summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2002-05-15 02:29:24 +0000
committercvs2svn <admin@example.com>2002-05-15 02:29:24 +0000
commit027351f729b9e837200dae6e1520cda6577ab930 (patch)
treee25a717057aa4529e433fc3b1fac8d4df8db3a5c /src/lib/libcrypto/x509v3
parentaeeae06a79815dc190061534d47236cec09f9e32 (diff)
downloadopenbsd-027351f729b9e837200dae6e1520cda6577ab930.tar.gz
openbsd-027351f729b9e837200dae6e1520cda6577ab930.tar.bz2
openbsd-027351f729b9e837200dae6e1520cda6577ab930.zip
This commit was manufactured by cvs2git to create branch 'unlabeled-1.1.1'.
Diffstat (limited to 'src/lib/libcrypto/x509v3')
-rw-r--r--src/lib/libcrypto/x509v3/ext_dat.h97
-rw-r--r--src/lib/libcrypto/x509v3/v3_akey.c249
-rw-r--r--src/lib/libcrypto/x509v3/v3_akeya.c72
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c402
-rw-r--r--src/lib/libcrypto/x509v3/v3_bcons.c164
-rw-r--r--src/lib/libcrypto/x509v3/v3_bitst.c147
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c366
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c655
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c283
-rw-r--r--src/lib/libcrypto/x509v3/v3_enum.c103
-rw-r--r--src/lib/libcrypto/x509v3/v3_extku.c150
-rw-r--r--src/lib/libcrypto/x509v3/v3_genn.c237
-rw-r--r--src/lib/libcrypto/x509v3/v3_ia5.c116
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c236
-rw-r--r--src/lib/libcrypto/x509v3/v3_int.c79
-rw-r--r--src/lib/libcrypto/x509v3/v3_lib.c177
-rw-r--r--src/lib/libcrypto/x509v3/v3_ocsp.c272
-rw-r--r--src/lib/libcrypto/x509v3/v3_pku.c151
-rw-r--r--src/lib/libcrypto/x509v3/v3_prn.c135
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c456
-rw-r--r--src/lib/libcrypto/x509v3/v3_skey.c156
-rw-r--r--src/lib/libcrypto/x509v3/v3_sxnet.c340
-rw-r--r--src/lib/libcrypto/x509v3/v3_utl.c418
-rw-r--r--src/lib/libcrypto/x509v3/v3err.c171
24 files changed, 5632 insertions, 0 deletions
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
new file mode 100644
index 0000000000..801a585a52
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/ext_dat.h
@@ -0,0 +1,97 @@
1/* ext_dat.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* This file contains a table of "standard" extensions */
59
60extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
61extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
62extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
63extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
64
65/* This table will be searched using OBJ_bsearch so it *must* kept in
66 * order of the ext_nid values.
67 */
68
69static X509V3_EXT_METHOD *standard_exts[] = {
70&v3_nscert,
71&v3_ns_ia5_list[0],
72&v3_ns_ia5_list[1],
73&v3_ns_ia5_list[2],
74&v3_ns_ia5_list[3],
75&v3_ns_ia5_list[4],
76&v3_ns_ia5_list[5],
77&v3_ns_ia5_list[6],
78&v3_skey_id,
79&v3_key_usage,
80&v3_pkey_usage_period,
81&v3_alt[0],
82&v3_alt[1],
83&v3_bcons,
84&v3_crl_num,
85&v3_cpols,
86&v3_akey_id,
87&v3_crld,
88&v3_ext_ku,
89&v3_crl_reason,
90&v3_sxnet,
91&v3_info,
92};
93
94/* Number of standard extensions */
95
96#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
97
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
new file mode 100644
index 0000000000..4099e6019e
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -0,0 +1,249 @@
1/* v3_akey.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
67 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
68static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
70
71X509V3_EXT_METHOD v3_akey_id = {
72NID_authority_key_identifier, X509V3_EXT_MULTILINE,
73(X509V3_EXT_NEW)AUTHORITY_KEYID_new,
74(X509V3_EXT_FREE)AUTHORITY_KEYID_free,
75(X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
76(X509V3_EXT_I2D)i2d_AUTHORITY_KEYID,
77NULL, NULL,
78(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
79(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
80NULL,NULL,
81NULL
82};
83
84
85int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp)
86{
87 M_ASN1_I2D_vars(a);
88
89 M_ASN1_I2D_len_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING);
90 M_ASN1_I2D_len_IMP_opt (a->issuer, i2d_GENERAL_NAMES);
91 M_ASN1_I2D_len_IMP_opt (a->serial, i2d_ASN1_INTEGER);
92
93 M_ASN1_I2D_seq_total();
94
95 M_ASN1_I2D_put_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING, 0);
96 M_ASN1_I2D_put_IMP_opt (a->issuer, i2d_GENERAL_NAMES, 1);
97 M_ASN1_I2D_put_IMP_opt (a->serial, i2d_ASN1_INTEGER, 2);
98
99 M_ASN1_I2D_finish();
100}
101
102AUTHORITY_KEYID *AUTHORITY_KEYID_new(void)
103{
104 AUTHORITY_KEYID *ret=NULL;
105 ASN1_CTX c;
106 M_ASN1_New_Malloc(ret, AUTHORITY_KEYID);
107 ret->keyid = NULL;
108 ret->issuer = NULL;
109 ret->serial = NULL;
110 return (ret);
111 M_ASN1_New_Error(ASN1_F_AUTHORITY_KEYID_NEW);
112}
113
114AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp,
115 long length)
116{
117 M_ASN1_D2I_vars(a,AUTHORITY_KEYID *,AUTHORITY_KEYID_new);
118 M_ASN1_D2I_Init();
119 M_ASN1_D2I_start_sequence();
120 M_ASN1_D2I_get_IMP_opt (ret->keyid, d2i_ASN1_OCTET_STRING, 0,
121 V_ASN1_OCTET_STRING);
122 M_ASN1_D2I_get_IMP_opt (ret->issuer, d2i_GENERAL_NAMES, 1,
123 V_ASN1_SEQUENCE);
124 M_ASN1_D2I_get_IMP_opt (ret->serial, d2i_ASN1_INTEGER, 2,
125 V_ASN1_INTEGER);
126 M_ASN1_D2I_Finish(a, AUTHORITY_KEYID_free, ASN1_F_D2I_AUTHORITY_KEYID);
127}
128
129void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
130{
131 if (a == NULL) return;
132 ASN1_OCTET_STRING_free(a->keyid);
133 sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free);
134 ASN1_INTEGER_free (a->serial);
135 Free ((char *)a);
136}
137
138static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
139 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
140{
141 char *tmp;
142 if(akeyid->keyid) {
143 tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
144 X509V3_add_value("keyid", tmp, &extlist);
145 Free(tmp);
146 }
147 if(akeyid->issuer)
148 extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
149 if(akeyid->serial) {
150 tmp = hex_to_string(akeyid->serial->data,
151 akeyid->serial->length);
152 X509V3_add_value("serial", tmp, &extlist);
153 Free(tmp);
154 }
155 return extlist;
156}
157
158/* Currently two options:
159 * keyid: use the issuers subject keyid, the value 'always' means its is
160 * an error if the issuer certificate doesn't have a key id.
161 * issuer: use the issuers cert issuer and serial number. The default is
162 * to only use this if keyid is not present. With the option 'always'
163 * this is always included.
164 */
165
166static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
167 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
168{
169char keyid=0, issuer=0;
170int i;
171CONF_VALUE *cnf;
172ASN1_OCTET_STRING *ikeyid = NULL;
173X509_NAME *isname = NULL;
174STACK_OF(GENERAL_NAME) * gens = NULL;
175GENERAL_NAME *gen = NULL;
176ASN1_INTEGER *serial = NULL;
177X509_EXTENSION *ext;
178X509 *cert;
179AUTHORITY_KEYID *akeyid;
180for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
181 cnf = sk_CONF_VALUE_value(values, i);
182 if(!strcmp(cnf->name, "keyid")) {
183 keyid = 1;
184 if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
185 } else if(!strcmp(cnf->name, "issuer")) {
186 issuer = 1;
187 if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
188 } else {
189 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
190 ERR_add_error_data(2, "name=", cnf->name);
191 return NULL;
192 }
193}
194
195
196
197if(!ctx || !ctx->issuer_cert) {
198 if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
199 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
200 return NULL;
201}
202
203cert = ctx->issuer_cert;
204
205if(keyid) {
206 i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
207 if((i >= 0) && (ext = X509_get_ext(cert, i)))
208 ikeyid = X509V3_EXT_d2i(ext);
209 if(keyid==2 && !ikeyid) {
210 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
211 return NULL;
212 }
213}
214
215if((issuer && !ikeyid) || (issuer == 2)) {
216 isname = X509_NAME_dup(X509_get_issuer_name(cert));
217 serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
218 if(!isname || !serial) {
219 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
220 goto err;
221 }
222}
223
224if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
225
226if(isname) {
227 if(!(gens = sk_GENERAL_NAME_new(NULL)) || !(gen = GENERAL_NAME_new())
228 || !sk_GENERAL_NAME_push(gens, gen)) {
229 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
230 goto err;
231 }
232 gen->type = GEN_DIRNAME;
233 gen->d.dirn = isname;
234}
235
236akeyid->issuer = gens;
237akeyid->serial = serial;
238akeyid->keyid = ikeyid;
239
240return akeyid;
241
242err:
243X509_NAME_free(isname);
244ASN1_INTEGER_free(serial);
245ASN1_OCTET_STRING_free(ikeyid);
246return NULL;
247
248}
249
diff --git a/src/lib/libcrypto/x509v3/v3_akeya.c b/src/lib/libcrypto/x509v3/v3_akeya.c
new file mode 100644
index 0000000000..2aafa26ba7
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_akeya.c
@@ -0,0 +1,72 @@
1/* v3_akey_asn1.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66ASN1_SEQUENCE(AUTHORITY_KEYID) = {
67 ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
68 ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
69 ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
70} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
71
72IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
new file mode 100644
index 0000000000..b5e1f8af96
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -0,0 +1,402 @@
1/* v3_alt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/x509v3.h>
63
64static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
65static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
67static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
68X509V3_EXT_METHOD v3_alt[] = {
69{ NID_subject_alt_name, 0,
70(X509V3_EXT_NEW)GENERAL_NAMES_new,
71(X509V3_EXT_FREE)GENERAL_NAMES_free,
72(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
73(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
74NULL, NULL,
75(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
76(X509V3_EXT_V2I)v2i_subject_alt,
77NULL, NULL, NULL},
78{ NID_issuer_alt_name, 0,
79(X509V3_EXT_NEW)GENERAL_NAMES_new,
80(X509V3_EXT_FREE)GENERAL_NAMES_free,
81(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
82(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
83NULL, NULL,
84(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
85(X509V3_EXT_V2I)v2i_issuer_alt,
86NULL, NULL, NULL},
87EXT_END
88};
89
90STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
91 STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret)
92{
93 int i;
94 GENERAL_NAME *gen;
95 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
96 gen = sk_GENERAL_NAME_value(gens, i);
97 ret = i2v_GENERAL_NAME(method, gen, ret);
98 }
99 if(!ret) return sk_CONF_VALUE_new_null();
100 return ret;
101}
102
103STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
104 GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
105{
106 char oline[256];
107 unsigned char *p;
108 switch (gen->type)
109 {
110 case GEN_OTHERNAME:
111 X509V3_add_value("othername","<unsupported>", &ret);
112 break;
113
114 case GEN_X400:
115 X509V3_add_value("X400Name","<unsupported>", &ret);
116 break;
117
118 case GEN_EDIPARTY:
119 X509V3_add_value("EdiPartyName","<unsupported>", &ret);
120 break;
121
122 case GEN_EMAIL:
123 X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
124 break;
125
126 case GEN_DNS:
127 X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
128 break;
129
130 case GEN_URI:
131 X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
132 break;
133
134 case GEN_DIRNAME:
135 X509_NAME_oneline(gen->d.dirn, oline, 256);
136 X509V3_add_value("DirName",oline, &ret);
137 break;
138
139 case GEN_IPADD:
140 p = gen->d.ip->data;
141 /* BUG: doesn't support IPV6 */
142 if(gen->d.ip->length != 4) {
143 X509V3_add_value("IP Address","<invalid>", &ret);
144 break;
145 }
146 sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
147 X509V3_add_value("IP Address",oline, &ret);
148 break;
149
150 case GEN_RID:
151 i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
152 X509V3_add_value("Registered ID",oline, &ret);
153 break;
154 }
155 return ret;
156}
157
158static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
159 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
160{
161 STACK_OF(GENERAL_NAME) *gens = NULL;
162 CONF_VALUE *cnf;
163 int i;
164 if(!(gens = sk_GENERAL_NAME_new(NULL))) {
165 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
166 return NULL;
167 }
168 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
169 cnf = sk_CONF_VALUE_value(nval, i);
170 if(!name_cmp(cnf->name, "issuer") && cnf->value &&
171 !strcmp(cnf->value, "copy")) {
172 if(!copy_issuer(ctx, gens)) goto err;
173 } else {
174 GENERAL_NAME *gen;
175 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
176 goto err;
177 sk_GENERAL_NAME_push(gens, gen);
178 }
179 }
180 return gens;
181 err:
182 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
183 return NULL;
184}
185
186/* Append subject altname of issuer to issuer alt name of subject */
187
188static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
189{
190 STACK_OF(GENERAL_NAME) *ialt;
191 GENERAL_NAME *gen;
192 X509_EXTENSION *ext;
193 int i;
194 if(ctx && (ctx->flags == CTX_TEST)) return 1;
195 if(!ctx || !ctx->issuer_cert) {
196 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
197 goto err;
198 }
199 i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
200 if(i < 0) return 1;
201 if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
202 !(ialt = X509V3_EXT_d2i(ext)) ) {
203 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
204 goto err;
205 }
206
207 for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
208 gen = sk_GENERAL_NAME_value(ialt, i);
209 if(!sk_GENERAL_NAME_push(gens, gen)) {
210 X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
211 goto err;
212 }
213 }
214 sk_GENERAL_NAME_free(ialt);
215
216 return 1;
217
218 err:
219 return 0;
220
221}
222
223static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
224 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
225{
226 STACK_OF(GENERAL_NAME) *gens = NULL;
227 CONF_VALUE *cnf;
228 int i;
229 if(!(gens = sk_GENERAL_NAME_new(NULL))) {
230 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
231 return NULL;
232 }
233 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
234 cnf = sk_CONF_VALUE_value(nval, i);
235 if(!name_cmp(cnf->name, "email") && cnf->value &&
236 !strcmp(cnf->value, "copy")) {
237 if(!copy_email(ctx, gens)) goto err;
238 } else {
239 GENERAL_NAME *gen;
240 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
241 goto err;
242 sk_GENERAL_NAME_push(gens, gen);
243 }
244 }
245 return gens;
246 err:
247 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
248 return NULL;
249}
250
251/* Copy any email addresses in a certificate or request to
252 * GENERAL_NAMES
253 */
254
255static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
256{
257 X509_NAME *nm;
258 ASN1_IA5STRING *email = NULL;
259 X509_NAME_ENTRY *ne;
260 GENERAL_NAME *gen = NULL;
261 int i;
262 if(ctx->flags == CTX_TEST) return 1;
263 if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
264 X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
265 goto err;
266 }
267 /* Find the subject name */
268 if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
269 else nm = X509_REQ_get_subject_name(ctx->subject_req);
270
271 /* Now add any email address(es) to STACK */
272 i = -1;
273 while((i = X509_NAME_get_index_by_NID(nm,
274 NID_pkcs9_emailAddress, i)) > 0) {
275 ne = X509_NAME_get_entry(nm, i);
276 email = ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
277 if(!email || !(gen = GENERAL_NAME_new())) {
278 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
279 goto err;
280 }
281 gen->d.ia5 = email;
282 email = NULL;
283 gen->type = GEN_EMAIL;
284 if(!sk_GENERAL_NAME_push(gens, gen)) {
285 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
286 goto err;
287 }
288 gen = NULL;
289 }
290
291
292 return 1;
293
294 err:
295 GENERAL_NAME_free(gen);
296 ASN1_IA5STRING_free(email);
