summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/x509/by_dir.c351
-rw-r--r--src/lib/libcrypto/x509/by_file.c298
-rw-r--r--src/lib/libcrypto/x509/x509.h1294
-rw-r--r--src/lib/libcrypto/x509/x509_att.c326
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c308
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c107
-rw-r--r--src/lib/libcrypto/x509/x509_def.c81
-rw-r--r--src/lib/libcrypto/x509/x509_err.c152
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c191
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c529
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c225
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c110
-rw-r--r--src/lib/libcrypto/x509/x509_req.c278
-rw-r--r--src/lib/libcrypto/x509/x509_set.c150
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c267
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c150
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c267
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c920
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h390
-rw-r--r--src/lib/libcrypto/x509/x509name.c383
-rw-r--r--src/lib/libcrypto/x509/x509rset.c83
-rw-r--r--src/lib/libcrypto/x509/x509spki.c121
-rw-r--r--src/lib/libcrypto/x509/x509type.c114
-rw-r--r--src/lib/libcrypto/x509/x_all.c565
-rw-r--r--src/lib/libcrypto/x509v3/ext_dat.h97
-rw-r--r--src/lib/libcrypto/x509v3/v3_akey.c249
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c401
-rw-r--r--src/lib/libcrypto/x509v3/v3_bcons.c164
-rw-r--r--src/lib/libcrypto/x509v3/v3_bitst.c141
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c390
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c660
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c285
-rw-r--r--src/lib/libcrypto/x509v3/v3_enum.c96
-rw-r--r--src/lib/libcrypto/x509v3/v3_extku.c150
-rw-r--r--src/lib/libcrypto/x509v3/v3_genn.c291
-rw-r--r--src/lib/libcrypto/x509v3/v3_ia5.c113
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c236
-rw-r--r--src/lib/libcrypto/x509v3/v3_int.c72
-rw-r--r--src/lib/libcrypto/x509v3/v3_lib.c225
-rw-r--r--src/lib/libcrypto/x509v3/v3_pku.c151
-rw-r--r--src/lib/libcrypto/x509v3/v3_prn.c165
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c535
-rw-r--r--src/lib/libcrypto/x509v3/v3_skey.c149
-rw-r--r--src/lib/libcrypto/x509v3/v3_sxnet.c340
-rw-r--r--src/lib/libcrypto/x509v3/v3_utl.c516
-rw-r--r--src/lib/libcrypto/x509v3/v3err.c176
-rw-r--r--src/lib/libcrypto/x509v3/x509v3.h653
47 files changed, 0 insertions, 13915 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
deleted file mode 100644
index 448bd7e69c..0000000000
--- a/src/lib/libcrypto/x509/by_dir.c
+++ /dev/null
@@ -1,351 +0,0 @@
1/* crypto/x509/by_dir.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64
65#ifndef NO_SYS_TYPES_H
66# include <sys/types.h>
67#endif
68#ifdef MAC_OS_pre_X
69# include <stat.h>
70#else
71# include <sys/stat.h>
72#endif
73
74#include <openssl/lhash.h>
75#include <openssl/x509.h>
76
77typedef struct lookup_dir_st
78 {
79 BUF_MEM *buffer;
80 int num_dirs;
81 char **dirs;
82 int *dirs_type;
83 int num_dirs_alloced;
84 } BY_DIR;
85
86static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
87 char **ret);
88static int new_dir(X509_LOOKUP *lu);
89static void free_dir(X509_LOOKUP *lu);
90static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
91static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
92 X509_OBJECT *ret);
93X509_LOOKUP_METHOD x509_dir_lookup=
94 {
95 "Load certs from files in a directory",
96 new_dir, /* new */
97 free_dir, /* free */
98 NULL, /* init */
99 NULL, /* shutdown */
100 dir_ctrl, /* ctrl */
101 get_cert_by_subject, /* get_by_subject */
102 NULL, /* get_by_issuer_serial */
103 NULL, /* get_by_fingerprint */
104 NULL, /* get_by_alias */
105 };
106
107X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
108 {
109 return(&x509_dir_lookup);
110 }
111
112static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
113 char **retp)
114 {
115 int ret=0;
116 BY_DIR *ld;
117 char *dir;
118
119 ld=(BY_DIR *)ctx->method_data;
120
121 switch (cmd)
122 {
123 case X509_L_ADD_DIR:
124 if (argl == X509_FILETYPE_DEFAULT)
125 {
126 ret=add_cert_dir(ld,X509_get_default_cert_dir(),
127 X509_FILETYPE_PEM);
128 if (!ret)
129 {
130 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
131 }
132 else
133 {
134 dir=(char *)Getenv(X509_get_default_cert_dir_env());
135 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
136 }
137 }
138 else
139 ret=add_cert_dir(ld,argp,(int)argl);
140 break;
141 }
142 return(ret);
143 }
144
145static int new_dir(X509_LOOKUP *lu)
146 {
147 BY_DIR *a;
148
149 if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
150 return(0);
151 if ((a->buffer=BUF_MEM_new()) == NULL)
152 {
153 OPENSSL_free(a);
154 return(0);
155 }
156 a->num_dirs=0;
157 a->dirs=NULL;
158 a->dirs_type=NULL;
159 a->num_dirs_alloced=0;
160 lu->method_data=(char *)a;
161 return(1);
162 }
163
164static void free_dir(X509_LOOKUP *lu)
165 {
166 BY_DIR *a;
167 int i;
168
169 a=(BY_DIR *)lu->method_data;
170 for (i=0; i<a->num_dirs; i++)
171 if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
172 if (a->dirs != NULL) OPENSSL_free(a->dirs);
173 if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
174 if (a->buffer != NULL) BUF_MEM_free(a->buffer);
175 OPENSSL_free(a);
176 }
177
178static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
179 {
180 int j,len;
181 int *ip;
182 const char *s,*ss,*p;
183 char **pp;
184
185 if (dir == NULL || !*dir)
186 {
187 X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
188 return 0;
189 }
190
191 s=dir;
192 p=s;
193 for (;;)
194 {
195 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
196 {
197 ss=s;
198 s=p+1;
199 len=(int)(p-ss);
200 if (len == 0) continue;
201 for (j=0; j<ctx->num_dirs; j++)
202 if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
203 continue;
204 if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
205 {
206 ctx->num_dirs_alloced+=10;
207 pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
208 sizeof(char *));
209 ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
210 sizeof(int));
211 if ((pp == NULL) || (ip == NULL))
212 {
213 X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
214 return(0);
215 }
216 memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
217 sizeof(char *));
218 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
219 sizeof(int));
220 if (ctx->dirs != NULL)
221 OPENSSL_free(ctx->dirs);
222 if (ctx->dirs_type != NULL)
223 OPENSSL_free(ctx->dirs_type);
224 ctx->dirs=pp;
225 ctx->dirs_type=ip;
226 }
227 ctx->dirs_type[ctx->num_dirs]=type;
228 ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
229 if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
230 strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
231 ctx->dirs[ctx->num_dirs][len]='\0';
232 ctx->num_dirs++;
233 }
234 if (*p == '\0') break;
235 p++;
236 }
237 return(1);
238 }
239
240static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
241 X509_OBJECT *ret)
242 {
243 BY_DIR *ctx;
244 union {
245 struct {
246 X509 st_x509;
247 X509_CINF st_x509_cinf;
248 } x509;
249 struct {
250 X509_CRL st_crl;
251 X509_CRL_INFO st_crl_info;
252 } crl;
253 } data;
254 int ok=0;
255 int i,j,k;
256 unsigned long h;
257 BUF_MEM *b=NULL;
258 struct stat st;
259 X509_OBJECT stmp,*tmp;
260 const char *postfix="";
261
262 if (name == NULL) return(0);
263
264 stmp.type=type;
265 if (type == X509_LU_X509)
266 {
267 data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
268 data.x509.st_x509_cinf.subject=name;
269 stmp.data.x509= &data.x509.st_x509;
270 postfix="";
271 }
272 else if (type == X509_LU_CRL)
273 {
274 data.crl.st_crl.crl= &data.crl.st_crl_info;
275 data.crl.st_crl_info.issuer=name;
276 stmp.data.crl= &data.crl.st_crl;
277 postfix="r";
278 }
279 else
280 {
281 X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
282 goto finish;
283 }
284
285 if ((b=BUF_MEM_new()) == NULL)
286 {
287 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
288 goto finish;
289 }
290
291 ctx=(BY_DIR *)xl->method_data;
292
293 h=X509_NAME_hash(name);
294 for (i=0; i<ctx->num_dirs; i++)
295 {
296 j=strlen(ctx->dirs[i])+1+8+6+1+1;
297 if (!BUF_MEM_grow(b,j))
298 {
299 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
300 goto finish;
301 }
302 k=0;
303 for (;;)
304 {
305 sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
306 postfix,k);
307 k++;
308 if (stat(b->data,&st) < 0)
309 break;
310 /* found one. */
311 if (type == X509_LU_X509)
312 {
313 if ((X509_load_cert_file(xl,b->data,
314 ctx->dirs_type[i])) == 0)
315 break;
316 }
317 else if (type == X509_LU_CRL)
318 {
319 if ((X509_load_crl_file(xl,b->data,
320 ctx->dirs_type[i])) == 0)
321 break;
322 }
323 /* else case will caught higher up */
324 }
325
326 /* we have added it to the cache so now pull
327 * it out again */
328 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
329 j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
330 if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
331 else tmp = NULL;
332 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
333
334 if (tmp != NULL)
335 {
336 ok=1;
337 ret->type=tmp->type;
338 memcpy(&ret->data,&tmp->data,sizeof(ret->data));
339 /* If we were going to up the reference count,
340 * we would need to do it on a perl 'type'
341 * basis */
342 /* CRYPTO_add(&tmp->data.x509->references,1,
343 CRYPTO_LOCK_X509);*/
344 goto finish;
345 }
346 }
347finish:
348 if (b != NULL) BUF_MEM_free(b);
349 return(ok);
350 }
351
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
deleted file mode 100644
index 78e9240a8d..0000000000
--- a/src/lib/libcrypto/x509/by_file.c
+++ /dev/null
@@ -1,298 +0,0 @@
1/* crypto/x509/by_file.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/lhash.h>
65#include <openssl/buffer.h>
66#include <openssl/x509.h>
67#include <openssl/pem.h>
68
69#ifndef NO_STDIO
70
71static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
72 long argl, char **ret);
73X509_LOOKUP_METHOD x509_file_lookup=
74 {
75 "Load file into cache",
76 NULL, /* new */
77 NULL, /* free */
78 NULL, /* init */
79 NULL, /* shutdown */
80 by_file_ctrl, /* ctrl */
81 NULL, /* get_by_subject */
82 NULL, /* get_by_issuer_serial */
83 NULL, /* get_by_fingerprint */
84 NULL, /* get_by_alias */
85 };
86
87X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
88 {
89 return(&x509_file_lookup);
90 }
91
92static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
93 char **ret)
94 {
95 int ok=0;
96 char *file;
97
98 switch (cmd)
99 {
100 case X509_L_FILE_LOAD:
101 if (argl == X509_FILETYPE_DEFAULT)
102 {
103 ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
104 X509_FILETYPE_PEM) != 0);
105 if (!ok)
106 {
107 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
108 }
109 else
110 {
111 file=(char *)Getenv(X509_get_default_cert_file_env());
112 ok = (X509_load_cert_crl_file(ctx,file,
113 X509_FILETYPE_PEM) != 0);
114 }
115 }
116 else
117 {
118 if(argl == X509_FILETYPE_PEM)
119 ok = (X509_load_cert_crl_file(ctx,argp,
120 X509_FILETYPE_PEM) != 0);
121 else
122 ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
123 }
124 break;
125 }
126 return(ok);
127 }
128
129int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
130 {
131 int ret=0;
132 BIO *in=NULL;
133 int i,count=0;
134 X509 *x=NULL;
135
136 if (file == NULL) return(1);
137 in=BIO_new(BIO_s_file_internal());
138
139 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
140 {
141 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
142 goto err;
143 }
144
145 if (type == X509_FILETYPE_PEM)
146 {
147 for (;;)
148 {
149 x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
150 if (x == NULL)
151 {
152 if ((ERR_GET_REASON(ERR_peek_error()) ==
153 PEM_R_NO_START_LINE) && (count > 0))
154 {
155 ERR_clear_error();
156 break;
157 }
158 else
159 {
160 X509err(X509_F_X509_LOAD_CERT_FILE,
161 ERR_R_PEM_LIB);
162 goto err;
163 }
164 }
165 i=X509_STORE_add_cert(ctx->store_ctx,x);
166 if (!i) goto err;
167 count++;
168 X509_free(x);
169 x=NULL;
170 }
171 ret=count;
172 }
173 else if (type == X509_FILETYPE_ASN1)
174 {
175 x=d2i_X509_bio(in,NULL);
176 if (x == NULL)
177 {
178 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
179 goto err;
180 }
181 i=X509_STORE_add_cert(ctx->store_ctx,x);
182 if (!i) goto err;
183 ret=i;
184 }
185 else
186 {
187 X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
188 goto err;
189 }
190err:
191 if (x != NULL) X509_free(x);
192 if (in != NULL) BIO_free(in);
193 return(ret);
194 }
195
196int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
197 {
198 int ret=0;
199 BIO *in=NULL;
200 int i,count=0;
201 X509_CRL *x=NULL;
202
203 if (file == NULL) return(1);
204 in=BIO_new(BIO_s_file_internal());
205
206 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
207 {
208 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
209 goto err;
210 }
211
212 if (type == X509_FILETYPE_PEM)
213 {
214 for (;;)
215 {
216 x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
217 if (x == NULL)
218 {
219 if ((ERR_GET_REASON(ERR_peek_error()) ==
220 PEM_R_NO_START_LINE) && (count > 0))
221 {
222 ERR_clear_error();
223 break;
224 }
225 else
226 {
227 X509err(X509_F_X509_LOAD_CRL_FILE,
228 ERR_R_PEM_LIB);
229 goto err;
230 }
231 }
232 i=X509_STORE_add_crl(ctx->store_ctx,x);
233 if (!i) goto err;
234 count++;
235 X509_CRL_free(x);
236 x=NULL;
237 }
238 ret=count;
239 }
240 else if (type == X509_FILETYPE_ASN1)
241 {
242 x=d2i_X509_CRL_bio(in,NULL);
243 if (x == NULL)
244 {
245 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
246 goto err;
247 }
248 i=X509_STORE_add_crl(ctx->store_ctx,x);
249 if (!i) goto err;
250 ret=i;
251 }
252 else
253 {
254 X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
255 goto err;
256 }
257err:
258 if (x != NULL) X509_CRL_free(x);
259 if (in != NULL) BIO_free(in);
260 return(ret);
261 }
262
263int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
264{
265 STACK_OF(X509_INFO) *inf;
266 X509_INFO *itmp;
267 BIO *in;
268 int i, count = 0;
269 if(type != X509_FILETYPE_PEM)
270 return X509_load_cert_file(ctx, file, type);
271 in = BIO_new_file(file, "r");
272 if(!in) {
273 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
274 return 0;
275 }
276 inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
277 BIO_free(in);
278 if(!inf) {
279 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
280 return 0;
281 }
282 for(i = 0; i < sk_X509_INFO_num(inf); i++) {
283 itmp = sk_X509_INFO_value(inf, i);
284 if(itmp->x509) {
285 X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
286 count++;
287 } else if(itmp->crl) {
288 X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
289 count++;
290 }
291 }
292 sk_X509_INFO_pop_free(inf, X509_INFO_free);
293 return count;
294}
295
296
297#endif /* NO_STDIO */
298
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
deleted file mode 100644
index 813c8adffd..0000000000
--- a/src/lib/libcrypto/x509/x509.h
+++ /dev/null
@@ -1,1294 +0,0 @@
1/* crypto/x509/x509.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#define HEADER_X509_H
61
62#include <openssl/symhacks.h>
63#ifndef NO_BUFFER
64#include <openssl/buffer.h>
65#endif
66#ifndef NO_EVP
67#include <openssl/evp.h>
68#endif
69#ifndef NO_BIO
70#include <openssl/bio.h>
71#endif
72#include <openssl/stack.h>
73#include <openssl/asn1.h>
74#include <openssl/safestack.h>
75
76#ifndef NO_RSA
77#include <openssl/rsa.h>
78#endif
79
80#ifndef NO_DSA
81#include <openssl/dsa.h>
82#endif
83
84#ifndef NO_DH
85#include <openssl/dh.h>
86#endif
87
88#include <openssl/evp.h>
89
90
91#ifdef __cplusplus
92extern "C" {
93#endif
94
95#ifdef WIN32
96/* Under Win32 this is defined in wincrypt.h */
97#undef X509_NAME
98#endif
99
100 /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
101#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
102#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
103
104#define X509_FILETYPE_PEM 1
105#define X509_FILETYPE_ASN1 2
106#define X509_FILETYPE_DEFAULT 3
107
108#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
109#define X509v3_KU_NON_REPUDIATION 0x0040
110#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
111#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
112#define X509v3_KU_KEY_AGREEMENT 0x0008
113#define X509v3_KU_KEY_CERT_SIGN 0x0004
114#define X509v3_KU_CRL_SIGN 0x0002
115#define X509v3_KU_ENCIPHER_ONLY 0x0001
116#define X509v3_KU_DECIPHER_ONLY 0x8000
117#define X509v3_KU_UNDEF 0xffff
118
119typedef struct X509_objects_st
120 {
121 int nid;
122 int (*a2i)();
123 int (*i2a)();
124 } X509_OBJECTS;
125
126typedef struct X509_algor_st
127 {
128 ASN1_OBJECT *algorithm;
129 ASN1_TYPE *parameter;
130 } X509_ALGOR;
131
132DECLARE_STACK_OF(X509_ALGOR)
133DECLARE_ASN1_SET_OF(X509_ALGOR)
134
135typedef struct X509_val_st
136 {
137 ASN1_TIME *notBefore;
138 ASN1_TIME *notAfter;
139 } X509_VAL;
140
141typedef struct X509_pubkey_st
142 {
143 X509_ALGOR *algor;
144 ASN1_BIT_STRING *public_key;
145 EVP_PKEY *pkey;
146 } X509_PUBKEY;
147
148typedef struct X509_sig_st
149 {
150 X509_ALGOR *algor;
151 ASN1_OCTET_STRING *digest;
152 } X509_SIG;
153
154typedef struct X509_name_entry_st
155 {
156 ASN1_OBJECT *object;
157 ASN1_STRING *value;
158 int set;
159 int size; /* temp variable */
160 } X509_NAME_ENTRY;
161
162DECLARE_STACK_OF(X509_NAME_ENTRY)
163DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
164
165/* we always keep X509_NAMEs in 2 forms. */
166typedef struct X509_name_st
167 {
168 STACK_OF(X509_NAME_ENTRY) *entries;
169 int modified; /* true if 'bytes' needs to be built */
170#ifndef NO_BUFFER
171 BUF_MEM *bytes;
172#else
173 char *bytes;
174#endif
175 unsigned long hash; /* Keep the hash around for lookups */
176 } X509_NAME;
177
178DECLARE_STACK_OF(X509_NAME)
179
180#define X509_EX_V_NETSCAPE_HACK 0x8000
181#define X509_EX_V_INIT 0x0001
182typedef struct X509_extension_st
183 {
184 ASN1_OBJECT *object;
185 short critical;
186 short netscape_hack;
187 ASN1_OCTET_STRING *value;
188 struct v3_ext_method *method; /* V3 method to use */
189 void *ext_val; /* extension value */
190 } X509_EXTENSION;
191
192DECLARE_STACK_OF(X509_EXTENSION)
193DECLARE_ASN1_SET_OF(X509_EXTENSION)
194
195/* a sequence of these are used */
196typedef struct x509_attributes_st
197 {
198 ASN1_OBJECT *object;
199 int set; /* 1 for a set, 0 for a single item (which is wrong) */
200 union {
201 char *ptr;
202/* 1 */ STACK_OF(ASN1_TYPE) *set;
203/* 0 */ ASN1_TYPE *single;
204 } value;
205 } X509_ATTRIBUTE;
206
207DECLARE_STACK_OF(X509_ATTRIBUTE)
208DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
209
210typedef struct X509_req_info_st
211 {
212 unsigned char *asn1;
213 int length;
214 ASN1_INTEGER *version;
215 X509_NAME *subject;
216 X509_PUBKEY *pubkey;
217 /* d=2 hl=2 l= 0 cons: cont: 00 */
218 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
219 int req_kludge;
220 } X509_REQ_INFO;
221
222typedef struct X509_req_st
223 {
224 X509_REQ_INFO *req_info;
225 X509_ALGOR *sig_alg;
226 ASN1_BIT_STRING *signature;
227 int references;
228 } X509_REQ;
229
230typedef struct x509_cinf_st
231 {
232 ASN1_INTEGER *version; /* [ 0 ] default of v1 */
233 ASN1_INTEGER *serialNumber;
234 X509_ALGOR *signature;
235 X509_NAME *issuer;
236 X509_VAL *validity;
237 X509_NAME *subject;
238 X509_PUBKEY *key;
239 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
240 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
241 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
242 } X509_CINF;
243
244/* This stuff is certificate "auxiliary info"
245 * it contains details which are useful in certificate
246 * stores and databases. When used this is tagged onto
247 * the end of the certificate itself
248 */
249
250typedef struct x509_cert_aux_st
251 {
252 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
253 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
254 ASN1_UTF8STRING *alias; /* "friendly name" */
255 ASN1_OCTET_STRING *keyid; /* key id of private key */
256 STACK_OF(X509_ALGOR) *other; /* other unspecified info */
257 } X509_CERT_AUX;
258
259typedef struct x509_st
260 {
261 X509_CINF *cert_info;
262 X509_ALGOR *sig_alg;
263 ASN1_BIT_STRING *signature;
264 int valid;
265 int references;
266 char *name;
267 CRYPTO_EX_DATA ex_data;
268 /* These contain copies of various extension values */
269 long ex_pathlen;
270 unsigned long ex_flags;
271 unsigned long ex_kusage;
272 unsigned long ex_xkusage;
273 unsigned long ex_nscert;
274 ASN1_OCTET_STRING *skid;
275 struct AUTHORITY_KEYID_st *akid;
276#ifndef NO_SHA
277 unsigned char sha1_hash[SHA_DIGEST_LENGTH];
278#endif
279 X509_CERT_AUX *aux;
280 } X509;
281
282DECLARE_STACK_OF(X509)
283DECLARE_ASN1_SET_OF(X509)
284
285/* This is used for a table of trust checking functions */
286
287typedef struct x509_trust_st {
288 int trust;
289 int flags;
290 int (*check_trust)(struct x509_trust_st *, X509 *, int);
291 char *name;
292 int arg1;
293 void *arg2;
294} X509_TRUST;
295
296DECLARE_STACK_OF(X509_TRUST)
297
298/* standard trust ids */
299
300#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */
301
302#define X509_TRUST_COMPAT 1
303#define X509_TRUST_SSL_CLIENT 2
304#define X509_TRUST_SSL_SERVER 3
305#define X509_TRUST_EMAIL 4
306#define X509_TRUST_OBJECT_SIGN 5
307
308/* Keep these up to date! */
309#define X509_TRUST_MIN 1
310#define X509_TRUST_MAX 5
311
312
313/* trust_flags values */
314#define X509_TRUST_DYNAMIC 1
315#define X509_TRUST_DYNAMIC_NAME 2
316
317/* check_trust return codes */
318
319#define X509_TRUST_TRUSTED 1
320#define X509_TRUST_REJECTED 2
321#define X509_TRUST_UNTRUSTED 3
322
323/* Flags specific to X509_NAME_print_ex() */
324
325/* The field separator information */
326
327#define XN_FLAG_SEP_MASK (0xf << 16)
328
329#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
330#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */
331#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */
332#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */
333#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */
334
335#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */
336
337/* How the field name is shown */
338
339#define XN_FLAG_FN_MASK (0x3 << 21)
340
341#define XN_FLAG_FN_SN 0 /* Object short name */
342#define XN_FLAG_FN_LN (1 << 21) /* Object long name */
343#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */
344#define XN_FLAG_FN_NONE (3 << 21) /* No field names */
345
346#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */
347
348/* This determines if we dump fields we don't recognise:
349 * RFC2253 requires this.
350 */
351
352#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
353
354/* Complete set of RFC2253 flags */
355
356#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
357 XN_FLAG_SEP_COMMA_PLUS | \
358 XN_FLAG_DN_REV | \
359 XN_FLAG_FN_SN | \
360 XN_FLAG_DUMP_UNKNOWN_FIELDS)
361
362/* readable oneline form */
363
364#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
365 ASN1_STRFLGS_ESC_QUOTE | \
366 XN_FLAG_SEP_CPLUS_SPC | \
367 XN_FLAG_SPC_EQ | \
368 XN_FLAG_FN_SN)
369
370/* readable multiline form */
371
372#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
373 ASN1_STRFLGS_ESC_MSB | \
374 XN_FLAG_SEP_MULTILINE | \
375 XN_FLAG_SPC_EQ | \
376 XN_FLAG_FN_LN)
377
378typedef struct X509_revoked_st
379 {
380 ASN1_INTEGER *serialNumber;
381 ASN1_TIME *revocationDate;
382 STACK_OF(X509_EXTENSION) /* optional */ *extensions;
383 int sequence; /* load sequence */
384 } X509_REVOKED;
385
386DECLARE_STACK_OF(X509_REVOKED)
387DECLARE_ASN1_SET_OF(X509_REVOKED)
388
389typedef struct X509_crl_info_st
390 {
391 ASN1_INTEGER *version;
392 X509_ALGOR *sig_alg;
393 X509_NAME *issuer;
394 ASN1_TIME *lastUpdate;
395 ASN1_TIME *nextUpdate;
396 STACK_OF(X509_REVOKED) *revoked;
397 STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
398 } X509_CRL_INFO;
399
400typedef struct X509_crl_st
401 {
402 /* actual signature */
403 X509_CRL_INFO *crl;
404 X509_ALGOR *sig_alg;
405 ASN1_BIT_STRING *signature;
406 int references;
407 } X509_CRL;
408
409DECLARE_STACK_OF(X509_CRL)
410DECLARE_ASN1_SET_OF(X509_CRL)
411
412typedef struct private_key_st
413 {
414 int version;
415 /* The PKCS#8 data types */
416 X509_ALGOR *enc_algor;
417 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
418
419 /* When decrypted, the following will not be NULL */
420 EVP_PKEY *dec_pkey;
421
422 /* used to encrypt and decrypt */
423 int key_length;
424 char *key_data;
425 int key_free; /* true if we should auto free key_data */
426
427 /* expanded version of 'enc_algor' */
428 EVP_CIPHER_INFO cipher;
429
430 int references;
431 } X509_PKEY;
432
433#ifndef NO_EVP
434typedef struct X509_info_st
435 {
436 X509 *x509;
437 X509_CRL *crl;
438 X509_PKEY *x_pkey;
439
440 EVP_CIPHER_INFO enc_cipher;
441 int enc_len;
442 char *enc_data;
443
444 int references;
445 } X509_INFO;
446
447DECLARE_STACK_OF(X509_INFO)
448#endif
449
450/* The next 2 structures and their 8 routines were sent to me by
451 * Pat Richard <patr@x509.com> and are used to manipulate
452 * Netscapes spki structures - useful if you are writing a CA web page
453 */
454typedef struct Netscape_spkac_st
455 {
456 X509_PUBKEY *pubkey;
457 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
458 } NETSCAPE_SPKAC;
459
460typedef struct Netscape_spki_st
461 {
462 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
463 X509_ALGOR *sig_algor;
464 ASN1_BIT_STRING *signature;
465 } NETSCAPE_SPKI;
466
467/* Netscape certificate sequence structure */
468typedef struct Netscape_certificate_sequence
469 {
470 ASN1_OBJECT *type;
471 STACK_OF(X509) *certs;
472 } NETSCAPE_CERT_SEQUENCE;
473
474typedef struct CBCParameter_st
475 {
476 unsigned char iv[8];
477 } CBC_PARAM;
478
479/* Password based encryption structure */
480
481typedef struct PBEPARAM_st {
482ASN1_OCTET_STRING *salt;
483ASN1_INTEGER *iter;
484} PBEPARAM;
485
486/* Password based encryption V2 structures */
487
488typedef struct PBE2PARAM_st {
489X509_ALGOR *keyfunc;
490X509_ALGOR *encryption;
491} PBE2PARAM;
492
493typedef struct PBKDF2PARAM_st {
494ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
495ASN1_INTEGER *iter;
496ASN1_INTEGER *keylength;
497X509_ALGOR *prf;
498} PBKDF2PARAM;
499
500
501/* PKCS#8 private key info structure */
502
503typedef struct pkcs8_priv_key_info_st
504 {
505 int broken; /* Flag for various broken formats */
506#define PKCS8_OK 0
507#define PKCS8_NO_OCTET 1
508#define PKCS8_EMBEDDED_PARAM 2
509#define PKCS8_NS_DB 3
510 ASN1_INTEGER *version;
511 X509_ALGOR *pkeyalg;
512 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
513 STACK_OF(X509_ATTRIBUTE) *attributes;
514 } PKCS8_PRIV_KEY_INFO;
515
516#ifdef __cplusplus
517}
518#endif
519
520#include <openssl/x509_vfy.h>
521#include <openssl/pkcs7.h>
522
523#ifdef __cplusplus
524extern "C" {
525#endif
526
527#ifdef SSLEAY_MACROS
528#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
529 a->signature,(char *)a->cert_info,r)
530#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
531 a->sig_alg,a->signature,(char *)a->req_info,r)
532#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
533 a->sig_alg, a->signature,(char *)a->crl,r)
534
535#define X509_sign(x,pkey,md) \
536 ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
537 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
538#define X509_REQ_sign(x,pkey,md) \
539 ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
540 x->signature, (char *)x->req_info,pkey,md)
541#define X509_CRL_sign(x,pkey,md) \
542 ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
543 x->signature, (char *)x->crl,pkey,md)
544#define NETSCAPE_SPKI_sign(x,pkey,md) \
545 ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
546 x->signature, (char *)x->spkac,pkey,md)
547
548#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
549 (char *(*)())d2i_X509,(char *)x509)
550#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
551 (int (*)())i2d_X509_ATTRIBUTE, \
552 (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
553#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
554 (int (*)())i2d_X509_EXTENSION, \
555 (char *(*)())d2i_X509_EXTENSION,(char *)ex)
556#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
557 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
558#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
559#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
560 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
561#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
562
563#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
564 (char *(*)())d2i_X509_CRL,(char *)crl)
565#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
566 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
567 (unsigned char **)(crl))
568#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
569 (unsigned char *)crl)
570#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
571 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
572 (unsigned char **)(crl))
573#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
574 (unsigned char *)crl)
575
576#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
577 (char *(*)())d2i_PKCS7,(char *)p7)
578#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
579 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
580 (unsigned char **)(p7))
581#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
582 (unsigned char *)p7)
583#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
584 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
585 (unsigned char **)(p7))
586#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
587 (unsigned char *)p7)
588
589#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
590 (char *(*)())d2i_X509_REQ,(char *)req)
591#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
592 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
593 (unsigned char **)(req))
594#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
595 (unsigned char *)req)
596#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
597 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
598 (unsigned char **)(req))
599#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
600 (unsigned char *)req)
601
602#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
603 (char *(*)())d2i_RSAPublicKey,(char *)rsa)
604#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
605 (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
606
607#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
608 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
609 (unsigned char **)(rsa))
610#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
611 (unsigned char *)rsa)
612#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
613 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
614 (unsigned char **)(rsa))
615#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
616 (unsigned char *)rsa)
617
618#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
619 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
620 (unsigned char **)(rsa))
621#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
622 (unsigned char *)rsa)
623#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
624 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
625 (unsigned char **)(rsa))
626#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
627 (unsigned char *)rsa)
628
629#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
630 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
631 (unsigned char **)(dsa))
632#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
633 (unsigned char *)dsa)
634#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
635 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
636 (unsigned char **)(dsa))
637#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
638 (unsigned char *)dsa)
639
640#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
641 (char *(*)())d2i_X509_ALGOR,(char *)xn)
642
643#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
644 (char *(*)())d2i_X509_NAME,(char *)xn)
645#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
646 (int (*)())i2d_X509_NAME_ENTRY, \
647 (char *(*)())d2i_X509_NAME_ENTRY,\
648 (char *)ne)
649
650#define X509_digest(data,type,md,len) \
651 ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
652#define X509_NAME_digest(data,type,md,len) \
653 ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
654#ifndef PKCS7_ISSUER_AND_SERIAL_digest
655#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
656 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
657 (char *)data,md,len)
658#endif
659#endif
660
661#define X509_EXT_PACK_UNKNOWN 1
662#define X509_EXT_PACK_STRING 2
663
664#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
665/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
666#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
667#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
668#define X509_extract_key(x) X509_get_pubkey(x) /*****/
669#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
670#define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
671#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
672#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
673#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
674
675#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
676#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
677#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
678#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
679#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
680
681/* This one is only used so that a binary form can output, as in
682 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
683#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
684
685
686const char *X509_verify_cert_error_string(long n);
687
688#ifndef SSLEAY_MACROS
689#ifndef NO_EVP
690int X509_verify(X509 *a, EVP_PKEY *r);
691
692int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
693int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
694int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
695
696NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
697char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
698EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
699int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
700
701int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
702
703int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
704int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
705int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
706int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
707
708int X509_digest(const X509 *data,const EVP_MD *type,
709 unsigned char *md, unsigned int *len);
710int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
711 unsigned char *md, unsigned int *len);
712int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
713 unsigned char *md, unsigned int *len);
714int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
715 unsigned char *md, unsigned int *len);
716#endif
717
718#ifndef NO_FP_API
719X509 *d2i_X509_fp(FILE *fp, X509 **x509);
720int i2d_X509_fp(FILE *fp,X509 *x509);
721X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
722int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
723X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
724int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
725#ifndef NO_RSA
726RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
727int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
728RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
729int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
730RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
731int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
732#endif
733#ifndef NO_DSA
734DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
735int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
736DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
737int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
738#endif
739X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
740int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
741PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
742 PKCS8_PRIV_KEY_INFO **p8inf);
743int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
744int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
745int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
746EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
747int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
748EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
749#endif
750
751#ifndef NO_BIO
752X509 *d2i_X509_bio(BIO *bp,X509 **x509);
753int i2d_X509_bio(BIO *bp,X509 *x509);
754X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
755int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
756X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
757int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
758#ifndef NO_RSA
759RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
760int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
761RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
762int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
763RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
764int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
765#endif
766#ifndef NO_DSA
767DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
768int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
769DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
770int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
771#endif
772X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
773int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
774PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
775 PKCS8_PRIV_KEY_INFO **p8inf);
776int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
777int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
778int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
779EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
780int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
781EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
782#endif
783
784X509 *X509_dup(X509 *x509);
785X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
786X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
787X509_CRL *X509_CRL_dup(X509_CRL *crl);
788X509_REQ *X509_REQ_dup(X509_REQ *req);
789X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
790X509_NAME *X509_NAME_dup(X509_NAME *xn);
791X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
792#ifndef NO_RSA
793RSA *RSAPublicKey_dup(RSA *rsa);
794RSA *RSAPrivateKey_dup(RSA *rsa);
795#endif
796
797#endif /* !SSLEAY_MACROS */
798
799int X509_cmp_time(ASN1_TIME *s, time_t *t);
800int X509_cmp_current_time(ASN1_TIME *s);
801ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
802ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
803
804const char * X509_get_default_cert_area(void );
805const char * X509_get_default_cert_dir(void );
806const char * X509_get_default_cert_file(void );
807const char * X509_get_default_cert_dir_env(void );
808const char * X509_get_default_cert_file_env(void );
809const char * X509_get_default_private_dir(void );
810
811X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
812X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
813void ERR_load_X509_strings(void );
814
815X509_ALGOR * X509_ALGOR_new(void );
816void X509_ALGOR_free(X509_ALGOR *a);
817int i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
818X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
819 long length);
820
821X509_VAL * X509_VAL_new(void );
822void X509_VAL_free(X509_VAL *a);
823int i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
824X509_VAL * d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
825 long length);
826
827X509_PUBKEY * X509_PUBKEY_new(void );
828void X509_PUBKEY_free(X509_PUBKEY *a);
829int i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
830X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
831 long length);
832int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
833EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
834int X509_get_pubkey_parameters(EVP_PKEY *pkey,
835 STACK_OF(X509) *chain);
836int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
837EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
838 long length);
839#ifndef NO_RSA
840int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
841RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
842 long length);
843#endif
844#ifndef NO_DSA
845int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
846DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
847 long length);
848#endif
849
850X509_SIG * X509_SIG_new(void );
851void X509_SIG_free(X509_SIG *a);
852int i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
853X509_SIG * d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
854
855X509_REQ_INFO *X509_REQ_INFO_new(void);
856void X509_REQ_INFO_free(X509_REQ_INFO *a);
857int i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
858X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
859 long length);
860
861X509_REQ * X509_REQ_new(void);
862void X509_REQ_free(X509_REQ *a);
863int i2d_X509_REQ(X509_REQ *a,unsigned char **pp);
864X509_REQ * d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
865
866X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
867void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
868int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
869X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
870 long length);
871X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
872
873
874X509_EXTENSION *X509_EXTENSION_new(void );
875void X509_EXTENSION_free(X509_EXTENSION *a);
876int i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
877X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
878 long length);
879
880X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
881void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
882int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp);
883X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
884 long length);
885
886X509_NAME * X509_NAME_new(void);
887void X509_NAME_free(X509_NAME *a);
888int i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
889X509_NAME * d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
890int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
891
892
893X509_CINF * X509_CINF_new(void);
894void X509_CINF_free(X509_CINF *a);
895int i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
896X509_CINF * d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
897
898X509 * X509_new(void);
899void X509_free(X509 *a);
900int i2d_X509(X509 *a,unsigned char **pp);
901X509 * d2i_X509(X509 **a,unsigned char **pp,long length);
902int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
903 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
904int X509_set_ex_data(X509 *r, int idx, void *arg);
905void *X509_get_ex_data(X509 *r, int idx);
906int i2d_X509_AUX(X509 *a,unsigned char **pp);
907X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
908
909X509_CERT_AUX * X509_CERT_AUX_new(void);
910void X509_CERT_AUX_free(X509_CERT_AUX *a);
911int i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp);
912X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
913 long length);
914int X509_alias_set1(X509 *x, unsigned char *name, int len);
915int X509_keyid_set1(X509 *x, unsigned char *id, int len);
916unsigned char * X509_alias_get0(X509 *x, int *len);
917int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
918int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
919int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
920void X509_trust_clear(X509 *x);
921void X509_reject_clear(X509 *x);
922
923X509_REVOKED * X509_REVOKED_new(void);
924void X509_REVOKED_free(X509_REVOKED *a);
925int i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp);
926X509_REVOKED * d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length);
927
928X509_CRL_INFO *X509_CRL_INFO_new(void);
929void X509_CRL_INFO_free(X509_CRL_INFO *a);
930int i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp);
931X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
932 long length);
933
934X509_CRL * X509_CRL_new(void);
935void X509_CRL_free(X509_CRL *a);
936int i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
937X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
938
939X509_PKEY * X509_PKEY_new(void );
940void X509_PKEY_free(X509_PKEY *a);
941int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
942X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
943
944NETSCAPE_SPKI * NETSCAPE_SPKI_new(void );
945void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
946int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp);
947NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
948 long length);
949
950NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void );
951void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
952int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
953NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
954 long length);
955
956
957int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp);
958NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
959NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length);
960void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
961
962#ifndef NO_EVP
963X509_INFO * X509_INFO_new(void);
964void X509_INFO_free(X509_INFO *a);
965char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
966
967int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
968 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
969
970int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
971 unsigned char *md,unsigned int *len);
972
973int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
974 ASN1_BIT_STRING *signature,
975 char *data,EVP_PKEY *pkey, const EVP_MD *type);
976#endif
977
978int X509_set_version(X509 *x,long version);
979int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
980ASN1_INTEGER * X509_get_serialNumber(X509 *x);
981int X509_set_issuer_name(X509 *x, X509_NAME *name);
982X509_NAME * X509_get_issuer_name(X509 *a);
983int X509_set_subject_name(X509 *x, X509_NAME *name);
984X509_NAME * X509_get_subject_name(X509 *a);
985int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
986int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
987int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
988EVP_PKEY * X509_get_pubkey(X509 *x);
989int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
990
991int X509_REQ_set_version(X509_REQ *x,long version);
992int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
993int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
994EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
995int X509_REQ_extension_nid(int nid);
996int * X509_REQ_get_extension_nids(void);
997void X509_REQ_set_extension_nids(int *nids);
998STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
999int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
1000 int nid);
1001int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
1002int X509_REQ_get_attr_count(const X509_REQ *req);
1003int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
1004 int lastpos);
1005int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
1006 int lastpos);
1007X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
1008X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
1009int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
1010int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
1011 ASN1_OBJECT *obj, int type,
1012 unsigned char *bytes, int len);
1013int X509_REQ_add1_attr_by_NID(X509_REQ *req,
1014 int nid, int type,
1015 unsigned char *bytes, int len);
1016int X509_REQ_add1_attr_by_txt(X509_REQ *req,
1017 char *attrname, int type,
1018 unsigned char *bytes, int len);
1019
1020int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
1021
1022int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
1023unsigned long X509_issuer_and_serial_hash(X509 *a);
1024
1025int X509_issuer_name_cmp(const X509 *a, const X509 *b);
1026unsigned long X509_issuer_name_hash(X509 *a);
1027
1028int X509_subject_name_cmp(const X509 *a, const X509 *b);
1029unsigned long X509_subject_name_hash(X509 *x);
1030
1031int X509_cmp(const X509 *a, const X509 *b);
1032int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
1033unsigned long X509_NAME_hash(X509_NAME *x);
1034
1035int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
1036#ifndef NO_FP_API
1037int X509_print_fp(FILE *bp,X509 *x);
1038int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
1039int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
1040int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
1041#endif
1042
1043#ifndef NO_BIO
1044int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
1045int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
1046int X509_print(BIO *bp,X509 *x);
1047int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
1048int X509_CRL_print(BIO *bp,X509_CRL *x);
1049int X509_REQ_print(BIO *bp,X509_REQ *req);
1050#endif
1051
1052int X509_NAME_entry_count(X509_NAME *name);
1053int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
1054 char *buf,int len);
1055int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
1056 char *buf,int len);
1057
1058/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
1059 * lastpos, search after that position on. */
1060int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
1061int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
1062 int lastpos);
1063X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
1064X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
1065int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
1066 int loc, int set);
1067int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
1068 unsigned char *bytes, int len, int loc, int set);
1069int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
1070 unsigned char *bytes, int len, int loc, int set);
1071X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
1072 char *field, int type, unsigned char *bytes, int len);
1073X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
1074 int type,unsigned char *bytes, int len);
1075int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
1076 unsigned char *bytes, int len, int loc, int set);
1077X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
1078 ASN1_OBJECT *obj, int type,unsigned char *bytes,
1079 int len);
1080int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
1081 ASN1_OBJECT *obj);
1082int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
1083 unsigned char *bytes, int len);
1084ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
1085ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
1086
1087int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
1088int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
1089 int nid, int lastpos);
1090int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
1091 ASN1_OBJECT *obj,int lastpos);
1092int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
1093 int crit, int lastpos);
1094X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
1095X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
1096STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
1097 X509_EXTENSION *ex, int loc);
1098
1099int X509_get_ext_count(X509 *x);
1100int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
1101int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
1102int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
1103X509_EXTENSION *X509_get_ext(X509 *x, int loc);
1104X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
1105int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
1106void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
1107
1108int X509_CRL_get_ext_count(X509_CRL *x);
1109int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
1110int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
1111int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
1112X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
1113X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
1114int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1115void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
1116
1117int X509_REVOKED_get_ext_count(X509_REVOKED *x);
1118int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
1119int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
1120int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
1121X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
1122X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
1123int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
1124void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
1125
1126X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
1127 int nid, int crit, ASN1_OCTET_STRING *data);
1128X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
1129 ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
1130int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
1131int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
1132int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1133 ASN1_OCTET_STRING *data);
1134ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
1135ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
1136int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
1137
1138int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
1139int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
1140 int lastpos);
1141int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
1142 int lastpos);
1143X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
1144X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
1145STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
1146 X509_ATTRIBUTE *attr);
1147STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
1148 ASN1_OBJECT *obj, int type,
1149 unsigned char *bytes, int len);
1150STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
1151 int nid, int type,
1152 unsigned char *bytes, int len);
1153STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
1154 char *attrname, int type,
1155 unsigned char *bytes, int len);
1156X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
1157 int atrtype, void *data, int len);
1158X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
1159 ASN1_OBJECT *obj, int atrtype, void *data, int len);
1160X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
1161 char *atrname, int type, unsigned char *bytes, int len);
1162int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj);
1163int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len);
1164void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
1165 int atrtype, void *data);
1166int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
1167ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
1168ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
1169
1170int X509_verify_cert(X509_STORE_CTX *ctx);
1171
1172/* lookup a cert from a X509 STACK */
1173X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
1174 ASN1_INTEGER *serial);
1175X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
1176
1177int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp);
1178PBEPARAM *PBEPARAM_new(void);
1179PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length);
1180void PBEPARAM_free(PBEPARAM *a);
1181X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
1182X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
1183 unsigned char *salt, int saltlen);
1184
1185int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp);
1186PBKDF2PARAM *PBKDF2PARAM_new(void);
1187PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length);
1188void PBKDF2PARAM_free(PBKDF2PARAM *a);
1189
1190int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp);
1191PBE2PARAM *PBE2PARAM_new(void);
1192PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length);
1193void PBE2PARAM_free(PBE2PARAM *a);
1194
1195/* PKCS#8 utilities */
1196
1197int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
1198PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
1199PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
1200 unsigned char **pp, long length);
1201void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
1202
1203EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
1204PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
1205PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
1206PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
1207
1208int X509_check_trust(X509 *x, int id, int flags);
1209int X509_TRUST_get_count(void);
1210X509_TRUST * X509_TRUST_get0(int idx);
1211int X509_TRUST_get_by_id(int id);
1212int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
1213 char *name, int arg1, void *arg2);
1214void X509_TRUST_cleanup(void);
1215int X509_TRUST_get_flags(X509_TRUST *xp);
1216char *X509_TRUST_get0_name(X509_TRUST *xp);
1217int X509_TRUST_get_trust(X509_TRUST *xp);
1218
1219/* BEGIN ERROR CODES */
1220/* The following lines are auto generated by the script mkerr.pl. Any changes
1221 * made after this point may be overwritten when the script is next run.
