summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-04-21 14:27:06 +0000
committerjsing <>2014-04-21 14:27:06 +0000
commitac499e34042be918cb0f1f53989f22ef20948783 (patch)
treef458806ca24206dc98c19495f9b9e3bb138d95ec /src
parente4ed4425420c88ef04aa5413b94147204acfdfdd (diff)
downloadopenbsd-ac499e34042be918cb0f1f53989f22ef20948783.tar.gz
openbsd-ac499e34042be918cb0f1f53989f22ef20948783.tar.bz2
openbsd-ac499e34042be918cb0f1f53989f22ef20948783.zip
KNF.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/x509v3/v3_bcons.c58
-rw-r--r--src/lib/libcrypto/x509v3/v3_bitst.c88
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c501
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c311
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c423
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_bcons.c58
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_bitst.c88
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_conf.c501
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_cpols.c311
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_crld.c423
10 files changed, 1444 insertions, 1318 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
index 82aa488f75..e652b839bd 100644
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ b/src/lib/libcrypto/x509v3/v3_bcons.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -64,18 +64,20 @@
64#include <openssl/conf.h> 64#include <openssl/conf.h>
65#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
66 66
67static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); 67static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
68static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); 68 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
69static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
69 71
70const X509V3_EXT_METHOD v3_bcons = { 72const X509V3_EXT_METHOD v3_bcons = {
71NID_basic_constraints, 0, 73 NID_basic_constraints, 0,
72ASN1_ITEM_ref(BASIC_CONSTRAINTS), 74 ASN1_ITEM_ref(BASIC_CONSTRAINTS),
730,0,0,0, 75 0, 0, 0, 0,
740,0, 76 0, 0,
75(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, 77 (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
76(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, 78 (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
77NULL,NULL, 79 NULL, NULL,
78NULL 80 NULL
79}; 81};
80 82
81ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { 83ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
@@ -86,39 +88,45 @@ ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
86IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) 88IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
87 89
88 90
89static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, 91static STACK_OF(CONF_VALUE) *
90 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) 92i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons,
93 STACK_OF(CONF_VALUE) *extlist)
91{ 94{
92 X509V3_add_value_bool("CA", bcons->ca, &extlist); 95 X509V3_add_value_bool("CA", bcons->ca, &extlist);
93 X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); 96 X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
94 return extlist; 97 return extlist;
95} 98}
96 99
97static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, 100static BASIC_CONSTRAINTS *
98 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) 101v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
102 STACK_OF(CONF_VALUE) *values)
99{ 103{
100 BASIC_CONSTRAINTS *bcons=NULL; 104 BASIC_CONSTRAINTS *bcons = NULL;
101 CONF_VALUE *val; 105 CONF_VALUE *val;
102 int i; 106 int i;
103 if(!(bcons = BASIC_CONSTRAINTS_new())) { 107
108 if (!(bcons = BASIC_CONSTRAINTS_new())) {
104 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); 109 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
105 return NULL; 110 return NULL;
106 } 111 }
107 for(i = 0; i < sk_CONF_VALUE_num(values); i++) { 112 for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
108 val = sk_CONF_VALUE_value(values, i); 113 val = sk_CONF_VALUE_value(values, i);
109 if(!strcmp(val->name, "CA")) { 114 if (!strcmp(val->name, "CA")) {
110 if(!X509V3_get_value_bool(val, &bcons->ca)) goto err; 115 if (!X509V3_get_value_bool(val, &bcons->ca))
111 } else if(!strcmp(val->name, "pathlen")) { 116 goto err;
112 if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; 117 } else if (!strcmp(val->name, "pathlen")) {
118 if (!X509V3_get_value_int(val, &bcons->pathlen))
119 goto err;
113 } else { 120 } else {
114 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); 121 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS,
122 X509V3_R_INVALID_NAME);
115 X509V3_conf_err(val); 123 X509V3_conf_err(val);
116 goto err; 124 goto err;
117 } 125 }
118 } 126 }
119 return bcons; 127 return bcons;
120 err: 128
129err:
121 BASIC_CONSTRAINTS_free(bcons); 130 BASIC_CONSTRAINTS_free(bcons);
122 return NULL; 131 return NULL;
123} 132}
124
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
index 058d0d4dce..31549cf003 100644
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ b/src/lib/libcrypto/x509v3/v3_bitst.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -62,74 +62,80 @@
62#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
63 63
64static BIT_STRING_BITNAME ns_cert_type_table[] = { 64static BIT_STRING_BITNAME ns_cert_type_table[] = {
65{0, "SSL Client", "client"}, 65 {0, "SSL Client", "client"},
66{1, "SSL Server", "server"}, 66 {1, "SSL Server", "server"},
67{2, "S/MIME", "email"}, 67 {2, "S/MIME", "email"},
68{3, "Object Signing", "objsign"}, 68 {3, "Object Signing", "objsign"},
69{4, "Unused", "reserved"}, 69 {4, "Unused", "reserved"},
70{5, "SSL CA", "sslCA"}, 70 {5, "SSL CA", "sslCA"},
71{6, "S/MIME CA", "emailCA"}, 71 {6, "S/MIME CA", "emailCA"},
72{7, "Object Signing CA", "objCA"}, 72 {7, "Object Signing CA", "objCA"},
73{-1, NULL, NULL} 73 {-1, NULL, NULL}
74}; 74};
75 75
76static BIT_STRING_BITNAME key_usage_type_table[] = { 76static BIT_STRING_BITNAME key_usage_type_table[] = {
77{0, "Digital Signature", "digitalSignature"}, 77 {0, "Digital Signature", "digitalSignature"},
78{1, "Non Repudiation", "nonRepudiation"}, 78 {1, "Non Repudiation", "nonRepudiation"},
79{2, "Key Encipherment", "keyEncipherment"}, 79 {2, "Key Encipherment", "keyEncipherment"},
80{3, "Data Encipherment", "dataEncipherment"}, 80 {3, "Data Encipherment", "dataEncipherment"},
81{4, "Key Agreement", "keyAgreement"}, 81 {4, "Key Agreement", "keyAgreement"},
82{5, "Certificate Sign", "keyCertSign"}, 82 {5, "Certificate Sign", "keyCertSign"},
83{6, "CRL Sign", "cRLSign"}, 83 {6, "CRL Sign", "cRLSign"},
84{7, "Encipher Only", "encipherOnly"}, 84 {7, "Encipher Only", "encipherOnly"},
85{8, "Decipher Only", "decipherOnly"}, 85 {8, "Decipher Only", "decipherOnly"},
86{-1, NULL, NULL} 86 {-1, NULL, NULL}
87}; 87};
88 88
89 89
90const X509V3_EXT_METHOD v3_nscert =
91 EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
92const X509V3_EXT_METHOD v3_key_usage =
93 EXT_BITSTRING(NID_key_usage, key_usage_type_table);
90 94
91const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); 95STACK_OF(CONF_VALUE) *
92const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); 96i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits,
93 97 STACK_OF(CONF_VALUE) *ret)
94STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
95 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
96{ 98{
97 BIT_STRING_BITNAME *bnam; 99 BIT_STRING_BITNAME *bnam;
98 for(bnam =method->usr_data; bnam->lname; bnam++) { 100
99 if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 101 for (bnam = method->usr_data; bnam->lname; bnam++) {
102 if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
100 X509V3_add_value(bnam->lname, NULL, &ret); 103 X509V3_add_value(bnam->lname, NULL, &ret);
101 } 104 }
102 return ret; 105 return ret;
103} 106}
104 107
105ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 108ASN1_BIT_STRING *
106 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 109v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
110 STACK_OF(CONF_VALUE) *nval)
107{ 111{
108 CONF_VALUE *val; 112 CONF_VALUE *val;
109 ASN1_BIT_STRING *bs; 113 ASN1_BIT_STRING *bs;
110 int i; 114 int i;
111 BIT_STRING_BITNAME *bnam; 115 BIT_STRING_BITNAME *bnam;
112 if(!(bs = M_ASN1_BIT_STRING_new())) { 116
113 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); 117 if (!(bs = M_ASN1_BIT_STRING_new())) {
118 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
114 return NULL; 119 return NULL;
115 } 120 }
116 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 121 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
117 val = sk_CONF_VALUE_value(nval, i); 122 val = sk_CONF_VALUE_value(nval, i);
118 for(bnam = method->usr_data; bnam->lname; bnam++) { 123 for (bnam = method->usr_data; bnam->lname; bnam++) {
119 if(!strcmp(bnam->sname, val->name) || 124 if (!strcmp(bnam->sname, val->name) ||
120 !strcmp(bnam->lname, val->name) ) { 125 !strcmp(bnam->lname, val->name) ) {
121 if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { 126 if (!ASN1_BIT_STRING_set_bit(bs,
127 bnam->bitnum, 1)) {
122 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, 128 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
123 ERR_R_MALLOC_FAILURE); 129 ERR_R_MALLOC_FAILURE);
124 M_ASN1_BIT_STRING_free(bs); 130 M_ASN1_BIT_STRING_free(bs);
125 return NULL; 131 return NULL;
126 } 132 }
127 break; 133 break;
128 } 134 }
129 } 135 }
130 if(!bnam->lname) { 136 if (!bnam->lname) {
131 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, 137 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
132 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); 138 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
133 X509V3_conf_err(val); 139 X509V3_conf_err(val);
134 M_ASN1_BIT_STRING_free(bs); 140 M_ASN1_BIT_STRING_free(bs);
135 return NULL; 141 return NULL;
@@ -137,5 +143,3 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
137 } 143 }
138 return bs; 144 return bs;
139} 145}
140
141
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index 519aefc93c..daacf8d5df 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -58,7 +58,6 @@
58/* extension creation utilities */ 58/* extension creation utilities */
59 59
60 60
61
62#include <stdio.h> 61#include <stdio.h>
63#include <ctype.h> 62#include <ctype.h>
64#include "cryptlib.h" 63#include "cryptlib.h"
@@ -68,228 +67,242 @@
68 67
69static int v3_check_critical(char **value); 68static int v3_check_critical(char **value);
70static int v3_check_generic(char **value); 69static int v3_check_generic(char **value);
71static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); 70static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); 71 int crit, char *value);
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
73 int crit, int type, X509V3_CTX *ctx);
73static char *conf_lhash_get_string(void *db, char *section, char *value); 74static char *conf_lhash_get_string(void *db, char *section, char *value);
74static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); 75static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
75static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, 76static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
76 int crit, void *ext_struc); 77 int crit, void *ext_struc);
77static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); 78static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
79
78/* CONF *conf: Config file */ 80/* CONF *conf: Config file */
79/* char *name: Name */ 81/* char *name: Name */
80/* char *value: Value */ 82/* char *value: Value */
81X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, 83X509_EXTENSION *
82 char *value) 84X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
83 { 85{
84 int crit; 86 int crit;
85 int ext_type; 87 int ext_type;
86 X509_EXTENSION *ret; 88 X509_EXTENSION *ret;
89
87 crit = v3_check_critical(&value); 90 crit = v3_check_critical(&value);
88 if ((ext_type = v3_check_generic(&value))) 91 if ((ext_type = v3_check_generic(&value)))
89 return v3_generic_extension(name, value, crit, ext_type, ctx); 92 return v3_generic_extension(name, value, crit, ext_type, ctx);
90 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); 93 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
91 if (!ret) 94 if (!ret) {
92 { 95 X509V3err(X509V3_F_X509V3_EXT_NCONF,
93 X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); 96 X509V3_R_ERROR_IN_EXTENSION);
94 ERR_add_error_data(4,"name=", name, ", value=", value); 97 ERR_add_error_data(4, "name=", name, ", value=", value);
95 }
96 return ret;
97 } 98 }
99 return ret;
100}
98 101
99/* CONF *conf: Config file */ 102/* CONF *conf: Config file */
100/* char *value: Value */ 103/* char *value: Value */
101X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, 104X509_EXTENSION *
102 char *value) 105X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value)
103 { 106{
104 int crit; 107 int crit;
105 int ext_type; 108 int ext_type;
109
106 crit = v3_check_critical(&value); 110 crit = v3_check_critical(&value);
107 if ((ext_type = v3_check_generic(&value))) 111 if ((ext_type = v3_check_generic(&value)))
108 return v3_generic_extension(OBJ_nid2sn(ext_nid), 112 return v3_generic_extension(OBJ_nid2sn(ext_nid),
109 value, crit, ext_type, ctx); 113 value, crit, ext_type, ctx);
110 return do_ext_nconf(conf, ctx, ext_nid, crit, value); 114 return do_ext_nconf(conf, ctx, ext_nid, crit, value);
111 } 115}
112 116
113/* CONF *conf: Config file */ 117/* CONF *conf: Config file */
114/* char *value: Value */ 118/* char *value: Value */
115static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, 119static X509_EXTENSION *
116 int crit, char *value) 120do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
117 { 121{
118 const X509V3_EXT_METHOD *method; 122 const X509V3_EXT_METHOD *method;
119 X509_EXTENSION *ext; 123 X509_EXTENSION *ext;
120 STACK_OF(CONF_VALUE) *nval; 124 STACK_OF(CONF_VALUE) *nval;
121 void *ext_struc; 125 void *ext_struc;
122 if (ext_nid == NID_undef) 126
123 { 127 if (ext_nid == NID_undef) {
124 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); 128 X509V3err(X509V3_F_DO_EXT_NCONF,
129 X509V3_R_UNKNOWN_EXTENSION_NAME);
125 return NULL; 130 return NULL;
126 } 131 }
127 if (!(method = X509V3_EXT_get_nid(ext_nid))) 132 if (!(method = X509V3_EXT_get_nid(ext_nid))) {
128 { 133 X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
129 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION);
130 return NULL; 134 return NULL;
131 } 135 }
132 /* Now get internal extension representation based on type */ 136 /* Now get internal extension representation based on type */
133 if (method->v2i) 137 if (method->v2i) {
134 { 138 if (*value == '@')
135 if(*value == '@') nval = NCONF_get_section(conf, value + 1); 139 nval = NCONF_get_section(conf, value + 1);
136 else nval = X509V3_parse_list(value); 140 else
137 if(sk_CONF_VALUE_num(nval) <= 0) 141 nval = X509V3_parse_list(value);
138 { 142 if (sk_CONF_VALUE_num(nval) <= 0) {
139 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); 143 X509V3err(X509V3_F_DO_EXT_NCONF,
140 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); 144 X509V3_R_INVALID_EXTENSION_STRING);
145 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid),
146 ",section=", value);
141 return NULL; 147 return NULL;
142 }
143 ext_struc = method->v2i(method, ctx, nval);
144 if(*value != '@') sk_CONF_VALUE_pop_free(nval,
145 X509V3_conf_free);
146 if(!ext_struc) return NULL;
147 }
148 else if(method->s2i)
149 {
150 if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
151 } 148 }
152 else if(method->r2i) 149 ext_struc = method->v2i(method, ctx, nval);
153 { 150 if (*value != '@')
154 if(!ctx->db || !ctx->db_meth) 151 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
155 { 152 if (!ext_struc)
156 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); 153 return NULL;
154 } else if (method->s2i) {
155 if (!(ext_struc = method->s2i(method, ctx, value)))
156 return NULL;
157 } else if (method->r2i) {
158 if (!ctx->db || !ctx->db_meth) {
159 X509V3err(X509V3_F_DO_EXT_NCONF,
160 X509V3_R_NO_CONFIG_DATABASE);
157 return NULL; 161 return NULL;
158 }
159 if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
160 } 162 }
161 else 163 if (!(ext_struc = method->r2i(method, ctx, value)))
162 { 164 return NULL;
163 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); 165 } else {
166 X509V3err(X509V3_F_DO_EXT_NCONF,
167 X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
164 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); 168 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
165 return NULL; 169 return NULL;
166 } 170 }
167 171
168 ext = do_ext_i2d(method, ext_nid, crit, ext_struc); 172 ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
169 if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); 173 if (method->it)
170 else method->ext_free(ext_struc); 174 ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
175 else
176 method->ext_free(ext_struc);
171 return ext; 177 return ext;
178}
172 179
173 } 180static X509_EXTENSION *
174 181do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit,
175static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, 182 void *ext_struc)
176 int crit, void *ext_struc) 183{
177 {
178 unsigned char *ext_der; 184 unsigned char *ext_der;
179 int ext_len; 185 int ext_len;
180 ASN1_OCTET_STRING *ext_oct; 186 ASN1_OCTET_STRING *ext_oct;
181 X509_EXTENSION *ext; 187 X509_EXTENSION *ext;
188
182 /* Convert internal representation to DER */ 189 /* Convert internal representation to DER */
183 if (method->it) 190 if (method->it) {
184 {
185 ext_der = NULL; 191 ext_der = NULL;
186 ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); 192 ext_len = ASN1_item_i2d(ext_struc, &ext_der,
187 if (ext_len < 0) goto merr; 193 ASN1_ITEM_ptr(method->it));
188 } 194 if (ext_len < 0)
189 else 195 goto merr;
190 { 196 } else {
191 unsigned char *p; 197 unsigned char *p;
192 ext_len = method->i2d(ext_struc, NULL); 198 ext_len = method->i2d(ext_struc, NULL);
193 if(!(ext_der = malloc(ext_len))) goto merr; 199 if (!(ext_der = malloc(ext_len)))
200 goto merr;
194 p = ext_der; 201 p = ext_der;
195 method->i2d(ext_struc, &p); 202 method->i2d(ext_struc, &p);
196 } 203 }
197 if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; 204 if (!(ext_oct = M_ASN1_OCTET_STRING_new()))
205 goto merr;
198 ext_oct->data = ext_der; 206 ext_oct->data = ext_der;
199 ext_oct->length = ext_len; 207 ext_oct->length = ext_len;
200 208
201 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); 209 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
202 if (!ext) goto merr; 210 if (!ext)
211 goto merr;
203 M_ASN1_OCTET_STRING_free(ext_oct); 212 M_ASN1_OCTET_STRING_free(ext_oct);
204 213
205 return ext; 214 return ext;
206 215
207 merr: 216merr:
208 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); 217 X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
209 return NULL; 218 return NULL;
210 219
211 } 220}
212 221
213/* Given an internal structure, nid and critical flag create an extension */ 222/* Given an internal structure, nid and critical flag create an extension */
214 223
215X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) 224X509_EXTENSION *
216 { 225X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
226{
217 const X509V3_EXT_METHOD *method; 227 const X509V3_EXT_METHOD *method;
228
218 if (!(method = X509V3_EXT_get_nid(ext_nid))) { 229 if (!(method = X509V3_EXT_get_nid(ext_nid))) {
219 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); 230 X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
220 return NULL; 231 return NULL;
221 } 232 }
222 return do_ext_i2d(method, ext_nid, crit, ext_struc); 233 return do_ext_i2d(method, ext_nid, crit, ext_struc);
223} 234}
224 235
225/* Check the extension string for critical flag */ 236/* Check the extension string for critical flag */
226static int v3_check_critical(char **value) 237static int
238v3_check_critical(char **value)
227{ 239{
228 char *p = *value; 240 char *p = *value;
229 if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; 241
230 p+=9; 242 if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
231 while(isspace((unsigned char)*p)) p++; 243 return 0;
232 *value = p; 244 p += 9;
245 while (isspace((unsigned char)*p)) p++;
246 *value = p;
233 return 1; 247 return 1;
234} 248}
235 249
236/* Check extension string for generic extension and return the type */ 250/* Check extension string for generic extension and return the type */
237static int v3_check_generic(char **value) 251static int
252v3_check_generic(char **value)
238{ 253{
239 int gen_type = 0; 254 int gen_type = 0;
240 char *p = *value; 255 char *p = *value;
241 if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) 256
242 { 257 if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
243 p+=4; 258 p += 4;
244 gen_type = 1; 259 gen_type = 1;
245 } 260 } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {
246 else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) 261 p += 5;
247 {
248 p+=5;
249 gen_type = 2; 262 gen_type = 2;
250 } 263 } else
251 else
252 return 0; 264 return 0;
253 265
254 while (isspace((unsigned char)*p)) p++; 266 while (isspace((unsigned char)*p))
267 p++;
255 *value = p; 268 *value = p;
256 return gen_type; 269 return gen_type;
257} 270}
258 271
259/* Create a generic extension: for now just handle DER type */ 272/* Create a generic extension: for now just handle DER type */
260static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, 273static X509_EXTENSION *
261 int crit, int gen_type, 274v3_generic_extension(const char *ext, char *value, int crit, int gen_type,
262 X509V3_CTX *ctx) 275 X509V3_CTX *ctx)
263 { 276{
264 unsigned char *ext_der=NULL; 277 unsigned char *ext_der = NULL;
265 long ext_len; 278 long ext_len;
266 ASN1_OBJECT *obj=NULL; 279 ASN1_OBJECT *obj = NULL;
267 ASN1_OCTET_STRING *oct=NULL; 280 ASN1_OCTET_STRING *oct = NULL;
268 X509_EXTENSION *extension=NULL; 281 X509_EXTENSION *extension = NULL;
269 if (!(obj = OBJ_txt2obj(ext, 0))) 282
270 { 283 if (!(obj = OBJ_txt2obj(ext, 0))) {
271 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); 284 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
285 X509V3_R_EXTENSION_NAME_ERROR);
272 ERR_add_error_data(2, "name=", ext); 286 ERR_add_error_data(2, "name=", ext);
273 goto err; 287 goto err;
274 } 288 }
275 289
276 if (gen_type == 1) 290 if (gen_type == 1)
277 ext_der = string_to_hex(value, &ext_len); 291 ext_der = string_to_hex(value, &ext_len);
278 else if (gen_type == 2) 292 else if (gen_type == 2)
279 ext_der = generic_asn1(value, ctx, &ext_len); 293 ext_der = generic_asn1(value, ctx, &ext_len);
280 294
281 if (ext_der == NULL) 295 if (ext_der == NULL) {
282 { 296 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
283 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); 297 X509V3_R_EXTENSION_VALUE_ERROR);
284 ERR_add_error_data(2, "value=", value); 298 ERR_add_error_data(2, "value=", value);
285 goto err; 299 goto err;
286 } 300 }
287 301
288 if (!(oct = M_ASN1_OCTET_STRING_new())) 302 if (!(oct = M_ASN1_OCTET_STRING_new())) {
289 { 303 X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
290 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
291 goto err; 304 goto err;
292 } 305 }
293 306
294 oct->data = ext_der; 307 oct->data = ext_der;
295 oct->length = ext_len; 308 oct->length = ext_len;
@@ -297,79 +310,88 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
297 310
298 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); 311 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
299 312
300 err: 313err:
301 ASN1_OBJECT_free(obj); 314 ASN1_OBJECT_free(obj);
302 M_ASN1_OCTET_STRING_free(oct); 315 M_ASN1_OCTET_STRING_free(oct);
303 if(ext_der) free(ext_der); 316 if (ext_der)
317 free(ext_der);
304 return extension; 318 return extension;
319}
305 320
306 } 321static unsigned char *
307 322generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
308static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) 323{
309 {
310 ASN1_TYPE *typ; 324 ASN1_TYPE *typ;
311 unsigned char *ext_der = NULL; 325 unsigned char *ext_der = NULL;
326
312 typ = ASN1_generate_v3(value, ctx); 327 typ = ASN1_generate_v3(value, ctx);
313 if (typ == NULL) 328 if (typ == NULL)
314 return NULL; 329 return NULL;
315 *ext_len = i2d_ASN1_TYPE(typ, &ext_der); 330 *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
316 ASN1_TYPE_free(typ); 331 ASN1_TYPE_free(typ);
317 return ext_der; 332 return ext_der;
318 } 333}
319 334
320/* This is the main function: add a bunch of extensions based on a config file 335/* This is the main function: add a bunch of extensions based on a config file
321 * section to an extension STACK. 336 * section to an extension STACK.