297 return 0;
298
299}
300
301STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
302 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
303{
304 GENERAL_NAME *gen;
305 STACK_OF(GENERAL_NAME) *gens = NULL;
306 CONF_VALUE *cnf;
307 int i;
308 if(!(gens = sk_GENERAL_NAME_new(NULL))) {
309 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
310 return NULL;
311 }
312 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
313 cnf = sk_CONF_VALUE_value(nval, i);
314 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
315 sk_GENERAL_NAME_push(gens, gen);
316 }
317 return gens;
318 err:
319 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
320 return NULL;
321}
322
323GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
324 CONF_VALUE *cnf)
325{
326char is_string = 0;
327int type;
328GENERAL_NAME *gen = NULL;
329
330char *name, *value;
331
332name = cnf->name;
333value = cnf->value;
334
335if(!value) {
336 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
337 return NULL;
338}
339
340if(!(gen = GENERAL_NAME_new())) {
341 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
342 return NULL;
343}
344
345if(!name_cmp(name, "email")) {
346 is_string = 1;
347 type = GEN_EMAIL;
348} else if(!name_cmp(name, "URI")) {
349 is_string = 1;
350 type = GEN_URI;
351} else if(!name_cmp(name, "DNS")) {
352 is_string = 1;
353 type = GEN_DNS;
354} else if(!name_cmp(name, "RID")) {
355 ASN1_OBJECT *obj;
356 if(!(obj = OBJ_txt2obj(value,0))) {
357 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
358 ERR_add_error_data(2, "value=", value);
359 goto err;
360 }
361 gen->d.rid = obj;
362 type = GEN_RID;
363} else if(!name_cmp(name, "IP")) {
364 int i1,i2,i3,i4;
365 unsigned char ip[4];
366 if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
367 (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
368 (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
369 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
370 ERR_add_error_data(2, "value=", value);
371 goto err;
372 }
373 ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
374 if(!(gen->d.ip = ASN1_OCTET_STRING_new()) ||
375 !ASN1_STRING_set(gen->d.ip, ip, 4)) {
376 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
377 goto err;
378 }
379 type = GEN_IPADD;
380} else {
381 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
382 ERR_add_error_data(2, "name=", name);
383 goto err;
384}
385
386if(is_string) {
387 if(!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
388 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
389 strlen(value))) {
390 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
391 goto err;
392 }
393}
394
395gen->type = type;
396
397return gen;
398
399err:
400GENERAL_NAME_free(gen);
401return NULL;
402}
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
new file mode 100644
index 0000000000..de2f855c35
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_bcons.c
@@ -0,0 +1,164 @@
1/* v3_bcons.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
68static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
69
70X509V3_EXT_METHOD v3_bcons = {
71NID_basic_constraints, 0,
72(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
73(X509V3_EXT_FREE)BASIC_CONSTRAINTS_free,
74(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
75(X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS,
76NULL, NULL,
77(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
78(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
79NULL,NULL,
80NULL
81};
82
83
84int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp)
85{
86 M_ASN1_I2D_vars(a);
87 if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
88 M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
89
90 M_ASN1_I2D_seq_total();
91
92 if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
93 M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
94 M_ASN1_I2D_finish();
95}
96
97BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void)
98{
99 BASIC_CONSTRAINTS *ret=NULL;
100 ASN1_CTX c;
101 M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
102 ret->ca = 0;
103 ret->pathlen = NULL;
104 return (ret);
105 M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
106}
107
108BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a,
109 unsigned char **pp, long length)
110{
111 M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
112 M_ASN1_D2I_Init();
113 M_ASN1_D2I_start_sequence();
114 if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
115 (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
116 M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
117 }
118 M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
119 M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
120}
121
122void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
123{
124 if (a == NULL) return;
125 ASN1_INTEGER_free (a->pathlen);
126 Free ((char *)a);
127}
128
129static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
130 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
131{
132 X509V3_add_value_bool("CA", bcons->ca, &extlist);
133 X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
134 return extlist;
135}
136
137static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
138 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
139{
140 BASIC_CONSTRAINTS *bcons=NULL;
141 CONF_VALUE *val;
142 int i;
143 if(!(bcons = BASIC_CONSTRAINTS_new())) {
144 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
145 return NULL;
146 }
147 for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
148 val = sk_CONF_VALUE_value(values, i);
149 if(!strcmp(val->name, "CA")) {
150 if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
151 } else if(!strcmp(val->name, "pathlen")) {
152 if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
153 } else {
154 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
155 X509V3_conf_err(val);
156 goto err;
157 }
158 }
159 return bcons;
160 err:
161 BASIC_CONSTRAINTS_free(bcons);
162 return NULL;
163}
164
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
new file mode 100644
index 0000000000..9828ba15b3
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_bitst.c
@@ -0,0 +1,147 @@
1/* v3_bitst.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/x509v3.h>
63
64static ASN1_BIT_STRING *asn1_bit_string_new(void);
65static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
66 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
67static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
68 ASN1_BIT_STRING *bits,
69 STACK_OF(CONF_VALUE) *extlist);
70static BIT_STRING_BITNAME ns_cert_type_table[] = {
71{0, "SSL Client", "client"},
72{1, "SSL Server", "server"},
73{2, "S/MIME", "email"},
74{3, "Object Signing", "objsign"},
75{4, "Unused", "reserved"},
76{5, "SSL CA", "sslCA"},
77{6, "S/MIME CA", "emailCA"},
78{7, "Object Signing CA", "objCA"},
79{-1, NULL, NULL}
80};
81
82static BIT_STRING_BITNAME key_usage_type_table[] = {
83{0, "Digital Signature", "digitalSignature"},
84{1, "Non Repudiation", "nonRepudiation"},
85{2, "Key Encipherment", "keyEncipherment"},
86{3, "Data Encipherment", "dataEncipherment"},
87{4, "Key Agreement", "keyAgreement"},
88{5, "Certificate Sign", "keyCertSign"},
89{6, "CRL Sign", "cRLSign"},
90{7, "Encipher Only", "encipherOnly"},
91{8, "Decipher Only", "decipherOnly"},
92{-1, NULL, NULL}
93};
94
95
96
97X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
98X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
99
100static ASN1_BIT_STRING *asn1_bit_string_new(void)
101{
102 return ASN1_BIT_STRING_new();
103}
104
105static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
106 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
107{
108 BIT_STRING_BITNAME *bnam;
109 for(bnam =method->usr_data; bnam->lname; bnam++) {
110 if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
111 X509V3_add_value(bnam->lname, NULL, &ret);
112 }
113 return ret;
114}
115
116static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
117 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
118{
119 CONF_VALUE *val;
120 ASN1_BIT_STRING *bs;
121 int i;
122 BIT_STRING_BITNAME *bnam;
123 if(!(bs = ASN1_BIT_STRING_new())) {
124 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
125 return NULL;
126 }
127 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
128 val = sk_CONF_VALUE_value(nval, i);
129 for(bnam = method->usr_data; bnam->lname; bnam++) {
130 if(!strcmp(bnam->sname, val->name) ||
131 !strcmp(bnam->lname, val->name) ) {
132 ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
133 break;
134 }
135 }
136 if(!bnam->lname) {
137 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
138 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
139 X509V3_conf_err(val);
140 ASN1_BIT_STRING_free(bs);
141 return NULL;
142 }
143 }
144 return bs;
145}
146
147
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
new file mode 100644
index 0000000000..f19bb3ad84
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -0,0 +1,366 @@
1/* v3_conf.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* extension creation utilities */
59
60
61
62#include <stdio.h>
63#include <ctype.h>
64#include "cryptlib.h"
65#include <openssl/conf.h>
66#include <openssl/x509.h>
67#include <openssl/x509v3.h>
68
69static int v3_check_critical(char **value);
70static int v3_check_generic(char **value);
71static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
73static char *conf_lhash_get_string(void *db, char *section, char *value);
74static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
75static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
76 int crit, void *ext_struc);
77/* LHASH *conf: Config file */
78/* char *name: Name */
79/* char *value: Value */
80X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
81 char *value)
82{
83 int crit;
84 int ext_type;
85 X509_EXTENSION *ret;
86 crit = v3_check_critical(&value);
87 if((ext_type = v3_check_generic(&value)))
88 return v3_generic_extension(name, value, crit, ext_type);
89 ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
90 if(!ret) {
91 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
92 ERR_add_error_data(4,"name=", name, ", value=", value);
93 }
94 return ret;
95}
96
97/* LHASH *conf: Config file */
98/* char *value: Value */
99X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
100 char *value)
101{
102 int crit;
103 int ext_type;
104 crit = v3_check_critical(&value);
105 if((ext_type = v3_check_generic(&value)))
106 return v3_generic_extension(OBJ_nid2sn(ext_nid),
107 value, crit, ext_type);
108 return do_ext_conf(conf, ctx, ext_nid, crit, value);
109}
110
111/* LHASH *conf: Config file */
112/* char *value: Value */
113static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
114 int crit, char *value)
115{
116 X509V3_EXT_METHOD *method;
117 X509_EXTENSION *ext;
118 STACK_OF(CONF_VALUE) *nval;
119 void *ext_struc;
120 if(ext_nid == NID_undef) {
121 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
122 return NULL;
123 }
124 if(!(method = X509V3_EXT_get_nid(ext_nid))) {
125 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
126 return NULL;
127 }
128 /* Now get internal extension representation based on type */
129 if(method->v2i) {
130 if(*value == '@') nval = CONF_get_section(conf, value + 1);
131 else nval = X509V3_parse_list(value);
132 if(!nval) {
133 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
134 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
135 return NULL;
136 }
137 ext_struc = method->v2i(method, ctx, nval);
138 if(*value != '@') sk_CONF_VALUE_pop_free(nval,
139 X509V3_conf_free);
140 if(!ext_struc) return NULL;
141 } else if(method->s2i) {
142 if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
143 } else if(method->r2i) {
144 if(!ctx->db) {
145 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
146 return NULL;
147 }
148 if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
149 } else {
150 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
151 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
152 return NULL;
153 }
154
155 ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
156 method->ext_free(ext_struc);
157 return ext;
158
159}
160
161static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
162 int crit, void *ext_struc)
163{
164 unsigned char *ext_der, *p;
165 int ext_len;
166 ASN1_OCTET_STRING *ext_oct;
167 X509_EXTENSION *ext;
168 /* Convert internal representation to DER */
169 ext_len = method->i2d(ext_struc, NULL);
170 if(!(ext_der = Malloc(ext_len))) goto merr;
171 p = ext_der;
172 method->i2d(ext_struc, &p);
173 if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr;
174 ext_oct->data = ext_der;
175 ext_oct->length = ext_len;
176
177 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
178 if(!ext) goto merr;
179 ASN1_OCTET_STRING_free(ext_oct);
180
181 return ext;
182
183 merr:
184 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
185 return NULL;
186
187}
188
189/* Given an internal structure, nid and critical flag create an extension */
190
191X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
192{
193 X509V3_EXT_METHOD *method;
194 if(!(method = X509V3_EXT_get_nid(ext_nid))) {
195 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
196 return NULL;
197 }
198 return do_ext_i2d(method, ext_nid, crit, ext_struc);
199}
200
201/* Check the extension string for critical flag */
202static int v3_check_critical(char **value)
203{
204 char *p = *value;
205 if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
206 p+=9;
207 while(isspace((unsigned char)*p)) p++;
208 *value = p;
209 return 1;
210}
211
212/* Check extension string for generic extension and return the type */
213static int v3_check_generic(char **value)
214{
215 char *p = *value;
216 if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
217 p+=4;
218 while(isspace((unsigned char)*p)) p++;
219 *value = p;
220 return 1;
221}
222
223/* Create a generic extension: for now just handle RAW type */
224static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
225 int crit, int type)
226{
227unsigned char *ext_der=NULL;
228long ext_len;
229ASN1_OBJECT *obj=NULL;
230ASN1_OCTET_STRING *oct=NULL;
231X509_EXTENSION *extension=NULL;
232if(!(obj = OBJ_txt2obj(ext, 0))) {
233 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
234 ERR_add_error_data(2, "name=", ext);
235 goto err;
236}
237
238if(!(ext_der = string_to_hex(value, &ext_len))) {
239 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
240 ERR_add_error_data(2, "value=", value);
241 goto err;
242}
243
244if(!(oct = ASN1_OCTET_STRING_new())) {
245 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
246 goto err;
247}
248
249oct->data = ext_der;
250oct->length = ext_len;
251ext_der = NULL;
252
253extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
254
255err:
256ASN1_OBJECT_free(obj);
257ASN1_OCTET_STRING_free(oct);
258if(ext_der) Free(ext_der);
259return extension;
260}
261
262
263/* This is the main function: add a bunch of extensions based on a config file
264 * section
265 */
266
267int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
268 X509 *cert)
269{
270 X509_EXTENSION *ext;
271 STACK_OF(CONF_VALUE) *nval;
272 CONF_VALUE *val;
273 int i;
274 if(!(nval = CONF_get_section(conf, section))) return 0;
275 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
276 val = sk_CONF_VALUE_value(nval, i);
277 if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
278 return 0;
279 if(cert) X509_add_ext(cert, ext, -1);
280 X509_EXTENSION_free(ext);
281 }
282 return 1;
283}
284
285/* Same as above but for a CRL */
286
287int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
288 X509_CRL *crl)
289{
290 X509_EXTENSION *ext;
291 STACK_OF(CONF_VALUE) *nval;
292 CONF_VALUE *val;
293 int i;
294 if(!(nval = CONF_get_section(conf, section))) return 0;
295 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
296 val = sk_CONF_VALUE_value(nval, i);
297 if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
298 return 0;
299 if(crl) X509_CRL_add_ext(crl, ext, -1);
300 X509_EXTENSION_free(ext);
301 }
302 return 1;
303}
304
305/* Config database functions */
