diff options
author | beck <> | 2000-03-19 11:13:58 +0000 |
---|---|---|
committer | beck <> | 2000-03-19 11:13:58 +0000 |
commit | 796d609550df3a33fc11468741c5d2f6d3df4c11 (patch) | |
tree | 6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/x509v3 | |
parent | 5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff) | |
download | openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2 openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libcrypto/x509v3')
25 files changed, 1284 insertions, 150 deletions
diff --git a/src/lib/libcrypto/x509v3/Makefile.ssl b/src/lib/libcrypto/x509v3/Makefile.ssl index 72871edbc1..1bb746d52d 100644 --- a/src/lib/libcrypto/x509v3/Makefile.ssl +++ b/src/lib/libcrypto/x509v3/Makefile.ssl | |||
@@ -24,10 +24,10 @@ APPS= | |||
24 | LIB=$(TOP)/libcrypto.a | 24 | LIB=$(TOP)/libcrypto.a |
25 | LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ | 25 | LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ |
26 | v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ | 26 | v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ |
27 | v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c | 27 | v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c |
28 | LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ | 28 | LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ |
29 | v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ | 29 | v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ |
30 | v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o | 30 | v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o |
31 | 31 | ||
32 | SRC= $(LIBSRC) | 32 | SRC= $(LIBSRC) |
33 | 33 | ||
@@ -285,6 +285,25 @@ v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h | |||
285 | v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | 285 | v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h |
286 | v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | 286 | v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h |
287 | v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h | 287 | v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h |
288 | v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h | ||
289 | v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h | ||
290 | v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h | ||
291 | v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h | ||
292 | v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h | ||
293 | v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h | ||
294 | v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h | ||
295 | v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
296 | v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h | ||
297 | v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h | ||
298 | v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h | ||
299 | v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
300 | v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h | ||
301 | v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h | ||
302 | v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h | ||
303 | v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
304 | v3_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h | ||
305 | v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h | ||
306 | v3_info.o: ../cryptlib.h | ||
288 | v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | 307 | v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h |
289 | v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h | 308 | v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h |
290 | v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h | 309 | v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h |
@@ -320,7 +339,7 @@ v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h | |||
320 | v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h | 339 | v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h |
321 | v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | 340 | v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h |
322 | v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | 341 | v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h |
323 | v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h | 342 | v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h |
324 | v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h | 343 | v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h |
325 | v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h | 344 | v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h |
326 | v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h | 345 | v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h |
@@ -358,6 +377,24 @@ v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h | |||
358 | v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | 377 | v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h |
359 | v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | 378 | v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h |
360 | v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h | 379 | v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h |
380 | v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | ||
381 | v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h | ||
382 | v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h | ||
383 | v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h | ||
384 | v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h | ||
385 | v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h | ||
386 | v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | ||
387 | v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h | ||
388 | v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h | ||
389 | v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h | ||
390 | v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
391 | v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h | ||
392 | v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h | ||
393 | v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h | ||
394 | v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h | ||
395 | v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
396 | v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
397 | v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h | ||
361 | v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | 398 | v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h |
362 | v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h | 399 | v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h |
363 | v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h | 400 | v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h |
diff --git a/src/lib/libcrypto/x509v3/README b/src/lib/libcrypto/x509v3/README index 3b2cc047be..e69de29bb2 100644 --- a/src/lib/libcrypto/x509v3/README +++ b/src/lib/libcrypto/x509v3/README | |||
@@ -1,4 +0,0 @@ | |||
1 | WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | ||
2 | |||
3 | This is ***VERY*** new experimental code and is likely to change | ||
4 | considerably or vanish altogether. | ||
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h new file mode 100644 index 0000000000..801a585a52 --- /dev/null +++ b/src/lib/libcrypto/x509v3/ext_dat.h | |||
@@ -0,0 +1,97 @@ | |||
1 | /* ext_dat.h */ | ||
2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | ||
3 | * project 1999. | ||
4 | */ | ||
5 | /* ==================================================================== | ||
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * | ||
12 | * 1. Redistributions of source code must retain the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer. | ||
14 | * | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in | ||
17 | * the documentation and/or other materials provided with the | ||
18 | * distribution. | ||
19 | * | ||
20 | * 3. All advertising materials mentioning features or use of this | ||
21 | * software must display the following acknowledgment: | ||
22 | * "This product includes software developed by the OpenSSL Project | ||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | * | ||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | * endorse or promote products derived from this software without | ||
27 | * prior written permission. For written permission, please contact | ||
28 | * licensing@OpenSSL.org. | ||
29 | * | ||
30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
31 | * nor may "OpenSSL" appear in their names without prior written | ||
32 | * permission of the OpenSSL Project. | ||
33 | * | ||
34 | * 6. Redistributions of any form whatsoever must retain the following | ||
35 | * acknowledgment: | ||
36 | * "This product includes software developed by the OpenSSL Project | ||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | * ==================================================================== | ||
52 | * | ||
53 | * This product includes cryptographic software written by Eric Young | ||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
55 | * Hudson (tjh@cryptsoft.com). | ||
56 | * | ||
57 | */ | ||
58 | /* This file contains a table of "standard" extensions */ | ||
59 | |||
60 | extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; | ||
61 | extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info; | ||
62 | extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; | ||
63 | extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; | ||
64 | |||
65 | /* This table will be searched using OBJ_bsearch so it *must* kept in | ||
66 | * order of the ext_nid values. | ||
67 | */ | ||
68 | |||
69 | static X509V3_EXT_METHOD *standard_exts[] = { | ||
70 | &v3_nscert, | ||
71 | &v3_ns_ia5_list[0], | ||
72 | &v3_ns_ia5_list[1], | ||
73 | &v3_ns_ia5_list[2], | ||
74 | &v3_ns_ia5_list[3], | ||
75 | &v3_ns_ia5_list[4], | ||
76 | &v3_ns_ia5_list[5], | ||
77 | &v3_ns_ia5_list[6], | ||
78 | &v3_skey_id, | ||
79 | &v3_key_usage, | ||
80 | &v3_pkey_usage_period, | ||
81 | &v3_alt[0], | ||
82 | &v3_alt[1], | ||
83 | &v3_bcons, | ||
84 | &v3_crl_num, | ||
85 | &v3_cpols, | ||
86 | &v3_akey_id, | ||
87 | &v3_crld, | ||
88 | &v3_ext_ku, | ||
89 | &v3_crl_reason, | ||
90 | &v3_sxnet, | ||
91 | &v3_info, | ||
92 | }; | ||
93 | |||
94 | /* Number of standard extensions */ | ||
95 | |||
96 | #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) | ||
97 | |||
diff --git a/src/lib/libcrypto/x509v3/tabtest.c b/src/lib/libcrypto/x509v3/tabtest.c new file mode 100644 index 0000000000..dad0d38dd5 --- /dev/null +++ b/src/lib/libcrypto/x509v3/tabtest.c | |||
@@ -0,0 +1,88 @@ | |||
1 | /* tabtest.c */ | ||
2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | ||
3 | * project 1999. | ||
4 | */ | ||
5 | /* ==================================================================== | ||
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * | ||
12 | * 1. Redistributions of source code must retain the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer. | ||
14 | * | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in | ||
17 | * the documentation and/or other materials provided with the | ||
18 | * distribution. | ||
19 | * | ||
20 | * 3. All advertising materials mentioning features or use of this | ||
21 | * software must display the following acknowledgment: | ||
22 | * "This product includes software developed by the OpenSSL Project | ||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | * | ||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | * endorse or promote products derived from this software without | ||
27 | * prior written permission. For written permission, please contact | ||
28 | * licensing@OpenSSL.org. | ||
29 | * | ||
30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
31 | * nor may "OpenSSL" appear in their names without prior written | ||
32 | * permission of the OpenSSL Project. | ||
33 | * | ||
34 | * 6. Redistributions of any form whatsoever must retain the following | ||
35 | * acknowledgment: | ||
36 | * "This product includes software developed by the OpenSSL Project | ||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | * ==================================================================== | ||
52 | * | ||
53 | * This product includes cryptographic software written by Eric Young | ||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
55 | * Hudson (tjh@cryptsoft.com). | ||
56 | * | ||
57 | */ | ||
58 | |||
59 | /* Simple program to check the ext_dat.h is correct and print out | ||
60 | * problems if it is not. | ||
61 | */ | ||
62 | |||
63 | #include <stdio.h> | ||
64 | |||
65 | #include <openssl/x509v3.h> | ||
66 | |||
67 | #include "ext_dat.h" | ||
68 | |||
69 | main() | ||
70 | { | ||
71 | int i, prev = -1, bad = 0; | ||
72 | X509V3_EXT_METHOD **tmp; | ||
73 | i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *); | ||
74 | if(i != STANDARD_EXTENSION_COUNT) | ||
75 | fprintf(stderr, "Extension number invalid expecting %d\n", i); | ||
76 | tmp = standard_exts; | ||
77 | for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) { | ||
78 | if((*tmp)->ext_nid < prev) bad = 1; | ||
79 | prev = (*tmp)->ext_nid; | ||
80 | |||
81 | } | ||
82 | if(bad) { | ||