322 */ 337 */
323 338
324 339int
325int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, 340X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
326 STACK_OF(X509_EXTENSION) **sk) 341 STACK_OF(X509_EXTENSION) **sk)
327 { 342{
328 X509_EXTENSION *ext; 343 X509_EXTENSION *ext;
329 STACK_OF(CONF_VALUE) *nval; 344 STACK_OF(CONF_VALUE) *nval;
330 CONF_VALUE *val; 345 CONF_VALUE *val;
331 int i; 346 int i;
332 if (!(nval = NCONF_get_section(conf, section))) return 0; 347
333 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) 348 if (!(nval = NCONF_get_section(conf, section)))
334 { 349 return 0;
350 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
335 val = sk_CONF_VALUE_value(nval, i); 351 val = sk_CONF_VALUE_value(nval, i);
336 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) 352 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
337 return 0; 353 return 0;
338 if (sk) X509v3_add_ext(sk, ext, -1); 354 if (sk)
355 X509v3_add_ext(sk, ext, -1);
339 X509_EXTENSION_free(ext); 356 X509_EXTENSION_free(ext);
340 }
341 return 1;
342 } 357 }
358 return 1;
359}
343 360
344/* Convenience functions to add extensions to a certificate, CRL and request */ 361/* Convenience functions to add extensions to a certificate, CRL and request */
345 362
346int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 363int
347 X509 *cert) 364X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
348 { 365{
349 STACK_OF(X509_EXTENSION) **sk = NULL; 366 STACK_OF(X509_EXTENSION) **sk = NULL;
367
350 if (cert) 368 if (cert)
351 sk = &cert->cert_info->extensions; 369 sk = &cert->cert_info->extensions;
352 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 370 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
353 } 371}
354 372
355/* Same as above but for a CRL */ 373/* Same as above but for a CRL */
356 374
357int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 375int
358 X509_CRL *crl) 376X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
359 { 377 X509_CRL *crl)
378{
360 STACK_OF(X509_EXTENSION) **sk = NULL; 379 STACK_OF(X509_EXTENSION) **sk = NULL;
380
361 if (crl) 381 if (crl)
362 sk = &crl->crl->extensions; 382 sk = &crl->crl->extensions;
363 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 383 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
364 } 384}
365 385
366/* Add extensions to certificate request */ 386/* Add extensions to certificate request */
367 387
368int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 388int
369 X509_REQ *req) 389X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
370 { 390 X509_REQ *req)
391{
371 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; 392 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
372 int i; 393 int i;
394
373 if (req) 395 if (req)
374 sk = &extlist; 396 sk = &extlist;
375 i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 397 i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
@@ -378,148 +400,171 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
378 i = X509_REQ_add_extensions(req, extlist); 400 i = X509_REQ_add_extensions(req, extlist);
379 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); 401 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
380 return i; 402 return i;
381 } 403}
382 404
383/* Config database functions */ 405/* Config database functions */
384 406
385char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) 407char *
386 { 408X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
387 if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) 409{
388 { 410 if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
389 X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); 411 X509V3err(X509V3_F_X509V3_GET_STRING,
412 X509V3_R_OPERATION_NOT_DEFINED);
390 return NULL; 413 return NULL;
391 } 414 }
392 if (ctx->db_meth->get_string) 415 if (ctx->db_meth->get_string)
393 return ctx->db_meth->get_string(ctx->db, name, section); 416 return ctx->db_meth->get_string(ctx->db, name, section);
394 return NULL; 417 return NULL;
395 } 418}
396 419
397STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) 420STACK_OF(CONF_VALUE) *
398 { 421X509V3_get_section(X509V3_CTX *ctx, char *section)
399 if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) 422{
400 { 423 if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
401 X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); 424 X509V3err(X509V3_F_X509V3_GET_SECTION,
425 X509V3_R_OPERATION_NOT_DEFINED);
402 return NULL; 426 return NULL;
403 } 427 }
404 if (ctx->db_meth->get_section) 428 if (ctx->db_meth->get_section)
405 return ctx->db_meth->get_section(ctx->db, section); 429 return ctx->db_meth->get_section(ctx->db, section);
406 return NULL; 430 return NULL;
407 } 431}
408 432
409void X509V3_string_free(X509V3_CTX *ctx, char *str) 433void
410 { 434X509V3_string_free(X509V3_CTX *ctx, char *str)
411 if (!str) return; 435{
436 if (!str)
437 return;
412 if (ctx->db_meth->free_string) 438 if (ctx->db_meth->free_string)
413 ctx->db_meth->free_string(ctx->db, str); 439 ctx->db_meth->free_string(ctx->db, str);
414 } 440}
415 441
416void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) 442void
417 { 443X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
418 if (!section) return; 444{
445 if (!section)
446 return;
419 if (ctx->db_meth->free_section) 447 if (ctx->db_meth->free_section)
420 ctx->db_meth->free_section(ctx->db, section); 448 ctx->db_meth->free_section(ctx->db, section);
421 } 449}
422 450
423static char *nconf_get_string(void *db, char *section, char *value) 451static char *
424 { 452nconf_get_string(void *db, char *section, char *value)
453{
425 return NCONF_get_string(db, section, value); 454 return NCONF_get_string(db, section, value);
426 } 455}
427 456
428static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) 457static
429 { 458STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
459{
430 return NCONF_get_section(db, section); 460 return NCONF_get_section(db, section);
431 } 461}
432 462
433static X509V3_CONF_METHOD nconf_method = { 463static X509V3_CONF_METHOD nconf_method = {
434nconf_get_string, 464 nconf_get_string,
435nconf_get_section, 465 nconf_get_section,
436NULL, 466 NULL,
437NULL 467 NULL
438}; 468};
439 469
440void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) 470void
441 { 471X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
472{
442 ctx->db_meth = &nconf_method; 473 ctx->db_meth = &nconf_method;
443 ctx->db = conf; 474 ctx->db = conf;
444 } 475}
445 476
446void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, 477void
447 X509_CRL *crl, int flags) 478X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
448 { 479 X509_CRL *crl, int flags)
480{
449 ctx->issuer_cert = issuer; 481 ctx->issuer_cert = issuer;
450 ctx->subject_cert = subj; 482 ctx->subject_cert = subj;
451 ctx->crl = crl; 483 ctx->crl = crl;
452 ctx->subject_req = req; 484 ctx->subject_req = req;
453 ctx->flags = flags; 485 ctx->flags = flags;
454 } 486}
455 487
456/* Old conf compatibility functions */ 488/* Old conf compatibility functions */
457 489
458X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 490X509_EXTENSION *
459 char *name, char *value) 491X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name,
460 { 492 char *value)
493{
461 CONF ctmp; 494 CONF ctmp;
495
462 CONF_set_nconf(&ctmp, conf); 496 CONF_set_nconf(&ctmp, conf);
463 return X509V3_EXT_nconf(&ctmp, ctx, name, value); 497 return X509V3_EXT_nconf(&ctmp, ctx, name, value);
464 } 498}
465 499
466/* LHASH *conf: Config file */ 500/* LHASH *conf: Config file */
467/* char *value: Value */ 501/* char *value: Value */
468X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 502X509_EXTENSION *
469 int ext_nid, char *value) 503X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid,
470 { 504 char *value)
505{
471 CONF ctmp; 506 CONF ctmp;
507
472 CONF_set_nconf(&ctmp, conf); 508 CONF_set_nconf(&ctmp, conf);
473 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); 509 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
474 } 510}
475 511
476static char *conf_lhash_get_string(void *db, char *section, char *value) 512static char *
477 { 513conf_lhash_get_string(void *db, char *section, char *value)
514{
478 return CONF_get_string(db, section, value); 515 return CONF_get_string(db, section, value);
479 } 516}
480 517
481static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) 518static STACK_OF(CONF_VALUE) *
482 { 519conf_lhash_get_section(void *db, char *section)
520{
483 return CONF_get_section(db, section); 521 return CONF_get_section(db, section);
484 } 522}
485 523
486static X509V3_CONF_METHOD conf_lhash_method = { 524static X509V3_CONF_METHOD conf_lhash_method = {
487conf_lhash_get_string, 525 conf_lhash_get_string,
488conf_lhash_get_section, 526 conf_lhash_get_section,
489NULL, 527 NULL,
490NULL 528 NULL
491}; 529};
492 530
493void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) 531void
494 { 532X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
533{
495 ctx->db_meth = &conf_lhash_method; 534 ctx->db_meth = &conf_lhash_method;
496 ctx->db = lhash; 535 ctx->db = lhash;
497 } 536}
498 537
499int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 538int
500 char *section, X509 *cert) 539X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section,
501 { 540 X509 *cert)
541{
502 CONF ctmp; 542 CONF ctmp;
543
503 CONF_set_nconf(&ctmp, conf); 544 CONF_set_nconf(&ctmp, conf);
504 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); 545 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
505 } 546}
506 547
507/* Same as above but for a CRL */ 548/* Same as above but for a CRL */
508 549
509int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 550int
510 char *section, X509_CRL *crl) 551X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
511 { 552 char *section, X509_CRL *crl)
553{
512 CONF ctmp; 554 CONF ctmp;
555
513 CONF_set_nconf(&ctmp, conf); 556 CONF_set_nconf(&ctmp, conf);
514 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); 557 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
515 } 558}
516 559
517/* Add extensions to certificate request */ 560/* Add extensions to certificate request */
518 561
519int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 562int
520 char *section, X509_REQ *req) 563X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
521 { 564 char *section, X509_REQ *req)
565{
522 CONF ctmp; 566 CONF ctmp;
567
523 CONF_set_nconf(&ctmp, conf); 568 CONF_set_nconf(&ctmp, conf);
524 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); 569 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
525 } 570}
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index 1a337fa07e..e00190242b 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -67,28 +67,32 @@
67 67
68/* Certificate policies extension support: this one is a bit complex... */ 68/* Certificate policies extension support: this one is a bit complex... */
69 69
70static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); 70static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
71static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); 71 BIO *out, int indent);
72static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); 72static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
73 X509V3_CTX *ctx, char *value);
74static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
75 int indent);
73static void print_notice(BIO *out, USERNOTICE *notice, int indent); 76static void print_notice(BIO *out, USERNOTICE *notice, int indent);
74static POLICYINFO *policy_section(X509V3_CTX *ctx, 77static POLICYINFO *policy_section(X509V3_CTX *ctx,
75 STACK_OF(CONF_VALUE) *polstrs, int ia5org); 78 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
76static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, 79static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
77 STACK_OF(CONF_VALUE) *unot, int ia5org); 80 STACK_OF(CONF_VALUE) *unot, int ia5org);
78static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); 81static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
79 82
80const X509V3_EXT_METHOD v3_cpols = { 83const X509V3_EXT_METHOD v3_cpols = {
81NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), 84 NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
820,0,0,0, 85 0, 0, 0, 0,
830,0, 86 0, 0,
840,0, 87 0, 0,
85(X509V3_EXT_I2R)i2r_certpol, 88 (X509V3_EXT_I2R)i2r_certpol,
86(X509V3_EXT_R2I)r2i_certpol, 89 (X509V3_EXT_R2I)r2i_certpol,
87NULL 90 NULL
88}; 91};
89 92
90ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 93ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
91 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) 94 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES,
95 POLICYINFO)
92ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) 96ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
93 97
94IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) 98IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
@@ -100,7 +104,8 @@ ASN1_SEQUENCE(POLICYINFO) = {
100 104
101IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) 105IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
102 106
103ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); 107ASN1_ADB_TEMPLATE(policydefault) =
108 ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
104 109
105ASN1_ADB(POLICYQUALINFO) = { 110ASN1_ADB(POLICYQUALINFO) = {
106 ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), 111 ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
@@ -128,8 +133,9 @@ ASN1_SEQUENCE(NOTICEREF) = {
128 133
129IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) 134IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
130 135
131static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, 136static
132 X509V3_CTX *ctx, char *value) 137STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
138 char *value)
133{ 139{
134 STACK_OF(POLICYINFO) *pols = NULL; 140 STACK_OF(POLICYINFO) *pols = NULL;
135 char *pstr; 141 char *pstr;
@@ -138,43 +144,47 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
138 STACK_OF(CONF_VALUE) *vals; 144 STACK_OF(CONF_VALUE) *vals;
139 CONF_VALUE *cnf; 145 CONF_VALUE *cnf;
140 int i, ia5org; 146 int i, ia5org;
147
141 pols = sk_POLICYINFO_new_null(); 148 pols = sk_POLICYINFO_new_null();
142 if (pols == NULL) { 149 if (pols == NULL) {
143 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); 150 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
144 return NULL; 151 return NULL;
145 } 152 }
146 vals = X509V3_parse_list(value); 153 vals = X509V3_parse_list(value);
147 if (vals == NULL) { 154 if (vals == NULL) {
148 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); 155 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
149 goto err; 156 goto err;
150 } 157 }
151 ia5org = 0; 158 ia5org = 0;
152 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { 159 for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
153 cnf = sk_CONF_VALUE_value(vals, i); 160 cnf = sk_CONF_VALUE_value(vals, i);
154 if(cnf->value || !cnf->name ) { 161 if (cnf->value || !cnf->name ) {
155 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); 162 X509V3err(X509V3_F_R2I_CERTPOL,
163 X509V3_R_INVALID_POLICY_IDENTIFIER);
156 X509V3_conf_err(cnf); 164 X509V3_conf_err(cnf);
157 goto err; 165 goto err;
158 } 166 }
159 pstr = cnf->name; 167 pstr = cnf->name;
160 if(!strcmp(pstr,"ia5org")) { 168 if (!strcmp(pstr, "ia5org")) {
161 ia5org = 1; 169 ia5org = 1;
162 continue; 170 continue;
163 } else if(*pstr == '@') { 171 } else if (*pstr == '@') {
164 STACK_OF(CONF_VALUE) *polsect; 172 STACK_OF(CONF_VALUE) *polsect;
165 polsect = X509V3_get_section(ctx, pstr + 1); 173 polsect = X509V3_get_section(ctx, pstr + 1);
166 if(!polsect) { 174 if (!polsect) {
167 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); 175 X509V3err(X509V3_F_R2I_CERTPOL,
168 176 X509V3_R_INVALID_SECTION);
169 X509V3_conf_err(cnf); 177 X509V3_conf_err(cnf);
170 goto err; 178 goto err;
171 } 179 }
172 pol = policy_section(ctx, polsect, ia5org); 180 pol = policy_section(ctx, polsect, ia5org);
173 X509V3_section_free(ctx, polsect); 181 X509V3_section_free(ctx, polsect);
174 if(!pol) goto err; 182 if (!pol)
183 goto err;
175 } else { 184 } else {
176 if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { 185 if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
177 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); 186 X509V3err(X509V3_F_R2I_CERTPOL,
187 X509V3_R_INVALID_OBJECT_IDENTIFIER);
178 X509V3_conf_err(cnf); 188 X509V3_conf_err(cnf);
179 goto err; 189 goto err;
180 } 190 }
@@ -189,123 +199,140 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
189 } 199 }
190 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); 200 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
191 return pols; 201 return pols;
192 err: 202
203err:
193 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); 204 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
194 sk_POLICYINFO_pop_free(pols, POLICYINFO_free); 205 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
195 return NULL; 206 return NULL;
196} 207}
197 208
198static POLICYINFO *policy_section(X509V3_CTX *ctx, 209static POLICYINFO *
199 STACK_OF(CONF_VALUE) *polstrs, int ia5org) 210policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
200{ 211{
201 int i; 212 int i;
202 CONF_VALUE *cnf; 213 CONF_VALUE *cnf;
203 POLICYINFO *pol; 214 POLICYINFO *pol;
204 POLICYQUALINFO *qual; 215 POLICYQUALINFO *qual;
205 if(!(pol = POLICYINFO_new())) goto merr; 216
206 for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { 217 if (!(pol = POLICYINFO_new()))
218 goto merr;
219 for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
207 cnf = sk_CONF_VALUE_value(polstrs, i); 220 cnf = sk_CONF_VALUE_value(polstrs, i);
208 if(!strcmp(cnf->name, "policyIdentifier")) { 221 if (!strcmp(cnf->name, "policyIdentifier")) {
209 ASN1_OBJECT *pobj; 222 ASN1_OBJECT *pobj;
210 if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { 223 if (!(pobj = OBJ_txt2obj(cnf->value, 0))) {
211 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER); 224 X509V3err(X509V3_F_POLICY_SECTION,
225 X509V3_R_INVALID_OBJECT_IDENTIFIER);
212 X509V3_conf_err(cnf); 226 X509V3_conf_err(cnf);
213 goto err; 227 goto err;
214 } 228 }
215 pol->policyid = pobj; 229 pol->policyid = pobj;
216 230 } else if (!name_cmp(cnf->name, "CPS")) {
217 } else if(!name_cmp(cnf->name, "CPS")) { 231 if (!pol->qualifiers)
218 if(!pol->qualifiers) pol->qualifiers = 232 pol->qualifiers = sk_POLICYQUALINFO_new_null();
219 sk_POLICYQUALINFO_new_null(); 233 if (!(qual = POLICYQUALINFO_new()))
220 if(!(qual = POLICYQUALINFO_new())) goto merr; 234 goto merr;
221 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) 235 if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
222 goto merr; 236 goto merr;
223 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); 237 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
224 qual->d.cpsuri = M_ASN1_IA5STRING_new(); 238 qual->d.cpsuri = M_ASN1_IA5STRING_new();
225 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, 239 if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
226 strlen(cnf->value))) goto merr; 240 strlen(cnf->value)))
227 } else if(!name_cmp(cnf->name, "userNotice")) { 241 goto merr;
242 } else if (!name_cmp(cnf->name, "userNotice")) {
228 STACK_OF(CONF_VALUE) *unot; 243 STACK_OF(CONF_VALUE) *unot;
229 if(*cnf->value != '@') { 244 if (*cnf->value != '@') {
230 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); 245 X509V3err(X509V3_F_POLICY_SECTION,
246 X509V3_R_EXPECTED_A_SECTION_NAME);
231 X509V3_conf_err(cnf); 247 X509V3_conf_err(cnf);
232 goto err; 248 goto err;
233 } 249 }
234 unot = X509V3_get_section(ctx, cnf->value + 1); 250 unot = X509V3_get_section(ctx, cnf->value + 1);
235 if(!unot) { 251 if (!unot) {
236 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION); 252 X509V3err(X509V3_F_POLICY_SECTION,
237 253 X509V3_R_INVALID_SECTION);
238 X509V3_conf_err(cnf); 254 X509V3_conf_err(cnf);
239 goto err; 255 goto err;
240 } 256 }
241 qual = notice_section(ctx, unot, ia5org); 257 qual = notice_section(ctx, unot, ia5org);
242 X509V3_section_free(ctx, unot); 258 X509V3_section_free(ctx, unot);
243 if(!qual) goto err; 259 if (!qual)
244 if(!pol->qualifiers) pol->qualifiers = 260 goto err;
245 sk_POLICYQUALINFO_new_null(); 261 if (!pol->qualifiers) pol->qualifiers =