306
307char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
308{
309 if(ctx->db_meth->get_string)
310 return ctx->db_meth->get_string(ctx->db, name, section);
311 return NULL;
312}
313
314STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
315{
316 if(ctx->db_meth->get_section)
317 return ctx->db_meth->get_section(ctx->db, section);
318 return NULL;
319}
320
321void X509V3_string_free(X509V3_CTX *ctx, char *str)
322{
323 if(!str) return;
324 if(ctx->db_meth->free_string)
325 ctx->db_meth->free_string(ctx->db, str);
326}
327
328void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
329{
330 if(!section) return;
331 if(ctx->db_meth->free_section)
332 ctx->db_meth->free_section(ctx->db, section);
333}
334
335static char *conf_lhash_get_string(void *db, char *section, char *value)
336{
337 return CONF_get_string(db, section, value);
338}
339
340static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
341{
342 return CONF_get_section(db, section);
343}
344
345static X509V3_CONF_METHOD conf_lhash_method = {
346conf_lhash_get_string,
347conf_lhash_get_section,
348NULL,
349NULL
350};
351
352void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
353{
354 ctx->db_meth = &conf_lhash_method;
355 ctx->db = lhash;
356}
357
358void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
359 X509_CRL *crl, int flags)
360{
361 ctx->issuer_cert = issuer;
362 ctx->subject_cert = subj;
363 ctx->crl = crl;
364 ctx->subject_req = req;
365 ctx->flags = flags;
366}
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
new file mode 100644
index 0000000000..b4d4883545
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -0,0 +1,655 @@
1/* v3_cpols.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66/* Certificate policies extension support: this one is a bit complex... */
67
68static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
69static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
70static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
71static void print_notice(BIO *out, USERNOTICE *notice, int indent);
72static POLICYINFO *policy_section(X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
74static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
75 STACK_OF(CONF_VALUE) *unot, int ia5org);
76static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos);
77
78X509V3_EXT_METHOD v3_cpols = {
79NID_certificate_policies, 0,
80(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
81(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free,
82(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
83(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES,
84NULL, NULL,
85NULL, NULL,
86(X509V3_EXT_I2R)i2r_certpol,
87(X509V3_EXT_R2I)r2i_certpol,
88NULL
89};
90
91
92static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
93 X509V3_CTX *ctx, char *value)
94{
95 STACK_OF(POLICYINFO) *pols = NULL;
96 char *pstr;
97 POLICYINFO *pol;
98 ASN1_OBJECT *pobj;
99 STACK_OF(CONF_VALUE) *vals;
100 CONF_VALUE *cnf;
101 int i, ia5org;
102 pols = sk_POLICYINFO_new_null();
103 vals = X509V3_parse_list(value);
104 ia5org = 0;
105 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
106 cnf = sk_CONF_VALUE_value(vals, i);
107 if(cnf->value || !cnf->name ) {
108 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
109 X509V3_conf_err(cnf);
110 goto err;
111 }
112 pstr = cnf->name;
113 if(!strcmp(pstr,"ia5org")) {
114 ia5org = 1;
115 continue;
116 } else if(*pstr == '@') {
117 STACK_OF(CONF_VALUE) *polsect;
118 polsect = X509V3_get_section(ctx, pstr + 1);
119 if(!polsect) {
120 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
121
122 X509V3_conf_err(cnf);
123 goto err;
124 }
125 pol = policy_section(ctx, polsect, ia5org);
126 X509V3_section_free(ctx, polsect);
127 if(!pol) goto err;
128 } else {
129 if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
130 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
131 X509V3_conf_err(cnf);
132 goto err;
133 }
134 pol = POLICYINFO_new();
135 pol->policyid = pobj;
136 }
137 sk_POLICYINFO_push(pols, pol);
138 }
139 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
140 return pols;
141 err:
142 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
143 return NULL;
144}
145
146static POLICYINFO *policy_section(X509V3_CTX *ctx,
147 STACK_OF(CONF_VALUE) *polstrs, int ia5org)
148{
149 int i;
150 CONF_VALUE *cnf;
151 POLICYINFO *pol;
152 POLICYQUALINFO *qual;
153 if(!(pol = POLICYINFO_new())) goto merr;
154 for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
155 cnf = sk_CONF_VALUE_value(polstrs, i);
156 if(!strcmp(cnf->name, "policyIdentifier")) {
157 ASN1_OBJECT *pobj;
158 if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
159 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
160 X509V3_conf_err(cnf);
161 goto err;
162 }
163 pol->policyid = pobj;
164
165 } else if(!name_cmp(cnf->name, "CPS")) {
166 if(!pol->qualifiers) pol->qualifiers =
167 sk_POLICYQUALINFO_new_null();
168 if(!(qual = POLICYQUALINFO_new())) goto merr;
169 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
170 goto merr;
171 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
172 qual->d.cpsuri = ASN1_IA5STRING_new();
173 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
174 strlen(cnf->value))) goto merr;
175 } else if(!name_cmp(cnf->name, "userNotice")) {
176 STACK_OF(CONF_VALUE) *unot;
177 if(*cnf->value != '@') {
178 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
179 X509V3_conf_err(cnf);
180 goto err;
181 }
182 unot = X509V3_get_section(ctx, cnf->value + 1);
183 if(!unot) {
184 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
185
186 X509V3_conf_err(cnf);
187 goto err;
188 }
189 qual = notice_section(ctx, unot, ia5org);
190 X509V3_section_free(ctx, unot);
191 if(!qual) goto err;
192 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
193 goto merr;
194 } else {
195 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
196
197 X509V3_conf_err(cnf);
198 goto err;
199 }
200 }
201 if(!pol->policyid) {
202 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
203 goto err;
204 }
205
206 return pol;
207
208 merr:
209 X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
210
211 err:
212 POLICYINFO_free(pol);
213 return NULL;
214
215
216}
217
218static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
219 STACK_OF(CONF_VALUE) *unot, int ia5org)
220{
221 int i;
222 CONF_VALUE *cnf;
223 USERNOTICE *not;
224 POLICYQUALINFO *qual;
225 if(!(qual = POLICYQUALINFO_new())) goto merr;
226 qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
227 if(!(not = USERNOTICE_new())) goto merr;
228 qual->d.usernotice = not;
229 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
230 cnf = sk_CONF_VALUE_value(unot, i);
231 if(!strcmp(cnf->name, "explicitText")) {
232 not->exptext = ASN1_VISIBLESTRING_new();
233 if(!ASN1_STRING_set(not->exptext, cnf->value,
234 strlen(cnf->value))) goto merr;
235 } else if(!strcmp(cnf->name, "organization")) {
236 NOTICEREF *nref;
237 if(!not->noticeref) {
238 if(!(nref = NOTICEREF_new())) goto merr;
239 not->noticeref = nref;
240 } else nref = not->noticeref;
241 if(ia5org) nref->organization = ASN1_IA5STRING_new();
242 else nref->organization = ASN1_VISIBLESTRING_new();
243 if(!ASN1_STRING_set(nref->organization, cnf->value,
244 strlen(cnf->value))) goto merr;
245 } else if(!strcmp(cnf->name, "noticeNumbers")) {
246 NOTICEREF *nref;
247 STACK_OF(CONF_VALUE) *nos;
248 if(!not->noticeref) {
249 if(!(nref = NOTICEREF_new())) goto merr;
250 not->noticeref = nref;
251 } else nref = not->noticeref;
252 nos = X509V3_parse_list(cnf->value);
253 if(!nos || !sk_CONF_VALUE_num(nos)) {
254 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
255 X509V3_conf_err(cnf);
256 goto err;
257 }
258 nref->noticenos = nref_nos(nos);
259 sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
260 if(!nref->noticenos) goto err;
261 } else {
262 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
263
264 X509V3_conf_err(cnf);
265 goto err;
266 }
267 }
268
269 if(not->noticeref &&
270 (!not->noticeref->noticenos || !not->noticeref->organization)) {
271 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
272 goto err;
273 }
274
275 return qual;
276
277 merr:
278 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
279
280 err:
281 POLICYQUALINFO_free(qual);
282 return NULL;
283}
284
285static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos)
286{
287 STACK *nnums;
288 CONF_VALUE *cnf;
289 ASN1_INTEGER *aint;
290 int i;
291 if(!(nnums = sk_new_null())) goto merr;
292 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
293 cnf = sk_CONF_VALUE_value(nos, i);
294 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
295 X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
296 goto err;
297 }
298 if(!sk_push(nnums, (char *)aint)) goto merr;
299 }
300 return nnums;
301
302 merr:
303 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
304
305 err:
306 sk_pop_free(nnums, ASN1_STRING_free);
307 return NULL;
308}
309
310
311static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
312 BIO *out, int indent)
313{
314 int i;
315 POLICYINFO *pinfo;
316 /* First print out the policy OIDs */
317 for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
318 pinfo = sk_POLICYINFO_value(pol, i);
319 BIO_printf(out, "%*sPolicy: ", indent, "");
320 i2a_ASN1_OBJECT(out, pinfo->policyid);
321 BIO_puts(out, "\n");
322 if(pinfo->qualifiers)
323 print_qualifiers(out, pinfo->qualifiers, indent + 2);
324 }
325 return 1;
326}
327
328
329int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp)
330{
331
332return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
333 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
334
335STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void)
336{
337 return sk_POLICYINFO_new_null();
338}
339
340void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a)
341{
342 sk_POLICYINFO_pop_free(a, POLICYINFO_free);
343}
344
345STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a,
346 unsigned char **pp,long length)
347{
348return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
349 POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
350
351}
352
353IMPLEMENT_STACK_OF(POLICYINFO)
354IMPLEMENT_ASN1_SET_OF(POLICYINFO)
355
356int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp)
357{
358 M_ASN1_I2D_vars(a);
359
360 M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT);
361 M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
362 i2d_POLICYQUALINFO);
363
364 M_ASN1_I2D_seq_total();
365
366 M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT);
367 M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
368 i2d_POLICYQUALINFO);
369
370 M_ASN1_I2D_finish();
371}
372
373POLICYINFO *POLICYINFO_new(void)
374{
375 POLICYINFO *ret=NULL;
376 ASN1_CTX c;
377 M_ASN1_New_Malloc(ret, POLICYINFO);
378 ret->policyid = NULL;
379 ret->qualifiers = NULL;
380 return (ret);
381 M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
382}
383
384POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length)
385{
386 M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
387 M_ASN1_D2I_Init();
388 M_ASN1_D2I_start_sequence();
389 M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT);
390 if(!M_ASN1_D2I_end_sequence()) {
391 M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers,
392 d2i_POLICYQUALINFO, POLICYQUALINFO_free);
393 }
394 M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
395}
396
397void POLICYINFO_free(POLICYINFO *a)
398{
399 if (a == NULL) return;
400 ASN1_OBJECT_free(a->policyid);
401 sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
402 Free (a);
403}
404
405static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
406 int indent)
407{
408 POLICYQUALINFO *qualinfo;
409 int i;
410 for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
411 qualinfo = sk_POLICYQUALINFO_value(quals, i);
412 switch(OBJ_obj2nid(qualinfo->pqualid))
413 {
414 case NID_id_qt_cps:
415 BIO_printf(out, "%*sCPS: %s\n", indent, "",
416 qualinfo->d.cpsuri->data);
417 break;
418
419 case NID_id_qt_unotice:
420 BIO_printf(out, "%*sUser Notice:\n", indent, "");
421 print_notice(out, qualinfo->d.usernotice, indent + 2);
422 break;
423
424 default:
425 BIO_printf(out, "%*sUnknown Qualifier: ",
426 indent + 2, "");
427
428 i2a_ASN1_OBJECT(out, qualinfo->pqualid);
429 BIO_puts(out, "\n");
430 break;
431 }
432 }
433}
434
435static void print_notice(BIO *out, USERNOTICE *notice, int indent)
436{
437 int i;
438 if(notice->noticeref) {
439 NOTICEREF *ref;
440 ref = notice->noticeref;
441 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
442 ref->organization->data);
443 BIO_printf(out, "%*sNumber%s: ", indent, "",
444 (sk_num(ref->noticenos) > 1) ? "s" : "");
445 for(i = 0; i < sk_num(ref->noticenos); i++) {
446 ASN1_INTEGER *num;
447 char *tmp;
448 num = (ASN1_INTEGER *)sk_value(ref->noticenos, i);
449 if(i) BIO_puts(out, ", ");
450 tmp = i2s_ASN1_INTEGER(NULL, num);
451 BIO_puts(out, tmp);
452 Free(tmp);
453 }
454 BIO_puts(out, "\n");
455 }
456 if(notice->exptext)
457 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
458 notice->exptext->data);
459}
460
461
462
463int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp)
464{
465 M_ASN1_I2D_vars(a);
466
467 M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT);
468 switch(OBJ_obj2nid(a->pqualid)) {
469 case NID_id_qt_cps:
470 M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING);
471 break;
472
473 case NID_id_qt_unotice:
474 M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE);
475 break;
476
477 default:
478 M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE);
479 break;
480 }
481
482 M_ASN1_I2D_seq_total();
483
484 M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT);
485 switch(OBJ_obj2nid(a->pqualid)) {
486 case NID_id_qt_cps:
487 M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING);
488 break;
489
490 case NID_id_qt_unotice:
491 M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE);
492 break;
493
494 default:
495 M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE);
496 break;
497 }
498
499 M_ASN1_I2D_finish();
500}
501
502POLICYQUALINFO *POLICYQUALINFO_new(void)
503{
504 POLICYQUALINFO *ret=NULL;
505 ASN1_CTX c;
506 M_ASN1_New_Malloc(ret, POLICYQUALINFO);
507 ret->pqualid = NULL;
508 ret->d.other = NULL;
509 return (ret);
510 M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW);
511}
512
513POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
514 long length)
515{
516 M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new);
517 M_ASN1_D2I_Init();
518 M_ASN1_D2I_start_sequence();
519 M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT);
520 switch(OBJ_obj2nid(ret->pqualid)) {
521 case NID_id_qt_cps:
522 M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING);
523 break;
524
525 case NID_id_qt_unotice:
526 M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE);
527 break;
528
529 default:
530 M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE);
531 break;
532 }
533 M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO);
534}
535
536void POLICYQUALINFO_free(POLICYQUALINFO *a)
537{
538 if (a == NULL) return;
539 switch(OBJ_obj2nid(a->pqualid)) {
540 case NID_id_qt_cps:
541 ASN1_IA5STRING_free(a->d.cpsuri);
542 break;
543
544 case NID_id_qt_unotice:
545 USERNOTICE_free(a->d.usernotice);
546 break;
547
548 default:
549 ASN1_TYPE_free(a->d.other);
550 break;
551 }
552
553 ASN1_OBJECT_free(a->pqualid);
554 Free (a);
555}
556
557int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp)
558{
559 M_ASN1_I2D_vars(a);
560
561 M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF);
562 M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT);
563
564 M_ASN1_I2D_seq_total();
565
566 M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF);
567 M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT);
568
569 M_ASN1_I2D_finish();
570}
571
572USERNOTICE *USERNOTICE_new(void)
573{
574 USERNOTICE *ret=NULL;
575 ASN1_CTX c;
576 M_ASN1_New_Malloc(ret, USERNOTICE);
577 ret->noticeref = NULL;
578 ret->exptext = NULL;
579 return (ret);
580 M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW);
