summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-05-26 12:37:32 +0000
committerjsing <>2014-05-26 12:37:32 +0000
commit0a3c64a44b2d2d7ba5da3fafde6657ae6f2a6435 (patch)
treeab5672653bce63a239165b17c0951468b96ecbc1 /src
parent043e50e025a8f1c5baa37e18d206b24c27356069 (diff)
downloadopenbsd-0a3c64a44b2d2d7ba5da3fafde6657ae6f2a6435.tar.gz
openbsd-0a3c64a44b2d2d7ba5da3fafde6657ae6f2a6435.tar.bz2
openbsd-0a3c64a44b2d2d7ba5da3fafde6657ae6f2a6435.zip
KNF.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/x509v3/v3_skey.c75
-rw-r--r--src/lib/libcrypto/x509v3/v3_sxnet.c150
-rw-r--r--src/lib/libcrypto/x509v3/v3_utl.c614
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_skey.c75
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_sxnet.c150
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_utl.c614
6 files changed, 958 insertions, 720 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
index 0a984fbaa8..22da698080 100644
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ b/src/lib/libcrypto/x509v3/v3_skey.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -61,33 +61,35 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
63 63
64static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); 64static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
65const X509V3_EXT_METHOD v3_skey_id = { 65 X509V3_CTX *ctx, char *str);
66NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), 66const X509V3_EXT_METHOD v3_skey_id = {
670,0,0,0, 67 NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
68(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, 68 0, 0, 0, 0,
69(X509V3_EXT_S2I)s2i_skey_id, 69 (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
700,0,0,0, 70 (X509V3_EXT_S2I)s2i_skey_id,
71NULL}; 71 0, 0, 0, 0,
72 72 NULL
73char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 73};
74 ASN1_OCTET_STRING *oct) 74
75char *
76i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct)
75{ 77{
76 return hex_to_string(oct->data, oct->length); 78 return hex_to_string(oct->data, oct->length);
77} 79}
78 80
79ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 81ASN1_OCTET_STRING *
80 X509V3_CTX *ctx, char *str) 82s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
81{ 83{
82 ASN1_OCTET_STRING *oct; 84 ASN1_OCTET_STRING *oct;
83 long length; 85 long length;
84 86
85 if(!(oct = M_ASN1_OCTET_STRING_new())) { 87 if (!(oct = M_ASN1_OCTET_STRING_new())) {
86 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); 88 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
87 return NULL; 89 return NULL;
88 } 90 }
89 91
90 if(!(oct->data = string_to_hex(str, &length))) { 92 if (!(oct->data = string_to_hex(str, &length))) {
91 M_ASN1_OCTET_STRING_free(oct); 93 M_ASN1_OCTET_STRING_free(oct);
92 return NULL; 94 return NULL;
93 } 95 }
@@ -95,51 +97,54 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
95 oct->length = length; 97 oct->length = length;
96 98
97 return oct; 99 return oct;
98
99} 100}
100 101
101static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, 102static ASN1_OCTET_STRING *
102 X509V3_CTX *ctx, char *str) 103s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
103{ 104{
104 ASN1_OCTET_STRING *oct; 105 ASN1_OCTET_STRING *oct;
105 ASN1_BIT_STRING *pk; 106 ASN1_BIT_STRING *pk;
106 unsigned char pkey_dig[EVP_MAX_MD_SIZE]; 107 unsigned char pkey_dig[EVP_MAX_MD_SIZE];
107 unsigned int diglen; 108 unsigned int diglen;
108 109
109 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); 110 if (strcmp(str, "hash"))
111 return s2i_ASN1_OCTET_STRING(method, ctx, str);
110 112
111 if(!(oct = M_ASN1_OCTET_STRING_new())) { 113 if (!(oct = M_ASN1_OCTET_STRING_new())) {
112 X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); 114 X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
113 return NULL; 115 return NULL;
114 } 116 }
115 117
116 if(ctx && (ctx->flags == CTX_TEST)) return oct; 118 if (ctx && (ctx->flags == CTX_TEST))
119 return oct;
117 120
118 if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { 121 if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
119 X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); 122 X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
120 goto err; 123 goto err;
121 } 124 }
122 125
123 if(ctx->subject_req) 126 if (ctx->subject_req)
124 pk = ctx->subject_req->req_info->pubkey->public_key; 127 pk = ctx->subject_req->req_info->pubkey->public_key;
125 else pk = ctx->subject_cert->cert_info->key->public_key; 128 else
129 pk = ctx->subject_cert->cert_info->key->public_key;
126 130
127 if(!pk) { 131 if (!pk) {
128 X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); 132 X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
129 goto err; 133 goto err;
130 } 134 }
131 135
132 if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) 136 if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen,
137 EVP_sha1(), NULL))
133 goto err; 138 goto err;
134 139
135 if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { 140 if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
136 X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); 141 X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
137 goto err; 142 goto err;
138 } 143 }
139 144
140 return oct; 145 return oct;
141 146
142 err: 147err:
143 M_ASN1_OCTET_STRING_free(oct); 148 M_ASN1_OCTET_STRING_free(oct);
144 return NULL; 149 return NULL;
145} 150}
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
index a2b0322e44..81ba50ca03 100644
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ b/src/lib/libcrypto/x509v3/v3_sxnet.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -67,24 +67,25 @@
67 67
68#define SXNET_TEST 68#define SXNET_TEST
69 69
70static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent); 70static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
71 int indent);
71#ifdef SXNET_TEST 72#ifdef SXNET_TEST
72static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 73static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *nval); 74 STACK_OF(CONF_VALUE) *nval);
74#endif 75#endif
75const X509V3_EXT_METHOD v3_sxnet = { 76const X509V3_EXT_METHOD v3_sxnet = {
76NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), 77 NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
770,0,0,0, 78 0, 0, 0, 0,
780,0, 79 0, 0,
790, 80 0,
80#ifdef SXNET_TEST 81#ifdef SXNET_TEST
81(X509V3_EXT_V2I)sxnet_v2i, 82 (X509V3_EXT_V2I)sxnet_v2i,
82#else 83#else
830, 84 0,
84#endif 85#endif
85(X509V3_EXT_I2R)sxnet_i2r, 86 (X509V3_EXT_I2R)sxnet_i2r,
860, 87 0,
87NULL 88 NULL
88}; 89};
89 90
90ASN1_SEQUENCE(SXNETID) = { 91ASN1_SEQUENCE(SXNETID) = {
@@ -101,16 +102,17 @@ ASN1_SEQUENCE(SXNET) = {
101 102
102IMPLEMENT_ASN1_FUNCTIONS(SXNET) 103IMPLEMENT_ASN1_FUNCTIONS(SXNET)
103 104
104static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, 105static int
105 int indent) 106sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent)
106{ 107{
107 long v; 108 long v;
108 char *tmp; 109 char *tmp;
109 SXNETID *id; 110 SXNETID *id;
110 int i; 111 int i;
112
111 v = ASN1_INTEGER_get(sx->version); 113 v = ASN1_INTEGER_get(sx->version);
112 BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); 114 BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
113 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { 115 for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
114 id = sk_SXNETID_value(sx->ids, i); 116 id = sk_SXNETID_value(sx->ids, i);
115 tmp = i2s_ASN1_INTEGER(NULL, id->zone); 117 tmp = i2s_ASN1_INTEGER(NULL, id->zone);
116 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); 118 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
@@ -127,34 +129,36 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
127 * they should really be separate values for each user. 129 * they should really be separate values for each user.
128 */ 130 */
129 131
130 132static SXNET *
131static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 133sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
132 STACK_OF(CONF_VALUE) *nval) 134 STACK_OF(CONF_VALUE) *nval)
133{ 135{
134 CONF_VALUE *cnf; 136 CONF_VALUE *cnf;
135 SXNET *sx = NULL; 137 SXNET *sx = NULL;
136 int i; 138 int i;
137 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 139
140 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
138 cnf = sk_CONF_VALUE_value(nval, i); 141 cnf = sk_CONF_VALUE_value(nval, i);
139 if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) 142 if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
140 return NULL; 143 return NULL;
141 } 144 }
142 return sx; 145 return sx;
143} 146}
144 147
145
146#endif 148#endif
147 149
148/* Strong Extranet utility functions */ 150/* Strong Extranet utility functions */
149 151
150/* Add an id given the zone as an ASCII number */ 152/* Add an id given the zone as an ASCII number */
151 153
152int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, 154int
153 int userlen) 155SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
154{ 156{
155 ASN1_INTEGER *izone = NULL; 157 ASN1_INTEGER *izone = NULL;
156 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { 158
157 X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); 159 if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
160 X509V3err(X509V3_F_SXNET_ADD_ID_ASC,
161 X509V3_R_ERROR_CONVERTING_ZONE);
158 return 0; 162 return 0;
159 } 163 }
160 return SXNET_add_id_INTEGER(psx, izone, user, userlen); 164 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
@@ -162,17 +166,18 @@ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
162 166
163/* Add an id given the zone as an unsigned long */ 167/* Add an id given the zone as an unsigned long */
164 168
165int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, 169int
166 int userlen) 170SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen)
167{ 171{
168 ASN1_INTEGER *izone = NULL; 172 ASN1_INTEGER *izone = NULL;
169 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { 173
170 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); 174 if (!(izone = M_ASN1_INTEGER_new()) ||
175 !ASN1_INTEGER_set(izone, lzone)) {
176 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
171 M_ASN1_INTEGER_free(izone); 177 M_ASN1_INTEGER_free(izone);
172 return 0; 178 return 0;
173 } 179 }
174 return SXNET_add_id_INTEGER(psx, izone, user, userlen); 180 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
175
176} 181}
177 182
178/* Add an id given the zone as an ASN1_INTEGER. 183/* Add an id given the zone as an ASN1_INTEGER.
@@ -180,52 +185,67 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
180 * free it up afterwards. 185 * free it up afterwards.