246 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) 262 sk_POLICYQUALINFO_new_null();
247 goto merr; 263 if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
264 goto merr;
248 } else { 265 } else {
249 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION); 266 X509V3err(X509V3_F_POLICY_SECTION,
250 267 X509V3_R_INVALID_OPTION);
251 X509V3_conf_err(cnf); 268 X509V3_conf_err(cnf);
252 goto err; 269 goto err;
253 } 270 }
254 } 271 }
255 if(!pol->policyid) { 272 if (!pol->policyid) {
256 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER); 273 X509V3err(X509V3_F_POLICY_SECTION,
274 X509V3_R_NO_POLICY_IDENTIFIER);
257 goto err; 275 goto err;
258 } 276 }
259 277
260 return pol; 278 return pol;
261 279
262 merr: 280merr:
263 X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); 281 X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
264 282
265 err: 283err:
266 POLICYINFO_free(pol); 284 POLICYINFO_free(pol);
267 return NULL; 285 return NULL;
268
269
270} 286}
271 287
272static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, 288static POLICYQUALINFO *
273 STACK_OF(CONF_VALUE) *unot, int ia5org) 289notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
274{ 290{
275 int i, ret; 291 int i, ret;
276 CONF_VALUE *cnf; 292 CONF_VALUE *cnf;
277 USERNOTICE *not; 293 USERNOTICE *not;
278 POLICYQUALINFO *qual; 294 POLICYQUALINFO *qual;
279 if(!(qual = POLICYQUALINFO_new())) goto merr; 295
296 if (!(qual = POLICYQUALINFO_new()))
297 goto merr;
280 qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); 298 qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
281 if(!(not = USERNOTICE_new())) goto merr; 299 if (!(not = USERNOTICE_new()))
300 goto merr;
282 qual->d.usernotice = not; 301 qual->d.usernotice = not;
283 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { 302 for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
284 cnf = sk_CONF_VALUE_value(unot, i); 303 cnf = sk_CONF_VALUE_value(unot, i);
285 if(!strcmp(cnf->name, "explicitText")) { 304 if (!strcmp(cnf->name, "explicitText")) {
286 not->exptext = M_ASN1_VISIBLESTRING_new(); 305 not->exptext = M_ASN1_VISIBLESTRING_new();
287 if(!ASN1_STRING_set(not->exptext, cnf->value, 306 if (!ASN1_STRING_set(not->exptext, cnf->value,
288 strlen(cnf->value))) goto merr; 307 strlen(cnf->value)))
289 } else if(!strcmp(cnf->name, "organization")) { 308 goto merr;
309 } else if (!strcmp(cnf->name, "organization")) {
290 NOTICEREF *nref; 310 NOTICEREF *nref;
291 if(!not->noticeref) { 311 if (!not->noticeref) {
292 if(!(nref = NOTICEREF_new())) goto merr; 312 if (!(nref = NOTICEREF_new()))
313 goto merr;
293 not->noticeref = nref; 314 not->noticeref = nref;
294 } else nref = not->noticeref; 315 } else
295 if(ia5org) nref->organization->type = V_ASN1_IA5STRING; 316 nref = not->noticeref;
296 else nref->organization->type = V_ASN1_VISIBLESTRING; 317 if (ia5org)
297 if(!ASN1_STRING_set(nref->organization, cnf->value, 318 nref->organization->type = V_ASN1_IA5STRING;
298 strlen(cnf->value))) goto merr; 319 else
299 } else if(!strcmp(cnf->name, "noticeNumbers")) { 320 nref->organization->type = V_ASN1_VISIBLESTRING;
321 if (!ASN1_STRING_set(nref->organization, cnf->value,
322 strlen(cnf->value)))
323 goto merr;
324 } else if (!strcmp(cnf->name, "noticeNumbers")) {
300 NOTICEREF *nref; 325 NOTICEREF *nref;
301 STACK_OF(CONF_VALUE) *nos; 326 STACK_OF(CONF_VALUE) *nos;
302 if(!not->noticeref) { 327 if (!not->noticeref) {
303 if(!(nref = NOTICEREF_new())) goto merr; 328 if (!(nref = NOTICEREF_new()))
329 goto merr;
304 not->noticeref = nref; 330 not->noticeref = nref;
305 } else nref = not->noticeref; 331 } else nref = not->noticeref;
306 nos = X509V3_parse_list(cnf->value); 332 nos = X509V3_parse_list(cnf->value);
307 if(!nos || !sk_CONF_VALUE_num(nos)) { 333 if (!nos || !sk_CONF_VALUE_num(nos)) {
308 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); 334 X509V3err(X509V3_F_NOTICE_SECTION,
335 X509V3_R_INVALID_NUMBERS);
309 X509V3_conf_err(cnf); 336 X509V3_conf_err(cnf);
310 goto err; 337 goto err;
311 } 338 }
@@ -314,94 +341,98 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
314 if (!ret) 341 if (!ret)
315 goto err; 342 goto err;
316 } else { 343 } else {
317 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); 344 X509V3err(X509V3_F_NOTICE_SECTION,
345 X509V3_R_INVALID_OPTION);
318 X509V3_conf_err(cnf); 346 X509V3_conf_err(cnf);
319 goto err; 347 goto err;
320 } 348 }
321 } 349 }
322 350
323 if(not->noticeref && 351 if (not->noticeref &&
324 (!not->noticeref->noticenos || !not->noticeref->organization)) { 352 (!not->noticeref->noticenos || !not->noticeref->organization)) {
325 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); 353 X509V3err(X509V3_F_NOTICE_SECTION,
326 goto err; 354 X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
355 goto err;
327 } 356 }
328 357
329 return qual; 358 return qual;
330 359
331 merr: 360merr:
332 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); 361 X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
333 362
334 err: 363err:
335 POLICYQUALINFO_free(qual); 364 POLICYQUALINFO_free(qual);
336 return NULL; 365 return NULL;
337} 366}
338 367
339static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) 368static int
369nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
340{ 370{
341 CONF_VALUE *cnf; 371 CONF_VALUE *cnf;
342 ASN1_INTEGER *aint; 372 ASN1_INTEGER *aint;
343
344 int i; 373 int i;
345 374
346 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { 375 for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
347 cnf = sk_CONF_VALUE_value(nos, i); 376 cnf = sk_CONF_VALUE_value(nos, i);
348 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { 377 if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
349 X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); 378 X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
350 goto err; 379 goto err;
351 } 380 }
352 if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; 381 if (!sk_ASN1_INTEGER_push(nnums, aint))
382 goto merr;
353 } 383 }
354 return 1; 384 return 1;
355 385
356 merr: 386merr:
357 X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE); 387 X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
358 388
359 err: 389err:
360 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); 390 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
361 return 0; 391 return 0;
362} 392}
363 393
364 394static int
365static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, 395i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out,
366 BIO *out, int indent) 396 int indent)
367{ 397{
368 int i; 398 int i;
369 POLICYINFO *pinfo; 399 POLICYINFO *pinfo;
400
370 /* First print out the policy OIDs */ 401 /* First print out the policy OIDs */
371 for(i = 0; i < sk_POLICYINFO_num(pol); i++) { 402 for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
372 pinfo = sk_POLICYINFO_value(pol, i); 403 pinfo = sk_POLICYINFO_value(pol, i);
373 BIO_printf(out, "%*sPolicy: ", indent, ""); 404 BIO_printf(out, "%*sPolicy: ", indent, "");
374 i2a_ASN1_OBJECT(out, pinfo->policyid); 405 i2a_ASN1_OBJECT(out, pinfo->policyid);
375 BIO_puts(out, "\n"); 406 BIO_puts(out, "\n");
376 if(pinfo->qualifiers) 407 if (pinfo->qualifiers)
377 print_qualifiers(out, pinfo->qualifiers, indent + 2); 408 print_qualifiers(out, pinfo->qualifiers, indent + 2);
378 } 409 }
379 return 1; 410 return 1;
380} 411}
381 412
382static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, 413static void
383 int indent) 414print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent)
384{ 415{
385 POLICYQUALINFO *qualinfo; 416 POLICYQUALINFO *qualinfo;
386 int i; 417 int i;
387 for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { 418
419 for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
388 qualinfo = sk_POLICYQUALINFO_value(quals, i); 420 qualinfo = sk_POLICYQUALINFO_value(quals, i);
389 switch(OBJ_obj2nid(qualinfo->pqualid)) 421 switch (OBJ_obj2nid(qualinfo->pqualid)) {
390 { 422 case NID_id_qt_cps:
391 case NID_id_qt_cps:
392 BIO_printf(out, "%*sCPS: %s\n", indent, "", 423 BIO_printf(out, "%*sCPS: %s\n", indent, "",
393 qualinfo->d.cpsuri->data); 424 qualinfo->d.cpsuri->data);
394 break; 425 break;
395 426
396 case NID_id_qt_unotice: 427 case NID_id_qt_unotice:
397 BIO_printf(out, "%*sUser Notice:\n", indent, ""); 428 BIO_printf(out, "%*sUser Notice:\n", indent, "");
398 print_notice(out, qualinfo->d.usernotice, indent + 2); 429 print_notice(out, qualinfo->d.usernotice, indent + 2);
399 break; 430 break;
400 431
401 default: 432 default:
402 BIO_printf(out, "%*sUnknown Qualifier: ", 433 BIO_printf(out, "%*sUnknown Qualifier: ",
403 indent + 2, ""); 434 indent + 2, "");
404 435
405 i2a_ASN1_OBJECT(out, qualinfo->pqualid); 436 i2a_ASN1_OBJECT(out, qualinfo->pqualid);
406 BIO_puts(out, "\n"); 437 BIO_puts(out, "\n");
407 break; 438 break;
@@ -409,49 +440,51 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
409 } 440 }
410} 441}
411 442
412static void print_notice(BIO *out, USERNOTICE *notice, int indent) 443static void
444print_notice(BIO *out, USERNOTICE *notice, int indent)
413{ 445{
414 int i; 446 int i;
415 if(notice->noticeref) { 447
448 if (notice->noticeref) {
416 NOTICEREF *ref; 449 NOTICEREF *ref;
417 ref = notice->noticeref; 450 ref = notice->noticeref;
418 BIO_printf(out, "%*sOrganization: %s\n", indent, "", 451 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
419 ref->organization->data); 452 ref->organization->data);
420 BIO_printf(out, "%*sNumber%s: ", indent, "", 453 BIO_printf(out, "%*sNumber%s: ", indent, "",
421 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); 454 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
422 for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { 455 for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
423 ASN1_INTEGER *num; 456 ASN1_INTEGER *num;
424 char *tmp; 457 char *tmp;
425 num = sk_ASN1_INTEGER_value(ref->noticenos, i); 458 num = sk_ASN1_INTEGER_value(ref->noticenos, i);
426 if(i) BIO_puts(out, ", "); 459 if (i)
460 BIO_puts(out, ", ");
427 tmp = i2s_ASN1_INTEGER(NULL, num); 461 tmp = i2s_ASN1_INTEGER(NULL, num);
428 BIO_puts(out, tmp); 462 BIO_puts(out, tmp);
429 free(tmp); 463 free(tmp);
430 } 464 }
431 BIO_puts(out, "\n"); 465 BIO_puts(out, "\n");
432 } 466 }
433 if(notice->exptext) 467 if (notice->exptext)
434 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", 468 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
435 notice->exptext->data); 469 notice->exptext->data);
436} 470}
437 471
438void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) 472void
439 { 473X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
474{
440 const X509_POLICY_DATA *dat = node->data; 475 const X509_POLICY_DATA *dat = node->data;
441 476
442 BIO_printf(out, "%*sPolicy: ", indent, ""); 477 BIO_printf(out, "%*sPolicy: ", indent, "");
443 478
444 i2a_ASN1_OBJECT(out, dat->valid_policy); 479 i2a_ASN1_OBJECT(out, dat->valid_policy);
445 BIO_puts(out, "\n"); 480 BIO_puts(out, "\n");
446 BIO_printf(out, "%*s%s\n", indent + 2, "", 481 BIO_printf(out, "%*s%s\n", indent + 2, "",
447 node_data_critical(dat) ? "Critical" : "Non Critical"); 482 node_data_critical(dat) ? "Critical" : "Non Critical");
448 if (dat->qualifier_set) 483 if (dat->qualifier_set)
449 print_qualifiers(out, dat->qualifier_set, indent + 2); 484 print_qualifiers(out, dat->qualifier_set, indent + 2);
450 else 485 else
451 BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); 486 BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
452 } 487}
453
454 488
455IMPLEMENT_STACK_OF(X509_POLICY_NODE) 489IMPLEMENT_STACK_OF(X509_POLICY_NODE)
456IMPLEMENT_STACK_OF(X509_POLICY_DATA) 490IMPLEMENT_STACK_OF(X509_POLICY_DATA)
457
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index 790a6dd032..3195655429 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -64,67 +64,64 @@
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66static void *v2i_crld(const X509V3_EXT_METHOD *method, 66static void *v2i_crld(const X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, 68static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
69 int indent); 69 int indent);
70 70
71const X509V3_EXT_METHOD v3_crld = 71const X509V3_EXT_METHOD v3_crld = {
72 {
73 NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), 72 NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
74 0,0,0,0, 73 0, 0, 0, 0,
75 0,0, 74 0, 0,
76 0, 75 0,
77 v2i_crld, 76 v2i_crld,
78 i2r_crldp,0, 77 i2r_crldp, 0,
79 NULL 78 NULL
80 }; 79};
81 80
82const X509V3_EXT_METHOD v3_freshest_crl = 81const X509V3_EXT_METHOD v3_freshest_crl = {
83 {
84 NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), 82 NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
85 0,0,0,0, 83 0, 0, 0, 0,
86 0,0, 84 0, 0,
87 0, 85 0,
88 v2i_crld, 86 v2i_crld,
89 i2r_crldp,0, 87 i2r_crldp, 0,
90 NULL 88 NULL
91 }; 89};
92 90
93static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) 91static
94 { 92STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
93{
95 STACK_OF(CONF_VALUE) *gnsect; 94 STACK_OF(CONF_VALUE) *gnsect;
96 STACK_OF(GENERAL_NAME) *gens; 95 STACK_OF(GENERAL_NAME) *gens;
96
97 if (*sect == '@') 97 if (*sect == '@')
98 gnsect = X509V3_get_section(ctx, sect + 1); 98 gnsect = X509V3_get_section(ctx, sect + 1);
99 else 99 else
100 gnsect = X509V3_parse_list(sect); 100 gnsect = X509V3_parse_list(sect);
101 if (!gnsect) 101 if (!gnsect) {
102 {
103 X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, 102 X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
104 X509V3_R_SECTION_NOT_FOUND); 103 X509V3_R_SECTION_NOT_FOUND);
105 return NULL; 104 return NULL;
106 } 105 }
107 gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); 106 gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
108 if (*sect == '@') 107 if (*sect == '@')
109 X509V3_section_free(ctx, gnsect); 108 X509V3_section_free(ctx, gnsect);
110 else 109 else
111 sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free); 110 sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
112 return gens; 111 return gens;
113 } 112}
114 113
115static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, 114static int
116 CONF_VALUE *cnf) 115set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf)
117 { 116{
118 STACK_OF(GENERAL_NAME) *fnm = NULL; 117 STACK_OF(GENERAL_NAME) *fnm = NULL;
119 STACK_OF(X509_NAME_ENTRY) *rnm = NULL; 118 STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
120 if (!strncmp(cnf->name, "fullname", 9)) 119
121 { 120 if (!strncmp(cnf->name, "fullname", 9)) {
122 fnm = gnames_from_sectname(ctx, cnf->value); 121 fnm = gnames_from_sectname(ctx, cnf->value);
123 if (!fnm) 122 if (!fnm)
124 goto err; 123 goto err;
125 } 124 } else if (!strcmp(cnf->name, "relativename")) {
126 else if (!strcmp(cnf->name, "relativename"))
127 {
128 int ret; 125 int ret;
129 STACK_OF(CONF_VALUE) *dnsect; 126 STACK_OF(CONF_VALUE) *dnsect;
130 X509_NAME *nm; 127 X509_NAME *nm;
@@ -132,12 +129,11 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
132 if (!nm) 129 if (!nm)
133 return -1; 130 return -1;
134 dnsect = X509V3_get_section(ctx, cnf->value); 131 dnsect = X509V3_get_section(ctx, cnf->value);
135 if (!dnsect) 132 if (!dnsect) {
136 {
137 X509V3err(X509V3_F_SET_DIST_POINT_NAME, 133 X509V3err(X509V3_F_SET_DIST_POINT_NAME,
138 X509V3_R_SECTION_NOT_FOUND); 134 X509V3_R_SECTION_NOT_FOUND);
139 return -1; 135 return -1;
140 } 136 }
141 ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); 137 ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
142 X509V3_section_free(ctx, dnsect); 138 X509V3_section_free(ctx, dnsect);
143 rnm = nm->entries; 139 rnm = nm->entries;
@@ -149,135 +145,126 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
149 * RDNSequence 145 * RDNSequence
150 */ 146 */
151 if (sk_X509_NAME_ENTRY_value(rnm, 147 if (sk_X509_NAME_ENTRY_value(rnm,
152 sk_X509_NAME_ENTRY_num(rnm) - 1)->set) 148 sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
153 {
154 X509V3err(X509V3_F_SET_DIST_POINT_NAME, 149 X509V3err(X509V3_F_SET_DIST_POINT_NAME,
155 X509V3_R_INVALID_MULTIPLE_RDNS); 150 X509V3_R_INVALID_MULTIPLE_RDNS);
156 goto err; 151 goto err;
157 }
158 } 152 }
159 else 153 } else
160 return 0; 154 return 0;
161 155
162 if (*pdp) 156 if (*pdp) {
163 {
164 X509V3err(X509V3_F_SET_DIST_POINT_NAME, 157 X509V3err(X509V3_F_SET_DIST_POINT_NAME,
165 X509V3_R_DISTPOINT_ALREADY_SET); 158 X509V3_R_DISTPOINT_ALREADY_SET);
166 goto err; 159 goto err;
167 } 160 }
168 161
169 *pdp = DIST_POINT_NAME_new(); 162 *pdp = DIST_POINT_NAME_new();
170 if (!*pdp) 163 if (!*pdp)
171 goto err; 164 goto err;
172 if (fnm) 165 if (fnm) {
173 {
174 (*pdp)->type = 0; 166 (*pdp)->type = 0;
175 (*pdp)->name.fullname = fnm; 167 (*pdp)->name.fullname = fnm;
176 } 168 } else {
177 else
178 {
179 (*pdp)->type = 1; 169 (*pdp)->type = 1;
180 (*pdp)->name.relativename = rnm; 170 (*pdp)->name.relativename = rnm;
181 } 171 }
182 172
183 return 1; 173 return 1;
184 174
185 err: 175err:
186 if (fnm) 176 if (fnm)
187 sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); 177 sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
188 if (rnm) 178 if (rnm)
189 sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); 179 sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
190 return -1; 180 return -1;
191 } 181}
192 182
193static const BIT_STRING_BITNAME reason_flags[] = { 183static const BIT_STRING_BITNAME reason_flags[] = {
194{0, "Unused", "unused"}, 184 {0, "Unused", "unused"},
195{1, "Key Compromise", "keyCompromise"}, 185 {1, "Key Compromise", "keyCompromise"},
196{2, "CA Compromise", "CACompromise"}, 186 {2, "CA Compromise", "CACompromise"},
197{3, "Affiliation Changed", "affiliationChanged"}, 187 {3, "Affiliation Changed", "affiliationChanged"},
198{4, "Superseded", "superseded"}, 188 {4, "Superseded", "superseded"},
199{5, "Cessation Of Operation", "cessationOfOperation"}, 189 {5, "Cessation Of Operation", "cessationOfOperation"},
200{6, "Certificate Hold", "certificateHold"}, 190 {6, "Certificate Hold", "certificateHold"},
201{7, "Privilege Withdrawn", "privilegeWithdrawn"}, 191 {7, "Privilege Withdrawn", "privilegeWithdrawn"},
202{8, "AA Compromise", "AACompromise"}, 192 {8, "AA Compromise", "AACompromise"},
203{-1, NULL, NULL} 193 {-1, NULL, NULL}
204}; 194};
205 195
206static int set_reasons(ASN1_BIT_STRING **preas, char *value) 196static int
207 { 197set_reasons(ASN1_BIT_STRING **preas, char *value)
198{
208 STACK_OF(CONF_VALUE) *rsk = NULL; 199 STACK_OF(CONF_VALUE) *rsk = NULL;
209 const BIT_STRING_BITNAME *pbn; 200 const BIT_STRING_BITNAME *pbn;
210 const char *bnam; 201 const char *bnam;
211 int i, ret = 0; 202 int i, ret = 0;
203
212 rsk = X509V3_parse_list(value); 204 rsk = X509V3_parse_list(value);
213 if (!rsk) 205 if (!rsk)
214 return 0; 206 return 0;
215 if (*preas) 207 if (*preas)
216 return 0; 208 return 0;
217 for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) 209 for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
218 {
219 bnam = sk_CONF_VALUE_value(rsk, i)->name; 210 bnam = sk_CONF_VALUE_value(rsk, i)->name;
220 if (!*preas) 211 if (!*preas) {
221 {
222 *preas = ASN1_BIT_STRING_new(); 212 *preas = ASN1_BIT_STRING_new();
223 if (!*preas) 213 if (!*preas)
224 goto err; 214 goto err;
225 } 215 }
226 for (pbn = reason_flags; pbn->lname; pbn++) 216 for (pbn = reason_flags; pbn->lname; pbn++) {
227 { 217 if (!strcmp(pbn->sname, bnam)) {
228 if (!strcmp(pbn->sname, bnam))
229 {
230 if (!ASN1_BIT_STRING_set_bit(*preas, 218 if (!ASN1_BIT_STRING_set_bit(*preas,
231 pbn->bitnum, 1)) 219 pbn->bitnum, 1))
232 goto err; 220 goto err;
233 break; 221 break;
234 }
235 } 222 }
223 }
236 if (!pbn->lname) 224 if (!pbn->lname)
237 goto err; 225 goto err;
238 } 226 }
239 ret = 1; 227 ret = 1;
240 228
241 err: 229err:
242 sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); 230 sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
243 return ret; 231 return ret;
244 } 232}
245 233
246static int print_reasons(BIO *out, const char *rname, 234static int
247 ASN1_BIT_STRING *rflags, int indent) 235print_reasons(BIO *out, const char *rname, ASN1_BIT_STRING *rflags, int indent)
248 { 236{
249 int first = 1; 237 int first = 1;
250 const BIT_STRING_BITNAME *pbn; 238 const BIT_STRING_BITNAME *pbn;
239
251 BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); 240 BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
