl_reason = { 75X509V3_EXT_METHOD v3_crl_reason = {
78NID_crl_reason, 0, 76NID_crl_reason, 0,
79(X509V3_EXT_NEW)asn1_enumerated_new, 77(X509V3_EXT_NEW)ASN1_ENUMERATED_new,
80(X509V3_EXT_FREE)ASN1_STRING_free, 78(X509V3_EXT_FREE)ASN1_ENUMERATED_free,
81(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED, 79(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
82(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED, 80(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
83(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, 81(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
84(X509V3_EXT_S2I)NULL, 82(X509V3_EXT_S2I)0,
85NULL, NULL, NULL, NULL, crl_reasons}; 83NULL, NULL, NULL, NULL, crl_reasons};
86 84
87 85
88static ASN1_ENUMERATED *asn1_enumerated_new(void)
89{
90 return ASN1_ENUMERATED_new();
91}
92
93char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, 86char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
94 ASN1_ENUMERATED *e) 87 ASN1_ENUMERATED *e)
95{ 88{
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
index af716232f8..894afa7e03 100644
--- a/src/lib/libcrypto/x509v3/v3_genn.c
+++ b/src/lib/libcrypto/x509v3/v3_genn.c
@@ -88,12 +88,15 @@ int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp)
88 88
89 switch(a->type) { 89 switch(a->type) {
90 90
91 case GEN_OTHERNAME:
92 case GEN_X400: 91 case GEN_X400:
93 case GEN_EDIPARTY: 92 case GEN_EDIPARTY:
94 ret = i2d_ASN1_TYPE(a->d.other, pp); 93 ret = i2d_ASN1_TYPE(a->d.other, pp);
95 break; 94 break;
96 95
96 case GEN_OTHERNAME:
97 ret = i2d_OTHERNAME(a->d.otherName, pp);
98 break;
99
97 case GEN_EMAIL: 100 case GEN_EMAIL:
98 case GEN_DNS: 101 case GEN_DNS:
99 case GEN_URI: 102 case GEN_URI:
@@ -137,12 +140,15 @@ GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp,
137 140
138 switch(ret->type) { 141 switch(ret->type) {
139 /* Just put these in a "blob" for now */ 142 /* Just put these in a "blob" for now */
140 case GEN_OTHERNAME:
141 case GEN_X400: 143 case GEN_X400:
142 case GEN_EDIPARTY: 144 case GEN_EDIPARTY:
143 M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE); 145 M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE);
144 break; 146 break;
145 147
148 case GEN_OTHERNAME:
149 M_ASN1_D2I_get_imp(ret->d.otherName, d2i_OTHERNAME,V_ASN1_SEQUENCE);
150 break;
151
146 case GEN_EMAIL: 152 case GEN_EMAIL:
147 case GEN_DNS: 153 case GEN_DNS:
148 case GEN_URI: 154 case GEN_URI:
@@ -176,17 +182,20 @@ void GENERAL_NAME_free(GENERAL_NAME *a)
176{ 182{
177 if (a == NULL) return; 183 if (a == NULL) return;
178 switch(a->type) { 184 switch(a->type) {
179 case GEN_OTHERNAME:
180 case GEN_X400: 185 case GEN_X400:
181 case GEN_EDIPARTY: 186 case GEN_EDIPARTY:
182 ASN1_TYPE_free(a->d.other); 187 ASN1_TYPE_free(a->d.other);
183 break; 188 break;
184 189
190 case GEN_OTHERNAME:
191 OTHERNAME_free(a->d.otherName);
192 break;
193
185 case GEN_EMAIL: 194 case GEN_EMAIL:
186 case GEN_DNS: 195 case GEN_DNS:
187 case GEN_URI: 196 case GEN_URI:
188 197
189 ASN1_IA5STRING_free(a->d.ia5); 198 M_ASN1_IA5STRING_free(a->d.ia5);
190 break; 199 break;
191 200
192 case GEN_DIRNAME: 201 case GEN_DIRNAME:
@@ -194,7 +203,7 @@ void GENERAL_NAME_free(GENERAL_NAME *a)
194 break; 203 break;
195 204
196 case GEN_IPADD: 205 case GEN_IPADD:
197 ASN1_OCTET_STRING_free(a->d.ip); 206 M_ASN1_OCTET_STRING_free(a->d.ip);
198 break; 207 break;
199 208
200 case GEN_RID: 209 case GEN_RID:
@@ -202,11 +211,11 @@ void GENERAL_NAME_free(GENERAL_NAME *a)
202 break; 211 break;
203 212
204 } 213 }
205 Free ((char *)a); 214 Free (a);
206} 215}
207 216
208/* Now the GeneralNames versions: a SEQUENCE OF GeneralName These are needed as 217/* Now the GeneralNames versions: a SEQUENCE OF GeneralName. These are needed as
209 * an explicit functions. 218 * explicit functions.
210 */ 219 */
211 220
212STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new() 221STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new()
@@ -235,3 +244,48 @@ return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE,
235IMPLEMENT_STACK_OF(GENERAL_NAME) 244IMPLEMENT_STACK_OF(GENERAL_NAME)
236IMPLEMENT_ASN1_SET_OF(GENERAL_NAME) 245IMPLEMENT_ASN1_SET_OF(GENERAL_NAME)
237 246
247int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp)
248{
249 int v = 0;
250 M_ASN1_I2D_vars(a);
251
252 M_ASN1_I2D_len(a->type_id, i2d_ASN1_OBJECT);
253 M_ASN1_I2D_len_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v);
254
255 M_ASN1_I2D_seq_total();
256
257 M_ASN1_I2D_put(a->type_id, i2d_ASN1_OBJECT);
258 M_ASN1_I2D_put_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v);
259
260 M_ASN1_I2D_finish();
261}
262
263OTHERNAME *OTHERNAME_new(void)
264{
265 OTHERNAME *ret=NULL;
266 ASN1_CTX c;
267 M_ASN1_New_Malloc(ret, OTHERNAME);
268 ret->type_id = OBJ_nid2obj(NID_undef);
269 M_ASN1_New(ret->value, ASN1_TYPE_new);
270 return (ret);
271 M_ASN1_New_Error(ASN1_F_OTHERNAME_NEW);
272}
273
274OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length)
275{
276 M_ASN1_D2I_vars(a,OTHERNAME *,OTHERNAME_new);
277 M_ASN1_D2I_Init();
278 M_ASN1_D2I_start_sequence();
279 M_ASN1_D2I_get(ret->type_id, d2i_ASN1_OBJECT);
280 M_ASN1_D2I_get_EXP_opt(ret->value, d2i_ASN1_TYPE, 0);
281 M_ASN1_D2I_Finish(a, OTHERNAME_free, ASN1_F_D2I_OTHERNAME);
282}
283
284void OTHERNAME_free(OTHERNAME *a)
285{
286 if (a == NULL) return;
287 ASN1_OBJECT_free(a->type_id);
288 ASN1_TYPE_free(a->value);
289 Free (a);
290}
291
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
index 3446c5cd6a..af3525f33e 100644
--- a/src/lib/libcrypto/x509v3/v3_ia5.c
+++ b/src/lib/libcrypto/x509v3/v3_ia5.c
@@ -63,7 +63,6 @@
63#include <openssl/conf.h> 63#include <openssl/conf.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66static ASN1_IA5STRING *ia5string_new(void);
67static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); 66static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
68static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); 67static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
69X509V3_EXT_METHOD v3_ns_ia5_list[] = { 68X509V3_EXT_METHOD v3_ns_ia5_list[] = {
@@ -78,11 +77,6 @@ EXT_END
78}; 77};
79 78
80 79
81static ASN1_IA5STRING *ia5string_new(void)
82{
83 return ASN1_IA5STRING_new();
84}
85
86static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, 80static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
87 ASN1_IA5STRING *ia5) 81 ASN1_IA5STRING *ia5)
88{ 82{
@@ -102,12 +96,15 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
102 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); 96 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
103 return NULL; 97 return NULL;
104 } 98 }
105 if(!(ia5 = ASN1_IA5STRING_new())) goto err; 99 if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
106 if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, 100 if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
107 strlen(str))) { 101 strlen(str))) {
108 ASN1_IA5STRING_free(ia5); 102 M_ASN1_IA5STRING_free(ia5);
109 goto err; 103 goto err;
110 } 104 }
105#ifdef CHARSET_EBCDIC
106 ebcdic2ascii(ia5->data, ia5->data, ia5->length);
107#endif /*CHARSET_EBCDIC*/
111 return ia5; 108 return ia5;
112 err: 109 err:
113 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); 110 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
new file mode 100644
index 0000000000..78d2135046
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -0,0 +1,236 @@
1/* v3_info.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
67 STACK_OF(ACCESS_DESCRIPTION) *ainfo,
68 STACK_OF(CONF_VALUE) *ret);
69static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
71
72X509V3_EXT_METHOD v3_info =
73{ NID_info_access, X509V3_EXT_MULTILINE,
74(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new,
75(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free,
76(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS,
77(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS,
78NULL, NULL,
79(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