83 | tmp = standard_exts; | ||
84 | fprintf(stderr, "Extensions out of order!\n"); | ||
85 | for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) | ||
86 | printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid)); | ||
87 | } else fprintf(stderr, "Order OK\n"); | ||
88 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c index 4099e6019e..96c04fe4f5 100644 --- a/src/lib/libcrypto/x509v3/v3_akey.c +++ b/src/lib/libcrypto/x509v3/v3_akey.c | |||
@@ -129,10 +129,10 @@ AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, | |||
129 | void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a) | 129 | void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a) |
130 | { | 130 | { |
131 | if (a == NULL) return; | 131 | if (a == NULL) return; |
132 | ASN1_OCTET_STRING_free(a->keyid); | 132 | M_ASN1_OCTET_STRING_free(a->keyid); |
133 | sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free); | 133 | sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free); |
134 | ASN1_INTEGER_free (a->serial); | 134 | M_ASN1_INTEGER_free (a->serial); |
135 | Free ((char *)a); | 135 | Free (a); |
136 | } | 136 | } |
137 | 137 | ||
138 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | 138 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
@@ -214,7 +214,7 @@ if(keyid) { | |||
214 | 214 | ||
215 | if((issuer && !ikeyid) || (issuer == 2)) { | 215 | if((issuer && !ikeyid) || (issuer == 2)) { |
216 | isname = X509_NAME_dup(X509_get_issuer_name(cert)); | 216 | isname = X509_NAME_dup(X509_get_issuer_name(cert)); |
217 | serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); | 217 | serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); |
218 | if(!isname || !serial) { | 218 | if(!isname || !serial) { |
219 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); | 219 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); |
220 | goto err; | 220 | goto err; |
@@ -241,8 +241,8 @@ return akeyid; | |||
241 | 241 | ||
242 | err: | 242 | err: |
243 | X509_NAME_free(isname); | 243 | X509_NAME_free(isname); |
244 | ASN1_INTEGER_free(serial); | 244 | M_ASN1_INTEGER_free(serial); |
245 | ASN1_OCTET_STRING_free(ikeyid); | 245 | M_ASN1_OCTET_STRING_free(ikeyid); |
246 | return NULL; | 246 | return NULL; |
247 | 247 | ||
248 | } | 248 | } |
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c index b5e1f8af96..5ccd1e0e3d 100644 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ b/src/lib/libcrypto/x509v3/v3_alt.c | |||
@@ -84,7 +84,6 @@ NULL, NULL, | |||
84 | (X509V3_EXT_I2V)i2v_GENERAL_NAMES, | 84 | (X509V3_EXT_I2V)i2v_GENERAL_NAMES, |
85 | (X509V3_EXT_V2I)v2i_issuer_alt, | 85 | (X509V3_EXT_V2I)v2i_issuer_alt, |
86 | NULL, NULL, NULL}, | 86 | NULL, NULL, NULL}, |
87 | EXT_END | ||
88 | }; | 87 | }; |
89 | 88 | ||
90 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, | 89 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, |
@@ -273,7 +272,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) | |||
273 | while((i = X509_NAME_get_index_by_NID(nm, | 272 | while((i = X509_NAME_get_index_by_NID(nm, |
274 | NID_pkcs9_emailAddress, i)) > 0) { | 273 | NID_pkcs9_emailAddress, i)) > 0) { |
275 | ne = X509_NAME_get_entry(nm, i); | 274 | ne = X509_NAME_get_entry(nm, i); |
276 | email = ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); | 275 | email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); |
277 | if(!email || !(gen = GENERAL_NAME_new())) { | 276 | if(!email || !(gen = GENERAL_NAME_new())) { |
278 | X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); | 277 | X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); |
279 | goto err; | 278 | goto err; |
@@ -293,7 +292,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) | |||
293 | 292 | ||
294 | err: | 293 | err: |
295 | GENERAL_NAME_free(gen); | 294 | GENERAL_NAME_free(gen); |
296 | ASN1_IA5STRING_free(email); | 295 | M_ASN1_IA5STRING_free(email); |
297 | return 0; | 296 | return 0; |
298 | 297 | ||
299 | } | 298 | } |
@@ -371,7 +370,7 @@ if(!name_cmp(name, "email")) { | |||
371 | goto err; | 370 | goto err; |
372 | } | 371 | } |
373 | ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; | 372 | ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; |
374 | if(!(gen->d.ip = ASN1_OCTET_STRING_new()) || | 373 | if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) || |
375 | !ASN1_STRING_set(gen->d.ip, ip, 4)) { | 374 | !ASN1_STRING_set(gen->d.ip, ip, 4)) { |
376 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); | 375 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); |
377 | goto err; | 376 | goto err; |
@@ -384,7 +383,7 @@ if(!name_cmp(name, "email")) { | |||
384 | } | 383 | } |
385 | 384 | ||
386 | if(is_string) { | 385 | if(is_string) { |
387 | if(!(gen->d.ia5 = ASN1_IA5STRING_new()) || | 386 | if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || |
388 | !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, | 387 | !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, |
389 | strlen(value))) { | 388 | strlen(value))) { |
390 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); | 389 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); |
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c index de2f855c35..1e3edc205f 100644 --- a/src/lib/libcrypto/x509v3/v3_bcons.c +++ b/src/lib/libcrypto/x509v3/v3_bcons.c | |||
@@ -122,8 +122,8 @@ BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, | |||
122 | void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a) | 122 | void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a) |
123 | { | 123 | { |
124 | if (a == NULL) return; | 124 | if (a == NULL) return; |
125 | ASN1_INTEGER_free (a->pathlen); | 125 | M_ASN1_INTEGER_free (a->pathlen); |
126 | Free ((char *)a); | 126 | Free (a); |
127 | } | 127 | } |
128 | 128 | ||
129 | static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, | 129 | static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, |
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c index 9828ba15b3..0e1167d05c 100644 --- a/src/lib/libcrypto/x509v3/v3_bitst.c +++ b/src/lib/libcrypto/x509v3/v3_bitst.c | |||
@@ -61,7 +61,6 @@ | |||
61 | #include <openssl/conf.h> | 61 | #include <openssl/conf.h> |
62 | #include <openssl/x509v3.h> | 62 | #include <openssl/x509v3.h> |
63 | 63 | ||
64 | static ASN1_BIT_STRING *asn1_bit_string_new(void); | ||
65 | static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | 64 | static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
66 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 65 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
67 | static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | 66 | static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
@@ -97,11 +96,6 @@ static BIT_STRING_BITNAME key_usage_type_table[] = { | |||
97 | X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); | 96 | X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); |
98 | X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); | 97 | X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); |
99 | 98 | ||
100 | static ASN1_BIT_STRING *asn1_bit_string_new(void) | ||
101 | { | ||
102 | return ASN1_BIT_STRING_new(); | ||
103 | } | ||
104 | |||
105 | static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | 99 | static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
106 | ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) | 100 | ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) |
107 | { | 101 | { |
@@ -120,7 +114,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | |||
120 | ASN1_BIT_STRING *bs; | 114 | ASN1_BIT_STRING *bs; |
121 | int i; | 115 | int i; |
122 | BIT_STRING_BITNAME *bnam; | 116 | BIT_STRING_BITNAME *bnam; |
123 | if(!(bs = ASN1_BIT_STRING_new())) { | 117 | if(!(bs = M_ASN1_BIT_STRING_new())) { |
124 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); | 118 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); |
125 | return NULL; | 119 | return NULL; |
126 | } | 120 | } |
@@ -137,7 +131,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | |||
137 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, | 131 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, |
138 | X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); | 132 | X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); |
139 | X509V3_conf_err(val); | 133 | X509V3_conf_err(val); |
140 | ASN1_BIT_STRING_free(bs); | 134 | M_ASN1_BIT_STRING_free(bs); |
141 | return NULL; | 135 | return NULL; |
142 | } | 136 | } |
143 | } | 137 | } |
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c index f19bb3ad84..b2f03010cc 100644 --- a/src/lib/libcrypto/x509v3/v3_conf.c +++ b/src/lib/libcrypto/x509v3/v3_conf.c | |||
@@ -170,13 +170,13 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | |||
170 | if(!(ext_der = Malloc(ext_len))) goto merr; | 170 | if(!(ext_der = Malloc(ext_len))) goto merr; |
171 | p = ext_der; | 171 | p = ext_der; |
172 | method->i2d(ext_struc, &p); | 172 | method->i2d(ext_struc, &p); |
173 | if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr; | 173 | if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; |
174 | ext_oct->data = ext_der; | 174 | ext_oct->data = ext_der; |
175 | ext_oct->length = ext_len; | 175 | ext_oct->length = ext_len; |
176 | 176 | ||
177 | ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); | 177 | ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); |
178 | if(!ext) goto merr; | 178 | if(!ext) goto merr; |
179 | ASN1_OCTET_STRING_free(ext_oct); | 179 | M_ASN1_OCTET_STRING_free(ext_oct); |
180 | 180 | ||
181 | return ext; | 181 | return ext; |
182 | 182 | ||
@@ -220,7 +220,7 @@ static int v3_check_generic(char **value) | |||
220 | return 1; | 220 | return 1; |
221 | } | 221 | } |
222 | 222 | ||
223 | /* Create a generic extension: for now just handle RAW type */ | 223 | /* Create a generic extension: for now just handle DER type */ |
224 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | 224 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, |
225 | int crit, int type) | 225 | int crit, int type) |
226 | { | 226 | { |
@@ -241,7 +241,7 @@ if(!(ext_der = string_to_hex(value, &ext_len))) { | |||
241 | goto err; | 241 | goto err; |
242 | } | 242 | } |
243 | 243 | ||
244 | if(!(oct = ASN1_OCTET_STRING_new())) { | 244 | if(!(oct = M_ASN1_OCTET_STRING_new())) { |
245 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); | 245 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); |
246 | goto err; | 246 | goto err; |
247 | } | 247 | } |
@@ -254,7 +254,7 @@ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); | |||
254 | 254 | ||
255 | err: | 255 | err: |
256 | ASN1_OBJECT_free(obj); | 256 | ASN1_OBJECT_free(obj); |
257 | ASN1_OCTET_STRING_free(oct); | 257 | M_ASN1_OCTET_STRING_free(oct); |
258 | if(ext_der) Free(ext_der); | 258 | if(ext_der) Free(ext_der); |
259 | return extension; | 259 | return extension; |
260 | } | 260 | } |
@@ -302,6 +302,30 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | |||
302 | return 1; | 302 | return 1; |
303 | } | 303 | } |
304 | 304 | ||
305 | /* Add extensions to certificate request */ | ||
306 | |||
307 | int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | ||
308 | X509_REQ *req) | ||
309 | { | ||
310 | X509_EXTENSION *ext; | ||
311 | STACK_OF(X509_EXTENSION) *extlist = NULL; | ||
312 | STACK_OF(CONF_VALUE) *nval; | ||
313 | CONF_VALUE *val; | ||
314 | int i; | ||
315 | if(!(nval = CONF_get_section(conf, section))) return 0; | ||
316 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
317 | val = sk_CONF_VALUE_value(nval, i); | ||
318 | if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) | ||
319 | return 0; | ||
320 | if(!extlist) extlist = sk_X509_EXTENSION_new_null(); | ||
321 | sk_X509_EXTENSION_push(extlist, ext); | ||
322 | } | ||
323 | if(req) i = X509_REQ_add_extensions(req, extlist); | ||
324 | else i = 1; | ||
325 | sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); | ||
326 | return i; | ||
327 | } | ||
328 | |||
305 | /* Config database functions */ | 329 | /* Config database functions */ |
306 | 330 | ||
307 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) | 331 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) |
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c index b4d4883545..466713b50d 100644 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ b/src/lib/libcrypto/x509v3/v3_cpols.c | |||
@@ -169,7 +169,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, | |||
169 | if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) | 169 | if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) |
170 | goto merr; | 170 | goto merr; |
171 | qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); | 171 | qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); |
172 | qual->d.cpsuri = ASN1_IA5STRING_new(); | 172 | qual->d.cpsuri = M_ASN1_IA5STRING_new(); |
173 | if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, | 173 | if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, |
174 | strlen(cnf->value))) goto merr; | 174 | strlen(cnf->value))) goto merr; |
175 | } else if(!name_cmp(cnf->name, "userNotice")) { | 175 | } else if(!name_cmp(cnf->name, "userNotice")) { |