181 */ 186 */
182 187
183int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, 188int
184 int userlen) 189SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen)
185{ 190{
186 SXNET *sx = NULL; 191 SXNET *sx = NULL;
187 SXNETID *id = NULL; 192 SXNETID *id = NULL;
188 if(!psx || !zone || !user) { 193
189 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT); 194 if (!psx || !zone || !user) {
195 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
196 X509V3_R_INVALID_NULL_ARGUMENT);
190 return 0; 197 return 0;
191 } 198 }
192 if(userlen == -1) userlen = strlen(user); 199 if (userlen == -1)
193 if(userlen > 64) { 200 userlen = strlen(user);
194 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG); 201 if (userlen > 64) {
202 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
203 X509V3_R_USER_TOO_LONG);
195 return 0; 204 return 0;
196 } 205 }
197 if(!*psx) { 206 if (!*psx) {
198 if(!(sx = SXNET_new())) goto err; 207 if (!(sx = SXNET_new()))
199 if(!ASN1_INTEGER_set(sx->version, 0)) goto err; 208 goto err;
209 if (!ASN1_INTEGER_set(sx->version, 0))
210 goto err;
200 *psx = sx; 211 *psx = sx;
201 } else sx = *psx; 212 } else
202 if(SXNET_get_id_INTEGER(sx, zone)) { 213 sx = *psx;
203 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID); 214 if (SXNET_get_id_INTEGER(sx, zone)) {
215 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
216 X509V3_R_DUPLICATE_ZONE_ID);
204 return 0; 217 return 0;
205 } 218 }
206 219
207 if(!(id = SXNETID_new())) goto err; 220 if (!(id = SXNETID_new()))
208 if(userlen == -1) userlen = strlen(user); 221 goto err;
209 222 if (userlen == -1)
210 if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; 223 userlen = strlen(user);
211 if(!sk_SXNETID_push(sx->ids, id)) goto err; 224
225 if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen))
226 goto err;
227 if (!sk_SXNETID_push(sx->ids, id))
228 goto err;
212 id->zone = zone; 229 id->zone = zone;
213 return 1; 230 return 1;
214 231
215 err: 232err:
216 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE); 233 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
217 SXNETID_free(id); 234 SXNETID_free(id);
218 SXNET_free(sx); 235 SXNET_free(sx);
219 *psx = NULL; 236 *psx = NULL;
220 return 0; 237 return 0;
221} 238}
222 239
223ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) 240ASN1_OCTET_STRING *
241SXNET_get_id_asc(SXNET *sx, char *zone)
224{ 242{
225 ASN1_INTEGER *izone = NULL; 243 ASN1_INTEGER *izone = NULL;
226 ASN1_OCTET_STRING *oct; 244 ASN1_OCTET_STRING *oct;
227 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { 245
228 X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); 246 if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
247 X509V3err(X509V3_F_SXNET_GET_ID_ASC,
248 X509V3_R_ERROR_CONVERTING_ZONE);
229 return NULL; 249 return NULL;
230 } 250 }
231 oct = SXNET_get_id_INTEGER(sx, izone); 251 oct = SXNET_get_id_INTEGER(sx, izone);
@@ -233,12 +253,15 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
233 return oct; 253 return oct;
234} 254}
235 255
236ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) 256ASN1_OCTET_STRING *
257SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
237{ 258{
238 ASN1_INTEGER *izone = NULL; 259 ASN1_INTEGER *izone = NULL;
239 ASN1_OCTET_STRING *oct; 260 ASN1_OCTET_STRING *oct;
240 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { 261
241 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); 262 if (!(izone = M_ASN1_INTEGER_new()) ||
263 !ASN1_INTEGER_set(izone, lzone)) {
264 X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
242 M_ASN1_INTEGER_free(izone); 265 M_ASN1_INTEGER_free(izone);
243 return NULL; 266 return NULL;
244 } 267 }
@@ -247,13 +270,16 @@ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
247 return oct; 270 return oct;
248} 271}
249 272
250ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) 273ASN1_OCTET_STRING *
274SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
251{ 275{
252 SXNETID *id; 276 SXNETID *id;
253 int i; 277 int i;
254 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { 278
279 for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
255 id = sk_SXNETID_value(sx->ids, i); 280 id = sk_SXNETID_value(sx->ids, i);
256 if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; 281 if (!M_ASN1_INTEGER_cmp(id->zone, zone))
282 return id->user;
257 } 283 }
258 return NULL; 284 return NULL;
259} 285}
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
index 5b064f8eb2..0b389807dd 100644
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -67,7 +67,8 @@
67 67
68static char *strip_spaces(char *name); 68static char *strip_spaces(char *name);
69static int sk_strcmp(const char * const *a, const char * const *b); 69static int sk_strcmp(const char * const *a, const char * const *b);
70static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens); 70static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
71 GENERAL_NAMES *gens);
71static void str_free(OPENSSL_STRING str); 72static void str_free(OPENSSL_STRING str);
72static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); 73static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email);
73 74
@@ -78,163 +79,211 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen);
78 79
79/* Add a CONF_VALUE name value pair to stack */ 80/* Add a CONF_VALUE name value pair to stack */
80 81
81int X509V3_add_value(const char *name, const char *value, 82int
82 STACK_OF(CONF_VALUE) **extlist) 83X509V3_add_value(const char *name, const char *value,
84 STACK_OF(CONF_VALUE) **extlist)
83{ 85{
84 CONF_VALUE *vtmp = NULL; 86 CONF_VALUE *vtmp = NULL;
85 char *tname = NULL, *tvalue = NULL; 87 char *tname = NULL, *tvalue = NULL;
86 if(name && !(tname = BUF_strdup(name))) goto err; 88
87 if(value && !(tvalue = BUF_strdup(value))) goto err; 89 if (name && !(tname = BUF_strdup(name)))
88 if(!(vtmp = malloc(sizeof(CONF_VALUE)))) goto err; 90 goto err;
89 if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; 91 if (value && !(tvalue = BUF_strdup(value)))
92 goto err;
93 if (!(vtmp = malloc(sizeof(CONF_VALUE))))
94 goto err;
95 if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null()))
96 goto err;
90 vtmp->section = NULL; 97 vtmp->section = NULL;
91 vtmp->name = tname; 98 vtmp->name = tname;
92 vtmp->value = tvalue; 99 vtmp->value = tvalue;
93 if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err; 100 if (!sk_CONF_VALUE_push(*extlist, vtmp))
101 goto err;
94 return 1; 102 return 1;
95 err: 103
96 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); 104err:
97 if(vtmp) free(vtmp); 105 X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
98 if(tname) free(tname); 106 if (vtmp)
99 if(tvalue) free(tvalue); 107 free(vtmp);
108 if (tname)
109 free(tname);
110 if (tvalue)
111 free(tvalue);
100 return 0; 112 return 0;
101} 113}
102 114
103int X509V3_add_value_uchar(const char *name, const unsigned char *value, 115int
104 STACK_OF(CONF_VALUE) **extlist) 116X509V3_add_value_uchar(const char *name, const unsigned char *value,
105 { 117 STACK_OF(CONF_VALUE) **extlist)
106 return X509V3_add_value(name,(const char *)value,extlist); 118{
107 } 119 return X509V3_add_value(name, (const char *)value, extlist);
120}
108 121
109/* Free function for STACK_OF(CONF_VALUE) */ 122/* Free function for STACK_OF(CONF_VALUE) */
110 123
111void X509V3_conf_free(CONF_VALUE *conf) 124void
125X509V3_conf_free(CONF_VALUE *conf)
112{ 126{
113 if(!conf) return; 127 if (!conf)
114 if(conf->name) free(conf->name); 128 return;
115 if(conf->value) free(conf->value); 129 if (conf->name)
116 if(conf->section) free(conf->section); 130 free(conf->name);
131 if (conf->value)
132 free(conf->value);
133 if (conf->section)
134 free(conf->section);
117 free(conf); 135 free(conf);
118} 136}
119 137
120int X509V3_add_value_bool(const char *name, int asn1_bool, 138int
121 STACK_OF(CONF_VALUE) **extlist) 139X509V3_add_value_bool(const char *name, int asn1_bool,
140 STACK_OF(CONF_VALUE) **extlist)
122{ 141{
123 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); 142 if (asn1_bool)
143 return X509V3_add_value(name, "TRUE", extlist);
124 return X509V3_add_value(name, "FALSE", extlist); 144 return X509V3_add_value(name, "FALSE", extlist);
125} 145}
126 146
127int X509V3_add_value_bool_nf(char *name, int asn1_bool, 147int
128 STACK_OF(CONF_VALUE) **extlist) 148X509V3_add_value_bool_nf(char *name, int asn1_bool,
149 STACK_OF(CONF_VALUE) **extlist)
129{ 150{
130 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); 151 if (asn1_bool)
152 return X509V3_add_value(name, "TRUE", extlist);
131 return 1; 153 return 1;
132} 154}
133 155
134 156
135char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) 157char *
158i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
136{ 159{
137 BIGNUM *bntmp = NULL; 160 BIGNUM *bntmp = NULL;
138 char *strtmp = NULL; 161 char *strtmp = NULL;
139 if(!a) return NULL; 162
140 if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || 163 if (!a)
141 !(strtmp = BN_bn2dec(bntmp)) ) 164 return NULL;
142 X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); 165 if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
166 !(strtmp = BN_bn2dec(bntmp)))
167 X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
143 BN_free(bntmp); 168 BN_free(bntmp);
144 return strtmp; 169 return strtmp;
145} 170}
146 171
147char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) 172char *
173i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
148{ 174{
149 BIGNUM *bntmp = NULL; 175 BIGNUM *bntmp = NULL;
150 char *strtmp = NULL; 176 char *strtmp = NULL;
151 if(!a) return NULL; 177
152 if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || 178 if (!a)
153 !(strtmp = BN_bn2dec(bntmp)) ) 179 return NULL;
154 X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); 180 if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
181 !(strtmp = BN_bn2dec(bntmp)))
182 X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
155 BN_free(bntmp); 183 BN_free(bntmp);
156 return strtmp; 184 return strtmp;
157} 185}
158 186
159ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) 187ASN1_INTEGER *
188s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
160{ 189{
161 BIGNUM *bn = NULL; 190 BIGNUM *bn = NULL;
162 ASN1_INTEGER *aint; 191 ASN1_INTEGER *aint;
163 int isneg, ishex; 192 int isneg, ishex;
164 int ret; 193 int ret;
194
165 if (!value) { 195 if (!value) {
166 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); 196 X509V3err(X509V3_F_S2I_ASN1_INTEGER,
197 X509V3_R_INVALID_NULL_VALUE);
167 return 0; 198 return 0;
168 } 199 }
169 bn = BN_new(); 200 bn = BN_new();
170 if (value[0] == '-') { 201 if (value[0] == '-') {
171 value++; 202 value++;
172 isneg = 1; 203 isneg = 1;
173 } else isneg = 0; 204 } else
205 isneg = 0;
174 206
175 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { 207 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
176 value += 2; 208 value += 2;
177 ishex = 1; 209 ishex = 1;
178 } else ishex = 0; 210 } else
211 ishex = 0;
179 212
180 if (ishex) ret = BN_hex2bn(&bn, value); 213 if (ishex)
181 else ret = BN_dec2bn(&bn, value); 214 ret = BN_hex2bn(&bn, value);
215 else
216 ret = BN_dec2bn(&bn, value);
182 217
183 if (!ret || value[ret]) { 218 if (!ret || value[ret]) {
184 BN_free(bn); 219 BN_free(bn);
185 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); 220 X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
186 return 0; 221 return 0;
187 } 222 }
188 223
189 if (isneg && BN_is_zero(bn)) isneg = 0; 224 if (isneg && BN_is_zero(bn))
225 isneg = 0;
190 226
191 aint = BN_to_ASN1_INTEGER(bn, NULL); 227 aint = BN_to_ASN1_INTEGER(bn, NULL);
192 BN_free(bn); 228 BN_free(bn);
193 if (!aint) { 229 if (!aint) {
194 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); 230 X509V3err(X509V3_F_S2I_ASN1_INTEGER,
231 X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
195 return 0; 232 return 0;
196 } 233 }
197 if (isneg) aint->type |= V_ASN1_NEG; 234 if (isneg)
235 aint->type |= V_ASN1_NEG;
198 return aint; 236 return aint;
199} 237}
200 238
201int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, 239int
202 STACK_OF(CONF_VALUE) **extlist) 240X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
241 STACK_OF(CONF_VALUE) **extlist)
203{ 242{
204 char *strtmp; 243 char *strtmp;
205 int ret; 244 int ret;
206 if(!aint) return 1; 245
207 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; 246 if (!aint)
247 return 1;
248 if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint)))
249 return 0;
208 ret = X509V3_add_value(name, strtmp, extlist); 250 ret = X509V3_add_value(name, strtmp, extlist);
209 free(strtmp); 251 free(strtmp);
210 return ret; 252 return ret;
211} 253}
212 254
213int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) 255int
256X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
214{ 257{
215 char *btmp; 258 char *btmp;
216 if(!(btmp = value->value)) goto err; 259
217 if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") 260 if (!(btmp = value->value))
218 || !strcmp(btmp, "Y") || !strcmp(btmp, "y") 261 goto err;
219 || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { 262 if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") ||
263 !strcmp(btmp, "Y") || !strcmp(btmp, "y") ||
264 !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
220 *asn1_bool = 0xff; 265 *asn1_bool = 0xff;
221 return 1; 266 return 1;
222 } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") 267 } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") ||
223 || !strcmp(btmp, "N") || !strcmp(btmp, "n") 268 !strcmp(btmp, "N") || !strcmp(btmp, "n") ||
224 || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { 269 !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
225 *asn1_bool = 0; 270 *asn1_bool = 0;
226 return 1; 271 return 1;
227 } 272 }
228 err: 273
229 X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING); 274err:
275 X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,
276 X509V3_R_INVALID_BOOLEAN_STRING);
230 X509V3_conf_err(value); 277 X509V3_conf_err(value);
231 return 0; 278 return 0;
232} 279}
233 280
234int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) 281int
282X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
235{ 283{
236 ASN1_INTEGER *itmp; 284 ASN1_INTEGER *itmp;