80(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
81NULL, NULL, NULL};
82
83static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
84 STACK_OF(ACCESS_DESCRIPTION) *ainfo,
85 STACK_OF(CONF_VALUE) *ret)
86{
87 ACCESS_DESCRIPTION *desc;
88 int i;
89 char objtmp[80], *ntmp;
90 CONF_VALUE *vtmp;
91 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
92 desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
93 ret = i2v_GENERAL_NAME(method, desc->location, ret);
94 if(!ret) break;
95 vtmp = sk_CONF_VALUE_value(ret, i);
96 i2t_ASN1_OBJECT(objtmp, 80, desc->method);
97 ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
98 if(!ntmp) {
99 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
100 ERR_R_MALLOC_FAILURE);
101 return NULL;
102 }
103 strcpy(ntmp, objtmp);
104 strcat(ntmp, " - ");
105 strcat(ntmp, vtmp->name);
106 Free(vtmp->name);
107 vtmp->name = ntmp;
108
109 }
110 if(!ret) return sk_CONF_VALUE_new_null();
111 return ret;
112}
113
114static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
115 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
116{
117 STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL;
118 CONF_VALUE *cnf, ctmp;
119 ACCESS_DESCRIPTION *acc;
120 int i, objlen;
121 char *objtmp, *ptmp;
122 if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) {
123 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
124 return NULL;
125 }
126 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
127 cnf = sk_CONF_VALUE_value(nval, i);
128 if(!(acc = ACCESS_DESCRIPTION_new())
129 || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
130 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
131 goto err;
132 }
133 ptmp = strchr(cnf->name, ';');
134 if(!ptmp) {
135 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
136 goto err;
137 }
138 objlen = ptmp - cnf->name;
139 ctmp.name = ptmp + 1;
140 ctmp.value = cnf->value;
141 if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
142 goto err;
143 if(!(objtmp = Malloc(objlen + 1))) {
144 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
145 goto err;
146 }
147 strncpy(objtmp, cnf->name, objlen);
148 objtmp[objlen] = 0;
149 acc->method = OBJ_txt2obj(objtmp, 0);
150 if(!acc->method) {
151 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
152 ERR_add_error_data(2, "value=", objtmp);
153 Free(objtmp);
154 goto err;
155 }
156 Free(objtmp);
157
158 }
159 return ainfo;
160 err:
161 sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
162 return NULL;
163}
164
165int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp)
166{
167 M_ASN1_I2D_vars(a);
168
169 M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT);
170 M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME);
171
172 M_ASN1_I2D_seq_total();
173
174 M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT);
175 M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME);
176
177 M_ASN1_I2D_finish();
178}
179
180ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void)
181{
182 ACCESS_DESCRIPTION *ret=NULL;
183 ASN1_CTX c;
184 M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION);
185 ret->method = OBJ_nid2obj(NID_undef);
186 ret->location = NULL;
187 return (ret);
188 M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW);
189}
190
191ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
192 long length)
193{
194 M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new);
195 M_ASN1_D2I_Init();
196 M_ASN1_D2I_start_sequence();
197 M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT);
198 M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME);
199 M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION);
200}
201
202void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
203{
204 if (a == NULL) return;
205 ASN1_OBJECT_free(a->method);
206 GENERAL_NAME_free(a->location);
207 Free (a);
208}
209
210STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
211{
212 return sk_ACCESS_DESCRIPTION_new(NULL);
213}
214
215void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)
216{
217 sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free);
218}
219
220STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
221 unsigned char **pp, long length)
222{
223return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION,
224 ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
225}
226
227int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp)
228{
229return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE,
230 V_ASN1_UNIVERSAL, IS_SEQUENCE);
231}
232
233IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION)
234IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION)
235
236
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
index 637dd5e128..63c201e5f4 100644
--- a/src/lib/libcrypto/x509v3/v3_int.c
+++ b/src/lib/libcrypto/x509v3/v3_int.c
@@ -60,20 +60,13 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/x509v3.h> 61#include <openssl/x509v3.h>
62 62
63static ASN1_INTEGER *asn1_integer_new(void);
64
65X509V3_EXT_METHOD v3_crl_num = { 63X509V3_EXT_METHOD v3_crl_num = {
66NID_crl_number, 0, 64NID_crl_number, 0,
67(X509V3_EXT_NEW)asn1_integer_new, 65(X509V3_EXT_NEW)ASN1_INTEGER_new,
68(X509V3_EXT_FREE)ASN1_STRING_free, 66(X509V3_EXT_FREE)ASN1_INTEGER_free,
69(X509V3_EXT_D2I)d2i_ASN1_INTEGER, 67(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
70(X509V3_EXT_I2D)i2d_ASN1_INTEGER, 68(X509V3_EXT_I2D)i2d_ASN1_INTEGER,
71(X509V3_EXT_I2S)i2s_ASN1_INTEGER, 69(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
72(X509V3_EXT_S2I)NULL, 70(X509V3_EXT_S2I)0,
73NULL, NULL, NULL, NULL, NULL}; 71NULL, NULL, NULL, NULL, NULL};
74 72
75
76static ASN1_INTEGER *asn1_integer_new(void)
77{
78 return ASN1_INTEGER_new();
79}
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
index a0aa5de794..4242d130a2 100644
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -62,6 +62,8 @@
62#include <openssl/conf.h> 62#include <openssl/conf.h>
63#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
64 64
65#include "ext_dat.h"
66
65static STACK *ext_list = NULL; 67static STACK *ext_list = NULL;
66 68
67static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b); 69static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
@@ -87,10 +89,15 @@ static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b)
87 89
88X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) 90X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
89{ 91{
90 X509V3_EXT_METHOD tmp; 92 X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
91 int idx; 93 int idx;
94 if(nid < 0) return NULL;
92 tmp.ext_nid = nid; 95 tmp.ext_nid = nid;
93 if(!ext_list || (tmp.ext_nid < 0) ) return NULL; 96 ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
97 (char *)standard_exts, STANDARD_EXTENSION_COUNT,
98 sizeof(X509V3_EXT_METHOD *), (int (*)())ext_cmp);
99 if(ret) return *ret;
100 if(!ext_list) return NULL;
94 idx = sk_find(ext_list, (char *)&tmp); 101 idx = sk_find(ext_list, (char *)&tmp);
95 if(idx == -1) return NULL; 102 if(idx == -1) return NULL;
96 return (X509V3_EXT_METHOD *)sk_value(ext_list, idx); 103 return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
@@ -125,7 +132,7 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
125 *tmpext = *ext; 132 *tmpext = *ext;
126 tmpext->ext_nid = nid_to; 133 tmpext->ext_nid = nid_to;
127 tmpext->ext_flags |= X509V3_EXT_DYNAMIC; 134 tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
128 return 1; 135 return X509V3_EXT_add(tmpext);
129} 136}
130 137
131void X509V3_EXT_cleanup(void) 138void X509V3_EXT_cleanup(void)
@@ -139,28 +146,12 @@ static void ext_list_free(X509V3_EXT_METHOD *ext)
139 if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext); 146 if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
140} 147}
141 148
142extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; 149/* Legacy function: we don't need to add standard extensions
143extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet; 150 * any more because they are now kept in ext_dat.h.
144extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; 151 */
145
146extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
147 152
148int X509V3_add_standard_extensions(void) 153int X509V3_add_standard_extensions(void)
149{ 154{
150 X509V3_EXT_add_list(v3_ns_ia5_list);
151 X509V3_EXT_add_list(v3_alt);
152 X509V3_EXT_add(&v3_bcons);
153 X509V3_EXT_add(&v3_nscert);
154 X509V3_EXT_add(&v3_key_usage);
155 X509V3_EXT_add(&v3_ext_ku);
156 X509V3_EXT_add(&v3_skey_id);
157 X509V3_EXT_add(&v3_akey_id);
158 X509V3_EXT_add(&v3_pkey_usage_period);
159 X509V3_EXT_add(&v3_crl_num);
160 X509V3_EXT_add(&v3_sxnet);
161 X509V3_EXT_add(&v3_crl_reason);
162 X509V3_EXT_add(&v3_cpols);
163 X509V3_EXT_add(&v3_crld);
164 return 1; 155 return 1;
165} 156}
166 157
@@ -175,3 +166,56 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
175 return method->d2i(NULL, &p, ext->value->length); 166 return method->d2i(NULL, &p, ext->value->length);
176} 167}
177 168
169/* Get critical flag and decoded version of extension from a NID.
170 * The "idx" variable returns the last found extension and can
171 * be used to retrieve multiple extensions of the same NID.
172 * However multiple extensions with the same NID is usually
173 * due to a badly encoded certificate so if idx is NULL we
174 * choke if multiple extensions exist.
175 * The "crit" variable is set to the critical value.
176 * The return value is the decoded extension or NULL on
177 * error. The actual error can have several different causes,
178 * the value of *crit reflects the cause:
179 * >= 0, extension found but not decoded (reflects critical value).
180 * -1 extension not found.
181 * -2 extension occurs more than once.
182 */
183
184void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
185{
186 int lastpos, i;
187 X509_EXTENSION *ex, *found_ex = NULL;
188 if(!x) {
189 if(idx) *idx = -1;
190 if(crit) *crit = -1;
191 return NULL;
192 }
193 if(idx) lastpos = *idx + 1;
194 else lastpos = 0;
195 if(lastpos < 0) lastpos = 0;
196 for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
197 {
198 ex = sk_X509_EXTENSION_value(x, i);
199 if(OBJ_obj2nid(ex->object) == nid) {
200 if(idx) {
201 *idx = i;
202 break;
203 } else if(found_ex) {
204 /* Found more than one */
205 if(crit) *crit = -2;
206 return NULL;
207 }
208 found_ex = ex;
209 }
210 }
211 if(found_ex) {
212 /* Found it */
213 if(crit) *crit = found_ex->critical;
214 return X509V3_EXT_d2i(found_ex);
215 }
216
217 /* Extension not found */
218 if(idx) *idx = -1;
219 if(crit) *crit = -1;
220 return NULL;
221}
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
index c13e7d8f45..30a62c6090 100644
--- a/src/lib/libcrypto/x509v3/v3_pku.c
+++ b/src/lib/libcrypto/x509v3/v3_pku.c
@@ -119,9 +119,9 @@ PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a,
119void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a) 119void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a)
120{ 120{
121 if (a == NULL) return; 121 if (a == NULL) return;
122 ASN1_GENERALIZEDTIME_free(a->notBefore); 122 M_ASN1_GENERALIZEDTIME_free(a->notBefore);
123 ASN1_GENERALIZEDTIME_free(a->notAfter); 123 M_ASN1_GENERALIZEDTIME_free(a->notAfter);
124 Free ((char *)a); 124 Free (a);
125} 125}
126 126
127static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, 127static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
index dc20c6bdba..bee624c6be 100644
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -81,7 +81,15 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
81 nval = sk_CONF_VALUE_value(val, i); 81 nval = sk_CONF_VALUE_value(val, i);
82 if(!nval->name) BIO_puts(out, nval->value); 82 if(!nval->name) BIO_puts(out, nval->value);
83 else if(!nval->value) BIO_puts(out, nval->name); 83 else if(!nval->value) BIO_puts(out, nval->name);
84#ifndef CHARSET_EBCDIC
84 else BIO_printf(out, "%s:%s", nval->name, nval->value); 85 else BIO_printf(out, "%s:%s", nval->name, nval->value);
86#else
87 else {
88 char tmp[10240]; /* 10k is BIO_printf's limit anyway */
89 ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1);
90 BIO_printf(out, "%s:%s", nval->name, tmp);
91 }
92#endif
85 if(ml) BIO_puts(out, "\n"); 93 if(ml) BIO_puts(out, "\n");
86 } 94 }
87} 95}
@@ -103,7 +111,15 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
103 ok = 0; 111 ok = 0;
104 goto err; 112 goto err;
105 } 113 }
114#ifndef CHARSET_EBCDIC
106 BIO_printf(out, "%*s%s", indent, "", value); 115 BIO_printf(out, "%*s%s", indent, "", value);
116#else
117 {
118 char tmp[10240]; /* 10k is BIO_printf's limit anyway */
119 ascii2ebcdic(tmp, value, strlen(value)+1);
120 BIO_printf(out, "%*s%s", indent, "", tmp);
121 }
122#endif
107 } else if(method->i2v) { 123 } else if(method->i2v) {
108 if(!(nval = method->i2v(method, ext_str, NULL))) { 124 if(!(nval = method->i2v(method, ext_str, NULL))) {
109 ok = 0; 125 ok = 0;
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
new file mode 100644
index 0000000000..b7494ebcd5
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -0,0 +1,456 @@
1/* v3_purp.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63
64static void x509v3_cache_extensions(X509 *x);
65
66static int ca_check(X509 *x);
67static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca);
68static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca);
69static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca);
70static int purpose_smime(X509 *x, int ca);
71static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca);
72static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca);
73static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca);
74
75static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b);
76static void xptable_free(X509_PURPOSE *p);
77
78static X509_PURPOSE xstandard[] = {
79 {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
80 {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
81 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
82 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
83 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
84 {X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
85};
86
87#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
88
89IMPLEMENT_STACK_OF(X509_PURPOSE)
90
91static STACK_OF(X509_PURPOSE) *xptable = NULL;
92
93static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b)
94{
95 return (*a)->purpose - (*b)->purpose;
96}
97
98int X509_check_purpose(X509 *x, int id, int ca)