581}
582
583USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length)
584{
585 M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new);
586 M_ASN1_D2I_Init();
587 M_ASN1_D2I_start_sequence();
588 M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE);
589 if (!M_ASN1_D2I_end_sequence()) {
590 M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT);
591 }
592 M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE);
593}
594
595void USERNOTICE_free(USERNOTICE *a)
596{
597 if (a == NULL) return;
598 NOTICEREF_free(a->noticeref);
599 DISPLAYTEXT_free(a->exptext);
600 Free (a);
601}
602
603int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp)
604{
605 M_ASN1_I2D_vars(a);
606
607 M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT);
608 M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
609
610 M_ASN1_I2D_seq_total();
611
612 M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT);
613 M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
614
615 M_ASN1_I2D_finish();
616}
617
618NOTICEREF *NOTICEREF_new(void)
619{
620 NOTICEREF *ret=NULL;
621 ASN1_CTX c;
622 M_ASN1_New_Malloc(ret, NOTICEREF);
623 ret->organization = NULL;
624 ret->noticenos = NULL;
625 return (ret);
626 M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW);
627}
628
629NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
630{
631 M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new);
632 M_ASN1_D2I_Init();
633 M_ASN1_D2I_start_sequence();
634 /* This is to cope with some broken encodings that use IA5STRING for
635 * the organization field
636 */
637 M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING,
638 V_ASN1_IA5STRING);
639 if(!ret->organization) {
640 M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT);
641 }
642 M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free);
643 M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
644}
645
646void NOTICEREF_free(NOTICEREF *a)
647{
648 if (a == NULL) return;
649 DISPLAYTEXT_free(a->organization);
650 sk_pop_free(a->noticenos, ASN1_STRING_free);
651 Free (a);
652}
653
654IMPLEMENT_STACK_OF(POLICYQUALINFO)
655IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO)
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
new file mode 100644
index 0000000000..897ffb63e4
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -0,0 +1,283 @@
1/* v3_crld.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
67 STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
68static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
70
71X509V3_EXT_METHOD v3_crld = {
72NID_crl_distribution_points, X509V3_EXT_MULTILINE,
73(X509V3_EXT_NEW)CRL_DIST_POINTS_new,
74(X509V3_EXT_FREE)CRL_DIST_POINTS_free,
75(X509V3_EXT_D2I)d2i_CRL_DIST_POINTS,
76(X509V3_EXT_I2D)i2d_CRL_DIST_POINTS,
77NULL, NULL,
78(X509V3_EXT_I2V)i2v_crld,
79(X509V3_EXT_V2I)v2i_crld,
80NULL, NULL, NULL
81};
82
83static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
84 STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
85{
86 DIST_POINT *point;
87 int i;
88 for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
89 point = sk_DIST_POINT_value(crld, i);
90 if(point->distpoint->fullname) {
91 exts = i2v_GENERAL_NAMES(NULL,
92 point->distpoint->fullname, exts);
93 }
94 if(point->reasons)
95 X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
96 if(point->CRLissuer)
97 X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
98 if(point->distpoint->relativename)
99 X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
100 }
101 return exts;
102}
103
104static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
105 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
106{
107 STACK_OF(DIST_POINT) *crld = NULL;
108 STACK_OF(GENERAL_NAME) *gens = NULL;
109 GENERAL_NAME *gen = NULL;
110 CONF_VALUE *cnf;
111 int i;
112 if(!(crld = sk_DIST_POINT_new(NULL))) goto merr;
113 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
114 DIST_POINT *point;
115 cnf = sk_CONF_VALUE_value(nval, i);
116 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
117 if(!(gens = GENERAL_NAMES_new())) goto merr;
118 if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
119 gen = NULL;
120 if(!(point = DIST_POINT_new())) goto merr;
121 if(!sk_DIST_POINT_push(crld, point)) {
122 DIST_POINT_free(point);
123 goto merr;
124 }
125 if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
126 point->distpoint->fullname = gens;
127 gens = NULL;
128 }
129 return crld;
130
131 merr:
132 X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
133 err:
134 GENERAL_NAME_free(gen);
135 GENERAL_NAMES_free(gens);
136 sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
137 return NULL;
138}
139
140int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp)
141{
142
143return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE,
144 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
145
146STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void)
147{
148 return sk_DIST_POINT_new_null();
149}
150
151void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a)
152{
153 sk_DIST_POINT_pop_free(a, DIST_POINT_free);
154}
155
156STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
157 unsigned char **pp,long length)
158{
159return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT,
160 DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
161
162}
163
164IMPLEMENT_STACK_OF(DIST_POINT)
165IMPLEMENT_ASN1_SET_OF(DIST_POINT)
166
167int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp)
168{
169 int v = 0;
170 M_ASN1_I2D_vars(a);
171 /* NB: underlying type is a CHOICE so need EXPLICIT tagging */
172 M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
173 M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING);
174 M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES);
175
176 M_ASN1_I2D_seq_total();
177
178 M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
179 M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1);
180 M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2);
181
182 M_ASN1_I2D_finish();
183}
184
185DIST_POINT *DIST_POINT_new(void)
186{
187 DIST_POINT *ret=NULL;
188 ASN1_CTX c;
189 M_ASN1_New_Malloc(ret, DIST_POINT);
190 ret->distpoint = NULL;
191 ret->reasons = NULL;
192 ret->CRLissuer = NULL;
193 return (ret);
194 M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW);
195}
196
197DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length)
198{
199 M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new);
200 M_ASN1_D2I_Init();
201 M_ASN1_D2I_start_sequence();
202 M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0);
203 M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1,
204 V_ASN1_BIT_STRING);
205 M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2,
206 V_ASN1_SEQUENCE);
207 M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT);
208}
209
210void DIST_POINT_free(DIST_POINT *a)
211{
212 if (a == NULL) return;
213 DIST_POINT_NAME_free(a->distpoint);
214 ASN1_BIT_STRING_free(a->reasons);
215 sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
216 Free ((char *)a);
217}
218
219int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
220{
221 int v = 0;
222 M_ASN1_I2D_vars(a);
223
224 if(a->fullname) {
225 M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES);
226 } else {
227 M_ASN1_I2D_len_EXP_opt (a->relativename, i2d_X509_NAME, 1, v);
228 }
229
230 /* Don't want a SEQUENCE so... */
231 if(pp == NULL) return ret;
232 p = *pp;
233
234 if(a->fullname) {
235 M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0);
236 } else {
237 M_ASN1_I2D_put_EXP_opt (a->relativename, i2d_X509_NAME, 1, v);
238 }
239 M_ASN1_I2D_finish();
240}
241
242DIST_POINT_NAME *DIST_POINT_NAME_new(void)
243{
244 DIST_POINT_NAME *ret=NULL;
245 ASN1_CTX c;
246 M_ASN1_New_Malloc(ret, DIST_POINT_NAME);
247 ret->fullname = NULL;
248 ret->relativename = NULL;
249 return (ret);
250 M_ASN1_New_Error(ASN1_F_DIST_POINT_NAME_NEW);
251}
252
253void DIST_POINT_NAME_free(DIST_POINT_NAME *a)
254{
255 if (a == NULL) return;
256 X509_NAME_free(a->relativename);
257 sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free);
258 Free ((char *)a);
259}
260
261DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
262 long length)
263{
264 unsigned char _tmp, tag;
265 M_ASN1_D2I_vars(a,DIST_POINT_NAME *,DIST_POINT_NAME_new);
266 M_ASN1_D2I_Init();
267 c.slen = length;
268
269 _tmp = M_ASN1_next;
270 tag = _tmp & ~V_ASN1_CONSTRUCTED;
271
272 if(tag == (0|V_ASN1_CONTEXT_SPECIFIC)) {
273 M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES,
274 V_ASN1_SEQUENCE);
275 } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) {
276 M_ASN1_D2I_get_EXP_opt (ret->relativename, d2i_X509_NAME, 1);
277 } else {
278 c.error = ASN1_R_BAD_TAG;
279 goto err;
280 }
281
282 M_ASN1_D2I_Finish(a, DIST_POINT_NAME_free, ASN1_F_D2I_DIST_POINT_NAME);
283}
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
new file mode 100644
index 0000000000..db423548ff
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_enum.c
@@ -0,0 +1,103 @@
1/* v3_enum.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63static ASN1_ENUMERATED *asn1_enumerated_new(void);
64
65static ENUMERATED_NAMES crl_reasons[] = {
66{0, "Unspecified", "unspecified"},
67{1, "Key Compromise", "keyCompromise"},
68{2, "CA Compromise", "CACompromise"},
69{3, "Affiliation Changed", "affiliationChanged"},
70{4, "Superseded", "superseded"},
71{5, "Cessation Of Operation", "cessationOfOperation"},
72{6, "Certificate Hold", "certificateHold"},
73{8, "Remove From CRL", "removeFromCRL"},
74{-1, NULL, NULL}
75};
76
77X509V3_EXT_METHOD v3_crl_reason = {
78NID_crl_reason, 0,
79(X509V3_EXT_NEW)asn1_enumerated_new,
80(X509V3_EXT_FREE)ASN1_STRING_free,
81(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
82(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
83(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
84(X509V3_EXT_S2I)NULL,
85NULL, NULL, NULL, NULL, crl_reasons};
86
87
88static ASN1_ENUMERATED *asn1_enumerated_new(void)
89{
90 return ASN1_ENUMERATED_new();
91}
92
93char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
94 ASN1_ENUMERATED *e)
95{
96 ENUMERATED_NAMES *enam;
97 long strval;
98 strval = ASN1_ENUMERATED_get(e);
99 for(enam = method->usr_data; enam->lname; enam++) {
100 if(strval == enam->bitnum) return BUF_strdup(enam->lname);
101 }
102 return i2s_ASN1_ENUMERATED(method, e);
103}
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
new file mode 100644
index 0000000000..e039d21cbf
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_extku.c
@@ -0,0 +1,150 @@
1/* v3_extku.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
69 STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *extlist);
70X509V3_EXT_METHOD v3_ext_ku = {
71NID_ext_key_usage, 0,
72(X509V3_EXT_NEW)ext_ku_new,
73(X509V3_EXT_FREE)ext_ku_free,
74(X509V3_EXT_D2I)d2i_ext_ku,
75(X509V3_EXT_I2D)i2d_ext_ku,
76NULL, NULL,
77(X509V3_EXT_I2V)i2v_ext_ku,
78(X509V3_EXT_V2I)v2i_ext_ku,
79NULL,NULL,
80NULL
81};
82
83STACK_OF(ASN1_OBJECT) *ext_ku_new(void)
84{
85 return sk_ASN1_OBJECT_new_null();
86}
87
88void ext_ku_free(STACK_OF(ASN1_OBJECT) *eku)
89{
90 sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free);
91 return;
92}
93
94int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp)
95{
96 return i2d_ASN1_SET_OF_ASN1_OBJECT(a, pp, i2d_ASN1_OBJECT,
97 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
98}
99
100STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
101 unsigned char **pp, long length)
102{
103 return d2i_ASN1_SET_OF_ASN1_OBJECT(a, pp, length, d2i_ASN1_OBJECT,
104 ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
105}
106
107
108
109static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
110 STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *ext_list)
111{
112int i;
113ASN1_OBJECT *obj;
114char obj_tmp[80];
115for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
116 obj = sk_ASN1_OBJECT_value(eku, i);
117 i2t_ASN1_OBJECT(obj_tmp, 80, obj);
118 X509V3_add_value(NULL, obj_tmp, &ext_list);
119}
120return ext_list;
121}
122
123static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
124 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
125{
126STACK_OF(ASN1_OBJECT) *extku;
127char *extval;
128ASN1_OBJECT *objtmp;
129CONF_VALUE *val;
130int i;
131
132if(!(extku = sk_ASN1_OBJECT_new(NULL))) {
133 X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
134 return NULL;
135}
136
137for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
138 val = sk_CONF_VALUE_value(nval, i);
139 if(val->value) extval = val->value;
140 else extval = val->name;
141 if(!(objtmp = OBJ_txt2obj(extval, 0))) {
142 sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
143 X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
144 X509V3_conf_err(val);
145 return NULL;
146 }
147 sk_ASN1_OBJECT_push(extku, objtmp);
148}
149return extku;
150}
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
new file mode 100644
index 0000000000..af716232f8
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_genn.c
@@ -0,0 +1,237 @@
1/* v3_genn.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp)
68{
69 unsigned char *p;
70 int ret;
71
72 ret = 0;
73
74 /* Save the location of initial TAG */
75 if(pp) p = *pp;
76 else p = NULL;
77
78 /* GEN_DNAME needs special treatment because of EXPLICIT tag */
79
80 if(a->type == GEN_DIRNAME) {
81 int v = 0;
82 M_ASN1_I2D_len_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
83 if(!p) return ret;
84 M_ASN1_I2D_put_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
85 *pp = p;
86 return ret;
87 }
88
89 switch(a->type) {
90
91 case GEN_OTHERNAME:
92 case GEN_X400:
93 case GEN_EDIPARTY:
94 ret = i2d_ASN1_TYPE(a->d.other, pp);
95 break;
96
97 case GEN_EMAIL:
98 case GEN_DNS:
99 case GEN_URI:
100 ret = i2d_ASN1_IA5STRING(a->d.ia5, pp);
101 break;
102
103 case GEN_IPADD:
104 ret = i2d_ASN1_OCTET_STRING(a->d.ip, pp);
105 break;
106
107 case GEN_RID:
108 ret = i2d_ASN1_OBJECT(a->d.rid, pp);
109 break;
110 }
111 /* Replace TAG with IMPLICIT value */
112 if(p) *p = (*p & V_ASN1_CONSTRUCTED) | a->type;
113 return ret;
114}
115
116GENERAL_NAME *GENERAL_NAME_new()
117{
118 GENERAL_NAME *ret=NULL;
119 ASN1_CTX c;
120 M_ASN1_New_Malloc(ret, GENERAL_NAME);
121 ret->type = -1;
122 ret->d.ptr = NULL;
123 return (ret);
124 M_ASN1_New_Error(ASN1_F_GENERAL_NAME_NEW);
125}
126
127GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp,
128 long length)
129{
130 unsigned char _tmp;
131 M_ASN1_D2I_vars(a,GENERAL_NAME *,GENERAL_NAME_new);
132 M_ASN1_D2I_Init();
133 c.slen = length;
134
135 _tmp = M_ASN1_next;
136 ret->type = _tmp & ~V_ASN1_CONSTRUCTED;
137
138 switch(ret->type) {
139 /* Just put these in a "blob" for now */
140 case GEN_OTHERNAME:
141 case GEN_X400:
142 case GEN_EDIPARTY:
143 M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE);
144 break;
145
146 case GEN_EMAIL:
147 case GEN_DNS:
148 case GEN_URI:
149 M_ASN1_D2I_get_imp(ret->d.ia5, d2i_ASN1_IA5STRING,
150 V_ASN1_IA5STRING);
151 break;
152
153 case GEN_DIRNAME:
154 M_ASN1_D2I_get_EXP_opt(ret->d.dirn, d2i_X509_NAME, 4);
155 break;
156
157 case GEN_IPADD:
158 M_ASN1_D2I_get_imp(ret->d.ip, d2i_ASN1_OCTET_STRING,
159 V_ASN1_OCTET_STRING);
160 break;
161
162 case GEN_RID:
163 M_ASN1_D2I_get_imp(ret->d.rid, d2i_ASN1_OBJECT,V_ASN1_OBJECT);
164 break;
165
166 default:
167 c.error = ASN1_R_BAD_TAG;
168 goto err;
169 }
170
171 c.slen = 0;
172 M_ASN1_D2I_Finish(a, GENERAL_NAME_free, ASN1_F_D2I_GENERAL_NAME);
173}
174
175void GENERAL_NAME_free(GENERAL_NAME *a)
176{
177 if (a == NULL) return;
178 switch(a->type) {
179 case GEN_OTHERNAME:
180 case GEN_X400:
181 case GEN_EDIPARTY:
182 ASN1_TYPE_free(a->d.other);
183 break;
184
185 case GEN_EMAIL:
186 case GEN_DNS:
187 case GEN_URI:
188
189 ASN1_IA5STRING_free(a->d.ia5);
190 break;
191
192 case GEN_DIRNAME:
193 X509_NAME_free(a->d.dirn);
194 break;
195
196 case GEN_IPADD:
197 ASN1_OCTET_STRING_free(a->d.ip);
198 break;
199
200 case GEN_RID:
201 ASN1_OBJECT_free(a->d.rid);
202 break;
203
204 }
205 Free ((char *)a);
206}
207
208/* Now the GeneralNames versions: a SEQUENCE OF GeneralName These are needed as
209 * an explicit functions.