252 for (pbn = reason_flags; pbn->lname; pbn++) 241 for (pbn = reason_flags; pbn->lname; pbn++) {
253 { 242 if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
254 if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum))
255 {
256 if (first) 243 if (first)
257 first = 0; 244 first = 0;
258 else 245 else
259 BIO_puts(out, ", "); 246 BIO_puts(out, ", ");
260 BIO_puts(out, pbn->lname); 247 BIO_puts(out, pbn->lname);
261 }
262 } 248 }
249 }
263 if (first) 250 if (first)
264 BIO_puts(out, "<EMPTY>\n"); 251 BIO_puts(out, "<EMPTY>\n");
265 else 252 else
266 BIO_puts(out, "\n"); 253 BIO_puts(out, "\n");
267 return 1; 254 return 1;
268 } 255}
269 256
270static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, 257static DIST_POINT *
271 STACK_OF(CONF_VALUE) *nval) 258crldp_from_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
272 { 259{
273 int i; 260 int i;
274 CONF_VALUE *cnf; 261 CONF_VALUE *cnf;
275 DIST_POINT *point = NULL; 262 DIST_POINT *point = NULL;
263
276 point = DIST_POINT_new(); 264 point = DIST_POINT_new();
277 if (!point) 265 if (!point)
278 goto err; 266 goto err;
279 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) 267 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
280 {
281 int ret; 268 int ret;
282 cnf = sk_CONF_VALUE_value(nval, i); 269 cnf = sk_CONF_VALUE_value(nval, i);
283 ret = set_dist_point_name(&point->distpoint, ctx, cnf); 270 ret = set_dist_point_name(&point->distpoint, ctx, cnf);
@@ -285,43 +272,42 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
285 continue; 272 continue;
286 if (ret < 0) 273 if (ret < 0)
287 goto err; 274 goto err;
288 if (!strcmp(cnf->name, "reasons")) 275 if (!strcmp(cnf->name, "reasons")) {
289 {
290 if (!set_reasons(&point->reasons, cnf->value)) 276 if (!set_reasons(&point->reasons, cnf->value))
291 goto err; 277 goto err;
292 } 278 }
293 else if (!strcmp(cnf->name, "CRLissuer")) 279 else if (!strcmp(cnf->name, "CRLissuer")) {
294 {
295 point->CRLissuer = 280 point->CRLissuer =
296 gnames_from_sectname(ctx, cnf->value); 281 gnames_from_sectname(ctx, cnf->value);
297 if (!point->CRLissuer) 282 if (!point->CRLissuer)
298 goto err; 283 goto err;
299 }
300 } 284 }
285 }
301 286
302 return point; 287 return point;
303
304 288
305 err: 289err:
306 if (point) 290 if (point)
307 DIST_POINT_free(point); 291 DIST_POINT_free(point);
308 return NULL; 292 return NULL;
309 } 293}
310 294
311static void *v2i_crld(const X509V3_EXT_METHOD *method, 295static void *
312 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 296v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
313 { 297 STACK_OF(CONF_VALUE) *nval)
298{
314 STACK_OF(DIST_POINT) *crld = NULL; 299 STACK_OF(DIST_POINT) *crld = NULL;
315 GENERAL_NAMES *gens = NULL; 300 GENERAL_NAMES *gens = NULL;
316 GENERAL_NAME *gen = NULL; 301 GENERAL_NAME *gen = NULL;
317 CONF_VALUE *cnf; 302 CONF_VALUE *cnf;
318 int i; 303 int i;
319 if(!(crld = sk_DIST_POINT_new_null())) goto merr; 304
320 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 305 if (!(crld = sk_DIST_POINT_new_null()))
306 goto merr;
307 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
321 DIST_POINT *point; 308 DIST_POINT *point;
322 cnf = sk_CONF_VALUE_value(nval, i); 309 cnf = sk_CONF_VALUE_value(nval, i);
323 if (!cnf->value) 310 if (!cnf->value) {
324 {
325 STACK_OF(CONF_VALUE) *dpsect; 311 STACK_OF(CONF_VALUE) *dpsect;
326 dpsect = X509V3_get_section(ctx, cnf->name); 312 dpsect = X509V3_get_section(ctx, cnf->name);
327 if (!dpsect) 313 if (!dpsect)
@@ -330,40 +316,36 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
330 X509V3_section_free(ctx, dpsect); 316 X509V3_section_free(ctx, dpsect);
331 if (!point) 317 if (!point)
332 goto err; 318 goto err;
333 if(!sk_DIST_POINT_push(crld, point)) 319 if (!sk_DIST_POINT_push(crld, point)) {
334 {
335 DIST_POINT_free(point); 320 DIST_POINT_free(point);
336 goto merr; 321 goto merr;
337 }
338 } 322 }
339 else 323 } else {
340 { 324 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
341 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) 325 goto err;
342 goto err; 326 if (!(gens = GENERAL_NAMES_new()))
343 if(!(gens = GENERAL_NAMES_new()))
344 goto merr; 327 goto merr;
345 if(!sk_GENERAL_NAME_push(gens, gen)) 328 if (!sk_GENERAL_NAME_push(gens, gen))
346 goto merr; 329 goto merr;
347 gen = NULL; 330 gen = NULL;
348 if(!(point = DIST_POINT_new())) 331 if (!(point = DIST_POINT_new()))
349 goto merr; 332 goto merr;
350 if(!sk_DIST_POINT_push(crld, point)) 333 if (!sk_DIST_POINT_push(crld, point)) {
351 {
352 DIST_POINT_free(point); 334 DIST_POINT_free(point);
353 goto merr; 335 goto merr;
354 } 336 }
355 if(!(point->distpoint = DIST_POINT_NAME_new())) 337 if (!(point->distpoint = DIST_POINT_NAME_new()))
356 goto merr; 338 goto merr;
357 point->distpoint->name.fullname = gens; 339 point->distpoint->name.fullname = gens;
358 point->distpoint->type = 0; 340 point->distpoint->type = 0;
359 gens = NULL; 341 gens = NULL;
360 } 342 }
361 } 343 }
362 return crld; 344 return crld;
363 345
364 merr: 346merr:
365 X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); 347 X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
366 err: 348err:
367 GENERAL_NAME_free(gen); 349 GENERAL_NAME_free(gen);
368 GENERAL_NAMES_free(gens); 350 GENERAL_NAMES_free(gens);
369 sk_DIST_POINT_pop_free(crld, DIST_POINT_free); 351 sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
@@ -373,24 +355,23 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
373IMPLEMENT_STACK_OF(DIST_POINT) 355IMPLEMENT_STACK_OF(DIST_POINT)
374IMPLEMENT_ASN1_SET_OF(DIST_POINT) 356IMPLEMENT_ASN1_SET_OF(DIST_POINT)
375 357
376static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 358static int
377 void *exarg) 359dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
378 { 360{
379 DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; 361 DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
380 362
381 switch(operation) 363 switch (operation) {
382 { 364 case ASN1_OP_NEW_POST:
383 case ASN1_OP_NEW_POST:
384 dpn->dpname = NULL; 365 dpn->dpname = NULL;
385 break; 366 break;
386 367
387 case ASN1_OP_FREE_POST: 368 case ASN1_OP_FREE_POST:
388 if (dpn->dpname) 369 if (dpn->dpname)
389 X509_NAME_free(dpn->dpname); 370 X509_NAME_free(dpn->dpname);
390 break; 371 break;
391 }
392 return 1;
393 } 372 }
373 return 1;
374}
394 375
395 376
396ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = { 377ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
@@ -409,8 +390,9 @@ ASN1_SEQUENCE(DIST_POINT) = {
409 390
410IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) 391IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
411 392
412ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 393ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
413 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) 394 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints,
395 DIST_POINT)
414ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) 396ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
415 397
416IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) 398IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
@@ -427,34 +409,34 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
427IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) 409IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
428 410
429static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, 411static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
430 int indent); 412 int indent);
431static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 413static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
432 STACK_OF(CONF_VALUE) *nval); 414 STACK_OF(CONF_VALUE) *nval);
433 415
434const X509V3_EXT_METHOD v3_idp = 416const X509V3_EXT_METHOD v3_idp = {
435 {
436 NID_issuing_distribution_point, X509V3_EXT_MULTILINE, 417 NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
437 ASN1_ITEM_ref(ISSUING_DIST_POINT), 418 ASN1_ITEM_ref(ISSUING_DIST_POINT),
438 0,0,0,0, 419 0, 0, 0, 0,
439 0,0, 420 0, 0,
440 0, 421 0,
441 v2i_idp, 422 v2i_idp,
442 i2r_idp,0, 423 i2r_idp, 0,
443 NULL 424 NULL
444 }; 425};
445 426
446static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 427static void *
447 STACK_OF(CONF_VALUE) *nval) 428v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
448 { 429 STACK_OF(CONF_VALUE) *nval)
430{
449 ISSUING_DIST_POINT *idp = NULL; 431 ISSUING_DIST_POINT *idp = NULL;
450 CONF_VALUE *cnf; 432 CONF_VALUE *cnf;
451 char *name, *val; 433 char *name, *val;
452 int i, ret; 434 int i, ret;
435
453 idp = ISSUING_DIST_POINT_new(); 436 idp = ISSUING_DIST_POINT_new();
454 if (!idp) 437 if (!idp)
455 goto merr; 438 goto merr;
456 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) 439 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
457 {
458 cnf = sk_CONF_VALUE_value(nval, i); 440 cnf = sk_CONF_VALUE_value(nval, i);
459 name = cnf->name; 441 name = cnf->name;
460 val = cnf->value; 442 val = cnf->value;
@@ -463,82 +445,75 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
463 continue; 445 continue;
464 if (ret < 0) 446 if (ret < 0)
465 goto err; 447 goto err;
466 if (!strcmp(name, "onlyuser")) 448 if (!strcmp(name, "onlyuser")) {
467 {
468 if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) 449 if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
469 goto err; 450 goto err;
470 } 451 }
471 else if (!strcmp(name, "onlyCA")) 452 else if (!strcmp(name, "onlyCA")) {
472 {
473 if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) 453 if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
474 goto err; 454 goto err;
475 } 455 }
476 else if (!strcmp(name, "onlyAA")) 456 else if (!strcmp(name, "onlyAA")) {
477 {
478 if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) 457 if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
479 goto err; 458 goto err;
480 } 459 }
481 else if (!strcmp(name, "indirectCRL")) 460 else if (!strcmp(name, "indirectCRL")) {
482 {
483 if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) 461 if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
484 goto err; 462 goto err;
485 } 463 }
486 else if (!strcmp(name, "onlysomereasons")) 464 else if (!strcmp(name, "onlysomereasons")) {
487 {
488 if (!set_reasons(&idp->onlysomereasons, val)) 465 if (!set_reasons(&idp->onlysomereasons, val))
489 goto err; 466 goto err;
490 } 467 } else {
491 else 468 X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
492 { 469 X509V3_conf_err(cnf);
493 X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); 470 goto err;
494 X509V3_conf_err(cnf);
495 goto err;
496 }
497 } 471 }
472 }
498 return idp; 473 return idp;
499 474
500 merr: 475merr:
501 X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE); 476 X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE);
502 err: 477err:
503 ISSUING_DIST_POINT_free(idp); 478 ISSUING_DIST_POINT_free(idp);
504 return NULL; 479 return NULL;
505 } 480}
506 481
507static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) 482static int
508 { 483print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
484{
509 int i; 485 int i;
510 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) 486
511 { 487 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
512 BIO_printf(out, "%*s", indent + 2, ""); 488 BIO_printf(out, "%*s", indent + 2, "");
513 GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i)); 489 GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
514 BIO_puts(out, "\n"); 490 BIO_puts(out, "\n");
515 }
516 return 1;
517 } 491 }
492 return 1;
493}
518 494
519static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) 495static int
520 { 496print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
521 if (dpn->type == 0) 497{
522 { 498 if (dpn->type == 0) {
523 BIO_printf(out, "%*sFull Name:\n", indent, ""); 499 BIO_printf(out, "%*sFull Name:\n", indent, "");
524 print_gens(out, dpn->name.fullname, indent); 500 print_gens(out, dpn->name.fullname, indent);
525 } 501 } else {
526 else
527 {
528 X509_NAME ntmp; 502 X509_NAME ntmp;
529 ntmp.entries = dpn->name.relativename; 503 ntmp.entries = dpn->name.relativename;
530 BIO_printf(out, "%*sRelative Name:\n%*s", 504 BIO_printf(out, "%*sRelative Name:\n%*s",
531 indent, "", indent + 2, ""); 505 indent, "", indent + 2, "");
532 X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE); 506 X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
533 BIO_puts(out, "\n"); 507 BIO_puts(out, "\n");
534 }
535 return 1;
536 } 508 }
509 return 1;
510}
537 511
538static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, 512static int
539 int indent) 513i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
540 { 514{
541 ISSUING_DIST_POINT *idp = pidp; 515 ISSUING_DIST_POINT *idp = pidp;
516
542 if (idp->distpoint) 517 if (idp->distpoint)
543 print_distpoint(out, idp->distpoint, indent); 518 print_distpoint(out, idp->distpoint, indent);
544 if (idp->onlyuser > 0) 519 if (idp->onlyuser > 0)
@@ -548,69 +523,67 @@ static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
548 if (idp->indirectCRL > 0) 523 if (idp->indirectCRL > 0)
549 BIO_printf(out, "%*sIndirect CRL\n", indent, ""); 524 BIO_printf(out, "%*sIndirect CRL\n", indent, "");
550 if (idp->onlysomereasons) 525 if (idp->onlysomereasons)
551 print_reasons(out, "Only Some Reasons", 526 print_reasons(out, "Only Some Reasons",
552 idp->onlysomereasons, indent); 527 idp->onlysomereasons, indent);
553 if (idp->onlyattr > 0) 528 if (idp->onlyattr > 0)
554 BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, ""); 529 BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
555 if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) 530 if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) &&
556 && (idp->indirectCRL <= 0) && !idp->onlysomereasons 531 (idp->indirectCRL <= 0) && !idp->onlysomereasons &&
557 && (idp->onlyattr <= 0)) 532 (idp->onlyattr <= 0))
558 BIO_printf(out, "%*s<EMPTY>\n", indent, ""); 533 BIO_printf(out, "%*s<EMPTY>\n", indent, "");
559 534
560 return 1; 535 return 1;
561 } 536}
562 537
563static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, 538static int
564 int indent) 539i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent)
565 { 540{
566 STACK_OF(DIST_POINT) *crld = pcrldp; 541 STACK_OF(DIST_POINT) *crld = pcrldp;
567 DIST_POINT *point; 542 DIST_POINT *point;
568 int i; 543 int i;
569 for(i = 0; i < sk_DIST_POINT_num(crld); i++) 544
570 { 545 for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
571 BIO_puts(out, "\n"); 546 BIO_puts(out, "\n");
572 point = sk_DIST_POINT_value(crld, i); 547 point = sk_DIST_POINT_value(crld, i);
573 if(point->distpoint) 548 if (point->distpoint)
574 print_distpoint(out, point->distpoint, indent); 549 print_distpoint(out, point->distpoint, indent);
575 if(point->reasons) 550 if (point->reasons)
576 print_reasons(out, "Reasons", point->reasons, 551 print_reasons(out, "Reasons", point->reasons,
577 indent); 552 indent);
578 if(point->CRLissuer) 553 if (point->CRLissuer) {
579 {
580 BIO_printf(out, "%*sCRL Issuer:\n", indent, ""); 554 BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
581 print_gens(out, point->CRLissuer, indent); 555 print_gens(out, point->CRLissuer, indent);
582 }
583 } 556 }
584 return 1;
585 } 557 }
558 return 1;
559}
586 560
587int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) 561int
588 { 562DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
563{
589 int i; 564 int i;
590 STACK_OF(X509_NAME_ENTRY) *frag; 565 STACK_OF(X509_NAME_ENTRY) *frag;
591 X509_NAME_ENTRY *ne; 566 X509_NAME_ENTRY *ne;
567
592 if (!dpn || (dpn->type != 1)) 568 if (!dpn || (dpn->type != 1))
593 return 1; 569 return 1;
594 frag = dpn->name.relativename; 570 frag = dpn->name.relativename;
595 dpn->dpname = X509_NAME_dup(iname); 571 dpn->dpname = X509_NAME_dup(iname);
596 if (!dpn->dpname) 572 if (!dpn->dpname)
597 return 0; 573 return 0;
598 for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) 574 for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) {
599 {
600 ne = sk_X509_NAME_ENTRY_value(frag, i); 575 ne = sk_X509_NAME_ENTRY_value(frag, i);
601 if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) 576 if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) {
602 {
603 X509_NAME_free(dpn->dpname); 577 X509_NAME_free(dpn->dpname);
604 dpn->dpname = NULL; 578 dpn->dpname = NULL;
605 return 0; 579 return 0;
606 }
607 } 580 }
581 }
608 /* generate cached encoding of name */ 582 /* generate cached encoding of name */
609 if (i2d_X509_NAME(dpn->dpname, NULL) < 0) 583 if (i2d_X509_NAME(dpn->dpname, NULL) < 0) {
610 {
611 X509_NAME_free(dpn->dpname); 584 X509_NAME_free(dpn->dpname);
612 dpn->dpname = NULL; 585 dpn->dpname = NULL;
613 return 0; 586 return 0;
614 }
615 return 1;
616 } 587 }
588 return 1;
589}
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_bcons.c b/src/lib/libssl/src/crypto/x509v3/v3_bcons.c
index 82aa488f75..e652b839bd 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_bcons.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_bcons.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -64,18 +64,20 @@
64#include <openssl/conf.h> 64#include <openssl/conf.h>
65#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
66 66
67static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); 67static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
68static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); 68 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
69static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
69 71
70const X509V3_EXT_METHOD v3_bcons = { 72const X509V3_EXT_METHOD v3_bcons = {
71NID_basic_constraints, 0, 73 NID_basic_constraints, 0,
72ASN1_ITEM_ref(BASIC_CONSTRAINTS), 74 ASN1_ITEM_ref(BASIC_CONSTRAINTS),
730,0,0,0, 75 0, 0, 0, 0,
740,0, 76 0, 0,
75(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, 77 (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
76(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, 78 (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
77NULL,NULL, 79 NULL, NULL,
78NULL 80 NULL
79}; 81};
80 82
81ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { 83ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
@@ -86,39 +88,45 @@ ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
86IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) 88IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
87 89
88 90
89static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, 91static STACK_OF(CONF_VALUE) *
90 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) 92i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons,
93 STACK_OF(CONF_VALUE) *extlist)
91{ 94{
92 X509V3_add_value_bool("CA", bcons->ca, &extlist); 95 X509V3_add_value_bool("CA", bcons->ca, &extlist);
93 X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); 96 X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
94 return extlist; 97 return extlist;
95} 98}
96 99
97static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, 100static BASIC_CONSTRAINTS *
98 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) 101v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
102 STACK_OF(CONF_VALUE) *values)
99{ 103{
100 BASIC_CONSTRAINTS *bcons=NULL; 104 BASIC_CONSTRAINTS *bcons = NULL;
101 CONF_VALUE *val; 105 CONF_VALUE *val;
102 int i; 106 int i;
103 if(!(bcons = BASIC_CONSTRAINTS_new())) { 107
108 if (!(bcons = BASIC_CONSTRAINTS_new())) {
104 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); 109 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
105 return NULL; 110 return NULL;
106 } 111 }
107 for(i = 0; i < sk_CONF_VALUE_num(values); i++) { 112 for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
108 val = sk_CONF_VALUE_value(values, i); 113 val = sk_CONF_VALUE_value(values, i);
109 if(!strcmp(val->name, "CA")) { 114 if (!strcmp(val->name, "CA")) {
110 if(!X509V3_get_value_bool(val, &bcons->ca)) goto err; 115 if (!X509V3_get_value_bool(val, &bcons->ca))
111 } else if(!strcmp(val->name, "pathlen")) { 116 goto err;
112 if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; 117 } else if (!strcmp(val->name, "pathlen")) {
118 if (!X509V3_get_value_int(val, &bcons->pathlen))
119 goto err;
113 } else { 120 } else {
114 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); 121 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS,
122 X509V3_R_INVALID_NAME);