99{
100 int idx;
101 X509_PURPOSE *pt;
102 if(!(x->ex_flags & EXFLAG_SET)) {
103 CRYPTO_w_lock(CRYPTO_LOCK_X509);
104 x509v3_cache_extensions(x);
105 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
106 }
107 if(id == -1) return 1;
108 idx = X509_PURPOSE_get_by_id(id);
109 if(idx == -1) return -1;
110 pt = X509_PURPOSE_get0(idx);
111 return pt->check_purpose(pt, x, ca);
112}
113
114int X509_PURPOSE_get_count(void)
115{
116 if(!xptable) return X509_PURPOSE_COUNT;
117 return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
118}
119
120X509_PURPOSE * X509_PURPOSE_get0(int idx)
121{
122 if(idx < 0) return NULL;
123 if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
124 return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
125}
126
127int X509_PURPOSE_get_by_sname(char *sname)
128{
129 int i;
130 X509_PURPOSE *xptmp;
131 for(i = 0; i < X509_PURPOSE_get_count(); i++) {
132 xptmp = X509_PURPOSE_get0(i);
133 if(!strcmp(xptmp->sname, sname)) return i;
134 }
135 return -1;
136}
137
138
139int X509_PURPOSE_get_by_id(int purpose)
140{
141 X509_PURPOSE tmp;
142 int idx;
143 if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
144 return purpose - X509_PURPOSE_MIN;
145 tmp.purpose = purpose;
146 if(!xptable) return -1;
147 idx = sk_X509_PURPOSE_find(xptable, &tmp);
148 if(idx == -1) return -1;
149 return idx + X509_PURPOSE_COUNT;
150}
151
152int X509_PURPOSE_add(int id, int trust, int flags,
153 int (*ck)(X509_PURPOSE *, X509 *, int),
154 char *name, char *sname, void *arg)
155{
156 int idx;
157 X509_PURPOSE *ptmp;
158 /* This is set according to what we change: application can't set it */
159 flags &= ~X509_PURPOSE_DYNAMIC;
160 /* This will always be set for application modified trust entries */
161 flags |= X509_PURPOSE_DYNAMIC_NAME;
162 /* Get existing entry if any */
163 idx = X509_PURPOSE_get_by_id(id);
164 /* Need a new entry */
165 if(idx == -1) {
166 if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) {
167 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
168 return 0;
169 }
170 ptmp->flags = X509_PURPOSE_DYNAMIC;
171 } else ptmp = X509_PURPOSE_get0(idx);
172
173 /* Free existing name if dynamic */
174 if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
175 Free(ptmp->name);
176 Free(ptmp->sname);
177 }
178 /* dup supplied name */
179 ptmp->name = BUF_strdup(name);
180 ptmp->sname = BUF_strdup(sname);
181 if(!ptmp->name || !ptmp->sname) {
182 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
183 return 0;
184 }
185 /* Keep the dynamic flag of existing entry */
186 ptmp->flags &= X509_PURPOSE_DYNAMIC;
187 /* Set all other flags */
188 ptmp->flags |= flags;
189
190 ptmp->purpose = id;
191 ptmp->trust = trust;
192 ptmp->check_purpose = ck;
193 ptmp->usr_data = arg;
194
195 /* If its a new entry manage the dynamic table */
196 if(idx == -1) {
197 if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
198 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
199 return 0;
200 }
201 if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
202 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
203 return 0;
204 }
205 }
206 return 1;
207}
208
209static void xptable_free(X509_PURPOSE *p)
210 {
211 if(!p) return;
212 if (p->flags & X509_PURPOSE_DYNAMIC)
213 {
214 if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
215 Free(p->name);
216 Free(p->sname);
217 }
218 Free(p);
219 }
220 }
221
222void X509_PURPOSE_cleanup(void)
223{
224 int i;
225 sk_X509_PURPOSE_pop_free(xptable, xptable_free);
226 for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
227 xptable = NULL;
228}
229
230int X509_PURPOSE_get_id(X509_PURPOSE *xp)
231{
232 return xp->purpose;
233}
234
235char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
236{
237 return xp->name;
238}
239
240char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
241{
242 return xp->sname;
243}
244
245int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
246{
247 return xp->trust;
248}
249
250#ifndef NO_SHA
251static void x509v3_cache_extensions(X509 *x)
252{
253 BASIC_CONSTRAINTS *bs;
254 ASN1_BIT_STRING *usage;
255 ASN1_BIT_STRING *ns;
256 STACK_OF(ASN1_OBJECT) *extusage;
257 int i;
258 if(x->ex_flags & EXFLAG_SET) return;
259 X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
260 /* Does subject name match issuer ? */
261 if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
262 x->ex_flags |= EXFLAG_SS;
263 /* V1 should mean no extensions ... */
264 if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
265 /* Handle basic constraints */
266 if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
267 if(bs->ca) x->ex_flags |= EXFLAG_CA;
268 if(bs->pathlen) {
269 if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
270 || !bs->ca) {
271 x->ex_flags |= EXFLAG_INVALID;
272 x->ex_pathlen = 0;
273 } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
274 } else x->ex_pathlen = -1;
275 BASIC_CONSTRAINTS_free(bs);
276 x->ex_flags |= EXFLAG_BCONS;
277 }
278 /* Handle key usage */
279 if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
280 if(usage->length > 0) {
281 x->ex_kusage = usage->data[0];
282 if(usage->length > 1)
283 x->ex_kusage |= usage->data[1] << 8;
284 } else x->ex_kusage = 0;
285 x->ex_flags |= EXFLAG_KUSAGE;
286 ASN1_BIT_STRING_free(usage);
287 }
288 x->ex_xkusage = 0;
289 if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
290 x->ex_flags |= EXFLAG_XKUSAGE;
291 for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
292 switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
293 case NID_server_auth:
294 x->ex_xkusage |= XKU_SSL_SERVER;
295 break;
296
297 case NID_client_auth:
298 x->ex_xkusage |= XKU_SSL_CLIENT;
299 break;
300
301 case NID_email_protect:
302 x->ex_xkusage |= XKU_SMIME;
303 break;
304
305 case NID_code_sign:
306 x->ex_xkusage |= XKU_CODE_SIGN;
307 break;
308
309 case NID_ms_sgc:
310 case NID_ns_sgc:
311 x->ex_xkusage |= XKU_SGC;
312 }
313 }
314 sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
315 }
316
317 if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
318 if(ns->length > 0) x->ex_nscert = ns->data[0];
319 else x->ex_nscert = 0;
320 x->ex_flags |= EXFLAG_NSCERT;
321 ASN1_BIT_STRING_free(ns);
322 }
323 x->ex_flags |= EXFLAG_SET;
324}
325#endif
326
327/* CA checks common to all purposes
328 * return codes:
329 * 0 not a CA
330 * 1 is a CA
331 * 2 basicConstraints absent so "maybe" a CA
332 * 3 basicConstraints absent but self signed V1.
