summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_cpols.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509/x509_cpols.c')
-rw-r--r--src/lib/libcrypto/x509/x509_cpols.c773
1 files changed, 0 insertions, 773 deletions
diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c
deleted file mode 100644
index 6bae2a0482..0000000000
--- a/src/lib/libcrypto/x509/x509_cpols.c
+++ /dev/null
@@ -1,773 +0,0 @@
1/* $OpenBSD: x509_cpols.c,v 1.15 2025/03/06 07:20:01 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/conf.h>
65#include <openssl/err.h>
66#include <openssl/x509v3.h>
67
68#include "x509_local.h"
69
70/* Certificate policies extension support: this one is a bit complex... */
71
72static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
73 BIO *out, int indent);
74static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
75 X509V3_CTX *ctx, char *value);
76static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
77 int indent);
78static void print_notice(BIO *out, USERNOTICE *notice, int indent);
79static POLICYINFO *policy_section(X509V3_CTX *ctx,
80 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
81static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
82 STACK_OF(CONF_VALUE) *unot, int ia5org);
83static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
84
85static const X509V3_EXT_METHOD x509v3_ext_certificate_policies = {
86 .ext_nid = NID_certificate_policies,
87 .ext_flags = 0,
88 .it = &CERTIFICATEPOLICIES_it,
89 .ext_new = NULL,
90 .ext_free = NULL,
91 .d2i = NULL,
92 .i2d = NULL,
93 .i2s = NULL,
94 .s2i = NULL,
95 .i2v = NULL,
96 .v2i = NULL,
97 .i2r = (X509V3_EXT_I2R)i2r_certpol,
98 .r2i = (X509V3_EXT_R2I)r2i_certpol,
99 .usr_data = NULL,
100};
101
102const X509V3_EXT_METHOD *
103x509v3_ext_method_certificate_policies(void)
104{
105 return &x509v3_ext_certificate_policies;
106}
107
108static const ASN1_TEMPLATE CERTIFICATEPOLICIES_item_tt = {
109 .flags = ASN1_TFLG_SEQUENCE_OF,
110 .tag = 0,
111 .offset = 0,
112 .field_name = "CERTIFICATEPOLICIES",
113 .item = &POLICYINFO_it,
114};
115
116const ASN1_ITEM CERTIFICATEPOLICIES_it = {
117 .itype = ASN1_ITYPE_PRIMITIVE,
118 .utype = -1,
119 .templates = &CERTIFICATEPOLICIES_item_tt,
120 .tcount = 0,
121 .funcs = NULL,
122 .size = 0,
123 .sname = "CERTIFICATEPOLICIES",
124};
125LCRYPTO_ALIAS(CERTIFICATEPOLICIES_it);
126
127
128CERTIFICATEPOLICIES *
129d2i_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES **a, const unsigned char **in, long len)
130{
131 return (CERTIFICATEPOLICIES *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
132 &CERTIFICATEPOLICIES_it);
133}
134LCRYPTO_ALIAS(d2i_CERTIFICATEPOLICIES);
135
136int
137i2d_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES *a, unsigned char **out)
138{
139 return ASN1_item_i2d((ASN1_VALUE *)a, out, &CERTIFICATEPOLICIES_it);
140}
141LCRYPTO_ALIAS(i2d_CERTIFICATEPOLICIES);
142
143CERTIFICATEPOLICIES *
144CERTIFICATEPOLICIES_new(void)
145{
146 return (CERTIFICATEPOLICIES *)ASN1_item_new(&CERTIFICATEPOLICIES_it);
147}
148LCRYPTO_ALIAS(CERTIFICATEPOLICIES_new);
149
150void
151CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *a)
152{