@@ -229,7 +229,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | |||
229 | for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { | 229 | for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { |
230 | cnf = sk_CONF_VALUE_value(unot, i); | 230 | cnf = sk_CONF_VALUE_value(unot, i); |
231 | if(!strcmp(cnf->name, "explicitText")) { | 231 | if(!strcmp(cnf->name, "explicitText")) { |
232 | not->exptext = ASN1_VISIBLESTRING_new(); | 232 | not->exptext = M_ASN1_VISIBLESTRING_new(); |
233 | if(!ASN1_STRING_set(not->exptext, cnf->value, | 233 | if(!ASN1_STRING_set(not->exptext, cnf->value, |
234 | strlen(cnf->value))) goto merr; | 234 | strlen(cnf->value))) goto merr; |
235 | } else if(!strcmp(cnf->name, "organization")) { | 235 | } else if(!strcmp(cnf->name, "organization")) { |
@@ -238,8 +238,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | |||
238 | if(!(nref = NOTICEREF_new())) goto merr; | 238 | if(!(nref = NOTICEREF_new())) goto merr; |
239 | not->noticeref = nref; | 239 | not->noticeref = nref; |
240 | } else nref = not->noticeref; | 240 | } else nref = not->noticeref; |
241 | if(ia5org) nref->organization = ASN1_IA5STRING_new(); | 241 | if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); |
242 | else nref->organization = ASN1_VISIBLESTRING_new(); | 242 | else nref->organization = M_ASN1_VISIBLESTRING_new(); |
243 | if(!ASN1_STRING_set(nref->organization, cnf->value, | 243 | if(!ASN1_STRING_set(nref->organization, cnf->value, |
244 | strlen(cnf->value))) goto merr; | 244 | strlen(cnf->value))) goto merr; |
245 | } else if(!strcmp(cnf->name, "noticeNumbers")) { | 245 | } else if(!strcmp(cnf->name, "noticeNumbers")) { |
@@ -538,7 +538,7 @@ void POLICYQUALINFO_free(POLICYQUALINFO *a) | |||
538 | if (a == NULL) return; | 538 | if (a == NULL) return; |
539 | switch(OBJ_obj2nid(a->pqualid)) { | 539 | switch(OBJ_obj2nid(a->pqualid)) { |
540 | case NID_id_qt_cps: | 540 | case NID_id_qt_cps: |
541 | ASN1_IA5STRING_free(a->d.cpsuri); | 541 | M_ASN1_IA5STRING_free(a->d.cpsuri); |
542 | break; | 542 | break; |
543 | 543 | ||
544 | case NID_id_qt_unotice: | 544 | case NID_id_qt_unotice: |
@@ -596,7 +596,7 @@ void USERNOTICE_free(USERNOTICE *a) | |||
596 | { | 596 | { |
597 | if (a == NULL) return; | 597 | if (a == NULL) return; |
598 | NOTICEREF_free(a->noticeref); | 598 | NOTICEREF_free(a->noticeref); |
599 | DISPLAYTEXT_free(a->exptext); | 599 | M_DISPLAYTEXT_free(a->exptext); |
600 | Free (a); | 600 | Free (a); |
601 | } | 601 | } |
602 | 602 | ||
@@ -646,7 +646,7 @@ NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length) | |||
646 | void NOTICEREF_free(NOTICEREF *a) | 646 | void NOTICEREF_free(NOTICEREF *a) |
647 | { | 647 | { |
648 | if (a == NULL) return; | 648 | if (a == NULL) return; |
649 | DISPLAYTEXT_free(a->organization); | 649 | M_DISPLAYTEXT_free(a->organization); |
650 | sk_pop_free(a->noticenos, ASN1_STRING_free); | 650 | sk_pop_free(a->noticenos, ASN1_STRING_free); |
651 | Free (a); | 651 | Free (a); |
652 | } | 652 | } |
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c index 897ffb63e4..e459d2595a 100644 --- a/src/lib/libcrypto/x509v3/v3_crld.c +++ b/src/lib/libcrypto/x509v3/v3_crld.c | |||
@@ -211,20 +211,20 @@ void DIST_POINT_free(DIST_POINT *a) | |||
211 | { | 211 | { |
212 | if (a == NULL) return; | 212 | if (a == NULL) return; |
213 | DIST_POINT_NAME_free(a->distpoint); | 213 | DIST_POINT_NAME_free(a->distpoint); |
214 | ASN1_BIT_STRING_free(a->reasons); | 214 | M_ASN1_BIT_STRING_free(a->reasons); |
215 | sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free); | 215 | sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free); |
216 | Free ((char *)a); | 216 | Free (a); |
217 | } | 217 | } |
218 | 218 | ||
219 | int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp) | 219 | int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp) |
220 | { | 220 | { |
221 | int v = 0; | ||
222 | M_ASN1_I2D_vars(a); | 221 | M_ASN1_I2D_vars(a); |
223 | 222 | ||
224 | if(a->fullname) { | 223 | if(a->fullname) { |
225 | M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES); | 224 | M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES); |
226 | } else { | 225 | } else { |
227 | M_ASN1_I2D_len_EXP_opt (a->relativename, i2d_X509_NAME, 1, v); | 226 | M_ASN1_I2D_len_IMP_SET_opt_type(X509_NAME_ENTRY, |
227 | a->relativename, i2d_X509_NAME_ENTRY, 1); | ||
228 | } | 228 | } |
229 | 229 | ||
230 | /* Don't want a SEQUENCE so... */ | 230 | /* Don't want a SEQUENCE so... */ |
@@ -234,7 +234,8 @@ int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp) | |||
234 | if(a->fullname) { | 234 | if(a->fullname) { |
235 | M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0); | 235 | M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0); |
236 | } else { | 236 | } else { |
237 | M_ASN1_I2D_put_EXP_opt (a->relativename, i2d_X509_NAME, 1, v); | 237 | M_ASN1_I2D_put_IMP_SET_opt_type(X509_NAME_ENTRY, |
238 | a->relativename, i2d_X509_NAME_ENTRY, 1); | ||
238 | } | 239 | } |
239 | M_ASN1_I2D_finish(); | 240 | M_ASN1_I2D_finish(); |
240 | } | 241 | } |
@@ -253,9 +254,9 @@ DIST_POINT_NAME *DIST_POINT_NAME_new(void) | |||
253 | void DIST_POINT_NAME_free(DIST_POINT_NAME *a) | 254 | void DIST_POINT_NAME_free(DIST_POINT_NAME *a) |
254 | { | 255 | { |
255 | if (a == NULL) return; | 256 | if (a == NULL) return; |
256 | X509_NAME_free(a->relativename); | 257 | sk_X509_NAME_ENTRY_pop_free(a->relativename, X509_NAME_ENTRY_free); |
257 | sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free); | 258 | sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free); |
258 | Free ((char *)a); | 259 | Free (a); |
259 | } | 260 | } |
260 | 261 | ||
261 | DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, | 262 | DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, |
@@ -273,7 +274,8 @@ DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, | |||
273 | M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES, | 274 | M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES, |
274 | V_ASN1_SEQUENCE); | 275 | V_ASN1_SEQUENCE); |
275 | } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) { | 276 | } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) { |
276 | M_ASN1_D2I_get_EXP_opt (ret->relativename, d2i_X509_NAME, 1); | 277 | M_ASN1_D2I_get_IMP_set_opt_type (X509_NAME_ENTRY, |
278 | ret->relativename, d2i_X509_NAME_ENTRY, X509_NAME_ENTRY_free, 1); | ||
277 | } else { | 279 | } else { |
278 | c.error = ASN1_R_BAD_TAG; | 280 | c.error = ASN1_R_BAD_TAG; |
279 | goto err; | 281 | goto err; |
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c index db423548ff..aecfdc87f8 100644 --- a/src/lib/libcrypto/x509v3/v3_enum.c +++ b/src/lib/libcrypto/x509v3/v3_enum.c | |||
@@ -60,8 +60,6 @@ | |||
60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | #include <openssl/x509v3.h> | 61 | #include <openssl/x509v3.h> |
62 | 62 | ||
63 | static ASN1_ENUMERATED *asn1_enumerated_new(void); | ||
64 | |||
65 | static ENUMERATED_NAMES crl_reasons[] = { | 63 | static ENUMERATED_NAMES crl_reasons[] = { |
66 | {0, "Unspecified", "unspecified"}, | 64 | {0, "Unspecified", "unspecified"}, |
67 | {1, "Key Compromise", "keyCompromise"}, | 65 | {1, "Key Compromise", "keyCompromise"}, |
@@ -76,20 +74,15 @@ static ENUMERATED_NAMES crl_reasons[] = { | |||
76 | 74 | ||
77 | X509V3_EXT_METHOD v3_crl_reason = { | 75 | X509V3_EXT_METHOD v3_crl_reason = { |
78 | NID_crl_reason, 0, | 76 | NID_crl_reason, 0, |
79 | (X509V3_EXT_NEW)asn1_enumerated_new, | 77 | (X509V3_EXT_NEW)ASN1_ENUMERATED_new, |
80 | (X509V3_EXT_FREE)ASN1_STRING_free, | 78 | (X509V3_EXT_FREE)ASN1_ENUMERATED_free, |
81 | (X509V3_EXT_D2I)d2i_ASN1_ENUMERATED, | 79 | (X509V3_EXT_D2I)d2i_ASN1_ENUMERATED, |
82 | (X509V3_EXT_I2D)i2d_ASN1_ENUMERATED, | 80 | (X509V3_EXT_I2D)i2d_ASN1_ENUMERATED, |
83 | (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, | 81 | (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, |
84 | (X509V3_EXT_S2I)NULL, | 82 | (X509V3_EXT_S2I)0, |
85 | NULL, NULL, NULL, NULL, crl_reasons}; | 83 | NULL, NULL, NULL, NULL, crl_reasons}; |
86 | 84 | ||
87 | 85 | ||
88 | static ASN1_ENUMERATED *asn1_enumerated_new(void) | ||
89 | { | ||
90 | return ASN1_ENUMERATED_new(); | ||
91 | } | ||
92 | |||
93 | char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, | 86 | char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, |
94 | ASN1_ENUMERATED *e) | 87 | ASN1_ENUMERATED *e) |
95 | { | 88 | { |
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c index af716232f8..894afa7e03 100644 --- a/src/lib/libcrypto/x509v3/v3_genn.c +++ b/src/lib/libcrypto/x509v3/v3_genn.c | |||
@@ -88,12 +88,15 @@ int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp) | |||
88 | 88 | ||
89 | switch(a->type) { | 89 | switch(a->type) { |
90 | 90 | ||
91 | case GEN_OTHERNAME: | ||
92 | case GEN_X400: | 91 | case GEN_X400: |
93 | case GEN_EDIPARTY: | 92 | case GEN_EDIPARTY: |
94 | ret = i2d_ASN1_TYPE(a->d.other, pp); | 93 | ret = i2d_ASN1_TYPE(a->d.other, pp); |
95 | break; | 94 | break; |
96 | 95 | ||
96 | case GEN_OTHERNAME: | ||
97 | ret = i2d_OTHERNAME(a->d.otherName, pp); | ||
98 | break; | ||
99 | |||
97 | case GEN_EMAIL: | 100 | case GEN_EMAIL: |
98 | case GEN_DNS: | 101 | case GEN_DNS: |
99 | case GEN_URI: | 102 | case GEN_URI: |
@@ -137,12 +140,15 @@ GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, | |||
137 | 140 | ||
138 | switch(ret->type) { | 141 | switch(ret->type) { |
139 | /* Just put these in a "blob" for now */ | 142 | /* Just put these in a "blob" for now */ |
140 | case GEN_OTHERNAME: | ||
141 | case GEN_X400: | 143 | case GEN_X400: |
142 | case GEN_EDIPARTY: | 144 | case GEN_EDIPARTY: |
143 | M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE); | 145 | M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE); |
144 | break; | 146 | break; |
145 | 147 | ||
148 | case GEN_OTHERNAME: | ||
149 | M_ASN1_D2I_get_imp(ret->d.otherName, d2i_OTHERNAME,V_ASN1_SEQUENCE); | ||
150 | break; | ||
151 | |||
146 | case GEN_EMAIL: | 152 | case GEN_EMAIL: |
147 | case GEN_DNS: | 153 | case GEN_DNS: |
148 | case GEN_URI: | 154 | case GEN_URI: |
@@ -176,17 +182,20 @@ void GENERAL_NAME_free(GENERAL_NAME *a) | |||
176 | { | 182 | { |
177 | if (a == NULL) return; | 183 | if (a == NULL) return; |
178 | switch(a->type) { | 184 | switch(a->type) { |
179 | case GEN_OTHERNAME: | ||
180 | case GEN_X400: | 185 | case GEN_X400: |
181 | case GEN_EDIPARTY: | 186 | case GEN_EDIPARTY: |
182 | ASN1_TYPE_free(a->d.other); | 187 | ASN1_TYPE_free(a->d.other); |
183 | break; | 188 | break; |
184 | 189 | ||
190 | case GEN_OTHERNAME: | ||
191 | OTHERNAME_free(a->d.otherName); | ||
192 | break; | ||
193 | |||
185 | case GEN_EMAIL: | 194 | case GEN_EMAIL: |
186 | case GEN_DNS: | 195 | case GEN_DNS: |
187 | case GEN_URI: | 196 | case GEN_URI: |
188 | 197 | ||
189 | ASN1_IA5STRING_free(a->d.ia5); | 198 | M_ASN1_IA5STRING_free(a->d.ia5); |
190 | break; | 199 | break; |
191 | 200 | ||
192 | case GEN_DIRNAME: | 201 | case GEN_DIRNAME: |
@@ -194,7 +203,7 @@ void GENERAL_NAME_free(GENERAL_NAME *a) | |||
194 | break; | 203 | break; |
195 | 204 | ||
196 | case GEN_IPADD: | 205 | case GEN_IPADD: |
197 | ASN1_OCTET_STRING_free(a->d.ip); | 206 | M_ASN1_OCTET_STRING_free(a->d.ip); |
198 | break; | 207 | break; |
199 | 208 | ||
200 | case GEN_RID: | 209 | case GEN_RID: |
@@ -202,11 +211,11 @@ void GENERAL_NAME_free(GENERAL_NAME *a) | |||
202 | break; | 211 | break; |
203 | 212 | ||
204 | } | 213 | } |
205 | Free ((char *)a); | 214 | Free (a); |
206 | } | 215 | } |
207 | 216 | ||
208 | /* Now the GeneralNames versions: a SEQUENCE OF GeneralName These are needed as | 217 | /* Now the GeneralNames versions: a SEQUENCE OF GeneralName. These are needed as |
209 | * an explicit functions. | 218 | * explicit functions. |
210 | */ | 219 | */ |
211 | 220 | ||
212 | STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new() | 221 | STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new() |
@@ -235,3 +244,48 @@ return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE, | |||
235 | IMPLEMENT_STACK_OF(GENERAL_NAME) | 244 | IMPLEMENT_STACK_OF(GENERAL_NAME) |
236 | IMPLEMENT_ASN1_SET_OF(GENERAL_NAME) | 245 | IMPLEMENT_ASN1_SET_OF(GENERAL_NAME) |
237 | 246 | ||
247 | int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp) | ||
248 | { | ||
249 | int v = 0; | ||
250 | M_ASN1_I2D_vars(a); | ||
251 | |||
252 | M_ASN1_I2D_len(a->type_id, i2d_ASN1_OBJECT); | ||
253 | M_ASN1_I2D_len_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v); | ||
254 | |||
255 | M_ASN1_I2D_seq_total(); | ||
256 | |||
257 | M_ASN1_I2D_put(a->type_id, i2d_ASN1_OBJECT); | ||
258 | M_ASN1_I2D_put_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v); | ||
259 | |||
260 | M_ASN1_I2D_finish(); | ||
261 | } | ||
262 | |||
263 | OTHERNAME *OTHERNAME_new(void) | ||
264 | { | ||
265 | OTHERNAME *ret=NULL; | ||
266 | ASN1_CTX c; | ||
267 | M_ASN1_New_Malloc(ret, OTHERNAME); | ||
268 | ret->type_id = OBJ_nid2obj(NID_undef); | ||
269 | M_ASN1_New(ret->value, ASN1_TYPE_new); | ||
270 | return (ret); | ||
271 | M_ASN1_New_Error(ASN1_F_OTHERNAME_NEW); | ||
272 | } | ||
273 | |||
274 | OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length) | ||
275 | { | ||
276 | M_ASN1_D2I_vars(a,OTHERNAME *,OTHERNAME_new); | ||