333 */
334
335#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
336#define ku_reject(x, usage) \
337 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
338#define xku_reject(x, usage) \
339 (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
340#define ns_reject(x, usage) \
341 (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
342
343static int ca_check(X509 *x)
344{
345 /* keyUsage if present should allow cert signing */
346 if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
347 if(x->ex_flags & EXFLAG_BCONS) {
348 if(x->ex_flags & EXFLAG_CA) return 1;
349 /* If basicConstraints says not a CA then say so */
350 else return 0;
351 } else {
352 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
353 else return 2;
354 }
355}
356
357
358static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca)
359{
360 if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
361 if(ca) {
362 int ca_ret;
363 ca_ret = ca_check(x);
364 if(!ca_ret) return 0;
365 /* check nsCertType if present */
366 if(x->ex_flags & EXFLAG_NSCERT) {
367 if(x->ex_nscert & NS_SSL_CA) return ca_ret;
368 return 0;
369 }
370 if(ca_ret != 2) return ca_ret;
371 else return 0;
372 }
373 /* We need to do digital signatures with it */
374 if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
375 /* nsCertType if present should allow SSL client use */
376 if(ns_reject(x, NS_SSL_CLIENT)) return 0;
377 return 1;
378}
379
380static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
381{
382 if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
383 /* Otherwise same as SSL client for a CA */
384 if(ca) return check_purpose_ssl_client(xp, x, 1);
385
386 if(ns_reject(x, NS_SSL_SERVER)) return 0;
387 /* Now as for keyUsage: we'll at least need to sign OR encipher */
388 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
389
390 return 1;
391
392}
393
394static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
395{
396 int ret;
397 ret = check_purpose_ssl_server(xp, x, ca);
398 if(!ret || ca) return ret;
399 /* We need to encipher or Netscape complains */
400 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
401 return ret;
402}
403
404/* common S/MIME checks */
405static int purpose_smime(X509 *x, int ca)
406{
407 if(xku_reject(x,XKU_SMIME)) return 0;
408 if(ca) {
409 int ca_ret;
410 ca_ret = ca_check(x);
411 if(!ca_ret) return 0;
412 /* check nsCertType if present */
413 if(x->ex_flags & EXFLAG_NSCERT) {
414 if(x->ex_nscert & NS_SMIME_CA) return ca_ret;
415 return 0;
416 }
417 if(ca_ret != 2) return ca_ret;
418 else return 0;
419 }
420 if(x->ex_flags & EXFLAG_NSCERT) {
421 if(x->ex_nscert & NS_SMIME) return 1;
422 /* Workaround for some buggy certificates */
423 if(x->ex_nscert & NS_SSL_CLIENT) return 2;
424 return 0;
425 }
426 return 1;
427}
428
429static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca)
430{
431 int ret;
432 ret = purpose_smime(x, ca);
433 if(!ret || ca) return ret;
434 if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0;
435 return ret;
436}
437
438static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca)
439{
440 int ret;
441 ret = purpose_smime(x, ca);
442 if(!ret || ca) return ret;
443 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
444 return ret;
445}
446
447static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca)
448{
449 if(ca) {
450 int ca_ret;
451 if((ca_ret = ca_check(x)) != 2) return ca_ret;
452 else return 0;
453 }
454 if(ku_reject(x, KU_CRL_SIGN)) return 0;
455 return 1;
456}
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
index fb3e36014d..939845fa8f 100644
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ b/src/lib/libcrypto/x509v3/v3_skey.c
@@ -61,24 +61,17 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
63 63
64static ASN1_OCTET_STRING *octet_string_new(void);
65static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); 64static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
66X509V3_EXT_METHOD v3_skey_id = { 65X509V3_EXT_METHOD v3_skey_id = {
67NID_subject_key_identifier, 0, 66NID_subject_key_identifier, 0,
68(X509V3_EXT_NEW)octet_string_new, 67(X509V3_EXT_NEW)ASN1_OCTET_STRING_new,
69(X509V3_EXT_FREE)ASN1_STRING_free, 68(X509V3_EXT_FREE)ASN1_OCTET_STRING_free,
70(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING, 69(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
71(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING, 70(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
72(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, 71(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
73(X509V3_EXT_S2I)s2i_skey_id, 72(X509V3_EXT_S2I)s2i_skey_id,
74NULL, NULL, NULL, NULL, NULL}; 73NULL, NULL, NULL, NULL, NULL};
75 74
76
77static ASN1_OCTET_STRING *octet_string_new(void)
78{
79 return ASN1_OCTET_STRING_new();
80}
81
82char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 75char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
83 ASN1_OCTET_STRING *oct) 76 ASN1_OCTET_STRING *oct)
84{ 77{
@@ -91,13 +84,13 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
91 ASN1_OCTET_STRING *oct; 84 ASN1_OCTET_STRING *oct;
92 long length; 85 long length;
93 86
94 if(!(oct = ASN1_OCTET_STRING_new())) { 87 if(!(oct = M_ASN1_OCTET_STRING_new())) {
95 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); 88 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
96 return NULL; 89 return NULL;
97 } 90 }
98 91
99 if(!(oct->data = string_to_hex(str, &length))) { 92 if(!(oct->data = string_to_hex(str, &length))) {
100 ASN1_OCTET_STRING_free(oct); 93 M_ASN1_OCTET_STRING_free(oct);
101 return NULL; 94 return NULL;
102 } 95 }
103 96
@@ -118,7 +111,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
118 111
119 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); 112 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
120 113
121 if(!(oct = ASN1_OCTET_STRING_new())) { 114 if(!(oct = M_ASN1_OCTET_STRING_new())) {
122 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); 115 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
123 return NULL; 116 return NULL;
124 } 117 }
@@ -143,7 +136,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
143 EVP_DigestUpdate(&md, pk->data, pk->length); 136 EVP_DigestUpdate(&md, pk->data, pk->length);
144 EVP_DigestFinal(&md, pkey_dig, &diglen); 137 EVP_DigestFinal(&md, pkey_dig, &diglen);
145 138
146 if(!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { 139 if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
147 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); 140 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
148 goto err; 141 goto err;
149 } 142 }
@@ -151,6 +144,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
151 return oct; 144 return oct;
152 145
153 err: 146 err:
154 ASN1_OCTET_STRING_free(oct); 147 M_ASN1_OCTET_STRING_free(oct);
155 return NULL; 148 return NULL;
156} 149}
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
index 0687bb4e3d..20ba8ac8d6 100644
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ b/src/lib/libcrypto/x509v3/v3_sxnet.c
@@ -111,7 +111,7 @@ SXNET *SXNET_new(void)
111 SXNET *ret=NULL; 111 SXNET *ret=NULL;
112 ASN1_CTX c; 112 ASN1_CTX c;