153 ASN1_item_free((ASN1_VALUE *)a, &CERTIFICATEPOLICIES_it);
154}
155LCRYPTO_ALIAS(CERTIFICATEPOLICIES_free);
156
157static const ASN1_TEMPLATE POLICYINFO_seq_tt[] = {
158 {
159 .flags = 0,
160 .tag = 0,
161 .offset = offsetof(POLICYINFO, policyid),
162 .field_name = "policyid",
163 .item = &ASN1_OBJECT_it,
164 },
165 {
166 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
167 .tag = 0,
168 .offset = offsetof(POLICYINFO, qualifiers),
169 .field_name = "qualifiers",
170 .item = &POLICYQUALINFO_it,
171 },
172};
173
174const ASN1_ITEM POLICYINFO_it = {
175 .itype = ASN1_ITYPE_SEQUENCE,
176 .utype = V_ASN1_SEQUENCE,
177 .templates = POLICYINFO_seq_tt,
178 .tcount = sizeof(POLICYINFO_seq_tt) / sizeof(ASN1_TEMPLATE),
179 .funcs = NULL,
180 .size = sizeof(POLICYINFO),
181 .sname = "POLICYINFO",
182};
183LCRYPTO_ALIAS(POLICYINFO_it);
184
185
186POLICYINFO *
187d2i_POLICYINFO(POLICYINFO **a, const unsigned char **in, long len)
188{
189 return (POLICYINFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
190 &POLICYINFO_it);
191}
192LCRYPTO_ALIAS(d2i_POLICYINFO);
193
194int
195i2d_POLICYINFO(POLICYINFO *a, unsigned char **out)
196{
197 return ASN1_item_i2d((ASN1_VALUE *)a, out, &POLICYINFO_it);
198}
199LCRYPTO_ALIAS(i2d_POLICYINFO);
200
201POLICYINFO *
202POLICYINFO_new(void)
203{
204 return (POLICYINFO *)ASN1_item_new(&POLICYINFO_it);
205}
206LCRYPTO_ALIAS(POLICYINFO_new);
207
208void
209POLICYINFO_free(POLICYINFO *a)
210{
211 ASN1_item_free((ASN1_VALUE *)a, &POLICYINFO_it);
212}
213LCRYPTO_ALIAS(POLICYINFO_free);
214
215static const ASN1_TEMPLATE policydefault_tt = {
216 .flags = 0,
217 .tag = 0,
218 .offset = offsetof(POLICYQUALINFO, d.other),
219 .field_name = "d.other",
220 .item = &ASN1_ANY_it,
221};
222
223static const ASN1_ADB_TABLE POLICYQUALINFO_adbtbl[] = {
224 {
225 .value = NID_id_qt_cps,
226 .tt = {
227 .flags = 0,
228 .tag = 0,
229 .offset = offsetof(POLICYQUALINFO, d.cpsuri),
230 .field_name = "d.cpsuri",
231 .item = &ASN1_IA5STRING_it,
232 },
233 },
234 {
235 .value = NID_id_qt_unotice,
236 .tt = {
237 .flags = 0,
238 .tag = 0,
239 .offset = offsetof(POLICYQUALINFO, d.usernotice),
240 .field_name = "d.usernotice",
241 .item = &USERNOTICE_it,
242 },
243 },
244};
245
246static const ASN1_ADB POLICYQUALINFO_adb = {
247 .flags = 0,
248 .offset = offsetof(POLICYQUALINFO, pqualid),
249 .tbl = POLICYQUALINFO_adbtbl,
250 .tblcount = sizeof(POLICYQUALINFO_adbtbl) / sizeof(ASN1_ADB_TABLE),
251 .default_tt = &policydefault_tt,
252 .null_tt = NULL,
253};
254
255static const ASN1_TEMPLATE POLICYQUALINFO_seq_tt[] = {
256 {
257 .flags = 0,
258 .tag = 0,
259 .offset = offsetof(POLICYQUALINFO, pqualid),
260 .field_name = "pqualid",
261 .item = &ASN1_OBJECT_it,
262 },
263 {
264 .flags = ASN1_TFLG_ADB_OID,
265 .tag = -1,
266 .offset = 0,
267 .field_name = "POLICYQUALINFO",
268 .item = (const ASN1_ITEM *)&POLICYQUALINFO_adb,
269 },
270};
271
272const ASN1_ITEM POLICYQUALINFO_it = {
273 .itype = ASN1_ITYPE_SEQUENCE,
274 .utype = V_ASN1_SEQUENCE,
275 .templates = POLICYQUALINFO_seq_tt,
276 .tcount = sizeof(POLICYQUALINFO_seq_tt) / sizeof(ASN1_TEMPLATE),
277 .funcs = NULL,
278 .size = sizeof(POLICYQUALINFO),
279 .sname = "POLICYQUALINFO",
280};