115 X509V3_conf_err(val); 123 X509V3_conf_err(val);
116 goto err; 124 goto err;
117 } 125 }
118 } 126 }
119 return bcons; 127 return bcons;
120 err: 128
129err:
121 BASIC_CONSTRAINTS_free(bcons); 130 BASIC_CONSTRAINTS_free(bcons);
122 return NULL; 131 return NULL;
123} 132}
124
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_bitst.c b/src/lib/libssl/src/crypto/x509v3/v3_bitst.c
index 058d0d4dce..31549cf003 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_bitst.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_bitst.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -62,74 +62,80 @@
62#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
63 63
64static BIT_STRING_BITNAME ns_cert_type_table[] = { 64static BIT_STRING_BITNAME ns_cert_type_table[] = {
65{0, "SSL Client", "client"}, 65 {0, "SSL Client", "client"},
66{1, "SSL Server", "server"}, 66 {1, "SSL Server", "server"},
67{2, "S/MIME", "email"}, 67 {2, "S/MIME", "email"},
68{3, "Object Signing", "objsign"}, 68 {3, "Object Signing", "objsign"},
69{4, "Unused", "reserved"}, 69 {4, "Unused", "reserved"},
70{5, "SSL CA", "sslCA"}, 70 {5, "SSL CA", "sslCA"},
71{6, "S/MIME CA", "emailCA"}, 71 {6, "S/MIME CA", "emailCA"},
72{7, "Object Signing CA", "objCA"}, 72 {7, "Object Signing CA", "objCA"},
73{-1, NULL, NULL} 73 {-1, NULL, NULL}
74}; 74};
75 75
76static BIT_STRING_BITNAME key_usage_type_table[] = { 76static BIT_STRING_BITNAME key_usage_type_table[] = {
77{0, "Digital Signature", "digitalSignature"}, 77 {0, "Digital Signature", "digitalSignature"},
78{1, "Non Repudiation", "nonRepudiation"}, 78 {1, "Non Repudiation", "nonRepudiation"},
79{2, "Key Encipherment", "keyEncipherment"}, 79 {2, "Key Encipherment", "keyEncipherment"},
80{3, "Data Encipherment", "dataEncipherment"}, 80 {3, "Data Encipherment", "dataEncipherment"},
81{4, "Key Agreement", "keyAgreement"}, 81 {4, "Key Agreement", "keyAgreement"},
82{5, "Certificate Sign", "keyCertSign"}, 82 {5, "Certificate Sign", "keyCertSign"},
83{6, "CRL Sign", "cRLSign"}, 83 {6, "CRL Sign", "cRLSign"},
84{7, "Encipher Only", "encipherOnly"}, 84 {7, "Encipher Only", "encipherOnly"},
85{8, "Decipher Only", "decipherOnly"}, 85 {8, "Decipher Only", "decipherOnly"},
86{-1, NULL, NULL} 86 {-1, NULL, NULL}
87}; 87};
88 88
89 89
90const X509V3_EXT_METHOD v3_nscert =
91 EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
92const X509V3_EXT_METHOD v3_key_usage =
93 EXT_BITSTRING(NID_key_usage, key_usage_type_table);
90 94
91const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); 95STACK_OF(CONF_VALUE) *
92const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); 96i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits,
93 97 STACK_OF(CONF_VALUE) *ret)
94STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
95 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
96{ 98{
97 BIT_STRING_BITNAME *bnam; 99 BIT_STRING_BITNAME *bnam;
98 for(bnam =method->usr_data; bnam->lname; bnam++) { 100
99 if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 101 for (bnam = method->usr_data; bnam->lname; bnam++) {
102 if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
100 X509V3_add_value(bnam->lname, NULL, &ret); 103 X509V3_add_value(bnam->lname, NULL, &ret);
101 } 104 }
102 return ret; 105 return ret;
103} 106}
104 107
105ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 108ASN1_BIT_STRING *
106 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 109v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
110 STACK_OF(CONF_VALUE) *nval)
107{ 111{
108 CONF_VALUE *val; 112 CONF_VALUE *val;
109 ASN1_BIT_STRING *bs; 113 ASN1_BIT_STRING *bs;
110 int i; 114 int i;
111 BIT_STRING_BITNAME *bnam; 115 BIT_STRING_BITNAME *bnam;
112 if(!(bs = M_ASN1_BIT_STRING_new())) { 116
113 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); 117 if (!(bs = M_ASN1_BIT_STRING_new())) {
118 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
114 return NULL; 119 return NULL;
115 } 120 }
116 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 121 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
117 val = sk_CONF_VALUE_value(nval, i); 122 val = sk_CONF_VALUE_value(nval, i);
118 for(bnam = method->usr_data; bnam->lname; bnam++) { 123 for (bnam = method->usr_data; bnam->lname; bnam++) {
119 if(!strcmp(bnam->sname, val->name) || 124 if (!strcmp(bnam->sname, val->name) ||
120 !strcmp(bnam->lname, val->name) ) { 125 !strcmp(bnam->lname, val->name) ) {
121 if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { 126 if (!ASN1_BIT_STRING_set_bit(bs,
127 bnam->bitnum, 1)) {
122 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, 128 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
123 ERR_R_MALLOC_FAILURE); 129 ERR_R_MALLOC_FAILURE);
124 M_ASN1_BIT_STRING_free(bs); 130 M_ASN1_BIT_STRING_free(bs);
125 return NULL; 131 return NULL;
126 } 132 }
127 break; 133 break;
128 } 134 }
129 } 135 }
130 if(!bnam->lname) { 136 if (!bnam->lname) {
131 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, 137 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
132 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); 138 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
133 X509V3_conf_err(val); 139 X509V3_conf_err(val);
134 M_ASN1_BIT_STRING_free(bs); 140 M_ASN1_BIT_STRING_free(bs);
135 return NULL; 141 return NULL;
@@ -137,5 +143,3 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
137 } 143 }
138 return bs; 144 return bs;
139} 145}
140
141
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_conf.c b/src/lib/libssl/src/crypto/x509v3/v3_conf.c
index 519aefc93c..daacf8d5df 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_conf.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_conf.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -58,7 +58,6 @@
58/* extension creation utilities */ 58/* extension creation utilities */
59 59
60 60
61
62#include <stdio.h> 61#include <stdio.h>
63#include <ctype.h> 62#include <ctype.h>
64#include "cryptlib.h" 63#include "cryptlib.h"
@@ -68,228 +67,242 @@
68 67
69static int v3_check_critical(char **value); 68static int v3_check_critical(char **value);
70static int v3_check_generic(char **value); 69static int v3_check_generic(char **value);
71static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); 70static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); 71 int crit, char *value);
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
73 int crit, int type, X509V3_CTX *ctx);
73static char *conf_lhash_get_string(void *db, char *section, char *value); 74static char *conf_lhash_get_string(void *db, char *section, char *value);
74static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); 75static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
75static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, 76static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
76 int crit, void *ext_struc); 77 int crit, void *ext_struc);
77static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); 78static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
79
78/* CONF *conf: Config file */ 80/* CONF *conf: Config file */
79/* char *name: Name */ 81/* char *name: Name */
80/* char *value: Value */ 82/* char *value: Value */
81X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, 83X509_EXTENSION *
82 char *value) 84X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
83 { 85{
84 int crit; 86 int crit;
85 int ext_type; 87 int ext_type;
86 X509_EXTENSION *ret; 88 X509_EXTENSION *ret;
89
87 crit = v3_check_critical(&value); 90 crit = v3_check_critical(&value);
88 if ((ext_type = v3_check_generic(&value))) 91 if ((ext_type = v3_check_generic(&value)))
89 return v3_generic_extension(name, value, crit, ext_type, ctx); 92 return v3_generic_extension(name, value, crit, ext_type, ctx);
90 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); 93 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
91 if (!ret) 94 if (!ret) {
92 { 95 X509V3err(X509V3_F_X509V3_EXT_NCONF,
93 X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); 96 X509V3_R_ERROR_IN_EXTENSION);
94 ERR_add_error_data(4,"name=", name, ", value=", value); 97 ERR_add_error_data(4, "name=", name, ", value=", value);
95 }
96 return ret;
97 } 98 }
99 return ret;
100}
98 101
99/* CONF *conf: Config file */ 102/* CONF *conf: Config file */
100/* char *value: Value */ 103/* char *value: Value */
101X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, 104X509_EXTENSION *
102 char *value) 105X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value)
103 { 106{
104 int crit; 107 int crit;
105 int ext_type; 108 int ext_type;
109
106 crit = v3_check_critical(&value); 110 crit = v3_check_critical(&value);
107 if ((ext_type = v3_check_generic(&value))) 111 if ((ext_type = v3_check_generic(&value)))
108 return v3_generic_extension(OBJ_nid2sn(ext_nid), 112 return v3_generic_extension(OBJ_nid2sn(ext_nid),
109 value, crit, ext_type, ctx); 113 value, crit, ext_type, ctx);
110 return do_ext_nconf(conf, ctx, ext_nid, crit, value); 114 return do_ext_nconf(conf, ctx, ext_nid, crit, value);
111 } 115}
112 116
113/* CONF *conf: Config file */ 117/* CONF *conf: Config file */
114/* char *value: Value */ 118/* char *value: Value */
115static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, 119static X509_EXTENSION *
116 int crit, char *value) 120do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
117 { 121{
118 const X509V3_EXT_METHOD *method; 122 const X509V3_EXT_METHOD *method;
119 X509_EXTENSION *ext; 123 X509_EXTENSION *ext;
120 STACK_OF(CONF_VALUE) *nval; 124 STACK_OF(CONF_VALUE) *nval;
121 void *ext_struc; 125 void *ext_struc;
122 if (ext_nid == NID_undef) 126
123 { 127 if (ext_nid == NID_undef) {
124 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); 128 X509V3err(X509V3_F_DO_EXT_NCONF,
129 X509V3_R_UNKNOWN_EXTENSION_NAME);
125 return NULL; 130 return NULL;
126 } 131 }
127 if (!(method = X509V3_EXT_get_nid(ext_nid))) 132 if (!(method = X509V3_EXT_get_nid(ext_nid))) {
128 { 133 X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
129 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION);
130 return NULL; 134 return NULL;
131 } 135 }
132 /* Now get internal extension representation based on type */ 136 /* Now get internal extension representation based on type */
133 if (method->v2i) 137 if (method->v2i) {
134 { 138 if (*value == '@')
135 if(*value == '@') nval = NCONF_get_section(conf, value + 1); 139 nval = NCONF_get_section(conf, value + 1);
136 else nval = X509V3_parse_list(value); 140 else
137 if(sk_CONF_VALUE_num(nval) <= 0) 141 nval = X509V3_parse_list(value);
138 { 142 if (sk_CONF_VALUE_num(nval) <= 0) {
139 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); 143 X509V3err(X509V3_F_DO_EXT_NCONF,
140 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); 144 X509V3_R_INVALID_EXTENSION_STRING);
145 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid),
146 ",section=", value);
141 return NULL; 147 return NULL;
142 }
143 ext_struc = method->v2i(method, ctx, nval);
144 if(*value != '@') sk_CONF_VALUE_pop_free(nval,
145 X509V3_conf_free);
146 if(!ext_struc) return NULL;
147 }
148 else if(method->s2i)
149 {
150 if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
151 } 148 }
152 else if(method->r2i) 149 ext_struc = method->v2i(method, ctx, nval);
153 { 150 if (*value != '@')
154 if(!ctx->db || !ctx->db_meth) 151 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
155 { 152 if (!ext_struc)
156 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); 153 return NULL;
154 } else if (method->s2i) {
155 if (!(ext_struc = method->s2i(method, ctx, value)))
156 return NULL;
157 } else if (method->r2i) {
158 if (!ctx->db || !ctx->db_meth) {
159 X509V3err(X509V3_F_DO_EXT_NCONF,
160 X509V3_R_NO_CONFIG_DATABASE);
157 return NULL; 161 return NULL;
158 }
159 if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
160 } 162 }
161 else 163 if (!(ext_struc = method->r2i(method, ctx, value)))
162 { 164 return NULL;
163 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); 165 } else {
166 X509V3err(X509V3_F_DO_EXT_NCONF,
167 X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
164 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); 168 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
165 return NULL; 169 return NULL;
166 } 170 }
167 171
168 ext = do_ext_i2d(method, ext_nid, crit, ext_struc); 172 ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
169 if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); 173 if (method->it)
170 else method->ext_free(ext_struc); 174 ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
175 else
176 method->ext_free(ext_struc);
171 return ext; 177 return ext;
178}
172 179
173 } 180static X509_EXTENSION *
174 181do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit,
175static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, 182 void *ext_struc)
176 int crit, void *ext_struc) 183{
177 {
178 unsigned char *ext_der; 184 unsigned char *ext_der;
179 int ext_len; 185 int ext_len;
180 ASN1_OCTET_STRING *ext_oct; 186 ASN1_OCTET_STRING *ext_oct;
181 X509_EXTENSION *ext; 187 X509_EXTENSION *ext;
188
182 /* Convert internal representation to DER */ 189 /* Convert internal representation to DER */
183 if (method->it) 190 if (method->it) {
184 {
185 ext_der = NULL; 191 ext_der = NULL;
186 ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); 192 ext_len = ASN1_item_i2d(ext_struc, &ext_der,
187 if (ext_len < 0) goto merr; 193 ASN1_ITEM_ptr(method->it));
188 } 194 if (ext_len < 0)
189 else 195 goto merr;
190 { 196 } else {
191 unsigned char *p; 197 unsigned char *p;
192 ext_len = method->i2d(ext_struc, NULL); 198 ext_len = method->i2d(ext_struc, NULL);
193 if(!(ext_der = malloc(ext_len))) goto merr; 199 if (!(ext_der = malloc(ext_len)))
200 goto merr;
194 p = ext_der; 201 p = ext_der;
195 method->i2d(ext_struc, &p); 202 method->i2d(ext_struc, &p);
196 } 203 }
197 if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; 204 if (!(ext_oct = M_ASN1_OCTET_STRING_new()))
205 goto merr;
198 ext_oct->data = ext_der; 206 ext_oct->data = ext_der;
199 ext_oct->length = ext_len; 207 ext_oct->length = ext_len;
200 208
201 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); 209 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
202 if (!ext) goto merr; 210 if (!ext)
211 goto merr;
203 M_ASN1_OCTET_STRING_free(ext_oct); 212 M_ASN1_OCTET_STRING_free(ext_oct);
204 213
205 return ext; 214 return ext;
206 215
207 merr: 216merr:
208 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); 217 X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
209 return NULL; 218 return NULL;
210 219
211 } 220}
212 221
213/* Given an internal structure, nid and critical flag create an extension */ 222/* Given an internal structure, nid and critical flag create an extension */
214 223
215X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) 224X509_EXTENSION *
216 { 225X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
226{
217 const X509V3_EXT_METHOD *method; 227 const X509V3_EXT_METHOD *method;
228
218 if (!(method = X509V3_EXT_get_nid(ext_nid))) { 229 if (!(method = X509V3_EXT_get_nid(ext_nid))) {
219 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); 230 X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
220 return NULL; 231 return NULL;
221 } 232 }
222 return do_ext_i2d(method, ext_nid, crit, ext_struc); 233 return do_ext_i2d(method, ext_nid, crit, ext_struc);
223} 234}
224 235
225/* Check the extension string for critical flag */ 236/* Check the extension string for critical flag */
226static int v3_check_critical(char **value) 237static int
238v3_check_critical(char **value)
227{ 239{
228 char *p = *value; 240 char *p = *value;
229 if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; 241
230 p+=9; 242 if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
231 while(isspace((unsigned char)*p)) p++; 243 return 0;
232 *value = p; 244 p += 9;
245 while (isspace((unsigned char)*p)) p++;
246 *value = p;
233 return 1; 247 return 1;
234} 248}
235 249
236/* Check extension string for generic extension and return the type */ 250/* Check extension string for generic extension and return the type */
237static int v3_check_generic(char **value) 251static int
252v3_check_generic(char **value)
238{ 253{
239 int gen_type = 0; 254 int gen_type = 0;
240 char *p = *value; 255 char *p = *value;
241 if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) 256
242 { 257 if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
243 p+=4; 258 p += 4;
244 gen_type = 1; 259 gen_type = 1;
245 } 260 } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {
246 else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) 261 p += 5;
247 {
248 p+=5;
249 gen_type = 2; 262 gen_type = 2;
250 } 263 } else
251 else
252 return 0; 264 return 0;
253 265
254 while (isspace((unsigned char)*p)) p++; 266 while (isspace((unsigned char)*p))
267 p++;
255 *value = p; 268 *value = p;
256 return gen_type; 269 return gen_type;
257} 270}
258 271
259/* Create a generic extension: for now just handle DER type */ 272/* Create a generic extension: for now just handle DER type */
260static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, 273static X509_EXTENSION *
261 int crit, int gen_type, 274v3_generic_extension(const char *ext, char *value, int crit, int gen_type,
262 X509V3_CTX *ctx) 275 X509V3_CTX *ctx)
263 { 276{
264 unsigned char *ext_der=NULL; 277 unsigned char *ext_der = NULL;
265 long ext_len; 278 long ext_len;
266 ASN1_OBJECT *obj=NULL; 279 ASN1_OBJECT *obj = NULL;
267 ASN1_OCTET_STRING *oct=NULL; 280 ASN1_OCTET_STRING *oct = NULL;
268 X509_EXTENSION *extension=NULL; 281 X509_EXTENSION *extension = NULL;
269 if (!(obj = OBJ_txt2obj(ext, 0))) 282
270 { 283 if (!(obj = OBJ_txt2obj(ext, 0))) {
271 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); 284 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
285 X509V3_R_EXTENSION_NAME_ERROR);
272 ERR_add_error_data(2, "name=", ext); 286 ERR_add_error_data(2, "name=", ext);
273 goto err; 287 goto err;
274 } 288 }
275 289
276 if (gen_type == 1) 290 if (gen_type == 1)
277 ext_der = string_to_hex(value, &ext_len); 291 ext_der = string_to_hex(value, &ext_len);
278 else if (gen_type == 2) 292 else if (gen_type == 2)
279 ext_der = generic_asn1(value, ctx, &ext_len); 293 ext_der = generic_asn1(value, ctx, &ext_len);
280 294
281 if (ext_der == NULL) 295 if (ext_der == NULL) {
282 { 296 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
283 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); 297 X509V3_R_EXTENSION_VALUE_ERROR);
284 ERR_add_error_data(2, "value=", value); 298 ERR_add_error_data(2, "value=", value);
285 goto err; 299 goto err;
286 } 300 }
287 301
288 if (!(oct = M_ASN1_OCTET_STRING_new())) 302 if (!(oct = M_ASN1_OCTET_STRING_new())) {
289 { 303 X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
290 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
291 goto err; 304 goto err;
292 } 305 }
293 306
294 oct->data = ext_der; 307 oct->data = ext_der;
295 oct->length = ext_len; 308 oct->length = ext_len;
@@ -297,79 +310,88 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
297 310
298 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); 311 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
299 312
300 err: 313err:
301 ASN1_OBJECT_free(obj); 314 ASN1_OBJECT_free(obj);
302 M_ASN1_OCTET_STRING_free(oct); 315 M_ASN1_OCTET_STRING_free(oct);
303 if(ext_der) free(ext_der); 316 if (ext_der)
317 free(ext_der);
304 return extension; 318 return extension;
319}
305 320
306 } 321static unsigned char *
307 322generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
308static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) 323{
309 {
310 ASN1_TYPE *typ; 324 ASN1_TYPE *typ;
311 unsigned char *ext_der = NULL; 325 unsigned char *ext_der = NULL;
326
312 typ = ASN1_generate_v3(value, ctx); 327 typ = ASN1_generate_v3(value, ctx);
313 if (typ == NULL) 328 if (typ == NULL)
314 return NULL; 329 return NULL;
315 *ext_len = i2d_ASN1_TYPE(typ, &ext_der); 330 *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
316 ASN1_TYPE_free(typ); 331 ASN1_TYPE_free(typ);
317 return ext_der; 332 return ext_der;
318 } 333}
319 334
320/* This is the main function: add a bunch of extensions based on a config file 335/* This is the main function: add a bunch of extensions based on a config file
321 * section to an extension STACK. 336 * section to an extension STACK.