237 if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { 285
286 if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
238 X509V3_conf_err(value); 287 X509V3_conf_err(value);
239 return 0; 288 return 0;
240 } 289 }
@@ -247,56 +296,63 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
247 296
248/*#define DEBUG*/ 297/*#define DEBUG*/
249 298
250STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) 299STACK_OF(CONF_VALUE) *
300X509V3_parse_list(const char *line)
251{ 301{
252 char *p, *q, c; 302 char *p, *q, c;
253 char *ntmp, *vtmp; 303 char *ntmp, *vtmp;
254 STACK_OF(CONF_VALUE) *values = NULL; 304 STACK_OF(CONF_VALUE) *values = NULL;
255 char *linebuf; 305 char *linebuf;
256 int state; 306 int state;
307
257 /* We are going to modify the line so copy it first */ 308 /* We are going to modify the line so copy it first */
258 linebuf = BUF_strdup(line); 309 linebuf = BUF_strdup(line);
259 state = HDR_NAME; 310 state = HDR_NAME;
260 ntmp = NULL; 311 ntmp = NULL;
312
261 /* Go through all characters */ 313 /* Go through all characters */
262 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { 314 for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') &&
315 (c != '\n'); p++) {
263 316
264 switch(state) { 317 switch (state) {
265 case HDR_NAME: 318 case HDR_NAME:
266 if(c == ':') { 319 if (c == ':') {
267 state = HDR_VALUE; 320 state = HDR_VALUE;
268 *p = 0; 321 *p = 0;
269 ntmp = strip_spaces(q); 322 ntmp = strip_spaces(q);
270 if(!ntmp) { 323 if (!ntmp) {
271 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); 324 X509V3err(X509V3_F_X509V3_PARSE_LIST,
325 X509V3_R_INVALID_NULL_NAME);
272 goto err; 326 goto err;
273 } 327 }
274 q = p + 1; 328 q = p + 1;
275 } else if(c == ',') { 329 } else if (c == ',') {
276 *p = 0; 330 *p = 0;
277 ntmp = strip_spaces(q); 331 ntmp = strip_spaces(q);
278 q = p + 1; 332 q = p + 1;
279#if 0 333#if 0
280 printf("%s\n", ntmp); 334 printf("%s\n", ntmp);
281#endif 335#endif
282 if(!ntmp) { 336 if (!ntmp) {
283 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); 337 X509V3err(X509V3_F_X509V3_PARSE_LIST,
338 X509V3_R_INVALID_NULL_NAME);
284 goto err; 339 goto err;
285 } 340 }
286 X509V3_add_value(ntmp, NULL, &values); 341 X509V3_add_value(ntmp, NULL, &values);
287 } 342 }
288 break ; 343 break;
289 344
290 case HDR_VALUE: 345 case HDR_VALUE:
291 if(c == ',') { 346 if (c == ',') {
292 state = HDR_NAME; 347 state = HDR_NAME;
293 *p = 0; 348 *p = 0;
294 vtmp = strip_spaces(q); 349 vtmp = strip_spaces(q);
295#if 0 350#if 0
296 printf("%s\n", ntmp); 351 printf("%s\n", ntmp);
297#endif 352#endif
298 if(!vtmp) { 353 if (!vtmp) {
299 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); 354 X509V3err(X509V3_F_X509V3_PARSE_LIST,
355 X509V3_R_INVALID_NULL_VALUE);
300 goto err; 356 goto err;
301 } 357 }
302 X509V3_add_value(ntmp, vtmp, &values); 358 X509V3_add_value(ntmp, vtmp, &values);
@@ -307,13 +363,14 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
307 } 363 }
308 } 364 }
309 365
310 if(state == HDR_VALUE) { 366 if (state == HDR_VALUE) {
311 vtmp = strip_spaces(q); 367 vtmp = strip_spaces(q);
312#if 0 368#if 0
313 printf("%s=%s\n", ntmp, vtmp); 369 printf("%s=%s\n", ntmp, vtmp);
314#endif 370#endif
315 if(!vtmp) { 371 if (!vtmp) {
316 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); 372 X509V3err(X509V3_F_X509V3_PARSE_LIST,
373 X509V3_R_INVALID_NULL_VALUE);
317 goto err; 374 goto err;
318 } 375 }
319 X509V3_add_value(ntmp, vtmp, &values); 376 X509V3_add_value(ntmp, vtmp, &values);
@@ -322,34 +379,42 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
322#if 0 379#if 0
323 printf("%s\n", ntmp); 380 printf("%s\n", ntmp);
324#endif 381#endif
325 if(!ntmp) { 382 if (!ntmp) {
326 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); 383 X509V3err(X509V3_F_X509V3_PARSE_LIST,
384 X509V3_R_INVALID_NULL_NAME);
327 goto err; 385 goto err;
328 } 386 }
329 X509V3_add_value(ntmp, NULL, &values); 387 X509V3_add_value(ntmp, NULL, &values);
330 } 388 }
331free(linebuf); 389 free(linebuf);
332return values; 390 return values;
333 391
334err: 392err:
335free(linebuf); 393 free(linebuf);
336sk_CONF_VALUE_pop_free(values, X509V3_conf_free); 394 sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
337return NULL; 395 return NULL;
338 396
339} 397}
340 398
341/* Delete leading and trailing spaces from a string */ 399/* Delete leading and trailing spaces from a string */
342static char *strip_spaces(char *name) 400static char *
401strip_spaces(char *name)
343{ 402{
344 char *p, *q; 403 char *p, *q;
404
345 /* Skip over leading spaces */ 405 /* Skip over leading spaces */
346 p = name; 406 p = name;
347 while(*p && isspace((unsigned char)*p)) p++; 407 while (*p && isspace((unsigned char)*p))
348 if(!*p) return NULL; 408 p++;
409 if (!*p)
410 return NULL;
349 q = p + strlen(p) - 1; 411 q = p + strlen(p) - 1;
350 while((q != p) && isspace((unsigned char)*q)) q--; 412 while ((q != p) && isspace((unsigned char)*q))
351 if(p != q) q[1] = 0; 413 q--;
352 if(!*p) return NULL; 414 if (p != q)
415 q[1] = 0;
416 if (!*p)
417 return NULL;
353 return p; 418 return p;
354} 419}
355 420
@@ -360,19 +425,22 @@ static char *strip_spaces(char *name)
360 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) 425 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
361 */ 426 */
362 427
363char *hex_to_string(const unsigned char *buffer, long len) 428char *
429hex_to_string(const unsigned char *buffer, long len)
364{ 430{
365 char *tmp, *q; 431 char *tmp, *q;
366 const unsigned char *p; 432 const unsigned char *p;
367 int i; 433 int i;
368 static const char hexdig[] = "0123456789ABCDEF"; 434 static const char hexdig[] = "0123456789ABCDEF";
369 if(!buffer || !len) return NULL; 435
370 if(!(tmp = malloc(len * 3 + 1))) { 436 if (!buffer || !len)
371 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); 437 return NULL;
438 if (!(tmp = malloc(len * 3 + 1))) {
439 X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE);
372 return NULL; 440 return NULL;
373 } 441 }
374 q = tmp; 442 q = tmp;
375 for(i = 0, p = buffer; i < len; i++,p++) { 443 for (i = 0, p = buffer; i < len; i++, p++) {
376 *q++ = hexdig[(*p >> 4) & 0xf]; 444 *q++ = hexdig[(*p >> 4) & 0xf];
377 *q++ = hexdig[*p & 0xf]; 445 *q++ = hexdig[*p & 0xf];
378 *q++ = ':'; 446 *q++ = ':';
@@ -385,70 +453,88 @@ char *hex_to_string(const unsigned char *buffer, long len)
385 * a buffer 453 * a buffer
386 */ 454 */
387 455
388unsigned char *string_to_hex(const char *str, long *len) 456unsigned char *
457string_to_hex(const char *str, long *len)
389{ 458{
390 unsigned char *hexbuf, *q; 459 unsigned char *hexbuf, *q;
391 unsigned char ch, cl, *p; 460 unsigned char ch, cl, *p;
392 if(!str) { 461 if (!str) {
393 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); 462 X509V3err(X509V3_F_STRING_TO_HEX,
463 X509V3_R_INVALID_NULL_ARGUMENT);
394 return NULL; 464 return NULL;
395 } 465 }
396 if(!(hexbuf = malloc(strlen(str) >> 1))) goto err; 466 if (!(hexbuf = malloc(strlen(str) >> 1)))
397 for(p = (unsigned char *)str, q = hexbuf; *p;) { 467 goto err;
468 for (p = (unsigned char *)str, q = hexbuf; *p; ) {
398 ch = *p++; 469 ch = *p++;
399 if(ch == ':') continue; 470 if (ch == ':')
471 continue;
400 cl = *p++; 472 cl = *p++;
401 if(!cl) { 473 if (!cl) {
402 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); 474 X509V3err(X509V3_F_STRING_TO_HEX,
475 X509V3_R_ODD_NUMBER_OF_DIGITS);
403 free(hexbuf); 476 free(hexbuf);
404 return NULL; 477 return NULL;
405 } 478 }
406 if(isupper(ch)) ch = tolower(ch); 479 if (isupper(ch))
407 if(isupper(cl)) cl = tolower(cl); 480 ch = tolower(ch);
408 481 if (isupper(cl))
409 if((ch >= '0') && (ch <= '9')) ch -= '0'; 482 cl = tolower(cl);
410 else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10; 483
411 else goto badhex; 484 if ((ch >= '0') && (ch <= '9'))
485 ch -= '0';
486 else if ((ch >= 'a') && (ch <= 'f'))
487 ch -= 'a' - 10;
488 else
489 goto badhex;
412 490
413 if((cl >= '0') && (cl <= '9')) cl -= '0'; 491 if ((cl >= '0') && (cl <= '9'))
414 else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10; 492 cl -= '0';
415 else goto badhex; 493 else if ((cl >= 'a') && (cl <= 'f'))
494 cl -= 'a' - 10;
495 else
496 goto badhex;
416 497
417 *q++ = (ch << 4) | cl; 498 *q++ = (ch << 4) | cl;
418 } 499 }
419 500
420 if(len) *len = q - hexbuf; 501 if (len)
502 *len = q - hexbuf;
421 503
422 return hexbuf; 504 return hexbuf;
423 505
424 err: 506err:
425 free(hexbuf); 507 free(hexbuf);
426 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); 508 X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE);
427 return NULL; 509 return NULL;
428 510
429 badhex: 511badhex:
430 free(hexbuf); 512 free(hexbuf);
431 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); 513 X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT);
432 return NULL; 514 return NULL;
433
434} 515}
435 516
436/* V2I name comparison function: returns zero if 'name' matches 517/* V2I name comparison function: returns zero if 'name' matches
437 * cmp or cmp.* 518 * cmp or cmp.*
438 */ 519 */
439 520
440int name_cmp(const char *name, const char *cmp) 521int
522name_cmp(const char *name, const char *cmp)
441{ 523{
442 int len, ret; 524 int len, ret;
443 char c; 525 char c;
526
444 len = strlen(cmp); 527 len = strlen(cmp);
445 if((ret = strncmp(name, cmp, len))) return ret; 528 if ((ret = strncmp(name, cmp, len)))
529 return ret;
446 c = name[len]; 530 c = name[len];
447 if(!c || (c=='.')) return 0; 531 if (!c || (c=='.'))
532 return 0;
448 return 1; 533 return 1;
449} 534}
450 535
451static int sk_strcmp(const char * const *a, const char * const *b) 536static int
537sk_strcmp(const char * const *a, const char * const *b)
452{ 538{
453 return strcmp(*a, *b); 539 return strcmp(*a, *b);
454} 540}
@@ -473,18 +559,16 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
473 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); 559 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
474 if (!info) 560 if (!info)
475 return NULL; 561 return NULL;
476 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) 562 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
477 {
478 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); 563 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
479 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) 564 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) {
480 { 565 if (ad->location->type == GEN_URI) {
481 if (ad->location->type == GEN_URI) 566 if (!append_ia5(&ret,
482 { 567 ad->location->d.uniformResourceIdentifier))
483 if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
484 break; 568 break;
485 }
486 } 569 }
487 } 570 }
571 }
488 AUTHORITY_INFO_ACCESS_free(info); 572 AUTHORITY_INFO_ACCESS_free(info);
489 return ret; 573 return ret;
490} 574}
@@ -504,48 +588,61 @@ STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
504} 588}
505 589
506 590
507static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens) 591static
592STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
508{ 593{
509 STACK_OF(OPENSSL_STRING) *ret = NULL; 594 STACK_OF(OPENSSL_STRING) *ret = NULL;
510 X509_NAME_ENTRY *ne; 595 X509_NAME_ENTRY *ne;
511 ASN1_IA5STRING *email; 596 ASN1_IA5STRING *email;
512 GENERAL_NAME *gen; 597 GENERAL_NAME *gen;
513 int i; 598 int i;
599
514 /* Now add any email address(es) to STACK */ 600 /* Now add any email address(es) to STACK */
515 i = -1; 601 i = -1;
602
516 /* First supplied X509_NAME */ 603 /* First supplied X509_NAME */
517 while((i = X509_NAME_get_index_by_NID(name, 604 while ((i = X509_NAME_get_index_by_NID(name,
518 NID_pkcs9_emailAddress, i)) >= 0) { 605 NID_pkcs9_emailAddress, i)) >= 0) {
519 ne = X509_NAME_get_entry(name, i); 606 ne = X509_NAME_get_entry(name, i);
520 email = X509_NAME_ENTRY_get_data(ne); 607 email = X509_NAME_ENTRY_get_data(ne);
521 if(!append_ia5(&ret, email)) return NULL; 608 if (!append_ia5(&ret, email))
609 return NULL;
522 } 610 }
523 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) 611 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
524 {
525 gen = sk_GENERAL_NAME_value(gens, i); 612 gen = sk_GENERAL_NAME_value(gens, i);
526 if(gen->type != GEN_EMAIL) continue; 613 if (gen->type != GEN_EMAIL)
527 if(!append_ia5(&ret, gen->d.ia5)) return NULL; 614 continue;
615 if (!append_ia5(&ret, gen->d.ia5))
616 return NULL;
528 } 617 }
529 return ret; 618 return ret;
530} 619}
531 620
532static void str_free(OPENSSL_STRING str) 621static void
622str_free(OPENSSL_STRING str)
533{ 623{
534 free(str); 624 free(str);
535} 625}
536 626
537static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) 627static int
628append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
538{ 629{
539 char *emtmp; 630 char *emtmp;
631
540 /* First some sanity checks */ 632 /* First some sanity checks */
541 if(email->type != V_ASN1_IA5STRING) return 1; 633 if (email->type != V_ASN1_IA5STRING)
542 if(!email->data || !email->length) return 1; 634 return 1;
543 if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp); 635 if (!email->data || !email->length)
544 if(!*sk) return 0; 636 return 1;
637 if (!*sk)
638 *sk = sk_OPENSSL_STRING_new(sk_strcmp);
639 if (!*sk)
640 return 0;
545 /* Don't add duplicates */ 641 /* Don't add duplicates */
546 if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1; 642 if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
643 return 1;
547 emtmp = BUF_strdup((char *)email->data); 644 emtmp = BUF_strdup((char *)email->data);
548 if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { 645 if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
549 X509_email_free(*sk); 646 X509_email_free(*sk);
550 *sk = NULL; 647 *sk = NULL;
551 return 0; 648 return 0;
@@ -553,17 +650,19 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
553 return 1; 650 return 1;
554} 651}
555 652
556void X509_email_free(STACK_OF(OPENSSL_STRING) *sk) 653void
654X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
557{ 655{
558 sk_OPENSSL_STRING_pop_free(sk, str_free); 656 sk_OPENSSL_STRING_pop_free(sk, str_free);
559} 657}
560 658
561/* Convert IP addresses both IPv4 and IPv6 into an 659/* Convert IP addresses both IPv4 and IPv6 into an
562 * OCTET STRING compatible with RFC3280. 660 * OCTET STRING compatible with RFC3280.
