diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x509_v3.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_v3.c | 237 |
1 files changed, 48 insertions, 189 deletions
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c index 1c03602f0b..b5f7daa2e5 100644 --- a/src/lib/libcrypto/x509/x509_v3.c +++ b/src/lib/libcrypto/x509/x509_v3.c | |||
| @@ -57,34 +57,22 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "stack.h" | 60 | #include <openssl/stack.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "asn1.h" | 62 | #include <openssl/asn1.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include "evp.h" | 64 | #include <openssl/evp.h> |
| 65 | #include "x509.h" | 65 | #include <openssl/x509.h> |
| 66 | #include <openssl/x509v3.h> | ||
| 66 | 67 | ||
| 67 | #ifndef NOPROTO | 68 | int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) |
| 68 | static X509_EXTENSION_METHOD *find_by_nid(int nid); | ||
| 69 | static int xem_cmp(X509_EXTENSION_METHOD **a, X509_EXTENSION_METHOD **b); | ||
| 70 | #else | ||
| 71 | static X509_EXTENSION_METHOD *find_by_nid(); | ||
| 72 | static int xem_cmp(); | ||
| 73 | #endif | ||
| 74 | |||
| 75 | static STACK *extensions=NULL; | ||
| 76 | |||
| 77 | int X509v3_get_ext_count(x) | ||
| 78 | STACK *x; | ||
| 79 | { | 69 | { |
| 80 | if (x == NULL) return(0); | 70 | if (x == NULL) return(0); |
| 81 | return(sk_num(x)); | 71 | return(sk_X509_EXTENSION_num(x)); |
| 82 | } | 72 | } |
| 83 | 73 | ||
| 84 | int X509v3_get_ext_by_NID(x,nid,lastpos) | 74 | int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, |
| 85 | STACK *x; | 75 | int lastpos) |
| 86 | int nid; | ||
| 87 | int lastpos; | ||
| 88 | { | 76 | { |
| 89 | ASN1_OBJECT *obj; | 77 | ASN1_OBJECT *obj; |
| 90 | 78 | ||
| @@ -93,10 +81,8 @@ int lastpos; | |||
| 93 | return(X509v3_get_ext_by_OBJ(x,obj,lastpos)); | 81 | return(X509v3_get_ext_by_OBJ(x,obj,lastpos)); |
| 94 | } | 82 | } |
| 95 | 83 | ||
| 96 | int X509v3_get_ext_by_OBJ(sk,obj,lastpos) | 84 | int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj, |
| 97 | STACK *sk; | 85 | int lastpos) |
| 98 | ASN1_OBJECT *obj; | ||
| 99 | int lastpos; | ||
| 100 | { | 86 | { |
| 101 | int n; | 87 | int n; |
| 102 | X509_EXTENSION *ex; | 88 | X509_EXTENSION *ex; |
| @@ -105,20 +91,18 @@ int lastpos; | |||
| 105 | lastpos++; | 91 | lastpos++; |
| 106 | if (lastpos < 0) | 92 | if (lastpos < 0) |
| 107 | lastpos=0; | 93 | lastpos=0; |
| 108 | n=sk_num(sk); | 94 | n=sk_X509_EXTENSION_num(sk); |
| 109 | for ( ; lastpos < n; lastpos++) | 95 | for ( ; lastpos < n; lastpos++) |
| 110 | { | 96 | { |
| 111 | ex=(X509_EXTENSION *)sk_value(sk,lastpos); | 97 | ex=sk_X509_EXTENSION_value(sk,lastpos); |
| 112 | if (OBJ_cmp(ex->object,obj) == 0) | 98 | if (OBJ_cmp(ex->object,obj) == 0) |
| 113 | return(lastpos); | 99 | return(lastpos); |
| 114 | } | 100 | } |
| 115 | return(-1); | 101 | return(-1); |
| 116 | } | 102 | } |
| 117 | 103 | ||
| 118 | int X509v3_get_ext_by_critical(sk,crit,lastpos) | 104 | int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, |
| 119 | STACK *sk; | 105 | int lastpos) |
| 120 | int crit; | ||
| 121 | int lastpos; | ||
| 122 | { | 106 | { |
| 123 | int n; | 107 | int n; |
| 124 | X509_EXTENSION *ex; | 108 | X509_EXTENSION *ex; |
| @@ -127,63 +111,57 @@ int lastpos; | |||
| 127 | lastpos++; | 111 | lastpos++; |
| 128 | if (lastpos < 0) | 112 | if (lastpos < 0) |
| 129 | lastpos=0; | 113 | lastpos=0; |