277 | M_ASN1_D2I_Init(); | ||
278 | M_ASN1_D2I_start_sequence(); | ||
279 | M_ASN1_D2I_get(ret->type_id, d2i_ASN1_OBJECT); | ||
280 | M_ASN1_D2I_get_EXP_opt(ret->value, d2i_ASN1_TYPE, 0); | ||
281 | M_ASN1_D2I_Finish(a, OTHERNAME_free, ASN1_F_D2I_OTHERNAME); | ||
282 | } | ||
283 | |||
284 | void OTHERNAME_free(OTHERNAME *a) | ||
285 | { | ||
286 | if (a == NULL) return; | ||
287 | ASN1_OBJECT_free(a->type_id); | ||
288 | ASN1_TYPE_free(a->value); | ||
289 | Free (a); | ||
290 | } | ||
291 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c index 3446c5cd6a..af3525f33e 100644 --- a/src/lib/libcrypto/x509v3/v3_ia5.c +++ b/src/lib/libcrypto/x509v3/v3_ia5.c | |||
@@ -63,7 +63,6 @@ | |||
63 | #include <openssl/conf.h> | 63 | #include <openssl/conf.h> |
64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
65 | 65 | ||
66 | static ASN1_IA5STRING *ia5string_new(void); | ||
67 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); | 66 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); |
68 | static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | 67 | static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); |
69 | X509V3_EXT_METHOD v3_ns_ia5_list[] = { | 68 | X509V3_EXT_METHOD v3_ns_ia5_list[] = { |
@@ -78,11 +77,6 @@ EXT_END | |||
78 | }; | 77 | }; |
79 | 78 | ||
80 | 79 | ||
81 | static ASN1_IA5STRING *ia5string_new(void) | ||
82 | { | ||
83 | return ASN1_IA5STRING_new(); | ||
84 | } | ||
85 | |||
86 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, | 80 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, |
87 | ASN1_IA5STRING *ia5) | 81 | ASN1_IA5STRING *ia5) |
88 | { | 82 | { |
@@ -102,12 +96,15 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, | |||
102 | X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); | 96 | X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); |
103 | return NULL; | 97 | return NULL; |
104 | } | 98 | } |
105 | if(!(ia5 = ASN1_IA5STRING_new())) goto err; | 99 | if(!(ia5 = M_ASN1_IA5STRING_new())) goto err; |
106 | if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, | 100 | if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, |
107 | strlen(str))) { | 101 | strlen(str))) { |
108 | ASN1_IA5STRING_free(ia5); | 102 | M_ASN1_IA5STRING_free(ia5); |
109 | goto err; | 103 | goto err; |
110 | } | 104 | } |
105 | #ifdef CHARSET_EBCDIC | ||
106 | ebcdic2ascii(ia5->data, ia5->data, ia5->length); | ||
107 | #endif /*CHARSET_EBCDIC*/ | ||
111 | return ia5; | 108 | return ia5; |
112 | err: | 109 | err: |
113 | X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); | 110 | X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); |
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c new file mode 100644 index 0000000000..78d2135046 --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_info.c | |||
@@ -0,0 +1,236 @@ | |||
1 | /* v3_info.c */ | ||
2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | ||
3 | * project 1999. | ||
4 | */ | ||
5 | /* ==================================================================== | ||
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * | ||
12 | * 1. Redistributions of source code must retain the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer. | ||
14 | * | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in | ||
17 | * the documentation and/or other materials provided with the | ||
18 | * distribution. | ||
19 | * | ||
20 | * 3. All advertising materials mentioning features or use of this | ||
21 | * software must display the following acknowledgment: | ||
22 | * "This product includes software developed by the OpenSSL Project | ||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | * | ||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | * endorse or promote products derived from this software without | ||
27 | * prior written permission. For written permission, please contact | ||
28 | * licensing@OpenSSL.org. | ||
29 | * | ||
30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
31 | * nor may "OpenSSL" appear in their names without prior written | ||
32 | * permission of the OpenSSL Project. | ||
33 | * | ||
34 | * 6. Redistributions of any form whatsoever must retain the following | ||
35 | * acknowledgment: | ||
36 | * "This product includes software developed by the OpenSSL Project | ||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | * ==================================================================== | ||
52 | * | ||
53 | * This product includes cryptographic software written by Eric Young | ||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
55 | * Hudson (tjh@cryptsoft.com). | ||
56 | * | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include "cryptlib.h" | ||
61 | #include <openssl/conf.h> | ||
62 | #include <openssl/asn1.h> | ||
63 | #include <openssl/asn1_mac.h> | ||
64 | #include <openssl/x509v3.h> | ||
65 | |||
66 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | ||
67 | STACK_OF(ACCESS_DESCRIPTION) *ainfo, | ||
68 | STACK_OF(CONF_VALUE) *ret); | ||
69 | static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | ||
70 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
71 | |||
72 | X509V3_EXT_METHOD v3_info = | ||
73 | { NID_info_access, X509V3_EXT_MULTILINE, | ||
74 | (X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new, | ||
75 | (X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free, | ||
76 | (X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS, | ||
77 | (X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS, | ||
78 | NULL, NULL, | ||
79 | (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, | ||
80 | (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, | ||
81 | NULL, NULL, NULL}; | ||
82 | |||
83 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | ||
84 | STACK_OF(ACCESS_DESCRIPTION) *ainfo, | ||
85 | STACK_OF(CONF_VALUE) *ret) | ||
86 | { | ||
87 | ACCESS_DESCRIPTION *desc; | ||
88 | int i; | ||
89 | char objtmp[80], *ntmp; | ||
90 | CONF_VALUE *vtmp; | ||
91 | for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { | ||
92 | desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); | ||
93 | ret = i2v_GENERAL_NAME(method, desc->location, ret); | ||
94 | if(!ret) break; | ||
95 | vtmp = sk_CONF_VALUE_value(ret, i); | ||
96 | i2t_ASN1_OBJECT(objtmp, 80, desc->method); | ||
97 | ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5); | ||
98 | if(!ntmp) { | ||
99 | X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, | ||
100 | ERR_R_MALLOC_FAILURE); | ||
101 | return NULL; | ||
102 | } | ||
103 | strcpy(ntmp, objtmp); | ||
104 | strcat(ntmp, " - "); | ||
105 | strcat(ntmp, vtmp->name); | ||
106 | Free(vtmp->name); | ||
107 | vtmp->name = ntmp; | ||
108 | |||
109 | } | ||
110 | if(!ret) return sk_CONF_VALUE_new_null(); | ||
111 | return ret; | ||
112 | } | ||
113 | |||
114 | static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | ||
115 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | ||
116 | { | ||
117 | STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL; | ||
118 | CONF_VALUE *cnf, ctmp; | ||
119 | ACCESS_DESCRIPTION *acc; | ||
120 | int i, objlen; | ||
121 | char *objtmp, *ptmp; | ||
122 | if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) { | ||
123 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); | ||
124 | return NULL; | ||
125 | } | ||
126 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
127 | cnf = sk_CONF_VALUE_value(nval, i); | ||
128 | if(!(acc = ACCESS_DESCRIPTION_new()) | ||
129 | || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { | ||
130 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); | ||
131 | goto err; | ||
132 | } | ||
133 | ptmp = strchr(cnf->name, ';'); | ||
134 | if(!ptmp) { | ||
135 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX); | ||
136 | goto err; | ||
137 | } | ||
138 | objlen = ptmp - cnf->name; | ||
139 | ctmp.name = ptmp + 1; | ||
140 | ctmp.value = cnf->value; | ||
141 | if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) | ||
142 | goto err; | ||
143 | if(!(objtmp = Malloc(objlen + 1))) { | ||
144 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); | ||
145 | goto err; | ||
146 | } | ||
147 | strncpy(objtmp, cnf->name, objlen); | ||
148 | objtmp[objlen] = 0; | ||
149 | acc->method = OBJ_txt2obj(objtmp, 0); | ||
150 | if(!acc->method) { | ||
151 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); | ||
152 | ERR_add_error_data(2, "value=", objtmp); | ||
153 | Free(objtmp); | ||
154 | goto err; | ||
155 | } | ||
156 | Free(objtmp); | ||
157 | |||
158 | } | ||
159 | return ainfo; | ||
160 | err: | ||
161 | sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); | ||
162 | return NULL; | ||
163 | } | ||
164 | |||
165 | int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp) | ||
166 | { | ||
167 | M_ASN1_I2D_vars(a); | ||
168 | |||
169 | M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT); | ||
170 | M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME); | ||
171 | |||
172 | M_ASN1_I2D_seq_total(); | ||
173 | |||
174 | M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT); | ||
175 | M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME); | ||
176 | |||
177 | M_ASN1_I2D_finish(); | ||
178 | } | ||
179 | |||
180 | ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void) | ||
181 | { | ||
182 | ACCESS_DESCRIPTION *ret=NULL; | ||
183 | ASN1_CTX c; | ||
184 | M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION); | ||
185 | ret->method = OBJ_nid2obj(NID_undef); | ||
186 | ret->location = NULL; | ||
187 | return (ret); | ||
188 | M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW); | ||
189 | } | ||
190 | |||
191 | ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp, | ||
192 | long length) | ||
193 | { | ||
194 | M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new); | ||
195 | M_ASN1_D2I_Init(); | ||
196 | M_ASN1_D2I_start_sequence(); | ||
197 | M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT); | ||
198 | M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME); | ||
199 | M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION); | ||
200 | } | ||
201 | |||
202 | void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a) | ||
203 | { | ||
204 | if (a == NULL) return; | ||
205 | ASN1_OBJECT_free(a->method); | ||
206 | GENERAL_NAME_free(a->location); | ||
207 | Free (a); | ||
208 | } | ||
209 | |||
210 | STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void) | ||
211 | { | ||
212 | return sk_ACCESS_DESCRIPTION_new(NULL); | ||
213 | } | ||
214 | |||
215 | void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a) | ||
216 | { | ||
217 | sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free); | ||
218 | } | ||
219 | |||
220 | STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a, | ||
221 | unsigned char **pp, long length) | ||
222 | { | ||
223 | return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION, | ||
224 | ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
225 | } | ||
226 | |||
227 | int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp) | ||
228 | { | ||
229 | return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE, | ||
230 | V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
231 | } | ||
232 | |||
233 | IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION) | ||
234 | IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION) | ||
235 | |||
236 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c index 637dd5e128..63c201e5f4 100644 --- a/src/lib/libcrypto/x509v3/v3_int.c +++ b/src/lib/libcrypto/x509v3/v3_int.c | |||
@@ -60,20 +60,13 @@ | |||
60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
61 | #include <openssl/x509v3.h> | 61 | #include <openssl/x509v3.h> |
62 | 62 | ||
63 | static ASN1_INTEGER *asn1_integer_new(void); | ||
64 | |||
65 | X509V3_EXT_METHOD v3_crl_num = { | 63 | X509V3_EXT_METHOD v3_crl_num = { |
66 | NID_crl_number, 0, | 64 | NID_crl_number, 0, |
67 | (X509V3_EXT_NEW)asn1_integer_new, | 65 | (X509V3_EXT_NEW)ASN1_INTEGER_new, |
68 | (X509V3_EXT_FREE)ASN1_STRING_free, | 66 | (X509V3_EXT_FREE)ASN1_INTEGER_free, |
69 | (X509V3_EXT_D2I)d2i_ASN1_INTEGER, | 67 | (X509V3_EXT_D2I)d2i_ASN1_INTEGER, |
70 | (X509V3_EXT_I2D)i2d_ASN1_INTEGER, | 68 | (X509V3_EXT_I2D)i2d_ASN1_INTEGER, |
71 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | 69 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, |
72 | (X509V3_EXT_S2I)NULL, | 70 | (X509V3_EXT_S2I)0, |
73 | NULL, NULL, NULL, NULL, NULL}; | 71 | NULL, NULL, NULL, NULL, NULL}; |
74 | 72 | ||
75 | |||
76 | static ASN1_INTEGER *asn1_integer_new(void) | ||
77 | { | ||
78 | return ASN1_INTEGER_new(); | ||
79 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c index a0aa5de794..4242d130a2 100644 --- a/src/lib/libcrypto/x509v3/v3_lib.c +++ b/src/lib/libcrypto/x509v3/v3_lib.c | |||
@@ -62,6 +62,8 @@ | |||
62 | #include <openssl/conf.h> | 62 | #include <openssl/conf.h> |
63 | #include <openssl/x509v3.h> | 63 | #include <openssl/x509v3.h> |
64 | 64 | ||
65 | #include "ext_dat.h" | ||
66 | |||
65 | static STACK *ext_list = NULL; | 67 | static STACK *ext_list = NULL; |
66 | 68 | ||
67 | static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b); | 69 | static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b); |