563 */ 661 */
564 662
565ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) 663ASN1_OCTET_STRING *
566 { 664a2i_IPADDRESS(const char *ipasc)
665{
567 unsigned char ipout[16]; 666 unsigned char ipout[16];
568 ASN1_OCTET_STRING *ret; 667 ASN1_OCTET_STRING *ret;
569 int iplen; 668 int iplen;
@@ -578,21 +677,22 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
578 ret = ASN1_OCTET_STRING_new(); 677 ret = ASN1_OCTET_STRING_new();
579 if (!ret) 678 if (!ret)
580 return NULL; 679 return NULL;
581 if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) 680 if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
582 {
583 ASN1_OCTET_STRING_free(ret); 681 ASN1_OCTET_STRING_free(ret);
584 return NULL; 682 return NULL;
585 }
586 return ret;
587 } 683 }
684 return ret;
685}
588 686
589ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) 687ASN1_OCTET_STRING *
590 { 688a2i_IPADDRESS_NC(const char *ipasc)
689{
591 ASN1_OCTET_STRING *ret = NULL; 690 ASN1_OCTET_STRING *ret = NULL;
592 unsigned char ipout[32]; 691 unsigned char ipout[32];
593 char *iptmp = NULL, *p; 692 char *iptmp = NULL, *p;
594 int iplen1, iplen2; 693 int iplen1, iplen2;
595 p = strchr(ipasc,'/'); 694
695 p = strchr(ipasc, '/');
596 if (!p) 696 if (!p)
597 return NULL; 697 return NULL;
598 iptmp = BUF_strdup(ipasc); 698 iptmp = BUF_strdup(ipasc);
@@ -622,65 +722,67 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
622 722
623 return ret; 723 return ret;
624 724
625 err: 725err:
626 free(iptmp); 726 free(iptmp);
627 if (ret) 727 if (ret)
628 ASN1_OCTET_STRING_free(ret); 728 ASN1_OCTET_STRING_free(ret);
629 return NULL; 729 return NULL;
630 } 730}
631
632 731
633int a2i_ipadd(unsigned char *ipout, const char *ipasc) 732
634 { 733int
734a2i_ipadd(unsigned char *ipout, const char *ipasc)
735{
635 /* If string contains a ':' assume IPv6 */ 736 /* If string contains a ':' assume IPv6 */
636 737
637 if (strchr(ipasc, ':')) 738 if (strchr(ipasc, ':')) {
638 {
639 if (!ipv6_from_asc(ipout, ipasc)) 739 if (!ipv6_from_asc(ipout, ipasc))
640 return 0; 740 return 0;
641 return 16; 741 return 16;
642 } 742 } else {
643 else
644 {
645 if (!ipv4_from_asc(ipout, ipasc)) 743 if (!ipv4_from_asc(ipout, ipasc))
646 return 0; 744 return 0;
647 return 4; 745 return 4;
648 }
649 } 746 }
747}
650 748
651static int ipv4_from_asc(unsigned char *v4, const char *in) 749static int
652 { 750ipv4_from_asc(unsigned char *v4, const char *in)
751{
653 int a0, a1, a2, a3; 752 int a0, a1, a2, a3;
654 if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) 753 if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
655 return 0; 754 return 0;
656 if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) 755 if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) ||
657 || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) 756 (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
658 return 0; 757 return 0;
659 v4[0] = a0; 758 v4[0] = a0;
660 v4[1] = a1; 759 v4[1] = a1;
661 v4[2] = a2; 760 v4[2] = a2;
662 v4[3] = a3; 761 v4[3] = a3;
663 return 1; 762 return 1;
664 } 763}
665 764
666typedef struct { 765typedef struct {
667 /* Temporary store for IPV6 output */ 766 /* Temporary store for IPV6 output */
668 unsigned char tmp[16]; 767 unsigned char tmp[16];
669 /* Total number of bytes in tmp */ 768 /* Total number of bytes in tmp */
670 int total; 769 int total;
671 /* The position of a zero (corresponding to '::') */ 770 /* The position of a zero (corresponding to '::') */
672 int zero_pos; 771 int zero_pos;
673 /* Number of zeroes */ 772 /* Number of zeroes */
674 int zero_cnt; 773 int zero_cnt;
675 } IPV6_STAT; 774} IPV6_STAT;
676 775
677 776
678static int ipv6_from_asc(unsigned char *v6, const char *in) 777static int
679 { 778ipv6_from_asc(unsigned char *v6, const char *in)
779{
680 IPV6_STAT v6stat; 780 IPV6_STAT v6stat;
781
681 v6stat.total = 0; 782 v6stat.total = 0;
682 v6stat.zero_pos = -1; 783 v6stat.zero_pos = -1;
683 v6stat.zero_cnt = 0; 784 v6stat.zero_cnt = 0;
785
684 /* Treat the IPv6 representation as a list of values 786 /* Treat the IPv6 representation as a list of values
685 * separated by ':'. The presence of a '::' will parse 787 * separated by ':'. The presence of a '::' will parse
686 * as one, two or three zero length elements. 788 * as one, two or three zero length elements.
@@ -690,14 +792,11 @@ static int ipv6_from_asc(unsigned char *v6, const char *in)
690 792
691 /* Now for some sanity checks */ 793 /* Now for some sanity checks */
692 794
693 if (v6stat.zero_pos == -1) 795 if (v6stat.zero_pos == -1) {
694 {
695 /* If no '::' must have exactly 16 bytes */ 796 /* If no '::' must have exactly 16 bytes */
696 if (v6stat.total != 16) 797 if (v6stat.total != 16)
697 return 0; 798 return 0;
698 } 799 } else {
699 else
700 {
701 /* If '::' must have less than 16 bytes */ 800 /* If '::' must have less than 16 bytes */
702 if (v6stat.total == 16) 801 if (v6stat.total == 16)
703 return 0; 802 return 0;
@@ -705,31 +804,27 @@ static int ipv6_from_asc(unsigned char *v6, const char *in)
705 if (v6stat.zero_cnt > 3) 804 if (v6stat.zero_cnt > 3)
706 return 0; 805 return 0;
707 /* Can only have three zeroes if nothing else present */ 806 /* Can only have three zeroes if nothing else present */
708 else if (v6stat.zero_cnt == 3) 807 else if (v6stat.zero_cnt == 3) {
709 {
710 if (v6stat.total > 0) 808 if (v6stat.total > 0)
711 return 0; 809 return 0;
712 } 810 }
713 /* Can only have two zeroes if at start or end */ 811 /* Can only have two zeroes if at start or end */
714 else if (v6stat.zero_cnt == 2) 812 else if (v6stat.zero_cnt == 2) {
715 { 813 if ((v6stat.zero_pos != 0) &&
716 if ((v6stat.zero_pos != 0) 814 (v6stat.zero_pos != v6stat.total))
717 && (v6stat.zero_pos != v6stat.total))
718 return 0; 815 return 0;
719 } 816 } else
720 else 817 /* Can only have one zero if *not* start or end */
721 /* Can only have one zero if *not* start or end */ 818 {
722 { 819 if ((v6stat.zero_pos == 0) ||
723 if ((v6stat.zero_pos == 0) 820 (v6stat.zero_pos == v6stat.total))
724 || (v6stat.zero_pos == v6stat.total))
725 return 0; 821 return 0;
726 }
727 } 822 }
823 }
728 824
729 /* Format result */ 825 /* Format result */
730 826
731 if (v6stat.zero_pos >= 0) 827 if (v6stat.zero_pos >= 0) {
732 {
733 /* Copy initial part */ 828 /* Copy initial part */
734 memcpy(v6, v6stat.tmp, v6stat.zero_pos); 829 memcpy(v6, v6stat.tmp, v6stat.zero_pos);
735 /* Zero middle */ 830 /* Zero middle */
@@ -737,23 +832,23 @@ static int ipv6_from_asc(unsigned char *v6, const char *in)
737 /* Copy final part */ 832 /* Copy final part */
738 if (v6stat.total != v6stat.zero_pos) 833 if (v6stat.total != v6stat.zero_pos)
739 memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, 834 memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
740 v6stat.tmp + v6stat.zero_pos, 835 v6stat.tmp + v6stat.zero_pos,
741 v6stat.total - v6stat.zero_pos); 836 v6stat.total - v6stat.zero_pos);
742 } 837 } else
743 else
744 memcpy(v6, v6stat.tmp, 16); 838 memcpy(v6, v6stat.tmp, 16);
745 839
746 return 1; 840 return 1;
747 } 841}
748 842
749static int ipv6_cb(const char *elem, int len, void *usr) 843static int
750 { 844ipv6_cb(const char *elem, int len, void *usr)
845{
751 IPV6_STAT *s = usr; 846 IPV6_STAT *s = usr;
847
752 /* Error if 16 bytes written */ 848 /* Error if 16 bytes written */
753 if (s->total == 16) 849 if (s->total == 16)
754 return 0; 850 return 0;
755 if (len == 0) 851 if (len == 0) {
756 {
757 /* Zero length element, corresponds to '::' */ 852 /* Zero length element, corresponds to '::' */
758 if (s->zero_pos == -1) 853 if (s->zero_pos == -1)
759 s->zero_pos = s->total; 854 s->zero_pos = s->total;
@@ -761,12 +856,9 @@ static int ipv6_cb(const char *elem, int len, void *usr)
761 else if (s->zero_pos != s->total) 856 else if (s->zero_pos != s->total)
762 return 0; 857 return 0;
763 s->zero_cnt++; 858 s->zero_cnt++;
764 } 859 } else {
765 else
766 {
767 /* If more than 4 characters could be final a.b.c.d form */ 860 /* If more than 4 characters could be final a.b.c.d form */
768 if (len > 4) 861 if (len > 4) {
769 {
770 /* Need at least 4 bytes left */ 862 /* Need at least 4 bytes left */
771 if (s->total > 12) 863 if (s->total > 12)
772 return 0; 864 return 0;
@@ -776,29 +868,28 @@ static int ipv6_cb(const char *elem, int len, void *usr)
776 if (!ipv4_from_asc(s->tmp + s->total, elem)) 868 if (!ipv4_from_asc(s->tmp + s->total, elem))
777 return 0; 869 return 0;
778 s->total += 4; 870 s->total += 4;
779 } 871 } else {
780 else
781 {
782 if (!ipv6_hex(s->tmp + s->total, elem, len)) 872 if (!ipv6_hex(s->tmp + s->total, elem, len))
783 return 0; 873 return 0;
784 s->total += 2; 874 s->total += 2;
785 }
786 } 875 }
787 return 1;
788 } 876 }
877 return 1;
878}
789 879
790/* Convert a string of up to 4 hex digits into the corresponding 880/* Convert a string of up to 4 hex digits into the corresponding
791 * IPv6 form. 881 * IPv6 form.