1222 */
1223
1224/* Error codes for the X509 functions. */
1225
1226/* Function codes. */
1227#define X509_F_ADD_CERT_DIR 100
1228#define X509_F_BY_FILE_CTRL 101
1229#define X509_F_DIR_CTRL 102
1230#define X509_F_GET_CERT_BY_SUBJECT 103
1231#define X509_F_NETSCAPE_SPKI_B64_DECODE 129
1232#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
1233#define X509_F_X509V3_ADD_EXT 104
1234#define X509_F_X509_ADD_ATTR 135
1235#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
1236#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
1237#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
1238#define X509_F_X509_ATTRIBUTE_GET0_DATA 139
1239#define X509_F_X509_ATTRIBUTE_SET1_DATA 138
1240#define X509_F_X509_CHECK_PRIVATE_KEY 128
1241#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
1242#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
1243#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
1244#define X509_F_X509_LOAD_CERT_CRL_FILE 132
1245#define X509_F_X509_LOAD_CERT_FILE 111
1246#define X509_F_X509_LOAD_CRL_FILE 112
1247#define X509_F_X509_NAME_ADD_ENTRY 113
1248#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
1249#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
1250#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
1251#define X509_F_X509_NAME_ONELINE 116
1252#define X509_F_X509_NAME_PRINT 117
1253#define X509_F_X509_PRINT_FP 118
1254#define X509_F_X509_PUBKEY_GET 119
1255#define X509_F_X509_PUBKEY_SET 120
1256#define X509_F_X509_REQ_PRINT 121
1257#define X509_F_X509_REQ_PRINT_FP 122
1258#define X509_F_X509_REQ_TO_X509 123
1259#define X509_F_X509_STORE_ADD_CERT 124
1260#define X509_F_X509_STORE_ADD_CRL 125
1261#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
1262#define X509_F_X509_TO_X509_REQ 126
1263#define X509_F_X509_TRUST_ADD 133
1264#define X509_F_X509_VERIFY_CERT 127
1265
1266/* Reason codes. */
1267#define X509_R_BAD_X509_FILETYPE 100
1268#define X509_R_BASE64_DECODE_ERROR 118
1269#define X509_R_CANT_CHECK_DH_KEY 114
1270#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
1271#define X509_R_ERR_ASN1_LIB 102
1272#define X509_R_INVALID_DIRECTORY 113
1273#define X509_R_INVALID_FIELD_NAME 119
1274#define X509_R_KEY_TYPE_MISMATCH 115
1275#define X509_R_KEY_VALUES_MISMATCH 116
1276#define X509_R_LOADING_CERT_DIR 103
1277#define X509_R_LOADING_DEFAULTS 104
1278#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
1279#define X509_R_SHOULD_RETRY 106
1280#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
1281#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
1282#define X509_R_UNKNOWN_KEY_TYPE 117
1283#define X509_R_UNKNOWN_NID 109
1284#define X509_R_UNKNOWN_PURPOSE_ID 121
1285#define X509_R_UNKNOWN_TRUST_ID 120
1286#define X509_R_UNSUPPORTED_ALGORITHM 111
1287#define X509_R_WRONG_LOOKUP_TYPE 112
1288#define X509_R_WRONG_TYPE 122
1289
1290#ifdef __cplusplus
1291}
1292#endif
1293#endif
1294
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
deleted file mode 100644
index caafde658f..0000000000
--- a/src/lib/libcrypto/x509/x509_att.c
+++ /dev/null
@@ -1,326 +0,0 @@
1/* crypto/x509/x509_att.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
69{
70 if (!x) return 0;
71 return(sk_X509_ATTRIBUTE_num(x));
72}
73
74int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
75 int lastpos)
76{
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509at_get_attr_by_OBJ(x,obj,lastpos));
82}
83
84int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86{
87 int n;
88 X509_ATTRIBUTE *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_ATTRIBUTE_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102}
103
104X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
105{
106 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
107 return NULL;
108 else
109 return sk_X509_ATTRIBUTE_value(x,loc);
110}
111
112X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
113{
114 X509_ATTRIBUTE *ret;
115
116 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
117 return(NULL);
118 ret=sk_X509_ATTRIBUTE_delete(x,loc);
119 return(ret);
120}
121
122STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
123 X509_ATTRIBUTE *attr)
124{
125 X509_ATTRIBUTE *new_attr=NULL;
126 STACK_OF(X509_ATTRIBUTE) *sk=NULL;
127
128 if ((x != NULL) && (*x == NULL))
129 {
130 if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
131 goto err;
132 }
133 else
134 sk= *x;
135
136 if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
137 goto err2;
138 if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
139 goto err;
140 if ((x != NULL) && (*x == NULL))
141 *x=sk;
142 return(sk);
143err:
144 X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
145err2:
146 if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
147 if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
148 return(NULL);
149}
150
151STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
152 ASN1_OBJECT *obj, int type,
153 unsigned char *bytes, int len)
154{
155 X509_ATTRIBUTE *attr;
156 STACK_OF(X509_ATTRIBUTE) *ret;
157 attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
158 if(!attr) return 0;
159 ret = X509at_add1_attr(x, attr);
160 X509_ATTRIBUTE_free(attr);
161 return ret;
162}
163
164STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
165 int nid, int type,
166 unsigned char *bytes, int len)
167{
168 X509_ATTRIBUTE *attr;
169 STACK_OF(X509_ATTRIBUTE) *ret;
170 attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
171 if(!attr) return 0;
172 ret = X509at_add1_attr(x, attr);
173 X509_ATTRIBUTE_free(attr);
174 return ret;
175}
176
177STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
178 char *attrname, int type,
179 unsigned char *bytes, int len)
180{
181 X509_ATTRIBUTE *attr;
182 STACK_OF(X509_ATTRIBUTE) *ret;
183 attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
184 if(!attr) return 0;
185 ret = X509at_add1_attr(x, attr);
186 X509_ATTRIBUTE_free(attr);
187 return ret;
188}
189
190X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
191 int atrtype, void *data, int len)
192{
193 ASN1_OBJECT *obj;
194 X509_ATTRIBUTE *ret;
195
196 obj=OBJ_nid2obj(nid);
197 if (obj == NULL)
198 {
199 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
200 return(NULL);
201 }
202 ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
203 if (ret == NULL) ASN1_OBJECT_free(obj);
204 return(ret);
205}
206
207X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
208 ASN1_OBJECT *obj, int atrtype, void *data, int len)
209{
210 X509_ATTRIBUTE *ret;
211
212 if ((attr == NULL) || (*attr == NULL))
213 {
214 if ((ret=X509_ATTRIBUTE_new()) == NULL)
215 {
216 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
217 return(NULL);
218 }
219 }
220 else
221 ret= *attr;
222
223 if (!X509_ATTRIBUTE_set1_object(ret,obj))
224 goto err;
225 if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
226 goto err;
227
228 if ((attr != NULL) && (*attr == NULL)) *attr=ret;
229 return(ret);
230err:
231 if ((attr == NULL) || (ret != *attr))
232 X509_ATTRIBUTE_free(ret);
233 return(NULL);
234}
235
236X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
237 char *atrname, int type, unsigned char *bytes, int len)
238 {
239 ASN1_OBJECT *obj;
240 X509_ATTRIBUTE *nattr;
241
242 obj=OBJ_txt2obj(atrname, 0);
243 if (obj == NULL)
244 {
245 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
246 X509_R_INVALID_FIELD_NAME);
247 ERR_add_error_data(2, "name=", atrname);
248 return(NULL);
249 }
250 nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
251 ASN1_OBJECT_free(obj);
252 return nattr;
253 }
254
255int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
256{
257 if ((attr == NULL) || (obj == NULL))
258 return(0);
259 ASN1_OBJECT_free(attr->object);
260 attr->object=OBJ_dup(obj);
261 return(1);
262}
263
264int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len)
265{
266 ASN1_TYPE *ttmp;
267 ASN1_STRING *stmp;
268 int atype;
269 if (!attr) return 0;
270 if(attrtype & MBSTRING_FLAG) {
271 stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
272 OBJ_obj2nid(attr->object));
273 if(!stmp) {
274 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
275 return 0;
276 }
277 atype = stmp->type;
278 } else {
279 if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
280 if(!ASN1_STRING_set(stmp, data, len)) goto err;
281 atype = attrtype;
282 }
283 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
284 if(!(ttmp = ASN1_TYPE_new())) goto err;
285 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
286 attr->set = 1;
287 ASN1_TYPE_set(ttmp, atype, stmp);
288 return 1;
289 err:
290 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
291 return 0;
292}
293
294int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
295{
296 if(attr->set) return sk_ASN1_TYPE_num(attr->value.set);
297 if(attr->value.single) return 1;
298 return 0;
299}
300
301ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
302{
303 if (attr == NULL) return(NULL);
304 return(attr->object);
305}
306
307void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
308 int atrtype, void *data)
309{
310 ASN1_TYPE *ttmp;
311 ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
312 if(!ttmp) return NULL;
313 if(atrtype != ASN1_TYPE_get(ttmp)){
314 X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
315 return NULL;
316 }
317 return ttmp->value.ptr;
318}
319
320ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
321{
322 if (attr == NULL) return(NULL);
323 if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
324 if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx);
325 else return attr->value.single;
326}
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
deleted file mode 100644
index 3f9f9b3d47..0000000000
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ /dev/null
@@ -1,308 +0,0 @@
1/* crypto/x509/x509_cmp.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
65
66int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
67 {
68 int i;
69 X509_CINF *ai,*bi;
70
71 ai=a->cert_info;
72 bi=b->cert_info;
73 i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
74 if (i) return(i);
75 return(X509_NAME_cmp(ai->issuer,bi->issuer));
76 }
77
78#ifndef NO_MD5
79unsigned long X509_issuer_and_serial_hash(X509 *a)
80 {
81 unsigned long ret=0;
82 MD5_CTX ctx;
83 unsigned char md[16];
84 char str[256];
85
86 X509_NAME_oneline(a->cert_info->issuer,str,256);
87 ret=strlen(str);
88 MD5_Init(&ctx);
89 MD5_Update(&ctx,(unsigned char *)str,ret);
90 MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
91 (unsigned long)a->cert_info->serialNumber->length);
92 MD5_Final(&(md[0]),&ctx);
93 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
94 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
95 )&0xffffffffL;
96 return(ret);
97 }
98#endif
99
100int X509_issuer_name_cmp(const X509 *a, const X509 *b)
101 {
102 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
103 }
104
105int X509_subject_name_cmp(const X509 *a, const X509 *b)
106 {
107 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
108 }
109
110int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
111 {
112 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
113 }
114
115X509_NAME *X509_get_issuer_name(X509 *a)
116 {
117 return(a->cert_info->issuer);
118 }
119
120unsigned long X509_issuer_name_hash(X509 *x)
121 {
122 return(X509_NAME_hash(x->cert_info->issuer));
123 }
124
125X509_NAME *X509_get_subject_name(X509 *a)
126 {
127 return(a->cert_info->subject);
128 }
129
130ASN1_INTEGER *X509_get_serialNumber(X509 *a)
131 {
132 return(a->cert_info->serialNumber);
133 }
134
135unsigned long X509_subject_name_hash(X509 *x)
136 {
137 return(X509_NAME_hash(x->cert_info->subject));
138 }
139
140#ifndef NO_SHA
141/* Compare two certificates: they must be identical for
142 * this to work. NB: Although "cmp" operations are generally
143 * prototyped to take "const" arguments (eg. for use in
144 * STACKs), the way X509 handling is - these operations may
145 * involve ensuring the hashes are up-to-date and ensuring
146 * certain cert information is cached. So this is the point
147 * where the "depth-first" constification tree has to halt
148 * with an evil cast.
149 */
150int X509_cmp(const X509 *a, const X509 *b)
151{
152 /* ensure hash is valid */
153 X509_check_purpose((X509 *)a, -1, 0);
154 X509_check_purpose((X509 *)b, -1, 0);
155
156 return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
157}
158#endif
159
160int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
161 {
162 int i,j;
163 X509_NAME_ENTRY *na,*nb;
164
165 if (sk_X509_NAME_ENTRY_num(a->entries)
166 != sk_X509_NAME_ENTRY_num(b->entries))
167 return sk_X509_NAME_ENTRY_num(a->entries)
168 -sk_X509_NAME_ENTRY_num(b->entries);
169 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
170 {
171 na=sk_X509_NAME_ENTRY_value(a->entries,i);
172 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
173 j=na->value->length-nb->value->length;
174 if (j) return(j);
175 j=memcmp(na->value->data,nb->value->data,
176 na->value->length);
177 if (j) return(j);
178 j=na->set-nb->set;
179 if (j) return(j);
180 }
181
182 /* We will check the object types after checking the values
183 * since the values will more often be different than the object
184 * types. */
185 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
186 {
187 na=sk_X509_NAME_ENTRY_value(a->entries,i);
188 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
189 j=OBJ_cmp(na->object,nb->object);
190 if (j) return(j);
191 }
192 return(0);
193 }
194
195#ifndef NO_MD5
196/* I now DER encode the name and hash it. Since I cache the DER encoding,
197 * this is reasonably efficient. */
198unsigned long X509_NAME_hash(X509_NAME *x)
199 {
200 unsigned long ret=0;
201 unsigned char md[16];
202
203 /* Ensure cached version is up to date */
204 i2d_X509_NAME(x,NULL);
205 /* Use cached encoding directly rather than copying: this should
206 * keep libsafe happy.
207 */
208 MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0]));
209
210 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
211 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
212 )&0xffffffffL;
213 return(ret);
214 }
215#endif
216
217/* Search a stack of X509 for a match */
218X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
219 ASN1_INTEGER *serial)
220 {
221 int i;
222 X509_CINF cinf;
223 X509 x,*x509=NULL;
224
225 if(!sk) return NULL;
226
227 x.cert_info= &cinf;
228 cinf.serialNumber=serial;
229 cinf.issuer=name;
230
231 for (i=0; i<sk_X509_num(sk); i++)
232 {
233 x509=sk_X509_value(sk,i);
234 if (X509_issuer_and_serial_cmp(x509,&x) == 0)
235 return(x509);
236 }
237 return(NULL);
238 }
239
240X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
241 {
242 X509 *x509;
243 int i;
244
245 for (i=0; i<sk_X509_num(sk); i++)
246 {
247 x509=sk_X509_value(sk,i);
248 if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
249 return(x509);
250 }
251 return(NULL);
252 }
253
254EVP_PKEY *X509_get_pubkey(X509 *x)
255 {
256 if ((x == NULL) || (x->cert_info == NULL))
257 return(NULL);
258 return(X509_PUBKEY_get(x->cert_info->key));
259 }
260
261int X509_check_private_key(X509 *x, EVP_PKEY *k)
262 {
263 EVP_PKEY *xk=NULL;
264 int ok=0;
265
266 xk=X509_get_pubkey(x);
267 if (xk->type != k->type)
268 {
269 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
270 goto err;
271 }
272 switch (k->type)
273 {
274#ifndef NO_RSA
275 case EVP_PKEY_RSA:
276 if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
277 || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
278 {
279 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
280 goto err;
281 }
282 break;
283#endif
284#ifndef NO_DSA
285 case EVP_PKEY_DSA:
286 if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
287 {
288 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
289 goto err;
290 }
291 break;
292#endif
293#ifndef NO_DH
294 case EVP_PKEY_DH:
295 /* No idea */
296 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
297 goto err;
298#endif
299 default:
300 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
301 goto err;
302 }
303
304 ok=1;
305err:
306 EVP_PKEY_free(xk);
307 return(ok);
308 }
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
deleted file mode 100644
index 753d53eb43..0000000000
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* crypto/x509/x509_d2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/crypto.h>
62#include <openssl/x509.h>
63
64#ifndef NO_STDIO
65int X509_STORE_set_default_paths(X509_STORE *ctx)
66 {
67 X509_LOOKUP *lookup;
68
69 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
70 if (lookup == NULL) return(0);
71 X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
72
73 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
74 if (lookup == NULL) return(0);
75 X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
76
77 /* clear any errors */
78 ERR_clear_error();
79
80 return(1);
81 }
82
83int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
84 const char *path)
85 {
86 X509_LOOKUP *lookup;
87
88 if (file != NULL)
89 {
90 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
91 if (lookup == NULL) return(0);
92 if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
93 return(0);
94 }
95 if (path != NULL)
96 {
97 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
98 if (lookup == NULL) return(0);
99 if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
100 return(0);
101 }
102 if ((path == NULL) && (file == NULL))
103 return(0);
104 return(1);
105 }
106
107#endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
deleted file mode 100644
index e0ac151a76..0000000000
--- a/src/lib/libcrypto/x509/x509_def.c
+++ /dev/null
@@ -1,81 +0,0 @@
1/* crypto/x509/x509_def.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/crypto.h>
62#include <openssl/x509.h>
63
64const char *X509_get_default_private_dir(void)
65 { return(X509_PRIVATE_DIR); }
66
67const char *X509_get_default_cert_area(void)
68 { return(X509_CERT_AREA); }
69
70const char *X509_get_default_cert_dir(void)
71 { return(X509_CERT_DIR); }
72
73const char *X509_get_default_cert_file(void)
74 { return(X509_CERT_FILE); }
75
76const char *X509_get_default_cert_dir_env(void)
77 { return(X509_CERT_DIR_EVP); }
78
79const char *X509_get_default_cert_file_env(void)
80 { return(X509_CERT_FILE_EVP); }
81
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
deleted file mode 100644
index 848add56e9..0000000000
--- a/src/lib/libcrypto/x509/x509_err.c
+++ /dev/null
@@ -1,152 +0,0 @@
1/* crypto/x509/x509_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/x509.h>
64
65/* BEGIN ERROR CODES */
66#ifndef NO_ERR
67static ERR_STRING_DATA X509_str_functs[]=
68 {
69{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"},
70{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
71{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
72{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
73{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"},
74{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"},
75{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
76{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"},
77{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"},
78{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"},
79{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"},
80{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"},
81{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"},
82{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
83{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
84{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
85{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
86{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"},
87{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"},
88{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"},
89{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
90{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
91{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"},
92{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
93{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
94{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
95{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"},
96{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"},
97{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"},
98{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"},
99{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"},
100{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
101{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"},
102{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"},
103{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"},
104{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
105{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"},
106{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
107{0,NULL}
108 };
109
110static ERR_STRING_DATA X509_str_reasons[]=
111 {
112{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
113{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"},
114{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
115{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
116{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
117{X509_R_INVALID_DIRECTORY ,"invalid directory"},
118{X509_R_INVALID_FIELD_NAME ,"invalid field name"},
119{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
120{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
121{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
122{X509_R_LOADING_DEFAULTS ,"loading defaults"},
123{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
124{X509_R_SHOULD_RETRY ,"should retry"},
125{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
126{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
127{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
128{X509_R_UNKNOWN_NID ,"unknown nid"},
129{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"},
130{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"},
131{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
132{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
133{X509_R_WRONG_TYPE ,"wrong type"},
134{0,NULL}
135 };
136
137#endif
138
139void ERR_load_X509_strings(void)
140 {
141 static int init=1;
142
143 if (init)
144 {
145 init=0;
146#ifndef NO_ERR
147 ERR_load_strings(ERR_LIB_X509,X509_str_functs);
148 ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
149#endif
150
151 }
152 }
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
deleted file mode 100644
index 2955989807..0000000000
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ /dev/null
@@ -1,191 +0,0 @@
1/* crypto/x509/x509_ext.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68
69int X509_CRL_get_ext_count(X509_CRL *x)
70 {
71 return(X509v3_get_ext_count(x->crl->extensions));
72 }
73
74int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
75 {
76 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
77 }
78
79int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
80 {
81 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
82 }
83
84int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
85 {
86 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
87 }
88
89X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
90 {
91 return(X509v3_get_ext(x->crl->extensions,loc));
92 }
93
94X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
95 {
96 return(X509v3_delete_ext(x->crl->extensions,loc));
97 }
98
99void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
100{
101 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
102}
103
104int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
105 {
106 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
107 }
108
109int X509_get_ext_count(X509 *x)
110 {
111 return(X509v3_get_ext_count(x->cert_info->extensions));
112 }
113
114int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
115 {
116 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
117 }
118
119int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
120 {
121 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
122 }
123
124int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
125 {
126 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
127 }
128
129X509_EXTENSION *X509_get_ext(X509 *x, int loc)
130 {
131 return(X509v3_get_ext(x->cert_info->extensions,loc));
132 }
133
134X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
135 {
136 return(X509v3_delete_ext(x->cert_info->extensions,loc));
137 }
138
139int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
140 {
141 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
142 }
143
144void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
145{
146 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
147}
148
149int X509_REVOKED_get_ext_count(X509_REVOKED *x)
150 {
151 return(X509v3_get_ext_count(x->extensions));
152 }
153
154int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
155 {
156 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
157 }
158
159int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
160 int lastpos)
161 {
162 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
163 }
164
165int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
166 {
167 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
168 }
169
170X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
171 {
172 return(X509v3_get_ext(x->extensions,loc));
173 }
174
175X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
176 {
177 return(X509v3_delete_ext(x->extensions,loc));
178 }
179
180int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
181 {
182 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
183 }
184
185void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
186{
187 return X509V3_get_d2i(x->extensions, nid, crit, idx);
188}
189
190IMPLEMENT_STACK_OF(X509_EXTENSION)
191IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
deleted file mode 100644
index 863c738cad..0000000000
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ /dev/null
@@ -1,529 +0,0 @@
1/* crypto/x509/x509_lu.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/x509.h>
63
64static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
65
66X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
67 {
68 X509_LOOKUP *ret;
69
70 ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
71 if (ret == NULL) return NULL;
72
73 ret->init=0;
74 ret->skip=0;
75 ret->method=method;
76 ret->method_data=NULL;
77 ret->store_ctx=NULL;
78 if ((method->new_item != NULL) && !method->new_item(ret))
79 {
80 OPENSSL_free(ret);
81 return NULL;
82 }
83 return ret;
84 }
85
86void X509_LOOKUP_free(X509_LOOKUP *ctx)
87 {
88 if (ctx == NULL) return;
89 if ( (ctx->method != NULL) &&
90 (ctx->method->free != NULL))
91 ctx->method->free(ctx);
92 OPENSSL_free(ctx);
93 }
94
95int X509_LOOKUP_init(X509_LOOKUP *ctx)
96 {
97 if (ctx->method == NULL) return 0;
98 if (ctx->method->init != NULL)
99 return ctx->method->init(ctx);
100 else
101 return 1;
102 }
103
104int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
105 {
106 if (ctx->method == NULL) return 0;
107 if (ctx->method->shutdown != NULL)
108 return ctx->method->shutdown(ctx);
109 else
110 return 1;
111 }
112
113int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
114 char **ret)
115 {
116 if (ctx->method == NULL) return -1;
117 if (ctx->method->ctrl != NULL)
118 return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
119 else
120 return 1;
121 }
122
123int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
124 X509_OBJECT *ret)
125 {
126 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
127 return X509_LU_FAIL;
128 if (ctx->skip) return 0;
129 return ctx->method->get_by_subject(ctx,type,name,ret);
130 }
131
132int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
133 ASN1_INTEGER *serial, X509_OBJECT *ret)
134 {
135 if ((ctx->method == NULL) ||
136 (ctx->method->get_by_issuer_serial == NULL))
137 return X509_LU_FAIL;
138 return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
139 }
140
141int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
142 unsigned char *bytes, int len, X509_OBJECT *ret)
143 {
144 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
145 return X509_LU_FAIL;
146 return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
147 }
148
149int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
150 X509_OBJECT *ret)
151 {
152 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
153 return X509_LU_FAIL;
154 return ctx->method->get_by_alias(ctx,type,str,len,ret);
155 }
156
157
158static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
159 {
160 int ret;
161
162 ret=((*a)->type - (*b)->type);
163 if (ret) return ret;
164 switch ((*a)->type)
165 {
166 case X509_LU_X509:
167 ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
168 break;
169 case X509_LU_CRL:
170 ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
171 break;
172 default:
173 /* abort(); */
174 return 0;
175 }
176 return ret;
177 }
178
179X509_STORE *X509_STORE_new(void)
180 {
181 X509_STORE *ret;
182
183 if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
184 return NULL;
185 ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
186 ret->cache=1;
187 ret->get_cert_methods=sk_X509_LOOKUP_new_null();
188 ret->verify=NULL;
189 ret->verify_cb=NULL;
190 memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
191 ret->references=1;
192 ret->depth=0;
193 return ret;
194 }
195
196static void cleanup(X509_OBJECT *a)
197 {
198 if (a->type == X509_LU_X509)
199 {
200 X509_free(a->data.x509);
201 }
202 else if (a->type == X509_LU_CRL)
203 {
204 X509_CRL_free(a->data.crl);
205 }
206 else
207 {
208 /* abort(); */
209 }
210
211 OPENSSL_free(a);
212 }
213
214void X509_STORE_free(X509_STORE *vfy)
215 {
216 int i;
217 STACK_OF(X509_LOOKUP) *sk;
218 X509_LOOKUP *lu;
219
220 if (vfy == NULL)
221 return;
222
223 sk=vfy->get_cert_methods;
224 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
225 {
226 lu=sk_X509_LOOKUP_value(sk,i);
227 X509_LOOKUP_shutdown(lu);
228 X509_LOOKUP_free(lu);
229 }
230 sk_X509_LOOKUP_free(sk);
231 sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
232
233 CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
234 OPENSSL_free(vfy);
235 }
236
237X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
238 {
239 int i;
240 STACK_OF(X509_LOOKUP) *sk;
241 X509_LOOKUP *lu;
242
243 sk=v->get_cert_methods;
244 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
245 {
246 lu=sk_X509_LOOKUP_value(sk,i);
247 if (m == lu->method)
248 {
249 return lu;
250 }
251 }
252 /* a new one */
253 lu=X509_LOOKUP_new(m);
254 if (lu == NULL)
255 return NULL;
256 else
257 {
258 lu->store_ctx=v;
259 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
260 return lu;
261 else
262 {
263 X509_LOOKUP_free(lu);
264 return NULL;
265 }
266 }
267 }
268
269int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
270 X509_OBJECT *ret)
271 {
272 X509_STORE *ctx=vs->ctx;
273 X509_LOOKUP *lu;
274 X509_OBJECT stmp,*tmp;
275 int i,j;
276
277 tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
278
279 if (tmp == NULL)
280 {
281 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
282 {
283 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
284 j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
285 if (j < 0)
286 {
287 vs->current_method=j;
288 return j;
289 }
290 else if (j)
291 {
292 tmp= &stmp;
293 break;
294 }
295 }
296 vs->current_method=0;
297 if (tmp == NULL)
298 return 0;
299 }
300
301/* if (ret->data.ptr != NULL)
302 X509_OBJECT_free_contents(ret); */
303
304 ret->type=tmp->type;
305 ret->data.ptr=tmp->data.ptr;
306
307 X509_OBJECT_up_ref_count(ret);
308
309 return 1;
310 }
311
312int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
313 {
314 X509_OBJECT *obj;
315 int ret=1;
316
317 if (x == NULL) return 0;
318 obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
319 if (obj == NULL)
320 {
321 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
322 return 0;
323 }
324 obj->type=X509_LU_X509;
325 obj->data.x509=x;
326
327 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
328
329 X509_OBJECT_up_ref_count(obj);
330
331
332 if (X509_OBJECT_retrieve_match(ctx->objs, obj))
333 {
334 X509_OBJECT_free_contents(obj);
335 OPENSSL_free(obj);
336 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
337 ret=0;
338 }
339 else sk_X509_OBJECT_push(ctx->objs, obj);
340
341 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
342
343 return ret;
344 }
345
346int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
347 {
348 X509_OBJECT *obj;
349 int ret=1;
350
351 if (x == NULL) return 0;
352 obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
353 if (obj == NULL)
354 {
355 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
356 return 0;
357 }
358 obj->type=X509_LU_CRL;
359 obj->data.crl=x;
360
361 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
362
363 X509_OBJECT_up_ref_count(obj);
364
365 if (X509_OBJECT_retrieve_match(ctx->objs, obj))
366 {
367 X509_OBJECT_free_contents(obj);
368 OPENSSL_free(obj);
369 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
370 ret=0;
371 }
372 else sk_X509_OBJECT_push(ctx->objs, obj);
373
374 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
375
376 return ret;
377 }
378
379void X509_OBJECT_up_ref_count(X509_OBJECT *a)
380 {
381 switch (a->type)
382 {
383 case X509_LU_X509:
384 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
385 break;
386 case X509_LU_CRL:
387 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
388 break;
389 }
390 }
391
392void X509_OBJECT_free_contents(X509_OBJECT *a)
393 {
394 switch (a->type)
395 {
396 case X509_LU_X509:
397 X509_free(a->data.x509);
398 break;
399 case X509_LU_CRL:
400 X509_CRL_free(a->data.crl);
401 break;
402 }
403 }
404
405int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
406 X509_NAME *name)
407 {
408 X509_OBJECT stmp;
409 X509 x509_s;
410 X509_CINF cinf_s;
411 X509_CRL crl_s;
412 X509_CRL_INFO crl_info_s;
413
414 stmp.type=type;
415 switch (type)
416 {
417 case X509_LU_X509:
418 stmp.data.x509= &x509_s;
419 x509_s.cert_info= &cinf_s;
420 cinf_s.subject=name;
421 break;
422 case X509_LU_CRL:
423 stmp.data.crl= &crl_s;
424 crl_s.crl= &crl_info_s;
425 crl_info_s.issuer=name;
426 break;
427 default:
428 /* abort(); */
429 return -1;
430 }
431
432 return sk_X509_OBJECT_find(h,&stmp);
433 }
434
435X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
436 X509_NAME *name)
437{
438 int idx;
439 idx = X509_OBJECT_idx_by_subject(h, type, name);
440 if (idx==-1) return NULL;
441 return sk_X509_OBJECT_value(h, idx);
442}
443
444X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
445{
446 int idx, i;
447 X509_OBJECT *obj;
448 idx = sk_X509_OBJECT_find(h, x);
449 if (idx == -1) return NULL;
450 if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
451 for (i = idx; i < sk_X509_OBJECT_num(h); i++)
452 {
453 obj = sk_X509_OBJECT_value(h, i);
454 if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
455 return NULL;
456 if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
457 return obj;
458 }
459 return NULL;
460}
461
462
463/* Try to get issuer certificate from store. Due to limitations
464 * of the API this can only retrieve a single certificate matching
465 * a given subject name. However it will fill the cache with all
466 * matching certificates, so we can examine the cache for all
467 * matches.