113 M_ASN1_New_Malloc(ret, SXNET); 113 M_ASN1_New_Malloc(ret, SXNET);
114 M_ASN1_New(ret->version,ASN1_INTEGER_new); 114 M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
115 M_ASN1_New(ret->ids,sk_SXNETID_new_null); 115 M_ASN1_New(ret->ids,sk_SXNETID_new_null);
116 return (ret); 116 return (ret);
117 M_ASN1_New_Error(ASN1_F_SXNET_NEW); 117 M_ASN1_New_Error(ASN1_F_SXNET_NEW);
@@ -130,7 +130,7 @@ SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length)
130void SXNET_free(SXNET *a) 130void SXNET_free(SXNET *a)
131{ 131{
132 if (a == NULL) return; 132 if (a == NULL) return;
133 ASN1_INTEGER_free(a->version); 133 M_ASN1_INTEGER_free(a->version);
134 sk_SXNETID_pop_free(a->ids, SXNETID_free); 134 sk_SXNETID_pop_free(a->ids, SXNETID_free);
135 Free (a); 135 Free (a);
136} 136}
@@ -156,7 +156,7 @@ SXNETID *SXNETID_new(void)
156 ASN1_CTX c; 156 ASN1_CTX c;
157 M_ASN1_New_Malloc(ret, SXNETID); 157 M_ASN1_New_Malloc(ret, SXNETID);
158 ret->zone = NULL; 158 ret->zone = NULL;
159 M_ASN1_New(ret->user,ASN1_OCTET_STRING_new); 159 M_ASN1_New(ret->user,M_ASN1_OCTET_STRING_new);
160 return (ret); 160 return (ret);
161 M_ASN1_New_Error(ASN1_F_SXNETID_NEW); 161 M_ASN1_New_Error(ASN1_F_SXNETID_NEW);
162} 162}
@@ -174,8 +174,8 @@ SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length)
174void SXNETID_free(SXNETID *a) 174void SXNETID_free(SXNETID *a)
175{ 175{
176 if (a == NULL) return; 176 if (a == NULL) return;
177 ASN1_INTEGER_free(a->zone); 177 M_ASN1_INTEGER_free(a->zone);
178 ASN1_OCTET_STRING_free(a->user); 178 M_ASN1_OCTET_STRING_free(a->user);
179 Free (a); 179 Free (a);
180} 180}
181 181
@@ -193,7 +193,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
193 tmp = i2s_ASN1_INTEGER(NULL, id->zone); 193 tmp = i2s_ASN1_INTEGER(NULL, id->zone);
194 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); 194 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
195 Free(tmp); 195 Free(tmp);
196 ASN1_OCTET_STRING_print(out, id->user); 196 M_ASN1_OCTET_STRING_print(out, id->user);
197 } 197 }
198 return 1; 198 return 1;
199} 199}
@@ -244,9 +244,9 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
244 int userlen) 244 int userlen)
245{ 245{
246 ASN1_INTEGER *izone = NULL; 246 ASN1_INTEGER *izone = NULL;
247 if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { 247 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
248 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); 248 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
249 ASN1_INTEGER_free(izone); 249 M_ASN1_INTEGER_free(izone);
250 return 0; 250 return 0;
251 } 251 }
252 return SXNET_add_id_INTEGER(psx, izone, user, userlen); 252 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
@@ -285,7 +285,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
285 if(!(id = SXNETID_new())) goto err; 285 if(!(id = SXNETID_new())) goto err;
286 if(userlen == -1) userlen = strlen(user); 286 if(userlen == -1) userlen = strlen(user);
287 287
288 if(!ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; 288 if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
289 if(!sk_SXNETID_push(sx->ids, id)) goto err; 289 if(!sk_SXNETID_push(sx->ids, id)) goto err;
290 id->zone = zone; 290 id->zone = zone;
291 return 1; 291 return 1;
@@ -307,7 +307,7 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
307 return NULL; 307 return NULL;
308 } 308 }
309 oct = SXNET_get_id_INTEGER(sx, izone); 309 oct = SXNET_get_id_INTEGER(sx, izone);
310 ASN1_INTEGER_free(izone); 310 M_ASN1_INTEGER_free(izone);
311 return oct; 311 return oct;
312} 312}
313 313
@@ -315,13 +315,13 @@ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
315{ 315{
316 ASN1_INTEGER *izone = NULL; 316 ASN1_INTEGER *izone = NULL;
317 ASN1_OCTET_STRING *oct; 317 ASN1_OCTET_STRING *oct;
318 if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { 318 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
319 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); 319 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
320 ASN1_INTEGER_free(izone); 320 M_ASN1_INTEGER_free(izone);
321 return NULL; 321 return NULL;
322 } 322 }
323 oct = SXNET_get_id_INTEGER(sx, izone); 323 oct = SXNET_get_id_INTEGER(sx, izone);
324 ASN1_INTEGER_free(izone); 324 M_ASN1_INTEGER_free(izone);
325 return oct; 325 return oct;
326} 326}
327 327
@@ -331,7 +331,7 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
331 int i; 331 int i;
332 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { 332 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
333 id = sk_SXNETID_value(sx->ids, i); 333 id = sk_SXNETID_value(sx->ids, i);
334 if(!ASN1_INTEGER_cmp(id->zone, zone)) return id->user; 334 if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
335 } 335 }
336 return NULL; 336 return NULL;
337} 337}
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
index 40f71c71b4..4c2c4a9483 100644
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -104,7 +104,7 @@ void X509V3_conf_free(CONF_VALUE *conf)
104 if(conf->name) Free(conf->name); 104 if(conf->name) Free(conf->name);
105 if(conf->value) Free(conf->value); 105 if(conf->value) Free(conf->value);
106 if(conf->section) Free(conf->section); 106 if(conf->section) Free(conf->section);
107 Free((char *)conf); 107 Free(conf);
108} 108}
109 109
110int X509V3_add_value_bool(const char *name, int asn1_bool, 110int X509V3_add_value_bool(const char *name, int asn1_bool,
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
index 50efa8d99d..b7d4e350c4 100644
--- a/src/lib/libcrypto/x509v3/v3err.c
+++ b/src/lib/libcrypto/x509v3/v3err.c
@@ -72,6 +72,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
72{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, 72{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
73{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, 73{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
74{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, 74{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
75{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"},
75{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, 76{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"},
76{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, 77{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"},
77{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, 78{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"},
@@ -87,6 +88,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
87{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, 88{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"},
88{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, 89{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"},
89{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, 90{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"},
91{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"},
90{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, 92{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"},
91{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, 93{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"},
92{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, 94{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