792 */ 882 */
793 883
794static int ipv6_hex(unsigned char *out, const char *in, int inlen) 884static int
795 { 885ipv6_hex(unsigned char *out, const char *in, int inlen)
886{
796 unsigned char c; 887 unsigned char c;
797 unsigned int num = 0; 888 unsigned int num = 0;
889
798 if (inlen > 4) 890 if (inlen > 4)
799 return 0; 891 return 0;
800 while(inlen--) 892 while (inlen--) {
801 {
802 c = *in++; 893 c = *in++;
803 num <<= 4; 894 num <<= 4;
804 if ((c >= '0') && (c <= '9')) 895 if ((c >= '0') && (c <= '9'))
@@ -809,47 +900,44 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen)
809 num |= c - 'a' + 10; 900 num |= c - 'a' + 10;
810 else 901 else
811 return 0; 902 return 0;
812 } 903 }
813 out[0] = num >> 8; 904 out[0] = num >> 8;
814 out[1] = num & 0xff; 905 out[1] = num & 0xff;
815 return 1; 906 return 1;
816 } 907}
817
818 908
819int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, 909int
820 unsigned long chtype) 910X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
821 { 911 unsigned long chtype)
912{
822 CONF_VALUE *v; 913 CONF_VALUE *v;
823 int i, mval; 914 int i, mval;
824 char *p, *type; 915 char *p, *type;
916
825 if (!nm) 917 if (!nm)
826 return 0; 918 return 0;
827 919
828 for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) 920 for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
829 { 921 v = sk_CONF_VALUE_value(dn_sk, i);
830 v=sk_CONF_VALUE_value(dn_sk,i); 922 type = v->name;
831 type=v->name;
832 /* Skip past any leading X. X: X, etc to allow for 923 /* Skip past any leading X. X: X, etc to allow for
833 * multiple instances 924 * multiple instances
834 */ 925 */
835 for(p = type; *p ; p++) 926 for (p = type; *p; p++)
836 if ((*p == ':') || (*p == ',') || (*p == '.')) 927 if ((*p == ':') || (*p == ',') || (*p == '.')) {
837 {
838 p++; 928 p++;
839 if(*p) type = p; 929 if (*p)
930 type = p;
840 break; 931 break;
841 } 932 }
842 if (*type == '+') 933 if (*type == '+') {
843 {
844 mval = -1; 934 mval = -1;
845 type++; 935 type++;
846 } 936 } else
847 else
848 mval = 0; 937 mval = 0;
849 if (!X509_NAME_add_entry_by_txt(nm,type, chtype, 938 if (!X509_NAME_add_entry_by_txt(nm, type, chtype,
850 (unsigned char *) v->value,-1,-1,mval)) 939 (unsigned char *) v->value, -1, -1, mval))
851 return 0; 940 return 0;
852
853 }
854 return 1;
855 } 941 }
942 return 1;
943}
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_skey.c b/src/lib/libssl/src/crypto/x509v3/v3_skey.c
index 0a984fbaa8..22da698080 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_skey.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_skey.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -61,33 +61,35 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
63 63
64static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); 64static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
65const X509V3_EXT_METHOD v3_skey_id = { 65 X509V3_CTX *ctx, char *str);
66NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), 66const X509V3_EXT_METHOD v3_skey_id = {
670,0,0,0, 67 NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
68(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, 68 0, 0, 0, 0,
69(X509V3_EXT_S2I)s2i_skey_id, 69 (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
700,0,0,0, 70 (X509V3_EXT_S2I)s2i_skey_id,
71NULL}; 71 0, 0, 0, 0,
72 72 NULL
73char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 73};
74 ASN1_OCTET_STRING *oct) 74
75char *
76i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct)
75{ 77{
76 return hex_to_string(oct->data, oct->length); 78 return hex_to_string(oct->data, oct->length);
77} 79}
78 80
79ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 81ASN1_OCTET_STRING *
80 X509V3_CTX *ctx, char *str) 82s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
81{ 83{
82 ASN1_OCTET_STRING *oct; 84 ASN1_OCTET_STRING *oct;
83 long length; 85 long length;
84 86
85 if(!(oct = M_ASN1_OCTET_STRING_new())) { 87 if (!(oct = M_ASN1_OCTET_STRING_new())) {
86 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); 88 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
87 return NULL; 89 return NULL;
88 } 90 }
89 91
90 if(!(oct->data = string_to_hex(str, &length))) { 92 if (!(oct->data = string_to_hex(str, &length))) {
91 M_ASN1_OCTET_STRING_free(oct); 93 M_ASN1_OCTET_STRING_free(oct);
92 return NULL; 94 return NULL;
93 } 95 }
@@ -95,51 +97,54 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
95 oct->length = length; 97 oct->length = length;
96 98
97 return oct; 99 return oct;
98
99} 100}
100 101
101static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, 102static ASN1_OCTET_STRING *
102 X509V3_CTX *ctx, char *str) 103s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
103{ 104{
104 ASN1_OCTET_STRING *oct; 105 ASN1_OCTET_STRING *oct;
105 ASN1_BIT_STRING *pk; 106 ASN1_BIT_STRING *pk;
106 unsigned char pkey_dig[EVP_MAX_MD_SIZE]; 107 unsigned char pkey_dig[EVP_MAX_MD_SIZE];
107 unsigned int diglen; 108 unsigned int diglen;
108 109
109 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); 110 if (strcmp(str, "hash"))
111 return s2i_ASN1_OCTET_STRING(method, ctx, str);
110 112
111 if(!(oct = M_ASN1_OCTET_STRING_new())) { 113 if (!(oct = M_ASN1_OCTET_STRING_new())) {
112 X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); 114 X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
113 return NULL; 115 return NULL;
114 } 116 }
115 117
116 if(ctx && (ctx->flags == CTX_TEST)) return oct; 118 if (ctx && (ctx->flags == CTX_TEST))
119 return oct;
117 120
118 if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { 121 if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
119 X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); 122 X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
120 goto err; 123 goto err;
121 } 124 }
122 125
123 if(ctx->subject_req) 126 if (ctx->subject_req)
124 pk = ctx->subject_req->req_info->pubkey->public_key; 127 pk = ctx->subject_req->req_info->pubkey->public_key;
125 else pk = ctx->subject_cert->cert_info->key->public_key; 128 else
129 pk = ctx->subject_cert->cert_info->key->public_key;
126 130
127 if(!pk) { 131 if (!pk) {
128 X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); 132 X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
129 goto err; 133 goto err;
130 } 134 }
131 135
132 if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) 136 if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen,
137 EVP_sha1(), NULL))
133 goto err; 138 goto err;
134 139
135 if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { 140 if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
136 X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); 141 X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
137 goto err; 142 goto err;
138 } 143 }
139 144
140 return oct; 145 return oct;
141 146
142 err: 147err:
143 M_ASN1_OCTET_STRING_free(oct); 148 M_ASN1_OCTET_STRING_free(oct);
144 return NULL; 149 return NULL;
145} 150}
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c b/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c
index a2b0322e44..81ba50ca03 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -67,24 +67,25 @@
67 67
68#define SXNET_TEST 68#define SXNET_TEST
69 69
70static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent); 70static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
71 int indent);
71#ifdef SXNET_TEST 72#ifdef SXNET_TEST
72static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 73static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *nval); 74 STACK_OF(CONF_VALUE) *nval);
74#endif 75#endif
75const X509V3_EXT_METHOD v3_sxnet = { 76const X509V3_EXT_METHOD v3_sxnet = {
76NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), 77 NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
770,0,0,0, 78 0, 0, 0, 0,
780,0, 79 0, 0,
790, 80 0,
80#ifdef SXNET_TEST 81#ifdef SXNET_TEST
81(X509V3_EXT_V2I)sxnet_v2i, 82 (X509V3_EXT_V2I)sxnet_v2i,
82#else 83#else
830, 84 0,
84#endif 85#endif
85(X509V3_EXT_I2R)sxnet_i2r, 86 (X509V3_EXT_I2R)sxnet_i2r,
860, 87 0,
87NULL 88 NULL
88}; 89};
89 90
90ASN1_SEQUENCE(SXNETID) = { 91ASN1_SEQUENCE(SXNETID) = {
@@ -101,16 +102,17 @@ ASN1_SEQUENCE(SXNET) = {
101 102
102IMPLEMENT_ASN1_FUNCTIONS(SXNET) 103IMPLEMENT_ASN1_FUNCTIONS(SXNET)
103 104
104static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, 105static int
105 int indent) 106sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent)
106{ 107{
107 long v; 108 long v;
108 char *tmp; 109 char *tmp;
109 SXNETID *id; 110 SXNETID *id;
110 int i; 111 int i;
112
111 v = ASN1_INTEGER_get(sx->version); 113 v = ASN1_INTEGER_get(sx->version);
112 BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); 114 BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
113 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { 115 for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
114 id = sk_SXNETID_value(sx->ids, i); 116 id = sk_SXNETID_value(sx->ids, i);
115 tmp = i2s_ASN1_INTEGER(NULL, id->zone); 117 tmp = i2s_ASN1_INTEGER(NULL, id->zone);
116 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); 118 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
@@ -127,34 +129,36 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
127 * they should really be separate values for each user. 129 * they should really be separate values for each user.
128 */ 130 */
129 131
130 132static SXNET *
131static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 133sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
132 STACK_OF(CONF_VALUE) *nval) 134 STACK_OF(CONF_VALUE) *nval)
133{ 135{
134 CONF_VALUE *cnf; 136 CONF_VALUE *cnf;
135 SXNET *sx = NULL; 137 SXNET *sx = NULL;
136 int i; 138 int i;
137 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 139
140 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
138 cnf = sk_CONF_VALUE_value(nval, i); 141 cnf = sk_CONF_VALUE_value(nval, i);
139 if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) 142 if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
140 return NULL; 143 return NULL;
141 } 144 }
142 return sx; 145 return sx;
143} 146}
144 147
145
146#endif 148#endif
147 149
148/* Strong Extranet utility functions */ 150/* Strong Extranet utility functions */
149 151
150/* Add an id given the zone as an ASCII number */ 152/* Add an id given the zone as an ASCII number */
151 153
152int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, 154int
153 int userlen) 155SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
154{ 156{
155 ASN1_INTEGER *izone = NULL; 157 ASN1_INTEGER *izone = NULL;
156 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { 158
157 X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); 159 if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
160 X509V3err(X509V3_F_SXNET_ADD_ID_ASC,
161 X509V3_R_ERROR_CONVERTING_ZONE);
158 return 0; 162 return 0;
159 } 163 }
160 return SXNET_add_id_INTEGER(psx, izone, user, userlen); 164 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
@@ -162,17 +166,18 @@ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
162 166
163/* Add an id given the zone as an unsigned long */ 167/* Add an id given the zone as an unsigned long */
164 168
165int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, 169int
166 int userlen) 170SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen)
167{ 171{
168 ASN1_INTEGER *izone = NULL; 172 ASN1_INTEGER *izone = NULL;
169 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { 173
170 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); 174 if (!(izone = M_ASN1_INTEGER_new()) ||
175 !ASN1_INTEGER_set(izone, lzone)) {
176 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
171 M_ASN1_INTEGER_free(izone); 177 M_ASN1_INTEGER_free(izone);
172 return 0; 178 return 0;
173 } 179 }
174 return SXNET_add_id_INTEGER(psx, izone, user, userlen); 180 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
175
176} 181}
177 182
178/* Add an id given the zone as an ASN1_INTEGER. 183/* Add an id given the zone as an ASN1_INTEGER.
@@ -180,52 +185,67 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
180 * free it up afterwards. 185 * free it up afterwards.
181 */ 186 */
182 187
183int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, 188int
184 int userlen) 189SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen)
185{ 190{
186 SXNET *sx = NULL; 191 SXNET *sx = NULL;
187 SXNETID *id = NULL; 192 SXNETID *id = NULL;
188 if(!psx || !zone || !user) { 193
189 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT); 194 if (!psx || !zone || !user) {
195 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
196 X509V3_R_INVALID_NULL_ARGUMENT);
190 return 0; 197 return 0;
191 } 198 }
192 if(userlen == -1) userlen = strlen(user); 199 if (userlen == -1)
193 if(userlen > 64) { 200 userlen = strlen(user);
194 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG); 201 if (userlen > 64) {
202 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
203 X509V3_R_USER_TOO_LONG);
195 return 0; 204 return 0;
196 } 205 }
197 if(!*psx) { 206 if (!*psx) {
198 if(!(sx = SXNET_new())) goto err; 207 if (!(sx = SXNET_new()))
199 if(!ASN1_INTEGER_set(sx->version, 0)) goto err; 208 goto err;
209 if (!ASN1_INTEGER_set(sx->version, 0))
210 goto err;
200 *psx = sx; 211 *psx = sx;
201 } else sx = *psx; 212 } else
202 if(SXNET_get_id_INTEGER(sx, zone)) { 213 sx = *psx;
203 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID); 214 if (SXNET_get_id_INTEGER(sx, zone)) {
215 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
216 X509V3_R_DUPLICATE_ZONE_ID);
204 return 0; 217 return 0;
205 } 218 }
206 219