@@ -87,10 +89,15 @@ static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b) | |||
87 | 89 | ||
88 | X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) | 90 | X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) |
89 | { | 91 | { |
90 | X509V3_EXT_METHOD tmp; | 92 | X509V3_EXT_METHOD tmp, *t = &tmp, **ret; |
91 | int idx; | 93 | int idx; |
94 | if(nid < 0) return NULL; | ||
92 | tmp.ext_nid = nid; | 95 | tmp.ext_nid = nid; |
93 | if(!ext_list || (tmp.ext_nid < 0) ) return NULL; | 96 | ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t, |
97 | (char *)standard_exts, STANDARD_EXTENSION_COUNT, | ||
98 | sizeof(X509V3_EXT_METHOD *), (int (*)())ext_cmp); | ||
99 | if(ret) return *ret; | ||
100 | if(!ext_list) return NULL; | ||
94 | idx = sk_find(ext_list, (char *)&tmp); | 101 | idx = sk_find(ext_list, (char *)&tmp); |
95 | if(idx == -1) return NULL; | 102 | if(idx == -1) return NULL; |
96 | return (X509V3_EXT_METHOD *)sk_value(ext_list, idx); | 103 | return (X509V3_EXT_METHOD *)sk_value(ext_list, idx); |
@@ -125,7 +132,7 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) | |||
125 | *tmpext = *ext; | 132 | *tmpext = *ext; |
126 | tmpext->ext_nid = nid_to; | 133 | tmpext->ext_nid = nid_to; |
127 | tmpext->ext_flags |= X509V3_EXT_DYNAMIC; | 134 | tmpext->ext_flags |= X509V3_EXT_DYNAMIC; |
128 | return 1; | 135 | return X509V3_EXT_add(tmpext); |
129 | } | 136 | } |
130 | 137 | ||
131 | void X509V3_EXT_cleanup(void) | 138 | void X509V3_EXT_cleanup(void) |
@@ -139,28 +146,12 @@ static void ext_list_free(X509V3_EXT_METHOD *ext) | |||
139 | if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext); | 146 | if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext); |
140 | } | 147 | } |
141 | 148 | ||
142 | extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; | 149 | /* Legacy function: we don't need to add standard extensions |
143 | extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet; | 150 | * any more because they are now kept in ext_dat.h. |
144 | extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; | 151 | */ |
145 | |||
146 | extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; | ||
147 | 152 | ||
148 | int X509V3_add_standard_extensions(void) | 153 | int X509V3_add_standard_extensions(void) |
149 | { | 154 | { |
150 | X509V3_EXT_add_list(v3_ns_ia5_list); | ||
151 | X509V3_EXT_add_list(v3_alt); | ||
152 | X509V3_EXT_add(&v3_bcons); | ||
153 | X509V3_EXT_add(&v3_nscert); | ||
154 | X509V3_EXT_add(&v3_key_usage); | ||
155 | X509V3_EXT_add(&v3_ext_ku); | ||
156 | X509V3_EXT_add(&v3_skey_id); | ||
157 | X509V3_EXT_add(&v3_akey_id); | ||
158 | X509V3_EXT_add(&v3_pkey_usage_period); | ||
159 | X509V3_EXT_add(&v3_crl_num); | ||
160 | X509V3_EXT_add(&v3_sxnet); | ||
161 | X509V3_EXT_add(&v3_crl_reason); | ||
162 | X509V3_EXT_add(&v3_cpols); | ||
163 | X509V3_EXT_add(&v3_crld); | ||
164 | return 1; | 155 | return 1; |
165 | } | 156 | } |
166 | 157 | ||
@@ -175,3 +166,56 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) | |||
175 | return method->d2i(NULL, &p, ext->value->length); | 166 | return method->d2i(NULL, &p, ext->value->length); |
176 | } | 167 | } |
177 | 168 | ||
169 | /* Get critical flag and decoded version of extension from a NID. | ||
170 | * The "idx" variable returns the last found extension and can | ||
171 | * be used to retrieve multiple extensions of the same NID. | ||
172 | * However multiple extensions with the same NID is usually | ||
173 | * due to a badly encoded certificate so if idx is NULL we | ||
174 | * choke if multiple extensions exist. | ||
175 | * The "crit" variable is set to the critical value. | ||
176 | * The return value is the decoded extension or NULL on | ||
177 | * error. The actual error can have several different causes, | ||
178 | * the value of *crit reflects the cause: | ||
179 | * >= 0, extension found but not decoded (reflects critical value). | ||
180 | * -1 extension not found. | ||
181 | * -2 extension occurs more than once. | ||
182 | */ | ||
183 | |||
184 | void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) | ||
185 | { | ||
186 | int lastpos, i; | ||
187 | X509_EXTENSION *ex, *found_ex = NULL; | ||
188 | if(!x) { | ||
189 | if(idx) *idx = -1; | ||
190 | if(crit) *crit = -1; | ||
191 | return NULL; | ||
192 | } | ||
193 | if(idx) lastpos = *idx + 1; | ||
194 | else lastpos = 0; | ||
195 | if(lastpos < 0) lastpos = 0; | ||
196 | for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) | ||
197 | { | ||
198 | ex = sk_X509_EXTENSION_value(x, i); | ||
199 | if(OBJ_obj2nid(ex->object) == nid) { | ||
200 | if(idx) { | ||
201 | *idx = i; | ||
202 | break; | ||
203 | } else if(found_ex) { | ||
204 | /* Found more than one */ | ||
205 | if(crit) *crit = -2; | ||
206 | return NULL; | ||
207 | } | ||
208 | found_ex = ex; | ||
209 | } | ||
210 | } | ||
211 | if(found_ex) { | ||
212 | /* Found it */ | ||
213 | if(crit) *crit = found_ex->critical; | ||
214 | return X509V3_EXT_d2i(found_ex); | ||
215 | } | ||
216 | |||
217 | /* Extension not found */ | ||
218 | if(idx) *idx = -1; | ||
219 | if(crit) *crit = -1; | ||
220 | return NULL; | ||
221 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c index c13e7d8f45..30a62c6090 100644 --- a/src/lib/libcrypto/x509v3/v3_pku.c +++ b/src/lib/libcrypto/x509v3/v3_pku.c | |||
@@ -119,9 +119,9 @@ PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, | |||
119 | void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a) | 119 | void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a) |
120 | { | 120 | { |
121 | if (a == NULL) return; | 121 | if (a == NULL) return; |
122 | ASN1_GENERALIZEDTIME_free(a->notBefore); | 122 | M_ASN1_GENERALIZEDTIME_free(a->notBefore); |
123 | ASN1_GENERALIZEDTIME_free(a->notAfter); | 123 | M_ASN1_GENERALIZEDTIME_free(a->notAfter); |
124 | Free ((char *)a); | 124 | Free (a); |
125 | } | 125 | } |
126 | 126 | ||
127 | static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, | 127 | static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, |
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c index dc20c6bdba..bee624c6be 100644 --- a/src/lib/libcrypto/x509v3/v3_prn.c +++ b/src/lib/libcrypto/x509v3/v3_prn.c | |||
@@ -81,7 +81,15 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) | |||
81 | nval = sk_CONF_VALUE_value(val, i); | 81 | nval = sk_CONF_VALUE_value(val, i); |
82 | if(!nval->name) BIO_puts(out, nval->value); | 82 | if(!nval->name) BIO_puts(out, nval->value); |
83 | else if(!nval->value) BIO_puts(out, nval->name); | 83 | else if(!nval->value) BIO_puts(out, nval->name); |
84 | #ifndef CHARSET_EBCDIC | ||
84 | else BIO_printf(out, "%s:%s", nval->name, nval->value); | 85 | else BIO_printf(out, "%s:%s", nval->name, nval->value); |
86 | #else | ||
87 | else { | ||
88 | char tmp[10240]; /* 10k is BIO_printf's limit anyway */ | ||
89 | ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1); | ||
90 | BIO_printf(out, "%s:%s", nval->name, tmp); | ||
91 | } | ||
92 | #endif | ||
85 | if(ml) BIO_puts(out, "\n"); | 93 | if(ml) BIO_puts(out, "\n"); |
86 | } | 94 | } |
87 | } | 95 | } |
@@ -103,7 +111,15 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent) | |||
103 | ok = 0; | 111 | ok = 0; |
104 | goto err; | 112 | goto err; |
105 | } | 113 | } |
114 | #ifndef CHARSET_EBCDIC | ||
106 | BIO_printf(out, "%*s%s", indent, "", value); | 115 | BIO_printf(out, "%*s%s", indent, "", value); |
116 | #else | ||
117 | { | ||
118 | char tmp[10240]; /* 10k is BIO_printf's limit anyway */ | ||
119 | ascii2ebcdic(tmp, value, strlen(value)+1); | ||
120 | BIO_printf(out, "%*s%s", indent, "", tmp); | ||
121 | } | ||
122 | #endif | ||
107 | } else if(method->i2v) { | 123 | } else if(method->i2v) { |
108 | if(!(nval = method->i2v(method, ext_str, NULL))) { | 124 | if(!(nval = method->i2v(method, ext_str, NULL))) { |
109 | ok = 0; | 125 | ok = 0; |
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c new file mode 100644 index 0000000000..b7494ebcd5 --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_purp.c | |||
@@ -0,0 +1,456 @@ | |||
1 | /* v3_purp.c */ | ||
2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | ||
3 | * project 1999. | ||
4 | */ | ||
5 | /* ==================================================================== | ||
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * | ||
12 | * 1. Redistributions of source code must retain the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer. | ||
14 | * | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in | ||
17 | * the documentation and/or other materials provided with the | ||
18 | * distribution. | ||
19 | * | ||
20 | * 3. All advertising materials mentioning features or use of this | ||
21 | * software must display the following acknowledgment: | ||
22 | * "This product includes software developed by the OpenSSL Project | ||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | * | ||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | * endorse or promote products derived from this software without | ||
27 | * prior written permission. For written permission, please contact | ||
28 | * licensing@OpenSSL.org. | ||
29 | * | ||
30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
31 | * nor may "OpenSSL" appear in their names without prior written | ||
32 | * permission of the OpenSSL Project. | ||
33 | * | ||
34 | * 6. Redistributions of any form whatsoever must retain the following | ||
35 | * acknowledgment: | ||
36 | * "This product includes software developed by the OpenSSL Project | ||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | * ==================================================================== | ||
52 | * | ||
53 | * This product includes cryptographic software written by Eric Young | ||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
55 | * Hudson (tjh@cryptsoft.com). | ||
56 | * | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include "cryptlib.h" | ||
61 | #include <openssl/x509v3.h> | ||
62 | |||
63 | |||
64 | static void x509v3_cache_extensions(X509 *x); | ||
65 | |||
66 | static int ca_check(X509 *x); | ||
67 | static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca); | ||
68 | static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); | ||
69 | static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); | ||
70 | static int purpose_smime(X509 *x, int ca); | ||
71 | static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca); | ||
72 | static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca); | ||
73 | static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca); | ||
74 | |||
75 | static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b); | ||
76 | static void xptable_free(X509_PURPOSE *p); | ||
77 | |||
78 | static X509_PURPOSE xstandard[] = { | ||
79 | {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL}, | ||
80 | {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL}, | ||
81 | {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, | ||
82 | {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, | ||
83 | {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, | ||
84 | {X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, | ||
85 | }; | ||
86 | |||
87 | #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) | ||
88 | |||
89 | IMPLEMENT_STACK_OF(X509_PURPOSE) | ||
90 | |||
91 | static STACK_OF(X509_PURPOSE) *xptable = NULL; | ||
92 | |||
93 | static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b) | ||
94 | { | ||
95 | return (*a)->purpose - (*b)->purpose; | ||
96 | } | ||
97 | |||
98 | int X509_check_purpose(X509 *x, int id, int ca) | ||
99 | { | ||
100 | int idx; | ||
101 | X509_PURPOSE *pt; | ||
102 | if(!(x->ex_flags & EXFLAG_SET)) { | ||
103 | CRYPTO_w_lock(CRYPTO_LOCK_X509); | ||
104 | x509v3_cache_extensions(x); | ||
105 | CRYPTO_w_unlock(CRYPTO_LOCK_X509); | ||
106 | } | ||
107 | if(id == -1) return 1; | ||
108 | idx = X509_PURPOSE_get_by_id(id); | ||
109 | if(idx == -1) return -1; | ||
110 | pt = X509_PURPOSE_get0(idx); | ||
111 | return pt->check_purpose(pt, x, ca); | ||
112 | } | ||
113 | |||
114 | int X509_PURPOSE_get_count(void) | ||
115 | { | ||
116 | if(!xptable) return X509_PURPOSE_COUNT; | ||
117 | return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; | ||
118 | } | ||
119 | |||
120 | X509_PURPOSE * X509_PURPOSE_get0(int idx) | ||
121 | { | ||
122 | if(idx < 0) return NULL; | ||
123 | if(idx < X509_PURPOSE_COUNT) return xstandard + idx; | ||
124 | return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); | ||
125 | } | ||
126 | |||
127 | int X509_PURPOSE_get_by_sname(char *sname) | ||
128 | { | ||
129 | int i; | ||
130 | X509_PURPOSE *xptmp; | ||
131 | for(i = 0; i < X509_PURPOSE_get_count(); i++) { | ||
132 | xptmp = X509_PURPOSE_get0(i); | ||
133 | if(!strcmp(xptmp->sname, sname)) return i; | ||
134 | } | ||
135 | return -1; | ||
136 | } | ||
137 | |||
138 | |||
139 | int X509_PURPOSE_get_by_id(int purpose) | ||
140 | { | ||
141 | X509_PURPOSE tmp; | ||
142 | int idx; | ||
143 | if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) | ||
144 | return purpose - X509_PURPOSE_MIN; | ||
145 | tmp.purpose = purpose; | ||
146 | if(!xptable) return -1; | ||