468 *
469 * Return values are:
470 * 1 lookup successful.
471 * 0 certificate not found.
472 * -1 some other error.
473 */
474
475
476int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
477{
478 X509_NAME *xn;
479 X509_OBJECT obj, *pobj;
480 int i, ok, idx;
481 xn=X509_get_issuer_name(x);
482 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
483 if (ok != X509_LU_X509)
484 {
485 if (ok == X509_LU_RETRY)
486 {
487 X509_OBJECT_free_contents(&obj);
488 X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
489 return -1;
490 }
491 else if (ok != X509_LU_FAIL)
492 {
493 X509_OBJECT_free_contents(&obj);
494 /* not good :-(, break anyway */
495 return -1;
496 }
497 return 0;
498 }
499 /* If certificate matches all OK */
500 if (ctx->check_issued(ctx, x, obj.data.x509))
501 {
502 *issuer = obj.data.x509;
503 return 1;
504 }
505 X509_OBJECT_free_contents(&obj);
506 /* Else find index of first matching cert */
507 idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
508 /* This shouldn't normally happen since we already have one match */
509 if (idx == -1) return 0;
510
511 /* Look through all matching certificates for a suitable issuer */
512 for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
513 {
514 pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
515 /* See if we've ran out of matches */
516 if (pobj->type != X509_LU_X509) return 0;
517 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
518 if (ctx->check_issued(ctx, x, pobj->data.x509))
519 {
520 *issuer = pobj->data.x509;
521 X509_OBJECT_up_ref_count(pobj);
522 return 1;
523 }
524 }
525 return 0;
526}
527
528IMPLEMENT_STACK_OF(X509_LOOKUP)
529IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
deleted file mode 100644
index f0271fdfa1..0000000000
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ /dev/null
@@ -1,225 +0,0 @@
1/* crypto/x509/x509_obj.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/buffer.h>
65
66char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
67 {
68 X509_NAME_ENTRY *ne;
69int i;
70 int n,lold,l,l1,l2,num,j,type;
71 const char *s;
72 char *p;
73 unsigned char *q;
74 BUF_MEM *b=NULL;
75 static char hex[17]="0123456789ABCDEF";
76 int gs_doit[4];
77 char tmp_buf[80];
78#ifdef CHARSET_EBCDIC
79 char ebcdic_buf[1024];
80#endif
81
82 if (buf == NULL)
83 {
84 if ((b=BUF_MEM_new()) == NULL) goto err;
85 if (!BUF_MEM_grow(b,200)) goto err;
86 b->data[0]='\0';
87 len=200;
88 }
89 if (a == NULL)
90 {
91 if(b)
92 {
93 buf=b->data;
94 OPENSSL_free(b);
95 }
96 strncpy(buf,"NO X509_NAME",len);
97 return buf;
98 }
99
100 len--; /* space for '\0' */
101 l=0;
102 for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
103 {
104 ne=sk_X509_NAME_ENTRY_value(a->entries,i);
105 n=OBJ_obj2nid(ne->object);
106 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
107 {
108 i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
109 s=tmp_buf;
110 }
111 l1=strlen(s);
112
113 type=ne->value->type;
114 num=ne->value->length;
115 q=ne->value->data;
116#ifdef CHARSET_EBCDIC
117 if (type == V_ASN1_GENERALSTRING ||
118 type == V_ASN1_VISIBLESTRING ||
119 type == V_ASN1_PRINTABLESTRING ||
120 type == V_ASN1_TELETEXSTRING ||
121 type == V_ASN1_VISIBLESTRING ||
122 type == V_ASN1_IA5STRING) {
123 ascii2ebcdic(ebcdic_buf, q,
124 (num > sizeof ebcdic_buf)
125 ? sizeof ebcdic_buf : num);
126 q=ebcdic_buf;
127 }
128#endif
129
130 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
131 {
132 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
133 for (j=0; j<num; j++)
134 if (q[j] != 0) gs_doit[j&3]=1;
135
136 if (gs_doit[0]|gs_doit[1]|gs_doit[2])
137 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
138 else
139 {
140 gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
141 gs_doit[3]=1;
142 }
143 }
144 else
145 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
146
147 for (l2=j=0; j<num; j++)
148 {
149 if (!gs_doit[j&3]) continue;
150 l2++;
151#ifndef CHARSET_EBCDIC
152 if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
153#else
154 if ((os_toascii[q[j]] < os_toascii[' ']) ||
155 (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
156#endif
157 }
158
159 lold=l;
160 l+=1+l1+1+l2;
161 if (b != NULL)
162 {
163 if (!BUF_MEM_grow(b,l+1)) goto err;
164 p= &(b->data[lold]);
165 }
166 else if (l > len)
167 {
168 break;
169 }
170 else
171 p= &(buf[lold]);
172 *(p++)='/';
173 memcpy(p,s,(unsigned int)l1); p+=l1;
174 *(p++)='=';
175
176#ifndef CHARSET_EBCDIC /* q was assigned above already. */
177 q=ne->value->data;
178#endif
179
180 for (j=0; j<num; j++)
181 {
182 if (!gs_doit[j&3]) continue;
183#ifndef CHARSET_EBCDIC
184 n=q[j];
185 if ((n < ' ') || (n > '~'))
186 {
187 *(p++)='\\';
188 *(p++)='x';
189 *(p++)=hex[(n>>4)&0x0f];
190 *(p++)=hex[n&0x0f];
191 }
192 else
193 *(p++)=n;
194#else
195 n=os_toascii[q[j]];
196 if ((n < os_toascii[' ']) ||
197 (n > os_toascii['~']))
198 {
199 *(p++)='\\';
200 *(p++)='x';
201 *(p++)=hex[(n>>4)&0x0f];
202 *(p++)=hex[n&0x0f];
203 }
204 else
205 *(p++)=q[j];
206#endif
207 }
208 *p='\0';
209 }
210 if (b != NULL)
211 {
212 p=b->data;
213 OPENSSL_free(b);
214 }
215 else
216 p=buf;
217 if (i == 0)
218 *p = '\0';
219 return(p);
220err:
221 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
222 if (b != NULL) BUF_MEM_free(b);
223 return(NULL);
224 }
225
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
deleted file mode 100644
index db051033d9..0000000000
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ /dev/null
@@ -1,110 +0,0 @@
1/* crypto/x509/x509_r2x.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67
68X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
69 {
70 X509 *ret=NULL;
71 X509_CINF *xi=NULL;
72 X509_NAME *xn;
73
74 if ((ret=X509_new()) == NULL)
75 {
76 X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
77 goto err;
78 }
79
80 /* duplicate the request */
81 xi=ret->cert_info;
82
83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
84 {
85 if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
86 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
87/* xi->extensions=ri->attributes; <- bad, should not ever be done
88 ri->attributes=NULL; */
89 }
90
91 xn=X509_REQ_get_subject_name(r);
92 X509_set_subject_name(ret,X509_NAME_dup(xn));
93 X509_set_issuer_name(ret,X509_NAME_dup(xn));
94
95 X509_gmtime_adj(xi->validity->notBefore,0);
96 X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days);
97
98 X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
99
100 if (!X509_sign(ret,pkey,EVP_md5()))
101 goto err;
102 if (0)
103 {
104err:
105 X509_free(ret);
106 ret=NULL;
107 }
108 return(ret);
109 }
110
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
deleted file mode 100644
index 7eca1bd57a..0000000000
--- a/src/lib/libcrypto/x509/x509_req.c
+++ /dev/null
@@ -1,278 +0,0 @@
1/* crypto/x509/x509_req.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67#include <openssl/pem.h>
68
69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
70 {
71 X509_REQ *ret;
72 X509_REQ_INFO *ri;
73 int i;
74 EVP_PKEY *pktmp;
75
76 ret=X509_REQ_new();
77 if (ret == NULL)
78 {
79 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
80 goto err;
81 }
82
83 ri=ret->req_info;
84
85 ri->version->length=1;
86 ri->version->data=(unsigned char *)OPENSSL_malloc(1);
87 if (ri->version->data == NULL) goto err;
88 ri->version->data[0]=0; /* version == 0 */
89
90 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
91 goto err;
92
93 pktmp = X509_get_pubkey(x);
94 i=X509_REQ_set_pubkey(ret,pktmp);
95 EVP_PKEY_free(pktmp);
96 if (!i) goto err;
97
98 if (pkey != NULL)
99 {
100 if (!X509_REQ_sign(ret,pkey,md))
101 goto err;
102 }
103 return(ret);
104err:
105 X509_REQ_free(ret);
106 return(NULL);
107 }
108
109EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
110 {
111 if ((req == NULL) || (req->req_info == NULL))
112 return(NULL);
113 return(X509_PUBKEY_get(req->req_info->pubkey));
114 }
115
116/* It seems several organisations had the same idea of including a list of
117 * extensions in a certificate request. There are at least two OIDs that are
118 * used and there may be more: so the list is configurable.
119 */
120
121static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
122
123static int *ext_nids = ext_nid_list;
124
125int X509_REQ_extension_nid(int req_nid)
126{
127 int i, nid;
128 for(i = 0; ; i++) {
129 nid = ext_nids[i];
130 if(nid == NID_undef) return 0;
131 else if (req_nid == nid) return 1;
132 }
133}
134
135int *X509_REQ_get_extension_nids(void)
136{
137 return ext_nids;
138}
139
140void X509_REQ_set_extension_nids(int *nids)
141{
142 ext_nids = nids;
143}
144
145STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
146{
147 X509_ATTRIBUTE *attr;
148 STACK_OF(X509_ATTRIBUTE) *sk;
149 ASN1_TYPE *ext = NULL;
150 int i;
151 unsigned char *p;
152 if ((req == NULL) || (req->req_info == NULL))
153 return(NULL);
154 sk=req->req_info->attributes;
155 if (!sk) return NULL;
156 for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
157 attr = sk_X509_ATTRIBUTE_value(sk, i);
158 if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
159 if(attr->set && sk_ASN1_TYPE_num(attr->value.set))
160 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
161 else ext = attr->value.single;
162 break;
163 }
164 }
165 if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL;
166 p = ext->value.sequence->data;
167 return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
168 ext->value.sequence->length,
169 d2i_X509_EXTENSION, X509_EXTENSION_free,
170 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
171}
172
173/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
174 * in case we want to create a non standard one.
175 */
176
177int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
178 int nid)
179{
180 unsigned char *p = NULL, *q;
181 long len;
182 ASN1_TYPE *at = NULL;
183 X509_ATTRIBUTE *attr = NULL;
184 if(!(at = ASN1_TYPE_new()) ||
185 !(at->value.sequence = ASN1_STRING_new())) goto err;
186
187 at->type = V_ASN1_SEQUENCE;
188 /* Generate encoding of extensions */
189 len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
190 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
191 if(!(p = OPENSSL_malloc(len))) goto err;
192 q = p;
193 i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
194 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
195 at->value.sequence->data = p;
196 p = NULL;
197 at->value.sequence->length = len;
198 if(!(attr = X509_ATTRIBUTE_new())) goto err;
199 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
200 if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
201 at = NULL;
202 attr->set = 1;
203 attr->object = OBJ_nid2obj(nid);
204 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
205 return 1;
206 err:
207 if(p) OPENSSL_free(p);
208 X509_ATTRIBUTE_free(attr);
209 ASN1_TYPE_free(at);
210 return 0;
211}
212/* This is the normal usage: use the "official" OID */
213int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
214{
215 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
216}
217
218/* Request attribute functions */
219
220int X509_REQ_get_attr_count(const X509_REQ *req)
221{
222 return X509at_get_attr_count(req->req_info->attributes);
223}
224
225int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
226 int lastpos)
227{
228 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
229}
230
231int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
232 int lastpos)
233{
234 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
235}
236
237X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
238{
239 return X509at_get_attr(req->req_info->attributes, loc);
240}
241
242X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
243{
244 return X509at_delete_attr(req->req_info->attributes, loc);
245}
246
247int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
248{
249 if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
250 return 0;
251}
252
253int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
254 ASN1_OBJECT *obj, int type,
255 unsigned char *bytes, int len)
256{
257 if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
258 type, bytes, len)) return 1;
259 return 0;
260}
261
262int X509_REQ_add1_attr_by_NID(X509_REQ *req,
263 int nid, int type,
264 unsigned char *bytes, int len)
265{
266 if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
267 type, bytes, len)) return 1;
268 return 0;
269}
270
271int X509_REQ_add1_attr_by_txt(X509_REQ *req,
272 char *attrname, int type,
273 unsigned char *bytes, int len)
274{
275 if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
276 type, bytes, len)) return 1;
277 return 0;
278}
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
deleted file mode 100644
index aaf61ca062..0000000000
--- a/src/lib/libcrypto/x509/x509_set.c
+++ /dev/null
@@ -1,150 +0,0 @@
1/* crypto/x509/x509_set.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_set_version(X509 *x, long version)
67 {
68 if (x == NULL) return(0);
69 if (x->cert_info->version == NULL)
70 {
71 if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
72 return(0);
73 }
74 return(ASN1_INTEGER_set(x->cert_info->version,version));
75 }
76
77int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
78 {
79 ASN1_INTEGER *in;
80
81 if (x == NULL) return(0);
82 in=x->cert_info->serialNumber;
83 if (in != serial)
84 {
85 in=M_ASN1_INTEGER_dup(serial);
86 if (in != NULL)
87 {
88 M_ASN1_INTEGER_free(x->cert_info->serialNumber);
89 x->cert_info->serialNumber=in;
90 }
91 }
92 return(in != NULL);
93 }
94
95int X509_set_issuer_name(X509 *x, X509_NAME *name)
96 {
97 if ((x == NULL) || (x->cert_info == NULL)) return(0);
98 return(X509_NAME_set(&x->cert_info->issuer,name));
99 }
100
101int X509_set_subject_name(X509 *x, X509_NAME *name)
102 {
103 if ((x == NULL) || (x->cert_info == NULL)) return(0);
104 return(X509_NAME_set(&x->cert_info->subject,name));
105 }
106
107int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
108 {
109 ASN1_TIME *in;
110
111 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
112 in=x->cert_info->validity->notBefore;
113 if (in != tm)
114 {
115 in=M_ASN1_TIME_dup(tm);
116 if (in != NULL)
117 {
118 M_ASN1_TIME_free(x->cert_info->validity->notBefore);
119 x->cert_info->validity->notBefore=in;
120 }
121 }
122 return(in != NULL);
123 }
124
125int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
126 {
127 ASN1_TIME *in;
128
129 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
130 in=x->cert_info->validity->notAfter;
131 if (in != tm)
132 {
133 in=M_ASN1_TIME_dup(tm);
134 if (in != NULL)
135 {
136 M_ASN1_TIME_free(x->cert_info->validity->notAfter);
137 x->cert_info->validity->notAfter=in;
138 }
139 }
140 return(in != NULL);
141 }
142
143int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
144 {
145 if ((x == NULL) || (x->cert_info == NULL)) return(0);
146 return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
147 }
148
149
150
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
deleted file mode 100644
index 86b3b79dcc..0000000000
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ /dev/null
@@ -1,267 +0,0 @@
1/* x509_trs.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63
64static int tr_cmp(const X509_TRUST * const *a,
65 const X509_TRUST * const *b);
66static void trtable_free(X509_TRUST *p);
67
68static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
69static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
70
71static int obj_trust(int id, X509 *x, int flags);
72static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
73
74/* WARNING: the following table should be kept in order of trust
75 * and without any gaps so we can just subtract the minimum trust
76 * value to get an index into the table
77 */
78
79static X509_TRUST trstandard[] = {
80{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
81{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
82{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
83{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
84};
85
86#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
87
88IMPLEMENT_STACK_OF(X509_TRUST)
89
90static STACK_OF(X509_TRUST) *trtable = NULL;
91
92static int tr_cmp(const X509_TRUST * const *a,
93 const X509_TRUST * const *b)
94{
95 return (*a)->trust - (*b)->trust;
96}
97
98int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
99{
100int (*oldtrust)(int , X509 *, int);
101oldtrust = default_trust;
102default_trust = trust;
103return oldtrust;
104}
105
106
107int X509_check_trust(X509 *x, int id, int flags)
108{
109 X509_TRUST *pt;
110 int idx;
111 if(id == -1) return 1;
112 idx = X509_TRUST_get_by_id(id);
113 if(idx == -1) return default_trust(id, x, flags);
114 pt = X509_TRUST_get0(idx);
115 return pt->check_trust(pt, x, flags);
116}
117
118int X509_TRUST_get_count(void)
119{
120 if(!trtable) return X509_TRUST_COUNT;
121 return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
122}
123
124X509_TRUST * X509_TRUST_get0(int idx)
125{
126 if(idx < 0) return NULL;
127 if(idx < X509_TRUST_COUNT) return trstandard + idx;
128 return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
129}
130
131int X509_TRUST_get_by_id(int id)
132{
133 X509_TRUST tmp;
134 int idx;
135 if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
136 return id - X509_TRUST_MIN;
137 tmp.trust = id;
138 if(!trtable) return -1;
139 idx = sk_X509_TRUST_find(trtable, &tmp);
140 if(idx == -1) return -1;
141 return idx + X509_TRUST_COUNT;
142}
143
144int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
145 char *name, int arg1, void *arg2)
146{
147 int idx;
148 X509_TRUST *trtmp;
149 /* This is set according to what we change: application can't set it */
150 flags &= ~X509_TRUST_DYNAMIC;
151 /* This will always be set for application modified trust entries */
152 flags |= X509_TRUST_DYNAMIC_NAME;
153 /* Get existing entry if any */
154 idx = X509_TRUST_get_by_id(id);
155 /* Need a new entry */
156 if(idx == -1) {
157 if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
158 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
159 return 0;
160 }
161 trtmp->flags = X509_TRUST_DYNAMIC;
162 } else trtmp = X509_TRUST_get0(idx);
163
164 /* OPENSSL_free existing name if dynamic */
165 if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
166 /* dup supplied name */
167 if(!(trtmp->name = BUF_strdup(name))) {
168 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
169 return 0;
170 }
171 /* Keep the dynamic flag of existing entry */
172 trtmp->flags &= X509_TRUST_DYNAMIC;
173 /* Set all other flags */
174 trtmp->flags |= flags;
175
176 trtmp->trust = id;
177 trtmp->check_trust = ck;
178 trtmp->arg1 = arg1;
179 trtmp->arg2 = arg2;
180
181 /* If its a new entry manage the dynamic table */
182 if(idx == -1) {
183 if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
184 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
185 return 0;
186 }
187 if (!sk_X509_TRUST_push(trtable, trtmp)) {
188 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
189 return 0;
190 }
191 }
192 return 1;
193}
194
195static void trtable_free(X509_TRUST *p)
196 {
197 if(!p) return;
198 if (p->flags & X509_TRUST_DYNAMIC)
199 {
200 if (p->flags & X509_TRUST_DYNAMIC_NAME)
201 OPENSSL_free(p->name);
202 OPENSSL_free(p);
203 }
204 }
205
206void X509_TRUST_cleanup(void)
207{
208 int i;
209 for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
210 sk_X509_TRUST_pop_free(trtable, trtable_free);
211 trtable = NULL;
212}
213
214int X509_TRUST_get_flags(X509_TRUST *xp)
215{
216 return xp->flags;
217}
218
219char *X509_TRUST_get0_name(X509_TRUST *xp)
220{
221 return xp->name;
222}
223
224int X509_TRUST_get_trust(X509_TRUST *xp)
225{
226 return xp->trust;
227}
228
229static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
230{
231 if(x->aux && (x->aux->trust || x->aux->reject))
232 return obj_trust(trust->arg1, x, flags);
233 /* we don't have any trust settings: for compatibility
234 * we return trusted if it is self signed
235 */
236 return trust_compat(trust, x, flags);
237}
238
239static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
240{
241 X509_check_purpose(x, -1, 0);
242 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
243 else return X509_TRUST_UNTRUSTED;
244}
245
246static int obj_trust(int id, X509 *x, int flags)
247{
248 ASN1_OBJECT *obj;
249 int i;
250 X509_CERT_AUX *ax;
251 ax = x->aux;
252 if(!ax) return X509_TRUST_UNTRUSTED;
253 if(ax->reject) {
254 for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
255 obj = sk_ASN1_OBJECT_value(ax->reject, i);
256 if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
257 }
258 }
259 if(ax->trust) {
260 for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
261 obj = sk_ASN1_OBJECT_value(ax->trust, i);
262 if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
263 }
264 }
265 return X509_TRUST_UNTRUSTED;
266}
267
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
deleted file mode 100644
index cfb478d4bc..0000000000
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ /dev/null
@@ -1,150 +0,0 @@
1/* crypto/x509/x509_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/lhash.h>
65#include <openssl/buffer.h>
66#include <openssl/evp.h>
67#include <openssl/asn1.h>
68#include <openssl/x509.h>
69#include <openssl/objects.h>
70
71const char *X509_verify_cert_error_string(long n)
72 {
73 static char buf[100];
74
75 switch ((int)n)
76 {
77 case X509_V_OK:
78 return("ok");
79 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
80 return("unable to get issuer certificate");
81 case X509_V_ERR_UNABLE_TO_GET_CRL:
82 return("unable to get certificate CRL");
83 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
84 return("unable to decrypt certificate's signature");
85 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
86 return("unable to decrypt CRL's's signature");
87 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
88 return("unable to decode issuer public key");
89 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
90 return("certificate signature failure");
91 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
92 return("CRL signature failure");
93 case X509_V_ERR_CERT_NOT_YET_VALID:
94 return("certificate is not yet valid");
95 case X509_V_ERR_CRL_NOT_YET_VALID:
96 return("CRL is not yet valid");
97 case X509_V_ERR_CERT_HAS_EXPIRED:
98 return("Certificate has expired");
99 case X509_V_ERR_CRL_HAS_EXPIRED:
100 return("CRL has expired");
101 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
102 return("format error in certificate's notBefore field");
103 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
104 return("format error in certificate's notAfter field");
105 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
106 return("format error in CRL's lastUpdate field");
107 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
108 return("format error in CRL's nextUpdate field");
109 case X509_V_ERR_OUT_OF_MEM:
110 return("out of memory");
111 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
112 return("self signed certificate");
113 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
114 return("self signed certificate in certificate chain");
115 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
116 return("unable to get local issuer certificate");
117 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
118 return("unable to verify the first certificate");
119 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
120 return("certificate chain too long");
121 case X509_V_ERR_CERT_REVOKED:
122 return("certificate revoked");
123 case X509_V_ERR_INVALID_CA:
124 return ("invalid CA certificate");
125 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
126 return ("path length constraint exceeded");
127 case X509_V_ERR_INVALID_PURPOSE:
128 return ("unsupported certificate purpose");
129 case X509_V_ERR_CERT_UNTRUSTED:
130 return ("certificate not trusted");
131 case X509_V_ERR_CERT_REJECTED:
132 return ("certificate rejected");
133 case X509_V_ERR_APPLICATION_VERIFICATION:
134 return("application verification failure");
135 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
136 return("subject issuer mismatch");
137 case X509_V_ERR_AKID_SKID_MISMATCH:
138 return("authority and subject key identifier mismatch");
139 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
140 return("authority and issuer serial number mismatch");
141 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
142 return("key usage does not include certificate signing");
143
144 default:
145 sprintf(buf,"error number %ld",n);
146 return(buf);
147 }
148 }
149
150
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
deleted file mode 100644
index 52887986fe..0000000000
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ /dev/null
@@ -1,267 +0,0 @@
1/* crypto/x509/x509_v3.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
69 {
70 if (x == NULL) return(0);
71 return(sk_X509_EXTENSION_num(x));
72 }
73
74int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
75 int lastpos)
76 {
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
82 }
83
84int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86 {
87 int n;
88 X509_EXTENSION *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_EXTENSION_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_EXTENSION_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102 }
103
104int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
105 int lastpos)
106 {
107 int n;
108 X509_EXTENSION *ex;
109
110 if (sk == NULL) return(-1);
111 lastpos++;
112 if (lastpos < 0)
113 lastpos=0;
114 n=sk_X509_EXTENSION_num(sk);
115 for ( ; lastpos < n; lastpos++)
116 {
117 ex=sk_X509_EXTENSION_value(sk,lastpos);
118 if ( (ex->critical && crit) ||
119 (!ex->critical && !crit))
120 return(lastpos);
121 }
122 return(-1);
123 }
124
125X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
126 {
127 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
128 return NULL;
129 else
130 return sk_X509_EXTENSION_value(x,loc);
131 }
132
133X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
134 {
135 X509_EXTENSION *ret;
136
137 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
138 return(NULL);
139 ret=sk_X509_EXTENSION_delete(x,loc);
140 return(ret);
141 }
142
143STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
144 X509_EXTENSION *ex, int loc)
145 {
146 X509_EXTENSION *new_ex=NULL;
147 int n;
148 STACK_OF(X509_EXTENSION) *sk=NULL;
149
150 if ((x != NULL) && (*x == NULL))
151 {
152 if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
153 goto err;
154 }
155 else
156 sk= *x;
157
158 n=sk_X509_EXTENSION_num(sk);
159 if (loc > n) loc=n;
160 else if (loc < 0) loc=n;
161
162 if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
163 goto err2;
164 if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
165 goto err;
166 if ((x != NULL) && (*x == NULL))
167 *x=sk;
168 return(sk);
169err:
170 X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
171err2:
172 if (new_ex != NULL) X509_EXTENSION_free(new_ex);
173 if (sk != NULL) sk_X509_EXTENSION_free(sk);
174 return(NULL);
175 }
176
177X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
178 int crit, ASN1_OCTET_STRING *data)
179 {
180 ASN1_OBJECT *obj;
181 X509_EXTENSION *ret;
182
183 obj=OBJ_nid2obj(nid);
184 if (obj == NULL)
185 {
186 X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
187 return(NULL);
188 }
189 ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
190 if (ret == NULL) ASN1_OBJECT_free(obj);
191 return(ret);
192 }
193
194X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
195 ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
196 {
197 X509_EXTENSION *ret;
198
199 if ((ex == NULL) || (*ex == NULL))
200 {
201 if ((ret=X509_EXTENSION_new()) == NULL)
202 {
203 X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
204 return(NULL);
205 }
206 }
207 else
208 ret= *ex;
209
210 if (!X509_EXTENSION_set_object(ret,obj))
211 goto err;
212 if (!X509_EXTENSION_set_critical(ret,crit))
213 goto err;
214 if (!X509_EXTENSION_set_data(ret,data))
215 goto err;
216
217 if ((ex != NULL) && (*ex == NULL)) *ex=ret;
218 return(ret);
219err:
220 if ((ex == NULL) || (ret != *ex))
221 X509_EXTENSION_free(ret);
222 return(NULL);
223 }
224
225int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
226 {
227 if ((ex == NULL) || (obj == NULL))
228 return(0);
229 ASN1_OBJECT_free(ex->object);
230 ex->object=OBJ_dup(obj);
231 return(1);
232 }
233
234int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
235 {
236 if (ex == NULL) return(0);
237 ex->critical=(crit)?0xFF:0;
238 return(1);
239 }
240
241int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
242 {
243 int i;
244
245 if (ex == NULL) return(0);
246 i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
247 if (!i) return(0);
248 return(1);
249 }
250
251ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
252 {
253 if (ex == NULL) return(NULL);
254 return(ex->object);
255 }
256
257ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
258 {
259 if (ex == NULL) return(NULL);
260 return(ex->value);
261 }
262
263int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
264 {
265 if (ex == NULL) return(0);
266 return(ex->critical);
267 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
deleted file mode 100644
index 0f4110cc64..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ /dev/null
@@ -1,920 +0,0 @@
1/* crypto/x509/x509_vfy.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/crypto.h>
65#include <openssl/lhash.h>
66#include <openssl/buffer.h>
67#include <openssl/evp.h>
68#include <openssl/asn1.h>
69#include <openssl/x509.h>
70#include <openssl/x509v3.h>
71#include <openssl/objects.h>
72
73static int null_callback(int ok,X509_STORE_CTX *e);
74static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
75static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
76static int check_chain_purpose(X509_STORE_CTX *ctx);
77static int check_trust(X509_STORE_CTX *ctx);
78static int internal_verify(X509_STORE_CTX *ctx);
79const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
80
81static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
82static int x509_store_ctx_num=0;
83#if 0
84static int x509_store_num=1;
85static STACK *x509_store_method=NULL;
86#endif
87
88static int null_callback(int ok, X509_STORE_CTX *e)
89 {
90 return ok;
91 }
92
93#if 0
94static int x509_subject_cmp(X509 **a, X509 **b)
95 {
96 return X509_subject_name_cmp(*a,*b);
97 }
98#endif
99
100int X509_verify_cert(X509_STORE_CTX *ctx)
101 {
102 X509 *x,*xtmp,*chain_ss=NULL;
103 X509_NAME *xn;
104 int depth,i,ok=0;
105 int num;
106 int (*cb)();
107 STACK_OF(X509) *sktmp=NULL;
108
109 if (ctx->cert == NULL)
110 {
111 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
112 return -1;
113 }
114
115 cb=ctx->verify_cb;
116 if (cb == NULL) cb=null_callback;
117
118 /* first we make sure the chain we are going to build is
119 * present and that the first entry is in place */
120 if (ctx->chain == NULL)
121 {
122 if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
123 (!sk_X509_push(ctx->chain,ctx->cert)))
124 {
125 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
126 goto end;
127 }
128 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
129 ctx->last_untrusted=1;
130 }
131
132 /* We use a temporary STACK so we can chop and hack at it */
133 if (ctx->untrusted != NULL
134 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
135 {
136 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
137 goto end;
138 }
139
140 num=sk_X509_num(ctx->chain);
141 x=sk_X509_value(ctx->chain,num-1);
142 depth=ctx->depth;
143
144
145 for (;;)
146 {
147 /* If we have enough, we break */
148 if (depth < num) break; /* FIXME: If this happens, we should take
149 * note of it and, if appropriate, use the
150 * X509_V_ERR_CERT_CHAIN_TOO_LONG error
151 * code later.
152 */
153
154 /* If we are self signed, we break */
155 xn=X509_get_issuer_name(x);
156 if (ctx->check_issued(ctx, x,x)) break;
157
158 /* If we were passed a cert chain, use it first */
159 if (ctx->untrusted != NULL)
160 {
161 xtmp=find_issuer(ctx, sktmp,x);
162 if (xtmp != NULL)
163 {
164 if (!sk_X509_push(ctx->chain,xtmp))
165 {
166 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
167 goto end;
168 }
169 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
170 sk_X509_delete_ptr(sktmp,xtmp);
171 ctx->last_untrusted++;
172 x=xtmp;
173 num++;
174 /* reparse the full chain for
175 * the next one */
176 continue;
177 }
178 }
179 break;
180 }
181
182 /* at this point, chain should contain a list of untrusted
183 * certificates. We now need to add at least one trusted one,
184 * if possible, otherwise we complain. */
185
186 /* Examine last certificate in chain and see if it
187 * is self signed.
188 */
189
190 i=sk_X509_num(ctx->chain);
191 x=sk_X509_value(ctx->chain,i-1);
192 xn = X509_get_subject_name(x);
193 if (ctx->check_issued(ctx, x, x))
194 {
195 /* we have a self signed certificate */
196 if (sk_X509_num(ctx->chain) == 1)
197 {
198 /* We have a single self signed certificate: see if
199 * we can find it in the store. We must have an exact
200 * match to avoid possible impersonation.
201 */
202 ok = ctx->get_issuer(&xtmp, ctx, x);
203 if ((ok <= 0) || X509_cmp(x, xtmp))
204 {
205 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
206 ctx->current_cert=x;
207 ctx->error_depth=i-1;
208 if (ok == 1) X509_free(xtmp);
209 ok=cb(0,ctx);
210 if (!ok) goto end;
211 }
212 else
213 {
214 /* We have a match: replace certificate with store version
215 * so we get any trust settings.