207 if(!(id = SXNETID_new())) goto err; 220 if (!(id = SXNETID_new()))
208 if(userlen == -1) userlen = strlen(user); 221 goto err;
209 222 if (userlen == -1)
210 if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; 223 userlen = strlen(user);
211 if(!sk_SXNETID_push(sx->ids, id)) goto err; 224
225 if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen))
226 goto err;
227 if (!sk_SXNETID_push(sx->ids, id))
228 goto err;
212 id->zone = zone; 229 id->zone = zone;
213 return 1; 230 return 1;
214 231
215 err: 232err:
216 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE); 233 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
217 SXNETID_free(id); 234 SXNETID_free(id);
218 SXNET_free(sx); 235 SXNET_free(sx);
219 *psx = NULL; 236 *psx = NULL;
220 return 0; 237 return 0;
221} 238}
222 239
223ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) 240ASN1_OCTET_STRING *
241SXNET_get_id_asc(SXNET *sx, char *zone)
224{ 242{
225 ASN1_INTEGER *izone = NULL; 243 ASN1_INTEGER *izone = NULL;
226 ASN1_OCTET_STRING *oct; 244 ASN1_OCTET_STRING *oct;
227 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { 245
228 X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); 246 if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
247 X509V3err(X509V3_F_SXNET_GET_ID_ASC,
248 X509V3_R_ERROR_CONVERTING_ZONE);
229 return NULL; 249 return NULL;
230 } 250 }
231 oct = SXNET_get_id_INTEGER(sx, izone); 251 oct = SXNET_get_id_INTEGER(sx, izone);
@@ -233,12 +253,15 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
233 return oct; 253 return oct;
234} 254}
235 255
236ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) 256ASN1_OCTET_STRING *
257SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
237{ 258{
238 ASN1_INTEGER *izone = NULL; 259 ASN1_INTEGER *izone = NULL;
239 ASN1_OCTET_STRING *oct; 260 ASN1_OCTET_STRING *oct;
240 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { 261
241 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); 262 if (!(izone = M_ASN1_INTEGER_new()) ||
263 !ASN1_INTEGER_set(izone, lzone)) {
264 X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
242 M_ASN1_INTEGER_free(izone); 265 M_ASN1_INTEGER_free(izone);
243 return NULL; 266 return NULL;
244 } 267 }
@@ -247,13 +270,16 @@ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
247 return oct; 270 return oct;
248} 271}
249 272
250ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) 273ASN1_OCTET_STRING *
274SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
251{ 275{
252 SXNETID *id; 276 SXNETID *id;
253 int i; 277 int i;
254 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { 278
279 for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
255 id = sk_SXNETID_value(sx->ids, i); 280 id = sk_SXNETID_value(sx->ids, i);
256 if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; 281 if (!M_ASN1_INTEGER_cmp(id->zone, zone))
282 return id->user;
257 } 283 }
258 return NULL; 284 return NULL;
259} 285}
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_utl.c b/src/lib/libssl/src/crypto/x509v3/v3_utl.c
index 5b064f8eb2..0b389807dd 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_utl.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_utl.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -67,7 +67,8 @@
67 67
68static char *strip_spaces(char *name); 68static char *strip_spaces(char *name);
69static int sk_strcmp(const char * const *a, const char * const *b); 69static int sk_strcmp(const char * const *a, const char * const *b);
70static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens); 70static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
71 GENERAL_NAMES *gens);
71static void str_free(OPENSSL_STRING str); 72static void str_free(OPENSSL_STRING str);
72static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); 73static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email);
73 74
@@ -78,163 +79,211 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen);
78 79
79/* Add a CONF_VALUE name value pair to stack */ 80/* Add a CONF_VALUE name value pair to stack */
80 81
81int X509V3_add_value(const char *name, const char *value, 82int
82 STACK_OF(CONF_VALUE) **extlist) 83X509V3_add_value(const char *name, const char *value,
84 STACK_OF(CONF_VALUE) **extlist)
83{ 85{
84 CONF_VALUE *vtmp = NULL; 86 CONF_VALUE *vtmp = NULL;
85 char *tname = NULL, *tvalue = NULL; 87 char *tname = NULL, *tvalue = NULL;
86 if(name && !(tname = BUF_strdup(name))) goto err; 88
87 if(value && !(tvalue = BUF_strdup(value))) goto err; 89 if (name && !(tname = BUF_strdup(name)))
88 if(!(vtmp = malloc(sizeof(CONF_VALUE)))) goto err; 90 goto err;
89 if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; 91 if (value && !(tvalue = BUF_strdup(value)))
92 goto err;
93 if (!(vtmp = malloc(sizeof(CONF_VALUE))))
94 goto err;
95 if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null()))
96 goto err;
90 vtmp->section = NULL; 97 vtmp->section = NULL;
91 vtmp->name = tname; 98 vtmp->name = tname;
92 vtmp->value = tvalue; 99 vtmp->value = tvalue;
93 if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err; 100 if (!sk_CONF_VALUE_push(*extlist, vtmp))
101 goto err;
94 return 1; 102 return 1;
95 err: 103
96 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); 104err:
97 if(vtmp) free(vtmp); 105 X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
98 if(tname) free(tname); 106 if (vtmp)
99 if(tvalue) free(tvalue); 107 free(vtmp);
108 if (tname)
109 free(tname);
110 if (tvalue)
111 free(tvalue);
100 return 0; 112 return 0;
101} 113}
102 114
103int X509V3_add_value_uchar(const char *name, const unsigned char *value, 115int
104 STACK_OF(CONF_VALUE) **extlist) 116X509V3_add_value_uchar(const char *name, const unsigned char *value,
105 { 117 STACK_OF(CONF_VALUE) **extlist)
106 return X509V3_add_value(name,(const char *)value,extlist); 118{
107 } 119 return X509V3_add_value(name, (const char *)value, extlist);
120}
108 121
109/* Free function for STACK_OF(CONF_VALUE) */ 122/* Free function for STACK_OF(CONF_VALUE) */
110 123
111void X509V3_conf_free(CONF_VALUE *conf) 124void
125X509V3_conf_free(CONF_VALUE *conf)
112{ 126{
113 if(!conf) return; 127 if (!conf)
114 if(conf->name) free(conf->name); 128 return;
115 if(conf->value) free(conf->value); 129 if (conf->name)
116 if(conf->section) free(conf->section); 130 free(conf->name);
131 if (conf->value)
132 free(conf->value);
133 if (conf->section)
134 free(conf->section);
117 free(conf); 135 free(conf);
118} 136}
119 137
120int X509V3_add_value_bool(const char *name, int asn1_bool, 138int
121 STACK_OF(CONF_VALUE) **extlist) 139X509V3_add_value_bool(const char *name, int asn1_bool,
140 STACK_OF(CONF_VALUE) **extlist)
122{ 141{
123 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); 142 if (asn1_bool)
143 return X509V3_add_value(name, "TRUE", extlist);
124 return X509V3_add_value(name, "FALSE", extlist); 144 return X509V3_add_value(name, "FALSE", extlist);
125} 145}
126 146
127int X509V3_add_value_bool_nf(char *name, int asn1_bool, 147int
128 STACK_OF(CONF_VALUE) **extlist) 148X509V3_add_value_bool_nf(char *name, int asn1_bool,
149 STACK_OF(CONF_VALUE) **extlist)
129{ 150{
130 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); 151 if (asn1_bool)
152 return X509V3_add_value(name, "TRUE", extlist);
131 return 1; 153 return 1;
132} 154}
133 155
134 156
135char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) 157char *
158i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
136{ 159{
137 BIGNUM *bntmp = NULL; 160 BIGNUM *bntmp = NULL;
138 char *strtmp = NULL; 161 char *strtmp = NULL;
139 if(!a) return NULL; 162
140 if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || 163 if (!a)
141 !(strtmp = BN_bn2dec(bntmp)) ) 164 return NULL;
142 X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); 165 if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
166 !(strtmp = BN_bn2dec(bntmp)))
167 X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
143 BN_free(bntmp); 168 BN_free(bntmp);
144 return strtmp; 169 return strtmp;
145} 170}
146 171
147char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) 172char *
173i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
148{ 174{
149 BIGNUM *bntmp = NULL; 175 BIGNUM *bntmp = NULL;
150 char *strtmp = NULL; 176 char *strtmp = NULL;
151 if(!a) return NULL; 177
152 if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || 178 if (!a)
153 !(strtmp = BN_bn2dec(bntmp)) ) 179 return NULL;
154 X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); 180 if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
181 !(strtmp = BN_bn2dec(bntmp)))
182 X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
155 BN_free(bntmp); 183 BN_free(bntmp);
156 return strtmp; 184 return strtmp;
157} 185}
158 186
159ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) 187ASN1_INTEGER *
188s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
160{ 189{
161 BIGNUM *bn = NULL; 190 BIGNUM *bn = NULL;
162 ASN1_INTEGER *aint; 191 ASN1_INTEGER *aint;
163 int isneg, ishex; 192 int isneg, ishex;
164 int ret; 193 int ret;
194
165 if (!value) { 195 if (!value) {
166 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); 196 X509V3err(X509V3_F_S2I_ASN1_INTEGER,
197 X509V3_R_INVALID_NULL_VALUE);
167 return 0; 198 return 0;
168 } 199 }
169 bn = BN_new(); 200 bn = BN_new();
170 if (value[0] == '-') { 201 if (value[0] == '-') {
171 value++; 202 value++;
172 isneg = 1; 203 isneg = 1;
173 } else isneg = 0; 204 } else
205 isneg = 0;
174 206
175 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { 207 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
176 value += 2; 208 value += 2;
177 ishex = 1; 209 ishex = 1;
178 } else ishex = 0; 210 } else
211 ishex = 0;
179 212
180 if (ishex) ret = BN_hex2bn(&bn, value); 213 if (ishex)
181 else ret = BN_dec2bn(&bn, value); 214 ret = BN_hex2bn(&bn, value);
215 else
216 ret = BN_dec2bn(&bn, value);
182 217
183 if (!ret || value[ret]) { 218 if (!ret || value[ret]) {
184 BN_free(bn); 219 BN_free(bn);
185 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); 220 X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
186 return 0; 221 return 0;
187 } 222 }
188 223
189 if (isneg && BN_is_zero(bn)) isneg = 0; 224 if (isneg && BN_is_zero(bn))
225 isneg = 0;
190 226
191 aint = BN_to_ASN1_INTEGER(bn, NULL); 227 aint = BN_to_ASN1_INTEGER(bn, NULL);
192 BN_free(bn); 228 BN_free(bn);
193 if (!aint) { 229 if (!aint) {
194 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); 230 X509V3err(X509V3_F_S2I_ASN1_INTEGER,
231 X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
195 return 0; 232 return 0;
196 } 233 }
197 if (isneg) aint->type |= V_ASN1_NEG; 234 if (isneg)
235 aint->type |= V_ASN1_NEG;
198 return aint; 236 return aint;
199} 237}
200 238
201int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, 239int
202 STACK_OF(CONF_VALUE) **extlist) 240X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
241 STACK_OF(CONF_VALUE) **extlist)
203{ 242{
204 char *strtmp; 243 char *strtmp;
205 int ret; 244 int ret;
206 if(!aint) return 1; 245
207 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; 246 if (!aint)
247 return 1;
248 if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint)))
249 return 0;
208 ret = X509V3_add_value(name, strtmp, extlist); 250 ret = X509V3_add_value(name, strtmp, extlist);
209 free(strtmp); 251 free(strtmp);
210 return ret; 252 return ret;
211} 253}
212 254
213int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) 255int
256X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
214{ 257{
215 char *btmp; 258 char *btmp;
216 if(!(btmp = value->value)) goto err; 259
217 if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") 260 if (!(btmp = value->value))
218 || !strcmp(btmp, "Y") || !strcmp(btmp, "y") 261 goto err;
219 || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { 262 if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") ||
263 !strcmp(btmp, "Y") || !strcmp(btmp, "y") ||
264 !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
220 *asn1_bool = 0xff; 265 *asn1_bool = 0xff;
221 return 1; 266 return 1;
222 } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") 267 } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") ||
223 || !strcmp(btmp, "N") || !strcmp(btmp, "n") 268 !strcmp(btmp, "N") || !strcmp(btmp, "n") ||
224 || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { 269 !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
225 *asn1_bool = 0; 270 *asn1_bool = 0;
226 return 1; 271 return 1;
227 } 272 }
228 err: 273
229 X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING); 274err:
275 X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,
276 X509V3_R_INVALID_BOOLEAN_STRING);
230 X509V3_conf_err(value); 277 X509V3_conf_err(value);
231 return 0; 278 return 0;
232} 279}
233 280
234int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) 281int
282X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
235{ 283{
236 ASN1_INTEGER *itmp; 284 ASN1_INTEGER *itmp;
237 if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { 285
286 if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
238 X509V3_conf_err(value); 287 X509V3_conf_err(value);
239 return 0; 288 return 0;
240 } 289 }
@@ -247,56 +296,63 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
247 296
248/*#define DEBUG*/ 297/*#define DEBUG*/
249 298
250STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) 299STACK_OF(CONF_VALUE) *
300X509V3_parse_list(const char *line)
251{ 301{
252 char *p, *q, c; 302 char *p, *q, c;
253 char *ntmp, *vtmp; 303 char *ntmp, *vtmp;
254 STACK_OF(CONF_VALUE) *values = NULL; 304 STACK_OF(CONF_VALUE) *values = NULL;