| 130 | n=sk_num(sk); | 114 | n=sk_X509_EXTENSION_num(sk); |
| 131 | for ( ; lastpos < n; lastpos++) | 115 | for ( ; lastpos < n; lastpos++) |
| 132 | { | 116 | { |
| 133 | ex=(X509_EXTENSION *)sk_value(sk,lastpos); | 117 | ex=sk_X509_EXTENSION_value(sk,lastpos); |
| 134 | if ( (ex->critical && crit) || | 118 | if ( ((ex->critical > 0) && crit) || |
| 135 | (!ex->critical && !crit)) | 119 | (!(ex->critical <= 0) && !crit)) |
| 136 | return(lastpos); | 120 | return(lastpos); |
| 137 | } | 121 | } |
| 138 | return(-1); | 122 | return(-1); |
| 139 | } | 123 | } |
| 140 | 124 | ||
| 141 | X509_EXTENSION *X509v3_get_ext(x,loc) | 125 | X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) |
| 142 | STACK *x; | ||
| 143 | int loc; | ||
| 144 | { | 126 | { |
| 145 | if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0)) | 127 | if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) |
| 146 | return(NULL); | 128 | return NULL; |
| 147 | else | 129 | else |
| 148 | return((X509_EXTENSION *)sk_value(x,loc)); | 130 | return sk_X509_EXTENSION_value(x,loc); |
| 149 | } | 131 | } |
| 150 | 132 | ||
| 151 | X509_EXTENSION *X509v3_delete_ext(x,loc) | 133 | X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) |
| 152 | STACK *x; | ||
| 153 | int loc; | ||
| 154 | { | 134 | { |
| 155 | X509_EXTENSION *ret; | 135 | X509_EXTENSION *ret; |
| 156 | 136 | ||
| 157 | if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0)) | 137 | if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) |
| 158 | return(NULL); | 138 | return(NULL); |
| 159 | ret=(X509_EXTENSION *)sk_delete(x,loc); | 139 | ret=sk_X509_EXTENSION_delete(x,loc); |
| 160 | return(ret); | 140 | return(ret); |
| 161 | } | 141 | } |
| 162 | 142 | ||
| 163 | STACK *X509v3_add_ext(x,ex,loc) | 143 | STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, |
| 164 | STACK **x; | 144 | X509_EXTENSION *ex, int loc) |
| 165 | X509_EXTENSION *ex; | ||
| 166 | int loc; | ||
| 167 | { | 145 | { |
| 168 | X509_EXTENSION *new_ex=NULL; | 146 | X509_EXTENSION *new_ex=NULL; |
| 169 | int n; | 147 | int n; |
| 170 | STACK *sk=NULL; | 148 | STACK_OF(X509_EXTENSION) *sk=NULL; |
| 171 | 149 | ||
| 172 | if ((x != NULL) && (*x == NULL)) | 150 | if ((x != NULL) && (*x == NULL)) |
| 173 | { | 151 | { |
| 174 | if ((sk=sk_new_null()) == NULL) | 152 | if ((sk=sk_X509_EXTENSION_new_null()) == NULL) |
| 175 | goto err; | 153 | goto err; |
| 176 | } | 154 | } |
| 177 | else | 155 | else |
| 178 | sk= *x; | 156 | sk= *x; |
| 179 | 157 | ||
| 180 | n=sk_num(sk); | 158 | n=sk_X509_EXTENSION_num(sk); |
| 181 | if (loc > n) loc=n; | 159 | if (loc > n) loc=n; |
| 182 | else if (loc < 0) loc=n; | 160 | else if (loc < 0) loc=n; |
| 183 | 161 | ||
| 184 | if ((new_ex=X509_EXTENSION_dup(ex)) == NULL) | 162 | if ((new_ex=X509_EXTENSION_dup(ex)) == NULL) |
| 185 | goto err2; | 163 | goto err2; |
| 186 | if (!sk_insert(sk,(char *)new_ex,loc)) | 164 | if (!sk_X509_EXTENSION_insert(sk,new_ex,loc)) |
| 187 | goto err; | 165 | goto err; |
| 188 | if ((x != NULL) && (*x == NULL)) | 166 | if ((x != NULL) && (*x == NULL)) |
| 189 | *x=sk; | 167 | *x=sk; |
| @@ -192,15 +170,12 @@ err: | |||
| 192 | X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); | 170 | X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); |
| 193 | err2: | 171 | err2: |
| 194 | if (new_ex != NULL) X509_EXTENSION_free(new_ex); | 172 | if (new_ex != NULL) X509_EXTENSION_free(new_ex); |