216 */
217 X509_free(x);
218 x = xtmp;
219 sk_X509_set(ctx->chain, i - 1, x);
220 ctx->last_untrusted=0;
221 }
222 }
223 else
224 {
225 /* extract and save self signed certificate for later use */
226 chain_ss=sk_X509_pop(ctx->chain);
227 ctx->last_untrusted--;
228 num--;
229 x=sk_X509_value(ctx->chain,num-1);
230 }
231 }
232
233 /* We now lookup certs from the certificate store */
234 for (;;)
235 {
236 /* If we have enough, we break */
237 if (depth < num) break;
238
239 /* If we are self signed, we break */
240 xn=X509_get_issuer_name(x);
241 if (ctx->check_issued(ctx,x,x)) break;
242
243 ok = ctx->get_issuer(&xtmp, ctx, x);
244
245 if (ok < 0) return ok;
246 if (ok == 0) break;
247
248 x = xtmp;
249 if (!sk_X509_push(ctx->chain,x))
250 {
251 X509_free(xtmp);
252 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
253 return 0;
254 }
255 num++;
256 }
257
258 /* we now have our chain, lets check it... */
259 xn=X509_get_issuer_name(x);
260
261 /* Is last certificate looked up self signed? */
262 if (!ctx->check_issued(ctx,x,x))
263 {
264 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
265 {
266 if (ctx->last_untrusted >= num)
267 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
268 else
269 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
270 ctx->current_cert=x;
271 }
272 else
273 {
274
275 sk_X509_push(ctx->chain,chain_ss);
276 num++;
277 ctx->last_untrusted=num;
278 ctx->current_cert=chain_ss;
279 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
280 chain_ss=NULL;
281 }
282
283 ctx->error_depth=num-1;
284 ok=cb(0,ctx);
285 if (!ok) goto end;
286 }
287
288 /* We have the chain complete: now we need to check its purpose */
289 if (ctx->purpose > 0) ok = check_chain_purpose(ctx);
290
291 if (!ok) goto end;
292
293 /* The chain extensions are OK: check trust */
294
295 if (ctx->trust > 0) ok = check_trust(ctx);
296
297 if (!ok) goto end;
298
299 /* We may as well copy down any DSA parameters that are required */
300 X509_get_pubkey_parameters(NULL,ctx->chain);
301
302 /* At this point, we have a chain and just need to verify it */
303 if (ctx->verify != NULL)
304 ok=ctx->verify(ctx);
305 else
306 ok=internal_verify(ctx);
307 if (0)
308 {
309end:
310 X509_get_pubkey_parameters(NULL,ctx->chain);
311 }
312 if (sktmp != NULL) sk_X509_free(sktmp);
313 if (chain_ss != NULL) X509_free(chain_ss);
314 return ok;
315 }
316
317
318/* Given a STACK_OF(X509) find the issuer of cert (if any)
319 */
320
321static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
322{
323 int i;
324 X509 *issuer;
325 for (i = 0; i < sk_X509_num(sk); i++)
326 {
327 issuer = sk_X509_value(sk, i);
328 if (ctx->check_issued(ctx, x, issuer))
329 return issuer;
330 }
331 return NULL;
332}
333
334/* Given a possible certificate and issuer check them */
335
336static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
337{
338 int ret;
339 ret = X509_check_issued(issuer, x);
340 if (ret == X509_V_OK)
341 return 1;
342 /* If we haven't asked for issuer errors don't set ctx */
343 if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
344 return 0;
345
346 ctx->error = ret;
347 ctx->current_cert = x;
348 ctx->current_issuer = issuer;
349 if (ctx->verify_cb)
350 return ctx->verify_cb(0, ctx);
351 return 0;
352}
353
354/* Alternative lookup method: look from a STACK stored in other_ctx */
355
356static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
357{
358 *issuer = find_issuer(ctx, ctx->other_ctx, x);
359 if (*issuer)
360 {
361 CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
362 return 1;
363 }
364 else
365 return 0;
366}
367
368
369/* Check a certificate chains extensions for consistency
370 * with the supplied purpose
371 */
372
373static int check_chain_purpose(X509_STORE_CTX *ctx)
374{
375#ifdef NO_CHAIN_VERIFY
376 return 1;
377#else
378 int i, ok=0;
379 X509 *x;
380 int (*cb)();
381 cb=ctx->verify_cb;
382 if (cb == NULL) cb=null_callback;
383 /* Check all untrusted certificates */
384 for (i = 0; i < ctx->last_untrusted; i++)
385 {
386 x = sk_X509_value(ctx->chain, i);
387 if (!X509_check_purpose(x, ctx->purpose, i))
388 {
389 if (i)
390 ctx->error = X509_V_ERR_INVALID_CA;
391 else
392 ctx->error = X509_V_ERR_INVALID_PURPOSE;
393 ctx->error_depth = i;
394 ctx->current_cert = x;
395 ok=cb(0,ctx);
396 if (!ok) goto end;
397 }
398 /* Check pathlen */
399 if ((i > 1) && (x->ex_pathlen != -1)
400 && (i > (x->ex_pathlen + 1)))
401 {
402 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
403 ctx->error_depth = i;
404 ctx->current_cert = x;
405 ok=cb(0,ctx);
406 if (!ok) goto end;
407 }
408 }
409 ok = 1;
410 end:
411 return ok;
412#endif
413}
414
415static int check_trust(X509_STORE_CTX *ctx)
416{
417#ifdef NO_CHAIN_VERIFY
418 return 1;
419#else
420 int i, ok;
421 X509 *x;
422 int (*cb)();
423 cb=ctx->verify_cb;
424 if (cb == NULL) cb=null_callback;
425/* For now just check the last certificate in the chain */
426 i = sk_X509_num(ctx->chain) - 1;
427 x = sk_X509_value(ctx->chain, i);
428 ok = X509_check_trust(x, ctx->trust, 0);
429 if (ok == X509_TRUST_TRUSTED)
430 return 1;
431 ctx->error_depth = sk_X509_num(ctx->chain) - 1;
432 ctx->current_cert = x;
433 if (ok == X509_TRUST_REJECTED)
434 ctx->error = X509_V_ERR_CERT_REJECTED;
435 else
436 ctx->error = X509_V_ERR_CERT_UNTRUSTED;
437 ok = cb(0, ctx);
438 return ok;
439#endif
440}
441
442static int internal_verify(X509_STORE_CTX *ctx)
443 {
444 int i,ok=0,n;
445 X509 *xs,*xi;
446 EVP_PKEY *pkey=NULL;
447 time_t *ptime;
448 int (*cb)();
449
450 cb=ctx->verify_cb;
451 if (cb == NULL) cb=null_callback;
452
453 n=sk_X509_num(ctx->chain);
454 ctx->error_depth=n-1;
455 n--;
456 xi=sk_X509_value(ctx->chain,n);
457 if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
458 ptime = &ctx->check_time;
459 else
460 ptime = NULL;
461 if (ctx->check_issued(ctx, xi, xi))
462 xs=xi;
463 else
464 {
465 if (n <= 0)
466 {
467 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
468 ctx->current_cert=xi;
469 ok=cb(0,ctx);
470 goto end;
471 }
472 else
473 {
474 n--;
475 ctx->error_depth=n;
476 xs=sk_X509_value(ctx->chain,n);
477 }
478 }
479
480/* ctx->error=0; not needed */
481 while (n >= 0)
482 {
483 ctx->error_depth=n;
484 if (!xs->valid)
485 {
486 if ((pkey=X509_get_pubkey(xi)) == NULL)
487 {
488 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
489 ctx->current_cert=xi;
490 ok=(*cb)(0,ctx);
491 if (!ok) goto end;
492 }
493 if (X509_verify(xs,pkey) <= 0)
494 {
495 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
496 ctx->current_cert=xs;
497 ok=(*cb)(0,ctx);
498 if (!ok)
499 {
500 EVP_PKEY_free(pkey);
501 goto end;
502 }
503 }
504 EVP_PKEY_free(pkey);
505 pkey=NULL;
506
507 i=X509_cmp_time(X509_get_notBefore(xs), ptime);
508 if (i == 0)
509 {
510 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
511 ctx->current_cert=xs;
512 ok=(*cb)(0,ctx);
513 if (!ok) goto end;
514 }
515 if (i > 0)
516 {
517 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
518 ctx->current_cert=xs;
519 ok=(*cb)(0,ctx);
520 if (!ok) goto end;
521 }
522 xs->valid=1;
523 }
524
525 i=X509_cmp_time(X509_get_notAfter(xs), ptime);
526 if (i == 0)
527 {
528 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
529 ctx->current_cert=xs;
530 ok=(*cb)(0,ctx);
531 if (!ok) goto end;
532 }
533
534 if (i < 0)
535 {
536 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
537 ctx->current_cert=xs;
538 ok=(*cb)(0,ctx);
539 if (!ok) goto end;
540 }
541
542 /* CRL CHECK */
543
544 /* The last error (if any) is still in the error value */
545 ctx->current_cert=xs;
546 ok=(*cb)(1,ctx);
547 if (!ok) goto end;
548
549 n--;
550 if (n >= 0)
551 {
552 xi=xs;
553 xs=sk_X509_value(ctx->chain,n);
554 }
555 }
556 ok=1;
557end:
558 return ok;
559 }
560
561int X509_cmp_current_time(ASN1_TIME *ctm)
562{
563 return X509_cmp_time(ctm, NULL);
564}
565
566int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
567 {
568 char *str;
569 ASN1_TIME atm;
570 time_t offset;
571 char buff1[24],buff2[24],*p;
572 int i,j;
573
574 p=buff1;
575 i=ctm->length;
576 str=(char *)ctm->data;
577 if (ctm->type == V_ASN1_UTCTIME)
578 {
579 if ((i < 11) || (i > 17)) return 0;
580 memcpy(p,str,10);
581 p+=10;
582 str+=10;
583 }
584 else
585 {
586 if (i < 13) return 0;
587 memcpy(p,str,12);
588 p+=12;
589 str+=12;
590 }
591
592 if ((*str == 'Z') || (*str == '-') || (*str == '+'))
593 { *(p++)='0'; *(p++)='0'; }
594 else
595 {
596 *(p++)= *(str++);
597 *(p++)= *(str++);
598 /* Skip any fractional seconds... */
599 if (*str == '.')
600 {
601 str++;
602 while ((*str >= '0') && (*str <= '9')) str++;
603 }
604
605 }
606 *(p++)='Z';
607 *(p++)='\0';
608
609 if (*str == 'Z')
610 offset=0;
611 else
612 {
613 if ((*str != '+') && (str[5] != '-'))
614 return 0;
615 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
616 offset+=(str[3]-'0')*10+(str[4]-'0');
617 if (*str == '-')
618 offset= -offset;
619 }
620 atm.type=ctm->type;
621 atm.length=sizeof(buff2);
622 atm.data=(unsigned char *)buff2;
623
624 X509_time_adj(&atm,-offset*60, cmp_time);
625
626 if (ctm->type == V_ASN1_UTCTIME)
627 {
628 i=(buff1[0]-'0')*10+(buff1[1]-'0');
629 if (i < 50) i+=100; /* cf. RFC 2459 */
630 j=(buff2[0]-'0')*10+(buff2[1]-'0');
631 if (j < 50) j+=100;
632
633 if (i < j) return -1;
634 if (i > j) return 1;
635 }
636 i=strcmp(buff1,buff2);
637 if (i == 0) /* wait a second then return younger :-) */
638 return -1;
639 else
640 return i;
641 }
642
643ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
644{
645 return X509_time_adj(s, adj, NULL);
646}
647
648ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
649 {
650 time_t t;
651
652 if (in_tm) t = *in_tm;
653 else time(&t);
654
655 t+=adj;
656 if (!s) return ASN1_TIME_set(s, t);
657 if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
658 return ASN1_GENERALIZEDTIME_set(s, t);
659 }
660
661int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
662 {
663 EVP_PKEY *ktmp=NULL,*ktmp2;
664 int i,j;
665
666 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
667
668 for (i=0; i<sk_X509_num(chain); i++)
669 {
670 ktmp=X509_get_pubkey(sk_X509_value(chain,i));
671 if (ktmp == NULL)
672 {
673 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
674 return 0;
675 }
676 if (!EVP_PKEY_missing_parameters(ktmp))
677 break;
678 else
679 {
680 EVP_PKEY_free(ktmp);
681 ktmp=NULL;
682 }
683 }
684 if (ktmp == NULL)
685 {
686 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
687 return 0;
688 }
689
690 /* first, populate the other certs */
691 for (j=i-1; j >= 0; j--)
692 {
693 ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
694 EVP_PKEY_copy_parameters(ktmp2,ktmp);
695 EVP_PKEY_free(ktmp2);
696 }
697
698 if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
699 EVP_PKEY_free(ktmp);
700 return 1;
701 }
702
703int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
704 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
705 {
706 x509_store_ctx_num++;
707 return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
708 &x509_store_ctx_method,
709 argl,argp,new_func,dup_func,free_func);
710 }
711
712int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
713 {
714 return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
715 }
716
717void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
718 {
719 return CRYPTO_get_ex_data(&ctx->ex_data,idx);
720 }
721
722int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
723 {
724 return ctx->error;
725 }
726
727void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
728 {
729 ctx->error=err;
730 }
731
732int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
733 {
734 return ctx->error_depth;
735 }
736
737X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
738 {
739 return ctx->current_cert;
740 }
741
742STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
743 {
744 return ctx->chain;
745 }
746
747STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
748 {
749 int i;
750 X509 *x;
751 STACK_OF(X509) *chain;
752 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
753 for (i = 0; i < sk_X509_num(chain); i++)
754 {
755 x = sk_X509_value(chain, i);
756 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
757 }
758 return chain;
759 }
760
761void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
762 {
763 ctx->cert=x;
764 }
765
766void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
767 {
768 ctx->untrusted=sk;
769 }
770
771int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
772 {
773 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
774 }
775
776int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
777 {
778 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
779 }
780
781/* This function is used to set the X509_STORE_CTX purpose and trust
782 * values. This is intended to be used when another structure has its
783 * own trust and purpose values which (if set) will be inherited by
784 * the ctx. If they aren't set then we will usually have a default
785 * purpose in mind which should then be used to set the trust value.
786 * An example of this is SSL use: an SSL structure will have its own
787 * purpose and trust settings which the application can set: if they
788 * aren't set then we use the default of SSL client/server.
789 */
790
791int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
792 int purpose, int trust)
793{
794 int idx;
795 /* If purpose not set use default */
796 if (!purpose) purpose = def_purpose;
797 /* If we have a purpose then check it is valid */
798 if (purpose)
799 {
800 X509_PURPOSE *ptmp;
801 idx = X509_PURPOSE_get_by_id(purpose);
802 if (idx == -1)
803 {
804 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
805 X509_R_UNKNOWN_PURPOSE_ID);
806 return 0;
807 }
808 ptmp = X509_PURPOSE_get0(idx);
809 if (ptmp->trust == X509_TRUST_DEFAULT)
810 {
811 idx = X509_PURPOSE_get_by_id(def_purpose);
812 if (idx == -1)
813 {
814 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
815 X509_R_UNKNOWN_PURPOSE_ID);
816 return 0;
817 }
818 ptmp = X509_PURPOSE_get0(idx);
819 }
820 /* If trust not set then get from purpose default */
821 if (!trust) trust = ptmp->trust;
822 }
823 if (trust)
824 {
825 idx = X509_TRUST_get_by_id(trust);
826 if (idx == -1)
827 {
828 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
829 X509_R_UNKNOWN_TRUST_ID);
830 return 0;
831 }
832 }
833
834 if (purpose) ctx->purpose = purpose;
835 if (trust) ctx->trust = trust;
836 return 1;
837}
838
839X509_STORE_CTX *X509_STORE_CTX_new(void)
840{
841 X509_STORE_CTX *ctx;
842 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
843 if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
844 return ctx;
845}
846
847void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
848{
849 X509_STORE_CTX_cleanup(ctx);
850 OPENSSL_free(ctx);
851}
852
853void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
854 STACK_OF(X509) *chain)
855 {
856 ctx->ctx=store;
857 ctx->current_method=0;
858 ctx->cert=x509;
859 ctx->untrusted=chain;
860 ctx->last_untrusted=0;
861 ctx->purpose=0;
862 ctx->trust=0;
863 ctx->check_time=0;
864 ctx->flags=0;
865 ctx->other_ctx=NULL;
866 ctx->valid=0;
867 ctx->chain=NULL;
868 ctx->depth=9;
869 ctx->error=0;
870 ctx->error_depth=0;
871 ctx->current_cert=NULL;
872 ctx->current_issuer=NULL;
873 ctx->check_issued = check_issued;
874 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
875 ctx->verify_cb = store->verify_cb;
876 ctx->verify = store->verify;
877 ctx->cleanup = 0;
878 memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
879 }
880
881/* Set alternative lookup method: just a STACK of trusted certificates.
882 * This avoids X509_STORE nastiness where it isn't needed.
883 */
884
885void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
886{
887 ctx->other_ctx = sk;
888 ctx->get_issuer = get_issuer_sk;
889}
890
891void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
892 {
893 if (ctx->cleanup) ctx->cleanup(ctx);
894 if (ctx->chain != NULL)
895 {
896 sk_X509_pop_free(ctx->chain,X509_free);
897 ctx->chain=NULL;
898 }
899 CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
900 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
901 }
902
903void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
904 {
905 ctx->flags |= flags;
906 }
907
908void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
909 {
910 ctx->check_time = t;
911 ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
912 }
913
914IMPLEMENT_STACK_OF(X509)
915IMPLEMENT_ASN1_SET_OF(X509)
916
917IMPLEMENT_STACK_OF(X509_NAME)
918
919IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
920IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
deleted file mode 100644
index e289d5309a..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ /dev/null
@@ -1,390 +0,0 @@
1/* crypto/x509/x509_vfy.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#include <openssl/x509.h>
61/* openssl/x509.h ends up #include-ing this file at about the only
62 * appropriate moment. */
63#endif
64
65#ifndef HEADER_X509_VFY_H
66#define HEADER_X509_VFY_H
67
68#ifndef NO_LHASH
69#include <openssl/lhash.h>
70#endif
71#include <openssl/bio.h>
72#include <openssl/crypto.h>
73
74#ifdef __cplusplus
75extern "C" {
76#endif
77
78/* Outer object */
79typedef struct x509_hash_dir_st
80 {
81 int num_dirs;
82 char **dirs;
83 int *dirs_type;
84 int num_dirs_alloced;
85 } X509_HASH_DIR_CTX;
86
87typedef struct x509_file_st
88 {
89 int num_paths; /* number of paths to files or directories */
90 int num_alloced;
91 char **paths; /* the list of paths or directories */
92 int *path_type;
93 } X509_CERT_FILE_CTX;
94
95/*******************************/
96/*
97SSL_CTX -> X509_STORE
98 -> X509_LOOKUP
99 ->X509_LOOKUP_METHOD
100 -> X509_LOOKUP
101 ->X509_LOOKUP_METHOD
102
103SSL -> X509_STORE_CTX
104 ->X509_STORE
105
106The X509_STORE holds the tables etc for verification stuff.
107A X509_STORE_CTX is used while validating a single certificate.
108The X509_STORE has X509_LOOKUPs for looking up certs.
109The X509_STORE then calls a function to actually verify the
110certificate chain.
111*/
112
113#define X509_LU_RETRY -1
114#define X509_LU_FAIL 0
115#define X509_LU_X509 1
116#define X509_LU_CRL 2
117#define X509_LU_PKEY 3
118
119typedef struct x509_object_st
120 {
121 /* one of the above types */
122 int type;
123 union {
124 char *ptr;
125 X509 *x509;
126 X509_CRL *crl;
127 EVP_PKEY *pkey;
128 } data;
129 } X509_OBJECT;
130
131typedef struct x509_lookup_st X509_LOOKUP;
132
133DECLARE_STACK_OF(X509_LOOKUP)
134DECLARE_STACK_OF(X509_OBJECT)
135
136/* This is a static that defines the function interface */
137typedef struct x509_lookup_method_st
138 {
139 const char *name;
140 int (*new_item)(X509_LOOKUP *ctx);
141 void (*free)(X509_LOOKUP *ctx);
142 int (*init)(X509_LOOKUP *ctx);
143 int (*shutdown)(X509_LOOKUP *ctx);
144 int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
145 char **ret);
146 int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
147 X509_OBJECT *ret);
148 int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
149 ASN1_INTEGER *serial,X509_OBJECT *ret);
150 int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
151 unsigned char *bytes,int len,
152 X509_OBJECT *ret);
153 int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
154 X509_OBJECT *ret);
155 } X509_LOOKUP_METHOD;
156
157typedef struct x509_store_ctx_st X509_STORE_CTX;
158
159/* This is used to hold everything. It is used for all certificate
160 * validation. Once we have a certificate chain, the 'verify'
161 * function is then called to actually check the cert chain. */
162typedef struct x509_store_st
163 {
164 /* The following is a cache of trusted certs */
165 int cache; /* if true, stash any hits */
166 STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
167
168 /* These are external lookup methods */
169 STACK_OF(X509_LOOKUP) *get_cert_methods;
170 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
171 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
172
173 CRYPTO_EX_DATA ex_data;
174 int references;
175 int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
176 } X509_STORE;
177
178#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d))
179
180#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
181#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
182
183/* This is the functions plus an instance of the local variables. */
184struct x509_lookup_st
185 {
186 int init; /* have we been started */
187 int skip; /* don't use us. */
188 X509_LOOKUP_METHOD *method; /* the functions */
189 char *method_data; /* method data */
190
191 X509_STORE *store_ctx; /* who owns us */
192 };
193
194/* This is a used when verifying cert chains. Since the
195 * gathering of the cert chain can take some time (and have to be
196 * 'retried', this needs to be kept and passed around. */
197struct x509_store_ctx_st /* X509_STORE_CTX */
198 {
199 X509_STORE *ctx;
200 int current_method; /* used when looking up certs */
201
202 /* The following are set by the caller */
203 X509 *cert; /* The cert to check */
204 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
205 int purpose; /* purpose to check untrusted certificates */
206 int trust; /* trust setting to check */
207 time_t check_time; /* time to make verify at */
208 unsigned long flags; /* Various verify flags */
209 void *other_ctx; /* Other info for use with get_issuer() */
210
211 /* Callbacks for various operations */
212 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
213 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
214 int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
215 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
216 int (*cleanup)(X509_STORE_CTX *ctx);
217
218 /* The following is built up */
219 int depth; /* how far to go looking up certs */
220 int valid; /* if 0, rebuild chain */
221 int last_untrusted; /* index of last untrusted cert */
222 STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
223
224 /* When something goes wrong, this is why */
225 int error_depth;
226 int error;
227 X509 *current_cert;
228 X509 *current_issuer; /* cert currently being tested as valid issuer */
229
230 CRYPTO_EX_DATA ex_data;
231 };
232
233#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d))
234
235#define X509_STORE_CTX_set_app_data(ctx,data) \
236 X509_STORE_CTX_set_ex_data(ctx,0,data)
237#define X509_STORE_CTX_get_app_data(ctx) \
238 X509_STORE_CTX_get_ex_data(ctx,0)
239
240#define X509_L_FILE_LOAD 1
241#define X509_L_ADD_DIR 2
242
243#define X509_LOOKUP_load_file(x,name,type) \
244 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
245
246#define X509_LOOKUP_add_dir(x,name,type) \
247 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
248
249#define X509_V_OK 0
250/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
251
252#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
253#define X509_V_ERR_UNABLE_TO_GET_CRL 3
254#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
255#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
256#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
257#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
258#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
259#define X509_V_ERR_CERT_NOT_YET_VALID 9
260#define X509_V_ERR_CERT_HAS_EXPIRED 10
261#define X509_V_ERR_CRL_NOT_YET_VALID 11
262#define X509_V_ERR_CRL_HAS_EXPIRED 12
263#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
264#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
265#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
266#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
267#define X509_V_ERR_OUT_OF_MEM 17
268#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
269#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
270#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
271#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
272#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
273#define X509_V_ERR_CERT_REVOKED 23
274#define X509_V_ERR_INVALID_CA 24
275#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
276#define X509_V_ERR_INVALID_PURPOSE 26
277#define X509_V_ERR_CERT_UNTRUSTED 27
278#define X509_V_ERR_CERT_REJECTED 28
279/* These are 'informational' when looking for issuer cert */
280#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
281#define X509_V_ERR_AKID_SKID_MISMATCH 30
282#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
283#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
284
285/* The application is not happy */
286#define X509_V_ERR_APPLICATION_VERIFICATION 50
287
288/* Certificate verify flags */
289
290#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */
291#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */
292
293 /* These functions are being redefined in another directory,
294 and clash when the linker is case-insensitive, so let's
295 hide them a little, by giving them an extra 'o' at the
296 beginning of the name... */
297#ifdef VMS
298#undef X509v3_cleanup_extensions
299#define X509v3_cleanup_extensions oX509v3_cleanup_extensions
300#undef X509v3_add_extension
301#define X509v3_add_extension oX509v3_add_extension
302#undef X509v3_add_netscape_extensions
303#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
304#undef X509v3_add_standard_extensions
305#define X509v3_add_standard_extensions oX509v3_add_standard_extensions
306#endif
307
308int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
309 X509_NAME *name);
310X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
311X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
312void X509_OBJECT_up_ref_count(X509_OBJECT *a);
313void X509_OBJECT_free_contents(X509_OBJECT *a);
314X509_STORE *X509_STORE_new(void );
315void X509_STORE_free(X509_STORE *v);
316
317X509_STORE_CTX *X509_STORE_CTX_new(void);
318
319int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
320
321void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
322void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
323 X509 *x509, STACK_OF(X509) *chain);
324void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
325void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
326
327X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
328
329X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
330X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
331
332int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
333int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
334
335int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
336 X509_OBJECT *ret);
337
338int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
339 long argl, char **ret);
340
341#ifndef NO_STDIO
342int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
343int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
344int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
345#endif
346
347
348X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
349void X509_LOOKUP_free(X509_LOOKUP *ctx);
350int X509_LOOKUP_init(X509_LOOKUP *ctx);
351int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
352 X509_OBJECT *ret);
353int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
354 ASN1_INTEGER *serial, X509_OBJECT *ret);
355int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
356 unsigned char *bytes, int len, X509_OBJECT *ret);
357int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
358 int len, X509_OBJECT *ret);
359int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
360
361#ifndef NO_STDIO
362int X509_STORE_load_locations (X509_STORE *ctx,
363 const char *file, const char *dir);
364int X509_STORE_set_default_paths(X509_STORE *ctx);
365#endif
366
367int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
368 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
369int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
370void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
371int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
372void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
373int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
374X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
375STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
376STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
377void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
378void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
379int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
380int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
381int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
382 int purpose, int trust);
383void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
384void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
385
386#ifdef __cplusplus
387}
388#endif
389#endif
390
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
deleted file mode 100644
index 4c20e03ece..0000000000
--- a/src/lib/libcrypto/x509/x509name.c
+++ /dev/null
@@ -1,383 +0,0 @@
1/* crypto/x509/x509name.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
68 {
69 ASN1_OBJECT *obj;
70
71 obj=OBJ_nid2obj(nid);
72 if (obj == NULL) return(-1);
73 return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
74 }
75
76int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
77 int len)
78 {
79 int i;
80 ASN1_STRING *data;
81
82 i=X509_NAME_get_index_by_OBJ(name,obj,-1);
83 if (i < 0) return(-1);
84 data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
85 i=(data->length > (len-1))?(len-1):data->length;
86 if (buf == NULL) return(data->length);
87 memcpy(buf,data->data,i);
88 buf[i]='\0';
89 return(i);
90 }
91
92int X509_NAME_entry_count(X509_NAME *name)
93 {
94 if (name == NULL) return(0);
95 return(sk_X509_NAME_ENTRY_num(name->entries));
96 }
97
98int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
99 {
100 ASN1_OBJECT *obj;
101
102 obj=OBJ_nid2obj(nid);
103 if (obj == NULL) return(-2);
104 return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
105 }
106
107/* NOTE: you should be passsing -1, not 0 as lastpos */
108int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
109 int lastpos)
110 {
111 int n;
112 X509_NAME_ENTRY *ne;
113 STACK_OF(X509_NAME_ENTRY) *sk;
114
115 if (name == NULL) return(-1);
116 if (lastpos < 0)
117 lastpos= -1;
118 sk=name->entries;
119 n=sk_X509_NAME_ENTRY_num(sk);
120 for (lastpos++; lastpos < n; lastpos++)
121 {
122 ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
123 if (OBJ_cmp(ne->object,obj) == 0)
124 return(lastpos);
125 }
126 return(-1);
127 }
128
129X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
130 {
131 if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
132 || loc < 0)
133 return(NULL);
134 else
135 return(sk_X509_NAME_ENTRY_value(name->entries,loc));
136 }
137
138X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
139 {
140 X509_NAME_ENTRY *ret;
141 int i,n,set_prev,set_next;
142 STACK_OF(X509_NAME_ENTRY) *sk;
143
144 if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
145 || loc < 0)
146 return(NULL);
147 sk=name->entries;
148 ret=sk_X509_NAME_ENTRY_delete(sk,loc);
149 n=sk_X509_NAME_ENTRY_num(sk);
150 name->modified=1;
151 if (loc == n) return(ret);
152
153 /* else we need to fixup the set field */
154 if (loc != 0)
155 set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
156 else
157 set_prev=ret->set-1;
158 set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
159
160 /* set_prev is the previous set
161 * set is the current set
162 * set_next is the following
163 * prev 1 1 1 1 1 1 1 1
164 * set 1 1 2 2
165 * next 1 1 2 2 2 2 3 2
166 * so basically only if prev and next differ by 2, then
167 * re-number down by 1 */
168 if (set_prev+1 < set_next)
169 for (i=loc; i<n; i++)
170 sk_X509_NAME_ENTRY_value(sk,i)->set--;
171 return(ret);
172 }
173
174int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
175 unsigned char *bytes, int len, int loc, int set)
176{
177 X509_NAME_ENTRY *ne;
178 int ret;
179 ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
180 if(!ne) return 0;
181 ret = X509_NAME_add_entry(name, ne, loc, set);
182 X509_NAME_ENTRY_free(ne);
183 return ret;
184}
185
186int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
187 unsigned char *bytes, int len, int loc, int set)
188{
189 X509_NAME_ENTRY *ne;
190 int ret;
191 ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
192 if(!ne) return 0;
193 ret = X509_NAME_add_entry(name, ne, loc, set);
194 X509_NAME_ENTRY_free(ne);
195 return ret;
196}
197
198int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
199 unsigned char *bytes, int len, int loc, int set)
200{
201 X509_NAME_ENTRY *ne;
202 int ret;
203 ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
204 if(!ne) return 0;
205 ret = X509_NAME_add_entry(name, ne, loc, set);
206 X509_NAME_ENTRY_free(ne);
207 return ret;
208}
209
210/* if set is -1, append to previous set, 0 'a new one', and 1,
211 * prepend to the guy we are about to stomp on. */
212int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
213 int set)
214 {
215 X509_NAME_ENTRY *new_name=NULL;
216 int n,i,inc;
217 STACK_OF(X509_NAME_ENTRY) *sk;
218
219 if (name == NULL) return(0);
220 sk=name->entries;
221 n=sk_X509_NAME_ENTRY_num(sk);
222 if (loc > n) loc=n;
223 else if (loc < 0) loc=n;
224
225 name->modified=1;
226
227 if (set == -1)
228 {
229 if (loc == 0)
230 {
231 set=0;
232 inc=1;
233 }
234 else
235 {
236 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
237 inc=0;
238 }
239 }
240 else /* if (set >= 0) */
241 {
242 if (loc >= n)
243 {
244 if (loc != 0)
245 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
246 else
247 set=0;
248 }
249 else
250 set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
251 inc=(set == 0)?1:0;
252 }
253
254 if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
255 goto err;
256 new_name->set=set;
257 if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
258 {
259 X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
260 goto err;
261 }
262 if (inc)
263 {
264 n=sk_X509_NAME_ENTRY_num(sk);
265 for (i=loc+1; i<n; i++)
266 sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
267 }
268 return(1);
269err:
270 if (new_name != NULL)
271 X509_NAME_ENTRY_free(new_name);
272 return(0);
273 }
274
275X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
276 char *field, int type, unsigned char *bytes, int len)
277 {
278 ASN1_OBJECT *obj;
279 X509_NAME_ENTRY *nentry;
280
281 obj=OBJ_txt2obj(field, 0);
282 if (obj == NULL)
283 {
284 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
285 X509_R_INVALID_FIELD_NAME);
286 ERR_add_error_data(2, "name=", field);
287 return(NULL);
288 }
289 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
290 ASN1_OBJECT_free(obj);
291 return nentry;
292 }
293
294X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
295 int type, unsigned char *bytes, int len)
296 {
297 ASN1_OBJECT *obj;
298 X509_NAME_ENTRY *nentry;
299
300 obj=OBJ_nid2obj(nid);
301 if (obj == NULL)
302 {
303 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
304 return(NULL);
305 }
306 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
307 ASN1_OBJECT_free(obj);
308 return nentry;
309 }
310
311X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
312 ASN1_OBJECT *obj, int type, unsigned char *bytes, int len)
313 {
314 X509_NAME_ENTRY *ret;
315
316 if ((ne == NULL) || (*ne == NULL))
317 {
318 if ((ret=X509_NAME_ENTRY_new()) == NULL)
319 return(NULL);
320 }
321 else
322 ret= *ne;
323
324 if (!X509_NAME_ENTRY_set_object(ret,obj))
325 goto err;
326 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
327 goto err;
328
329 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
330 return(ret);
331err:
332 if ((ne == NULL) || (ret != *ne))
333 X509_NAME_ENTRY_free(ret);
334 return(NULL);
335 }
336
337int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
338 {
339 if ((ne == NULL) || (obj == NULL))
340 {
341 X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
342 return(0);
343 }
344 ASN1_OBJECT_free(ne->object);
345 ne->object=OBJ_dup(obj);
346 return((ne->object == NULL)?0:1);
347 }
348
349int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
350 unsigned char *bytes, int len)
351 {
352 int i;
353
354 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
355 if((type > 0) && (type & MBSTRING_FLAG))
356 return ASN1_STRING_set_by_NID(&ne->value, bytes,
357 len, type,
358 OBJ_obj2nid(ne->object)) ? 1 : 0;
359 if (len < 0) len=strlen((char *)bytes);
360 i=ASN1_STRING_set(ne->value,bytes,len);
361 if (!i) return(0);
362 if (type != V_ASN1_UNDEF)
363 {
364 if (type == V_ASN1_APP_CHOOSE)
365 ne->value->type=ASN1_PRINTABLE_type(bytes,len);
366 else
367 ne->value->type=type;
368 }
369 return(1);
370 }
371
372ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
373 {
374 if (ne == NULL) return(NULL);
375 return(ne->object);
376 }
377
378ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
379 {
380 if (ne == NULL) return(NULL);
381 return(ne->value);
382 }
383
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
deleted file mode 100644
index d9f6b57372..0000000000
--- a/src/lib/libcrypto/x509/x509rset.c
+++ /dev/null
@@ -1,83 +0,0 @@
1/* crypto/x509/x509rset.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_REQ_set_version(X509_REQ *x, long version)
67 {
68 if (x == NULL) return(0);
69 return(ASN1_INTEGER_set(x->req_info->version,version));
70 }
71
72int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
73 {
74 if ((x == NULL) || (x->req_info == NULL)) return(0);
75 return(X509_NAME_set(&x->req_info->subject,name));
76 }
77
78int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
79 {
80 if ((x == NULL) || (x->req_info == NULL)) return(0);
81 return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
82 }
83
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
deleted file mode 100644
index fd0a534d88..0000000000
--- a/src/lib/libcrypto/x509/x509spki.c
+++ /dev/null
@@ -1,121 +0,0 @@
1/* x509spki.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509.h>
62#include <openssl/asn1_mac.h>
63
64int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
65{
66 if ((x == NULL) || (x->spkac == NULL)) return(0);
67 return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
68}
69
70EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
71{
72 if ((x == NULL) || (x->spkac == NULL))
73 return(NULL);
74 return(X509_PUBKEY_get(x->spkac->pubkey));
75}
76
77/* Load a Netscape SPKI from a base64 encoded string */
78
79NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
80{
81 unsigned char *spki_der, *p;
82 int spki_len;
83 NETSCAPE_SPKI *spki;
84 if(len <= 0) len = strlen(str);
85 if (!(spki_der = OPENSSL_malloc(len + 1))) {
86 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
90 if(spki_len < 0) {
91 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
92 X509_R_BASE64_DECODE_ERROR);
93 OPENSSL_free(spki_der);
94 return NULL;
95 }
96 p = spki_der;
97 spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
98 OPENSSL_free(spki_der);
99 return spki;
100}
101
102/* Generate a base64 encoded string from an SPKI */
103
104char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
105{
106 unsigned char *der_spki, *p;
107 char *b64_str;
108 int der_len;
109 der_len = i2d_NETSCAPE_SPKI(spki, NULL);
110 der_spki = OPENSSL_malloc(der_len);
111 b64_str = OPENSSL_malloc(der_len * 2);
112 if(!der_spki || !b64_str) {
113 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116 p = der_spki;
117 i2d_NETSCAPE_SPKI(spki, &p);
118 EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
119 OPENSSL_free(der_spki);
120 return b64_str;
121}
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
deleted file mode 100644
index 8e78b34458..0000000000
--- a/src/lib/libcrypto/x509/x509type.c
+++ /dev/null
@@ -1,114 +0,0 @@
1/* crypto/x509/x509type.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/evp.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64
65int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
66 {
67 EVP_PKEY *pk;
68 int ret=0,i;
69
70 if (x == NULL) return(0);
71
72 if (pkey == NULL)
73 pk=X509_get_pubkey(x);
74 else
75 pk=pkey;
76
77 if (pk == NULL) return(0);
78
79 switch (pk->type)
80 {
81 case EVP_PKEY_RSA:
82 ret=EVP_PK_RSA|EVP_PKT_SIGN;
83/* if (!sign only extension) */
84 ret|=EVP_PKT_ENC;
85 break;
86 case EVP_PKEY_DSA:
87 ret=EVP_PK_DSA|EVP_PKT_SIGN;
88 break;
89 case EVP_PKEY_DH:
90 ret=EVP_PK_DH|EVP_PKT_EXCH;
91 break;
92 default:
93 break;
94 }
95
96 i=X509_get_signature_type(x);
97 switch (i)
98 {
99 case EVP_PKEY_RSA:
100 ret|=EVP_PKS_RSA;
101 break;
102 case EVP_PKS_DSA:
103 ret|=EVP_PKS_DSA;
104 break;
105 default:
106 break;
107 }
108
109 if (EVP_PKEY_size(pk) <= 512)
110 ret|=EVP_PKT_EXP;
111 if(pkey==NULL) EVP_PKEY_free(pk);
112 return(ret);
113 }
114
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
deleted file mode 100644
index 9bd6e2a39b..0000000000
--- a/src/lib/libcrypto/x509/x_all.c
+++ /dev/null
@@ -1,565 +0,0 @@
1/* crypto/x509/x_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include <openssl/stack.h>
62#include "cryptlib.h"
63#include <openssl/buffer.h>
64#include <openssl/asn1.h>
65#include <openssl/evp.h>
66#include <openssl/x509.h>
67
68int X509_verify(X509 *a, EVP_PKEY *r)
69 {
70 return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
71 a->signature,(char *)a->cert_info,r));
72 }
73
74int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
75 {
76 return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
77 a->sig_alg,a->signature,(char *)a->req_info,r));
78 }
79
80int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
81 {
82 return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
83 a->sig_alg, a->signature,(char *)a->crl,r));
84 }
85
86int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
87 {
88 return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
89 a->sig_algor,a->signature, (char *)a->spkac,r));
90 }
91
92int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
93 {
94 return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
95 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
96 }
97
98int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
99 {
100 return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
101 x->signature, (char *)x->req_info,pkey,md));
102 }
103
104int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
105 {
106 return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
107 x->sig_alg, x->signature, (char *)x->crl,pkey,md));
108 }
109
110int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
111 {
112 return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
113 x->signature, (char *)x->spkac,pkey,md));
114 }
115
116X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa)
117 {
118 return((X509_ATTRIBUTE *)ASN1_dup((int (*)())i2d_X509_ATTRIBUTE,
119 (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa));
120 }
121
122X509 *X509_dup(X509 *x509)
123 {
124 return((X509 *)ASN1_dup((int (*)())i2d_X509,
125 (char *(*)())d2i_X509,(char *)x509));
126 }
127
128X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex)
129 {
130 return((X509_EXTENSION *)ASN1_dup(
131 (int (*)())i2d_X509_EXTENSION,
132 (char *(*)())d2i_X509_EXTENSION,(char *)ex));
133 }
134
135#ifndef NO_FP_API
136X509 *d2i_X509_fp(FILE *fp, X509 **x509)
137 {
138 return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
139 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
140 }
141
142int i2d_X509_fp(FILE *fp, X509 *x509)
143 {
144 return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
145 }
146#endif
147
148X509 *d2i_X509_bio(BIO *bp, X509 **x509)
149 {
150 return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
151 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
152 }
153
154int i2d_X509_bio(BIO *bp, X509 *x509)
155 {
156 return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
157 }
158
159X509_CRL *X509_CRL_dup(X509_CRL *crl)
160 {
161 return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
162 (char *(*)())d2i_X509_CRL,(char *)crl));
163 }
164
165#ifndef NO_FP_API
166X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
167 {
168 return((X509_CRL *)ASN1_d2i_fp((char *(*)())
169 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
170 (unsigned char **)(crl)));
171 }
172
173int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
174 {
175 return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
176 }
177#endif
178
179X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
180 {
181 return((X509_CRL *)ASN1_d2i_bio((char *(*)())
182 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
183 (unsigned char **)(crl)));
184 }
185
186int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
187 {
188 return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
189 }
190
191PKCS7 *PKCS7_dup(PKCS7 *p7)
192 {
193 return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
194 (char *(*)())d2i_PKCS7,(char *)p7));
195 }
196
197#ifndef NO_FP_API
198PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
199 {
200 return((PKCS7 *)ASN1_d2i_fp((char *(*)())
201 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
202 (unsigned char **)(p7)));
203 }
204
205int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
206 {
207 return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
208 }
209#endif
210
211PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
212 {
213 return((PKCS7 *)ASN1_d2i_bio((char *(*)())
214 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
215 (unsigned char **)(p7)));
216 }
217
218int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
219 {
220 return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
221 }
222
223X509_REQ *X509_REQ_dup(X509_REQ *req)
224 {
225 return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
226 (char *(*)())d2i_X509_REQ,(char *)req));
227 }
228
229#ifndef NO_FP_API
230X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
231 {
232 return((X509_REQ *)ASN1_d2i_fp((char *(*)())
233 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
234 (unsigned char **)(req)));
235 }
236
237int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
238 {
239 return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
240 }
241#endif
242
243X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
244 {
245 return((X509_REQ *)ASN1_d2i_bio((char *(*)())
246 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
247 (unsigned char **)(req)));
248 }
249
250int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
251 {
252 return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
253 }
254
255#ifndef NO_RSA
256RSA *RSAPublicKey_dup(RSA *rsa)
257 {
258 return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
259 (char *(*)())d2i_RSAPublicKey,(char *)rsa));
260 }
261
262RSA *RSAPrivateKey_dup(RSA *rsa)
263 {
264 return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
265 (char *(*)())d2i_RSAPrivateKey,(char *)rsa));
266 }
267
268#ifndef NO_FP_API
269RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
270 {
271 return((RSA *)ASN1_d2i_fp((char *(*)())
272 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
273 (unsigned char **)(rsa)));
274 }
275
276int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
277 {
278 return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
279 }
280
281RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
282 {
283 return((RSA *)ASN1_d2i_fp((char *(*)())
284 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
285 (unsigned char **)(rsa)));
286 }
287
288RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
289 {
290 return((RSA *)ASN1_d2i_fp((char *(*)())
291 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
292 (unsigned char **)(rsa)));
293 }
294
295int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
296 {
297 return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
298 }
299
300int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
301 {
302 return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
303 }
304#endif
305
306RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
307 {
308 return((RSA *)ASN1_d2i_bio((char *(*)())
309 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
310 (unsigned char **)(rsa)));
311 }
312
313int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
314 {
315 return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
316 }
317
318RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
319 {
320 return((RSA *)ASN1_d2i_bio((char *(*)())
321 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
322 (unsigned char **)(rsa)));
323 }
324
325RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
326 {
327 return((RSA *)ASN1_d2i_bio((char *(*)())
328 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
329 (unsigned char **)(rsa)));
330 }
331
332int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
333 {
334 return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
335 }
336
337int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
338 {
339 return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
340 }
341#endif
342
343#ifndef NO_DSA
344#ifndef NO_FP_API
345DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
346 {
347 return((DSA *)ASN1_d2i_fp((char *(*)())
348 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
349 (unsigned char **)(dsa)));
350 }
351
352int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
353 {
354 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
355 }
356
357DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
358 {
359 return((DSA *)ASN1_d2i_fp((char *(*)())
360 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
361 (unsigned char **)(dsa)));
362 }
363
364int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
365 {
366 return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
367 }
368#endif
369
370DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
371 {
372 return((DSA *)ASN1_d2i_bio((char *(*)())
373 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
374 (unsigned char **)(dsa)));
375 }
376
377int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
378 {
379 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
380 }
381
382DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
383 {
384 return((DSA *)ASN1_d2i_bio((char *(*)())
385 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
386 (unsigned char **)(dsa)));
387 }
388
389int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
390 {
391 return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
392 }
393
394#endif
395
396X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn)
397 {
398 return((X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,
399 (char *(*)())d2i_X509_ALGOR,(char *)xn));
400 }
401
402X509_NAME *X509_NAME_dup(X509_NAME *xn)
403 {
404 return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
405 (char *(*)())d2i_X509_NAME,(char *)xn));
406 }
407
408X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
409 {
410 return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
411 (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
412 }
413
414int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
415 unsigned int *len)
416 {
417 return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
418 }
419
420int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
421 unsigned int *len)
422 {
423 return(ASN1_digest((int (*)())i2d_X509_CRL,type,(char *)data,md,len));
424 }
425
426int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
427 unsigned int *len)
428 {
429 return(ASN1_digest((int (*)())i2d_X509_REQ,type,(char *)data,md,len));
430 }
431
432int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
433 unsigned int *len)
434 {
435 return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
436 }
437
438int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
439 unsigned char *md, unsigned int *len)
440 {
441 return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
442 (char *)data,md,len));
443 }
444
445
446#ifndef NO_FP_API
447X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
448 {
449 return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
450 (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
451 }
452
453int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
454 {
455 return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
456 }
457#endif
458
459X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
460 {
461 return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
462 (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
463 }
464
465int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
466 {
467 return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
468 }
469
470#ifndef NO_FP_API
471PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
472 PKCS8_PRIV_KEY_INFO **p8inf)
473 {
474 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
475 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
476 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
477 (unsigned char **)(p8inf)));
478 }
479
480int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
481 {
482 return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
483 }
484
485int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
486 {
487 PKCS8_PRIV_KEY_INFO *p8inf;
488 int ret;
489 p8inf = EVP_PKEY2PKCS8(key);
490 if(!p8inf) return 0;
491 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
492 PKCS8_PRIV_KEY_INFO_free(p8inf);
493 return ret;
494 }
495
496int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
497 {
498 return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
499 }
500
501EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
502{
503 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
504 (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
505}
506
507int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
508 {
509 return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey));
510 }
511
512EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
513{
514 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
515 (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a)));
516}
517
518#endif
519
520PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
521 PKCS8_PRIV_KEY_INFO **p8inf)
522 {
523 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
524 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
525 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
526 (unsigned char **)(p8inf)));
527 }
528
529int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
530 {
531 return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
532 }
533
534int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
535 {
536 PKCS8_PRIV_KEY_INFO *p8inf;
537 int ret;
538 p8inf = EVP_PKEY2PKCS8(key);
539 if(!p8inf) return 0;
540 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
541 PKCS8_PRIV_KEY_INFO_free(p8inf);
542 return ret;
543 }
544
545int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
546 {
547 return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
548 }
549
550EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
551 {
552 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
553 (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
554 }
555
556int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
557 {
558 return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey));
559 }
560
561EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
562 {
563 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
564 (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a)));
565 }
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
deleted file mode 100644
index 801a585a52..0000000000
--- a/src/lib/libcrypto/x509v3/ext_dat.h
+++ /dev/null
@@ -1,97 +0,0 @@
1/* ext_dat.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* This file contains a table of "standard" extensions */
59
60extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
61extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
62extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
63extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
64
65/* This table will be searched using OBJ_bsearch so it *must* kept in
66 * order of the ext_nid values.