210 */
211
212STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new()
213{
214 return sk_GENERAL_NAME_new(NULL);
215}
216
217void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a)
218{
219 sk_GENERAL_NAME_pop_free(a, GENERAL_NAME_free);
220}
221
222STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a,
223 unsigned char **pp, long length)
224{
225return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME,
226 GENERAL_NAME_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
227}
228
229int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp)
230{
231return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE,
232 V_ASN1_UNIVERSAL, IS_SEQUENCE);
233}
234
235IMPLEMENT_STACK_OF(GENERAL_NAME)
236IMPLEMENT_ASN1_SET_OF(GENERAL_NAME)
237
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
new file mode 100644
index 0000000000..3446c5cd6a
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_ia5.c
@@ -0,0 +1,116 @@
1/* v3_ia5.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static ASN1_IA5STRING *ia5string_new(void);
67static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
68static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
69X509V3_EXT_METHOD v3_ns_ia5_list[] = {
70EXT_IA5STRING(NID_netscape_base_url),
71EXT_IA5STRING(NID_netscape_revocation_url),
72EXT_IA5STRING(NID_netscape_ca_revocation_url),
73EXT_IA5STRING(NID_netscape_renewal_url),
74EXT_IA5STRING(NID_netscape_ca_policy_url),
75EXT_IA5STRING(NID_netscape_ssl_server_name),
76EXT_IA5STRING(NID_netscape_comment),
77EXT_END
78};
79
80
81static ASN1_IA5STRING *ia5string_new(void)
82{
83 return ASN1_IA5STRING_new();
84}
85
86static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
87 ASN1_IA5STRING *ia5)
88{
89 char *tmp;
90 if(!ia5 || !ia5->length) return NULL;
91 tmp = Malloc(ia5->length + 1);
92 memcpy(tmp, ia5->data, ia5->length);
93 tmp[ia5->length] = 0;
94 return tmp;
95}
96
97static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
98 X509V3_CTX *ctx, char *str)
99{
100 ASN1_IA5STRING *ia5;
101 if(!str) {
102 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
103 return NULL;
104 }
105 if(!(ia5 = ASN1_IA5STRING_new())) goto err;
106 if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
107 strlen(str))) {
108 ASN1_IA5STRING_free(ia5);
109 goto err;
110 }
111 return ia5;
112 err:
113 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
114 return NULL;
115}
116
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
new file mode 100644
index 0000000000..78d2135046
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -0,0 +1,236 @@
1/* v3_info.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
67 STACK_OF(ACCESS_DESCRIPTION) *ainfo,
68 STACK_OF(CONF_VALUE) *ret);
69static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
71
72X509V3_EXT_METHOD v3_info =
73{ NID_info_access, X509V3_EXT_MULTILINE,
74(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new,
75(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free,
76(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS,
77(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS,
78NULL, NULL,
79(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
80(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
81NULL, NULL, NULL};
82
83static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
84 STACK_OF(ACCESS_DESCRIPTION) *ainfo,
85 STACK_OF(CONF_VALUE) *ret)
86{
87 ACCESS_DESCRIPTION *desc;
88 int i;
89 char objtmp[80], *ntmp;
90 CONF_VALUE *vtmp;
91 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
92 desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
93 ret = i2v_GENERAL_NAME(method, desc->location, ret);
94 if(!ret) break;
95 vtmp = sk_CONF_VALUE_value(ret, i);
96 i2t_ASN1_OBJECT(objtmp, 80, desc->method);
97 ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
98 if(!ntmp) {
99 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
100 ERR_R_MALLOC_FAILURE);
101 return NULL;
102 }
103 strcpy(ntmp, objtmp);
104 strcat(ntmp, " - ");
105 strcat(ntmp, vtmp->name);
106 Free(vtmp->name);
107 vtmp->name = ntmp;
108
109 }
110 if(!ret) return sk_CONF_VALUE_new_null();
111 return ret;
112}
113
114static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
115 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
116{
117 STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL;
118 CONF_VALUE *cnf, ctmp;
119 ACCESS_DESCRIPTION *acc;
120 int i, objlen;
121 char *objtmp, *ptmp;
122 if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) {
123 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
124 return NULL;
125 }
126 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
127 cnf = sk_CONF_VALUE_value(nval, i);
128 if(!(acc = ACCESS_DESCRIPTION_new())
129 || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
130 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
131 goto err;
132 }
133 ptmp = strchr(cnf->name, ';');
134 if(!ptmp) {
135 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
136 goto err;
137 }
138 objlen = ptmp - cnf->name;
139 ctmp.name = ptmp + 1;
140 ctmp.value = cnf->value;
141 if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
142 goto err;
143 if(!(objtmp = Malloc(objlen + 1))) {
144 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
145 goto err;
146 }
147 strncpy(objtmp, cnf->name, objlen);
148 objtmp[objlen] = 0;
149 acc->method = OBJ_txt2obj(objtmp, 0);
150 if(!acc->method) {
151 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
152 ERR_add_error_data(2, "value=", objtmp);
153 Free(objtmp);
154 goto err;
155 }
156 Free(objtmp);
157
158 }
159 return ainfo;
160 err:
161 sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
162 return NULL;
163}
164
165int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp)
166{
167 M_ASN1_I2D_vars(a);
168
169 M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT);
170 M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME);
171
172 M_ASN1_I2D_seq_total();
173
174 M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT);
175 M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME);
176
177 M_ASN1_I2D_finish();
178}
179
180ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void)
181{
182 ACCESS_DESCRIPTION *ret=NULL;
183 ASN1_CTX c;
184 M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION);
185 ret->method = OBJ_nid2obj(NID_undef);
186 ret->location = NULL;
187 return (ret);
188 M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW);
189}
190
191ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
192 long length)
193{
194 M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new);
195 M_ASN1_D2I_Init();
196 M_ASN1_D2I_start_sequence();
197 M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT);
198 M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME);
199 M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION);
200}
201
202void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
203{
204 if (a == NULL) return;
205 ASN1_OBJECT_free(a->method);
206 GENERAL_NAME_free(a->location);
207 Free (a);
208}
209
210STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
211{
212 return sk_ACCESS_DESCRIPTION_new(NULL);
213}
214
215void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)
216{
217 sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free);
218}
219
220STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
221 unsigned char **pp, long length)
222{
223return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION,
224 ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
225}
226
227int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp)
228{
229return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE,
230 V_ASN1_UNIVERSAL, IS_SEQUENCE);
231}
232
233IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION)
234IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION)
235
236
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
new file mode 100644
index 0000000000..637dd5e128
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_int.c
@@ -0,0 +1,79 @@
1/* v3_int.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63static ASN1_INTEGER *asn1_integer_new(void);
64
65X509V3_EXT_METHOD v3_crl_num = {
66NID_crl_number, 0,
67(X509V3_EXT_NEW)asn1_integer_new,
68(X509V3_EXT_FREE)ASN1_STRING_free,
69(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
70(X509V3_EXT_I2D)i2d_ASN1_INTEGER,
71(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
72(X509V3_EXT_S2I)NULL,
73NULL, NULL, NULL, NULL, NULL};
74
75
76static ASN1_INTEGER *asn1_integer_new(void)
77{
78 return ASN1_INTEGER_new();
79}
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
new file mode 100644
index 0000000000..a0aa5de794
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -0,0 +1,177 @@
1/* v3_lib.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/x509v3.h>
64
65static STACK *ext_list = NULL;
66
67static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
68static void ext_list_free(X509V3_EXT_METHOD *ext);
69
70int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
71{
72 if(!ext_list && !(ext_list = sk_new(ext_cmp))) {
73 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
74 return 0;
75 }
76 if(!sk_push(ext_list, (char *)ext)) {
77 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
78 return 0;
79 }
80 return 1;
81}
82
83static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b)
84{
85 return ((*a)->ext_nid - (*b)->ext_nid);
86}
87
88X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
89{
90 X509V3_EXT_METHOD tmp;
91 int idx;
92 tmp.ext_nid = nid;
93 if(!ext_list || (tmp.ext_nid < 0) ) return NULL;
94 idx = sk_find(ext_list, (char *)&tmp);
95 if(idx == -1) return NULL;
96 return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
97}
98
99X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
100{
101 int nid;
102 if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
103 return X509V3_EXT_get_nid(nid);
104}
105
106
107int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
108{
109 for(;extlist->ext_nid!=-1;extlist++)
110 if(!X509V3_EXT_add(extlist)) return 0;
111 return 1;
112}
113
114int X509V3_EXT_add_alias(int nid_to, int nid_from)
115{
116 X509V3_EXT_METHOD *ext, *tmpext;
117 if(!(ext = X509V3_EXT_get_nid(nid_from))) {
118 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
119 return 0;
120 }
121 if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) {
122 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
123 return 0;
124 }
125 *tmpext = *ext;
126 tmpext->ext_nid = nid_to;
127 tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
128 return 1;
129}
130
131void X509V3_EXT_cleanup(void)
132{
133 sk_pop_free(ext_list, ext_list_free);
134 ext_list = NULL;
135}
136
137static void ext_list_free(X509V3_EXT_METHOD *ext)
138{
139 if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
140}
141
142extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
143extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
144extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
145
146extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
147
148int X509V3_add_standard_extensions(void)
149{
150 X509V3_EXT_add_list(v3_ns_ia5_list);
151 X509V3_EXT_add_list(v3_alt);
152 X509V3_EXT_add(&v3_bcons);
153 X509V3_EXT_add(&v3_nscert);
154 X509V3_EXT_add(&v3_key_usage);
155 X509V3_EXT_add(&v3_ext_ku);
156 X509V3_EXT_add(&v3_skey_id);
157 X509V3_EXT_add(&v3_akey_id);
158 X509V3_EXT_add(&v3_pkey_usage_period);
159 X509V3_EXT_add(&v3_crl_num);
160 X509V3_EXT_add(&v3_sxnet);
161 X509V3_EXT_add(&v3_crl_reason);
162 X509V3_EXT_add(&v3_cpols);
163 X509V3_EXT_add(&v3_crld);
164 return 1;
165}
166
167/* Return an extension internal structure */
168
169void *X509V3_EXT_d2i(X509_EXTENSION *ext)
170{
171 X509V3_EXT_METHOD *method;
172 unsigned char *p;
173 if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL;
174 p = ext->value->data;
175 return method->d2i(NULL, &p, ext->value->length);
176}
177
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
new file mode 100644
index 0000000000..083112314e
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_ocsp.c
@@ -0,0 +1,272 @@
1/* v3_ocsp.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/ocsp.h>
64#include <openssl/x509v3.h>
65
66/* OCSP extensions and a couple of CRL entry extensions
67 */
68
69static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
70static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
71static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
72
73static void *ocsp_nonce_new(void);
74static int i2d_ocsp_nonce(void *a, unsigned char **pp);
75static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
76static void ocsp_nonce_free(void *a);
77static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
78
79static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
80static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
81static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
82
83X509V3_EXT_METHOD v3_ocsp_crlid = {
84 NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
85 0,0,0,0,
86 0,0,
87 0,0,
88 i2r_ocsp_crlid,0,
89 NULL
90};
91
92X509V3_EXT_METHOD v3_ocsp_acutoff = {
93 NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
94 0,0,0,0,
95 0,0,
96 0,0,
97 i2r_ocsp_acutoff,0,
98 NULL
99};
100
101X509V3_EXT_METHOD v3_crl_invdate = {
102 NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
103 0,0,0,0,
104 0,0,
105 0,0,
106 i2r_ocsp_acutoff,0,
107 NULL
108};
109
110X509V3_EXT_METHOD v3_crl_hold = {
111 NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
112 0,0,0,0,
113 0,0,
114 0,0,
115 i2r_object,0,
116 NULL
117};
118
119X509V3_EXT_METHOD v3_ocsp_nonce = {
120 NID_id_pkix_OCSP_Nonce, 0, NULL,
121 ocsp_nonce_new,
122 ocsp_nonce_free,
123 d2i_ocsp_nonce,
124 i2d_ocsp_nonce,
125 0,0,
126 0,0,
127 i2r_ocsp_nonce,0,
128 NULL
129};
130
131X509V3_EXT_METHOD v3_ocsp_nocheck = {
132 NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
133 0,0,0,0,
134 0,s2i_ocsp_nocheck,
135 0,0,
136 i2r_ocsp_nocheck,0,
137 NULL
138};
139
140X509V3_EXT_METHOD v3_ocsp_serviceloc = {
141 NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
142 0,0,0,0,
143 0,0,
144 0,0,
145 i2r_ocsp_serviceloc,0,
146 NULL
147};
148
149static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
150{
151 OCSP_CRLID *a = in;
152 if (a->crlUrl)
153 {
154 if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
155 if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
156 if (!BIO_write(bp, "\n", 1)) goto err;
157 }
158 if (a->crlNum)
159 {
160 if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
161 if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
162 if (!BIO_write(bp, "\n", 1)) goto err;
163 }
164 if (a->crlTime)
165 {
166 if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
167 if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
168 if (!BIO_write(bp, "\n", 1)) goto err;
169 }
170 return 1;
171 err:
172 return 0;
173}
174
175static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
176{
177 if (!BIO_printf(bp, "%*s", ind, "")) return 0;
178 if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
179 return 1;
180}
181
182
183static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
184{
185 if (!BIO_printf(bp, "%*s", ind, "")) return 0;
186 if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
187 return 1;
188}
189
190/* OCSP nonce. This is needs special treatment because it doesn't have
191 * an ASN1 encoding at all: it just contains arbitrary data.