| 195 | if (sk != NULL) sk_free(sk); | 173 | if (sk != NULL) sk_X509_EXTENSION_free(sk); |
| 196 | return(NULL); | 174 | return(NULL); |
| 197 | } | 175 | } |
| 198 | 176 | ||
| 199 | X509_EXTENSION *X509_EXTENSION_create_by_NID(ex,nid,crit,data) | 177 | X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, |
| 200 | X509_EXTENSION **ex; | 178 | int crit, ASN1_OCTET_STRING *data) |
| 201 | int nid; | ||
| 202 | int crit; | ||
| 203 | ASN1_OCTET_STRING *data; | ||
| 204 | { | 179 | { |
| 205 | ASN1_OBJECT *obj; | 180 | ASN1_OBJECT *obj; |
| 206 | X509_EXTENSION *ret; | 181 | X509_EXTENSION *ret; |
| @@ -216,11 +191,8 @@ ASN1_OCTET_STRING *data; | |||
| 216 | return(ret); | 191 | return(ret); |
| 217 | } | 192 | } |
| 218 | 193 | ||
| 219 | X509_EXTENSION *X509_EXTENSION_create_by_OBJ(ex,obj,crit,data) | 194 | X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, |
| 220 | X509_EXTENSION **ex; | 195 | ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data) |
| 221 | ASN1_OBJECT *obj; | ||
| 222 | int crit; | ||
| 223 | ASN1_OCTET_STRING *data; | ||
| 224 | { | 196 | { |
| 225 | X509_EXTENSION *ret; | 197 | X509_EXTENSION *ret; |
| 226 | 198 | ||
| @@ -250,9 +222,7 @@ err: | |||
| 250 | return(NULL); | 222 | return(NULL); |
| 251 | } | 223 | } |
| 252 | 224 | ||
| 253 | int X509_EXTENSION_set_object(ex,obj) | 225 | int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj) |
| 254 | X509_EXTENSION *ex; | ||
| 255 | ASN1_OBJECT *obj; | ||
| 256 | { | 226 | { |
| 257 | if ((ex == NULL) || (obj == NULL)) | 227 | if ((ex == NULL) || (obj == NULL)) |
| 258 | return(0); | 228 | return(0); |
| @@ -261,149 +231,38 @@ ASN1_OBJECT *obj; | |||
| 261 | return(1); | 231 | return(1); |
| 262 | } | 232 | } |
| 263 | 233 | ||
| 264 | int X509_EXTENSION_set_critical(ex,crit) | 234 | int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) |
| 265 | X509_EXTENSION *ex; | ||
| 266 | int crit; | ||
| 267 | { | 235 | { |
| 268 | if (ex == NULL) return(0); | 236 | if (ex == NULL) return(0); |
| 269 | ex->critical=(crit)?0xFF:0; | 237 | ex->critical=(crit)?0xFF:-1; |
| 270 | return(1); | 238 | return(1); |
| 271 | } | 239 | } |
| 272 | 240 | ||
| 273 | int X509_EXTENSION_set_data(ex,data) | 241 | int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) |
| 274 | X509_EXTENSION *ex; | ||
| 275 | ASN1_OCTET_STRING *data; | ||
| 276 | { | 242 | { |
| 277 | int i; | 243 | int i; |
| 278 | 244 | ||
| 279 | if (ex == NULL) return(0); | 245 | if (ex == NULL) return(0); |
| 280 | i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length); | 246 | i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length); |
| 281 | if (!i) return(0); | 247 | if (!i) return(0); |
| 282 | return(1); | 248 | return(1); |
| 283 | } | 249 | } |
| 284 | 250 | ||
| 285 | ASN1_OBJECT *X509_EXTENSION_get_object(ex) | 251 | ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) |
| 286 | X509_EXTENSION *ex; | ||
| 287 | { | 252 | { |
| 288 | if (ex == NULL) return(NULL); | 253 | if (ex == NULL) return(NULL); |
| 289 | return(ex->object); | 254 | return(ex->object); |
| 290 | } | 255 | } |
| 291 | 256 | ||
| 292 | ASN1_OCTET_STRING *X509_EXTENSION_get_data(ex) | 257 | ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) |
| 293 | X509_EXTENSION *ex; | ||
| 294 | { | 258 | { |
| 295 | if (ex == NULL) return(NULL); | 259 | if (ex == NULL) return(NULL); |
| 296 | return(ex->value); | 260 | return(ex->value); |