255 char *linebuf; 305 char *linebuf;
256 int state; 306 int state;
307
257 /* We are going to modify the line so copy it first */ 308 /* We are going to modify the line so copy it first */
258 linebuf = BUF_strdup(line); 309 linebuf = BUF_strdup(line);
259 state = HDR_NAME; 310 state = HDR_NAME;
260 ntmp = NULL; 311 ntmp = NULL;
312
261 /* Go through all characters */ 313 /* Go through all characters */
262 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { 314 for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') &&
315 (c != '\n'); p++) {
263 316
264 switch(state) { 317 switch (state) {
265 case HDR_NAME: 318 case HDR_NAME:
266 if(c == ':') { 319 if (c == ':') {
267 state = HDR_VALUE; 320 state = HDR_VALUE;
268 *p = 0; 321 *p = 0;
269 ntmp = strip_spaces(q); 322 ntmp = strip_spaces(q);
270 if(!ntmp) { 323 if (!ntmp) {
271 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); 324 X509V3err(X509V3_F_X509V3_PARSE_LIST,
325 X509V3_R_INVALID_NULL_NAME);
272 goto err; 326 goto err;
273 } 327 }
274 q = p + 1; 328 q = p + 1;
275 } else if(c == ',') { 329 } else if (c == ',') {
276 *p = 0; 330 *p = 0;
277 ntmp = strip_spaces(q); 331 ntmp = strip_spaces(q);
278 q = p + 1; 332 q = p + 1;
279#if 0 333#if 0
280 printf("%s\n", ntmp); 334 printf("%s\n", ntmp);
281#endif 335#endif
282 if(!ntmp) { 336 if (!ntmp) {
283 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); 337 X509V3err(X509V3_F_X509V3_PARSE_LIST,
338 X509V3_R_INVALID_NULL_NAME);
284 goto err; 339 goto err;
285 } 340 }
286 X509V3_add_value(ntmp, NULL, &values); 341 X509V3_add_value(ntmp, NULL, &values);
287 } 342 }
288 break ; 343 break;
289 344
290 case HDR_VALUE: 345 case HDR_VALUE:
291 if(c == ',') { 346 if (c == ',') {
292 state = HDR_NAME; 347 state = HDR_NAME;
293 *p = 0; 348 *p = 0;
294 vtmp = strip_spaces(q); 349 vtmp = strip_spaces(q);
295#if 0 350#if 0
296 printf("%s\n", ntmp); 351 printf("%s\n", ntmp);
297#endif 352#endif
298 if(!vtmp) { 353 if (!vtmp) {
299 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); 354 X509V3err(X509V3_F_X509V3_PARSE_LIST,
355 X509V3_R_INVALID_NULL_VALUE);
300 goto err; 356 goto err;
301 } 357 }
302 X509V3_add_value(ntmp, vtmp, &values); 358 X509V3_add_value(ntmp, vtmp, &values);
@@ -307,13 +363,14 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
307 } 363 }
308 } 364 }
309 365
310 if(state == HDR_VALUE) { 366 if (state == HDR_VALUE) {
311 vtmp = strip_spaces(q); 367 vtmp = strip_spaces(q);
312#if 0 368#if 0
313 printf("%s=%s\n", ntmp, vtmp); 369 printf("%s=%s\n", ntmp, vtmp);
314#endif 370#endif
315 if(!vtmp) { 371 if (!vtmp) {
316 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); 372 X509V3err(X509V3_F_X509V3_PARSE_LIST,
373 X509V3_R_INVALID_NULL_VALUE);
317 goto err; 374 goto err;
318 } 375 }
319 X509V3_add_value(ntmp, vtmp, &values); 376 X509V3_add_value(ntmp, vtmp, &values);
@@ -322,34 +379,42 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
322#if 0 379#if 0
323 printf("%s\n", ntmp); 380 printf("%s\n", ntmp);
324#endif 381#endif
325 if(!ntmp) { 382 if (!ntmp) {
326 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); 383 X509V3err(X509V3_F_X509V3_PARSE_LIST,
384 X509V3_R_INVALID_NULL_NAME);
327 goto err; 385 goto err;
328 } 386 }
329 X509V3_add_value(ntmp, NULL, &values); 387 X509V3_add_value(ntmp, NULL, &values);
330 } 388 }
331free(linebuf); 389 free(linebuf);
332return values; 390 return values;
333 391
334err: 392err:
335free(linebuf); 393 free(linebuf);
336sk_CONF_VALUE_pop_free(values, X509V3_conf_free); 394 sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
337return NULL; 395 return NULL;
338 396
339} 397}
340 398
341/* Delete leading and trailing spaces from a string */ 399/* Delete leading and trailing spaces from a string */
342static char *strip_spaces(char *name) 400static char *
401strip_spaces(char *name)
343{ 402{
344 char *p, *q; 403 char *p, *q;
404
345 /* Skip over leading spaces */ 405 /* Skip over leading spaces */
346 p = name; 406 p = name;
347 while(*p && isspace((unsigned char)*p)) p++; 407 while (*p && isspace((unsigned char)*p))
348 if(!*p) return NULL; 408 p++;
409 if (!*p)
410 return NULL;
349 q = p + strlen(p) - 1; 411 q = p + strlen(p) - 1;
350 while((q != p) && isspace((unsigned char)*q)) q--; 412 while ((q != p) && isspace((unsigned char)*q))
351 if(p != q) q[1] = 0; 413 q--;
352 if(!*p) return NULL; 414 if (p != q)
415 q[1] = 0;
416 if (!*p)
417 return NULL;
353 return p; 418 return p;
354} 419}
355 420
@@ -360,19 +425,22 @@ static char *strip_spaces(char *name)
360 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) 425 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
361 */ 426 */
362 427
363char *hex_to_string(const unsigned char *buffer, long len) 428char *
429hex_to_string(const unsigned char *buffer, long len)
364{ 430{
365 char *tmp, *q; 431 char *tmp, *q;
366 const unsigned char *p; 432 const unsigned char *p;
367 int i; 433 int i;
368 static const char hexdig[] = "0123456789ABCDEF"; 434 static const char hexdig[] = "0123456789ABCDEF";
369 if(!buffer || !len) return NULL; 435
370 if(!(tmp = malloc(len * 3 + 1))) { 436 if (!buffer || !len)
371 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); 437 return NULL;
438 if (!(tmp = malloc(len * 3 + 1))) {
439 X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE);
372 return NULL; 440 return NULL;
373 } 441 }
374 q = tmp; 442 q = tmp;
375 for(i = 0, p = buffer; i < len; i++,p++) { 443 for (i = 0, p = buffer; i < len; i++, p++) {
376 *q++ = hexdig[(*p >> 4) & 0xf]; 444 *q++ = hexdig[(*p >> 4) & 0xf];
377 *q++ = hexdig[*p & 0xf]; 445 *q++ = hexdig[*p & 0xf];
378 *q++ = ':'; 446 *q++ = ':';
@@ -385,70 +453,88 @@ char *hex_to_string(const unsigned char *buffer, long len)
385 * a buffer 453 * a buffer
386 */ 454 */
387 455
388unsigned char *string_to_hex(const char *str, long *len) 456unsigned char *
457string_to_hex(const char *str, long *len)
389{ 458{
390 unsigned char *hexbuf, *q; 459 unsigned char *hexbuf, *q;
391 unsigned char ch, cl, *p; 460 unsigned char ch, cl, *p;
392 if(!str) { 461 if (!str) {
393 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); 462 X509V3err(X509V3_F_STRING_TO_HEX,
463 X509V3_R_INVALID_NULL_ARGUMENT);
394 return NULL; 464 return NULL;
395 } 465 }
396 if(!(hexbuf = malloc(strlen(str) >> 1))) goto err; 466 if (!(hexbuf = malloc(strlen(str) >> 1)))
397 for(p = (unsigned char *)str, q = hexbuf; *p;) { 467 goto err;
468 for (p = (unsigned char *)str, q = hexbuf; *p; ) {
398 ch = *p++; 469 ch = *p++;
399 if(ch == ':') continue; 470 if (ch == ':')
471 continue;
400 cl = *p++; 472 cl = *p++;
401 if(!cl) { 473 if (!cl) {
402 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); 474 X509V3err(X509V3_F_STRING_TO_HEX,
475 X509V3_R_ODD_NUMBER_OF_DIGITS);
403 free(hexbuf); 476 free(hexbuf);
404 return NULL; 477 return NULL;
405 } 478 }
406 if(isupper(ch)) ch = tolower(ch); 479 if (isupper(ch))
407 if(isupper(cl)) cl = tolower(cl); 480 ch = tolower(ch);
408 481 if (isupper(cl))
409 if((ch >= '0') && (ch <= '9')) ch -= '0'; 482 cl = tolower(cl);
410 else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10; 483
411 else goto badhex; 484 if ((ch >= '0') && (ch <= '9'))
485 ch -= '0';
486 else if ((ch >= 'a') && (ch <= 'f'))
487 ch -= 'a' - 10;
488 else
489 goto badhex;
412 490
413 if((cl >= '0') && (cl <= '9')) cl -= '0'; 491 if ((cl >= '0') && (cl <= '9'))
414 else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10; 492 cl -= '0';
415 else goto badhex; 493 else if ((cl >= 'a') && (cl <= 'f'))
494 cl -= 'a' - 10;
495 else
496 goto badhex;
416 497
417 *q++ = (ch << 4) | cl; 498 *q++ = (ch << 4) | cl;
418 } 499 }
419 500
420 if(len) *len = q - hexbuf; 501 if (len)
502 *len = q - hexbuf;
421 503
422 return hexbuf; 504 return hexbuf;
423 505
424 err: 506err:
425 free(hexbuf); 507 free(hexbuf);
426 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); 508 X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE);
427 return NULL; 509 return NULL;
428 510
429 badhex: 511badhex:
430 free(hexbuf); 512 free(hexbuf);
431 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); 513 X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT);
432 return NULL; 514 return NULL;
433
434} 515}
435 516
436/* V2I name comparison function: returns zero if 'name' matches 517/* V2I name comparison function: returns zero if 'name' matches
437 * cmp or cmp.* 518 * cmp or cmp.*
438 */ 519 */
439 520
440int name_cmp(const char *name, const char *cmp) 521int
522name_cmp(const char *name, const char *cmp)
441{ 523{
442 int len, ret; 524 int len, ret;
443 char c; 525 char c;
526
444 len = strlen(cmp); 527 len = strlen(cmp);
445 if((ret = strncmp(name, cmp, len))) return ret; 528 if ((ret = strncmp(name, cmp, len)))
529 return ret;
446 c = name[len]; 530 c = name[len];
447 if(!c || (c=='.')) return 0; 531 if (!c || (c=='.'))
532 return 0;
448 return 1; 533 return 1;
449} 534}
450 535
451static int sk_strcmp(const char * const *a, const char * const *b) 536static int
537sk_strcmp(const char * const *a, const char * const *b)
452{ 538{
453 return strcmp(*a, *b); 539 return strcmp(*a, *b);
454} 540}
@@ -473,18 +559,16 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
473 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); 559 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
474 if (!info) 560 if (!info)
475 return NULL; 561 return NULL;
476 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) 562 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
477 {
478 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); 563 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
479 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) 564 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) {
480 { 565 if (ad->location->type == GEN_URI) {
481 if (ad->location->type == GEN_URI) 566 if (!append_ia5(&ret,
482 { 567 ad->location->d.uniformResourceIdentifier))
483 if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
484 break; 568 break;
485 }
486 } 569 }
487 } 570 }
571 }
488 AUTHORITY_INFO_ACCESS_free(info); 572 AUTHORITY_INFO_ACCESS_free(info);
489 return ret; 573 return ret;
490} 574}
@@ -504,48 +588,61 @@ STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
504} 588}
505 589
506 590
507static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens) 591static
592STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
508{ 593{
509 STACK_OF(OPENSSL_STRING) *ret = NULL; 594 STACK_OF(OPENSSL_STRING) *ret = NULL;
510 X509_NAME_ENTRY *ne; 595 X509_NAME_ENTRY *ne;
511 ASN1_IA5STRING *email; 596 ASN1_IA5STRING *email;
512 GENERAL_NAME *gen; 597 GENERAL_NAME *gen;
513 int i; 598 int i;
599
514 /* Now add any email address(es) to STACK */ 600 /* Now add any email address(es) to STACK */
515 i = -1; 601 i = -1;
602
516 /* First supplied X509_NAME */ 603 /* First supplied X509_NAME */
517 while((i = X509_NAME_get_index_by_NID(name, 604 while ((i = X509_NAME_get_index_by_NID(name,
518 NID_pkcs9_emailAddress, i)) >= 0) { 605 NID_pkcs9_emailAddress, i)) >= 0) {
519 ne = X509_NAME_get_entry(name, i); 606 ne = X509_NAME_get_entry(name, i);
520 email = X509_NAME_ENTRY_get_data(ne); 607 email = X509_NAME_ENTRY_get_data(ne);
521 if(!append_ia5(&ret, email)) return NULL; 608 if (!append_ia5(&ret, email))
609 return NULL;
522 } 610 }
523 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) 611 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
524 {
525 gen = sk_GENERAL_NAME_value(gens, i); 612 gen = sk_GENERAL_NAME_value(gens, i);
526 if(gen->type != GEN_EMAIL) continue; 613 if (gen->type != GEN_EMAIL)
527 if(!append_ia5(&ret, gen->d.ia5)) return NULL; 614 continue;
615 if (!append_ia5(&ret, gen->d.ia5))
616 return NULL;
528 } 617 }
529 return ret; 618 return ret;
530} 619}
531 620
532static void str_free(OPENSSL_STRING str) 621static void
622str_free(OPENSSL_STRING str)
533{ 623{
534 free(str); 624 free(str);
535} 625}
536 626
537static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) 627static int
628append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
538{ 629{
539 char *emtmp; 630 char *emtmp;
631
540 /* First some sanity checks */ 632 /* First some sanity checks */
541 if(email->type != V_ASN1_IA5STRING) return 1; 633 if (email->type != V_ASN1_IA5STRING)
542 if(!email->data || !email->length) return 1; 634 return 1;
543 if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp); 635 if (!email->data || !email->length)
544 if(!*sk) return 0; 636 return 1;
637 if (!*sk)
638 *sk = sk_OPENSSL_STRING_new(sk_strcmp);
639 if (!*sk)
640 return 0;
545 /* Don't add duplicates */ 641 /* Don't add duplicates */
546 if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1; 642 if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
643 return 1;
547 emtmp = BUF_strdup((char *)email->data); 644 emtmp = BUF_strdup((char *)email->data);
548 if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { 645 if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
549 X509_email_free(*sk); 646 X509_email_free(*sk);
550 *sk = NULL; 647 *sk = NULL;
551 return 0; 648 return 0;
@@ -553,17 +650,19 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
553 return 1; 650 return 1;
554} 651}
555 652
556void X509_email_free(STACK_OF(OPENSSL_STRING) *sk) 653void
654X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
557{ 655{
558 sk_OPENSSL_STRING_pop_free(sk, str_free); 656 sk_OPENSSL_STRING_pop_free(sk, str_free);
559} 657}
560 658
561/* Convert IP addresses both IPv4 and IPv6 into an 659/* Convert IP addresses both IPv4 and IPv6 into an
562 * OCTET STRING compatible with RFC3280. 660 * OCTET STRING compatible with RFC3280.