67 */
68
69static X509V3_EXT_METHOD *standard_exts[] = {
70&v3_nscert,
71&v3_ns_ia5_list[0],
72&v3_ns_ia5_list[1],
73&v3_ns_ia5_list[2],
74&v3_ns_ia5_list[3],
75&v3_ns_ia5_list[4],
76&v3_ns_ia5_list[5],
77&v3_ns_ia5_list[6],
78&v3_skey_id,
79&v3_key_usage,
80&v3_pkey_usage_period,
81&v3_alt[0],
82&v3_alt[1],
83&v3_bcons,
84&v3_crl_num,
85&v3_cpols,
86&v3_akey_id,
87&v3_crld,
88&v3_ext_ku,
89&v3_crl_reason,
90&v3_sxnet,
91&v3_info,
92};
93
94/* Number of standard extensions */
95
96#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
97
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
deleted file mode 100644
index 0889a18993..0000000000
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ /dev/null
@@ -1,249 +0,0 @@
1/* v3_akey.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
67 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
68static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
70
71X509V3_EXT_METHOD v3_akey_id = {
72NID_authority_key_identifier, X509V3_EXT_MULTILINE,
73(X509V3_EXT_NEW)AUTHORITY_KEYID_new,
74(X509V3_EXT_FREE)AUTHORITY_KEYID_free,
75(X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
76(X509V3_EXT_I2D)i2d_AUTHORITY_KEYID,
77NULL, NULL,
78(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
79(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
80NULL,NULL,
81NULL
82};
83
84
85int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp)
86{
87 M_ASN1_I2D_vars(a);
88
89 M_ASN1_I2D_len_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING);
90 M_ASN1_I2D_len_IMP_opt (a->issuer, i2d_GENERAL_NAMES);
91 M_ASN1_I2D_len_IMP_opt (a->serial, i2d_ASN1_INTEGER);
92
93 M_ASN1_I2D_seq_total();
94
95 M_ASN1_I2D_put_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING, 0);
96 M_ASN1_I2D_put_IMP_opt (a->issuer, i2d_GENERAL_NAMES, 1);
97 M_ASN1_I2D_put_IMP_opt (a->serial, i2d_ASN1_INTEGER, 2);
98
99 M_ASN1_I2D_finish();
100}
101
102AUTHORITY_KEYID *AUTHORITY_KEYID_new(void)
103{
104 AUTHORITY_KEYID *ret=NULL;
105 ASN1_CTX c;
106 M_ASN1_New_Malloc(ret, AUTHORITY_KEYID);
107 ret->keyid = NULL;
108 ret->issuer = NULL;
109 ret->serial = NULL;
110 return (ret);
111 M_ASN1_New_Error(ASN1_F_AUTHORITY_KEYID_NEW);
112}
113
114AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp,
115 long length)
116{
117 M_ASN1_D2I_vars(a,AUTHORITY_KEYID *,AUTHORITY_KEYID_new);
118 M_ASN1_D2I_Init();
119 M_ASN1_D2I_start_sequence();
120 M_ASN1_D2I_get_IMP_opt (ret->keyid, d2i_ASN1_OCTET_STRING, 0,
121 V_ASN1_OCTET_STRING);
122 M_ASN1_D2I_get_IMP_opt (ret->issuer, d2i_GENERAL_NAMES, 1,
123 V_ASN1_SEQUENCE);
124 M_ASN1_D2I_get_IMP_opt (ret->serial, d2i_ASN1_INTEGER, 2,
125 V_ASN1_INTEGER);
126 M_ASN1_D2I_Finish(a, AUTHORITY_KEYID_free, ASN1_F_D2I_AUTHORITY_KEYID);
127}
128
129void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
130{
131 if (a == NULL) return;
132 M_ASN1_OCTET_STRING_free(a->keyid);
133 sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free);
134 M_ASN1_INTEGER_free (a->serial);
135 OPENSSL_free (a);
136}
137
138static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
139 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
140{
141 char *tmp;
142 if(akeyid->keyid) {
143 tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
144 X509V3_add_value("keyid", tmp, &extlist);
145 OPENSSL_free(tmp);
146 }
147 if(akeyid->issuer)
148 extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
149 if(akeyid->serial) {
150 tmp = hex_to_string(akeyid->serial->data,
151 akeyid->serial->length);
152 X509V3_add_value("serial", tmp, &extlist);
153 OPENSSL_free(tmp);
154 }
155 return extlist;
156}
157
158/* Currently two options:
159 * keyid: use the issuers subject keyid, the value 'always' means its is
160 * an error if the issuer certificate doesn't have a key id.
161 * issuer: use the issuers cert issuer and serial number. The default is
162 * to only use this if keyid is not present. With the option 'always'
163 * this is always included.
164 */
165
166static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
167 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
168{
169char keyid=0, issuer=0;
170int i;
171CONF_VALUE *cnf;
172ASN1_OCTET_STRING *ikeyid = NULL;
173X509_NAME *isname = NULL;
174STACK_OF(GENERAL_NAME) * gens = NULL;
175GENERAL_NAME *gen = NULL;
176ASN1_INTEGER *serial = NULL;
177X509_EXTENSION *ext;
178X509 *cert;
179AUTHORITY_KEYID *akeyid;
180for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
181 cnf = sk_CONF_VALUE_value(values, i);
182 if(!strcmp(cnf->name, "keyid")) {
183 keyid = 1;
184 if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
185 } else if(!strcmp(cnf->name, "issuer")) {
186 issuer = 1;
187 if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
188 } else {
189 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
190 ERR_add_error_data(2, "name=", cnf->name);
191 return NULL;
192 }
193}
194
195
196
197if(!ctx || !ctx->issuer_cert) {
198 if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
199 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
200 return NULL;
201}
202
203cert = ctx->issuer_cert;
204
205if(keyid) {
206 i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
207 if((i >= 0) && (ext = X509_get_ext(cert, i)))
208 ikeyid = X509V3_EXT_d2i(ext);
209 if(keyid==2 && !ikeyid) {
210 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
211 return NULL;
212 }
213}
214
215if((issuer && !ikeyid) || (issuer == 2)) {
216 isname = X509_NAME_dup(X509_get_issuer_name(cert));
217 serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
218 if(!isname || !serial) {
219 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
220 goto err;
221 }
222}
223
224if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
225
226if(isname) {
227 if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
228 || !sk_GENERAL_NAME_push(gens, gen)) {
229 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
230 goto err;
231 }
232 gen->type = GEN_DIRNAME;
233 gen->d.dirn = isname;
234}
235
236akeyid->issuer = gens;
237akeyid->serial = serial;
238akeyid->keyid = ikeyid;
239
240return akeyid;
241
242err:
243X509_NAME_free(isname);
244M_ASN1_INTEGER_free(serial);
245M_ASN1_OCTET_STRING_free(ikeyid);
246return NULL;
247
248}
249
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
deleted file mode 100644
index 94bebcd448..0000000000
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ /dev/null
@@ -1,401 +0,0 @@
1/* v3_alt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/x509v3.h>
63
64static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
65static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
67static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
68X509V3_EXT_METHOD v3_alt[] = {
69{ NID_subject_alt_name, 0,
70(X509V3_EXT_NEW)GENERAL_NAMES_new,
71(X509V3_EXT_FREE)GENERAL_NAMES_free,
72(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
73(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
74NULL, NULL,
75(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
76(X509V3_EXT_V2I)v2i_subject_alt,
77NULL, NULL, NULL},
78{ NID_issuer_alt_name, 0,
79(X509V3_EXT_NEW)GENERAL_NAMES_new,
80(X509V3_EXT_FREE)GENERAL_NAMES_free,
81(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
82(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
83NULL, NULL,
84(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
85(X509V3_EXT_V2I)v2i_issuer_alt,
86NULL, NULL, NULL},
87};
88
89STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
90 STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret)
91{
92 int i;
93 GENERAL_NAME *gen;
94 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
95 gen = sk_GENERAL_NAME_value(gens, i);
96 ret = i2v_GENERAL_NAME(method, gen, ret);
97 }
98 if(!ret) return sk_CONF_VALUE_new_null();
99 return ret;
100}
101
102STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
103 GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
104{
105 char oline[256];
106 unsigned char *p;
107 switch (gen->type)
108 {
109 case GEN_OTHERNAME:
110 X509V3_add_value("othername","<unsupported>", &ret);
111 break;
112
113 case GEN_X400:
114 X509V3_add_value("X400Name","<unsupported>", &ret);
115 break;
116
117 case GEN_EDIPARTY:
118 X509V3_add_value("EdiPartyName","<unsupported>", &ret);
119 break;
120
121 case GEN_EMAIL:
122 X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
123 break;
124
125 case GEN_DNS:
126 X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
127 break;
128
129 case GEN_URI:
130 X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
131 break;
132
133 case GEN_DIRNAME:
134 X509_NAME_oneline(gen->d.dirn, oline, 256);
135 X509V3_add_value("DirName",oline, &ret);
136 break;
137
138 case GEN_IPADD:
139 p = gen->d.ip->data;
140 /* BUG: doesn't support IPV6 */
141 if(gen->d.ip->length != 4) {
142 X509V3_add_value("IP Address","<invalid>", &ret);
143 break;
144 }
145 sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
146 X509V3_add_value("IP Address",oline, &ret);
147 break;
148
149 case GEN_RID:
150 i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
151 X509V3_add_value("Registered ID",oline, &ret);
152 break;
153 }
154 return ret;
155}
156
157static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
158 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
159{
160 STACK_OF(GENERAL_NAME) *gens = NULL;
161 CONF_VALUE *cnf;
162 int i;
163 if(!(gens = sk_GENERAL_NAME_new_null())) {
164 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
165 return NULL;
166 }
167 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
168 cnf = sk_CONF_VALUE_value(nval, i);
169 if(!name_cmp(cnf->name, "issuer") && cnf->value &&
170 !strcmp(cnf->value, "copy")) {
171 if(!copy_issuer(ctx, gens)) goto err;
172 } else {
173 GENERAL_NAME *gen;
174 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
175 goto err;
176 sk_GENERAL_NAME_push(gens, gen);
177 }
178 }
179 return gens;
180 err:
181 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
182 return NULL;
183}
184
185/* Append subject altname of issuer to issuer alt name of subject */
186
187static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
188{
189 STACK_OF(GENERAL_NAME) *ialt;
190 GENERAL_NAME *gen;
191 X509_EXTENSION *ext;
192 int i;
193 if(ctx && (ctx->flags == CTX_TEST)) return 1;
194 if(!ctx || !ctx->issuer_cert) {
195 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
196 goto err;
197 }
198 i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
199 if(i < 0) return 1;
200 if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
201 !(ialt = X509V3_EXT_d2i(ext)) ) {
202 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
203 goto err;
204 }
205
206 for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
207 gen = sk_GENERAL_NAME_value(ialt, i);
208 if(!sk_GENERAL_NAME_push(gens, gen)) {
209 X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
210 goto err;
211 }
212 }
213 sk_GENERAL_NAME_free(ialt);
214
215 return 1;
216
217 err:
218 return 0;
219
220}
221
222static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
223 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
224{
225 STACK_OF(GENERAL_NAME) *gens = NULL;
226 CONF_VALUE *cnf;
227 int i;
228 if(!(gens = sk_GENERAL_NAME_new_null())) {
229 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
230 return NULL;
231 }
232 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
233 cnf = sk_CONF_VALUE_value(nval, i);
234 if(!name_cmp(cnf->name, "email") && cnf->value &&
235 !strcmp(cnf->value, "copy")) {
236 if(!copy_email(ctx, gens)) goto err;
237 } else {
238 GENERAL_NAME *gen;
239 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
240 goto err;
241 sk_GENERAL_NAME_push(gens, gen);
242 }
243 }
244 return gens;
245 err:
246 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
247 return NULL;
248}
249
250/* Copy any email addresses in a certificate or request to
251 * GENERAL_NAMES
252 */
253
254static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
255{
256 X509_NAME *nm;
257 ASN1_IA5STRING *email = NULL;
258 X509_NAME_ENTRY *ne;
259 GENERAL_NAME *gen = NULL;
260 int i;
261 if(ctx->flags == CTX_TEST) return 1;
262 if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
263 X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
264 goto err;
265 }
266 /* Find the subject name */
267 if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
268 else nm = X509_REQ_get_subject_name(ctx->subject_req);
269
270 /* Now add any email address(es) to STACK */
271 i = -1;
272 while((i = X509_NAME_get_index_by_NID(nm,
273 NID_pkcs9_emailAddress, i)) >= 0) {
274 ne = X509_NAME_get_entry(nm, i);
275 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
276 if(!email || !(gen = GENERAL_NAME_new())) {
277 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
278 goto err;
279 }
280 gen->d.ia5 = email;
281 email = NULL;
282 gen->type = GEN_EMAIL;
283 if(!sk_GENERAL_NAME_push(gens, gen)) {
284 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
285 goto err;
286 }
287 gen = NULL;
288 }
289
290
291 return 1;
292
293 err:
294 GENERAL_NAME_free(gen);
295 M_ASN1_IA5STRING_free(email);
296 return 0;
297
298}
299
300STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
301 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
302{
303 GENERAL_NAME *gen;
304 STACK_OF(GENERAL_NAME) *gens = NULL;
305 CONF_VALUE *cnf;
306 int i;
307 if(!(gens = sk_GENERAL_NAME_new_null())) {
308 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
309 return NULL;
310 }
311 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
312 cnf = sk_CONF_VALUE_value(nval, i);
313 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
314 sk_GENERAL_NAME_push(gens, gen);
315 }
316 return gens;
317 err:
318 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
319 return NULL;
320}
321
322GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
323 CONF_VALUE *cnf)
324{
325char is_string = 0;
326int type;
327GENERAL_NAME *gen = NULL;
328
329char *name, *value;
330
331name = cnf->name;
332value = cnf->value;
333
334if(!value) {
335 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
336 return NULL;
337}
338
339if(!(gen = GENERAL_NAME_new())) {
340 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
341 return NULL;
342}
343
344if(!name_cmp(name, "email")) {
345 is_string = 1;
346 type = GEN_EMAIL;
347} else if(!name_cmp(name, "URI")) {
348 is_string = 1;
349 type = GEN_URI;
350} else if(!name_cmp(name, "DNS")) {
351 is_string = 1;
352 type = GEN_DNS;
353} else if(!name_cmp(name, "RID")) {
354 ASN1_OBJECT *obj;
355 if(!(obj = OBJ_txt2obj(value,0))) {
356 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
357 ERR_add_error_data(2, "value=", value);
358 goto err;
359 }
360 gen->d.rid = obj;
361 type = GEN_RID;
362} else if(!name_cmp(name, "IP")) {
363 int i1,i2,i3,i4;
364 unsigned char ip[4];
365 if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
366 (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
367 (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
368 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
369 ERR_add_error_data(2, "value=", value);
370 goto err;
371 }
372 ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
373 if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
374 !ASN1_STRING_set(gen->d.ip, ip, 4)) {
375 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
376 goto err;
377 }
378 type = GEN_IPADD;
379} else {
380 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
381 ERR_add_error_data(2, "name=", name);
382 goto err;
383}
384
385if(is_string) {
386 if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
387 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
388 strlen(value))) {
389 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
390 goto err;
391 }
392}
393
394gen->type = type;
395
396return gen;
397
398err:
399GENERAL_NAME_free(gen);
400return NULL;
401}
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
deleted file mode 100644
index c576b8e955..0000000000
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ /dev/null
@@ -1,164 +0,0 @@
1/* v3_bcons.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
68static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
69
70X509V3_EXT_METHOD v3_bcons = {
71NID_basic_constraints, 0,
72(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
73(X509V3_EXT_FREE)BASIC_CONSTRAINTS_free,
74(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
75(X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS,
76NULL, NULL,
77(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
78(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
79NULL,NULL,
80NULL
81};
82
83
84int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp)
85{
86 M_ASN1_I2D_vars(a);
87 if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
88 M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
89
90 M_ASN1_I2D_seq_total();
91
92 if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
93 M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
94 M_ASN1_I2D_finish();
95}
96
97BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void)
98{
99 BASIC_CONSTRAINTS *ret=NULL;
100 ASN1_CTX c;
101 M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
102 ret->ca = 0;
103 ret->pathlen = NULL;
104 return (ret);
105 M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
106}
107
108BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a,
109 unsigned char **pp, long length)
110{
111 M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
112 M_ASN1_D2I_Init();
113 M_ASN1_D2I_start_sequence();
114 if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
115 (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
116 M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
117 }
118 M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
119 M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
120}
121
122void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
123{
124 if (a == NULL) return;
125 M_ASN1_INTEGER_free (a->pathlen);
126 OPENSSL_free (a);
127}
128
129static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
130 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
131{
132 X509V3_add_value_bool("CA", bcons->ca, &extlist);
133 X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
134 return extlist;
135}
136
137static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
138 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
139{
140 BASIC_CONSTRAINTS *bcons=NULL;
141 CONF_VALUE *val;
142 int i;
143 if(!(bcons = BASIC_CONSTRAINTS_new())) {
144 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
145 return NULL;
146 }
147 for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
148 val = sk_CONF_VALUE_value(values, i);
149 if(!strcmp(val->name, "CA")) {
150 if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
151 } else if(!strcmp(val->name, "pathlen")) {
152 if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
153 } else {
154 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
155 X509V3_conf_err(val);
156 goto err;
157 }
158 }
159 return bcons;
160 err:
161 BASIC_CONSTRAINTS_free(bcons);
162 return NULL;
163}
164
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
deleted file mode 100644
index 0e1167d05c..0000000000
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ /dev/null
@@ -1,141 +0,0 @@
1/* v3_bitst.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/x509v3.h>
63
64static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
65 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
67 ASN1_BIT_STRING *bits,
68 STACK_OF(CONF_VALUE) *extlist);
69static BIT_STRING_BITNAME ns_cert_type_table[] = {
70{0, "SSL Client", "client"},
71{1, "SSL Server", "server"},
72{2, "S/MIME", "email"},
73{3, "Object Signing", "objsign"},
74{4, "Unused", "reserved"},
75{5, "SSL CA", "sslCA"},
76{6, "S/MIME CA", "emailCA"},
77{7, "Object Signing CA", "objCA"},
78{-1, NULL, NULL}
79};
80
81static BIT_STRING_BITNAME key_usage_type_table[] = {
82{0, "Digital Signature", "digitalSignature"},
83{1, "Non Repudiation", "nonRepudiation"},
84{2, "Key Encipherment", "keyEncipherment"},
85{3, "Data Encipherment", "dataEncipherment"},
86{4, "Key Agreement", "keyAgreement"},
87{5, "Certificate Sign", "keyCertSign"},
88{6, "CRL Sign", "cRLSign"},
89{7, "Encipher Only", "encipherOnly"},
90{8, "Decipher Only", "decipherOnly"},
91{-1, NULL, NULL}
92};
93
94
95
96X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
97X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
98
99static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
100 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
101{
102 BIT_STRING_BITNAME *bnam;
103 for(bnam =method->usr_data; bnam->lname; bnam++) {
104 if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
105 X509V3_add_value(bnam->lname, NULL, &ret);
106 }
107 return ret;
108}
109
110static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
111 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
112{
113 CONF_VALUE *val;
114 ASN1_BIT_STRING *bs;
115 int i;
116 BIT_STRING_BITNAME *bnam;
117 if(!(bs = M_ASN1_BIT_STRING_new())) {
118 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
119 return NULL;
120 }
121 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
122 val = sk_CONF_VALUE_value(nval, i);
123 for(bnam = method->usr_data; bnam->lname; bnam++) {
124 if(!strcmp(bnam->sname, val->name) ||
125 !strcmp(bnam->lname, val->name) ) {
126 ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
127 break;
128 }
129 }
130 if(!bnam->lname) {
131 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
132 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
133 X509V3_conf_err(val);
134 M_ASN1_BIT_STRING_free(bs);
135 return NULL;
136 }
137 }
138 return bs;
139}
140
141
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
deleted file mode 100644
index bdc9c1cbc1..0000000000
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ /dev/null
@@ -1,390 +0,0 @@
1/* v3_conf.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* extension creation utilities */
59
60
61
62#include <stdio.h>
63#include <ctype.h>
64#include "cryptlib.h"
65#include <openssl/conf.h>
66#include <openssl/x509.h>
67#include <openssl/x509v3.h>
68
69static int v3_check_critical(char **value);
70static int v3_check_generic(char **value);
71static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
73static char *conf_lhash_get_string(void *db, char *section, char *value);
74static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
75static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
76 int crit, void *ext_struc);
77/* LHASH *conf: Config file */
78/* char *name: Name */
79/* char *value: Value */
80X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
81 char *value)
82{
83 int crit;
84 int ext_type;
85 X509_EXTENSION *ret;
86 crit = v3_check_critical(&value);
87 if((ext_type = v3_check_generic(&value)))
88 return v3_generic_extension(name, value, crit, ext_type);
89 ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
90 if(!ret) {
91 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
92 ERR_add_error_data(4,"name=", name, ", value=", value);
93 }
94 return ret;
95}
96
97/* LHASH *conf: Config file */
98/* char *value: Value */
99X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
100 char *value)
101{
102 int crit;
103 int ext_type;
104 crit = v3_check_critical(&value);
105 if((ext_type = v3_check_generic(&value)))
106 return v3_generic_extension(OBJ_nid2sn(ext_nid),
107 value, crit, ext_type);
108 return do_ext_conf(conf, ctx, ext_nid, crit, value);
109}
110
111/* LHASH *conf: Config file */
112/* char *value: Value */
113static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
114 int crit, char *value)
115{
116 X509V3_EXT_METHOD *method;
117 X509_EXTENSION *ext;
118 STACK_OF(CONF_VALUE) *nval;
119 void *ext_struc;
120 if(ext_nid == NID_undef) {
121 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
122 return NULL;
123 }
124 if(!(method = X509V3_EXT_get_nid(ext_nid))) {
125 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
126 return NULL;
127 }
128 /* Now get internal extension representation based on type */
129 if(method->v2i) {
130 if(*value == '@') nval = CONF_get_section(conf, value + 1);
131 else nval = X509V3_parse_list(value);
132 if(!nval) {
133 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
134 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
135 return NULL;
136 }
137 ext_struc = method->v2i(method, ctx, nval);
138 if(*value != '@') sk_CONF_VALUE_pop_free(nval,
139 X509V3_conf_free);
140 if(!ext_struc) return NULL;
141 } else if(method->s2i) {
142 if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
143 } else if(method->r2i) {
144 if(!ctx->db) {
145 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
146 return NULL;
147 }
148 if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
149 } else {
150 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
151 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
152 return NULL;
153 }
154
155 ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
156 method->ext_free(ext_struc);
157 return ext;
158
159}
160
161static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
162 int crit, void *ext_struc)
163{
164 unsigned char *ext_der, *p;
165 int ext_len;
166 ASN1_OCTET_STRING *ext_oct;
167 X509_EXTENSION *ext;
168 /* Convert internal representation to DER */
169 ext_len = method->i2d(ext_struc, NULL);
170 if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
171 p = ext_der;
172 method->i2d(ext_struc, &p);
173 if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
174 ext_oct->data = ext_der;
175 ext_oct->length = ext_len;
176
177 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
178 if(!ext) goto merr;
179 M_ASN1_OCTET_STRING_free(ext_oct);
180
181 return ext;
182
183 merr:
184 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
185 return NULL;
186
187}
188
189/* Given an internal structure, nid and critical flag create an extension */
190
191X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
192{
193 X509V3_EXT_METHOD *method;
194 if(!(method = X509V3_EXT_get_nid(ext_nid))) {
195 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
196 return NULL;
197 }
198 return do_ext_i2d(method, ext_nid, crit, ext_struc);
199}
200
201/* Check the extension string for critical flag */
202static int v3_check_critical(char **value)
203{
204 char *p = *value;
205 if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
206 p+=9;
207 while(isspace((unsigned char)*p)) p++;
208 *value = p;
209 return 1;
210}
211
212/* Check extension string for generic extension and return the type */
213static int v3_check_generic(char **value)
214{
215 char *p = *value;
216 if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
217 p+=4;
218 while(isspace((unsigned char)*p)) p++;
219 *value = p;
220 return 1;
221}
222
223/* Create a generic extension: for now just handle DER type */
224static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
225 int crit, int type)
226{
227unsigned char *ext_der=NULL;
228long ext_len;
229ASN1_OBJECT *obj=NULL;
230ASN1_OCTET_STRING *oct=NULL;
231X509_EXTENSION *extension=NULL;
232if(!(obj = OBJ_txt2obj(ext, 0))) {
233 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
234 ERR_add_error_data(2, "name=", ext);
235 goto err;
236}
237
238if(!(ext_der = string_to_hex(value, &ext_len))) {
239 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
240 ERR_add_error_data(2, "value=", value);
241 goto err;
242}
243
244if(!(oct = M_ASN1_OCTET_STRING_new())) {
245 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
246 goto err;
247}
248
249oct->data = ext_der;
250oct->length = ext_len;
251ext_der = NULL;
252
253extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
254
255err:
256ASN1_OBJECT_free(obj);
257M_ASN1_OCTET_STRING_free(oct);
258if(ext_der) OPENSSL_free(ext_der);
259return extension;
260}
261
262
263/* This is the main function: add a bunch of extensions based on a config file
264 * section
265 */
266
267int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
268 X509 *cert)
269{
270 X509_EXTENSION *ext;
271 STACK_OF(CONF_VALUE) *nval;
272 CONF_VALUE *val;
273 int i;
274 if(!(nval = CONF_get_section(conf, section))) return 0;
275 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
276 val = sk_CONF_VALUE_value(nval, i);
277 if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
278 return 0;
279 if(cert) X509_add_ext(cert, ext, -1);
280 X509_EXTENSION_free(ext);
281 }
282 return 1;
283}
284
285/* Same as above but for a CRL */
286
287int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
288 X509_CRL *crl)
289{
290 X509_EXTENSION *ext;
291 STACK_OF(CONF_VALUE) *nval;
292 CONF_VALUE *val;
293 int i;
294 if(!(nval = CONF_get_section(conf, section))) return 0;
295 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
296 val = sk_CONF_VALUE_value(nval, i);
297 if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
298 return 0;
299 if(crl) X509_CRL_add_ext(crl, ext, -1);
300 X509_EXTENSION_free(ext);
301 }
302 return 1;
303}
304
305/* Add extensions to certificate request */
306
307int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
308 X509_REQ *req)
309{
310 X509_EXTENSION *ext;
311 STACK_OF(X509_EXTENSION) *extlist = NULL;
312 STACK_OF(CONF_VALUE) *nval;
313 CONF_VALUE *val;
314 int i;
315 if(!(nval = CONF_get_section(conf, section))) return 0;
316 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
317 val = sk_CONF_VALUE_value(nval, i);
318 if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
319 return 0;
320 if(!extlist) extlist = sk_X509_EXTENSION_new_null();
321 sk_X509_EXTENSION_push(extlist, ext);
322 }
323 if(req) i = X509_REQ_add_extensions(req, extlist);
324 else i = 1;
325 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
326 return i;
327}
328
329/* Config database functions */
330
331char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
332{
333 if(ctx->db_meth->get_string)
334 return ctx->db_meth->get_string(ctx->db, name, section);
335 return NULL;
336}
337
338STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
339{
340 if(ctx->db_meth->get_section)
341 return ctx->db_meth->get_section(ctx->db, section);
342 return NULL;
343}
344
345void X509V3_string_free(X509V3_CTX *ctx, char *str)
346{
347 if(!str) return;
348 if(ctx->db_meth->free_string)
349 ctx->db_meth->free_string(ctx->db, str);
350}
351
352void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
353{
354 if(!section) return;
355 if(ctx->db_meth->free_section)
356 ctx->db_meth->free_section(ctx->db, section);
357}
358
359static char *conf_lhash_get_string(void *db, char *section, char *value)
360{
361 return CONF_get_string(db, section, value);
362}
363
364static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
365{
366 return CONF_get_section(db, section);
367}
368
369static X509V3_CONF_METHOD conf_lhash_method = {
370conf_lhash_get_string,
371conf_lhash_get_section,
372NULL,
373NULL
374};
375
376void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
377{
378 ctx->db_meth = &conf_lhash_method;
379 ctx->db = lhash;
380}
381
382void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
383 X509_CRL *crl, int flags)
384{
385 ctx->issuer_cert = issuer;
386 ctx->subject_cert = subj;
387 ctx->crl = crl;
388 ctx->subject_req = req;