322 */ 337 */
323 338
324 339int
325int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, 340X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
326 STACK_OF(X509_EXTENSION) **sk) 341 STACK_OF(X509_EXTENSION) **sk)
327 { 342{
328 X509_EXTENSION *ext; 343 X509_EXTENSION *ext;
329 STACK_OF(CONF_VALUE) *nval; 344 STACK_OF(CONF_VALUE) *nval;
330 CONF_VALUE *val; 345 CONF_VALUE *val;
331 int i; 346 int i;
332 if (!(nval = NCONF_get_section(conf, section))) return 0; 347
333 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) 348 if (!(nval = NCONF_get_section(conf, section)))
334 { 349 return 0;
350 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
335 val = sk_CONF_VALUE_value(nval, i); 351 val = sk_CONF_VALUE_value(nval, i);
336 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) 352 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
337 return 0; 353 return 0;
338 if (sk) X509v3_add_ext(sk, ext, -1); 354 if (sk)
355 X509v3_add_ext(sk, ext, -1);
339 X509_EXTENSION_free(ext); 356 X509_EXTENSION_free(ext);
340 }
341 return 1;
342 } 357 }
358 return 1;
359}
343 360
344/* Convenience functions to add extensions to a certificate, CRL and request */ 361/* Convenience functions to add extensions to a certificate, CRL and request */
345 362
346int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 363int
347 X509 *cert) 364X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
348 { 365{
349 STACK_OF(X509_EXTENSION) **sk = NULL; 366 STACK_OF(X509_EXTENSION) **sk = NULL;
367
350 if (cert) 368 if (cert)
351 sk = &cert->cert_info->extensions; 369 sk = &cert->cert_info->extensions;
352 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 370 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
353 } 371}
354 372
355/* Same as above but for a CRL */ 373/* Same as above but for a CRL */
356 374
357int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 375int
358 X509_CRL *crl) 376X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
359 { 377 X509_CRL *crl)
378{
360 STACK_OF(X509_EXTENSION) **sk = NULL; 379 STACK_OF(X509_EXTENSION) **sk = NULL;
380
361 if (crl) 381 if (crl)
362 sk = &crl->crl->extensions; 382 sk = &crl->crl->extensions;
363 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 383 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
364 } 384}
365 385
366/* Add extensions to certificate request */ 386/* Add extensions to certificate request */
367 387
368int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, 388int
369 X509_REQ *req) 389X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
370 { 390 X509_REQ *req)
391{
371 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; 392 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
372 int i; 393 int i;
394
373 if (req) 395 if (req)
374 sk = &extlist; 396 sk = &extlist;
375 i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); 397 i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
@@ -378,148 +400,171 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
378 i = X509_REQ_add_extensions(req, extlist); 400 i = X509_REQ_add_extensions(req, extlist);
379 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); 401 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
380 return i; 402 return i;
381 } 403}
382 404
383/* Config database functions */ 405/* Config database functions */
384 406
385char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) 407char *
386 { 408X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
387 if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) 409{
388 { 410 if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
389 X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); 411 X509V3err(X509V3_F_X509V3_GET_STRING,
412 X509V3_R_OPERATION_NOT_DEFINED);
390 return NULL; 413 return NULL;
391 } 414 }
392 if (ctx->db_meth->get_string) 415 if (ctx->db_meth->get_string)
393 return ctx->db_meth->get_string(ctx->db, name, section); 416 return ctx->db_meth->get_string(ctx->db, name, section);
394 return NULL; 417 return NULL;
395 } 418}
396 419
397STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) 420STACK_OF(CONF_VALUE) *
398 { 421X509V3_get_section(X509V3_CTX *ctx, char *section)
399 if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) 422{
400 { 423 if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
401 X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); 424 X509V3err(X509V3_F_X509V3_GET_SECTION,
425 X509V3_R_OPERATION_NOT_DEFINED);
402 return NULL; 426 return NULL;
403 } 427 }
404 if (ctx->db_meth->get_section) 428 if (ctx->db_meth->get_section)
405 return ctx->db_meth->get_section(ctx->db, section); 429 return ctx->db_meth->get_section(ctx->db, section);
406 return NULL; 430 return NULL;
407 } 431}
408 432
409void X509V3_string_free(X509V3_CTX *ctx, char *str) 433void
410 { 434X509V3_string_free(X509V3_CTX *ctx, char *str)
411 if (!str) return; 435{
436 if (!str)
437 return;
412 if (ctx->db_meth->free_string) 438 if (ctx->db_meth->free_string)
413 ctx->db_meth->free_string(ctx->db, str); 439 ctx->db_meth->free_string(ctx->db, str);
414 } 440}
415 441
416void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) 442void
417 { 443X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
418 if (!section) return; 444{
445 if (!section)
446 return;
419 if (ctx->db_meth->free_section) 447 if (ctx->db_meth->free_section)
420 ctx->db_meth->free_section(ctx->db, section); 448 ctx->db_meth->free_section(ctx->db, section);
421 } 449}
422 450
423static char *nconf_get_string(void *db, char *section, char *value) 451static char *
424 { 452nconf_get_string(void *db, char *section, char *value)
453{
425 return NCONF_get_string(db, section, value); 454 return NCONF_get_string(db, section, value);
426 } 455}
427 456
428static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) 457static
429 { 458STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
459{
430 return NCONF_get_section(db, section); 460 return NCONF_get_section(db, section);
431 } 461}
432 462
433static X509V3_CONF_METHOD nconf_method = { 463static X509V3_CONF_METHOD nconf_method = {
434nconf_get_string, 464 nconf_get_string,
435nconf_get_section, 465 nconf_get_section,
436NULL, 466 NULL,
437NULL 467 NULL
438}; 468};
439 469
440void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) 470void
441 { 471X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
472{
442 ctx->db_meth = &nconf_method; 473 ctx->db_meth = &nconf_method;
443 ctx->db = conf; 474 ctx->db = conf;
444 } 475}
445 476
446void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, 477void
447 X509_CRL *crl, int flags) 478X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
448 { 479 X509_CRL *crl, int flags)
480{
449 ctx->issuer_cert = issuer; 481 ctx->issuer_cert = issuer;
450 ctx->subject_cert = subj; 482 ctx->subject_cert = subj;
451 ctx->crl = crl; 483 ctx->crl = crl;
452 ctx->subject_req = req; 484 ctx->subject_req = req;
453 ctx->flags = flags; 485 ctx->flags = flags;
454 } 486}
455 487
456/* Old conf compatibility functions */ 488/* Old conf compatibility functions */
457 489
458X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 490X509_EXTENSION *
459 char *name, char *value) 491X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name,
460 { 492 char *value)
493{
461 CONF ctmp; 494 CONF ctmp;
495
462 CONF_set_nconf(&ctmp, conf); 496 CONF_set_nconf(&ctmp, conf);
463 return X509V3_EXT_nconf(&ctmp, ctx, name, value); 497 return X509V3_EXT_nconf(&ctmp, ctx, name, value);
464 } 498}
465 499
466/* LHASH *conf: Config file */ 500/* LHASH *conf: Config file */
467/* char *value: Value */ 501/* char *value: Value */
468X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 502X509_EXTENSION *
469 int ext_nid, char *value) 503X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid,
470 { 504 char *value)
505{
471 CONF ctmp; 506 CONF ctmp;
507
472 CONF_set_nconf(&ctmp, conf); 508 CONF_set_nconf(&ctmp, conf);
473 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); 509 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
474 } 510}
475 511
476static char *conf_lhash_get_string(void *db, char *section, char *value) 512static char *
477 { 513conf_lhash_get_string(void *db, char *section, char *value)
514{
478 return CONF_get_string(db, section, value); 515 return CONF_get_string(db, section, value);
479 } 516}
480 517
481static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) 518static STACK_OF(CONF_VALUE) *
482 { 519conf_lhash_get_section(void *db, char *section)
520{
483 return CONF_get_section(db, section); 521 return CONF_get_section(db, section);
484 } 522}
485 523
486static X509V3_CONF_METHOD conf_lhash_method = { 524static X509V3_CONF_METHOD conf_lhash_method = {
487conf_lhash_get_string, 525 conf_lhash_get_string,
488conf_lhash_get_section, 526 conf_lhash_get_section,
489NULL, 527 NULL,
490NULL 528 NULL
491}; 529};
492 530
493void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) 531void
494 { 532X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
533{
495 ctx->db_meth = &conf_lhash_method; 534 ctx->db_meth = &conf_lhash_method;
496 ctx->db = lhash; 535 ctx->db = lhash;
497 } 536}
498 537
499int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 538int
500 char *section, X509 *cert) 539X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section,
501 { 540 X509 *cert)
541{
502 CONF ctmp; 542 CONF ctmp;
543
503 CONF_set_nconf(&ctmp, conf); 544 CONF_set_nconf(&ctmp, conf);
504 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); 545 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
505 } 546}
506 547
507/* Same as above but for a CRL */ 548/* Same as above but for a CRL */
508 549
509int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 550int
510 char *section, X509_CRL *crl) 551X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
511 { 552 char *section, X509_CRL *crl)
553{
512 CONF ctmp; 554 CONF ctmp;
555
513 CONF_set_nconf(&ctmp, conf); 556 CONF_set_nconf(&ctmp, conf);
514 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); 557 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
515 } 558}
516 559
517/* Add extensions to certificate request */ 560/* Add extensions to certificate request */
518 561
519int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, 562int
520 char *section, X509_REQ *req) 563X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
521 { 564 char *section, X509_REQ *req)
565{
522 CONF ctmp; 566 CONF ctmp;
567
523 CONF_set_nconf(&ctmp, conf); 568 CONF_set_nconf(&ctmp, conf);
524 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); 569 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
525 } 570}
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
index 1a337fa07e..e00190242b 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -67,28 +67,32 @@
67 67
68/* Certificate policies extension support: this one is a bit complex... */ 68/* Certificate policies extension support: this one is a bit complex... */
69 69
70static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); 70static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
71static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); 71 BIO *out, int indent);
72static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); 72static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
73 X509V3_CTX *ctx, char *value);
74static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
75 int indent);
73static void print_notice(BIO *out, USERNOTICE *notice, int indent); 76static void print_notice(BIO *out, USERNOTICE *notice, int indent);
74static POLICYINFO *policy_section(X509V3_CTX *ctx, 77static POLICYINFO *policy_section(X509V3_CTX *ctx,
75 STACK_OF(CONF_VALUE) *polstrs, int ia5org); 78 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
76static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, 79static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
77 STACK_OF(CONF_VALUE) *unot, int ia5org); 80 STACK_OF(CONF_VALUE) *unot, int ia5org);
78static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); 81static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
79 82
80const X509V3_EXT_METHOD v3_cpols = { 83const X509V3_EXT_METHOD v3_cpols = {
81NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), 84 NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
820,0,0,0, 85 0, 0, 0, 0,
830,0, 86 0, 0,
840,0, 87 0, 0,
85(X509V3_EXT_I2R)i2r_certpol, 88 (X509V3_EXT_I2R)i2r_certpol,
86(X509V3_EXT_R2I)r2i_certpol, 89 (X509V3_EXT_R2I)r2i_certpol,
87NULL 90 NULL
88}; 91};
89 92
90ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 93ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
91 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) 94 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES,
95 POLICYINFO)
92ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) 96ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
93 97
94IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) 98IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
@@ -100,7 +104,8 @@ ASN1_SEQUENCE(POLICYINFO) = {
100 104
101IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) 105IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
102 106
103ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); 107ASN1_ADB_TEMPLATE(policydefault) =
108 ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
104 109
105ASN1_ADB(POLICYQUALINFO) = { 110ASN1_ADB(POLICYQUALINFO) = {
106 ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), 111 ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
@@ -128,8 +133,9 @@ ASN1_SEQUENCE(NOTICEREF) = {
128 133
129IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) 134IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
130 135
131static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, 136static
132 X509V3_CTX *ctx, char *value) 137STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
138 char *value)
133{ 139{
134 STACK_OF(POLICYINFO) *pols = NULL; 140 STACK_OF(POLICYINFO) *pols = NULL;
135 char *pstr; 141 char *pstr;
@@ -138,43 +144,47 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
138 STACK_OF(CONF_VALUE) *vals; 144 STACK_OF(CONF_VALUE) *vals;
139 CONF_VALUE *cnf; 145 CONF_VALUE *cnf;
140 int i, ia5org; 146 int i, ia5org;
147
141 pols = sk_POLICYINFO_new_null(); 148 pols = sk_POLICYINFO_new_null();
142 if (pols == NULL) { 149 if (pols == NULL) {
143 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); 150 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
144 return NULL; 151 return NULL;
145 } 152 }
146 vals = X509V3_parse_list(value); 153 vals = X509V3_parse_list(value);
147 if (vals == NULL) { 154 if (vals == NULL) {
148 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); 155 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
149 goto err; 156 goto err;
150 } 157 }
151 ia5org = 0; 158 ia5org = 0;
152 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { 159 for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
153 cnf = sk_CONF_VALUE_value(vals, i); 160 cnf = sk_CONF_VALUE_value(vals, i);
154 if(cnf->value || !cnf->name ) { 161 if (cnf->value || !cnf->name ) {
155 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); 162 X509V3err(X509V3_F_R2I_CERTPOL,
163 X509V3_R_INVALID_POLICY_IDENTIFIER);
156 X509V3_conf_err(cnf); 164 X509V3_conf_err(cnf);
157 goto err; 165 goto err;
158 } 166 }
159 pstr = cnf->name; 167 pstr = cnf->name;
160 if(!strcmp(pstr,"ia5org")) { 168 if (!strcmp(pstr, "ia5org")) {
161 ia5org = 1; 169 ia5org = 1;
162 continue; 170 continue;
163 } else if(*pstr == '@') { 171 } else if (*pstr == '@') {
164 STACK_OF(CONF_VALUE) *polsect; 172 STACK_OF(CONF_VALUE) *polsect;
165 polsect = X509V3_get_section(ctx, pstr + 1); 173 polsect = X509V3_get_section(ctx, pstr + 1);
166 if(!polsect) { 174 if (!polsect) {
167 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); 175 X509V3err(X509V3_F_R2I_CERTPOL,
168 176 X509V3_R_INVALID_SECTION);
169 X509V3_conf_err(cnf); 177 X509V3_conf_err(cnf);
170 goto err; 178 goto err;
171 } 179 }
172 pol = policy_section(ctx, polsect, ia5org); 180 pol = policy_section(ctx, polsect, ia5org);
173 X509V3_section_free(ctx, polsect); 181 X509V3_section_free(ctx, polsect);
174 if(!pol) goto err; 182 if (!pol)
183 goto err;
175 } else { 184 } else {
176 if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { 185 if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
177 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); 186 X509V3err(X509V3_F_R2I_CERTPOL,
187 X509V3_R_INVALID_OBJECT_IDENTIFIER);
178 X509V3_conf_err(cnf); 188 X509V3_conf_err(cnf);
179 goto err; 189 goto err;
180 } 190 }
@@ -189,123 +199,140 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
189 } 199 }
190 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); 200 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
191 return pols; 201 return pols;
192 err: 202
203err:
193 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); 204 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
194 sk_POLICYINFO_pop_free(pols, POLICYINFO_free); 205 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
195 return NULL; 206 return NULL;
196} 207}
197 208
198static POLICYINFO *policy_section(X509V3_CTX *ctx, 209static POLICYINFO *
199 STACK_OF(CONF_VALUE) *polstrs, int ia5org) 210policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
200{ 211{
201 int i; 212 int i;
202 CONF_VALUE *cnf; 213 CONF_VALUE *cnf;
203 POLICYINFO *pol; 214 POLICYINFO *pol;
204 POLICYQUALINFO *qual; 215 POLICYQUALINFO *qual;
205 if(!(pol = POLICYINFO_new())) goto merr; 216
206 for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { 217 if (!(pol = POLICYINFO_new()))
218 goto merr;
219 for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
207 cnf = sk_CONF_VALUE_value(polstrs, i); 220 cnf = sk_CONF_VALUE_value(polstrs, i);
208 if(!strcmp(cnf->name, "policyIdentifier")) { 221 if (!strcmp(cnf->name, "policyIdentifier")) {
209 ASN1_OBJECT *pobj; 222 ASN1_OBJECT *pobj;
210 if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { 223 if (!(pobj = OBJ_txt2obj(cnf->value, 0))) {
211 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER); 224 X509V3err(X509V3_F_POLICY_SECTION,
225 X509V3_R_INVALID_OBJECT_IDENTIFIER);
212 X509V3_conf_err(cnf); 226 X509V3_conf_err(cnf);
213 goto err; 227 goto err;
214 } 228 }
215 pol->policyid = pobj; 229 pol->policyid = pobj;
216 230 } else if (!name_cmp(cnf->name, "CPS")) {
217 } else if(!name_cmp(cnf->name, "CPS")) { 231 if (!pol->qualifiers)
218 if(!pol->qualifiers) pol->qualifiers = 232 pol->qualifiers = sk_POLICYQUALINFO_new_null();
219 sk_POLICYQUALINFO_new_null(); 233 if (!(qual = POLICYQUALINFO_new()))
220 if(!(qual = POLICYQUALINFO_new())) goto merr; 234 goto merr;
221 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) 235 if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
222 goto merr; 236 goto merr;
223 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); 237 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
224 qual->d.cpsuri = M_ASN1_IA5STRING_new(); 238 qual->d.cpsuri = M_ASN1_IA5STRING_new();
225 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, 239 if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
226 strlen(cnf->value))) goto merr; 240 strlen(cnf->value)))
227 } else if(!name_cmp(cnf->name, "userNotice")) { 241 goto merr;