563 */ 661 */
564 662
565ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) 663ASN1_OCTET_STRING *
566 { 664a2i_IPADDRESS(const char *ipasc)
665{
567 unsigned char ipout[16]; 666 unsigned char ipout[16];
568 ASN1_OCTET_STRING *ret; 667 ASN1_OCTET_STRING *ret;
569 int iplen; 668 int iplen;
@@ -578,21 +677,22 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
578 ret = ASN1_OCTET_STRING_new(); 677 ret = ASN1_OCTET_STRING_new();
579 if (!ret) 678 if (!ret)
580 return NULL; 679 return NULL;
581 if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) 680 if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
582 {
583 ASN1_OCTET_STRING_free(ret); 681 ASN1_OCTET_STRING_free(ret);
584 return NULL; 682 return NULL;
585 }
586 return ret;
587 } 683 }
684 return ret;
685}
588 686
589ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) 687ASN1_OCTET_STRING *
590 { 688a2i_IPADDRESS_NC(const char *ipasc)
689{
591 ASN1_OCTET_STRING *ret = NULL; 690 ASN1_OCTET_STRING *ret = NULL;
592 unsigned char ipout[32]; 691 unsigned char ipout[32];
593 char *iptmp = NULL, *p; 692 char *iptmp = NULL, *p;
594 int iplen1, iplen2; 693 int iplen1, iplen2;
595 p = strchr(ipasc,'/'); 694
695 p = strchr(ipasc, '/');
596 if (!p) 696 if (!p)
597 return NULL; 697 return NULL;
598 iptmp = BUF_strdup(ipasc); 698 iptmp = BUF_strdup(ipasc);
@@ -622,65 +722,67 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
622 722
623 return ret; 723 return ret;
624 724
625 err: 725err:
626 free(iptmp); 726 free(iptmp);
627 if (ret) 727 if (ret)
628 ASN1_OCTET_STRING_free(ret); 728 ASN1_OCTET_STRING_free(ret);
629 return NULL; 729 return NULL;
630 } 730}
631
632 731
633int a2i_ipadd(unsigned char *ipout, const char *ipasc) 732
634 { 733int
734a2i_ipadd(unsigned char *ipout, const char *ipasc)
735{
635 /* If string contains a ':' assume IPv6 */ 736 /* If string contains a ':' assume IPv6 */
636 737
637 if (strchr(ipasc, ':')) 738 if (strchr(ipasc, ':')) {
638 {
639 if (!ipv6_from_asc(ipout, ipasc)) 739 if (!ipv6_from_asc(ipout, ipasc))
640 return 0; 740 return 0;
641 return 16; 741 return 16;
642 } 742 } else {
643 else
644 {
645 if (!ipv4_from_asc(ipout, ipasc)) 743 if (!ipv4_from_asc(ipout, ipasc))
646 return 0; 744 return 0;
647 return 4; 745 return 4;
648 }
649 } 746 }
747}
650 748
651static int ipv4_from_asc(unsigned char *v4, const char *in) 749static int
652 { 750ipv4_from_asc(unsigned char *v4, const char *in)
751{
653 int a0, a1, a2, a3; 752 int a0, a1, a2, a3;
654 if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) 753 if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
655 return 0; 754 return 0;
656 if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) 755 if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) ||
657 || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) 756 (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
658 return 0; 757 return 0;
659 v4[0] = a0; 758 v4[0] = a0;
660 v4[1] = a1; 759 v4[1] = a1;
661 v4[2] = a2; 760 v4[2] = a2;
662 v4[3] = a3; 761 v4[3] = a3;
663 return 1; 762 return 1;
664 } 763}
665 764
666typedef struct { 765typedef struct {
667 /* Temporary store for IPV6 output */ 766 /* Temporary store for IPV6 output */
668 unsigned char tmp[16]; 767 unsigned char tmp[16];
669 /* Total number of bytes in tmp */ 768 /* Total number of bytes in tmp */
670 int total; 769 int total;
671 /* The position of a zero (corresponding to '::') */ 770 /* The position of a zero (corresponding to '::') */
672 int zero_pos; 771 int zero_pos;
673 /* Number of zeroes */ 772 /* Number of zeroes */
674 int zero_cnt; 773 int zero_cnt;
675 } IPV6_STAT; 774} IPV6_STAT;
676 775
677 776
678static int ipv6_from_asc(unsigned char *v6, const char *in) 777static int
679 { 778ipv6_from_asc(unsigned char *v6, const char *in)
779{
680 IPV6_STAT v6stat; 780 IPV6_STAT v6stat;
781
681 v6stat.total = 0; 782 v6stat.total = 0;
682 v6stat.zero_pos = -1; 783 v6stat.zero_pos = -1;
683 v6stat.zero_cnt = 0; 784 v6stat.zero_cnt = 0;
785
684 /* Treat the IPv6 representation as a list of values 786 /* Treat the IPv6 representation as a list of values
685 * separated by ':'. The presence of a '::' will parse 787 * separated by ':'. The presence of a '::' will parse
686 * as one, two or three zero length elements. 788 * as one, two or three zero length elements.
@@ -690,14 +792,11 @@ static int ipv6_from_asc(unsigned char *v6, const char *in)
690 792
691 /* Now for some sanity checks */ 793 /* Now for some sanity checks */
692 794
693 if (v6stat.zero_pos == -1) 795 if (v6stat.zero_pos == -1) {
694 {
695 /* If no '::' must have exactly 16 bytes */ 796 /* If no '::' must have exactly 16 bytes */
696 if (v6stat.total != 16) 797 if (v6stat.total != 16)
697 return 0; 798 return 0;
698 } 799 } else {
699 else
700 {
701 /* If '::' must have less than 16 bytes */ 800 /* If '::' must have less than 16 bytes */
702 if (v6stat.total == 16) 801 if (v6stat.total == 16)
703 return 0; 802 return 0;
@@ -705,31 +804,27 @@ static int ipv6_from_asc(unsigned char *v6, const char *in)
705 if (v6stat.zero_cnt > 3) 804 if (v6stat.zero_cnt > 3)
706 return 0; 805 return 0;
707 /* Can only have three zeroes if nothing else present */ 806 /* Can only have three zeroes if nothing else present */
708 else if (v6stat.zero_cnt == 3) 807 else if (v6stat.zero_cnt == 3) {
709 {
710 if (v6stat.total > 0) 808 if (v6stat.total > 0)
711 return 0; 809 return 0;
712 } 810 }
713 /* Can only have two zeroes if at start or end */ 811 /* Can only have two zeroes if at start or end */
714 else if (v6stat.zero_cnt == 2) 812 else if (v6stat.zero_cnt == 2) {
715 { 813 if ((v6stat.zero_pos != 0) &&
716 if ((v6stat.zero_pos != 0) 814 (v6stat.zero_pos != v6stat.total))
717 && (v6stat.zero_pos != v6stat.total))
718 return 0; 815 return 0;
719 } 816 } else
720 else 817 /* Can only have one zero if *not* start or end */
721 /* Can only have one zero if *not* start or end */ 818 {
722 { 819 if ((v6stat.zero_pos == 0) ||
723 if ((v6stat.zero_pos == 0) 820 (v6stat.zero_pos == v6stat.total))
724 || (v6stat.zero_pos == v6stat.total))
725 return 0; 821 return 0;
726 }
727 } 822 }
823 }
728 824
729 /* Format result */ 825 /* Format result */
730 826
731 if (v6stat.zero_pos >= 0) 827 if (v6stat.zero_pos >= 0) {
732 {
733 /* Copy initial part */ 828 /* Copy initial part */
734 memcpy(v6, v6stat.tmp, v6stat.zero_pos); 829 memcpy(v6, v6stat.tmp, v6stat.zero_pos);
735 /* Zero middle */ 830 /* Zero middle */
@@ -737,23 +832,23 @@ static int ipv6_from_asc(unsigned char *v6, const char *in)
737 /* Copy final part */ 832 /* Copy final part */
738 if (v6stat.total != v6stat.zero_pos) 833 if (v6stat.total != v6stat.zero_pos)
739 memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, 834 memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
740 v6stat.tmp + v6stat.zero_pos, 835 v6stat.tmp + v6stat.zero_pos,
741 v6stat.total - v6stat.zero_pos); 836 v6stat.total - v6stat.zero_pos);
742 } 837 } else
743 else
744 memcpy(v6, v6stat.tmp, 16); 838 memcpy(v6, v6stat.tmp, 16);
745 839
746 return 1; 840 return 1;
747 } 841}
748 842
749static int ipv6_cb(const char *elem, int len, void *usr) 843static int
750 { 844ipv6_cb(const char *elem, int len, void *usr)
845{
751 IPV6_STAT *s = usr; 846 IPV6_STAT *s = usr;
847
752 /* Error if 16 bytes written */ 848 /* Error if 16 bytes written */
753 if (s->total == 16) 849 if (s->total == 16)
754 return 0; 850 return 0;
755 if (len == 0) 851 if (len == 0) {
756 {
757 /* Zero length element, corresponds to '::' */ 852 /* Zero length element, corresponds to '::' */
758 if (s->zero_pos == -1) 853 if (s->zero_pos == -1)
759 s->zero_pos = s->total; 854 s->zero_pos = s->total;
@@ -761,12 +856,9 @@ static int ipv6_cb(const char *elem, int len, void *usr)
761 else if (s->zero_pos != s->total) 856 else if (s->zero_pos != s->total)
762 return 0; 857 return 0;
763 s->zero_cnt++; 858 s->zero_cnt++;
764 } 859 } else {
765 else
766 {
767 /* If more than 4 characters could be final a.b.c.d form */ 860 /* If more than 4 characters could be final a.b.c.d form */
768 if (len > 4) 861 if (len > 4) {
769 {
770 /* Need at least 4 bytes left */ 862 /* Need at least 4 bytes left */
771 if (s->total > 12) 863 if (s->total > 12)
772 return 0; 864 return 0;
@@ -776,29 +868,28 @@ static int ipv6_cb(const char *elem, int len, void *usr)
776 if (!ipv4_from_asc(s->tmp + s->total, elem)) 868 if (!ipv4_from_asc(s->tmp + s->total, elem))
777 return 0; 869 return 0;
778 s->total += 4; 870 s->total += 4;
779 } 871 } else {
780 else
781 {
782 if (!ipv6_hex(s->tmp + s->total, elem, len)) 872 if (!ipv6_hex(s->tmp + s->total, elem, len))
783 return 0; 873 return 0;
784 s->total += 2; 874 s->total += 2;
785 }
786 } 875 }
787 return 1;
788 } 876 }
877 return 1;
878}
789 879
790/* Convert a string of up to 4 hex digits into the corresponding 880/* Convert a string of up to 4 hex digits into the corresponding
791 * IPv6 form. 881 * IPv6 form.
792 */ 882 */
793 883
794static int ipv6_hex(unsigned char *out, const char *in, int inlen) 884static int
795 { 885ipv6_hex(unsigned char *out, const char *in, int inlen)
886{
796 unsigned char c; 887 unsigned char c;
797 unsigned int num = 0; 888 unsigned int num = 0;
889
798 if (inlen > 4) 890 if (inlen > 4)
799 return 0; 891 return 0;
800 while(inlen--) 892 while (inlen--) {
801 {
802 c = *in++; 893 c = *in++;
803 num <<= 4; 894 num <<= 4;
804 if ((c >= '0') && (c <= '9')) 895 if ((c >= '0') && (c <= '9'))
@@ -809,47 +900,44 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen)
809 num |= c - 'a' + 10; 900 num |= c - 'a' + 10;
810 else 901 else
811 return 0; 902 return 0;
812 } 903 }
813 out[0] = num >> 8; 904 out[0] = num >> 8;
814 out[1] = num & 0xff; 905 out[1] = num & 0xff;
815 return 1; 906 return 1;
816 } 907}
817
818 908
819int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, 909int
820 unsigned long chtype) 910X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
821 { 911 unsigned long chtype)
912{
822 CONF_VALUE *v; 913 CONF_VALUE *v;
823 int i, mval; 914 int i, mval;
824 char *p, *type; 915 char *p, *type;
916
825 if (!nm) 917 if (!nm)
826 return 0; 918 return 0;
827 919
828 for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) 920 for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
829 { 921 v = sk_CONF_VALUE_value(dn_sk, i);
830 v=sk_CONF_VALUE_value(dn_sk,i); 922 type = v->name;
831 type=v->name;
832 /* Skip past any leading X. X: X, etc to allow for 923 /* Skip past any leading X. X: X, etc to allow for
833 * multiple instances 924 * multiple instances
834 */ 925 */
835 for(p = type; *p ; p++) 926 for (p = type; *p; p++)
836 if ((*p == ':') || (*p == ',') || (*p == '.')) 927 if ((*p == ':') || (*p == ',') || (*p == '.')) {
837 {
838 p++; 928 p++;
839 if(*p) type = p; 929 if (*p)
930 type = p;
840 break; 931 break;
841 } 932 }
842 if (*type == '+') 933 if (*type == '+') {
843 {
844 mval = -1; 934 mval = -1;
845 type++; 935 type++;
846 } 936 } else
847 else
848 mval = 0; 937 mval = 0;
849 if (!X509_NAME_add_entry_by_txt(nm,type, chtype, 938 if (!X509_NAME_add_entry_by_txt(nm, type, chtype,
850 (unsigned char *) v->value,-1,-1,mval)) 939 (unsigned char *) v->value, -1, -1, mval))
851 return 0; 940 return 0;
852
853 }
854 return 1;
855 } 941 }
942 return 1;
943}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 09:10:19 +0000