| 297 | } | 261 | } |
| 298 | 262 | ||
| 299 | int X509_EXTENSION_get_critical(ex) | 263 | int X509_EXTENSION_get_critical(X509_EXTENSION *ex) |
| 300 | X509_EXTENSION *ex; | ||
| 301 | { | 264 | { |
| 302 | if (ex == NULL) return(0); | 265 | if (ex == NULL) return(0); |
| 303 | return(ex->critical); | 266 | if(ex->critical > 0) return 1; |
| 304 | } | 267 | return 0; |
| 305 | |||
| 306 | int X509v3_data_type_by_OBJ(obj) | ||
| 307 | ASN1_OBJECT *obj; | ||
| 308 | { | ||
| 309 | int nid; | ||
| 310 | |||
| 311 | nid=OBJ_obj2nid(obj); | ||
| 312 | if (nid == V_ASN1_UNDEF) return(V_ASN1_UNDEF); | ||
| 313 | return(X509v3_data_type_by_NID(nid)); | ||
| 314 | } | ||
| 315 | |||
| 316 | int X509v3_data_type_by_NID(nid) | ||
| 317 | int nid; | ||
| 318 | { | ||
| 319 | X509_EXTENSION_METHOD *x; | ||
| 320 | |||
| 321 | x=find_by_nid(nid); | ||
| 322 | if (x == NULL) | ||
| 323 | return(V_ASN1_UNDEF); | ||
| 324 | else | ||
| 325 | return(x->data_type); | ||
| 326 | } | ||
| 327 | |||
| 328 | int X509v3_pack_type_by_OBJ(obj) | ||
| 329 | ASN1_OBJECT *obj; | ||
| 330 | { | ||
| 331 | int nid; | ||
| 332 | |||
| 333 | nid=OBJ_obj2nid(obj); | ||
| 334 | if (nid == NID_undef) return(X509_EXT_PACK_UNKNOWN); | ||
| 335 | return(X509v3_pack_type_by_NID(nid)); | ||
| 336 | } | ||
| 337 | |||
| 338 | int X509v3_pack_type_by_NID(nid) | ||
| 339 | int nid; | ||
| 340 | { | ||
| 341 | X509_EXTENSION_METHOD *x; | ||
| 342 | |||
| 343 | x=find_by_nid(nid); | ||
| 344 | if (x == NULL) | ||
| 345 | return(X509_EXT_PACK_UNKNOWN); | ||
| 346 | else | ||
| 347 | return(x->pack_type); | ||
| 348 | } | ||
| 349 | |||
| 350 | static X509_EXTENSION_METHOD *find_by_nid(nid) | ||
| 351 | int nid; | ||
| 352 | { | ||
| 353 | X509_EXTENSION_METHOD x; | ||
| 354 | int i; | ||
| 355 | |||
| 356 | x.nid=nid; | ||
| 357 | if (extensions == NULL) return(NULL); | ||
| 358 | i=sk_find(extensions,(char *)&x); | ||
| 359 | if (i < 0) | ||
| 360 | return(NULL); | ||
| 361 | else | ||
| 362 | return((X509_EXTENSION_METHOD *)sk_value(extensions,i)); | ||
| 363 | } | ||
| 364 | |||
| 365 | static int xem_cmp(a,b) | ||
| 366 | X509_EXTENSION_METHOD **a,**b; | ||
| 367 | { | ||
| 368 | return((*a)->nid-(*b)->nid); | ||
| 369 | } | ||
| 370 | |||
| 371 | void X509v3_cleanup_extensions() | ||
| 372 | { | ||
| 373 | int i; | ||
| 374 | |||
| 375 | if (extensions != NULL) | ||
| 376 | { | ||
| 377 | for (i=0; i<sk_num(extensions); i++) | ||
| 378 | Free(sk_value(extensions,i)); | ||
| 379 | sk_free(extensions); | ||
| 380 | extensions=NULL; | ||
| 381 | } | ||
| 382 | } | 268 | } |
| 383 | |||
| 384 | int X509v3_add_extension(x) | ||
| 385 | X509_EXTENSION_METHOD *x; | ||
| 386 | { | ||
| 387 | X509_EXTENSION_METHOD *newx; | ||
| 388 | |||
| 389 | if (extensions == NULL) | ||
| 390 | { | ||
| 391 | extensions=sk_new(xem_cmp); | ||
| 392 | if (extensions == NULL) goto err; | ||
| 393 | } | ||
| 394 | newx=(X509_EXTENSION_METHOD *)Malloc(sizeof(X509_EXTENSION_METHOD)); | ||
| 395 | if (newx == NULL) goto err; | ||
| 396 | newx->nid=x->nid; | ||
| 397 | newx->data_type=x->data_type; | ||
| 398 | newx->pack_type=x->pack_type; | ||
| 399 | if (!sk_push(extensions,(char *)newx)) | ||
| 400 | { | ||
| 401 | Free(newx); | ||
| 402 | goto err; | ||
| 403 | } | ||
| 404 | return(1); | ||
| 405 | err: | ||
| 406 | X509err(X509_F_X509V3_ADD_EXTENSION,ERR_R_MALLOC_FAILURE); | ||
| 407 | return(0); | ||
| 408 | } | ||
| 409 | |||