389 ctx->flags = flags;
390}
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
deleted file mode 100644
index 8203ed7571..0000000000
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ /dev/null
@@ -1,660 +0,0 @@
1/* v3_cpols.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66/* Certificate policies extension support: this one is a bit complex... */
67
68static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
69static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
70static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
71static void print_notice(BIO *out, USERNOTICE *notice, int indent);
72static POLICYINFO *policy_section(X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
74static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
75 STACK_OF(CONF_VALUE) *unot, int ia5org);
76static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
77
78X509V3_EXT_METHOD v3_cpols = {
79NID_certificate_policies, 0,
80(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
81(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free,
82(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
83(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES,
84NULL, NULL,
85NULL, NULL,
86(X509V3_EXT_I2R)i2r_certpol,
87(X509V3_EXT_R2I)r2i_certpol,
88NULL
89};
90
91
92static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
93 X509V3_CTX *ctx, char *value)
94{
95 STACK_OF(POLICYINFO) *pols = NULL;
96 char *pstr;
97 POLICYINFO *pol;
98 ASN1_OBJECT *pobj;
99 STACK_OF(CONF_VALUE) *vals;
100 CONF_VALUE *cnf;
101 int i, ia5org;
102 pols = sk_POLICYINFO_new_null();
103 vals = X509V3_parse_list(value);
104 ia5org = 0;
105 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
106 cnf = sk_CONF_VALUE_value(vals, i);
107 if(cnf->value || !cnf->name ) {
108 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
109 X509V3_conf_err(cnf);
110 goto err;
111 }
112 pstr = cnf->name;
113 if(!strcmp(pstr,"ia5org")) {
114 ia5org = 1;
115 continue;
116 } else if(*pstr == '@') {
117 STACK_OF(CONF_VALUE) *polsect;
118 polsect = X509V3_get_section(ctx, pstr + 1);
119 if(!polsect) {
120 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
121
122 X509V3_conf_err(cnf);
123 goto err;
124 }
125 pol = policy_section(ctx, polsect, ia5org);
126 X509V3_section_free(ctx, polsect);
127 if(!pol) goto err;
128 } else {
129 if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
130 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
131 X509V3_conf_err(cnf);
132 goto err;
133 }
134 pol = POLICYINFO_new();
135 pol->policyid = pobj;
136 }
137 sk_POLICYINFO_push(pols, pol);
138 }
139 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
140 return pols;
141 err:
142 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
143 return NULL;
144}
145
146static POLICYINFO *policy_section(X509V3_CTX *ctx,
147 STACK_OF(CONF_VALUE) *polstrs, int ia5org)
148{
149 int i;
150 CONF_VALUE *cnf;
151 POLICYINFO *pol;
152 POLICYQUALINFO *qual;
153 if(!(pol = POLICYINFO_new())) goto merr;
154 for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
155 cnf = sk_CONF_VALUE_value(polstrs, i);
156 if(!strcmp(cnf->name, "policyIdentifier")) {
157 ASN1_OBJECT *pobj;
158 if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
159 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
160 X509V3_conf_err(cnf);
161 goto err;
162 }
163 pol->policyid = pobj;
164
165 } else if(!name_cmp(cnf->name, "CPS")) {
166 if(!pol->qualifiers) pol->qualifiers =
167 sk_POLICYQUALINFO_new_null();
168 if(!(qual = POLICYQUALINFO_new())) goto merr;
169 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
170 goto merr;
171 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
172 qual->d.cpsuri = M_ASN1_IA5STRING_new();
173 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
174 strlen(cnf->value))) goto merr;
175 } else if(!name_cmp(cnf->name, "userNotice")) {
176 STACK_OF(CONF_VALUE) *unot;
177 if(*cnf->value != '@') {
178 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
179 X509V3_conf_err(cnf);
180 goto err;
181 }
182 unot = X509V3_get_section(ctx, cnf->value + 1);
183 if(!unot) {
184 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
185
186 X509V3_conf_err(cnf);
187 goto err;
188 }
189 qual = notice_section(ctx, unot, ia5org);
190 X509V3_section_free(ctx, unot);
191 if(!qual) goto err;
192 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
193 goto merr;
194 } else {
195 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
196
197 X509V3_conf_err(cnf);
198 goto err;
199 }
200 }
201 if(!pol->policyid) {
202 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
203 goto err;
204 }
205
206 return pol;
207
208 merr:
209 X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
210
211 err:
212 POLICYINFO_free(pol);
213 return NULL;
214
215
216}
217
218static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
219 STACK_OF(CONF_VALUE) *unot, int ia5org)
220{
221 int i;
222 CONF_VALUE *cnf;
223 USERNOTICE *not;
224 POLICYQUALINFO *qual;
225 if(!(qual = POLICYQUALINFO_new())) goto merr;
226 qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
227 if(!(not = USERNOTICE_new())) goto merr;
228 qual->d.usernotice = not;
229 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
230 cnf = sk_CONF_VALUE_value(unot, i);
231 if(!strcmp(cnf->name, "explicitText")) {
232 not->exptext = M_ASN1_VISIBLESTRING_new();
233 if(!ASN1_STRING_set(not->exptext, cnf->value,
234 strlen(cnf->value))) goto merr;
235 } else if(!strcmp(cnf->name, "organization")) {
236 NOTICEREF *nref;
237 if(!not->noticeref) {
238 if(!(nref = NOTICEREF_new())) goto merr;
239 not->noticeref = nref;
240 } else nref = not->noticeref;
241 if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
242 else nref->organization = M_ASN1_VISIBLESTRING_new();
243 if(!ASN1_STRING_set(nref->organization, cnf->value,
244 strlen(cnf->value))) goto merr;
245 } else if(!strcmp(cnf->name, "noticeNumbers")) {
246 NOTICEREF *nref;
247 STACK_OF(CONF_VALUE) *nos;
248 if(!not->noticeref) {
249 if(!(nref = NOTICEREF_new())) goto merr;
250 not->noticeref = nref;
251 } else nref = not->noticeref;
252 nos = X509V3_parse_list(cnf->value);
253 if(!nos || !sk_CONF_VALUE_num(nos)) {
254 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
255 X509V3_conf_err(cnf);
256 goto err;
257 }
258 nref->noticenos = nref_nos(nos);
259 sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
260 if(!nref->noticenos) goto err;
261 } else {
262 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
263
264 X509V3_conf_err(cnf);
265 goto err;
266 }
267 }
268
269 if(not->noticeref &&
270 (!not->noticeref->noticenos || !not->noticeref->organization)) {
271 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
272 goto err;
273 }
274
275 return qual;
276
277 merr:
278 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
279
280 err:
281 POLICYQUALINFO_free(qual);
282 return NULL;
283}
284
285static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
286{
287 STACK_OF(ASN1_INTEGER) *nnums;
288 CONF_VALUE *cnf;
289 ASN1_INTEGER *aint;
290
291 int i;
292
293 if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
294 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
295 cnf = sk_CONF_VALUE_value(nos, i);
296 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
297 X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
298 goto err;
299 }
300 if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
301 }
302 return nnums;
303
304 merr:
305 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
306
307 err:
308 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
309 return NULL;
310}
311
312
313static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
314 BIO *out, int indent)
315{
316 int i;
317 POLICYINFO *pinfo;
318 /* First print out the policy OIDs */
319 for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
320 pinfo = sk_POLICYINFO_value(pol, i);
321 BIO_printf(out, "%*sPolicy: ", indent, "");
322 i2a_ASN1_OBJECT(out, pinfo->policyid);
323 BIO_puts(out, "\n");
324 if(pinfo->qualifiers)
325 print_qualifiers(out, pinfo->qualifiers, indent + 2);
326 }
327 return 1;
328}
329
330
331int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp)
332{
333
334return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
335 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
336
337STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void)
338{
339 return sk_POLICYINFO_new_null();
340}
341
342void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a)
343{
344 sk_POLICYINFO_pop_free(a, POLICYINFO_free);
345}
346
347STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a,
348 unsigned char **pp,long length)
349{
350return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
351 POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
352
353}
354
355IMPLEMENT_STACK_OF(POLICYINFO)
356IMPLEMENT_ASN1_SET_OF(POLICYINFO)
357
358int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp)
359{
360 M_ASN1_I2D_vars(a);
361
362 M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT);
363 M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
364 i2d_POLICYQUALINFO);
365
366 M_ASN1_I2D_seq_total();
367
368 M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT);
369 M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
370 i2d_POLICYQUALINFO);
371
372 M_ASN1_I2D_finish();
373}
374
375POLICYINFO *POLICYINFO_new(void)
376{
377 POLICYINFO *ret=NULL;
378 ASN1_CTX c;
379 M_ASN1_New_Malloc(ret, POLICYINFO);
380 ret->policyid = NULL;
381 ret->qualifiers = NULL;
382 return (ret);
383 M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
384}
385
386POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length)
387{
388 M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
389 M_ASN1_D2I_Init();
390 M_ASN1_D2I_start_sequence();
391 M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT);
392 if(!M_ASN1_D2I_end_sequence()) {
393 M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers,
394 d2i_POLICYQUALINFO, POLICYQUALINFO_free);
395 }
396 M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
397}
398
399void POLICYINFO_free(POLICYINFO *a)
400{
401 if (a == NULL) return;
402 ASN1_OBJECT_free(a->policyid);
403 sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
404 OPENSSL_free (a);
405}
406
407static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
408 int indent)
409{
410 POLICYQUALINFO *qualinfo;
411 int i;
412 for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
413 qualinfo = sk_POLICYQUALINFO_value(quals, i);
414 switch(OBJ_obj2nid(qualinfo->pqualid))
415 {
416 case NID_id_qt_cps:
417 BIO_printf(out, "%*sCPS: %s\n", indent, "",
418 qualinfo->d.cpsuri->data);
419 break;
420
421 case NID_id_qt_unotice:
422 BIO_printf(out, "%*sUser Notice:\n", indent, "");
423 print_notice(out, qualinfo->d.usernotice, indent + 2);
424 break;
425
426 default:
427 BIO_printf(out, "%*sUnknown Qualifier: ",
428 indent + 2, "");
429
430 i2a_ASN1_OBJECT(out, qualinfo->pqualid);
431 BIO_puts(out, "\n");
432 break;
433 }
434 }
435}
436
437static void print_notice(BIO *out, USERNOTICE *notice, int indent)
438{
439 int i;
440 if(notice->noticeref) {
441 NOTICEREF *ref;
442 ref = notice->noticeref;
443 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
444 ref->organization->data);
445 BIO_printf(out, "%*sNumber%s: ", indent, "",
446 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
447 for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
448 ASN1_INTEGER *num;
449 char *tmp;
450 num = sk_ASN1_INTEGER_value(ref->noticenos, i);
451 if(i) BIO_puts(out, ", ");
452 tmp = i2s_ASN1_INTEGER(NULL, num);
453 BIO_puts(out, tmp);
454 OPENSSL_free(tmp);
455 }
456 BIO_puts(out, "\n");
457 }
458 if(notice->exptext)
459 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
460 notice->exptext->data);
461}
462
463
464
465int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp)
466{
467 M_ASN1_I2D_vars(a);
468
469 M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT);
470 switch(OBJ_obj2nid(a->pqualid)) {
471 case NID_id_qt_cps:
472 M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING);
473 break;
474
475 case NID_id_qt_unotice:
476 M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE);
477 break;
478
479 default:
480 M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE);
481 break;
482 }
483
484 M_ASN1_I2D_seq_total();
485
486 M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT);
487 switch(OBJ_obj2nid(a->pqualid)) {
488 case NID_id_qt_cps:
489 M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING);
490 break;
491
492 case NID_id_qt_unotice:
493 M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE);
494 break;
495
496 default:
497 M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE);
498 break;
499 }
500
501 M_ASN1_I2D_finish();
502}
503
504POLICYQUALINFO *POLICYQUALINFO_new(void)
505{
506 POLICYQUALINFO *ret=NULL;
507 ASN1_CTX c;
508 M_ASN1_New_Malloc(ret, POLICYQUALINFO);
509 ret->pqualid = NULL;
510 ret->d.other = NULL;
511 return (ret);
512 M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW);
513}
514
515POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
516 long length)
517{
518 M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new);
519 M_ASN1_D2I_Init();
520 M_ASN1_D2I_start_sequence();
521 M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT);
522 switch(OBJ_obj2nid(ret->pqualid)) {
523 case NID_id_qt_cps:
524 M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING);
525 break;
526
527 case NID_id_qt_unotice:
528 M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE);
529 break;
530
531 default:
532 M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE);
533 break;
534 }
535 M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO);
536}
537
538void POLICYQUALINFO_free(POLICYQUALINFO *a)
539{
540 if (a == NULL) return;
541 switch(OBJ_obj2nid(a->pqualid)) {
542 case NID_id_qt_cps:
543 M_ASN1_IA5STRING_free(a->d.cpsuri);
544 break;
545
546 case NID_id_qt_unotice:
547 USERNOTICE_free(a->d.usernotice);
548 break;
549
550 default:
551 ASN1_TYPE_free(a->d.other);
552 break;
553 }
554
555 ASN1_OBJECT_free(a->pqualid);
556 OPENSSL_free (a);
557}
558
559int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp)
560{
561 M_ASN1_I2D_vars(a);
562
563 M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF);
564 M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT);
565
566 M_ASN1_I2D_seq_total();
567
568 M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF);
569 M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT);
570
571 M_ASN1_I2D_finish();
572}
573
574USERNOTICE *USERNOTICE_new(void)
575{
576 USERNOTICE *ret=NULL;
577 ASN1_CTX c;
578 M_ASN1_New_Malloc(ret, USERNOTICE);
579 ret->noticeref = NULL;
580 ret->exptext = NULL;
581 return (ret);
582 M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW);
583}
584
585USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length)
586{
587 M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new);
588 M_ASN1_D2I_Init();
589 M_ASN1_D2I_start_sequence();
590 M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE);
591 if (!M_ASN1_D2I_end_sequence()) {
592 M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT);
593 }
594 M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE);
595}
596
597void USERNOTICE_free(USERNOTICE *a)
598{
599 if (a == NULL) return;
600 NOTICEREF_free(a->noticeref);
601 M_DISPLAYTEXT_free(a->exptext);
602 OPENSSL_free (a);
603}
604
605int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp)
606{
607 M_ASN1_I2D_vars(a);
608
609 M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT);
610 M_ASN1_I2D_len_SEQUENCE_type(ASN1_INTEGER, a->noticenos,
611 i2d_ASN1_INTEGER);
612
613 M_ASN1_I2D_seq_total();
614
615 M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT);
616 M_ASN1_I2D_put_SEQUENCE_type(ASN1_INTEGER, a->noticenos,
617 i2d_ASN1_INTEGER);
618
619 M_ASN1_I2D_finish();
620}
621
622NOTICEREF *NOTICEREF_new(void)
623{
624 NOTICEREF *ret=NULL;
625 ASN1_CTX c;
626 M_ASN1_New_Malloc(ret, NOTICEREF);
627 ret->organization = NULL;
628 ret->noticenos = NULL;
629 return (ret);
630 M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW);
631}
632
633NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
634{
635 M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new);
636 M_ASN1_D2I_Init();
637 M_ASN1_D2I_start_sequence();
638 /* This is to cope with some broken encodings that use IA5STRING for
639 * the organization field
640 */
641 M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING,
642 V_ASN1_IA5STRING);
643 if(!ret->organization) {
644 M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT);
645 }
646 M_ASN1_D2I_get_seq_type(ASN1_INTEGER, ret->noticenos, d2i_ASN1_INTEGER,
647 ASN1_STRING_free);
648 M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
649}
650
651void NOTICEREF_free(NOTICEREF *a)
652{
653 if (a == NULL) return;
654 M_DISPLAYTEXT_free(a->organization);
655 sk_ASN1_INTEGER_pop_free(a->noticenos, ASN1_STRING_free);
656 OPENSSL_free (a);
657}
658
659IMPLEMENT_STACK_OF(POLICYQUALINFO)
660IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO)
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
deleted file mode 100644
index 67feea4017..0000000000
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ /dev/null
@@ -1,285 +0,0 @@
1/* v3_crld.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
67 STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
68static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
70
71X509V3_EXT_METHOD v3_crld = {
72NID_crl_distribution_points, X509V3_EXT_MULTILINE,
73(X509V3_EXT_NEW)CRL_DIST_POINTS_new,
74(X509V3_EXT_FREE)CRL_DIST_POINTS_free,
75(X509V3_EXT_D2I)d2i_CRL_DIST_POINTS,
76(X509V3_EXT_I2D)i2d_CRL_DIST_POINTS,
77NULL, NULL,
78(X509V3_EXT_I2V)i2v_crld,
79(X509V3_EXT_V2I)v2i_crld,
80NULL, NULL, NULL
81};
82
83static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
84 STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
85{
86 DIST_POINT *point;
87 int i;
88 for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
89 point = sk_DIST_POINT_value(crld, i);
90 if(point->distpoint && point->distpoint->fullname) {
91 exts = i2v_GENERAL_NAMES(NULL,
92 point->distpoint->fullname, exts);
93 }
94 if(point->reasons)
95 X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
96 if(point->CRLissuer)
97 X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
98 if(point->distpoint && point->distpoint->relativename)
99 X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
100 }
101 return exts;
102}
103
104static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
105 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
106{
107 STACK_OF(DIST_POINT) *crld = NULL;
108 STACK_OF(GENERAL_NAME) *gens = NULL;
109 GENERAL_NAME *gen = NULL;
110 CONF_VALUE *cnf;
111 int i;
112 if(!(crld = sk_DIST_POINT_new_null())) goto merr;
113 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
114 DIST_POINT *point;
115 cnf = sk_CONF_VALUE_value(nval, i);
116 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
117 if(!(gens = GENERAL_NAMES_new())) goto merr;
118 if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
119 gen = NULL;
120 if(!(point = DIST_POINT_new())) goto merr;
121 if(!sk_DIST_POINT_push(crld, point)) {
122 DIST_POINT_free(point);
123 goto merr;
124 }
125 if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
126 point->distpoint->fullname = gens;
127 gens = NULL;
128 }
129 return crld;
130
131 merr:
132 X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
133 err:
134 GENERAL_NAME_free(gen);
135 GENERAL_NAMES_free(gens);
136 sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
137 return NULL;
138}
139
140int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp)
141{
142
143return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE,
144 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
145
146STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void)
147{
148 return sk_DIST_POINT_new_null();
149}
150
151void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a)
152{
153 sk_DIST_POINT_pop_free(a, DIST_POINT_free);
154}
155
156STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
157 unsigned char **pp,long length)
158{
159return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT,
160 DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
161
162}
163
164IMPLEMENT_STACK_OF(DIST_POINT)
165IMPLEMENT_ASN1_SET_OF(DIST_POINT)
166
167int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp)
168{
169 int v = 0;
170 M_ASN1_I2D_vars(a);
171 /* NB: underlying type is a CHOICE so need EXPLICIT tagging */
172 M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
173 M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING);
174 M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES);
175
176 M_ASN1_I2D_seq_total();
177
178 M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
179 M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1);
180 M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2);
181
182 M_ASN1_I2D_finish();
183}
184
185DIST_POINT *DIST_POINT_new(void)
186{
187 DIST_POINT *ret=NULL;
188 ASN1_CTX c;
189 M_ASN1_New_Malloc(ret, DIST_POINT);
190 ret->distpoint = NULL;
191 ret->reasons = NULL;
192 ret->CRLissuer = NULL;
193 return (ret);
194 M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW);
195}
196
197DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length)
198{
199 M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new);
200 M_ASN1_D2I_Init();
201 M_ASN1_D2I_start_sequence();
202 M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0);
203 M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1,
204 V_ASN1_BIT_STRING);
205 M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2,
206 V_ASN1_SEQUENCE);
207 M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT);
208}
209
210void DIST_POINT_free(DIST_POINT *a)
211{
212 if (a == NULL) return;
213 DIST_POINT_NAME_free(a->distpoint);
214 M_ASN1_BIT_STRING_free(a->reasons);
215 sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
216 OPENSSL_free (a);
217}
218
219int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
220{
221 M_ASN1_I2D_vars(a);
222
223 if(a->fullname) {
224 M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES);
225 } else {
226 M_ASN1_I2D_len_IMP_SET_opt_type(X509_NAME_ENTRY,
227 a->relativename, i2d_X509_NAME_ENTRY, 1);
228 }
229
230 /* Don't want a SEQUENCE so... */
231 if(pp == NULL) return ret;
232 p = *pp;
233
234 if(a->fullname) {
235 M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0);
236 } else {
237 M_ASN1_I2D_put_IMP_SET_opt_type(X509_NAME_ENTRY,
238 a->relativename, i2d_X509_NAME_ENTRY, 1);
239 }
240 M_ASN1_I2D_finish();
241}
242
243DIST_POINT_NAME *DIST_POINT_NAME_new(void)
244{
245 DIST_POINT_NAME *ret=NULL;
246 ASN1_CTX c;
247 M_ASN1_New_Malloc(ret, DIST_POINT_NAME);
248 ret->fullname = NULL;
249 ret->relativename = NULL;
250 return (ret);
251 M_ASN1_New_Error(ASN1_F_DIST_POINT_NAME_NEW);
252}
253
254void DIST_POINT_NAME_free(DIST_POINT_NAME *a)
255{
256 if (a == NULL) return;
257 sk_X509_NAME_ENTRY_pop_free(a->relativename, X509_NAME_ENTRY_free);
258 sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free);
259 OPENSSL_free (a);
260}
261
262DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
263 long length)
264{
265 unsigned char _tmp, tag;
266 M_ASN1_D2I_vars(a,DIST_POINT_NAME *,DIST_POINT_NAME_new);
267 M_ASN1_D2I_Init();
268 c.slen = length;
269
270 _tmp = M_ASN1_next;
271 tag = _tmp & ~V_ASN1_CONSTRUCTED;
272
273 if(tag == (0|V_ASN1_CONTEXT_SPECIFIC)) {
274 M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES,
275 V_ASN1_SEQUENCE);
276 } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) {
277 M_ASN1_D2I_get_IMP_set_opt_type (X509_NAME_ENTRY,
278 ret->relativename, d2i_X509_NAME_ENTRY, X509_NAME_ENTRY_free, 1);
279 } else {
280 c.error = ASN1_R_BAD_TAG;
281 goto err;
282 }
283
284 M_ASN1_D2I_Finish(a, DIST_POINT_NAME_free, ASN1_F_D2I_DIST_POINT_NAME);
285}
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
deleted file mode 100644
index aecfdc87f8..0000000000
--- a/src/lib/libcrypto/x509v3/v3_enum.c
+++ /dev/null
@@ -1,96 +0,0 @@
1/* v3_enum.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63static ENUMERATED_NAMES crl_reasons[] = {
64{0, "Unspecified", "unspecified"},
65{1, "Key Compromise", "keyCompromise"},
66{2, "CA Compromise", "CACompromise"},
67{3, "Affiliation Changed", "affiliationChanged"},
68{4, "Superseded", "superseded"},
69{5, "Cessation Of Operation", "cessationOfOperation"},
70{6, "Certificate Hold", "certificateHold"},
71{8, "Remove From CRL", "removeFromCRL"},
72{-1, NULL, NULL}
73};
74
75X509V3_EXT_METHOD v3_crl_reason = {
76NID_crl_reason, 0,
77(X509V3_EXT_NEW)ASN1_ENUMERATED_new,
78(X509V3_EXT_FREE)ASN1_ENUMERATED_free,
79(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
80(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
81(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
82(X509V3_EXT_S2I)0,
83NULL, NULL, NULL, NULL, crl_reasons};
84
85
86char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
87 ASN1_ENUMERATED *e)
88{
89 ENUMERATED_NAMES *enam;
90 long strval;
91 strval = ASN1_ENUMERATED_get(e);
92 for(enam = method->usr_data; enam->lname; enam++) {
93 if(strval == enam->bitnum) return BUF_strdup(enam->lname);
94 }
95 return i2s_ASN1_ENUMERATED(method, e);
96}
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
deleted file mode 100644
index 53ec40a027..0000000000
--- a/src/lib/libcrypto/x509v3/v3_extku.c
+++ /dev/null
@@ -1,150 +0,0 @@
1/* v3_extku.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
69 STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *extlist);
70X509V3_EXT_METHOD v3_ext_ku = {
71NID_ext_key_usage, 0,
72(X509V3_EXT_NEW)ext_ku_new,
73(X509V3_EXT_FREE)ext_ku_free,
74(X509V3_EXT_D2I)d2i_ext_ku,
75(X509V3_EXT_I2D)i2d_ext_ku,
76NULL, NULL,
77(X509V3_EXT_I2V)i2v_ext_ku,
78(X509V3_EXT_V2I)v2i_ext_ku,
79NULL,NULL,
80NULL
81};
82
83STACK_OF(ASN1_OBJECT) *ext_ku_new(void)
84{
85 return sk_ASN1_OBJECT_new_null();
86}
87
88void ext_ku_free(STACK_OF(ASN1_OBJECT) *eku)
89{
90 sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free);
91 return;
92}
93
94int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp)
95{
96 return i2d_ASN1_SET_OF_ASN1_OBJECT(a, pp, i2d_ASN1_OBJECT,
97 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
98}
99
100STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
101 unsigned char **pp, long length)
102{
103 return d2i_ASN1_SET_OF_ASN1_OBJECT(a, pp, length, d2i_ASN1_OBJECT,
104 ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
105}
106
107
108
109static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
110 STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *ext_list)
111{
112int i;
113ASN1_OBJECT *obj;
114char obj_tmp[80];
115for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
116 obj = sk_ASN1_OBJECT_value(eku, i);
117 i2t_ASN1_OBJECT(obj_tmp, 80, obj);
118 X509V3_add_value(NULL, obj_tmp, &ext_list);
119}
120return ext_list;
121}
122
123static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
124 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
125{
126STACK_OF(ASN1_OBJECT) *extku;
127char *extval;
128ASN1_OBJECT *objtmp;
129CONF_VALUE *val;
130int i;
131
132if(!(extku = sk_ASN1_OBJECT_new_null())) {
133 X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
134 return NULL;
135}
136
137for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
138 val = sk_CONF_VALUE_value(nval, i);
139 if(val->value) extval = val->value;
140 else extval = val->name;
141 if(!(objtmp = OBJ_txt2obj(extval, 0))) {
142 sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
143 X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
144 X509V3_conf_err(val);
145 return NULL;
146 }
147 sk_ASN1_OBJECT_push(extku, objtmp);
148}
149return extku;
150}
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
deleted file mode 100644
index d44751458e..0000000000
--- a/src/lib/libcrypto/x509v3/v3_genn.c
+++ /dev/null
@@ -1,291 +0,0 @@
1/* v3_genn.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp)
68{
69 unsigned char *p;
70 int ret;
71
72 ret = 0;
73
74 /* Save the location of initial TAG */
75 if(pp) p = *pp;
76 else p = NULL;
77
78 /* GEN_DNAME needs special treatment because of EXPLICIT tag */
79
80 if(a->type == GEN_DIRNAME) {
81 int v = 0;
82 M_ASN1_I2D_len_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
83 if(!p) return ret;
84 M_ASN1_I2D_put_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
85 *pp = p;
86 return ret;
87 }
88
89 switch(a->type) {
90
91 case GEN_X400:
92 case GEN_EDIPARTY:
93 ret = i2d_ASN1_TYPE(a->d.other, pp);
94 break;
95
96 case GEN_OTHERNAME:
97 ret = i2d_OTHERNAME(a->d.otherName, pp);
98 break;
99
100 case GEN_EMAIL:
101 case GEN_DNS:
102 case GEN_URI:
103 ret = i2d_ASN1_IA5STRING(a->d.ia5, pp);
104 break;
105
106 case GEN_IPADD:
107 ret = i2d_ASN1_OCTET_STRING(a->d.ip, pp);
108 break;
109
110 case GEN_RID:
111 ret = i2d_ASN1_OBJECT(a->d.rid, pp);
112 break;
113 }
114 /* Replace TAG with IMPLICIT value */
115 if(p) *p = (*p & V_ASN1_CONSTRUCTED) | a->type;
116 return ret;
117}
118
119GENERAL_NAME *GENERAL_NAME_new()
120{
121 GENERAL_NAME *ret=NULL;
122 ASN1_CTX c;
123 M_ASN1_New_Malloc(ret, GENERAL_NAME);
124 ret->type = -1;
125 ret->d.ptr = NULL;
126 return (ret);
127 M_ASN1_New_Error(ASN1_F_GENERAL_NAME_NEW);
128}
129
130GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp,
131 long length)
132{
133 unsigned char _tmp;
134 M_ASN1_D2I_vars(a,GENERAL_NAME *,GENERAL_NAME_new);
135 M_ASN1_D2I_Init();
136 c.slen = length;
137
138 _tmp = M_ASN1_next;
139 ret->type = _tmp & ~V_ASN1_CONSTRUCTED;
140
141 switch(ret->type) {
142 /* Just put these in a "blob" for now */
143 case GEN_X400:
144 case GEN_EDIPARTY:
145 M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE);
146 break;
147
148 case GEN_OTHERNAME:
149 M_ASN1_D2I_get_imp(ret->d.otherName, d2i_OTHERNAME,V_ASN1_SEQUENCE);
150 break;
151
152 case GEN_EMAIL:
153 case GEN_DNS:
154 case GEN_URI:
155 M_ASN1_D2I_get_imp(ret->d.ia5, d2i_ASN1_IA5STRING,
156 V_ASN1_IA5STRING);
157 break;
158
159 case GEN_DIRNAME:
160 M_ASN1_D2I_get_EXP_opt(ret->d.dirn, d2i_X509_NAME, 4);
161 break;
162
163 case GEN_IPADD:
164 M_ASN1_D2I_get_imp(ret->d.ip, d2i_ASN1_OCTET_STRING,
165 V_ASN1_OCTET_STRING);
166 break;
167
168 case GEN_RID:
169 M_ASN1_D2I_get_imp(ret->d.rid, d2i_ASN1_OBJECT,V_ASN1_OBJECT);
170 break;
171
172 default:
173 c.error = ASN1_R_BAD_TAG;
174 goto err;
175 }
176
177 c.slen = 0;
178 M_ASN1_D2I_Finish(a, GENERAL_NAME_free, ASN1_F_D2I_GENERAL_NAME);
179}
180
181void GENERAL_NAME_free(GENERAL_NAME *a)
182{
183 if (a == NULL) return;
184 switch(a->type) {
185 case GEN_X400:
186 case GEN_EDIPARTY:
187 ASN1_TYPE_free(a->d.other);
188 break;
189
190 case GEN_OTHERNAME:
191 OTHERNAME_free(a->d.otherName);
192 break;
193
194 case GEN_EMAIL:
195 case GEN_DNS:
196 case GEN_URI:
197
198 M_ASN1_IA5STRING_free(a->d.ia5);
199 break;
200
201 case GEN_DIRNAME:
202 X509_NAME_free(a->d.dirn);
203 break;
204
205 case GEN_IPADD:
206 M_ASN1_OCTET_STRING_free(a->d.ip);
207 break;
208
209 case GEN_RID:
210 ASN1_OBJECT_free(a->d.rid);
211 break;
212
213 }
214 OPENSSL_free (a);
215}
216
217/* Now the GeneralNames versions: a SEQUENCE OF GeneralName. These are needed as
218 * explicit functions.