147 | idx = sk_X509_PURPOSE_find(xptable, &tmp); | ||
148 | if(idx == -1) return -1; | ||
149 | return idx + X509_PURPOSE_COUNT; | ||
150 | } | ||
151 | |||
152 | int X509_PURPOSE_add(int id, int trust, int flags, | ||
153 | int (*ck)(X509_PURPOSE *, X509 *, int), | ||
154 | char *name, char *sname, void *arg) | ||
155 | { | ||
156 | int idx; | ||
157 | X509_PURPOSE *ptmp; | ||
158 | /* This is set according to what we change: application can't set it */ | ||
159 | flags &= ~X509_PURPOSE_DYNAMIC; | ||
160 | /* This will always be set for application modified trust entries */ | ||
161 | flags |= X509_PURPOSE_DYNAMIC_NAME; | ||
162 | /* Get existing entry if any */ | ||
163 | idx = X509_PURPOSE_get_by_id(id); | ||
164 | /* Need a new entry */ | ||
165 | if(idx == -1) { | ||
166 | if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) { | ||
167 | X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); | ||
168 | return 0; | ||
169 | } | ||
170 | ptmp->flags = X509_PURPOSE_DYNAMIC; | ||
171 | } else ptmp = X509_PURPOSE_get0(idx); | ||
172 | |||
173 | /* Free existing name if dynamic */ | ||
174 | if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { | ||
175 | Free(ptmp->name); | ||
176 | Free(ptmp->sname); | ||
177 | } | ||
178 | /* dup supplied name */ | ||
179 | ptmp->name = BUF_strdup(name); | ||
180 | ptmp->sname = BUF_strdup(sname); | ||
181 | if(!ptmp->name || !ptmp->sname) { | ||
182 | X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); | ||
183 | return 0; | ||
184 | } | ||
185 | /* Keep the dynamic flag of existing entry */ | ||
186 | ptmp->flags &= X509_PURPOSE_DYNAMIC; | ||
187 | /* Set all other flags */ | ||
188 | ptmp->flags |= flags; | ||
189 | |||
190 | ptmp->purpose = id; | ||
191 | ptmp->trust = trust; | ||
192 | ptmp->check_purpose = ck; | ||
193 | ptmp->usr_data = arg; | ||
194 | |||
195 | /* If its a new entry manage the dynamic table */ | ||
196 | if(idx == -1) { | ||
197 | if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { | ||
198 | X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); | ||
199 | return 0; | ||
200 | } | ||
201 | if (!sk_X509_PURPOSE_push(xptable, ptmp)) { | ||
202 | X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); | ||
203 | return 0; | ||
204 | } | ||
205 | } | ||
206 | return 1; | ||
207 | } | ||
208 | |||
209 | static void xptable_free(X509_PURPOSE *p) | ||
210 | { | ||
211 | if(!p) return; | ||
212 | if (p->flags & X509_PURPOSE_DYNAMIC) | ||
213 | { | ||
214 | if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { | ||
215 | Free(p->name); | ||
216 | Free(p->sname); | ||
217 | } | ||
218 | Free(p); | ||
219 | } | ||
220 | } | ||
221 | |||
222 | void X509_PURPOSE_cleanup(void) | ||
223 | { | ||
224 | int i; | ||
225 | sk_X509_PURPOSE_pop_free(xptable, xptable_free); | ||
226 | for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); | ||
227 | xptable = NULL; | ||
228 | } | ||
229 | |||
230 | int X509_PURPOSE_get_id(X509_PURPOSE *xp) | ||
231 | { | ||
232 | return xp->purpose; | ||
233 | } | ||
234 | |||
235 | char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) | ||
236 | { | ||
237 | return xp->name; | ||
238 | } | ||
239 | |||
240 | char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) | ||
241 | { | ||
242 | return xp->sname; | ||
243 | } | ||
244 | |||
245 | int X509_PURPOSE_get_trust(X509_PURPOSE *xp) | ||
246 | { | ||
247 | return xp->trust; | ||
248 | } | ||
249 | |||
250 | #ifndef NO_SHA | ||
251 | static void x509v3_cache_extensions(X509 *x) | ||
252 | { | ||
253 | BASIC_CONSTRAINTS *bs; | ||
254 | ASN1_BIT_STRING *usage; | ||
255 | ASN1_BIT_STRING *ns; | ||
256 | STACK_OF(ASN1_OBJECT) *extusage; | ||
257 | int i; | ||
258 | if(x->ex_flags & EXFLAG_SET) return; | ||
259 | X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); | ||
260 | /* Does subject name match issuer ? */ | ||
261 | if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) | ||
262 | x->ex_flags |= EXFLAG_SS; | ||
263 | /* V1 should mean no extensions ... */ | ||
264 | if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; | ||
265 | /* Handle basic constraints */ | ||
266 | if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { | ||
267 | if(bs->ca) x->ex_flags |= EXFLAG_CA; | ||
268 | if(bs->pathlen) { | ||
269 | if((bs->pathlen->type == V_ASN1_NEG_INTEGER) | ||
270 | || !bs->ca) { | ||
271 | x->ex_flags |= EXFLAG_INVALID; | ||
272 | x->ex_pathlen = 0; | ||
273 | } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); | ||
274 | } else x->ex_pathlen = -1; | ||
275 | BASIC_CONSTRAINTS_free(bs); | ||
276 | x->ex_flags |= EXFLAG_BCONS; | ||
277 | } | ||
278 | /* Handle key usage */ | ||
279 | if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { | ||
280 | if(usage->length > 0) { | ||
281 | x->ex_kusage = usage->data[0]; | ||
282 | if(usage->length > 1) | ||
283 | x->ex_kusage |= usage->data[1] << 8; | ||
284 | } else x->ex_kusage = 0; | ||
285 | x->ex_flags |= EXFLAG_KUSAGE; | ||
286 | ASN1_BIT_STRING_free(usage); | ||
287 | } | ||
288 | x->ex_xkusage = 0; | ||
289 | if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { | ||
290 | x->ex_flags |= EXFLAG_XKUSAGE; | ||
291 | for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { | ||
292 | switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) { | ||
293 | case NID_server_auth: | ||
294 | x->ex_xkusage |= XKU_SSL_SERVER; | ||
295 | break; | ||
296 | |||
297 | case NID_client_auth: | ||
298 | x->ex_xkusage |= XKU_SSL_CLIENT; | ||
299 | break; | ||
300 | |||
301 | case NID_email_protect: | ||
302 | x->ex_xkusage |= XKU_SMIME; | ||
303 | break; | ||
304 | |||
305 | case NID_code_sign: | ||
306 | x->ex_xkusage |= XKU_CODE_SIGN; | ||
307 | break; | ||
308 | |||
309 | case NID_ms_sgc: | ||
310 | case NID_ns_sgc: | ||
311 | x->ex_xkusage |= XKU_SGC; | ||
312 | } | ||
313 | } | ||
314 | sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); | ||
315 | } | ||
316 | |||
317 | if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { | ||
318 | if(ns->length > 0) x->ex_nscert = ns->data[0]; | ||
319 | else x->ex_nscert = 0; | ||
320 | x->ex_flags |= EXFLAG_NSCERT; | ||
321 | ASN1_BIT_STRING_free(ns); | ||
322 | } | ||
323 | x->ex_flags |= EXFLAG_SET; | ||
324 | } | ||
325 | #endif | ||
326 | |||
327 | /* CA checks common to all purposes | ||
328 | * return codes: | ||
329 | * 0 not a CA | ||
330 | * 1 is a CA | ||
331 | * 2 basicConstraints absent so "maybe" a CA | ||
332 | * 3 basicConstraints absent but self signed V1. | ||
333 | */ | ||
334 | |||
335 | #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) | ||
336 | #define ku_reject(x, usage) \ | ||
337 | (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) | ||
338 | #define xku_reject(x, usage) \ | ||
339 | (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) | ||
340 | #define ns_reject(x, usage) \ | ||
341 | (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) | ||
342 | |||
343 | static int ca_check(X509 *x) | ||
344 | { | ||
345 | /* keyUsage if present should allow cert signing */ | ||
346 | if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; | ||
347 | if(x->ex_flags & EXFLAG_BCONS) { | ||
348 | if(x->ex_flags & EXFLAG_CA) return 1; | ||
349 | /* If basicConstraints says not a CA then say so */ | ||
350 | else return 0; | ||
351 | } else { | ||
352 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; | ||
353 | else return 2; | ||
354 | } | ||
355 | } | ||
356 | |||
357 | |||
358 | static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) | ||
359 | { | ||
360 | if(xku_reject(x,XKU_SSL_CLIENT)) return 0; | ||
361 | if(ca) { | ||
362 | int ca_ret; | ||
363 | ca_ret = ca_check(x); | ||
364 | if(!ca_ret) return 0; | ||
365 | /* check nsCertType if present */ | ||
366 | if(x->ex_flags & EXFLAG_NSCERT) { | ||
367 | if(x->ex_nscert & NS_SSL_CA) return ca_ret; | ||
368 | return 0; | ||
369 | } | ||
370 | if(ca_ret != 2) return ca_ret; | ||
371 | else return 0; | ||
372 | } | ||
373 | /* We need to do digital signatures with it */ | ||
374 | if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; | ||
375 | /* nsCertType if present should allow SSL client use */ | ||
376 | if(ns_reject(x, NS_SSL_CLIENT)) return 0; | ||
377 | return 1; | ||
378 | } | ||
379 | |||
380 | static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) | ||
381 | { | ||
382 | if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; | ||
383 | /* Otherwise same as SSL client for a CA */ | ||
384 | if(ca) return check_purpose_ssl_client(xp, x, 1); | ||
385 | |||
386 | if(ns_reject(x, NS_SSL_SERVER)) return 0; | ||
387 | /* Now as for keyUsage: we'll at least need to sign OR encipher */ | ||
388 | if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0; | ||
389 | |||
390 | return 1; | ||
391 | |||
392 | } | ||
393 | |||
394 | static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) | ||
395 | { | ||
396 | int ret; | ||
397 | ret = check_purpose_ssl_server(xp, x, ca); | ||
398 | if(!ret || ca) return ret; | ||
399 | /* We need to encipher or Netscape complains */ | ||
400 | if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; | ||
401 | return ret; | ||
402 | } | ||
403 | |||
404 | /* common S/MIME checks */ | ||
405 | static int purpose_smime(X509 *x, int ca) | ||
406 | { | ||
407 | if(xku_reject(x,XKU_SMIME)) return 0; | ||
408 | if(ca) { | ||
409 | int ca_ret; | ||
410 | ca_ret = ca_check(x); | ||
411 | if(!ca_ret) return 0; | ||
412 | /* check nsCertType if present */ | ||
413 | if(x->ex_flags & EXFLAG_NSCERT) { | ||
414 | if(x->ex_nscert & NS_SMIME_CA) return ca_ret; | ||
415 | return 0; | ||
416 | } | ||
417 | if(ca_ret != 2) return ca_ret; | ||
418 | else return 0; | ||
419 | } | ||
420 | if(x->ex_flags & EXFLAG_NSCERT) { | ||
421 | if(x->ex_nscert & NS_SMIME) return 1; | ||
422 | /* Workaround for some buggy certificates */ | ||
423 | if(x->ex_nscert & NS_SSL_CLIENT) return 2; | ||
424 | return 0; | ||
425 | } | ||
426 | return 1; | ||
427 | } | ||
428 | |||
429 | static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca) | ||
430 | { | ||
431 | int ret; | ||
432 | ret = purpose_smime(x, ca); | ||
433 | if(!ret || ca) return ret; | ||
434 | if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; | ||
435 | return ret; | ||
436 | } | ||
437 | |||
438 | static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) | ||
439 | { | ||
440 | int ret; | ||
441 | ret = purpose_smime(x, ca); | ||
442 | if(!ret || ca) return ret; | ||
443 | if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; | ||
444 | return ret; | ||
445 | } | ||
446 | |||
447 | static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) | ||
448 | { | ||
449 | if(ca) { | ||
450 | int ca_ret; | ||
451 | if((ca_ret = ca_check(x)) != 2) return ca_ret; | ||
452 | else return 0; | ||
453 | } | ||
454 | if(ku_reject(x, KU_CRL_SIGN)) return 0; | ||
455 | return 1; | ||
456 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c index fb3e36014d..939845fa8f 100644 --- a/src/lib/libcrypto/x509v3/v3_skey.c +++ b/src/lib/libcrypto/x509v3/v3_skey.c | |||
@@ -61,24 +61,17 @@ | |||
61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
62 | #include <openssl/x509v3.h> | 62 | #include <openssl/x509v3.h> |
63 | 63 | ||
64 | static ASN1_OCTET_STRING *octet_string_new(void); | ||
65 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | 64 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); |
66 | X509V3_EXT_METHOD v3_skey_id = { | 65 | X509V3_EXT_METHOD v3_skey_id = { |
67 | NID_subject_key_identifier, 0, | 66 | NID_subject_key_identifier, 0, |
68 | (X509V3_EXT_NEW)octet_string_new, | 67 | (X509V3_EXT_NEW)ASN1_OCTET_STRING_new, |
69 | (X509V3_EXT_FREE)ASN1_STRING_free, | 68 | (X509V3_EXT_FREE)ASN1_OCTET_STRING_free, |
70 | (X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING, | 69 | (X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING, |
71 | (X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING, | 70 | (X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING, |
72 | (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, | 71 | (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, |
73 | (X509V3_EXT_S2I)s2i_skey_id, | 72 | (X509V3_EXT_S2I)s2i_skey_id, |
74 | NULL, NULL, NULL, NULL, NULL}; | 73 | NULL, NULL, NULL, NULL, NULL}; |
75 | 74 | ||
76 | |||
77 | static ASN1_OCTET_STRING *octet_string_new(void) | ||
78 | { | ||
79 | return ASN1_OCTET_STRING_new(); | ||
80 | } | ||
81 | |||
82 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | 75 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, |
83 | ASN1_OCTET_STRING *oct) | 76 | ASN1_OCTET_STRING *oct) |
84 | { | 77 | { |
@@ -91,13 +84,13 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | |||
91 | ASN1_OCTET_STRING *oct; | 84 | ASN1_OCTET_STRING *oct; |
92 | long length; | 85 | long length; |
93 | 86 | ||
94 | if(!(oct = ASN1_OCTET_STRING_new())) { | 87 | if(!(oct = M_ASN1_OCTET_STRING_new())) { |
95 | X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); | 88 | X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); |
96 | return NULL; | 89 | return NULL; |
97 | } | 90 | } |
98 | 91 | ||
99 | if(!(oct->data = string_to_hex(str, &length))) { | 92 | if(!(oct->data = string_to_hex(str, &length))) { |