281LCRYPTO_ALIAS(POLICYQUALINFO_it);
282
283
284POLICYQUALINFO *
285d2i_POLICYQUALINFO(POLICYQUALINFO **a, const unsigned char **in, long len)
286{
287 return (POLICYQUALINFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
288 &POLICYQUALINFO_it);
289}
290LCRYPTO_ALIAS(d2i_POLICYQUALINFO);
291
292int
293i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **out)
294{
295 return ASN1_item_i2d((ASN1_VALUE *)a, out, &POLICYQUALINFO_it);
296}
297LCRYPTO_ALIAS(i2d_POLICYQUALINFO);
298
299POLICYQUALINFO *
300POLICYQUALINFO_new(void)
301{
302 return (POLICYQUALINFO *)ASN1_item_new(&POLICYQUALINFO_it);
303}
304LCRYPTO_ALIAS(POLICYQUALINFO_new);
305
306void
307POLICYQUALINFO_free(POLICYQUALINFO *a)
308{
309 ASN1_item_free((ASN1_VALUE *)a, &POLICYQUALINFO_it);
310}
311LCRYPTO_ALIAS(POLICYQUALINFO_free);
312
313static const ASN1_TEMPLATE USERNOTICE_seq_tt[] = {
314 {
315 .flags = ASN1_TFLG_OPTIONAL,
316 .tag = 0,
317 .offset = offsetof(USERNOTICE, noticeref),
318 .field_name = "noticeref",
319 .item = &NOTICEREF_it,
320 },
321 {
322 .flags = ASN1_TFLG_OPTIONAL,
323 .tag = 0,
324 .offset = offsetof(USERNOTICE, exptext),
325 .field_name = "exptext",
326 .item = &DISPLAYTEXT_it,
327 },
328};
329
330const ASN1_ITEM USERNOTICE_it = {
331 .itype = ASN1_ITYPE_SEQUENCE,
332 .utype = V_ASN1_SEQUENCE,
333 .templates = USERNOTICE_seq_tt,
334 .tcount = sizeof(USERNOTICE_seq_tt) / sizeof(ASN1_TEMPLATE),
335 .funcs = NULL,
336 .size = sizeof(USERNOTICE),
337 .sname = "USERNOTICE",
338};
339LCRYPTO_ALIAS(USERNOTICE_it);
340
341
342USERNOTICE *
343d2i_USERNOTICE(USERNOTICE **a, const unsigned char **in, long len)
344{
345 return (USERNOTICE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
346 &USERNOTICE_it);
347}
348LCRYPTO_ALIAS(d2i_USERNOTICE);
349
350int
351i2d_USERNOTICE(USERNOTICE *a, unsigned char **out)
352{
353 return ASN1_item_i2d((ASN1_VALUE *)a, out, &USERNOTICE_it);
354}
355LCRYPTO_ALIAS(i2d_USERNOTICE);
356
357USERNOTICE *
358USERNOTICE_new(void)
359{
360 return (USERNOTICE *)ASN1_item_new(&USERNOTICE_it);
361}
362LCRYPTO_ALIAS(USERNOTICE_new);
363
364void
365USERNOTICE_free(USERNOTICE *a)
366{
367 ASN1_item_free((ASN1_VALUE *)a, &USERNOTICE_it);
368}
369LCRYPTO_ALIAS(USERNOTICE_free);
370
371static const ASN1_TEMPLATE NOTICEREF_seq_tt[] = {
372 {
373 .flags = 0,
374 .tag = 0,
375 .offset = offsetof(NOTICEREF, organization),
376 .field_name = "organization",
377 .item = &DISPLAYTEXT_it,
378 },
379 {
380 .flags = ASN1_TFLG_SEQUENCE_OF,
381 .tag = 0,
382 .offset = offsetof(NOTICEREF, noticenos),
383 .field_name = "noticenos",
384 .item = &ASN1_INTEGER_it,
385 },
386};
387
388const ASN1_ITEM NOTICEREF_it = {
389 .itype = ASN1_ITYPE_SEQUENCE,
390 .utype = V_ASN1_SEQUENCE,
391 .templates = NOTICEREF_seq_tt,
392 .tcount = sizeof(NOTICEREF_seq_tt) / sizeof(ASN1_TEMPLATE),
393 .funcs = NULL,
394 .size = sizeof(NOTICEREF),
395 .sname = "NOTICEREF",
396};
397LCRYPTO_ALIAS(NOTICEREF_it);
398
399
400NOTICEREF *
401d2i_NOTICEREF(NOTICEREF **a, const unsigned char **in, long len)
402{
403 return (NOTICEREF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
404 &NOTICEREF_it);
405}
406LCRYPTO_ALIAS(d2i_NOTICEREF);
407
408int