192 */
193
194static void *ocsp_nonce_new(void)
195{
196 return ASN1_OCTET_STRING_new();
197}
198
199static int i2d_ocsp_nonce(void *a, unsigned char **pp)
200{
201 ASN1_OCTET_STRING *os = a;
202 if(pp) {
203 memcpy(*pp, os->data, os->length);
204 *pp += os->length;
205 }
206 return os->length;
207}
208
209static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
210{
211 ASN1_OCTET_STRING *os, **pos;
212 pos = a;
213 if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
214 else os = *pos;
215 if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
216
217 *pp += length;
218
219 if(pos) *pos = os;
220 return os;
221
222 err:
223 if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
224 OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
225 return NULL;
226}
227
228static void ocsp_nonce_free(void *a)
229{
230 M_ASN1_OCTET_STRING_free(a);
231}
232
233static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
234{
235 if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
236 if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
237 return 1;
238}
239
240/* Nocheck is just a single NULL. Don't print anything and always set it */
241
242static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
243{
244 return 1;
245}
246
247static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
248{
249 return ASN1_NULL_new();
250}
251
252static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
253 {
254 int i;
255 OCSP_SERVICELOC *a = in;
256 ACCESS_DESCRIPTION *ad;
257
258 if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
259 if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
260 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
261 {
262 ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
263 if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0)
264 goto err;
265 if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
266 if(BIO_puts(bp, " - ") <= 0) goto err;
267 if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
268 }
269 return 1;
270err:
271 return 0;
272 }
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
new file mode 100644
index 0000000000..c13e7d8f45
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_pku.c
@@ -0,0 +1,151 @@
1/* v3_pku.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/asn1_mac.h>
63#include <openssl/x509v3.h>
64
65static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
66/*
67static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
68*/
69X509V3_EXT_METHOD v3_pkey_usage_period = {
70NID_private_key_usage_period, 0,
71(X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new,
72(X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free,
73(X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD,
74(X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD,
75NULL, NULL, NULL, NULL,
76(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
77NULL
78};
79
80int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp)
81{
82 M_ASN1_I2D_vars(a);
83
84 M_ASN1_I2D_len_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME);
85 M_ASN1_I2D_len_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME);
86
87 M_ASN1_I2D_seq_total();
88
89 M_ASN1_I2D_put_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME, 0);
90 M_ASN1_I2D_put_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME, 1);
91
92 M_ASN1_I2D_finish();
93}
94
95PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void)
96{
97 PKEY_USAGE_PERIOD *ret=NULL;
98 ASN1_CTX c;
99 M_ASN1_New_Malloc(ret, PKEY_USAGE_PERIOD);
100 ret->notBefore = NULL;
101 ret->notAfter = NULL;
102 return (ret);
103 M_ASN1_New_Error(ASN1_F_PKEY_USAGE_PERIOD_NEW);
104}
105
106PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a,
107 unsigned char **pp, long length)
108{
109 M_ASN1_D2I_vars(a,PKEY_USAGE_PERIOD *,PKEY_USAGE_PERIOD_new);
110 M_ASN1_D2I_Init();
111 M_ASN1_D2I_start_sequence();
112 M_ASN1_D2I_get_IMP_opt (ret->notBefore, d2i_ASN1_GENERALIZEDTIME, 0,
113 V_ASN1_GENERALIZEDTIME);
114 M_ASN1_D2I_get_IMP_opt (ret->notAfter, d2i_ASN1_GENERALIZEDTIME, 1,
115 V_ASN1_GENERALIZEDTIME);
116 M_ASN1_D2I_Finish(a, PKEY_USAGE_PERIOD_free, ASN1_F_D2I_PKEY_USAGE_PERIOD);
117}
118
119void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a)
120{
121 if (a == NULL) return;
122 ASN1_GENERALIZEDTIME_free(a->notBefore);
123 ASN1_GENERALIZEDTIME_free(a->notAfter);
124 Free ((char *)a);
125}
126
127static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
128 PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
129{
130 BIO_printf(out, "%*s", indent, "");
131 if(usage->notBefore) {
132 BIO_write(out, "Not Before: ", 12);
133 ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
134 if(usage->notAfter) BIO_write(out, ", ", 2);
135 }
136 if(usage->notAfter) {
137 BIO_write(out, "Not After: ", 11);
138 ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
139 }
140 return 1;
141}
142
143/*
144static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
145X509V3_EXT_METHOD *method;
146X509V3_CTX *ctx;
147STACK_OF(CONF_VALUE) *values;
148{
149return NULL;
150}
151*/
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
new file mode 100644
index 0000000000..dc20c6bdba
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -0,0 +1,135 @@
1/* v3_prn.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/x509v3.h>
64
65/* Extension printing routines */
66
67/* Print out a name+value stack */
68
69void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
70{
71 int i;
72 CONF_VALUE *nval;
73 if(!val) return;
74 if(!ml || !sk_CONF_VALUE_num(val)) {
75 BIO_printf(out, "%*s", indent, "");
76 if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
77 }
78 for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
79 if(ml) BIO_printf(out, "%*s", indent, "");
80 else if(i > 0) BIO_printf(out, ", ");
81 nval = sk_CONF_VALUE_value(val, i);
82 if(!nval->name) BIO_puts(out, nval->value);
83 else if(!nval->value) BIO_puts(out, nval->name);
84 else BIO_printf(out, "%s:%s", nval->name, nval->value);
85 if(ml) BIO_puts(out, "\n");
86 }
87}
88
89/* Main routine: print out a general extension */
90
91int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
92{
93 char *ext_str = NULL, *value = NULL;
94 unsigned char *p;
95 X509V3_EXT_METHOD *method;
96 STACK_OF(CONF_VALUE) *nval = NULL;
97 int ok = 1;
98 if(!(method = X509V3_EXT_get(ext))) return 0;
99 p = ext->value->data;
100 if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
101 if(method->i2s) {
102 if(!(value = method->i2s(method, ext_str))) {
103 ok = 0;
104 goto err;
105 }
106 BIO_printf(out, "%*s%s", indent, "", value);
107 } else if(method->i2v) {
108 if(!(nval = method->i2v(method, ext_str, NULL))) {
109 ok = 0;
110 goto err;
111 }
112 X509V3_EXT_val_prn(out, nval, indent,
113 method->ext_flags & X509V3_EXT_MULTILINE);
114 } else if(method->i2r) {
115 if(!method->i2r(method, ext_str, out, indent)) ok = 0;
116 } else ok = 0;
117
118 err:
119 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
120 if(value) Free(value);
121 method->ext_free(ext_str);
122 return ok;
123}
124
125#ifndef NO_FP_API
126int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
127{
128 BIO *bio_tmp;
129 int ret;
130 if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
131 ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
132 BIO_free(bio_tmp);
133 return ret;
134}
135#endif
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
new file mode 100644
index 0000000000..b7494ebcd5
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -0,0 +1,456 @@
1/* v3_purp.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63
64static void x509v3_cache_extensions(X509 *x);
65
66static int ca_check(X509 *x);
67static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca);
68static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca);
69static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca);
70static int purpose_smime(X509 *x, int ca);
71static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca);
72static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca);
73static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca);
74
75static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b);
76static void xptable_free(X509_PURPOSE *p);
77
78static X509_PURPOSE xstandard[] = {
79 {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
80 {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
81 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
82 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
83 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
84 {X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
85};
86
87#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
88
89IMPLEMENT_STACK_OF(X509_PURPOSE)
90
91static STACK_OF(X509_PURPOSE) *xptable = NULL;
92
93static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b)
94{
95 return (*a)->purpose - (*b)->purpose;
96}
97
98int X509_check_purpose(X509 *x, int id, int ca)
99{
100 int idx;
101 X509_PURPOSE *pt;
102 if(!(x->ex_flags & EXFLAG_SET)) {
103 CRYPTO_w_lock(CRYPTO_LOCK_X509);
104 x509v3_cache_extensions(x);
105 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
106 }
107 if(id == -1) return 1;
108 idx = X509_PURPOSE_get_by_id(id);
109 if(idx == -1) return -1;
110 pt = X509_PURPOSE_get0(idx);
111 return pt->check_purpose(pt, x, ca);
112}
113
114int X509_PURPOSE_get_count(void)
115{
116 if(!xptable) return X509_PURPOSE_COUNT;
117 return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
118}
119
120X509_PURPOSE * X509_PURPOSE_get0(int idx)
121{
122 if(idx < 0) return NULL;
123 if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
124 return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
125}
126
127int X509_PURPOSE_get_by_sname(char *sname)
128{
129 int i;
130 X509_PURPOSE *xptmp;
131 for(i = 0; i < X509_PURPOSE_get_count(); i++) {
132 xptmp = X509_PURPOSE_get0(i);
133 if(!strcmp(xptmp->sname, sname)) return i;
134 }
135 return -1;
136}
137
138
139int X509_PURPOSE_get_by_id(int purpose)
140{
141 X509_PURPOSE tmp;
142 int idx;
143 if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
144 return purpose - X509_PURPOSE_MIN;
145 tmp.purpose = purpose;
146 if(!xptable) return -1;
147 idx = sk_X509_PURPOSE_find(xptable, &tmp);
148 if(idx == -1) return -1;
149 return idx + X509_PURPOSE_COUNT;
150}
151
152int X509_PURPOSE_add(int id, int trust, int flags,
153 int (*ck)(X509_PURPOSE *, X509 *, int),
154 char *name, char *sname, void *arg)
155{
156 int idx;
157 X509_PURPOSE *ptmp;
158 /* This is set according to what we change: application can't set it */
159 flags &= ~X509_PURPOSE_DYNAMIC;
160 /* This will always be set for application modified trust entries */
161 flags |= X509_PURPOSE_DYNAMIC_NAME;
162 /* Get existing entry if any */
163 idx = X509_PURPOSE_get_by_id(id);
164 /* Need a new entry */
165 if(idx == -1) {
166 if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) {
167 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
168 return 0;
169 }
170 ptmp->flags = X509_PURPOSE_DYNAMIC;
171 } else ptmp = X509_PURPOSE_get0(idx);
172
173 /* Free existing name if dynamic */
174 if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
175 Free(ptmp->name);
176 Free(ptmp->sname);
177 }
178 /* dup supplied name */
179 ptmp->name = BUF_strdup(name);
180 ptmp->sname = BUF_strdup(sname);
181 if(!ptmp->name || !ptmp->sname) {
182 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
183 return 0;
184 }
185 /* Keep the dynamic flag of existing entry */
186 ptmp->flags &= X509_PURPOSE_DYNAMIC;
187 /* Set all other flags */
188 ptmp->flags |= flags;
189
190 ptmp->purpose = id;
191 ptmp->trust = trust;
192 ptmp->check_purpose = ck;
193 ptmp->usr_data = arg;
194
195 /* If its a new entry manage the dynamic table */
196 if(idx == -1) {
197 if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
198 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
199 return 0;
200 }
201 if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
202 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
203 return 0;
204 }
205 }
206 return 1;
207}
208
209static void xptable_free(X509_PURPOSE *p)
210 {
211 if(!p) return;
212 if (p->flags & X509_PURPOSE_DYNAMIC)
213 {
214 if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
215 Free(p->name);
216 Free(p->sname);
217 }
218 Free(p);
219 }
220 }
221
222void X509_PURPOSE_cleanup(void)
223{
224 int i;
225 sk_X509_PURPOSE_pop_free(xptable, xptable_free);
226 for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
227 xptable = NULL;
228}
229
230int X509_PURPOSE_get_id(X509_PURPOSE *xp)
231{
232 return xp->purpose;
233}
234
235char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
236{
237 return xp->name;
238}
239
240char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
241{
242 return xp->sname;
243}
244
245int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
246{
247 return xp->trust;
248}
249
250#ifndef NO_SHA
251static void x509v3_cache_extensions(X509 *x)
252{
253 BASIC_CONSTRAINTS *bs;
254 ASN1_BIT_STRING *usage;
255 ASN1_BIT_STRING *ns;
256 STACK_OF(ASN1_OBJECT) *extusage;
257 int i;
258 if(x->ex_flags & EXFLAG_SET) return;
259 X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
260 /* Does subject name match issuer ? */
261 if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
262 x->ex_flags |= EXFLAG_SS;
263 /* V1 should mean no extensions ... */
264 if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
265 /* Handle basic constraints */
266 if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
267 if(bs->ca) x->ex_flags |= EXFLAG_CA;
268 if(bs->pathlen) {
269 if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
270 || !bs->ca) {
271 x->ex_flags |= EXFLAG_INVALID;
272 x->ex_pathlen = 0;
273 } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
274 } else x->ex_pathlen = -1;
275 BASIC_CONSTRAINTS_free(bs);
276 x->ex_flags |= EXFLAG_BCONS;
277 }
278 /* Handle key usage */
279 if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
280 if(usage->length > 0) {
281 x->ex_kusage = usage->data[0];
282 if(usage->length > 1)
283 x->ex_kusage |= usage->data[1] << 8;
284 } else x->ex_kusage = 0;
285 x->ex_flags |= EXFLAG_KUSAGE;
286 ASN1_BIT_STRING_free(usage);
287 }
288 x->ex_xkusage = 0;
289 if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
290 x->ex_flags |= EXFLAG_XKUSAGE;
291 for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
292 switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
293 case NID_server_auth:
294 x->ex_xkusage |= XKU_SSL_SERVER;
295 break;
296
297 case NID_client_auth:
298 x->ex_xkusage |= XKU_SSL_CLIENT;
299 break;
300
301 case NID_email_protect:
302 x->ex_xkusage |= XKU_SMIME;
303 break;
304
305 case NID_code_sign:
306 x->ex_xkusage |= XKU_CODE_SIGN;
307 break;
308
309 case NID_ms_sgc:
310 case NID_ns_sgc:
311 x->ex_xkusage |= XKU_SGC;
312 }
313 }
314 sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
315 }
316
317 if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
318 if(ns->length > 0) x->ex_nscert = ns->data[0];
319 else x->ex_nscert = 0;
320 x->ex_flags |= EXFLAG_NSCERT;
321 ASN1_BIT_STRING_free(ns);
322 }
323 x->ex_flags |= EXFLAG_SET;
324}
325#endif
326
327/* CA checks common to all purposes
328 * return codes:
329 * 0 not a CA
330 * 1 is a CA
331 * 2 basicConstraints absent so "maybe" a CA
332 * 3 basicConstraints absent but self signed V1.