100 | ASN1_OCTET_STRING_free(oct); | 93 | M_ASN1_OCTET_STRING_free(oct); |
101 | return NULL; | 94 | return NULL; |
102 | } | 95 | } |
103 | 96 | ||
@@ -118,7 +111,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | |||
118 | 111 | ||
119 | if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); | 112 | if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); |
120 | 113 | ||
121 | if(!(oct = ASN1_OCTET_STRING_new())) { | 114 | if(!(oct = M_ASN1_OCTET_STRING_new())) { |
122 | X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); | 115 | X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); |
123 | return NULL; | 116 | return NULL; |
124 | } | 117 | } |
@@ -143,7 +136,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | |||
143 | EVP_DigestUpdate(&md, pk->data, pk->length); | 136 | EVP_DigestUpdate(&md, pk->data, pk->length); |
144 | EVP_DigestFinal(&md, pkey_dig, &diglen); | 137 | EVP_DigestFinal(&md, pkey_dig, &diglen); |
145 | 138 | ||
146 | if(!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { | 139 | if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { |
147 | X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); | 140 | X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); |
148 | goto err; | 141 | goto err; |
149 | } | 142 | } |
@@ -151,6 +144,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | |||
151 | return oct; | 144 | return oct; |
152 | 145 | ||
153 | err: | 146 | err: |
154 | ASN1_OCTET_STRING_free(oct); | 147 | M_ASN1_OCTET_STRING_free(oct); |
155 | return NULL; | 148 | return NULL; |
156 | } | 149 | } |
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c index 0687bb4e3d..20ba8ac8d6 100644 --- a/src/lib/libcrypto/x509v3/v3_sxnet.c +++ b/src/lib/libcrypto/x509v3/v3_sxnet.c | |||
@@ -111,7 +111,7 @@ SXNET *SXNET_new(void) | |||
111 | SXNET *ret=NULL; | 111 | SXNET *ret=NULL; |
112 | ASN1_CTX c; | 112 | ASN1_CTX c; |
113 | M_ASN1_New_Malloc(ret, SXNET); | 113 | M_ASN1_New_Malloc(ret, SXNET); |
114 | M_ASN1_New(ret->version,ASN1_INTEGER_new); | 114 | M_ASN1_New(ret->version,M_ASN1_INTEGER_new); |
115 | M_ASN1_New(ret->ids,sk_SXNETID_new_null); | 115 | M_ASN1_New(ret->ids,sk_SXNETID_new_null); |
116 | return (ret); | 116 | return (ret); |
117 | M_ASN1_New_Error(ASN1_F_SXNET_NEW); | 117 | M_ASN1_New_Error(ASN1_F_SXNET_NEW); |
@@ -130,7 +130,7 @@ SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length) | |||
130 | void SXNET_free(SXNET *a) | 130 | void SXNET_free(SXNET *a) |
131 | { | 131 | { |
132 | if (a == NULL) return; | 132 | if (a == NULL) return; |
133 | ASN1_INTEGER_free(a->version); | 133 | M_ASN1_INTEGER_free(a->version); |
134 | sk_SXNETID_pop_free(a->ids, SXNETID_free); | 134 | sk_SXNETID_pop_free(a->ids, SXNETID_free); |
135 | Free (a); | 135 | Free (a); |
136 | } | 136 | } |
@@ -156,7 +156,7 @@ SXNETID *SXNETID_new(void) | |||
156 | ASN1_CTX c; | 156 | ASN1_CTX c; |
157 | M_ASN1_New_Malloc(ret, SXNETID); | 157 | M_ASN1_New_Malloc(ret, SXNETID); |
158 | ret->zone = NULL; | 158 | ret->zone = NULL; |
159 | M_ASN1_New(ret->user,ASN1_OCTET_STRING_new); | 159 | M_ASN1_New(ret->user,M_ASN1_OCTET_STRING_new); |
160 | return (ret); | 160 | return (ret); |
161 | M_ASN1_New_Error(ASN1_F_SXNETID_NEW); | 161 | M_ASN1_New_Error(ASN1_F_SXNETID_NEW); |
162 | } | 162 | } |
@@ -174,8 +174,8 @@ SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length) | |||
174 | void SXNETID_free(SXNETID *a) | 174 | void SXNETID_free(SXNETID *a) |
175 | { | 175 | { |
176 | if (a == NULL) return; | 176 | if (a == NULL) return; |
177 | ASN1_INTEGER_free(a->zone); | 177 | M_ASN1_INTEGER_free(a->zone); |
178 | ASN1_OCTET_STRING_free(a->user); | 178 | M_ASN1_OCTET_STRING_free(a->user); |
179 | Free (a); | 179 | Free (a); |
180 | } | 180 | } |
181 | 181 | ||
@@ -193,7 +193,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, | |||
193 | tmp = i2s_ASN1_INTEGER(NULL, id->zone); | 193 | tmp = i2s_ASN1_INTEGER(NULL, id->zone); |
194 | BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); | 194 | BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); |
195 | Free(tmp); | 195 | Free(tmp); |
196 | ASN1_OCTET_STRING_print(out, id->user); | 196 | M_ASN1_OCTET_STRING_print(out, id->user); |
197 | } | 197 | } |
198 | return 1; | 198 | return 1; |
199 | } | 199 | } |
@@ -244,9 +244,9 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, | |||
244 | int userlen) | 244 | int userlen) |
245 | { | 245 | { |
246 | ASN1_INTEGER *izone = NULL; | 246 | ASN1_INTEGER *izone = NULL; |
247 | if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { | 247 | if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { |
248 | X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); | 248 | X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); |
249 | ASN1_INTEGER_free(izone); | 249 | M_ASN1_INTEGER_free(izone); |
250 | return 0; | 250 | return 0; |
251 | } | 251 | } |
252 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); | 252 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); |
@@ -285,7 +285,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, | |||
285 | if(!(id = SXNETID_new())) goto err; | 285 | if(!(id = SXNETID_new())) goto err; |
286 | if(userlen == -1) userlen = strlen(user); | 286 | if(userlen == -1) userlen = strlen(user); |
287 | 287 | ||
288 | if(!ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; | 288 | if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; |
289 | if(!sk_SXNETID_push(sx->ids, id)) goto err; | 289 | if(!sk_SXNETID_push(sx->ids, id)) goto err; |
290 | id->zone = zone; | 290 | id->zone = zone; |
291 | return 1; | 291 | return 1; |
@@ -307,7 +307,7 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) | |||
307 | return NULL; | 307 | return NULL; |
308 | } | 308 | } |
309 | oct = SXNET_get_id_INTEGER(sx, izone); | 309 | oct = SXNET_get_id_INTEGER(sx, izone); |
310 | ASN1_INTEGER_free(izone); | 310 | M_ASN1_INTEGER_free(izone); |
311 | return oct; | 311 | return oct; |
312 | } | 312 | } |
313 | 313 | ||
@@ -315,13 +315,13 @@ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) | |||
315 | { | 315 | { |
316 | ASN1_INTEGER *izone = NULL; | 316 | ASN1_INTEGER *izone = NULL; |
317 | ASN1_OCTET_STRING *oct; | 317 | ASN1_OCTET_STRING *oct; |
318 | if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { | 318 | if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { |
319 | X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); | 319 | X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); |
320 | ASN1_INTEGER_free(izone); | 320 | M_ASN1_INTEGER_free(izone); |
321 | return NULL; | 321 | return NULL; |
322 | } | 322 | } |
323 | oct = SXNET_get_id_INTEGER(sx, izone); | 323 | oct = SXNET_get_id_INTEGER(sx, izone); |
324 | ASN1_INTEGER_free(izone); | 324 | M_ASN1_INTEGER_free(izone); |
325 | return oct; | 325 | return oct; |
326 | } | 326 | } |
327 | 327 | ||
@@ -331,7 +331,7 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) | |||
331 | int i; | 331 | int i; |
332 | for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { | 332 | for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { |
333 | id = sk_SXNETID_value(sx->ids, i); | 333 | id = sk_SXNETID_value(sx->ids, i); |
334 | if(!ASN1_INTEGER_cmp(id->zone, zone)) return id->user; | 334 | if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; |
335 | } | 335 | } |
336 | return NULL; | 336 | return NULL; |
337 | } | 337 | } |
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c index 40f71c71b4..4c2c4a9483 100644 --- a/src/lib/libcrypto/x509v3/v3_utl.c +++ b/src/lib/libcrypto/x509v3/v3_utl.c | |||
@@ -104,7 +104,7 @@ void X509V3_conf_free(CONF_VALUE *conf) | |||
104 | if(conf->name) Free(conf->name); | 104 | if(conf->name) Free(conf->name); |
105 | if(conf->value) Free(conf->value); | 105 | if(conf->value) Free(conf->value); |
106 | if(conf->section) Free(conf->section); | 106 | if(conf->section) Free(conf->section); |
107 | Free((char *)conf); | 107 | Free(conf); |
108 | } | 108 | } |
109 | 109 | ||
110 | int X509V3_add_value_bool(const char *name, int asn1_bool, | 110 | int X509V3_add_value_bool(const char *name, int asn1_bool, |
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c index 50efa8d99d..b7d4e350c4 100644 --- a/src/lib/libcrypto/x509v3/v3err.c +++ b/src/lib/libcrypto/x509v3/v3err.c | |||
@@ -72,6 +72,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= | |||
72 | {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, | 72 | {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, |
73 | {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, | 73 | {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, |
74 | {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, | 74 | {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, |
75 | {ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, | ||
75 | {ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, | 76 | {ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, |
76 | {ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, | 77 | {ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, |
77 | {ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, | 78 | {ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, |
@@ -87,6 +88,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= | |||
87 | {ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, | 88 | {ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, |
88 | {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, | 89 | {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, |
89 | {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, | 90 | {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, |
91 | {ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"}, | ||
90 | {ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, | 92 | {ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, |
91 | {ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, | 93 | {ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, |
92 | {ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, | 94 | {ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, |
@@ -102,6 +104,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= | |||
102 | {ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, | 104 | {ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, |
103 | {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, | 105 | {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, |
104 | {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, | 106 | {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, |
107 | {ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, | ||
105 | {0,NULL} | 108 | {0,NULL} |
106 | }; | 109 | }; |
107 | 110 | ||
@@ -132,6 +135,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
132 | {X509V3_R_INVALID_OPTION ,"invalid option"}, | 135 | {X509V3_R_INVALID_OPTION ,"invalid option"}, |
133 | {X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, | 136 | {X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, |
134 | {X509V3_R_INVALID_SECTION ,"invalid section"}, | 137 | {X509V3_R_INVALID_SECTION ,"invalid section"}, |
138 | {X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, | ||
135 | {X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, | 139 | {X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, |
136 | {X509V3_R_MISSING_VALUE ,"missing value"}, | 140 | {X509V3_R_MISSING_VALUE ,"missing value"}, |
137 | {X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, | 141 | {X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, |
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h index 4eb04a5a89..fe01755797 100644 --- a/src/lib/libcrypto/x509v3/x509v3.h +++ b/src/lib/libcrypto/x509v3/x509v3.h | |||
@@ -136,12 +136,6 @@ typedef struct v3_ext_ctx X509V3_CTX; | |||
136 | #define X509V3_EXT_CTX_DEP 0x2 | 136 | #define X509V3_EXT_CTX_DEP 0x2 |
137 | #define X509V3_EXT_MULTILINE 0x4 | 137 | #define X509V3_EXT_MULTILINE 0x4 |
138 | 138 | ||
139 | typedef struct BIT_STRING_BITNAME_st { | ||
140 | int bitnum; | ||
141 | const char *lname; | ||
142 | const char *sname; | ||
143 | } BIT_STRING_BITNAME; | ||
144 | |||
145 | typedef BIT_STRING_BITNAME ENUMERATED_NAMES; | 139 | typedef BIT_STRING_BITNAME ENUMERATED_NAMES; |
146 | 140 | ||
147 | typedef struct BASIC_CONSTRAINTS_st { | 141 | typedef struct BASIC_CONSTRAINTS_st { |
@@ -155,6 +149,11 @@ ASN1_GENERALIZEDTIME *notBefore; | |||
155 | ASN1_GENERALIZEDTIME *notAfter; | 149 | ASN1_GENERALIZEDTIME *notAfter; |
156 | } PKEY_USAGE_PERIOD; | 150 | } PKEY_USAGE_PERIOD; |
157 | 151 | ||
152 | typedef struct otherName_st { | ||
153 | ASN1_OBJECT *type_id; | ||
154 | ASN1_TYPE *value; | ||
155 | } OTHERNAME; | ||
156 | |||
158 | typedef struct GENERAL_NAME_st { | 157 | typedef struct GENERAL_NAME_st { |
159 | 158 | ||
160 | #define GEN_OTHERNAME (0|V_ASN1_CONTEXT_SPECIFIC) | 159 | #define GEN_OTHERNAME (0|V_ASN1_CONTEXT_SPECIFIC) |
@@ -174,17 +173,26 @@ union { | |||
174 | ASN1_OCTET_STRING *ip; /* iPAddress */ | 173 | ASN1_OCTET_STRING *ip; /* iPAddress */ |
175 | X509_NAME *dirn; /* dirn */ | 174 | X509_NAME *dirn; /* dirn */ |
176 | ASN1_OBJECT *rid; /* registeredID */ | 175 | ASN1_OBJECT *rid; /* registeredID */ |