409i2d_NOTICEREF(NOTICEREF *a, unsigned char **out)
410{
411 return ASN1_item_i2d((ASN1_VALUE *)a, out, &NOTICEREF_it);
412}
413LCRYPTO_ALIAS(i2d_NOTICEREF);
414
415NOTICEREF *
416NOTICEREF_new(void)
417{
418 return (NOTICEREF *)ASN1_item_new(&NOTICEREF_it);
419}
420LCRYPTO_ALIAS(NOTICEREF_new);
421
422void
423NOTICEREF_free(NOTICEREF *a)
424{
425 ASN1_item_free((ASN1_VALUE *)a, &NOTICEREF_it);
426}
427LCRYPTO_ALIAS(NOTICEREF_free);
428
429static STACK_OF(POLICYINFO) *
430r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value)
431{
432 STACK_OF(POLICYINFO) *pols = NULL;
433 char *pstr;
434 POLICYINFO *pol;
435 ASN1_OBJECT *pobj;
436 STACK_OF(CONF_VALUE) *vals;
437 CONF_VALUE *cnf;
438 int i, ia5org;
439
440 pols = sk_POLICYINFO_new_null();
441 if (pols == NULL) {
442 X509V3error(ERR_R_MALLOC_FAILURE);
443 return NULL;
444 }
445 vals = X509V3_parse_list(value);
446 if (vals == NULL) {
447 X509V3error(ERR_R_X509V3_LIB);
448 goto err;
449 }
450 ia5org = 0;
451 for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
452 cnf = sk_CONF_VALUE_value(vals, i);
453 if (cnf->value || !cnf->name) {
454 X509V3error(X509V3_R_INVALID_POLICY_IDENTIFIER);
455 X509V3_conf_err(cnf);
456 goto err;
457 }
458 pstr = cnf->name;
459 if (!strcmp(pstr, "ia5org")) {
460 ia5org = 1;
461 continue;
462 } else if (*pstr == '@') {
463 STACK_OF(CONF_VALUE) *polsect;
464 polsect = X509V3_get0_section(ctx, pstr + 1);
465 if (!polsect) {
466 X509V3error(X509V3_R_INVALID_SECTION);
467 X509V3_conf_err(cnf);
468 goto err;
469 }
470 pol = policy_section(ctx, polsect, ia5org);
471 if (!pol)
472 goto err;
473 } else {
474 if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
475 X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
476 X509V3_conf_err(cnf);
477 goto err;
478 }
479 pol = POLICYINFO_new();
480 pol->policyid = pobj;
481 }
482 if (!sk_POLICYINFO_push(pols, pol)){
483 POLICYINFO_free(pol);
484 X509V3error(ERR_R_MALLOC_FAILURE);
485 goto err;
486 }
487 }
488 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
489 return pols;
490
491err:
492 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
493 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
494 return NULL;
495}
496
497static POLICYINFO *
498policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
499{
500 int i;
501 CONF_VALUE *cnf;
502 POLICYINFO *pol;
503 POLICYQUALINFO *nqual = NULL;
504
505 if ((pol = POLICYINFO_new()) == NULL)
506 goto merr;
507 for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
508 cnf = sk_CONF_VALUE_value(polstrs, i);
509 if (strcmp(cnf->name, "policyIdentifier") == 0) {
510 ASN1_OBJECT *pobj;
511
512 if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) {
513 X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
514 X509V3_conf_err(cnf);
515 goto err;
516 }
517 pol->policyid = pobj;
518 } else if (name_cmp(cnf->name, "CPS") == 0) {
519 if ((nqual = POLICYQUALINFO_new()) == NULL)
520 goto merr;
521 nqual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
522 nqual->d.cpsuri = ASN1_IA5STRING_new();
523 if (nqual->d.cpsuri == NULL)
524 goto merr;
525 if (ASN1_STRING_set(nqual->d.cpsuri, cnf->value,
526 strlen(cnf->value)) == 0)
527 goto merr;
528