333 */
334
335#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
336#define ku_reject(x, usage) \
337 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
338#define xku_reject(x, usage) \
339 (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
340#define ns_reject(x, usage) \
341 (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
342
343static int ca_check(X509 *x)
344{
345 /* keyUsage if present should allow cert signing */
346 if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
347 if(x->ex_flags & EXFLAG_BCONS) {
348 if(x->ex_flags & EXFLAG_CA) return 1;
349 /* If basicConstraints says not a CA then say so */
350 else return 0;
351 } else {
352 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
353 else return 2;
354 }
355}
356
357
358static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca)
359{
360 if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
361 if(ca) {
362 int ca_ret;
363 ca_ret = ca_check(x);
364 if(!ca_ret) return 0;
365 /* check nsCertType if present */
366 if(x->ex_flags & EXFLAG_NSCERT) {
367 if(x->ex_nscert & NS_SSL_CA) return ca_ret;
368 return 0;
369 }
370 if(ca_ret != 2) return ca_ret;
371 else return 0;
372 }
373 /* We need to do digital signatures with it */
374 if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
375 /* nsCertType if present should allow SSL client use */
376 if(ns_reject(x, NS_SSL_CLIENT)) return 0;
377 return 1;
378}
379
380static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
381{
382 if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
383 /* Otherwise same as SSL client for a CA */
384 if(ca) return check_purpose_ssl_client(xp, x, 1);
385
386 if(ns_reject(x, NS_SSL_SERVER)) return 0;
387 /* Now as for keyUsage: we'll at least need to sign OR encipher */
388 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
389
390 return 1;
391
392}
393
394static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
395{
396 int ret;
397 ret = check_purpose_ssl_server(xp, x, ca);
398 if(!ret || ca) return ret;
399 /* We need to encipher or Netscape complains */
400 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
401 return ret;
402}
403
404/* common S/MIME checks */
405static int purpose_smime(X509 *x, int ca)
406{
407 if(xku_reject(x,XKU_SMIME)) return 0;
408 if(ca) {
409 int ca_ret;
410 ca_ret = ca_check(x);
411 if(!ca_ret) return 0;
412 /* check nsCertType if present */
413 if(x->ex_flags & EXFLAG_NSCERT) {
414 if(x->ex_nscert & NS_SMIME_CA) return ca_ret;
415 return 0;
416 }
417 if(ca_ret != 2) return ca_ret;
418 else return 0;
419 }
420 if(x->ex_flags & EXFLAG_NSCERT) {
421 if(x->ex_nscert & NS_SMIME) return 1;
422 /* Workaround for some buggy certificates */
423 if(x->ex_nscert & NS_SSL_CLIENT) return 2;
424 return 0;
425 }
426 return 1;
427}
428
429static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca)
430{
431 int ret;
432 ret = purpose_smime(x, ca);
433 if(!ret || ca) return ret;
434 if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0;
435 return ret;
436}
437
438static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca)
439{
440 int ret;
441 ret = purpose_smime(x, ca);
442 if(!ret || ca) return ret;
443 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
444 return ret;
445}
446
447static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca)
448{
449 if(ca) {
450 int ca_ret;
451 if((ca_ret = ca_check(x)) != 2) return ca_ret;
452 else return 0;
453 }
454 if(ku_reject(x, KU_CRL_SIGN)) return 0;
455 return 1;
456}
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
new file mode 100644
index 0000000000..fb3e36014d
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_skey.c
@@ -0,0 +1,156 @@
1/* v3_skey.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/x509v3.h>
63
64static ASN1_OCTET_STRING *octet_string_new(void);
65static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
66X509V3_EXT_METHOD v3_skey_id = {
67NID_subject_key_identifier, 0,
68(X509V3_EXT_NEW)octet_string_new,
69(X509V3_EXT_FREE)ASN1_STRING_free,
70(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
71(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
72(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
73(X509V3_EXT_S2I)s2i_skey_id,
74NULL, NULL, NULL, NULL, NULL};
75
76
77static ASN1_OCTET_STRING *octet_string_new(void)
78{
79 return ASN1_OCTET_STRING_new();
80}
81
82char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
83 ASN1_OCTET_STRING *oct)
84{
85 return hex_to_string(oct->data, oct->length);
86}
87
88ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
89 X509V3_CTX *ctx, char *str)
90{
91 ASN1_OCTET_STRING *oct;
92 long length;
93
94 if(!(oct = ASN1_OCTET_STRING_new())) {
95 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
96 return NULL;
97 }
98
99 if(!(oct->data = string_to_hex(str, &length))) {
100 ASN1_OCTET_STRING_free(oct);
101 return NULL;
102 }
103
104 oct->length = length;
105
106 return oct;
107
108}
109
110static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
111 X509V3_CTX *ctx, char *str)
112{
113 ASN1_OCTET_STRING *oct;
114 ASN1_BIT_STRING *pk;
115 unsigned char pkey_dig[EVP_MAX_MD_SIZE];
116 EVP_MD_CTX md;
117 unsigned int diglen;
118
119 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
120
121 if(!(oct = ASN1_OCTET_STRING_new())) {
122 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
123 return NULL;
124 }
125
126 if(ctx && (ctx->flags == CTX_TEST)) return oct;
127
128 if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
129 X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
130 goto err;
131 }
132
133 if(ctx->subject_req)
134 pk = ctx->subject_req->req_info->pubkey->public_key;
135 else pk = ctx->subject_cert->cert_info->key->public_key;
136
137 if(!pk) {
138 X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
139 goto err;
140 }
141
142 EVP_DigestInit(&md, EVP_sha1());
143 EVP_DigestUpdate(&md, pk->data, pk->length);
144 EVP_DigestFinal(&md, pkey_dig, &diglen);
145
146 if(!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
147 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
148 goto err;
149 }
150
151 return oct;
152
153 err:
154 ASN1_OCTET_STRING_free(oct);
155 return NULL;
156}
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
new file mode 100644
index 0000000000..0687bb4e3d
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_sxnet.c
@@ -0,0 +1,340 @@
1/* v3_sxnet.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66/* Support for Thawte strong extranet extension */
67
68#define SXNET_TEST
69
70static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
71#ifdef SXNET_TEST
72static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *nval);
74#endif
75X509V3_EXT_METHOD v3_sxnet = {
76NID_sxnet, X509V3_EXT_MULTILINE,
77(X509V3_EXT_NEW)SXNET_new,
78(X509V3_EXT_FREE)SXNET_free,
79(X509V3_EXT_D2I)d2i_SXNET,
80(X509V3_EXT_I2D)i2d_SXNET,
81NULL, NULL,
82NULL,
83#ifdef SXNET_TEST
84(X509V3_EXT_V2I)sxnet_v2i,
85#else
86NULL,
87#endif
88(X509V3_EXT_I2R)sxnet_i2r,
89NULL,
90NULL
91};
92
93
94int i2d_SXNET(SXNET *a, unsigned char **pp)
95{
96 M_ASN1_I2D_vars(a);
97
98 M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
99 M_ASN1_I2D_len_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
100
101 M_ASN1_I2D_seq_total();
102
103 M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
104 M_ASN1_I2D_put_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
105
106 M_ASN1_I2D_finish();
107}
108
109SXNET *SXNET_new(void)
110{
111 SXNET *ret=NULL;
112 ASN1_CTX c;
113 M_ASN1_New_Malloc(ret, SXNET);
114 M_ASN1_New(ret->version,ASN1_INTEGER_new);
115 M_ASN1_New(ret->ids,sk_SXNETID_new_null);
116 return (ret);
117 M_ASN1_New_Error(ASN1_F_SXNET_NEW);
118}
119
120SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length)
121{
122 M_ASN1_D2I_vars(a,SXNET *,SXNET_new);
123 M_ASN1_D2I_Init();
124 M_ASN1_D2I_start_sequence();
125 M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
126 M_ASN1_D2I_get_seq_type (SXNETID, ret->ids, d2i_SXNETID, SXNETID_free);
127 M_ASN1_D2I_Finish(a, SXNET_free, ASN1_F_D2I_SXNET);
128}
129
130void SXNET_free(SXNET *a)
131{
132 if (a == NULL) return;
133 ASN1_INTEGER_free(a->version);
134 sk_SXNETID_pop_free(a->ids, SXNETID_free);
135 Free (a);
136}
137
138int i2d_SXNETID(SXNETID *a, unsigned char **pp)
139{
140 M_ASN1_I2D_vars(a);
141
142 M_ASN1_I2D_len (a->zone, i2d_ASN1_INTEGER);
143 M_ASN1_I2D_len (a->user, i2d_ASN1_OCTET_STRING);
144
145 M_ASN1_I2D_seq_total();
146
147 M_ASN1_I2D_put (a->zone, i2d_ASN1_INTEGER);
148 M_ASN1_I2D_put (a->user, i2d_ASN1_OCTET_STRING);
149
150 M_ASN1_I2D_finish();
151}
152
153SXNETID *SXNETID_new(void)
154{
155 SXNETID *ret=NULL;
156 ASN1_CTX c;
157 M_ASN1_New_Malloc(ret, SXNETID);
158 ret->zone = NULL;
159 M_ASN1_New(ret->user,ASN1_OCTET_STRING_new);
160 return (ret);
161 M_ASN1_New_Error(ASN1_F_SXNETID_NEW);
162}
163
164SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length)
165{
166 M_ASN1_D2I_vars(a,SXNETID *,SXNETID_new);
167 M_ASN1_D2I_Init();
168 M_ASN1_D2I_start_sequence();
169 M_ASN1_D2I_get(ret->zone, d2i_ASN1_INTEGER);
170 M_ASN1_D2I_get(ret->user, d2i_ASN1_OCTET_STRING);
171 M_ASN1_D2I_Finish(a, SXNETID_free, ASN1_F_D2I_SXNETID);
172}
173
174void SXNETID_free(SXNETID *a)
175{
176 if (a == NULL) return;
177 ASN1_INTEGER_free(a->zone);
178 ASN1_OCTET_STRING_free(a->user);
179 Free (a);
180}
181
182static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
183 int indent)
184{
185 long v;
186 char *tmp;
187 SXNETID *id;
188 int i;
189 v = ASN1_INTEGER_get(sx->version);
190 BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v);
191 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
192 id = sk_SXNETID_value(sx->ids, i);
193 tmp = i2s_ASN1_INTEGER(NULL, id->zone);
194 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
195 Free(tmp);
196 ASN1_OCTET_STRING_print(out, id->user);
197 }
198 return 1;
199}
200
201#ifdef SXNET_TEST
202
203/* NBB: this is used for testing only. It should *not* be used for anything
204 * else because it will just take static IDs from the configuration file and
205 * they should really be separate values for each user.
206 */
207
208
209static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
210 STACK_OF(CONF_VALUE) *nval)
211{
212 CONF_VALUE *cnf;
213 SXNET *sx = NULL;
214 int i;
215 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
216 cnf = sk_CONF_VALUE_value(nval, i);
217 if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
218 return NULL;
219 }
220 return sx;
221}
222
223
224#endif
225
226/* Strong Extranet utility functions */
227
228/* Add an id given the zone as an ASCII number */
229
230int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
231 int userlen)
232{
233 ASN1_INTEGER *izone = NULL;
234 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
235 X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
236 return 0;
237 }
238 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
239}
240
241/* Add an id given the zone as an unsigned long */
242
243int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
244 int userlen)
245{
246 ASN1_INTEGER *izone = NULL;
247 if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
248 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
249 ASN1_INTEGER_free(izone);
250 return 0;
251 }
252 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
253
254}
255
256/* Add an id given the zone as an ASN1_INTEGER.