@@ -102,6 +104,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
102{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, 104{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"},
103{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, 105{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
104{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, 106{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
107{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"},
105{0,NULL} 108{0,NULL}
106 }; 109 };
107 110
@@ -132,6 +135,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
132{X509V3_R_INVALID_OPTION ,"invalid option"}, 135{X509V3_R_INVALID_OPTION ,"invalid option"},
133{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, 136{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"},
134{X509V3_R_INVALID_SECTION ,"invalid section"}, 137{X509V3_R_INVALID_SECTION ,"invalid section"},
138{X509V3_R_INVALID_SYNTAX ,"invalid syntax"},
135{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, 139{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"},
136{X509V3_R_MISSING_VALUE ,"missing value"}, 140{X509V3_R_MISSING_VALUE ,"missing value"},
137{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, 141{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"},
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
index 4eb04a5a89..fe01755797 100644
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ b/src/lib/libcrypto/x509v3/x509v3.h
@@ -136,12 +136,6 @@ typedef struct v3_ext_ctx X509V3_CTX;
136#define X509V3_EXT_CTX_DEP 0x2 136#define X509V3_EXT_CTX_DEP 0x2
137#define X509V3_EXT_MULTILINE 0x4 137#define X509V3_EXT_MULTILINE 0x4
138 138
139typedef struct BIT_STRING_BITNAME_st {
140int bitnum;
141const char *lname;
142const char *sname;
143} BIT_STRING_BITNAME;
144
145typedef BIT_STRING_BITNAME ENUMERATED_NAMES; 139typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
146 140
147typedef struct BASIC_CONSTRAINTS_st { 141typedef struct BASIC_CONSTRAINTS_st {
@@ -155,6 +149,11 @@ ASN1_GENERALIZEDTIME *notBefore;
155ASN1_GENERALIZEDTIME *notAfter; 149ASN1_GENERALIZEDTIME *notAfter;
156} PKEY_USAGE_PERIOD; 150} PKEY_USAGE_PERIOD;
157 151
152typedef struct otherName_st {
153ASN1_OBJECT *type_id;
154ASN1_TYPE *value;
155} OTHERNAME;
156
158typedef struct GENERAL_NAME_st { 157typedef struct GENERAL_NAME_st {
159 158
160#define GEN_OTHERNAME (0|V_ASN1_CONTEXT_SPECIFIC) 159#define GEN_OTHERNAME (0|V_ASN1_CONTEXT_SPECIFIC)
@@ -174,17 +173,26 @@ union {
174 ASN1_OCTET_STRING *ip; /* iPAddress */ 173 ASN1_OCTET_STRING *ip; /* iPAddress */
175 X509_NAME *dirn; /* dirn */ 174 X509_NAME *dirn; /* dirn */
176 ASN1_OBJECT *rid; /* registeredID */ 175 ASN1_OBJECT *rid; /* registeredID */
177 ASN1_TYPE *other; /* otherName, ediPartyName, x400Address */ 176 OTHERNAME *otherName; /* otherName */
177 ASN1_TYPE *other; /* ediPartyName, x400Address */
178} d; 178} d;
179} GENERAL_NAME; 179} GENERAL_NAME;
180 180
181typedef struct ACCESS_DESCRIPTION_st {
182ASN1_OBJECT *method;
183GENERAL_NAME *location;
184} ACCESS_DESCRIPTION;
185
181DECLARE_STACK_OF(GENERAL_NAME) 186DECLARE_STACK_OF(GENERAL_NAME)
182DECLARE_ASN1_SET_OF(GENERAL_NAME) 187DECLARE_ASN1_SET_OF(GENERAL_NAME)
183 188
189DECLARE_STACK_OF(ACCESS_DESCRIPTION)
190DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
191
184typedef struct DIST_POINT_NAME_st { 192typedef struct DIST_POINT_NAME_st {
185/* NB: this is a CHOICE type and only one of these should be set */ 193/* NB: this is a CHOICE type and only one of these should be set */
186STACK_OF(GENERAL_NAME) *fullname; 194STACK_OF(GENERAL_NAME) *fullname;
187X509_NAME *relativename; 195STACK_OF(X509_NAME_ENTRY) *relativename;
188} DIST_POINT_NAME; 196} DIST_POINT_NAME;
189 197
190typedef struct DIST_POINT_st { 198typedef struct DIST_POINT_st {
@@ -255,8 +263,8 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
255#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL; 263#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
256 264
257#define EXT_BITSTRING(nid, table) { nid, 0, \ 265#define EXT_BITSTRING(nid, table) { nid, 0, \
258 (X509V3_EXT_NEW)asn1_bit_string_new, \ 266 (X509V3_EXT_NEW)ASN1_BIT_STRING_new, \
259 (X509V3_EXT_FREE)ASN1_STRING_free, \ 267 (X509V3_EXT_FREE)ASN1_BIT_STRING_free, \
260 (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \ 268 (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
261 (X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \ 269 (X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \
262 NULL, NULL, \ 270 NULL, NULL, \
@@ -266,8 +274,8 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
266 (char *)table} 274 (char *)table}
267 275
268#define EXT_IA5STRING(nid) { nid, 0, \ 276#define EXT_IA5STRING(nid) { nid, 0, \
269 (X509V3_EXT_NEW)ia5string_new, \ 277 (X509V3_EXT_NEW)ASN1_IA5STRING_new, \
270 (X509V3_EXT_FREE)ASN1_STRING_free, \ 278 (X509V3_EXT_FREE)ASN1_IA5STRING_free, \
271 (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \ 279 (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
272 (X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \ 280 (X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \
273 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ 281 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
@@ -279,6 +287,69 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
279 NULL, NULL, NULL, NULL, \ 287 NULL, NULL, NULL, NULL, \
280 NULL} 288 NULL}
281 289
290
291/* X509_PURPOSE stuff */
292
293#define EXFLAG_BCONS 0x1
294#define EXFLAG_KUSAGE 0x2
295#define EXFLAG_XKUSAGE 0x4
296#define EXFLAG_NSCERT 0x8
297
298#define EXFLAG_CA 0x10
299#define EXFLAG_SS 0x20
300#define EXFLAG_V1 0x40
301#define EXFLAG_INVALID 0x80
302#define EXFLAG_SET 0x100
303
304#define KU_DIGITAL_SIGNATURE 0x0080
305#define KU_NON_REPUDIATION 0x0040
306#define KU_KEY_ENCIPHERMENT 0x0020
307#define KU_DATA_ENCIPHERMENT 0x0010
308#define KU_KEY_AGREEMENT 0x0008
309#define KU_KEY_CERT_SIGN 0x0004
310#define KU_CRL_SIGN 0x0002
311#define KU_ENCIPHER_ONLY 0x0001
312#define KU_DECIPHER_ONLY 0x8000
313
314#define NS_SSL_CLIENT 0x80
315#define NS_SSL_SERVER 0x40
316#define NS_SMIME 0x20
317#define NS_OBJSIGN 0x10
318#define NS_SSL_CA 0x04
319#define NS_SMIME_CA 0x02
320#define NS_OBJSIGN_CA 0x01
321
322#define XKU_SSL_SERVER 0x1
323#define XKU_SSL_CLIENT 0x2
324#define XKU_SMIME 0x4
325#define XKU_CODE_SIGN 0x8
326#define XKU_SGC 0x10
327
328#define X509_PURPOSE_DYNAMIC 0x1
329#define X509_PURPOSE_DYNAMIC_NAME 0x2
330
331typedef struct x509_purpose_st {
332 int purpose;
333 int trust; /* Default trust ID */
334 int flags;
335 int (*check_purpose)(struct x509_purpose_st *, X509 *, int);
336 char *name;
337 char *sname;
338 void *usr_data;
339} X509_PURPOSE;
340
341#define X509_PURPOSE_SSL_CLIENT 1
342#define X509_PURPOSE_SSL_SERVER 2
343#define X509_PURPOSE_NS_SSL_SERVER 3
344#define X509_PURPOSE_SMIME_SIGN 4
345#define X509_PURPOSE_SMIME_ENCRYPT 5
346#define X509_PURPOSE_CRL_SIGN 6
347
348#define X509_PURPOSE_MIN 1
349#define X509_PURPOSE_MAX 6
350
351DECLARE_STACK_OF(X509_PURPOSE)
352
282void ERR_load_X509V3_strings(void); 353void ERR_load_X509V3_strings(void);