529 if (pol->qualifiers == NULL) {
530 pol->qualifiers = sk_POLICYQUALINFO_new_null();
531 if (pol->qualifiers == NULL)
532 goto merr;
533 }
534 if (sk_POLICYQUALINFO_push(pol->qualifiers, nqual) == 0)
535 goto merr;
536 nqual = NULL;
537 } else if (name_cmp(cnf->name, "userNotice") == 0) {
538 STACK_OF(CONF_VALUE) *unot;
539 POLICYQUALINFO *qual;
540
541 if (*cnf->value != '@') {
542 X509V3error(X509V3_R_EXPECTED_A_SECTION_NAME);
543 X509V3_conf_err(cnf);
544 goto err;
545 }
546 unot = X509V3_get0_section(ctx, cnf->value + 1);
547 if (unot == NULL) {
548 X509V3error(X509V3_R_INVALID_SECTION);
549 X509V3_conf_err(cnf);
550 goto err;
551 }
552 qual = notice_section(ctx, unot, ia5org);
553 if (qual == NULL)
554 goto err;
555
556 if (pol->qualifiers == NULL) {
557 pol->qualifiers = sk_POLICYQUALINFO_new_null();
558 if (pol->qualifiers == NULL)
559 goto merr;
560 }
561 if (sk_POLICYQUALINFO_push(pol->qualifiers, qual) == 0)
562 goto merr;
563 } else {
564 X509V3error(X509V3_R_INVALID_OPTION);
565 X509V3_conf_err(cnf);
566 goto err;
567 }
568 }
569 if (pol->policyid == NULL) {
570 X509V3error(X509V3_R_NO_POLICY_IDENTIFIER);
571 goto err;
572 }
573
574 return pol;
575
576merr:
577 X509V3error(ERR_R_MALLOC_FAILURE);
578
579err:
580 POLICYQUALINFO_free(nqual);
581 POLICYINFO_free(pol);
582 return NULL;
583}
584
585static POLICYQUALINFO *
586notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
587{
588 int i, ret;
589 CONF_VALUE *cnf;
590 USERNOTICE *not;
591 POLICYQUALINFO *qual;
592
593 if (!(qual = POLICYQUALINFO_new()))
594 goto merr;
595 qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
596 if (!(not = USERNOTICE_new()))
597 goto merr;
598 qual->d.usernotice = not;
599 for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
600 cnf = sk_CONF_VALUE_value(unot, i);
601 if (!strcmp(cnf->name, "explicitText")) {
602 if (not->exptext == NULL) {
603 not->exptext = ASN1_UTF8STRING_new();
604 if (not->exptext == NULL)
605 goto merr;
606 }
607 if (!ASN1_STRING_set(not->exptext, cnf->value,
608 strlen(cnf->value)))
609 goto merr;
610 } else if (!strcmp(cnf->name, "organization")) {
611 NOTICEREF *nref;
612 if (!not->noticeref) {
613 if (!(nref = NOTICEREF_new()))
614 goto merr;
615 not->noticeref = nref;
616 } else
617 nref = not->noticeref;
618 if (ia5org)
619 nref->organization->type = V_ASN1_IA5STRING;
620 else
621 nref->organization->type = V_ASN1_VISIBLESTRING;
622 if (!ASN1_STRING_set(nref->organization, cnf->value,
623 strlen(cnf->value)))
624 goto merr;
625 } else if (!strcmp(cnf->name, "noticeNumbers")) {
626 NOTICEREF *nref;
627 STACK_OF(CONF_VALUE) *nos;
628 if (!not->noticeref) {
629 if (!(nref = NOTICEREF_new()))
630 goto merr;
631 not->noticeref = nref;
632 } else
633 nref = not->noticeref;
634 nos = X509V3_parse_list(cnf->value);
635 if (!nos || !sk_CONF_VALUE_num(nos)) {
636 X509V3error(X509V3_R_INVALID_NUMBERS);
637 X509V3_conf_err(cnf);
638 if (nos != NULL)
639 sk_CONF_VALUE_pop_free(nos,
640 X509V3_conf_free);
641 goto err;
642 }
643 ret = nref_nos(nref->noticenos, nos);
644 sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
645 if (!ret)
646 goto err;
647 } else {
648 X509V3error(X509V3_R_INVALID_OPTION);