242 } else if (!name_cmp(cnf->name, "userNotice")) {
228 STACK_OF(CONF_VALUE) *unot; 243 STACK_OF(CONF_VALUE) *unot;
229 if(*cnf->value != '@') { 244 if (*cnf->value != '@') {
230 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); 245 X509V3err(X509V3_F_POLICY_SECTION,
246 X509V3_R_EXPECTED_A_SECTION_NAME);
231 X509V3_conf_err(cnf); 247 X509V3_conf_err(cnf);
232 goto err; 248 goto err;
233 } 249 }
234 unot = X509V3_get_section(ctx, cnf->value + 1); 250 unot = X509V3_get_section(ctx, cnf->value + 1);
235 if(!unot) { 251 if (!unot) {
236 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION); 252 X509V3err(X509V3_F_POLICY_SECTION,
237 253 X509V3_R_INVALID_SECTION);
238 X509V3_conf_err(cnf); 254 X509V3_conf_err(cnf);
239 goto err; 255 goto err;
240 } 256 }
241 qual = notice_section(ctx, unot, ia5org); 257 qual = notice_section(ctx, unot, ia5org);
242 X509V3_section_free(ctx, unot); 258 X509V3_section_free(ctx, unot);
243 if(!qual) goto err; 259 if (!qual)
244 if(!pol->qualifiers) pol->qualifiers = 260 goto err;
245 sk_POLICYQUALINFO_new_null(); 261 if (!pol->qualifiers) pol->qualifiers =
246 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) 262 sk_POLICYQUALINFO_new_null();
247 goto merr; 263 if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
264 goto merr;
248 } else { 265 } else {
249 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION); 266 X509V3err(X509V3_F_POLICY_SECTION,
250 267 X509V3_R_INVALID_OPTION);
251 X509V3_conf_err(cnf); 268 X509V3_conf_err(cnf);
252 goto err; 269 goto err;
253 } 270 }
254 } 271 }
255 if(!pol->policyid) { 272 if (!pol->policyid) {
256 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER); 273 X509V3err(X509V3_F_POLICY_SECTION,
274 X509V3_R_NO_POLICY_IDENTIFIER);
257 goto err; 275 goto err;
258 } 276 }
259 277
260 return pol; 278 return pol;
261 279
262 merr: 280merr:
263 X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); 281 X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
264 282
265 err: 283err:
266 POLICYINFO_free(pol); 284 POLICYINFO_free(pol);
267 return NULL; 285 return NULL;
268
269
270} 286}
271 287
272static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, 288static POLICYQUALINFO *
273 STACK_OF(CONF_VALUE) *unot, int ia5org) 289notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
274{ 290{
275 int i, ret; 291 int i, ret;
276 CONF_VALUE *cnf; 292 CONF_VALUE *cnf;
277 USERNOTICE *not; 293 USERNOTICE *not;
278 POLICYQUALINFO *qual; 294 POLICYQUALINFO *qual;
279 if(!(qual = POLICYQUALINFO_new())) goto merr; 295
296 if (!(qual = POLICYQUALINFO_new()))
297 goto merr;
280 qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); 298 qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
281 if(!(not = USERNOTICE_new())) goto merr; 299 if (!(not = USERNOTICE_new()))
300 goto merr;
282 qual->d.usernotice = not; 301 qual->d.usernotice = not;
283 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { 302 for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
284 cnf = sk_CONF_VALUE_value(unot, i); 303 cnf = sk_CONF_VALUE_value(unot, i);
285 if(!strcmp(cnf->name, "explicitText")) { 304 if (!strcmp(cnf->name, "explicitText")) {
286 not->exptext = M_ASN1_VISIBLESTRING_new(); 305 not->exptext = M_ASN1_VISIBLESTRING_new();
287 if(!ASN1_STRING_set(not->exptext, cnf->value, 306 if (!ASN1_STRING_set(not->exptext, cnf->value,
288 strlen(cnf->value))) goto merr; 307 strlen(cnf->value)))
289 } else if(!strcmp(cnf->name, "organization")) { 308 goto merr;
309 } else if (!strcmp(cnf->name, "organization")) {
290 NOTICEREF *nref; 310 NOTICEREF *nref;
291 if(!not->noticeref) { 311 if (!not->noticeref) {
292 if(!(nref = NOTICEREF_new())) goto merr; 312 if (!(nref = NOTICEREF_new()))
313 goto merr;
293 not->noticeref = nref; 314 not->noticeref = nref;
294 } else nref = not->noticeref; 315 } else
295 if(ia5org) nref->organization->type = V_ASN1_IA5STRING; 316 nref = not->noticeref;
296 else nref->organization->type = V_ASN1_VISIBLESTRING; 317 if (ia5org)
297 if(!ASN1_STRING_set(nref->organization, cnf->value, 318 nref->organization->type = V_ASN1_IA5STRING;
298 strlen(cnf->value))) goto merr; 319 else
299 } else if(!strcmp(cnf->name, "noticeNumbers")) { 320 nref->organization->type = V_ASN1_VISIBLESTRING;
321 if (!ASN1_STRING_set(nref->organization, cnf->value,
322 strlen(cnf->value)))
323 goto merr;
324 } else if (!strcmp(cnf->name, "noticeNumbers")) {
300 NOTICEREF *nref; 325 NOTICEREF *nref;
301 STACK_OF(CONF_VALUE) *nos; 326 STACK_OF(CONF_VALUE) *nos;
302 if(!not->noticeref) { 327 if (!not->noticeref) {
303 if(!(nref = NOTICEREF_new())) goto merr; 328 if (!(nref = NOTICEREF_new()))
329 goto merr;
304 not->noticeref = nref; 330 not->noticeref = nref;
305 } else nref = not->noticeref; 331 } else nref = not->noticeref;
306 nos = X509V3_parse_list(cnf->value); 332 nos = X509V3_parse_list(cnf->value);
307 if(!nos || !sk_CONF_VALUE_num(nos)) { 333 if (!nos || !sk_CONF_VALUE_num(nos)) {
308 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); 334 X509V3err(X509V3_F_NOTICE_SECTION,
335 X509V3_R_INVALID_NUMBERS);
309 X509V3_conf_err(cnf); 336 X509V3_conf_err(cnf);
310 goto err; 337 goto err;
311 } 338 }
@@ -314,94 +341,98 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
314 if (!ret) 341 if (!ret)
315 goto err; 342 goto err;
316 } else { 343 } else {
317 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); 344 X509V3err(X509V3_F_NOTICE_SECTION,
345 X509V3_R_INVALID_OPTION);
318 X509V3_conf_err(cnf); 346 X509V3_conf_err(cnf);
319 goto err; 347 goto err;
320 } 348 }
321 } 349 }
322 350
323 if(not->noticeref && 351 if (not->noticeref &&
324 (!not->noticeref->noticenos || !not->noticeref->organization)) { 352 (!not->noticeref->noticenos || !not->noticeref->organization)) {
325 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); 353 X509V3err(X509V3_F_NOTICE_SECTION,
326 goto err; 354 X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
355 goto err;
327 } 356 }
328 357
329 return qual; 358 return qual;
330 359
331 merr: 360merr:
332 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); 361 X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
333 362
334 err: 363err:
335 POLICYQUALINFO_free(qual); 364 POLICYQUALINFO_free(qual);
336 return NULL; 365 return NULL;
337} 366}
338 367
339static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) 368static int
369nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
340{ 370{
341 CONF_VALUE *cnf; 371 CONF_VALUE *cnf;
342 ASN1_INTEGER *aint; 372 ASN1_INTEGER *aint;
343
344 int i; 373 int i;
345 374
346 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { 375 for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
347 cnf = sk_CONF_VALUE_value(nos, i); 376 cnf = sk_CONF_VALUE_value(nos, i);
348 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { 377 if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
349 X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); 378 X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
350 goto err; 379 goto err;
351 } 380 }
352 if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; 381 if (!sk_ASN1_INTEGER_push(nnums, aint))
382 goto merr;
353 } 383 }
354 return 1; 384 return 1;
355 385
356 merr: 386merr:
357 X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE); 387 X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
358 388
359 err: 389err:
360 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); 390 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
361 return 0; 391 return 0;
362} 392}
363 393
364 394static int
365static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, 395i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out,
366 BIO *out, int indent) 396 int indent)
367{ 397{
368 int i; 398 int i;
369 POLICYINFO *pinfo; 399 POLICYINFO *pinfo;
400
370 /* First print out the policy OIDs */ 401 /* First print out the policy OIDs */
371 for(i = 0; i < sk_POLICYINFO_num(pol); i++) { 402 for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
372 pinfo = sk_POLICYINFO_value(pol, i); 403 pinfo = sk_POLICYINFO_value(pol, i);
373 BIO_printf(out, "%*sPolicy: ", indent, ""); 404 BIO_printf(out, "%*sPolicy: ", indent, "");
374 i2a_ASN1_OBJECT(out, pinfo->policyid); 405 i2a_ASN1_OBJECT(out, pinfo->policyid);
375 BIO_puts(out, "\n"); 406 BIO_puts(out, "\n");
376 if(pinfo->qualifiers) 407 if (pinfo->qualifiers)
377 print_qualifiers(out, pinfo->qualifiers, indent + 2); 408 print_qualifiers(out, pinfo->qualifiers, indent + 2);
378 } 409 }
379 return 1; 410 return 1;
380} 411}
381 412
382static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, 413static void
383 int indent) 414print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent)
384{ 415{
385 POLICYQUALINFO *qualinfo; 416 POLICYQUALINFO *qualinfo;
386 int i; 417 int i;
387 for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { 418
419 for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
388 qualinfo = sk_POLICYQUALINFO_value(quals, i); 420 qualinfo = sk_POLICYQUALINFO_value(quals, i);
389 switch(OBJ_obj2nid(qualinfo->pqualid)) 421 switch (OBJ_obj2nid(qualinfo->pqualid)) {
390 { 422 case NID_id_qt_cps:
391 case NID_id_qt_cps:
392 BIO_printf(out, "%*sCPS: %s\n", indent, "", 423 BIO_printf(out, "%*sCPS: %s\n", indent, "",
393 qualinfo->d.cpsuri->data); 424 qualinfo->d.cpsuri->data);
394 break; 425 break;
395 426
396 case NID_id_qt_unotice: 427 case NID_id_qt_unotice:
397 BIO_printf(out, "%*sUser Notice:\n", indent, ""); 428 BIO_printf(out, "%*sUser Notice:\n", indent, "");
398 print_notice(out, qualinfo->d.usernotice, indent + 2); 429 print_notice(out, qualinfo->d.usernotice, indent + 2);
399 break; 430 break;
400 431
401 default: 432 default:
402 BIO_printf(out, "%*sUnknown Qualifier: ", 433 BIO_printf(out, "%*sUnknown Qualifier: ",
403 indent + 2, ""); 434 indent + 2, "");
404 435
405 i2a_ASN1_OBJECT(out, qualinfo->pqualid); 436 i2a_ASN1_OBJECT(out, qualinfo->pqualid);
406 BIO_puts(out, "\n"); 437 BIO_puts(out, "\n");
407 break; 438 break;
@@ -409,49 +440,51 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
409 } 440 }
410} 441}
411 442
412static void print_notice(BIO *out, USERNOTICE *notice, int indent) 443static void
444print_notice(BIO *out, USERNOTICE *notice, int indent)
413{ 445{
414 int i; 446 int i;
415 if(notice->noticeref) { 447
448 if (notice->noticeref) {
416 NOTICEREF *ref; 449 NOTICEREF *ref;
417 ref = notice->noticeref; 450 ref = notice->noticeref;
418 BIO_printf(out, "%*sOrganization: %s\n", indent, "", 451 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
419 ref->organization->data); 452 ref->organization->data);
420 BIO_printf(out, "%*sNumber%s: ", indent, "", 453 BIO_printf(out, "%*sNumber%s: ", indent, "",
421 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); 454 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
422 for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { 455 for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
423 ASN1_INTEGER *num; 456 ASN1_INTEGER *num;
424 char *tmp; 457 char *tmp;
425 num = sk_ASN1_INTEGER_value(ref->noticenos, i); 458 num = sk_ASN1_INTEGER_value(ref->noticenos, i);
426 if(i) BIO_puts(out, ", "); 459 if (i)
460 BIO_puts(out, ", ");
427 tmp = i2s_ASN1_INTEGER(NULL, num); 461 tmp = i2s_ASN1_INTEGER(NULL, num);
428 BIO_puts(out, tmp); 462 BIO_puts(out, tmp);
429 free(tmp); 463 free(tmp);
430 } 464 }
431 BIO_puts(out, "\n"); 465 BIO_puts(out, "\n");
432 } 466 }
433 if(notice->exptext) 467 if (notice->exptext)
434 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", 468 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
435 notice->exptext->data); 469 notice->exptext->data);
436} 470}
437 471
438void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) 472void
439 { 473X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
474{
440 const X509_POLICY_DATA *dat = node->data; 475 const X509_POLICY_DATA *dat = node->data;
441 476
442 BIO_printf(out, "%*sPolicy: ", indent, ""); 477 BIO_printf(out, "%*sPolicy: ", indent, "");
443 478
444 i2a_ASN1_OBJECT(out, dat->valid_policy); 479 i2a_ASN1_OBJECT(out, dat->valid_policy);
445 BIO_puts(out, "\n"); 480 BIO_puts(out, "\n");
446 BIO_printf(out, "%*s%s\n", indent + 2, "", 481 BIO_printf(out, "%*s%s\n", indent + 2, "",
447 node_data_critical(dat) ? "Critical" : "Non Critical"); 482 node_data_critical(dat) ? "Critical" : "Non Critical");
448 if (dat->qualifier_set) 483 if (dat->qualifier_set)
449 print_qualifiers(out, dat->qualifier_set, indent + 2); 484 print_qualifiers(out, dat->qualifier_set, indent + 2);
450 else 485 else
451 BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); 486 BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
452 } 487}
453
454 488
455IMPLEMENT_STACK_OF(X509_POLICY_NODE) 489IMPLEMENT_STACK_OF(X509_POLICY_NODE)
456IMPLEMENT_STACK_OF(X509_POLICY_DATA) 490IMPLEMENT_STACK_OF(X509_POLICY_DATA)
457
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_crld.c b/src/lib/libssl/src/crypto/x509v3/v3_crld.c
index 790a6dd032..3195655429 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_crld.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_crld.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -64,67 +64,64 @@
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66static void *v2i_crld(const X509V3_EXT_METHOD *method, 66static void *v2i_crld(const X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, 68static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
69 int indent); 69 int indent);
70 70
71const X509V3_EXT_METHOD v3_crld = 71const X509V3_EXT_METHOD v3_crld = {
72 {
73 NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), 72 NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
74 0,0,0,0, 73 0, 0, 0, 0,
75 0,0, 74 0, 0,
76 0, 75 0,
77 v2i_crld, 76 v2i_crld,
78 i2r_crldp,0, 77 i2r_crldp, 0,
79 NULL 78 NULL
80 }; 79};
81 80
82const X509V3_EXT_METHOD v3_freshest_crl = 81const X509V3_EXT_METHOD v3_freshest_crl = {
83 {
84 NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), 82 NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
85 0,0,0,0, 83 0, 0, 0, 0,
86 0,0, 84 0, 0,
87 0, 85 0,
88 v2i_crld, 86 v2i_crld,
89 i2r_crldp,0, 87 i2r_crldp, 0,
90 NULL 88 NULL
91 }; 89};
92 90
93static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) 91static
94 { 92STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
93{
95 STACK_OF(CONF_VALUE) *gnsect; 94 STACK_OF(CONF_VALUE) *gnsect;
96 STACK_OF(GENERAL_NAME) *gens; 95 STACK_OF(GENERAL_NAME) *gens;
96
97 if (*sect == '@') 97 if (*sect == '@')
98 gnsect = X509V3_get_section(ctx, sect + 1); 98 gnsect = X509V3_get_section(ctx, sect + 1);
99 else 99 else
100 gnsect = X509V3_parse_list(sect); 100 gnsect = X509V3_parse_list(sect);
101 if (!gnsect) 101 if (!gnsect) {
102 {
103 X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, 102 X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
104 X509V3_R_SECTION_NOT_FOUND); 103 X509V3_R_SECTION_NOT_FOUND);
105 return NULL; 104 return NULL;
106 } 105 }
107 gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); 106 gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
108 if (*sect == '@') 107 if (*sect == '@')
109 X509V3_section_free(ctx, gnsect); 108 X509V3_section_free(ctx, gnsect);
110 else 109 else
111 sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free); 110 sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
112 return gens; 111 return gens;
113 } 112}
114 113
115static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, 114static int
116 CONF_VALUE *cnf) 115set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf)
117 { 116{
118 STACK_OF(GENERAL_NAME) *fnm = NULL; 117 STACK_OF(GENERAL_NAME) *fnm = NULL;
119 STACK_OF(X509_NAME_ENTRY) *rnm = NULL; 118 STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
120 if (!strncmp(cnf->name, "fullname", 9)) 119
121 { 120 if (!strncmp(cnf->name, "fullname", 9)) {
122 fnm = gnames_from_sectname(ctx, cnf->value); 121 fnm = gnames_from_sectname(ctx, cnf->value);
123 if (!fnm) 122 if (!fnm)
124 goto err; 123 goto err;
125 } 124 } else if (!strcmp(cnf->name, "relativename")) {
126 else if (!strcmp(cnf->name, "relativename"))
127 {
128 int ret; 125 int ret;
129 STACK_OF(CONF_VALUE) *dnsect; 126 STACK_OF(CONF_VALUE) *dnsect;
130 X509_NAME *nm; 127 X509_NAME *nm;
@@ -132,12 +129,11 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
132 if (!nm) 129 if (!nm)
133 return -1; 130 return -1;
134 dnsect = X509V3_get_section(ctx, cnf->value); 131 dnsect = X509V3_get_section(ctx, cnf->value);
135 if (!dnsect) 132 if (!dnsect) {
136 {
137 X509V3err(X509V3_F_SET_DIST_POINT_NAME, 133 X509V3err(X509V3_F_SET_DIST_POINT_NAME,
138 X509V3_R_SECTION_NOT_FOUND); 134 X509V3_R_SECTION_NOT_FOUND);
139 return -1; 135 return -1;
140 } 136 }
141 ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); 137 ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
142 X509V3_section_free(ctx, dnsect); 138 X509V3_section_free(ctx, dnsect);
143 rnm = nm->entries; 139 rnm = nm->entries;
@@ -149,135 +145,126 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
149 * RDNSequence 145 * RDNSequence
150 */ 146 */
151 if (sk_X509_NAME_ENTRY_value(rnm, 147 if (sk_X509_NAME_ENTRY_value(rnm,
152 sk_X509_NAME_ENTRY_num(rnm) - 1)->set) 148 sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
153 {
154 X509V3err(X509V3_F_SET_DIST_POINT_NAME, 149 X509V3err(X509V3_F_SET_DIST_POINT_NAME,
155 X509V3_R_INVALID_MULTIPLE_RDNS); 150 X509V3_R_INVALID_MULTIPLE_RDNS);
156 goto err; 151 goto err;
157 }
158 } 152 }
159 else 153 } else
160 return 0; 154 return 0;
161 155
162 if (*pdp) 156 if (*pdp) {
163 {
164 X509V3err(X509V3_F_SET_DIST_POINT_NAME, 157 X509V3err(X509V3_F_SET_DIST_POINT_NAME,
165 X509V3_R_DISTPOINT_ALREADY_SET); 158 X509V3_R_DISTPOINT_ALREADY_SET);
166 goto err; 159 goto err;
167 } 160 }
168 161
169 *pdp = DIST_POINT_NAME_new(); 162 *pdp = DIST_POINT_NAME_new();
170 if (!*pdp) 163 if (!*pdp)
171 goto err; 164 goto err;
172 if (fnm) 165 if (fnm) {
173 {
174 (*pdp)->type = 0; 166 (*pdp)->type = 0;
175 (*pdp)->name.fullname = fnm; 167 (*pdp)->name.fullname = fnm;
176 } 168 } else {
177 else
178 {
179 (*pdp)->type = 1; 169 (*pdp)->type = 1;
180 (*pdp)->name.relativename = rnm; 170 (*pdp)->name.relativename = rnm;
181 } 171 }
182 172
183 return 1; 173 return 1;
184 174
185 err: 175err:
186 if (fnm) 176 if (fnm)
187 sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); 177 sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
188 if (rnm) 178 if (rnm)
189 sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); 179 sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
190 return -1; 180 return -1;
191 } 181}
192 182
193static const BIT_STRING_BITNAME reason_flags[] = { 183static const BIT_STRING_BITNAME reason_flags[] = {
194{0, "Unused", "unused"}, 184 {0, "Unused", "unused"},
195{1, "Key Compromise", "keyCompromise"}, 185 {1, "Key Compromise", "keyCompromise"},
196{2, "CA Compromise", "CACompromise"}, 186 {2, "CA Compromise", "CACompromise"},
197{3, "Affiliation Changed", "affiliationChanged"}, 187 {3, "Affiliation Changed", "affiliationChanged"},
198{4, "Superseded", "superseded"}, 188 {4, "Superseded", "superseded"},
199{5, "Cessation Of Operation", "cessationOfOperation"}, 189 {5, "Cessation Of Operation", "cessationOfOperation"},