219 */
220
221STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new()
222{
223 return sk_GENERAL_NAME_new_null();
224}
225
226void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a)
227{
228 sk_GENERAL_NAME_pop_free(a, GENERAL_NAME_free);
229}
230
231STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a,
232 unsigned char **pp, long length)
233{
234return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME,
235 GENERAL_NAME_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
236}
237
238int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp)
239{
240return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE,
241 V_ASN1_UNIVERSAL, IS_SEQUENCE);
242}
243
244IMPLEMENT_STACK_OF(GENERAL_NAME)
245IMPLEMENT_ASN1_SET_OF(GENERAL_NAME)
246
247int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp)
248{
249 int v = 0;
250 M_ASN1_I2D_vars(a);
251
252 M_ASN1_I2D_len(a->type_id, i2d_ASN1_OBJECT);
253 M_ASN1_I2D_len_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v);
254
255 M_ASN1_I2D_seq_total();
256
257 M_ASN1_I2D_put(a->type_id, i2d_ASN1_OBJECT);
258 M_ASN1_I2D_put_EXP_opt(a->value, i2d_ASN1_TYPE, 0, v);
259
260 M_ASN1_I2D_finish();
261}
262
263OTHERNAME *OTHERNAME_new(void)
264{
265 OTHERNAME *ret=NULL;
266 ASN1_CTX c;
267 M_ASN1_New_Malloc(ret, OTHERNAME);
268 ret->type_id = OBJ_nid2obj(NID_undef);
269 M_ASN1_New(ret->value, ASN1_TYPE_new);
270 return (ret);
271 M_ASN1_New_Error(ASN1_F_OTHERNAME_NEW);
272}
273
274OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length)
275{
276 M_ASN1_D2I_vars(a,OTHERNAME *,OTHERNAME_new);
277 M_ASN1_D2I_Init();
278 M_ASN1_D2I_start_sequence();
279 M_ASN1_D2I_get(ret->type_id, d2i_ASN1_OBJECT);
280 M_ASN1_D2I_get_EXP_opt(ret->value, d2i_ASN1_TYPE, 0);
281 M_ASN1_D2I_Finish(a, OTHERNAME_free, ASN1_F_D2I_OTHERNAME);
282}
283
284void OTHERNAME_free(OTHERNAME *a)
285{
286 if (a == NULL) return;
287 ASN1_OBJECT_free(a->type_id);
288 ASN1_TYPE_free(a->value);
289 OPENSSL_free (a);
290}
291
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
deleted file mode 100644
index f3bba38269..0000000000
--- a/src/lib/libcrypto/x509v3/v3_ia5.c
+++ /dev/null
@@ -1,113 +0,0 @@
1/* v3_ia5.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
67static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
68X509V3_EXT_METHOD v3_ns_ia5_list[] = {
69EXT_IA5STRING(NID_netscape_base_url),
70EXT_IA5STRING(NID_netscape_revocation_url),
71EXT_IA5STRING(NID_netscape_ca_revocation_url),
72EXT_IA5STRING(NID_netscape_renewal_url),
73EXT_IA5STRING(NID_netscape_ca_policy_url),
74EXT_IA5STRING(NID_netscape_ssl_server_name),
75EXT_IA5STRING(NID_netscape_comment),
76EXT_END
77};
78
79
80static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
81 ASN1_IA5STRING *ia5)
82{
83 char *tmp;
84 if(!ia5 || !ia5->length) return NULL;
85 tmp = OPENSSL_malloc(ia5->length + 1);
86 memcpy(tmp, ia5->data, ia5->length);
87 tmp[ia5->length] = 0;
88 return tmp;
89}
90
91static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
92 X509V3_CTX *ctx, char *str)
93{
94 ASN1_IA5STRING *ia5;
95 if(!str) {
96 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
97 return NULL;
98 }
99 if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
100 if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
101 strlen(str))) {
102 M_ASN1_IA5STRING_free(ia5);
103 goto err;
104 }
105#ifdef CHARSET_EBCDIC
106 ebcdic2ascii(ia5->data, ia5->data, ia5->length);
107#endif /*CHARSET_EBCDIC*/
108 return ia5;
109 err:
110 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
111 return NULL;
112}
113
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
deleted file mode 100644
index a045a629ee..0000000000
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ /dev/null
@@ -1,236 +0,0 @@
1/* v3_info.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
67 STACK_OF(ACCESS_DESCRIPTION) *ainfo,
68 STACK_OF(CONF_VALUE) *ret);
69static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
71
72X509V3_EXT_METHOD v3_info =
73{ NID_info_access, X509V3_EXT_MULTILINE,
74(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new,
75(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free,
76(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS,
77(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS,
78NULL, NULL,
79(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
80(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
81NULL, NULL, NULL};
82
83static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
84 STACK_OF(ACCESS_DESCRIPTION) *ainfo,
85 STACK_OF(CONF_VALUE) *ret)
86{
87 ACCESS_DESCRIPTION *desc;
88 int i;
89 char objtmp[80], *ntmp;
90 CONF_VALUE *vtmp;
91 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
92 desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
93 ret = i2v_GENERAL_NAME(method, desc->location, ret);
94 if(!ret) break;
95 vtmp = sk_CONF_VALUE_value(ret, i);
96 i2t_ASN1_OBJECT(objtmp, 80, desc->method);
97 ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
98 if(!ntmp) {
99 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
100 ERR_R_MALLOC_FAILURE);
101 return NULL;
102 }
103 strcpy(ntmp, objtmp);
104 strcat(ntmp, " - ");
105 strcat(ntmp, vtmp->name);
106 OPENSSL_free(vtmp->name);
107 vtmp->name = ntmp;
108
109 }
110 if(!ret) return sk_CONF_VALUE_new_null();
111 return ret;
112}
113
114static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
115 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
116{
117 STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL;
118 CONF_VALUE *cnf, ctmp;
119 ACCESS_DESCRIPTION *acc;
120 int i, objlen;
121 char *objtmp, *ptmp;
122 if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
123 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
124 return NULL;
125 }
126 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
127 cnf = sk_CONF_VALUE_value(nval, i);
128 if(!(acc = ACCESS_DESCRIPTION_new())
129 || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
130 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
131 goto err;
132 }
133 ptmp = strchr(cnf->name, ';');
134 if(!ptmp) {
135 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
136 goto err;
137 }
138 objlen = ptmp - cnf->name;
139 ctmp.name = ptmp + 1;
140 ctmp.value = cnf->value;
141 if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
142 goto err;
143 if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
144 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
145 goto err;
146 }
147 strncpy(objtmp, cnf->name, objlen);
148 objtmp[objlen] = 0;
149 acc->method = OBJ_txt2obj(objtmp, 0);
150 if(!acc->method) {
151 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
152 ERR_add_error_data(2, "value=", objtmp);
153 OPENSSL_free(objtmp);
154 goto err;
155 }
156 OPENSSL_free(objtmp);
157
158 }
159 return ainfo;
160 err:
161 sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
162 return NULL;
163}
164
165int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp)
166{
167 M_ASN1_I2D_vars(a);
168
169 M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT);
170 M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME);
171
172 M_ASN1_I2D_seq_total();
173
174 M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT);
175 M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME);
176
177 M_ASN1_I2D_finish();
178}
179
180ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void)
181{
182 ACCESS_DESCRIPTION *ret=NULL;
183 ASN1_CTX c;
184 M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION);
185 ret->method = OBJ_nid2obj(NID_undef);
186 ret->location = NULL;
187 return (ret);
188 M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW);
189}
190
191ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
192 long length)
193{
194 M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new);
195 M_ASN1_D2I_Init();
196 M_ASN1_D2I_start_sequence();
197 M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT);
198 M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME);
199 M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION);
200}
201
202void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
203{
204 if (a == NULL) return;
205 ASN1_OBJECT_free(a->method);
206 GENERAL_NAME_free(a->location);
207 OPENSSL_free (a);
208}
209
210STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
211{
212 return sk_ACCESS_DESCRIPTION_new_null();
213}
214
215void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)
216{
217 sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free);
218}
219
220STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
221 unsigned char **pp, long length)
222{
223return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION,
224 ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
225}
226
227int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp)
228{
229return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE,
230 V_ASN1_UNIVERSAL, IS_SEQUENCE);
231}
232
233IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION)
234IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION)
235
236
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
deleted file mode 100644
index 63c201e5f4..0000000000
--- a/src/lib/libcrypto/x509v3/v3_int.c
+++ /dev/null
@@ -1,72 +0,0 @@
1/* v3_int.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63X509V3_EXT_METHOD v3_crl_num = {
64NID_crl_number, 0,
65(X509V3_EXT_NEW)ASN1_INTEGER_new,
66(X509V3_EXT_FREE)ASN1_INTEGER_free,
67(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
68(X509V3_EXT_I2D)i2d_ASN1_INTEGER,
69(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
70(X509V3_EXT_S2I)0,
71NULL, NULL, NULL, NULL, NULL};
72
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
deleted file mode 100644
index ea86b9ebb9..0000000000
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ /dev/null
@@ -1,225 +0,0 @@
1/* v3_lib.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/x509v3.h>
64
65#include "ext_dat.h"
66
67static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
68
69static int ext_cmp(const X509V3_EXT_METHOD * const *a,
70 const X509V3_EXT_METHOD * const *b);
71static void ext_list_free(X509V3_EXT_METHOD *ext);
72
73int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
74{
75 if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
76 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
77 return 0;
78 }
79 if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
80 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
81 return 0;
82 }
83 return 1;
84}
85
86static int ext_cmp(const X509V3_EXT_METHOD * const *a,
87 const X509V3_EXT_METHOD * const *b)
88{
89 return ((*a)->ext_nid - (*b)->ext_nid);
90}
91
92X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
93{
94 X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
95 int idx;
96 if(nid < 0) return NULL;
97 tmp.ext_nid = nid;
98 ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
99 (char *)standard_exts, STANDARD_EXTENSION_COUNT,
100 sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
101 if(ret) return *ret;
102 if(!ext_list) return NULL;
103 idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
104 if(idx == -1) return NULL;
105 return sk_X509V3_EXT_METHOD_value(ext_list, idx);
106}
107
108X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
109{
110 int nid;
111 if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
112 return X509V3_EXT_get_nid(nid);
113}
114
115
116int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
117{
118 for(;extlist->ext_nid!=-1;extlist++)
119 if(!X509V3_EXT_add(extlist)) return 0;
120 return 1;
121}
122
123int X509V3_EXT_add_alias(int nid_to, int nid_from)
124{
125 X509V3_EXT_METHOD *ext, *tmpext;
126 if(!(ext = X509V3_EXT_get_nid(nid_from))) {
127 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
128 return 0;
129 }
130 if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
131 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
132 return 0;
133 }
134 *tmpext = *ext;
135 tmpext->ext_nid = nid_to;
136 tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
137 return X509V3_EXT_add(tmpext);
138}
139
140void X509V3_EXT_cleanup(void)
141{
142 sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
143 ext_list = NULL;
144}
145
146static void ext_list_free(X509V3_EXT_METHOD *ext)
147{
148 if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
149}
150
151/* Legacy function: we don't need to add standard extensions
152 * any more because they are now kept in ext_dat.h.
153 */
154
155int X509V3_add_standard_extensions(void)
156{
157 return 1;
158}
159
160/* Return an extension internal structure */
161
162void *X509V3_EXT_d2i(X509_EXTENSION *ext)
163{
164 X509V3_EXT_METHOD *method;
165 unsigned char *p;
166 if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL;
167 p = ext->value->data;
168 return method->d2i(NULL, &p, ext->value->length);
169}
170
171/* Get critical flag and decoded version of extension from a NID.
172 * The "idx" variable returns the last found extension and can
173 * be used to retrieve multiple extensions of the same NID.
174 * However multiple extensions with the same NID is usually
175 * due to a badly encoded certificate so if idx is NULL we
176 * choke if multiple extensions exist.
177 * The "crit" variable is set to the critical value.
178 * The return value is the decoded extension or NULL on
179 * error. The actual error can have several different causes,
180 * the value of *crit reflects the cause:
181 * >= 0, extension found but not decoded (reflects critical value).
182 * -1 extension not found.
183 * -2 extension occurs more than once.
184 */
185
186void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
187{
188 int lastpos, i;
189 X509_EXTENSION *ex, *found_ex = NULL;
190 if(!x) {
191 if(idx) *idx = -1;
192 if(crit) *crit = -1;
193 return NULL;
194 }
195 if(idx) lastpos = *idx + 1;
196 else lastpos = 0;
197 if(lastpos < 0) lastpos = 0;
198 for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
199 {
200 ex = sk_X509_EXTENSION_value(x, i);
201 if(OBJ_obj2nid(ex->object) == nid) {
202 if(idx) {
203 *idx = i;
204 break;
205 } else if(found_ex) {
206 /* Found more than one */
207 if(crit) *crit = -2;
208 return NULL;
209 }
210 found_ex = ex;
211 }
212 }
213 if(found_ex) {
214 /* Found it */
215 if(crit) *crit = found_ex->critical;
216 return X509V3_EXT_d2i(found_ex);
217 }
218
219 /* Extension not found */
220 if(idx) *idx = -1;
221 if(crit) *crit = -1;
222 return NULL;
223}
224
225IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
deleted file mode 100644
index 47f9e8f123..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pku.c
+++ /dev/null
@@ -1,151 +0,0 @@
1/* v3_pku.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/asn1_mac.h>
63#include <openssl/x509v3.h>
64
65static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
66/*
67static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
68*/
69X509V3_EXT_METHOD v3_pkey_usage_period = {
70NID_private_key_usage_period, 0,
71(X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new,
72(X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free,
73(X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD,
74(X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD,
75NULL, NULL, NULL, NULL,
76(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
77NULL
78};
79
80int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp)
81{
82 M_ASN1_I2D_vars(a);
83
84 M_ASN1_I2D_len_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME);
85 M_ASN1_I2D_len_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME);
86
87 M_ASN1_I2D_seq_total();
88
89 M_ASN1_I2D_put_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME, 0);
90 M_ASN1_I2D_put_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME, 1);
91
92 M_ASN1_I2D_finish();
93}
94
95PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void)
96{
97 PKEY_USAGE_PERIOD *ret=NULL;
98 ASN1_CTX c;
99 M_ASN1_New_Malloc(ret, PKEY_USAGE_PERIOD);
100 ret->notBefore = NULL;
101 ret->notAfter = NULL;
102 return (ret);
103 M_ASN1_New_Error(ASN1_F_PKEY_USAGE_PERIOD_NEW);
104}
105
106PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a,
107 unsigned char **pp, long length)
108{
109 M_ASN1_D2I_vars(a,PKEY_USAGE_PERIOD *,PKEY_USAGE_PERIOD_new);
110 M_ASN1_D2I_Init();
111 M_ASN1_D2I_start_sequence();
112 M_ASN1_D2I_get_IMP_opt (ret->notBefore, d2i_ASN1_GENERALIZEDTIME, 0,
113 V_ASN1_GENERALIZEDTIME);
114 M_ASN1_D2I_get_IMP_opt (ret->notAfter, d2i_ASN1_GENERALIZEDTIME, 1,
115 V_ASN1_GENERALIZEDTIME);
116 M_ASN1_D2I_Finish(a, PKEY_USAGE_PERIOD_free, ASN1_F_D2I_PKEY_USAGE_PERIOD);
117}
118
119void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a)
120{
121 if (a == NULL) return;
122 M_ASN1_GENERALIZEDTIME_free(a->notBefore);
123 M_ASN1_GENERALIZEDTIME_free(a->notAfter);
124 OPENSSL_free (a);
125}
126
127static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
128 PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
129{
130 BIO_printf(out, "%*s", indent, "");
131 if(usage->notBefore) {
132 BIO_write(out, "Not Before: ", 12);
133 ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
134 if(usage->notAfter) BIO_write(out, ", ", 2);
135 }
136 if(usage->notAfter) {
137 BIO_write(out, "Not After: ", 11);
138 ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
139 }
140 return 1;
141}
142
143/*
144static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
145X509V3_EXT_METHOD *method;
146X509V3_CTX *ctx;
147STACK_OF(CONF_VALUE) *values;
148{
149return NULL;
150}
151*/
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
deleted file mode 100644
index 14b804c4ad..0000000000
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ /dev/null
@@ -1,165 +0,0 @@
1/* v3_prn.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/x509v3.h>
64
65/* Extension printing routines */
66
67/* Print out a name+value stack */
68
69void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
70{
71 int i;
72 CONF_VALUE *nval;
73 if(!val) return;
74 if(!ml || !sk_CONF_VALUE_num(val)) {
75 BIO_printf(out, "%*s", indent, "");
76 if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
77 }
78 for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
79 if(ml) BIO_printf(out, "%*s", indent, "");
80 else if(i > 0) BIO_printf(out, ", ");
81 nval = sk_CONF_VALUE_value(val, i);
82 if(!nval->name) BIO_puts(out, nval->value);
83 else if(!nval->value) BIO_puts(out, nval->name);
84#ifndef CHARSET_EBCDIC
85 else BIO_printf(out, "%s:%s", nval->name, nval->value);
86#else
87 else {
88 int len;
89 char *tmp;
90 len = strlen(nval->value)+1;
91 tmp = OPENSSL_malloc(len);
92 if (tmp)
93 {
94 ascii2ebcdic(tmp, nval->value, len);
95 BIO_printf(out, "%s:%s", nval->name, tmp);
96 OPENSSL_free(tmp);
97 }
98 }
99#endif
100 if(ml) BIO_puts(out, "\n");
101 }
102}
103
104/* Main routine: print out a general extension */
105
106int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
107{
108 char *ext_str = NULL, *value = NULL;
109 unsigned char *p;
110 X509V3_EXT_METHOD *method;
111 STACK_OF(CONF_VALUE) *nval = NULL;
112 int ok = 1;
113 if(!(method = X509V3_EXT_get(ext))) return 0;
114 p = ext->value->data;
115 if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
116 if(method->i2s) {
117 if(!(value = method->i2s(method, ext_str))) {
118 ok = 0;
119 goto err;
120 }
121#ifndef CHARSET_EBCDIC
122 BIO_printf(out, "%*s%s", indent, "", value);
123#else
124 {
125 int len;
126 char *tmp;
127 len = strlen(value)+1;
128 tmp = OPENSSL_malloc(len);
129 if (tmp)
130 {
131 ascii2ebcdic(tmp, value, len);
132 BIO_printf(out, "%*s%s", indent, "", tmp);
133 OPENSSL_free(tmp);
134 }
135 }
136#endif
137 } else if(method->i2v) {
138 if(!(nval = method->i2v(method, ext_str, NULL))) {
139 ok = 0;
140 goto err;
141 }
142 X509V3_EXT_val_prn(out, nval, indent,
143 method->ext_flags & X509V3_EXT_MULTILINE);
144 } else if(method->i2r) {
145 if(!method->i2r(method, ext_str, out, indent)) ok = 0;
146 } else ok = 0;
147
148 err:
149 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
150 if(value) OPENSSL_free(value);
151 method->ext_free(ext_str);
152 return ok;
153}
154
155#ifndef NO_FP_API
156int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
157{
158 BIO *bio_tmp;
159 int ret;
160 if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
161 ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
162 BIO_free(bio_tmp);
163 return ret;
164}
165#endif
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
deleted file mode 100644
index 8aecd00e63..0000000000
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ /dev/null
@@ -1,535 +0,0 @@
1/* v3_purp.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62#include <openssl/x509_vfy.h>
63
64
65static void x509v3_cache_extensions(X509 *x);
66
67static int ca_check(const X509 *x);
68static int check_ssl_ca(const X509 *x);
69static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
70static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
71static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
72static int purpose_smime(const X509 *x, int ca);
73static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
74static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
75static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
76static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
77
78static int xp_cmp(const X509_PURPOSE * const *a,
79 const X509_PURPOSE * const *b);
80static void xptable_free(X509_PURPOSE *p);
81
82static X509_PURPOSE xstandard[] = {
83 {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
84 {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
85 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
86 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
87 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
88 {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
89 {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
90};
91
92#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
93
94IMPLEMENT_STACK_OF(X509_PURPOSE)
95
96static STACK_OF(X509_PURPOSE) *xptable = NULL;
97
98static int xp_cmp(const X509_PURPOSE * const *a,
99 const X509_PURPOSE * const *b)
100{
101 return (*a)->purpose - (*b)->purpose;
102}
103
104/* As much as I'd like to make X509_check_purpose use a "const" X509*
105 * I really can't because it does recalculate hashes and do other non-const
106 * things. */
107int X509_check_purpose(X509 *x, int id, int ca)
108{
109 int idx;
110 const X509_PURPOSE *pt;
111 if(!(x->ex_flags & EXFLAG_SET)) {
112 CRYPTO_w_lock(CRYPTO_LOCK_X509);
113 x509v3_cache_extensions(x);
114 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
115 }
116 if(id == -1) return 1;
117 idx = X509_PURPOSE_get_by_id(id);
118 if(idx == -1) return -1;
119 pt = X509_PURPOSE_get0(idx);
120 return pt->check_purpose(pt, x, ca);
121}
122
123int X509_PURPOSE_get_count(void)
124{
125 if(!xptable) return X509_PURPOSE_COUNT;
126 return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
127}
128
129X509_PURPOSE * X509_PURPOSE_get0(int idx)
130{
131 if(idx < 0) return NULL;
132 if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
133 return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
134}
135
136int X509_PURPOSE_get_by_sname(char *sname)
137{
138 int i;
139 X509_PURPOSE *xptmp;
140 for(i = 0; i < X509_PURPOSE_get_count(); i++) {
141 xptmp = X509_PURPOSE_get0(i);
142 if(!strcmp(xptmp->sname, sname)) return i;
143 }
144 return -1;
145}
146
147
148int X509_PURPOSE_get_by_id(int purpose)
149{
150 X509_PURPOSE tmp;
151 int idx;
152 if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
153 return purpose - X509_PURPOSE_MIN;
154 tmp.purpose = purpose;
155 if(!xptable) return -1;
156 idx = sk_X509_PURPOSE_find(xptable, &tmp);
157 if(idx == -1) return -1;
158 return idx + X509_PURPOSE_COUNT;
159}
160
161int X509_PURPOSE_add(int id, int trust, int flags,
162 int (*ck)(const X509_PURPOSE *, const X509 *, int),
163 char *name, char *sname, void *arg)
164{
165 int idx;
166 X509_PURPOSE *ptmp;
167 /* This is set according to what we change: application can't set it */
168 flags &= ~X509_PURPOSE_DYNAMIC;
169 /* This will always be set for application modified trust entries */
170 flags |= X509_PURPOSE_DYNAMIC_NAME;
171 /* Get existing entry if any */
172 idx = X509_PURPOSE_get_by_id(id);
173 /* Need a new entry */
174 if(idx == -1) {
175 if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
176 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
177 return 0;
178 }
179 ptmp->flags = X509_PURPOSE_DYNAMIC;
180 } else ptmp = X509_PURPOSE_get0(idx);
181
182 /* OPENSSL_free existing name if dynamic */
183 if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
184 OPENSSL_free(ptmp->name);
185 OPENSSL_free(ptmp->sname);
186 }
187 /* dup supplied name */
188 ptmp->name = BUF_strdup(name);
189 ptmp->sname = BUF_strdup(sname);
190 if(!ptmp->name || !ptmp->sname) {
191 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
192 return 0;
193 }
194 /* Keep the dynamic flag of existing entry */
195 ptmp->flags &= X509_PURPOSE_DYNAMIC;
196 /* Set all other flags */
197 ptmp->flags |= flags;
198
199 ptmp->purpose = id;
200 ptmp->trust = trust;
201 ptmp->check_purpose = ck;
202 ptmp->usr_data = arg;
203
204 /* If its a new entry manage the dynamic table */
205 if(idx == -1) {
206 if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
207 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
208 return 0;
209 }
210 if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
211 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
212 return 0;
213 }
214 }
215 return 1;
216}
217
218static void xptable_free(X509_PURPOSE *p)
219 {
220 if(!p) return;
221 if (p->flags & X509_PURPOSE_DYNAMIC)
222 {
223 if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
224 OPENSSL_free(p->name);
225 OPENSSL_free(p->sname);
226 }
227 OPENSSL_free(p);
228 }
229 }
230
231void X509_PURPOSE_cleanup(void)
232{
233 int i;
234 sk_X509_PURPOSE_pop_free(xptable, xptable_free);
235 for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
236 xptable = NULL;
237}
238
239int X509_PURPOSE_get_id(X509_PURPOSE *xp)
240{
241 return xp->purpose;
242}
243
244char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
245{
246 return xp->name;
247}
248
249char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
250{
251 return xp->sname;
252}
253
254int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
255{
256 return xp->trust;
257}
258
259static void x509v3_cache_extensions(X509 *x)
260{
261 BASIC_CONSTRAINTS *bs;
262 ASN1_BIT_STRING *usage;
263 ASN1_BIT_STRING *ns;
264 STACK_OF(ASN1_OBJECT) *extusage;
265
266 int i;
267 if(x->ex_flags & EXFLAG_SET) return;
268#ifndef NO_SHA
269 X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
270#endif
271 /* Does subject name match issuer ? */
272 if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
273 x->ex_flags |= EXFLAG_SS;
274 /* V1 should mean no extensions ... */
275 if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
276 /* Handle basic constraints */
277 if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
278 if(bs->ca) x->ex_flags |= EXFLAG_CA;
279 if(bs->pathlen) {
280 if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
281 || !bs->ca) {
282 x->ex_flags |= EXFLAG_INVALID;
283 x->ex_pathlen = 0;
284 } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
285 } else x->ex_pathlen = -1;
286 BASIC_CONSTRAINTS_free(bs);
287 x->ex_flags |= EXFLAG_BCONS;
288 }
289 /* Handle key usage */
290 if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
291 if(usage->length > 0) {
292 x->ex_kusage = usage->data[0];
293 if(usage->length > 1)
294 x->ex_kusage |= usage->data[1] << 8;
295 } else x->ex_kusage = 0;
296 x->ex_flags |= EXFLAG_KUSAGE;
297 ASN1_BIT_STRING_free(usage);
298 }
299 x->ex_xkusage = 0;
300 if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
301 x->ex_flags |= EXFLAG_XKUSAGE;
302 for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
303 switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
304 case NID_server_auth:
305 x->ex_xkusage |= XKU_SSL_SERVER;
306 break;
307
308 case NID_client_auth:
309 x->ex_xkusage |= XKU_SSL_CLIENT;
310 break;
311
312 case NID_email_protect:
313 x->ex_xkusage |= XKU_SMIME;
314 break;
315
316 case NID_code_sign:
317 x->ex_xkusage |= XKU_CODE_SIGN;
318 break;
319
320 case NID_ms_sgc:
321 case NID_ns_sgc:
322 x->ex_xkusage |= XKU_SGC;
323 }
324 }
325 sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
326 }
327
328 if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
329 if(ns->length > 0) x->ex_nscert = ns->data[0];
330 else x->ex_nscert = 0;
331 x->ex_flags |= EXFLAG_NSCERT;
332 ASN1_BIT_STRING_free(ns);
333 }
334 x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
335 x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
336 x->ex_flags |= EXFLAG_SET;
337}
338
339/* CA checks common to all purposes
340 * return codes:
341 * 0 not a CA
342 * 1 is a CA
343 * 2 basicConstraints absent so "maybe" a CA
344 * 3 basicConstraints absent but self signed V1.
345 */
346
347#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
348#define ku_reject(x, usage) \
349 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
350#define xku_reject(x, usage) \
351 (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
352#define ns_reject(x, usage) \
353 (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
354
355static int ca_check(const X509 *x)
356{
357 /* keyUsage if present should allow cert signing */
358 if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
359 if(x->ex_flags & EXFLAG_BCONS) {
360 if(x->ex_flags & EXFLAG_CA) return 1;
361 /* If basicConstraints says not a CA then say so */
362 else return 0;
363 } else {
364 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
365 /* If key usage present it must have certSign so tolerate it */
366 else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
367 else return 2;
368 }
369}
370
371/* Check SSL CA: common checks for SSL client and server */
372static int check_ssl_ca(const X509 *x)
373{
374 int ca_ret;
375 ca_ret = ca_check(x);
376 if(!ca_ret) return 0;
377 /* check nsCertType if present */
378 if(x->ex_flags & EXFLAG_NSCERT) {
379 if(x->ex_nscert & NS_SSL_CA) return ca_ret;
380 return 0;
381 }
382 if(ca_ret != 2) return ca_ret;
383 else return 0;
384}
385
386
387static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
388{
389 if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
390 if(ca) return check_ssl_ca(x);
391 /* We need to do digital signatures with it */
392 if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
393 /* nsCertType if present should allow SSL client use */
394 if(ns_reject(x, NS_SSL_CLIENT)) return 0;
395 return 1;
396}
397
398static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
399{
400 if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
401 if(ca) return check_ssl_ca(x);
402
403 if(ns_reject(x, NS_SSL_SERVER)) return 0;
404 /* Now as for keyUsage: we'll at least need to sign OR encipher */
405 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
406
407 return 1;
408
409}
410
411static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
412{
413 int ret;
414 ret = check_purpose_ssl_server(xp, x, ca);
415 if(!ret || ca) return ret;
416 /* We need to encipher or Netscape complains */
417 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
418 return ret;
419}
420
421/* common S/MIME checks */
422static int purpose_smime(const X509 *x, int ca)
423{
424 if(xku_reject(x,XKU_SMIME)) return 0;
425 if(ca) {
426 int ca_ret;
427 ca_ret = ca_check(x);
428 if(!ca_ret) return 0;
429 /* check nsCertType if present */
430 if(x->ex_flags & EXFLAG_NSCERT) {
431 if(x->ex_nscert & NS_SMIME_CA) return ca_ret;
432 return 0;
433 }
434 if(ca_ret != 2) return ca_ret;
435 else return 0;
436 }
437 if(x->ex_flags & EXFLAG_NSCERT) {
438 if(x->ex_nscert & NS_SMIME) return 1;
439 /* Workaround for some buggy certificates */
440 if(x->ex_nscert & NS_SSL_CLIENT) return 2;
441 return 0;
442 }
443 return 1;
444}
445
446static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
447{
448 int ret;
449 ret = purpose_smime(x, ca);
450 if(!ret || ca) return ret;
451 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
452 return ret;
453}
454
455static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
456{
457 int ret;
458 ret = purpose_smime(x, ca);
459 if(!ret || ca) return ret;
460 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
461 return ret;
462}
463
464static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
465{
466 if(ca) {
467 int ca_ret;
468 if((ca_ret = ca_check(x)) != 2) return ca_ret;
469 else return 0;
470 }
471 if(ku_reject(x, KU_CRL_SIGN)) return 0;
472 return 1;
473}
474
475static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
476{
477 return 1;
478}
479
480/* Various checks to see if one certificate issued the second.
481 * This can be used to prune a set of possible issuer certificates
482 * which have been looked up using some simple method such as by
483 * subject name.
484 * These are:
485 * 1. Check issuer_name(subject) == subject_name(issuer)
486 * 2. If akid(subject) exists check it matches issuer
487 * 3. If key_usage(issuer) exists check it supports certificate signing
488 * returns 0 for OK, positive for reason for mismatch, reasons match
489 * codes for X509_verify_cert()
490 */
491
492int X509_check_issued(X509 *issuer, X509 *subject)
493{
494 if(X509_NAME_cmp(X509_get_subject_name(issuer),
495 X509_get_issuer_name(subject)))
496 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
497 x509v3_cache_extensions(issuer);
498 x509v3_cache_extensions(subject);
499 if(subject->akid) {
500 /* Check key ids (if present) */
501 if(subject->akid->keyid && issuer->skid &&
502 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
503 return X509_V_ERR_AKID_SKID_MISMATCH;
504 /* Check serial number */
505 if(subject->akid->serial &&
506 ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
507 subject->akid->serial))
508 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
509 /* Check issuer name */
510 if(subject->akid->issuer) {
511 /* Ugh, for some peculiar reason AKID includes
512 * SEQUENCE OF GeneralName. So look for a DirName.
513 * There may be more than one but we only take any
514 * notice of the first.
515 */
516 STACK_OF(GENERAL_NAME) *gens;
517 GENERAL_NAME *gen;
518 X509_NAME *nm = NULL;
519 int i;
520 gens = subject->akid->issuer;
521 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
522 gen = sk_GENERAL_NAME_value(gens, i);
523 if(gen->type == GEN_DIRNAME) {
524 nm = gen->d.dirn;
525 break;
526 }
527 }
528 if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
529 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
530 }
531 }
532 if(ku_reject(issuer, KU_KEY_CERT_SIGN)) return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
533 return X509_V_OK;
534}
535
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
deleted file mode 100644
index 939845fa8f..0000000000
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ /dev/null
@@ -1,149 +0,0 @@
1/* v3_skey.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/x509v3.h>
63
64static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
65X509V3_EXT_METHOD v3_skey_id = {
66NID_subject_key_identifier, 0,
67(X509V3_EXT_NEW)ASN1_OCTET_STRING_new,
68(X509V3_EXT_FREE)ASN1_OCTET_STRING_free,
69(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
70(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
71(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
72(X509V3_EXT_S2I)s2i_skey_id,
73NULL, NULL, NULL, NULL, NULL};
74
75char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
76 ASN1_OCTET_STRING *oct)
77{
78 return hex_to_string(oct->data, oct->length);
79}
80
81ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
82 X509V3_CTX *ctx, char *str)
83{
84 ASN1_OCTET_STRING *oct;
85 long length;
86
87 if(!(oct = M_ASN1_OCTET_STRING_new())) {
88 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
89 return NULL;
90 }
91
92 if(!(oct->data = string_to_hex(str, &length))) {
93 M_ASN1_OCTET_STRING_free(oct);
94 return NULL;
95 }
96
97 oct->length = length;
98
99 return oct;
100
101}
102
103static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
104 X509V3_CTX *ctx, char *str)
105{
106 ASN1_OCTET_STRING *oct;
107 ASN1_BIT_STRING *pk;
108 unsigned char pkey_dig[EVP_MAX_MD_SIZE];
109 EVP_MD_CTX md;
110 unsigned int diglen;
111
112 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
113
114 if(!(oct = M_ASN1_OCTET_STRING_new())) {
115 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
116 return NULL;
117 }
118
119 if(ctx && (ctx->flags == CTX_TEST)) return oct;
120
121 if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
122 X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
123 goto err;
124 }
125
126 if(ctx->subject_req)
127 pk = ctx->subject_req->req_info->pubkey->public_key;
128 else pk = ctx->subject_cert->cert_info->key->public_key;
129
130 if(!pk) {
131 X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
132 goto err;
133 }
134
135 EVP_DigestInit(&md, EVP_sha1());
136 EVP_DigestUpdate(&md, pk->data, pk->length);
137 EVP_DigestFinal(&md, pkey_dig, &diglen);
138
139 if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
140 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
141 goto err;
142 }
143
144 return oct;
145
146 err:
147 M_ASN1_OCTET_STRING_free(oct);
148 return NULL;
149}
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
deleted file mode 100644
index bfecacd336..0000000000
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ /dev/null
@@ -1,340 +0,0 @@
1/* v3_sxnet.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/x509v3.h>
65
66/* Support for Thawte strong extranet extension */
67
68#define SXNET_TEST
69
70static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
71#ifdef SXNET_TEST
72static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *nval);
74#endif
75X509V3_EXT_METHOD v3_sxnet = {
76NID_sxnet, X509V3_EXT_MULTILINE,
77(X509V3_EXT_NEW)SXNET_new,
78(X509V3_EXT_FREE)SXNET_free,
79(X509V3_EXT_D2I)d2i_SXNET,
80(X509V3_EXT_I2D)i2d_SXNET,
81NULL, NULL,
82NULL,
83#ifdef SXNET_TEST
84(X509V3_EXT_V2I)sxnet_v2i,
85#else
86NULL,
87#endif
88(X509V3_EXT_I2R)sxnet_i2r,
89NULL,
90NULL
91};
92
93
94int i2d_SXNET(SXNET *a, unsigned char **pp)
95{
96 M_ASN1_I2D_vars(a);
97
98 M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
99 M_ASN1_I2D_len_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
100
101 M_ASN1_I2D_seq_total();
102
103 M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
104 M_ASN1_I2D_put_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
105
106 M_ASN1_I2D_finish();
107}
108
109SXNET *SXNET_new(void)
110{
111 SXNET *ret=NULL;
112 ASN1_CTX c;
113 M_ASN1_New_Malloc(ret, SXNET);
114 M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
115 M_ASN1_New(ret->ids,sk_SXNETID_new_null);
116 return (ret);
117 M_ASN1_New_Error(ASN1_F_SXNET_NEW);
118}
119
120SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length)
121{
122 M_ASN1_D2I_vars(a,SXNET *,SXNET_new);
123 M_ASN1_D2I_Init();
124 M_ASN1_D2I_start_sequence();
125 M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
126 M_ASN1_D2I_get_seq_type (SXNETID, ret->ids, d2i_SXNETID, SXNETID_free);
127 M_ASN1_D2I_Finish(a, SXNET_free, ASN1_F_D2I_SXNET);
128}
129
130void SXNET_free(SXNET *a)
131{
132 if (a == NULL) return;
133 M_ASN1_INTEGER_free(a->version);
134 sk_SXNETID_pop_free(a->ids, SXNETID_free);
135 OPENSSL_free (a);
136}
137
138int i2d_SXNETID(SXNETID *a, unsigned char **pp)
139{
140 M_ASN1_I2D_vars(a);
141
142 M_ASN1_I2D_len (a->zone, i2d_ASN1_INTEGER);
143 M_ASN1_I2D_len (a->user, i2d_ASN1_OCTET_STRING);
144
145 M_ASN1_I2D_seq_total();
146
147 M_ASN1_I2D_put (a->zone, i2d_ASN1_INTEGER);
148 M_ASN1_I2D_put (a->user, i2d_ASN1_OCTET_STRING);
149
150 M_ASN1_I2D_finish();
151}
152
153SXNETID *SXNETID_new(void)
154{
155 SXNETID *ret=NULL;
156 ASN1_CTX c;
157 M_ASN1_New_Malloc(ret, SXNETID);
158 ret->zone = NULL;
159 M_ASN1_New(ret->user,M_ASN1_OCTET_STRING_new);
160 return (ret);
161 M_ASN1_New_Error(ASN1_F_SXNETID_NEW);
162}
163
164SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length)
165{
166 M_ASN1_D2I_vars(a,SXNETID *,SXNETID_new);
167 M_ASN1_D2I_Init();
168 M_ASN1_D2I_start_sequence();
169 M_ASN1_D2I_get(ret->zone, d2i_ASN1_INTEGER);
170 M_ASN1_D2I_get(ret->user, d2i_ASN1_OCTET_STRING);
171 M_ASN1_D2I_Finish(a, SXNETID_free, ASN1_F_D2I_SXNETID);
172}
173
174void SXNETID_free(SXNETID *a)
175{
176 if (a == NULL) return;
177 M_ASN1_INTEGER_free(a->zone);
178 M_ASN1_OCTET_STRING_free(a->user);
179 OPENSSL_free (a);
180}
181
182static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
183 int indent)
184{
185 long v;
186 char *tmp;
187 SXNETID *id;
188 int i;
189 v = ASN1_INTEGER_get(sx->version);
190 BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v);
191 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
192 id = sk_SXNETID_value(sx->ids, i);
193 tmp = i2s_ASN1_INTEGER(NULL, id->zone);
194 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
195 OPENSSL_free(tmp);
196 M_ASN1_OCTET_STRING_print(out, id->user);
197 }
198 return 1;
199}
200
201#ifdef SXNET_TEST
202
203/* NBB: this is used for testing only. It should *not* be used for anything
204 * else because it will just take static IDs from the configuration file and
205 * they should really be separate values for each user.
206 */
207
208
209static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
210 STACK_OF(CONF_VALUE) *nval)
211{
212 CONF_VALUE *cnf;
213 SXNET *sx = NULL;
214 int i;
215 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
216 cnf = sk_CONF_VALUE_value(nval, i);
217 if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
218 return NULL;
219 }
220 return sx;
221}
222
223
224#endif
225
226/* Strong Extranet utility functions */
227
228/* Add an id given the zone as an ASCII number */
229
230int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
231 int userlen)
232{
233 ASN1_INTEGER *izone = NULL;
234 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
235 X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
236 return 0;
237 }
238 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
239}
240
241/* Add an id given the zone as an unsigned long */
242
243int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
244 int userlen)
245{
246 ASN1_INTEGER *izone = NULL;
247 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
248 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
249 M_ASN1_INTEGER_free(izone);
250 return 0;
251 }
252 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
253
254}
255
256/* Add an id given the zone as an ASN1_INTEGER.
257 * Note this version uses the passed integer and doesn't make a copy so don't
258 * free it up afterwards.