649 X509V3_conf_err(cnf);
650 goto err;
651 }
652 }
653
654 if (not->noticeref &&
655 (!not->noticeref->noticenos || !not->noticeref->organization)) {
656 X509V3error(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
657 goto err;
658 }
659
660 return qual;
661
662merr:
663 X509V3error(ERR_R_MALLOC_FAILURE);
664
665err:
666 POLICYQUALINFO_free(qual);
667 return NULL;
668}
669
670static int
671nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
672{
673 CONF_VALUE *cnf;
674 ASN1_INTEGER *aint;
675 int i;
676
677 for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
678 cnf = sk_CONF_VALUE_value(nos, i);
679 if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
680 X509V3error(X509V3_R_INVALID_NUMBER);
681 goto err;
682 }
683 if (!sk_ASN1_INTEGER_push(nnums, aint))
684 goto merr;
685 }
686 return 1;
687
688merr:
689 X509V3error(ERR_R_MALLOC_FAILURE);
690
691err:
692 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
693 return 0;
694}
695
696static int
697i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out,
698 int indent)
699{
700 int i;
701 POLICYINFO *pinfo;
702
703 /* First print out the policy OIDs */
704 for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
705 pinfo = sk_POLICYINFO_value(pol, i);
706 BIO_printf(out, "%*sPolicy: ", indent, "");
707 i2a_ASN1_OBJECT(out, pinfo->policyid);
708 BIO_puts(out, "\n");
709 if (pinfo->qualifiers)
710 print_qualifiers(out, pinfo->qualifiers, indent + 2);
711 }
712 return 1;
713}
714
715static void
716print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent)
717{
718 POLICYQUALINFO *qualinfo;
719 int i;
720
721 for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
722 qualinfo = sk_POLICYQUALINFO_value(quals, i);
723 switch (OBJ_obj2nid(qualinfo->pqualid)) {
724 case NID_id_qt_cps:
725 BIO_printf(out, "%*sCPS: %.*s\n", indent, "",
726 qualinfo->d.cpsuri->length,
727 qualinfo->d.cpsuri->data);
728 break;
729
730 case NID_id_qt_unotice:
731 BIO_printf(out, "%*sUser Notice:\n", indent, "");
732 print_notice(out, qualinfo->d.usernotice, indent + 2);
733 break;
734
735 default:
736 BIO_printf(out, "%*sUnknown Qualifier: ",
737 indent + 2, "");
738
739 i2a_ASN1_OBJECT(out, qualinfo->pqualid);
740 BIO_puts(out, "\n");
741 break;
742 }
743 }
744}
745
746static void
747print_notice(BIO *out, USERNOTICE *notice, int indent)
748{
749 int i;
750
751 if (notice->noticeref) {
752 NOTICEREF *ref;
753 ref = notice->noticeref;
754 BIO_printf(out, "%*sOrganization: %.*s\n", indent, "",
755 ref->organization->length, ref->organization->data);
756 BIO_printf(out, "%*sNumber%s: ", indent, "",
757 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
758 for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
759 ASN1_INTEGER *num;
760 char *tmp;
761 num = sk_ASN1_INTEGER_value(ref->noticenos, i);
762 if (i)
763 BIO_puts(out, ", ");
764 tmp = i2s_ASN1_INTEGER(NULL, num);
765 BIO_puts(out, tmp);
766 free(tmp);
767 }
768 BIO_puts(out, "\n");
769 }
770 if (notice->exptext)
771 BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
772 notice->exptext->length, notice->exptext->data);
773}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-06 16:05:50 +0000