257 * Note this version uses the passed integer and doesn't make a copy so don't
258 * free it up afterwards.
259 */
260
261int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
262 int userlen)
263{
264 SXNET *sx = NULL;
265 SXNETID *id = NULL;
266 if(!psx || !zone || !user) {
267 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
268 return 0;
269 }
270 if(userlen == -1) userlen = strlen(user);
271 if(userlen > 64) {
272 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
273 return 0;
274 }
275 if(!*psx) {
276 if(!(sx = SXNET_new())) goto err;
277 if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
278 *psx = sx;
279 } else sx = *psx;
280 if(SXNET_get_id_INTEGER(sx, zone)) {
281 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
282 return 0;
283 }
284
285 if(!(id = SXNETID_new())) goto err;
286 if(userlen == -1) userlen = strlen(user);
287
288 if(!ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
289 if(!sk_SXNETID_push(sx->ids, id)) goto err;
290 id->zone = zone;
291 return 1;
292
293 err:
294 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
295 SXNETID_free(id);
296 SXNET_free(sx);
297 *psx = NULL;
298 return 0;
299}
300
301ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
302{
303 ASN1_INTEGER *izone = NULL;
304 ASN1_OCTET_STRING *oct;
305 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
306 X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
307 return NULL;
308 }
309 oct = SXNET_get_id_INTEGER(sx, izone);
310 ASN1_INTEGER_free(izone);
311 return oct;
312}
313
314ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
315{
316 ASN1_INTEGER *izone = NULL;
317 ASN1_OCTET_STRING *oct;
318 if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
319 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
320 ASN1_INTEGER_free(izone);
321 return NULL;
322 }
323 oct = SXNET_get_id_INTEGER(sx, izone);
324 ASN1_INTEGER_free(izone);
325 return oct;
326}
327
328ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
329{
330 SXNETID *id;
331 int i;
332 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
333 id = sk_SXNETID_value(sx->ids, i);
334 if(!ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
335 }
336 return NULL;
337}
338
339IMPLEMENT_STACK_OF(SXNETID)
340IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
new file mode 100644
index 0000000000..40f71c71b4
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -0,0 +1,418 @@
1/* v3_utl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60
61#include <stdio.h>
62#include <ctype.h>
63#include "cryptlib.h"
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static char *strip_spaces(char *name);
68
69/* Add a CONF_VALUE name value pair to stack */
70
71int X509V3_add_value(const char *name, const char *value,
72 STACK_OF(CONF_VALUE) **extlist)
73{
74 CONF_VALUE *vtmp = NULL;
75 char *tname = NULL, *tvalue = NULL;
76 if(name && !(tname = BUF_strdup(name))) goto err;
77 if(value && !(tvalue = BUF_strdup(value))) goto err;;
78 if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err;
79 if(!*extlist && !(*extlist = sk_CONF_VALUE_new(NULL))) goto err;
80 vtmp->section = NULL;
81 vtmp->name = tname;
82 vtmp->value = tvalue;
83 if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
84 return 1;
85 err:
86 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
87 if(vtmp) Free(vtmp);
88 if(tname) Free(tname);
89 if(tvalue) Free(tvalue);
90 return 0;
91}
92
93int X509V3_add_value_uchar(const char *name, const unsigned char *value,
94 STACK_OF(CONF_VALUE) **extlist)
95 {
96 return X509V3_add_value(name,(const char *)value,extlist);
97 }
98
99/* Free function for STACK_OF(CONF_VALUE) */
100
101void X509V3_conf_free(CONF_VALUE *conf)
102{
103 if(!conf) return;
104 if(conf->name) Free(conf->name);
105 if(conf->value) Free(conf->value);
106 if(conf->section) Free(conf->section);
107 Free((char *)conf);
108}
109
110int X509V3_add_value_bool(const char *name, int asn1_bool,
111 STACK_OF(CONF_VALUE) **extlist)
112{
113 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
114 return X509V3_add_value(name, "FALSE", extlist);
115}
116
117int X509V3_add_value_bool_nf(char *name, int asn1_bool,
118 STACK_OF(CONF_VALUE) **extlist)
119{
120 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
121 return 1;
122}
123
124
125char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
126{
127 BIGNUM *bntmp = NULL;
128 char *strtmp = NULL;
129 if(!a) return NULL;
130 if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
131 !(strtmp = BN_bn2dec(bntmp)) )
132 X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
133 BN_free(bntmp);
134 return strtmp;
135}
136
137char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
138{
139 BIGNUM *bntmp = NULL;
140 char *strtmp = NULL;
141 if(!a) return NULL;
142 if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
143 !(strtmp = BN_bn2dec(bntmp)) )
144 X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
145 BN_free(bntmp);
146 return strtmp;
147}
148
149ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
150{
151 BIGNUM *bn = NULL;
152 ASN1_INTEGER *aint;
153 bn = BN_new();
154 if(!value) {
155 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
156 return 0;
157 }
158 if(!BN_dec2bn(&bn, value)) {
159 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
160 return 0;
161 }
162
163 if(!(aint = BN_to_ASN1_INTEGER(bn, NULL))) {
164 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
165 return 0;
166 }
167 BN_free(bn);
168 return aint;
169}
170
171int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
172 STACK_OF(CONF_VALUE) **extlist)
173{
174 char *strtmp;
175 int ret;
176 if(!aint) return 1;
177 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
178 ret = X509V3_add_value(name, strtmp, extlist);
179 Free(strtmp);
180 return ret;
181}
182
183int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
184{
185 char *btmp;
186 if(!(btmp = value->value)) goto err;
187 if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
188 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
189 || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
190 *asn1_bool = 0xff;
191 return 1;
192 } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
193 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
194 || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
195 *asn1_bool = 0;
196 return 1;
197 }
198 err:
199 X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
200 X509V3_conf_err(value);
201 return 0;
202}
203
204int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
205{
206 ASN1_INTEGER *itmp;
207 if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
208 X509V3_conf_err(value);
209 return 0;
210 }
211 *aint = itmp;
212 return 1;
213}
214
215#define HDR_NAME 1
216#define HDR_VALUE 2
217
218/*#define DEBUG*/
219
220STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
221{
222 char *p, *q, c;
223 char *ntmp, *vtmp;
224 STACK_OF(CONF_VALUE) *values = NULL;
225 char *linebuf;
226 int state;
227 /* We are going to modify the line so copy it first */
228 linebuf = BUF_strdup(line);
229 state = HDR_NAME;
230 ntmp = NULL;
231 /* Go through all characters */
232 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
233
234 switch(state) {
235 case HDR_NAME:
236 if(c == ':') {
237 state = HDR_VALUE;
238 *p = 0;
239 ntmp = strip_spaces(q);
240 if(!ntmp) {
241 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
242 goto err;
243 }
244 q = p + 1;
245 } else if(c == ',') {
246 *p = 0;
247 ntmp = strip_spaces(q);
248 q = p + 1;
249#ifdef DEBUG
250 printf("%s\n", ntmp);
251#endif
252 if(!ntmp) {
253 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
254 goto err;
255 }
256 X509V3_add_value(ntmp, NULL, &values);
257 }
258 break ;
259
260 case HDR_VALUE:
261 if(c == ',') {
262 state = HDR_NAME;
263 *p = 0;
264 vtmp = strip_spaces(q);
265#ifdef DEBUG
266 printf("%s\n", ntmp);
267#endif
268 if(!vtmp) {
269 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
270 goto err;
271 }
272 X509V3_add_value(ntmp, vtmp, &values);
273 ntmp = NULL;
274 q = p + 1;
275 }
276
277 }
278 }
279
280 if(state == HDR_VALUE) {
281 vtmp = strip_spaces(q);
282#ifdef DEBUG
283 printf("%s=%s\n", ntmp, vtmp);
284#endif
285 if(!vtmp) {
286 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
287 goto err;
288 }
289 X509V3_add_value(ntmp, vtmp, &values);
290 } else {
291 ntmp = strip_spaces(q);
292#ifdef DEBUG
293 printf("%s\n", ntmp);
294#endif
295 if(!ntmp) {
296 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
297 goto err;
298 }
299 X509V3_add_value(ntmp, NULL, &values);
300 }
301Free(linebuf);
302return values;
303
304err:
305Free(linebuf);
306sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
307return NULL;
308
309}
310
311/* Delete leading and trailing spaces from a string */
312static char *strip_spaces(char *name)
313{
314 char *p, *q;
315 /* Skip over leading spaces */
316 p = name;
317 while(*p && isspace((unsigned char)*p)) p++;
318 if(!*p) return NULL;
319 q = p + strlen(p) - 1;
320 while((q != p) && isspace((unsigned char)*q)) q--;
321 if(p != q) q[1] = 0;
322 if(!*p) return NULL;
323 return p;
324}
325
326/* hex string utilities */
327
328/* Given a buffer of length 'len' return a Malloc'ed string with its
329 * hex representation
330 */
331
332char *hex_to_string(unsigned char *buffer, long len)
333{
334 char *tmp, *q;
335 unsigned char *p;
336 int i;
337 static char hexdig[] = "0123456789ABCDEF";
338 if(!buffer || !len) return NULL;
339 if(!(tmp = Malloc(len * 3 + 1))) {
340 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
341 return NULL;
342 }
343 q = tmp;
344 for(i = 0, p = buffer; i < len; i++,p++) {
345 *q++ = hexdig[(*p >> 4) & 0xf];
346 *q++ = hexdig[*p & 0xf];
347 *q++ = ':';
348 }
349 q[-1] = 0;
350 return tmp;
351}
352
353/* Give a string of hex digits convert to
354 * a buffer
355 */
356
357unsigned char *string_to_hex(char *str, long *len)
358{
359 unsigned char *hexbuf, *q;
360 unsigned char ch, cl, *p;
361 if(!str) {
362 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
363 return NULL;
364 }
365 if(!(hexbuf = Malloc(strlen(str) >> 1))) goto err;
366 for(p = (unsigned char *)str, q = hexbuf; *p;) {
367 ch = *p++;
368 if(ch == ':') continue;
369 cl = *p++;
370 if(!cl) {
371 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
372 Free(hexbuf);
373 return NULL;
374 }
375 if(isupper(ch)) ch = tolower(ch);
376 if(isupper(cl)) cl = tolower(cl);
377
378 if((ch >= '0') && (ch <= '9')) ch -= '0';
379 else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
380 else goto badhex;
381
382 if((cl >= '0') && (cl <= '9')) cl -= '0';
383 else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
384 else goto badhex;
385
386 *q++ = (ch << 4) | cl;
387 }
388
389 if(len) *len = q - hexbuf;
390
391 return hexbuf;
392
393 err:
394 if(hexbuf) Free(hexbuf);
395 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
396 return NULL;
397
398 badhex:
399 Free(hexbuf);
400 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
401 return NULL;
402
403}
404
405/* V2I name comparison function: returns zero if 'name' matches
406 * cmp or cmp.*
407 */
408
409int name_cmp(const char *name, const char *cmp)
410{
411 int len, ret;
412 char c;
413 len = strlen(cmp);
414 if((ret = strncmp(name, cmp, len))) return ret;
415 c = name[len];
416 if(!c || (c=='.')) return 0;
417 return 1;
418}
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
new file mode 100644
index 0000000000..50efa8d99d
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3err.c
@@ -0,0 +1,171 @@
1/* crypto/x509v3/v3err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file.
58 */
59
60#include <stdio.h>
61#include <openssl/err.h>
62#include <openssl/x509v3.h>
63
64/* BEGIN ERROR CODES */
65#ifndef NO_ERR
66static ERR_STRING_DATA X509V3_str_functs[]=
67 {
68{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"},
69{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"},
70{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"},
71{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"},
72{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
73{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
74{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
75{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"},
76{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"},
77{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"},
78{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"},
79{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"},
80{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"},
81{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
82{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"},
83{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0), "S2I_S2I_SKEY_ID"},
84{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0), "string_to_hex"},
85{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0), "SXNET_ADD_ASC"},
86{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0), "SXNET_add_id_INTEGER"},
87{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"},
88{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"},
89{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"},
90{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"},
91{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"},
92{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
93{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"},
94{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"},
95{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"},
96{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"},
97{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"},
98{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"},
99{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
100{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
101{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"},
102{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"},
103{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
104{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
105{0,NULL}
106 };
107
108static ERR_STRING_DATA X509V3_str_reasons[]=
109 {
110{X509V3_R_BAD_IP_ADDRESS ,"bad ip address"},
111{X509V3_R_BAD_OBJECT ,"bad object"},
112{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"},
113{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"},
114{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"},
115{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"},
116{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"},
117{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"},
118{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"},
119{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"},
120{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
121{X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"},
122{X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"},
123{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"},
124{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"},
125{X509V3_R_INVALID_NAME ,"invalid name"},
126{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
127{X509V3_R_INVALID_NULL_NAME ,"invalid null name"},
128{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"},
129{X509V3_R_INVALID_NUMBER ,"invalid number"},
130{X509V3_R_INVALID_NUMBERS ,"invalid numbers"},
131{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"},
132{X509V3_R_INVALID_OPTION ,"invalid option"},
133{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"},
134{X509V3_R_INVALID_SECTION ,"invalid section"},
135{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"},
136{X509V3_R_MISSING_VALUE ,"missing value"},
137{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"},
138{X509V3_R_NO_CONFIG_DATABASE ,"no config database"},
139{X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"},
140{X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"},
141{X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"},
142{X509V3_R_NO_PUBLIC_KEY ,"no public key"},
143{X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"},
144{X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"},
145{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"},
146{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"},
147{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"},
148{X509V3_R_UNKNOWN_EXTENSION ,"unknown extension"},
149{X509V3_R_UNKNOWN_EXTENSION_NAME ,"unknown extension name"},
150{X509V3_R_UNKNOWN_OPTION ,"unknown option"},
151{X509V3_R_UNSUPPORTED_OPTION ,"unsupported option"},
152{X509V3_R_USER_TOO_LONG ,"user too long"},
153{0,NULL}
154 };
155
156#endif
157
158void ERR_load_X509V3_strings(void)
159 {
160 static int init=1;
161
162 if (init)
163 {
164 init=0;
165#ifndef NO_ERR
166 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
167 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
168#endif
169
170 }
171 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 06:28:42 +0000