283int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp); 354int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
284BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length); 355BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
@@ -328,6 +399,11 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
328STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, 399STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
329 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 400 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
330 401
402int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp);
403OTHERNAME *OTHERNAME_new(void);
404OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length);
405void OTHERNAME_free(OTHERNAME *a);
406
331char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); 407char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
332ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); 408ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
333 409
@@ -380,12 +456,27 @@ void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
380DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, 456DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
381 long length); 457 long length);
382 458
459int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp);
460ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
461void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
462ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
463 long length);
464
465STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void);
466void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a);
467STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
468 unsigned char **pp, long length);
469int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp);
470
471
472
383#ifdef HEADER_CONF_H 473#ifdef HEADER_CONF_H
384GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); 474GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
385void X509V3_conf_free(CONF_VALUE *val); 475void X509V3_conf_free(CONF_VALUE *val);
386X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); 476X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
387X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); 477X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
388int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); 478int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
479int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
389int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); 480int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
390int X509V3_add_value_bool_nf(char *name, int asn1_bool, 481int X509V3_add_value_bool_nf(char *name, int asn1_bool,
391 STACK_OF(CONF_VALUE) **extlist); 482 STACK_OF(CONF_VALUE) **extlist);
@@ -423,6 +514,8 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
423int X509V3_add_standard_extensions(void); 514int X509V3_add_standard_extensions(void);
424STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line); 515STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line);
425void *X509V3_EXT_d2i(X509_EXTENSION *ext); 516void *X509V3_EXT_d2i(X509_EXTENSION *ext);
517void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
518
426X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); 519X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
427 520
428char *hex_to_string(unsigned char *buffer, long len); 521char *hex_to_string(unsigned char *buffer, long len);
@@ -434,6 +527,20 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
434int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); 527int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
435int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); 528int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
436 529
530int X509_check_purpose(X509 *x, int id, int ca);
531int X509_PURPOSE_get_count(void);
532X509_PURPOSE * X509_PURPOSE_get0(int idx);
533int X509_PURPOSE_get_by_sname(char *sname);
534int X509_PURPOSE_get_by_id(int id);
535int X509_PURPOSE_add(int id, int trust, int flags,
536 int (*ck)(X509_PURPOSE *, X509 *, int),
537 char *name, char *sname, void *arg);
538char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
539char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
540int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
541void X509_PURPOSE_cleanup(void);
542int X509_PURPOSE_get_id(X509_PURPOSE *);
543
437/* BEGIN ERROR CODES */ 544/* BEGIN ERROR CODES */
438/* The following lines are auto generated by the script mkerr.pl. Any changes 545/* The following lines are auto generated by the script mkerr.pl. Any changes
439 * made after this point may be overwritten when the script is next run. 546 * made after this point may be overwritten when the script is next run.
@@ -449,6 +556,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
449#define X509V3_F_HEX_TO_STRING 111 556#define X509V3_F_HEX_TO_STRING 111
450#define X509V3_F_I2S_ASN1_ENUMERATED 121 557#define X509V3_F_I2S_ASN1_ENUMERATED 121
451#define X509V3_F_I2S_ASN1_INTEGER 120 558#define X509V3_F_I2S_ASN1_INTEGER 120
559#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
452#define X509V3_F_NOTICE_SECTION 132 560#define X509V3_F_NOTICE_SECTION 132
453#define X509V3_F_NREF_NOS 133 561#define X509V3_F_NREF_NOS 133
454#define X509V3_F_POLICY_SECTION 131 562#define X509V3_F_POLICY_SECTION 131
@@ -464,6 +572,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
464#define X509V3_F_SXNET_ADD_ID_ULONG 127 572#define X509V3_F_SXNET_ADD_ID_ULONG 127
465#define X509V3_F_SXNET_GET_ID_ASC 128 573#define X509V3_F_SXNET_GET_ID_ASC 128
466#define X509V3_F_SXNET_GET_ID_ULONG 129 574#define X509V3_F_SXNET_GET_ID_ULONG 129
575#define X509V3_F_V2I_ACCESS_DESCRIPTION 139
467#define X509V3_F_V2I_ASN1_BIT_STRING 101 576#define X509V3_F_V2I_ASN1_BIT_STRING 101
468#define X509V3_F_V2I_AUTHORITY_KEYID 119 577#define X509V3_F_V2I_AUTHORITY_KEYID 119
469#define X509V3_F_V2I_BASIC_CONSTRAINTS 102 578#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
@@ -479,6 +588,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
479#define X509V3_F_X509V3_EXT_I2D 136 588#define X509V3_F_X509V3_EXT_I2D 136
480#define X509V3_F_X509V3_GET_VALUE_BOOL 110 589#define X509V3_F_X509V3_GET_VALUE_BOOL 110
481#define X509V3_F_X509V3_PARSE_LIST 109 590#define X509V3_F_X509V3_PARSE_LIST 109
591#define X509V3_F_X509_PURPOSE_ADD 137
482 592
483/* Reason codes. */ 593/* Reason codes. */
484#define X509V3_R_BAD_IP_ADDRESS 118 594#define X509V3_R_BAD_IP_ADDRESS 118
@@ -506,6 +616,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
506#define X509V3_R_INVALID_OPTION 138 616#define X509V3_R_INVALID_OPTION 138
507#define X509V3_R_INVALID_POLICY_IDENTIFIER 134 617#define X509V3_R_INVALID_POLICY_IDENTIFIER 134
508#define X509V3_R_INVALID_SECTION 135 618#define X509V3_R_INVALID_SECTION 135
619#define X509V3_R_INVALID_SYNTAX 143
509#define X509V3_R_ISSUER_DECODE_ERROR 126 620#define X509V3_R_ISSUER_DECODE_ERROR 126
510#define X509V3_R_MISSING_VALUE 124 621#define X509V3_R_MISSING_VALUE 124
511#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 622#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142