177 | ASN1_TYPE *other; /* otherName, ediPartyName, x400Address */ | 176 | OTHERNAME *otherName; /* otherName */ |
177 | ASN1_TYPE *other; /* ediPartyName, x400Address */ | ||
178 | } d; | 178 | } d; |
179 | } GENERAL_NAME; | 179 | } GENERAL_NAME; |
180 | 180 | ||
181 | typedef struct ACCESS_DESCRIPTION_st { | ||
182 | ASN1_OBJECT *method; | ||
183 | GENERAL_NAME *location; | ||
184 | } ACCESS_DESCRIPTION; | ||
185 | |||
181 | DECLARE_STACK_OF(GENERAL_NAME) | 186 | DECLARE_STACK_OF(GENERAL_NAME) |
182 | DECLARE_ASN1_SET_OF(GENERAL_NAME) | 187 | DECLARE_ASN1_SET_OF(GENERAL_NAME) |
183 | 188 | ||
189 | DECLARE_STACK_OF(ACCESS_DESCRIPTION) | ||
190 | DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) | ||
191 | |||
184 | typedef struct DIST_POINT_NAME_st { | 192 | typedef struct DIST_POINT_NAME_st { |
185 | /* NB: this is a CHOICE type and only one of these should be set */ | 193 | /* NB: this is a CHOICE type and only one of these should be set */ |
186 | STACK_OF(GENERAL_NAME) *fullname; | 194 | STACK_OF(GENERAL_NAME) *fullname; |
187 | X509_NAME *relativename; | 195 | STACK_OF(X509_NAME_ENTRY) *relativename; |
188 | } DIST_POINT_NAME; | 196 | } DIST_POINT_NAME; |
189 | 197 | ||
190 | typedef struct DIST_POINT_st { | 198 | typedef struct DIST_POINT_st { |
@@ -255,8 +263,8 @@ DECLARE_ASN1_SET_OF(POLICYINFO) | |||
255 | #define X509V3_set_ctx_nodb(ctx) ctx->db = NULL; | 263 | #define X509V3_set_ctx_nodb(ctx) ctx->db = NULL; |
256 | 264 | ||
257 | #define EXT_BITSTRING(nid, table) { nid, 0, \ | 265 | #define EXT_BITSTRING(nid, table) { nid, 0, \ |
258 | (X509V3_EXT_NEW)asn1_bit_string_new, \ | 266 | (X509V3_EXT_NEW)ASN1_BIT_STRING_new, \ |
259 | (X509V3_EXT_FREE)ASN1_STRING_free, \ | 267 | (X509V3_EXT_FREE)ASN1_BIT_STRING_free, \ |
260 | (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \ | 268 | (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \ |
261 | (X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \ | 269 | (X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \ |
262 | NULL, NULL, \ | 270 | NULL, NULL, \ |
@@ -266,8 +274,8 @@ DECLARE_ASN1_SET_OF(POLICYINFO) | |||
266 | (char *)table} | 274 | (char *)table} |
267 | 275 | ||
268 | #define EXT_IA5STRING(nid) { nid, 0, \ | 276 | #define EXT_IA5STRING(nid) { nid, 0, \ |
269 | (X509V3_EXT_NEW)ia5string_new, \ | 277 | (X509V3_EXT_NEW)ASN1_IA5STRING_new, \ |
270 | (X509V3_EXT_FREE)ASN1_STRING_free, \ | 278 | (X509V3_EXT_FREE)ASN1_IA5STRING_free, \ |
271 | (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \ | 279 | (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \ |
272 | (X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \ | 280 | (X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \ |
273 | (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ | 281 | (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ |
@@ -279,6 +287,69 @@ DECLARE_ASN1_SET_OF(POLICYINFO) | |||
279 | NULL, NULL, NULL, NULL, \ | 287 | NULL, NULL, NULL, NULL, \ |
280 | NULL} | 288 | NULL} |
281 | 289 | ||
290 | |||
291 | /* X509_PURPOSE stuff */ | ||
292 | |||
293 | #define EXFLAG_BCONS 0x1 | ||
294 | #define EXFLAG_KUSAGE 0x2 | ||
295 | #define EXFLAG_XKUSAGE 0x4 | ||
296 | #define EXFLAG_NSCERT 0x8 | ||
297 | |||
298 | #define EXFLAG_CA 0x10 | ||
299 | #define EXFLAG_SS 0x20 | ||
300 | #define EXFLAG_V1 0x40 | ||
301 | #define EXFLAG_INVALID 0x80 | ||
302 | #define EXFLAG_SET 0x100 | ||
303 | |||
304 | #define KU_DIGITAL_SIGNATURE 0x0080 | ||
305 | #define KU_NON_REPUDIATION 0x0040 | ||
306 | #define KU_KEY_ENCIPHERMENT 0x0020 | ||
307 | #define KU_DATA_ENCIPHERMENT 0x0010 | ||
308 | #define KU_KEY_AGREEMENT 0x0008 | ||
309 | #define KU_KEY_CERT_SIGN 0x0004 | ||
310 | #define KU_CRL_SIGN 0x0002 | ||
311 | #define KU_ENCIPHER_ONLY 0x0001 | ||
312 | #define KU_DECIPHER_ONLY 0x8000 | ||
313 | |||
314 | #define NS_SSL_CLIENT 0x80 | ||
315 | #define NS_SSL_SERVER 0x40 | ||
316 | #define NS_SMIME 0x20 | ||
317 | #define NS_OBJSIGN 0x10 | ||
318 | #define NS_SSL_CA 0x04 | ||
319 | #define NS_SMIME_CA 0x02 | ||
320 | #define NS_OBJSIGN_CA 0x01 | ||
321 | |||
322 | #define XKU_SSL_SERVER 0x1 | ||
323 | #define XKU_SSL_CLIENT 0x2 | ||
324 | #define XKU_SMIME 0x4 | ||
325 | #define XKU_CODE_SIGN 0x8 | ||
326 | #define XKU_SGC 0x10 | ||
327 | |||
328 | #define X509_PURPOSE_DYNAMIC 0x1 | ||
329 | #define X509_PURPOSE_DYNAMIC_NAME 0x2 | ||
330 | |||
331 | typedef struct x509_purpose_st { | ||
332 | int purpose; | ||
333 | int trust; /* Default trust ID */ | ||
334 | int flags; | ||
335 | int (*check_purpose)(struct x509_purpose_st *, X509 *, int); | ||
336 | char *name; | ||
337 | char *sname; | ||
338 | void *usr_data; | ||
339 | } X509_PURPOSE; | ||
340 | |||
341 | #define X509_PURPOSE_SSL_CLIENT 1 | ||
342 | #define X509_PURPOSE_SSL_SERVER 2 | ||
343 | #define X509_PURPOSE_NS_SSL_SERVER 3 | ||
344 | #define X509_PURPOSE_SMIME_SIGN 4 | ||
345 | #define X509_PURPOSE_SMIME_ENCRYPT 5 | ||
346 | #define X509_PURPOSE_CRL_SIGN 6 | ||
347 | |||
348 | #define X509_PURPOSE_MIN 1 | ||
349 | #define X509_PURPOSE_MAX 6 | ||
350 | |||
351 | DECLARE_STACK_OF(X509_PURPOSE) | ||
352 | |||
282 | void ERR_load_X509V3_strings(void); | 353 | void ERR_load_X509V3_strings(void); |
283 | int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp); | 354 | int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp); |
284 | BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length); | 355 | BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length); |
@@ -328,6 +399,11 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, | |||
328 | STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, | 399 | STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, |
329 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 400 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
330 | 401 | ||
402 | int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp); | ||
403 | OTHERNAME *OTHERNAME_new(void); | ||
404 | OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length); | ||
405 | void OTHERNAME_free(OTHERNAME *a); | ||
406 | |||
331 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); | 407 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); |
332 | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | 408 | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); |
333 | 409 | ||
@@ -380,12 +456,27 @@ void DIST_POINT_NAME_free(DIST_POINT_NAME *a); | |||
380 | DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, | 456 | DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, |
381 | long length); | 457 | long length); |
382 | 458 | ||
459 | int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp); | ||
460 | ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void); | ||
461 | void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a); | ||
462 | ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp, | ||
463 | long length); | ||
464 | |||
465 | STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void); | ||
466 | void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a); | ||
467 | STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a, | ||
468 | unsigned char **pp, long length); | ||
469 | int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp); | ||
470 | |||
471 | |||
472 | |||
383 | #ifdef HEADER_CONF_H | 473 | #ifdef HEADER_CONF_H |
384 | GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); | 474 | GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); |
385 | void X509V3_conf_free(CONF_VALUE *val); | 475 | void X509V3_conf_free(CONF_VALUE *val); |
386 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); | 476 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); |
387 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); | 477 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); |
388 | int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); | 478 | int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); |
479 | int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); | ||
389 | int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); | 480 | int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); |
390 | int X509V3_add_value_bool_nf(char *name, int asn1_bool, | 481 | int X509V3_add_value_bool_nf(char *name, int asn1_bool, |
391 | STACK_OF(CONF_VALUE) **extlist); | 482 | STACK_OF(CONF_VALUE) **extlist); |
@@ -423,6 +514,8 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); | |||
423 | int X509V3_add_standard_extensions(void); | 514 | int X509V3_add_standard_extensions(void); |
424 | STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line); | 515 | STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line); |
425 | void *X509V3_EXT_d2i(X509_EXTENSION *ext); | 516 | void *X509V3_EXT_d2i(X509_EXTENSION *ext); |
517 | void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); | ||
518 | |||
426 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); | 519 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); |
427 | 520 | ||
428 | char *hex_to_string(unsigned char *buffer, long len); | 521 | char *hex_to_string(unsigned char *buffer, long len); |
@@ -434,6 +527,20 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, | |||
434 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); | 527 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); |
435 | int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); | 528 | int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); |
436 | 529 | ||
530 | int X509_check_purpose(X509 *x, int id, int ca); | ||
531 | int X509_PURPOSE_get_count(void); | ||
532 | X509_PURPOSE * X509_PURPOSE_get0(int idx); | ||
533 | int X509_PURPOSE_get_by_sname(char *sname); | ||
534 | int X509_PURPOSE_get_by_id(int id); | ||
535 | int X509_PURPOSE_add(int id, int trust, int flags, | ||
536 | int (*ck)(X509_PURPOSE *, X509 *, int), | ||
537 | char *name, char *sname, void *arg); | ||
538 | char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); | ||
539 | char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); | ||
540 | int X509_PURPOSE_get_trust(X509_PURPOSE *xp); | ||
541 | void X509_PURPOSE_cleanup(void); | ||
542 | int X509_PURPOSE_get_id(X509_PURPOSE *); | ||
543 | |||
437 | /* BEGIN ERROR CODES */ | 544 | /* BEGIN ERROR CODES */ |
438 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 545 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
439 | * made after this point may be overwritten when the script is next run. | 546 | * made after this point may be overwritten when the script is next run. |
@@ -449,6 +556,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); | |||
449 | #define X509V3_F_HEX_TO_STRING 111 | 556 | #define X509V3_F_HEX_TO_STRING 111 |
450 | #define X509V3_F_I2S_ASN1_ENUMERATED 121 | 557 | #define X509V3_F_I2S_ASN1_ENUMERATED 121 |
451 | #define X509V3_F_I2S_ASN1_INTEGER 120 | 558 | #define X509V3_F_I2S_ASN1_INTEGER 120 |
559 | #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 | ||
452 | #define X509V3_F_NOTICE_SECTION 132 | 560 | #define X509V3_F_NOTICE_SECTION 132 |
453 | #define X509V3_F_NREF_NOS 133 | 561 | #define X509V3_F_NREF_NOS 133 |
454 | #define X509V3_F_POLICY_SECTION 131 | 562 | #define X509V3_F_POLICY_SECTION 131 |
@@ -464,6 +572,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); | |||
464 | #define X509V3_F_SXNET_ADD_ID_ULONG 127 | 572 | #define X509V3_F_SXNET_ADD_ID_ULONG 127 |
465 | #define X509V3_F_SXNET_GET_ID_ASC 128 | 573 | #define X509V3_F_SXNET_GET_ID_ASC 128 |
466 | #define X509V3_F_SXNET_GET_ID_ULONG 129 | 574 | #define X509V3_F_SXNET_GET_ID_ULONG 129 |
575 | #define X509V3_F_V2I_ACCESS_DESCRIPTION 139 | ||
467 | #define X509V3_F_V2I_ASN1_BIT_STRING 101 | 576 | #define X509V3_F_V2I_ASN1_BIT_STRING 101 |
468 | #define X509V3_F_V2I_AUTHORITY_KEYID 119 | 577 | #define X509V3_F_V2I_AUTHORITY_KEYID 119 |
469 | #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 | 578 | #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 |
@@ -479,6 +588,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); | |||
479 | #define X509V3_F_X509V3_EXT_I2D 136 | 588 | #define X509V3_F_X509V3_EXT_I2D 136 |
480 | #define X509V3_F_X509V3_GET_VALUE_BOOL 110 | 589 | #define X509V3_F_X509V3_GET_VALUE_BOOL 110 |
481 | #define X509V3_F_X509V3_PARSE_LIST 109 | 590 | #define X509V3_F_X509V3_PARSE_LIST 109 |
591 | #define X509V3_F_X509_PURPOSE_ADD 137 | ||
482 | 592 | ||
483 | /* Reason codes. */ | 593 | /* Reason codes. */ |
484 | #define X509V3_R_BAD_IP_ADDRESS 118 | 594 | #define X509V3_R_BAD_IP_ADDRESS 118 |
@@ -506,6 +616,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); | |||
506 | #define X509V3_R_INVALID_OPTION 138 | 616 | #define X509V3_R_INVALID_OPTION 138 |
507 | #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 | 617 | #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 |
508 | #define X509V3_R_INVALID_SECTION 135 | 618 | #define X509V3_R_INVALID_SECTION 135 |
619 | #define X509V3_R_INVALID_SYNTAX 143 | ||
509 | #define X509V3_R_ISSUER_DECODE_ERROR 126 | 620 | #define X509V3_R_ISSUER_DECODE_ERROR 126 |
510 | #define X509V3_R_MISSING_VALUE 124 | 621 | #define X509V3_R_MISSING_VALUE 124 |
511 | #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 | 622 | #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 |