200{6, "Certificate Hold", "certificateHold"}, 190 {6, "Certificate Hold", "certificateHold"},
201{7, "Privilege Withdrawn", "privilegeWithdrawn"}, 191 {7, "Privilege Withdrawn", "privilegeWithdrawn"},
202{8, "AA Compromise", "AACompromise"}, 192 {8, "AA Compromise", "AACompromise"},
203{-1, NULL, NULL} 193 {-1, NULL, NULL}
204}; 194};
205 195
206static int set_reasons(ASN1_BIT_STRING **preas, char *value) 196static int
207 { 197set_reasons(ASN1_BIT_STRING **preas, char *value)
198{
208 STACK_OF(CONF_VALUE) *rsk = NULL; 199 STACK_OF(CONF_VALUE) *rsk = NULL;
209 const BIT_STRING_BITNAME *pbn; 200 const BIT_STRING_BITNAME *pbn;
210 const char *bnam; 201 const char *bnam;
211 int i, ret = 0; 202 int i, ret = 0;
203
212 rsk = X509V3_parse_list(value); 204 rsk = X509V3_parse_list(value);
213 if (!rsk) 205 if (!rsk)
214 return 0; 206 return 0;
215 if (*preas) 207 if (*preas)
216 return 0; 208 return 0;
217 for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) 209 for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
218 {
219 bnam = sk_CONF_VALUE_value(rsk, i)->name; 210 bnam = sk_CONF_VALUE_value(rsk, i)->name;
220 if (!*preas) 211 if (!*preas) {
221 {
222 *preas = ASN1_BIT_STRING_new(); 212 *preas = ASN1_BIT_STRING_new();
223 if (!*preas) 213 if (!*preas)
224 goto err; 214 goto err;
225 } 215 }
226 for (pbn = reason_flags; pbn->lname; pbn++) 216 for (pbn = reason_flags; pbn->lname; pbn++) {
227 { 217 if (!strcmp(pbn->sname, bnam)) {
228 if (!strcmp(pbn->sname, bnam))
229 {
230 if (!ASN1_BIT_STRING_set_bit(*preas, 218 if (!ASN1_BIT_STRING_set_bit(*preas,
231 pbn->bitnum, 1)) 219 pbn->bitnum, 1))
232 goto err; 220 goto err;
233 break; 221 break;
234 }
235 } 222 }
223 }
236 if (!pbn->lname) 224 if (!pbn->lname)
237 goto err; 225 goto err;
238 } 226 }
239 ret = 1; 227 ret = 1;
240 228
241 err: 229err:
242 sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); 230 sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
243 return ret; 231 return ret;
244 } 232}
245 233
246static int print_reasons(BIO *out, const char *rname, 234static int
247 ASN1_BIT_STRING *rflags, int indent) 235print_reasons(BIO *out, const char *rname, ASN1_BIT_STRING *rflags, int indent)
248 { 236{
249 int first = 1; 237 int first = 1;
250 const BIT_STRING_BITNAME *pbn; 238 const BIT_STRING_BITNAME *pbn;
239
251 BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); 240 BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
252 for (pbn = reason_flags; pbn->lname; pbn++) 241 for (pbn = reason_flags; pbn->lname; pbn++) {
253 { 242 if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
254 if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum))
255 {
256 if (first) 243 if (first)
257 first = 0; 244 first = 0;
258 else 245 else
259 BIO_puts(out, ", "); 246 BIO_puts(out, ", ");
260 BIO_puts(out, pbn->lname); 247 BIO_puts(out, pbn->lname);
261 }
262 } 248 }
249 }
263 if (first) 250 if (first)
264 BIO_puts(out, "<EMPTY>\n"); 251 BIO_puts(out, "<EMPTY>\n");
265 else 252 else
266 BIO_puts(out, "\n"); 253 BIO_puts(out, "\n");
267 return 1; 254 return 1;
268 } 255}
269 256
270static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, 257static DIST_POINT *
271 STACK_OF(CONF_VALUE) *nval) 258crldp_from_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
272 { 259{
273 int i; 260 int i;
274 CONF_VALUE *cnf; 261 CONF_VALUE *cnf;
275 DIST_POINT *point = NULL; 262 DIST_POINT *point = NULL;
263
276 point = DIST_POINT_new(); 264 point = DIST_POINT_new();
277 if (!point) 265 if (!point)
278 goto err; 266 goto err;
279 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) 267 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
280 {
281 int ret; 268 int ret;
282 cnf = sk_CONF_VALUE_value(nval, i); 269 cnf = sk_CONF_VALUE_value(nval, i);
283 ret = set_dist_point_name(&point->distpoint, ctx, cnf); 270 ret = set_dist_point_name(&point->distpoint, ctx, cnf);
@@ -285,43 +272,42 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
285 continue; 272 continue;
286 if (ret < 0) 273 if (ret < 0)
287 goto err; 274 goto err;
288 if (!strcmp(cnf->name, "reasons")) 275 if (!strcmp(cnf->name, "reasons")) {
289 {
290 if (!set_reasons(&point->reasons, cnf->value)) 276 if (!set_reasons(&point->reasons, cnf->value))
291 goto err; 277 goto err;
292 } 278 }
293 else if (!strcmp(cnf->name, "CRLissuer")) 279 else if (!strcmp(cnf->name, "CRLissuer")) {
294 {
295 point->CRLissuer = 280 point->CRLissuer =
296 gnames_from_sectname(ctx, cnf->value); 281 gnames_from_sectname(ctx, cnf->value);
297 if (!point->CRLissuer) 282 if (!point->CRLissuer)
298 goto err; 283 goto err;
299 }
300 } 284 }
285 }
301 286
302 return point; 287 return point;
303
304 288
305 err: 289err:
306 if (point) 290 if (point)
307 DIST_POINT_free(point); 291 DIST_POINT_free(point);
308 return NULL; 292 return NULL;
309 } 293}
310 294
311static void *v2i_crld(const X509V3_EXT_METHOD *method, 295static void *
312 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 296v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
313 { 297 STACK_OF(CONF_VALUE) *nval)
298{
314 STACK_OF(DIST_POINT) *crld = NULL; 299 STACK_OF(DIST_POINT) *crld = NULL;
315 GENERAL_NAMES *gens = NULL; 300 GENERAL_NAMES *gens = NULL;
316 GENERAL_NAME *gen = NULL; 301 GENERAL_NAME *gen = NULL;
317 CONF_VALUE *cnf; 302 CONF_VALUE *cnf;
318 int i; 303 int i;
319 if(!(crld = sk_DIST_POINT_new_null())) goto merr; 304
320 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 305 if (!(crld = sk_DIST_POINT_new_null()))
306 goto merr;
307 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
321 DIST_POINT *point; 308 DIST_POINT *point;
322 cnf = sk_CONF_VALUE_value(nval, i); 309 cnf = sk_CONF_VALUE_value(nval, i);
323 if (!cnf->value) 310 if (!cnf->value) {
324 {
325 STACK_OF(CONF_VALUE) *dpsect; 311 STACK_OF(CONF_VALUE) *dpsect;
326 dpsect = X509V3_get_section(ctx, cnf->name); 312 dpsect = X509V3_get_section(ctx, cnf->name);
327 if (!dpsect) 313 if (!dpsect)
@@ -330,40 +316,36 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
330 X509V3_section_free(ctx, dpsect); 316 X509V3_section_free(ctx, dpsect);
331 if (!point) 317 if (!point)
332 goto err; 318 goto err;
333 if(!sk_DIST_POINT_push(crld, point)) 319 if (!sk_DIST_POINT_push(crld, point)) {
334 {
335 DIST_POINT_free(point); 320 DIST_POINT_free(point);
336 goto merr; 321 goto merr;
337 }
338 } 322 }
339 else 323 } else {
340 { 324 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
341 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) 325 goto err;
342 goto err; 326 if (!(gens = GENERAL_NAMES_new()))
343 if(!(gens = GENERAL_NAMES_new()))
344 goto merr; 327 goto merr;
345 if(!sk_GENERAL_NAME_push(gens, gen)) 328 if (!sk_GENERAL_NAME_push(gens, gen))
346 goto merr; 329 goto merr;
347 gen = NULL; 330 gen = NULL;
348 if(!(point = DIST_POINT_new())) 331 if (!(point = DIST_POINT_new()))
349 goto merr; 332 goto merr;
350 if(!sk_DIST_POINT_push(crld, point)) 333 if (!sk_DIST_POINT_push(crld, point)) {
351 {
352 DIST_POINT_free(point); 334 DIST_POINT_free(point);
353 goto merr; 335 goto merr;
354 } 336 }
355 if(!(point->distpoint = DIST_POINT_NAME_new())) 337 if (!(point->distpoint = DIST_POINT_NAME_new()))
356 goto merr; 338 goto merr;
357 point->distpoint->name.fullname = gens; 339 point->distpoint->name.fullname = gens;
358 point->distpoint->type = 0; 340 point->distpoint->type = 0;
359 gens = NULL; 341 gens = NULL;
360 } 342 }
361 } 343 }
362 return crld; 344 return crld;
363 345
364 merr: 346merr:
365 X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); 347 X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
366 err: 348err:
367 GENERAL_NAME_free(gen); 349 GENERAL_NAME_free(gen);
368 GENERAL_NAMES_free(gens); 350 GENERAL_NAMES_free(gens);
369 sk_DIST_POINT_pop_free(crld, DIST_POINT_free); 351 sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
@@ -373,24 +355,23 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
373IMPLEMENT_STACK_OF(DIST_POINT) 355IMPLEMENT_STACK_OF(DIST_POINT)
374IMPLEMENT_ASN1_SET_OF(DIST_POINT) 356IMPLEMENT_ASN1_SET_OF(DIST_POINT)
375 357
376static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 358static int
377 void *exarg) 359dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
378 { 360{
379 DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; 361 DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
380 362
381 switch(operation) 363 switch (operation) {
382 { 364 case ASN1_OP_NEW_POST:
383 case ASN1_OP_NEW_POST:
384 dpn->dpname = NULL; 365 dpn->dpname = NULL;
385 break; 366 break;
386 367
387 case ASN1_OP_FREE_POST: 368 case ASN1_OP_FREE_POST:
388 if (dpn->dpname) 369 if (dpn->dpname)
389 X509_NAME_free(dpn->dpname); 370 X509_NAME_free(dpn->dpname);
390 break; 371 break;
391 }
392 return 1;
393 } 372 }
373 return 1;
374}
394 375
395 376
396ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = { 377ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
@@ -409,8 +390,9 @@ ASN1_SEQUENCE(DIST_POINT) = {
409 390
410IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) 391IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
411 392
412ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 393ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
413 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) 394 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints,
395 DIST_POINT)
414ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) 396ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
415 397
416IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) 398IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
@@ -427,34 +409,34 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
427IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) 409IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
428 410
429static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, 411static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
430 int indent); 412 int indent);
431static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 413static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
432 STACK_OF(CONF_VALUE) *nval); 414 STACK_OF(CONF_VALUE) *nval);
433 415
434const X509V3_EXT_METHOD v3_idp = 416const X509V3_EXT_METHOD v3_idp = {
435 {
436 NID_issuing_distribution_point, X509V3_EXT_MULTILINE, 417 NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
437 ASN1_ITEM_ref(ISSUING_DIST_POINT), 418 ASN1_ITEM_ref(ISSUING_DIST_POINT),
438 0,0,0,0, 419 0, 0, 0, 0,
439 0,0, 420 0, 0,
440 0, 421 0,
441 v2i_idp, 422 v2i_idp,
442 i2r_idp,0, 423 i2r_idp, 0,
443 NULL 424 NULL
444 }; 425};
445 426
446static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 427static void *
447 STACK_OF(CONF_VALUE) *nval) 428v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
448 { 429 STACK_OF(CONF_VALUE) *nval)
430{
449 ISSUING_DIST_POINT *idp = NULL; 431 ISSUING_DIST_POINT *idp = NULL;
450 CONF_VALUE *cnf; 432 CONF_VALUE *cnf;
451 char *name, *val; 433 char *name, *val;
452 int i, ret; 434 int i, ret;
435
453 idp = ISSUING_DIST_POINT_new(); 436 idp = ISSUING_DIST_POINT_new();
454 if (!idp) 437 if (!idp)
455 goto merr; 438 goto merr;
456 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) 439 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
457 {
458 cnf = sk_CONF_VALUE_value(nval, i); 440 cnf = sk_CONF_VALUE_value(nval, i);
459 name = cnf->name; 441 name = cnf->name;
460 val = cnf->value; 442 val = cnf->value;
@@ -463,82 +445,75 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
463 continue; 445 continue;
464 if (ret < 0) 446 if (ret < 0)
465 goto err; 447 goto err;
466 if (!strcmp(name, "onlyuser")) 448 if (!strcmp(name, "onlyuser")) {
467 {
468 if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) 449 if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
469 goto err; 450 goto err;
470 } 451 }
471 else if (!strcmp(name, "onlyCA")) 452 else if (!strcmp(name, "onlyCA")) {
472 {
473 if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) 453 if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
474 goto err; 454 goto err;
475 } 455 }
476 else if (!strcmp(name, "onlyAA")) 456 else if (!strcmp(name, "onlyAA")) {
477 {
478 if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) 457 if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
479 goto err; 458 goto err;
480 } 459 }
481 else if (!strcmp(name, "indirectCRL")) 460 else if (!strcmp(name, "indirectCRL")) {
482 {
483 if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) 461 if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
484 goto err; 462 goto err;
485 } 463 }
486 else if (!strcmp(name, "onlysomereasons")) 464 else if (!strcmp(name, "onlysomereasons")) {
487 {
488 if (!set_reasons(&idp->onlysomereasons, val)) 465 if (!set_reasons(&idp->onlysomereasons, val))
489 goto err; 466 goto err;
490 } 467 } else {
491 else 468 X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
492 { 469 X509V3_conf_err(cnf);
493 X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); 470 goto err;
494 X509V3_conf_err(cnf);
495 goto err;
496 }
497 } 471 }
472 }
498 return idp; 473 return idp;
499 474
500 merr: 475merr:
501 X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE); 476 X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE);
502 err: 477err:
503 ISSUING_DIST_POINT_free(idp); 478 ISSUING_DIST_POINT_free(idp);
504 return NULL; 479 return NULL;
505 } 480}
506 481
507static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) 482static int
508 { 483print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
484{
509 int i; 485 int i;
510 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) 486
511 { 487 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
512 BIO_printf(out, "%*s", indent + 2, ""); 488 BIO_printf(out, "%*s", indent + 2, "");
513 GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i)); 489 GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
514 BIO_puts(out, "\n"); 490 BIO_puts(out, "\n");
515 }
516 return 1;
517 } 491 }
492 return 1;
493}
518 494
519static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) 495static int
520 { 496print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
521 if (dpn->type == 0) 497{
522 { 498 if (dpn->type == 0) {
523 BIO_printf(out, "%*sFull Name:\n", indent, ""); 499 BIO_printf(out, "%*sFull Name:\n", indent, "");
524 print_gens(out, dpn->name.fullname, indent); 500 print_gens(out, dpn->name.fullname, indent);
525 } 501 } else {
526 else
527 {
528 X509_NAME ntmp; 502 X509_NAME ntmp;
529 ntmp.entries = dpn->name.relativename; 503 ntmp.entries = dpn->name.relativename;
530 BIO_printf(out, "%*sRelative Name:\n%*s", 504 BIO_printf(out, "%*sRelative Name:\n%*s",
531 indent, "", indent + 2, ""); 505 indent, "", indent + 2, "");
532 X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE); 506 X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
533 BIO_puts(out, "\n"); 507 BIO_puts(out, "\n");
534 }
535 return 1;
536 } 508 }
509 return 1;
510}
537 511
538static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, 512static int
539 int indent) 513i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
540 { 514{
541 ISSUING_DIST_POINT *idp = pidp; 515 ISSUING_DIST_POINT *idp = pidp;
516
542 if (idp->distpoint) 517 if (idp->distpoint)
543 print_distpoint(out, idp->distpoint, indent); 518 print_distpoint(out, idp->distpoint, indent);
544 if (idp->onlyuser > 0) 519 if (idp->onlyuser > 0)
@@ -548,69 +523,67 @@ static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
548 if (idp->indirectCRL > 0) 523 if (idp->indirectCRL > 0)
549 BIO_printf(out, "%*sIndirect CRL\n", indent, ""); 524 BIO_printf(out, "%*sIndirect CRL\n", indent, "");
550 if (idp->onlysomereasons) 525 if (idp->onlysomereasons)
551 print_reasons(out, "Only Some Reasons", 526 print_reasons(out, "Only Some Reasons",
552 idp->onlysomereasons, indent); 527 idp->onlysomereasons, indent);
553 if (idp->onlyattr > 0) 528 if (idp->onlyattr > 0)
554 BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, ""); 529 BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
555 if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) 530 if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) &&
556 && (idp->indirectCRL <= 0) && !idp->onlysomereasons 531 (idp->indirectCRL <= 0) && !idp->onlysomereasons &&
557 && (idp->onlyattr <= 0)) 532 (idp->onlyattr <= 0))
558 BIO_printf(out, "%*s<EMPTY>\n", indent, ""); 533 BIO_printf(out, "%*s<EMPTY>\n", indent, "");
559 534
560 return 1; 535 return 1;
561 } 536}
562 537
563static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, 538static int
564 int indent) 539i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent)
565 { 540{
566 STACK_OF(DIST_POINT) *crld = pcrldp; 541 STACK_OF(DIST_POINT) *crld = pcrldp;
567 DIST_POINT *point; 542 DIST_POINT *point;
568 int i; 543 int i;
569 for(i = 0; i < sk_DIST_POINT_num(crld); i++) 544
570 { 545 for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
571 BIO_puts(out, "\n"); 546 BIO_puts(out, "\n");
572 point = sk_DIST_POINT_value(crld, i); 547 point = sk_DIST_POINT_value(crld, i);
573 if(point->distpoint) 548 if (point->distpoint)
574 print_distpoint(out, point->distpoint, indent); 549 print_distpoint(out, point->distpoint, indent);
575 if(point->reasons) 550 if (point->reasons)
576 print_reasons(out, "Reasons", point->reasons, 551 print_reasons(out, "Reasons", point->reasons,
577 indent); 552 indent);
578 if(point->CRLissuer) 553 if (point->CRLissuer) {
579 {
580 BIO_printf(out, "%*sCRL Issuer:\n", indent, ""); 554 BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
581 print_gens(out, point->CRLissuer, indent); 555 print_gens(out, point->CRLissuer, indent);
582 }
583 } 556 }
584 return 1;
585 } 557 }
558 return 1;
559}
586 560
587int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) 561int
588 { 562DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
563{
589 int i; 564 int i;
590 STACK_OF(X509_NAME_ENTRY) *frag; 565 STACK_OF(X509_NAME_ENTRY) *frag;
591 X509_NAME_ENTRY *ne; 566 X509_NAME_ENTRY *ne;
567
592 if (!dpn || (dpn->type != 1)) 568 if (!dpn || (dpn->type != 1))
593 return 1; 569 return 1;
594 frag = dpn->name.relativename; 570 frag = dpn->name.relativename;
595 dpn->dpname = X509_NAME_dup(iname); 571 dpn->dpname = X509_NAME_dup(iname);
596 if (!dpn->dpname) 572 if (!dpn->dpname)
597 return 0; 573 return 0;
598 for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) 574 for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) {
599 {
600 ne = sk_X509_NAME_ENTRY_value(frag, i); 575 ne = sk_X509_NAME_ENTRY_value(frag, i);
601 if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) 576 if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) {
602 {
603 X509_NAME_free(dpn->dpname); 577 X509_NAME_free(dpn->dpname);
604 dpn->dpname = NULL; 578 dpn->dpname = NULL;
605 return 0; 579 return 0;
606 }
607 } 580 }
581 }
608 /* generate cached encoding of name */ 582 /* generate cached encoding of name */
609 if (i2d_X509_NAME(dpn->dpname, NULL) < 0) 583 if (i2d_X509_NAME(dpn->dpname, NULL) < 0) {
610 {
611 X509_NAME_free(dpn->dpname); 584 X509_NAME_free(dpn->dpname);
612 dpn->dpname = NULL; 585 dpn->dpname = NULL;
613 return 0; 586 return 0;
614 }
615 return 1;
616 } 587 }
588 return 1;
589}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 15:03:41 +0000