259 */
260
261int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
262 int userlen)
263{
264 SXNET *sx = NULL;
265 SXNETID *id = NULL;
266 if(!psx || !zone || !user) {
267 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
268 return 0;
269 }
270 if(userlen == -1) userlen = strlen(user);
271 if(userlen > 64) {
272 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
273 return 0;
274 }
275 if(!*psx) {
276 if(!(sx = SXNET_new())) goto err;
277 if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
278 *psx = sx;
279 } else sx = *psx;
280 if(SXNET_get_id_INTEGER(sx, zone)) {
281 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
282 return 0;
283 }
284
285 if(!(id = SXNETID_new())) goto err;
286 if(userlen == -1) userlen = strlen(user);
287
288 if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
289 if(!sk_SXNETID_push(sx->ids, id)) goto err;
290 id->zone = zone;
291 return 1;
292
293 err:
294 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
295 SXNETID_free(id);
296 SXNET_free(sx);
297 *psx = NULL;
298 return 0;
299}
300
301ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
302{
303 ASN1_INTEGER *izone = NULL;
304 ASN1_OCTET_STRING *oct;
305 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
306 X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
307 return NULL;
308 }
309 oct = SXNET_get_id_INTEGER(sx, izone);
310 M_ASN1_INTEGER_free(izone);
311 return oct;
312}
313
314ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
315{
316 ASN1_INTEGER *izone = NULL;
317 ASN1_OCTET_STRING *oct;
318 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
319 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
320 M_ASN1_INTEGER_free(izone);
321 return NULL;
322 }
323 oct = SXNET_get_id_INTEGER(sx, izone);
324 M_ASN1_INTEGER_free(izone);
325 return oct;
326}
327
328ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
329{
330 SXNETID *id;
331 int i;
332 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
333 id = sk_SXNETID_value(sx->ids, i);
334 if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
335 }
336 return NULL;
337}
338
339IMPLEMENT_STACK_OF(SXNETID)
340IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
deleted file mode 100644
index 619f161b58..0000000000
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ /dev/null
@@ -1,516 +0,0 @@
1/* v3_utl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60
61#include <stdio.h>
62#include <ctype.h>
63#include "cryptlib.h"
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static char *strip_spaces(char *name);
68static int sk_strcmp(const char * const *a, const char * const *b);
69static STACK *get_email(X509_NAME *name, STACK_OF(GENERAL_NAME) *gens);
70static void str_free(void *str);
71static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
72
73/* Add a CONF_VALUE name value pair to stack */
74
75int X509V3_add_value(const char *name, const char *value,
76 STACK_OF(CONF_VALUE) **extlist)
77{
78 CONF_VALUE *vtmp = NULL;
79 char *tname = NULL, *tvalue = NULL;
80 if(name && !(tname = BUF_strdup(name))) goto err;
81 if(value && !(tvalue = BUF_strdup(value))) goto err;;
82 if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
83 if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
84 vtmp->section = NULL;
85 vtmp->name = tname;
86 vtmp->value = tvalue;
87 if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
88 return 1;
89 err:
90 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
91 if(vtmp) OPENSSL_free(vtmp);
92 if(tname) OPENSSL_free(tname);
93 if(tvalue) OPENSSL_free(tvalue);
94 return 0;
95}
96
97int X509V3_add_value_uchar(const char *name, const unsigned char *value,
98 STACK_OF(CONF_VALUE) **extlist)
99 {
100 return X509V3_add_value(name,(const char *)value,extlist);
101 }
102
103/* Free function for STACK_OF(CONF_VALUE) */
104
105void X509V3_conf_free(CONF_VALUE *conf)
106{
107 if(!conf) return;
108 if(conf->name) OPENSSL_free(conf->name);
109 if(conf->value) OPENSSL_free(conf->value);
110 if(conf->section) OPENSSL_free(conf->section);
111 OPENSSL_free(conf);
112}
113
114int X509V3_add_value_bool(const char *name, int asn1_bool,
115 STACK_OF(CONF_VALUE) **extlist)
116{
117 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
118 return X509V3_add_value(name, "FALSE", extlist);
119}
120
121int X509V3_add_value_bool_nf(char *name, int asn1_bool,
122 STACK_OF(CONF_VALUE) **extlist)
123{
124 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
125 return 1;
126}
127
128
129char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
130{
131 BIGNUM *bntmp = NULL;
132 char *strtmp = NULL;
133 if(!a) return NULL;
134 if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
135 !(strtmp = BN_bn2dec(bntmp)) )
136 X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
137 BN_free(bntmp);
138 return strtmp;
139}
140
141char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
142{
143 BIGNUM *bntmp = NULL;
144 char *strtmp = NULL;
145 if(!a) return NULL;
146 if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
147 !(strtmp = BN_bn2dec(bntmp)) )
148 X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
149 BN_free(bntmp);
150 return strtmp;
151}
152
153ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
154{
155 BIGNUM *bn = NULL;
156 ASN1_INTEGER *aint;
157 bn = BN_new();
158 if(!value) {
159 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
160 return 0;
161 }
162 if(!BN_dec2bn(&bn, value)) {
163 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
164 return 0;
165 }
166
167 if(!(aint = BN_to_ASN1_INTEGER(bn, NULL))) {
168 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
169 return 0;
170 }
171 BN_free(bn);
172 return aint;
173}
174
175int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
176 STACK_OF(CONF_VALUE) **extlist)
177{
178 char *strtmp;
179 int ret;
180 if(!aint) return 1;
181 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
182 ret = X509V3_add_value(name, strtmp, extlist);
183 OPENSSL_free(strtmp);
184 return ret;
185}
186
187int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
188{
189 char *btmp;
190 if(!(btmp = value->value)) goto err;
191 if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
192 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
193 || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
194 *asn1_bool = 0xff;
195 return 1;
196 } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
197 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
198 || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
199 *asn1_bool = 0;
200 return 1;
201 }
202 err:
203 X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
204 X509V3_conf_err(value);
205 return 0;
206}
207
208int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
209{
210 ASN1_INTEGER *itmp;
211 if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
212 X509V3_conf_err(value);
213 return 0;
214 }
215 *aint = itmp;
216 return 1;
217}
218
219#define HDR_NAME 1
220#define HDR_VALUE 2
221
222/*#define DEBUG*/
223
224STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
225{
226 char *p, *q, c;
227 char *ntmp, *vtmp;
228 STACK_OF(CONF_VALUE) *values = NULL;
229 char *linebuf;
230 int state;
231 /* We are going to modify the line so copy it first */
232 linebuf = BUF_strdup(line);
233 state = HDR_NAME;
234 ntmp = NULL;
235 /* Go through all characters */
236 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
237
238 switch(state) {
239 case HDR_NAME:
240 if(c == ':') {
241 state = HDR_VALUE;
242 *p = 0;
243 ntmp = strip_spaces(q);
244 if(!ntmp) {
245 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
246 goto err;
247 }
248 q = p + 1;
249 } else if(c == ',') {
250 *p = 0;
251 ntmp = strip_spaces(q);
252 q = p + 1;
253#ifdef DEBUG
254 printf("%s\n", ntmp);
255#endif
256 if(!ntmp) {
257 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
258 goto err;
259 }
260 X509V3_add_value(ntmp, NULL, &values);
261 }
262 break ;
263
264 case HDR_VALUE:
265 if(c == ',') {
266 state = HDR_NAME;
267 *p = 0;
268 vtmp = strip_spaces(q);
269#ifdef DEBUG
270 printf("%s\n", ntmp);
271#endif
272 if(!vtmp) {
273 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
274 goto err;
275 }
276 X509V3_add_value(ntmp, vtmp, &values);
277 ntmp = NULL;
278 q = p + 1;
279 }
280
281 }
282 }
283
284 if(state == HDR_VALUE) {
285 vtmp = strip_spaces(q);
286#ifdef DEBUG
287 printf("%s=%s\n", ntmp, vtmp);
288#endif
289 if(!vtmp) {
290 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
291 goto err;
292 }
293 X509V3_add_value(ntmp, vtmp, &values);
294 } else {
295 ntmp = strip_spaces(q);
296#ifdef DEBUG
297 printf("%s\n", ntmp);
298#endif
299 if(!ntmp) {
300 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
301 goto err;
302 }
303 X509V3_add_value(ntmp, NULL, &values);
304 }
305OPENSSL_free(linebuf);
306return values;
307
308err:
309OPENSSL_free(linebuf);
310sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
311return NULL;
312
313}
314
315/* Delete leading and trailing spaces from a string */
316static char *strip_spaces(char *name)
317{
318 char *p, *q;
319 /* Skip over leading spaces */
320 p = name;
321 while(*p && isspace((unsigned char)*p)) p++;
322 if(!*p) return NULL;
323 q = p + strlen(p) - 1;
324 while((q != p) && isspace((unsigned char)*q)) q--;
325 if(p != q) q[1] = 0;
326 if(!*p) return NULL;
327 return p;
328}
329
330/* hex string utilities */
331
332/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
333 * hex representation
334 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
335 */
336
337char *hex_to_string(unsigned char *buffer, long len)
338{
339 char *tmp, *q;
340 unsigned char *p;
341 int i;
342 static char hexdig[] = "0123456789ABCDEF";
343 if(!buffer || !len) return NULL;
344 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
345 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
346 return NULL;
347 }
348 q = tmp;
349 for(i = 0, p = buffer; i < len; i++,p++) {
350 *q++ = hexdig[(*p >> 4) & 0xf];
351 *q++ = hexdig[*p & 0xf];
352 *q++ = ':';
353 }
354 q[-1] = 0;
355#ifdef CHARSET_EBCDIC
356 ebcdic2ascii(tmp, tmp, q - tmp - 1);
357#endif
358
359 return tmp;
360}
361
362/* Give a string of hex digits convert to
363 * a buffer
364 */
365
366unsigned char *string_to_hex(char *str, long *len)
367{
368 unsigned char *hexbuf, *q;
369 unsigned char ch, cl, *p;
370 if(!str) {
371 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
372 return NULL;
373 }
374 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
375 for(p = (unsigned char *)str, q = hexbuf; *p;) {
376 ch = *p++;
377#ifdef CHARSET_EBCDIC
378 ch = os_toebcdic[ch];
379#endif
380 if(ch == ':') continue;
381 cl = *p++;
382#ifdef CHARSET_EBCDIC
383 cl = os_toebcdic[cl];
384#endif
385 if(!cl) {
386 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
387 OPENSSL_free(hexbuf);
388 return NULL;
389 }
390 if(isupper(ch)) ch = tolower(ch);
391 if(isupper(cl)) cl = tolower(cl);
392
393 if((ch >= '0') && (ch <= '9')) ch -= '0';
394 else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
395 else goto badhex;
396
397 if((cl >= '0') && (cl <= '9')) cl -= '0';
398 else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
399 else goto badhex;
400
401 *q++ = (ch << 4) | cl;
402 }
403
404 if(len) *len = q - hexbuf;
405
406 return hexbuf;
407
408 err:
409 if(hexbuf) OPENSSL_free(hexbuf);
410 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
411 return NULL;
412
413 badhex:
414 OPENSSL_free(hexbuf);
415 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
416 return NULL;
417
418}
419
420/* V2I name comparison function: returns zero if 'name' matches
421 * cmp or cmp.*
422 */
423
424int name_cmp(const char *name, const char *cmp)
425{
426 int len, ret;
427 char c;
428 len = strlen(cmp);
429 if((ret = strncmp(name, cmp, len))) return ret;
430 c = name[len];
431 if(!c || (c=='.')) return 0;
432 return 1;
433}
434
435static int sk_strcmp(const char * const *a, const char * const *b)
436{
437 return strcmp(*a, *b);
438}
439
440STACK *X509_get1_email(X509 *x)
441{
442 STACK_OF(GENERAL_NAME) *gens;
443 STACK *ret;
444 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
445 ret = get_email(X509_get_subject_name(x), gens);
446 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
447 return ret;
448}
449
450STACK *X509_REQ_get1_email(X509_REQ *x)
451{
452 STACK_OF(GENERAL_NAME) *gens;
453 STACK_OF(X509_EXTENSION) *exts;
454 STACK *ret;
455 exts = X509_REQ_get_extensions(x);
456 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
457 ret = get_email(X509_REQ_get_subject_name(x), gens);
458 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
459 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
460 return ret;
461}
462
463
464static STACK *get_email(X509_NAME *name, STACK_OF(GENERAL_NAME) *gens)
465{
466 STACK *ret = NULL;
467 X509_NAME_ENTRY *ne;
468 ASN1_IA5STRING *email;
469 GENERAL_NAME *gen;
470 int i;
471 /* Now add any email address(es) to STACK */
472 i = -1;
473 /* First supplied X509_NAME */
474 while((i = X509_NAME_get_index_by_NID(name,
475 NID_pkcs9_emailAddress, i)) > 0) {
476 ne = X509_NAME_get_entry(name, i);
477 email = X509_NAME_ENTRY_get_data(ne);
478 if(!append_ia5(&ret, email)) return NULL;
479 }
480 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
481 {
482 gen = sk_GENERAL_NAME_value(gens, i);
483 if(gen->type != GEN_EMAIL) continue;
484 if(!append_ia5(&ret, gen->d.ia5)) return NULL;
485 }
486 return ret;
487}
488
489static void str_free(void *str)
490{
491 OPENSSL_free(str);
492}
493
494static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
495{
496 char *emtmp;
497 /* First some sanity checks */
498 if(email->type != V_ASN1_IA5STRING) return 1;
499 if(!email->data || !email->length) return 1;
500 if(!*sk) *sk = sk_new(sk_strcmp);
501 if(!*sk) return 0;
502 /* Don't add duplicates */
503 if(sk_find(*sk, (char *)email->data) != -1) return 1;
504 emtmp = BUF_strdup((char *)email->data);
505 if(!emtmp || !sk_push(*sk, emtmp)) {
506 X509_email_free(*sk);
507 *sk = NULL;
508 return 0;
509 }
510 return 1;
511}
512
513void X509_email_free(STACK *sk)
514{
515 sk_pop_free(sk, str_free);
516}
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
deleted file mode 100644
index aa4a605dc4..0000000000
--- a/src/lib/libcrypto/x509v3/v3err.c
+++ /dev/null
@@ -1,176 +0,0 @@
1/* crypto/x509v3/v3err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/x509v3.h>
64
65/* BEGIN ERROR CODES */
66#ifndef NO_ERR
67static ERR_STRING_DATA X509V3_str_functs[]=
68 {
69{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"},
70{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"},
71{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"},
72{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"},
73{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
74{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
75{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
76{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"},
77{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"},
78{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"},
79{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"},
80{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"},
81{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"},
82{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"},
83{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
84{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"},
85{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0), "S2I_S2I_SKEY_ID"},
86{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0), "string_to_hex"},
87{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0), "SXNET_ADD_ASC"},
88{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0), "SXNET_add_id_INTEGER"},
89{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"},
90{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"},
91{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"},
92{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"},
93{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"},
94{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"},
95{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
96{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"},
97{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"},
98{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"},
99{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"},
100{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"},
101{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"},
102{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
103{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
104{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"},
105{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"},
106{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
107{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
108{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"},
109{0,NULL}
110 };
111
112static ERR_STRING_DATA X509V3_str_reasons[]=
113 {
114{X509V3_R_BAD_IP_ADDRESS ,"bad ip address"},
115{X509V3_R_BAD_OBJECT ,"bad object"},
116{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"},
117{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"},
118{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"},
119{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"},
120{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"},
121{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"},
122{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"},
123{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"},
124{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
125{X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"},
126{X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"},
127{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"},
128{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"},
129{X509V3_R_INVALID_NAME ,"invalid name"},
130{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
131{X509V3_R_INVALID_NULL_NAME ,"invalid null name"},
132{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"},
133{X509V3_R_INVALID_NUMBER ,"invalid number"},
134{X509V3_R_INVALID_NUMBERS ,"invalid numbers"},
135{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"},
136{X509V3_R_INVALID_OPTION ,"invalid option"},
137{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"},
138{X509V3_R_INVALID_SECTION ,"invalid section"},
139{X509V3_R_INVALID_SYNTAX ,"invalid syntax"},
140{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"},
141{X509V3_R_MISSING_VALUE ,"missing value"},
142{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"},
143{X509V3_R_NO_CONFIG_DATABASE ,"no config database"},
144{X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"},
145{X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"},
146{X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"},
147{X509V3_R_NO_PUBLIC_KEY ,"no public key"},
148{X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"},
149{X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"},
150{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"},
151{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"},
152{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"},
153{X509V3_R_UNKNOWN_EXTENSION ,"unknown extension"},
154{X509V3_R_UNKNOWN_EXTENSION_NAME ,"unknown extension name"},
155{X509V3_R_UNKNOWN_OPTION ,"unknown option"},
156{X509V3_R_UNSUPPORTED_OPTION ,"unsupported option"},
157{X509V3_R_USER_TOO_LONG ,"user too long"},
158{0,NULL}
159 };
160
161#endif
162
163void ERR_load_X509V3_strings(void)
164 {
165 static int init=1;
166
167 if (init)
168 {
169 init=0;
170#ifndef NO_ERR
171 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
172 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
173#endif
174
175 }
176 }
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
deleted file mode 100644
index 0453b12d63..0000000000
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ /dev/null
@@ -1,653 +0,0 @@
1/* x509v3.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58#ifndef HEADER_X509V3_H
59#define HEADER_X509V3_H
60
61#include <openssl/bio.h>
62#include <openssl/x509.h>
63#include <openssl/conf.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69/* Forward reference */
70struct v3_ext_method;
71struct v3_ext_ctx;
72
73/* Useful typedefs */
74
75typedef void * (*X509V3_EXT_NEW)(void);
76typedef void (*X509V3_EXT_FREE)(void *);
77typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
78typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
79typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
80typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
81typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
82typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
83typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
84typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
85
86/* V3 extension structure */
87
88struct v3_ext_method {
89int ext_nid;
90int ext_flags;
91X509V3_EXT_NEW ext_new;
92X509V3_EXT_FREE ext_free;
93X509V3_EXT_D2I d2i;
94X509V3_EXT_I2D i2d;
95
96/* The following pair is used for string extensions */
97X509V3_EXT_I2S i2s;
98X509V3_EXT_S2I s2i;
99
100/* The following pair is used for multi-valued extensions */
101X509V3_EXT_I2V i2v;
102X509V3_EXT_V2I v2i;
103
104/* The following are used for raw extensions */
105X509V3_EXT_I2R i2r;
106X509V3_EXT_R2I r2i;
107
108void *usr_data; /* Any extension specific data */
109};
110
111typedef struct X509V3_CONF_METHOD_st {
112char * (*get_string)(void *db, char *section, char *value);
113STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
114void (*free_string)(void *db, char * string);
115void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
116} X509V3_CONF_METHOD;
117
118/* Context specific info */
119struct v3_ext_ctx {
120#define CTX_TEST 0x1
121int flags;
122X509 *issuer_cert;
123X509 *subject_cert;
124X509_REQ *subject_req;
125X509_CRL *crl;
126X509V3_CONF_METHOD *db_meth;
127void *db;
128/* Maybe more here */
129};
130
131typedef struct v3_ext_method X509V3_EXT_METHOD;
132typedef struct v3_ext_ctx X509V3_CTX;
133
134DECLARE_STACK_OF(X509V3_EXT_METHOD)
135
136/* ext_flags values */
137#define X509V3_EXT_DYNAMIC 0x1
138#define X509V3_EXT_CTX_DEP 0x2
139#define X509V3_EXT_MULTILINE 0x4
140
141typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
142
143typedef struct BASIC_CONSTRAINTS_st {
144int ca;
145ASN1_INTEGER *pathlen;
146} BASIC_CONSTRAINTS;
147
148
149typedef struct PKEY_USAGE_PERIOD_st {
150ASN1_GENERALIZEDTIME *notBefore;
151ASN1_GENERALIZEDTIME *notAfter;
152} PKEY_USAGE_PERIOD;
153
154typedef struct otherName_st {
155ASN1_OBJECT *type_id;
156ASN1_TYPE *value;
157} OTHERNAME;
158
159typedef struct GENERAL_NAME_st {
160
161#define GEN_OTHERNAME (0|V_ASN1_CONTEXT_SPECIFIC)
162#define GEN_EMAIL (1|V_ASN1_CONTEXT_SPECIFIC)
163#define GEN_DNS (2|V_ASN1_CONTEXT_SPECIFIC)
164#define GEN_X400 (3|V_ASN1_CONTEXT_SPECIFIC)
165#define GEN_DIRNAME (4|V_ASN1_CONTEXT_SPECIFIC)
166#define GEN_EDIPARTY (5|V_ASN1_CONTEXT_SPECIFIC)
167#define GEN_URI (6|V_ASN1_CONTEXT_SPECIFIC)
168#define GEN_IPADD (7|V_ASN1_CONTEXT_SPECIFIC)
169#define GEN_RID (8|V_ASN1_CONTEXT_SPECIFIC)
170
171int type;
172union {
173 char *ptr;
174 ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
175 ASN1_OCTET_STRING *ip; /* iPAddress */
176 X509_NAME *dirn; /* dirn */
177 ASN1_OBJECT *rid; /* registeredID */
178 OTHERNAME *otherName; /* otherName */
179 ASN1_TYPE *other; /* ediPartyName, x400Address */
180} d;
181} GENERAL_NAME;
182
183typedef struct ACCESS_DESCRIPTION_st {
184 ASN1_OBJECT *method;
185 GENERAL_NAME *location;
186} ACCESS_DESCRIPTION;
187
188DECLARE_STACK_OF(GENERAL_NAME)
189DECLARE_ASN1_SET_OF(GENERAL_NAME)
190
191DECLARE_STACK_OF(ACCESS_DESCRIPTION)
192DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
193
194typedef struct DIST_POINT_NAME_st {
195/* NB: this is a CHOICE type and only one of these should be set */
196STACK_OF(GENERAL_NAME) *fullname;
197STACK_OF(X509_NAME_ENTRY) *relativename;
198} DIST_POINT_NAME;
199
200typedef struct DIST_POINT_st {
201DIST_POINT_NAME *distpoint;
202ASN1_BIT_STRING *reasons;
203STACK_OF(GENERAL_NAME) *CRLissuer;
204} DIST_POINT;
205
206DECLARE_STACK_OF(DIST_POINT)
207DECLARE_ASN1_SET_OF(DIST_POINT)
208
209typedef struct AUTHORITY_KEYID_st {
210ASN1_OCTET_STRING *keyid;
211STACK_OF(GENERAL_NAME) *issuer;
212ASN1_INTEGER *serial;
213} AUTHORITY_KEYID;
214
215/* Strong extranet structures */
216
217typedef struct SXNET_ID_st {
218 ASN1_INTEGER *zone;
219 ASN1_OCTET_STRING *user;
220} SXNETID;
221
222DECLARE_STACK_OF(SXNETID)
223DECLARE_ASN1_SET_OF(SXNETID)
224
225typedef struct SXNET_st {
226 ASN1_INTEGER *version;
227 STACK_OF(SXNETID) *ids;
228} SXNET;
229
230typedef struct NOTICEREF_st {
231 ASN1_STRING *organization;
232 STACK_OF(ASN1_INTEGER) *noticenos;
233} NOTICEREF;
234
235typedef struct USERNOTICE_st {
236 NOTICEREF *noticeref;
237 ASN1_STRING *exptext;
238} USERNOTICE;
239
240typedef struct POLICYQUALINFO_st {
241 ASN1_OBJECT *pqualid;
242 union {
243 ASN1_IA5STRING *cpsuri;
244 USERNOTICE *usernotice;
245 ASN1_TYPE *other;
246 } d;
247} POLICYQUALINFO;
248
249DECLARE_STACK_OF(POLICYQUALINFO)
250DECLARE_ASN1_SET_OF(POLICYQUALINFO)
251
252typedef struct POLICYINFO_st {
253 ASN1_OBJECT *policyid;
254 STACK_OF(POLICYQUALINFO) *qualifiers;
255} POLICYINFO;
256
257DECLARE_STACK_OF(POLICYINFO)
258DECLARE_ASN1_SET_OF(POLICYINFO)
259
260#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
261",name:", val->name, ",value:", val->value);
262
263#define X509V3_set_ctx_test(ctx) \
264 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
265#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
266
267#define EXT_BITSTRING(nid, table) { nid, 0, \
268 (X509V3_EXT_NEW)ASN1_BIT_STRING_new, \
269 (X509V3_EXT_FREE)ASN1_BIT_STRING_free, \
270 (X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
271 (X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \
272 NULL, NULL, \
273 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
274 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
275 NULL, NULL, \
276 (char *)table}
277
278#define EXT_IA5STRING(nid) { nid, 0, \
279 (X509V3_EXT_NEW)ASN1_IA5STRING_new, \
280 (X509V3_EXT_FREE)ASN1_IA5STRING_free, \
281 (X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
282 (X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \
283 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
284 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
285 NULL, NULL, NULL, NULL, \
286 NULL}
287
288#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \
289 NULL, NULL, NULL, NULL, \
290 NULL}
291
292
293/* X509_PURPOSE stuff */
294
295#define EXFLAG_BCONS 0x1
296#define EXFLAG_KUSAGE 0x2
297#define EXFLAG_XKUSAGE 0x4
298#define EXFLAG_NSCERT 0x8
299
300#define EXFLAG_CA 0x10
301#define EXFLAG_SS 0x20
302#define EXFLAG_V1 0x40
303#define EXFLAG_INVALID 0x80
304#define EXFLAG_SET 0x100
305
306#define KU_DIGITAL_SIGNATURE 0x0080
307#define KU_NON_REPUDIATION 0x0040
308#define KU_KEY_ENCIPHERMENT 0x0020
309#define KU_DATA_ENCIPHERMENT 0x0010
310#define KU_KEY_AGREEMENT 0x0008
311#define KU_KEY_CERT_SIGN 0x0004
312#define KU_CRL_SIGN 0x0002
313#define KU_ENCIPHER_ONLY 0x0001
314#define KU_DECIPHER_ONLY 0x8000
315
316#define NS_SSL_CLIENT 0x80
317#define NS_SSL_SERVER 0x40
318#define NS_SMIME 0x20
319#define NS_OBJSIGN 0x10
320#define NS_SSL_CA 0x04
321#define NS_SMIME_CA 0x02
322#define NS_OBJSIGN_CA 0x01
323
324#define XKU_SSL_SERVER 0x1
325#define XKU_SSL_CLIENT 0x2
326#define XKU_SMIME 0x4
327#define XKU_CODE_SIGN 0x8
328#define XKU_SGC 0x10
329
330#define X509_PURPOSE_DYNAMIC 0x1
331#define X509_PURPOSE_DYNAMIC_NAME 0x2
332
333typedef struct x509_purpose_st {
334 int purpose;
335 int trust; /* Default trust ID */
336 int flags;
337 int (*check_purpose)(const struct x509_purpose_st *,
338 const X509 *, int);
339 char *name;
340 char *sname;
341 void *usr_data;
342} X509_PURPOSE;
343
344#define X509_PURPOSE_SSL_CLIENT 1
345#define X509_PURPOSE_SSL_SERVER 2
346#define X509_PURPOSE_NS_SSL_SERVER 3
347#define X509_PURPOSE_SMIME_SIGN 4
348#define X509_PURPOSE_SMIME_ENCRYPT 5
349#define X509_PURPOSE_CRL_SIGN 6
350#define X509_PURPOSE_ANY 7
351
352#define X509_PURPOSE_MIN 1
353#define X509_PURPOSE_MAX 7
354
355DECLARE_STACK_OF(X509_PURPOSE)
356
357void ERR_load_X509V3_strings(void);
358int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
359BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
360BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
361void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
362
363int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp);
364GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, long length);
365GENERAL_NAME *GENERAL_NAME_new(void);
366void GENERAL_NAME_free(GENERAL_NAME *a);
367STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
368
369int i2d_SXNET(SXNET *a, unsigned char **pp);
370SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length);
371SXNET *SXNET_new(void);
372void SXNET_free(SXNET *a);
373
374int i2d_SXNETID(SXNETID *a, unsigned char **pp);
375SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length);
376SXNETID *SXNETID_new(void);
377void SXNETID_free(SXNETID *a);
378
379int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
380int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);
381int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);
382
383ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
384ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
385ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
386
387int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp);
388AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, long length);
389AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
390void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a);
391
392int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp);
393PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, unsigned char **pp, long length);
394PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void);
395void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a);
396
397STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new(void);
398void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a);
399STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a, unsigned char **pp, long length);
400int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp);
401STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
402 STACK_OF(GENERAL_NAME) *gen, STACK_OF(CONF_VALUE) *extlist);
403STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
404 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
405
406int i2d_OTHERNAME(OTHERNAME *a, unsigned char **pp);
407OTHERNAME *OTHERNAME_new(void);
408OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, unsigned char **pp, long length);
409void OTHERNAME_free(OTHERNAME *a);
410
411char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
412ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
413
414int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp);
415STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
416 unsigned char **pp, long length);
417void ext_ku_free(STACK_OF(ASN1_OBJECT) *a);
418STACK_OF(ASN1_OBJECT) *ext_ku_new(void);
419
420int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp);
421STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void);
422void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a);
423STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, unsigned char **pp, long length);
424
425int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp);
426POLICYINFO *POLICYINFO_new(void);
427POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp, long length);
428void POLICYINFO_free(POLICYINFO *a);
429
430int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp);
431POLICYQUALINFO *POLICYQUALINFO_new(void);
432POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
433 long length);
434void POLICYQUALINFO_free(POLICYQUALINFO *a);
435
436int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp);
437USERNOTICE *USERNOTICE_new(void);
438USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp, long length);
439void USERNOTICE_free(USERNOTICE *a);
440
441int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp);
442NOTICEREF *NOTICEREF_new(void);
443NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp, long length);
444void NOTICEREF_free(NOTICEREF *a);
445
446int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp);
447STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void);
448void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a);
449STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
450 unsigned char **pp,long length);
451
452int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp);
453DIST_POINT *DIST_POINT_new(void);
454DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length);
455void DIST_POINT_free(DIST_POINT *a);
456
457int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp);
458DIST_POINT_NAME *DIST_POINT_NAME_new(void);
459void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
460DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
461 long length);
462
463int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp);
464ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
465void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
466ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
467 long length);
468
469STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void);
470void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a);
471STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
472 unsigned char **pp, long length);
473int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp);
474
475
476
477#ifdef HEADER_CONF_H
478GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
479void X509V3_conf_free(CONF_VALUE *val);
480X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
481X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
482int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
483int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
484int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
485int X509V3_add_value_bool_nf(char *name, int asn1_bool,
486 STACK_OF(CONF_VALUE) **extlist);
487int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
488int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
489void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
490#endif
491
492char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
493STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
494void X509V3_string_free(X509V3_CTX *ctx, char *str);
495void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
496void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
497 X509_REQ *req, X509_CRL *crl, int flags);
498
499int X509V3_add_value(const char *name, const char *value,
500 STACK_OF(CONF_VALUE) **extlist);
501int X509V3_add_value_uchar(const char *name, const unsigned char *value,
502 STACK_OF(CONF_VALUE) **extlist);
503int X509V3_add_value_bool(const char *name, int asn1_bool,
504 STACK_OF(CONF_VALUE) **extlist);
505int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
506 STACK_OF(CONF_VALUE) **extlist);
507char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
508ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
509char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
510char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
511int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
512int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
513int X509V3_EXT_add_alias(int nid_to, int nid_from);
514void X509V3_EXT_cleanup(void);
515
516X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
517X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
518int X509V3_add_standard_extensions(void);
519STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line);
520void *X509V3_EXT_d2i(X509_EXTENSION *ext);
521void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
522
523X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
524
525char *hex_to_string(unsigned char *buffer, long len);
526unsigned char *string_to_hex(char *str, long *len);
527int name_cmp(const char *name, const char *cmp);
528
529void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
530 int ml);
531int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
532int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
533
534int X509_check_purpose(X509 *x, int id, int ca);
535int X509_check_issued(X509 *issuer, X509 *subject);
536int X509_PURPOSE_get_count(void);
537X509_PURPOSE * X509_PURPOSE_get0(int idx);
538int X509_PURPOSE_get_by_sname(char *sname);
539int X509_PURPOSE_get_by_id(int id);
540int X509_PURPOSE_add(int id, int trust, int flags,
541 int (*ck)(const X509_PURPOSE *, const X509 *, int),
542 char *name, char *sname, void *arg);
543char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
544char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
545int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
546void X509_PURPOSE_cleanup(void);
547int X509_PURPOSE_get_id(X509_PURPOSE *);
548
549STACK *X509_get1_email(X509 *x);
550STACK *X509_REQ_get1_email(X509_REQ *x);
551void X509_email_free(STACK *sk);
552
553
554/* BEGIN ERROR CODES */
555/* The following lines are auto generated by the script mkerr.pl. Any changes
556 * made after this point may be overwritten when the script is next run.
557 */
558
559/* Error codes for the X509V3 functions. */
560
561/* Function codes. */
562#define X509V3_F_COPY_EMAIL 122
563#define X509V3_F_COPY_ISSUER 123
564#define X509V3_F_DO_EXT_CONF 124
565#define X509V3_F_DO_EXT_I2D 135
566#define X509V3_F_HEX_TO_STRING 111
567#define X509V3_F_I2S_ASN1_ENUMERATED 121
568#define X509V3_F_I2S_ASN1_INTEGER 120
569#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
570#define X509V3_F_NOTICE_SECTION 132
571#define X509V3_F_NREF_NOS 133
572#define X509V3_F_POLICY_SECTION 131
573#define X509V3_F_R2I_CERTPOL 130
574#define X509V3_F_S2I_ASN1_IA5STRING 100
575#define X509V3_F_S2I_ASN1_INTEGER 108
576#define X509V3_F_S2I_ASN1_OCTET_STRING 112
577#define X509V3_F_S2I_ASN1_SKEY_ID 114
578#define X509V3_F_S2I_S2I_SKEY_ID 115
579#define X509V3_F_STRING_TO_HEX 113
580#define X509V3_F_SXNET_ADD_ASC 125
581#define X509V3_F_SXNET_ADD_ID_INTEGER 126
582#define X509V3_F_SXNET_ADD_ID_ULONG 127
583#define X509V3_F_SXNET_GET_ID_ASC 128
584#define X509V3_F_SXNET_GET_ID_ULONG 129
585#define X509V3_F_V2I_ACCESS_DESCRIPTION 139
586#define X509V3_F_V2I_ASN1_BIT_STRING 101
587#define X509V3_F_V2I_AUTHORITY_KEYID 119
588#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
589#define X509V3_F_V2I_CRLD 134
590#define X509V3_F_V2I_EXT_KU 103
591#define X509V3_F_V2I_GENERAL_NAME 117
592#define X509V3_F_V2I_GENERAL_NAMES 118
593#define X509V3_F_V3_GENERIC_EXTENSION 116
594#define X509V3_F_X509V3_ADD_VALUE 105
595#define X509V3_F_X509V3_EXT_ADD 104
596#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
597#define X509V3_F_X509V3_EXT_CONF 107
598#define X509V3_F_X509V3_EXT_I2D 136
599#define X509V3_F_X509V3_GET_VALUE_BOOL 110
600#define X509V3_F_X509V3_PARSE_LIST 109
601#define X509V3_F_X509_PURPOSE_ADD 137
602
603/* Reason codes. */
604#define X509V3_R_BAD_IP_ADDRESS 118
605#define X509V3_R_BAD_OBJECT 119
606#define X509V3_R_BN_DEC2BN_ERROR 100
607#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
608#define X509V3_R_DUPLICATE_ZONE_ID 133
609#define X509V3_R_ERROR_CONVERTING_ZONE 131
610#define X509V3_R_ERROR_IN_EXTENSION 128
611#define X509V3_R_EXPECTED_A_SECTION_NAME 137
612#define X509V3_R_EXTENSION_NAME_ERROR 115
613#define X509V3_R_EXTENSION_NOT_FOUND 102
614#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
615#define X509V3_R_EXTENSION_VALUE_ERROR 116
616#define X509V3_R_ILLEGAL_HEX_DIGIT 113
617#define X509V3_R_INVALID_BOOLEAN_STRING 104
618#define X509V3_R_INVALID_EXTENSION_STRING 105
619#define X509V3_R_INVALID_NAME 106
620#define X509V3_R_INVALID_NULL_ARGUMENT 107
621#define X509V3_R_INVALID_NULL_NAME 108
622#define X509V3_R_INVALID_NULL_VALUE 109
623#define X509V3_R_INVALID_NUMBER 140
624#define X509V3_R_INVALID_NUMBERS 141
625#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
626#define X509V3_R_INVALID_OPTION 138
627#define X509V3_R_INVALID_POLICY_IDENTIFIER 134
628#define X509V3_R_INVALID_SECTION 135
629#define X509V3_R_INVALID_SYNTAX 143
630#define X509V3_R_ISSUER_DECODE_ERROR 126
631#define X509V3_R_MISSING_VALUE 124
632#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142
633#define X509V3_R_NO_CONFIG_DATABASE 136
634#define X509V3_R_NO_ISSUER_CERTIFICATE 121
635#define X509V3_R_NO_ISSUER_DETAILS 127
636#define X509V3_R_NO_POLICY_IDENTIFIER 139
637#define X509V3_R_NO_PUBLIC_KEY 114
638#define X509V3_R_NO_SUBJECT_DETAILS 125
639#define X509V3_R_ODD_NUMBER_OF_DIGITS 112
640#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
641#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123
642#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
643#define X509V3_R_UNKNOWN_EXTENSION 129
644#define X509V3_R_UNKNOWN_EXTENSION_NAME 130
645#define X509V3_R_UNKNOWN_OPTION 120
646#define X509V3_R_UNSUPPORTED_OPTION 117
647#define X509V3_R_USER_TOO_LONG 132
648
649#ifdef __cplusplus
650}
651#endif
652#endif
653
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 05:38:11 +0000