summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/x509/by_dir.c380
-rw-r--r--src/lib/libcrypto/x509/by_file.c300
-rw-r--r--src/lib/libcrypto/x509/x509.h1259
-rw-r--r--src/lib/libcrypto/x509/x509_att.c326
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c440
-rw-r--r--src/lib/libcrypto/x509/x509_d2.c107
-rw-r--r--src/lib/libcrypto/x509/x509_def.c81
-rw-r--r--src/lib/libcrypto/x509/x509_err.c160
-rw-r--r--src/lib/libcrypto/x509/x509_ext.c210
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c557
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c226
-rw-r--r--src/lib/libcrypto/x509/x509_r2x.c112
-rw-r--r--src/lib/libcrypto/x509/x509_req.c279
-rw-r--r--src/lib/libcrypto/x509/x509_set.c150
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c287
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c165
-rw-r--r--src/lib/libcrypto/x509/x509_v3.c268
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c1333
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h422
-rw-r--r--src/lib/libcrypto/x509/x509cset.c170
-rw-r--r--src/lib/libcrypto/x509/x509name.c383
-rw-r--r--src/lib/libcrypto/x509/x509rset.c83
-rw-r--r--src/lib/libcrypto/x509/x509spki.c120
-rw-r--r--src/lib/libcrypto/x509/x509type.c115
-rw-r--r--src/lib/libcrypto/x509/x_all.c489
-rw-r--r--src/lib/libcrypto/x509v3/ext_dat.h118
-rw-r--r--src/lib/libcrypto/x509v3/v3_akey.c190
-rw-r--r--src/lib/libcrypto/x509v3/v3_akeya.c72
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c458
-rw-r--r--src/lib/libcrypto/x509v3/v3_bcons.c124
-rw-r--r--src/lib/libcrypto/x509v3/v3_bitst.c147
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c485
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c431
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c162
-rw-r--r--src/lib/libcrypto/x509v3/v3_enum.c94
-rw-r--r--src/lib/libcrypto/x509v3/v3_extku.c142
-rw-r--r--src/lib/libcrypto/x509v3/v3_genn.c101
-rw-r--r--src/lib/libcrypto/x509v3/v3_ia5.c116
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c194
-rw-r--r--src/lib/libcrypto/x509v3/v3_int.c76
-rw-r--r--src/lib/libcrypto/x509v3/v3_lib.c302
-rw-r--r--src/lib/libcrypto/x509v3/v3_ocsp.c275
-rw-r--r--src/lib/libcrypto/x509v3/v3_pci.c313
-rw-r--r--src/lib/libcrypto/x509v3/v3_pcia.c55
-rw-r--r--src/lib/libcrypto/x509v3/v3_pku.c108
-rw-r--r--src/lib/libcrypto/x509v3/v3_prn.c233
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c647
-rw-r--r--src/lib/libcrypto/x509v3/v3_skey.c144
-rw-r--r--src/lib/libcrypto/x509v3/v3_sxnet.c262
-rw-r--r--src/lib/libcrypto/x509v3/v3_utl.c535
-rw-r--r--src/lib/libcrypto/x509v3/v3err.c197
-rw-r--r--src/lib/libcrypto/x509v3/x509v3.h687
52 files changed, 0 insertions, 15090 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
deleted file mode 100644
index ea689aed1a..0000000000
--- a/src/lib/libcrypto/x509/by_dir.c
+++ /dev/null
@@ -1,380 +0,0 @@
1/* crypto/x509/by_dir.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64
65#ifndef NO_SYS_TYPES_H
66# include <sys/types.h>
67#endif
68#ifdef MAC_OS_pre_X
69# include <stat.h>
70#else
71# include <sys/stat.h>
72#endif
73
74#include <openssl/lhash.h>
75#include <openssl/x509.h>
76
77typedef struct lookup_dir_st
78 {
79 BUF_MEM *buffer;
80 int num_dirs;
81 char **dirs;
82 int *dirs_type;
83 int num_dirs_alloced;
84 } BY_DIR;
85
86static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
87 char **ret);
88static int new_dir(X509_LOOKUP *lu);
89static void free_dir(X509_LOOKUP *lu);
90static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
91static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
92 X509_OBJECT *ret);
93X509_LOOKUP_METHOD x509_dir_lookup=
94 {
95 "Load certs from files in a directory",
96 new_dir, /* new */
97 free_dir, /* free */
98 NULL, /* init */
99 NULL, /* shutdown */
100 dir_ctrl, /* ctrl */
101 get_cert_by_subject, /* get_by_subject */
102 NULL, /* get_by_issuer_serial */
103 NULL, /* get_by_fingerprint */
104 NULL, /* get_by_alias */
105 };
106
107X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
108 {
109 return(&x509_dir_lookup);
110 }
111
112static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
113 char **retp)
114 {
115 int ret=0;
116 BY_DIR *ld;
117 char *dir = NULL;
118
119 ld=(BY_DIR *)ctx->method_data;
120
121 switch (cmd)
122 {
123 case X509_L_ADD_DIR:
124 if (argl == X509_FILETYPE_DEFAULT)
125 {
126 dir=(char *)Getenv(X509_get_default_cert_dir_env());
127 if (dir)
128 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
129 else
130 ret=add_cert_dir(ld,X509_get_default_cert_dir(),
131 X509_FILETYPE_PEM);
132 if (!ret)
133 {
134 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
135 }
136 }
137 else
138 ret=add_cert_dir(ld,argp,(int)argl);
139 break;
140 }
141 return(ret);
142 }
143
144static int new_dir(X509_LOOKUP *lu)
145 {
146 BY_DIR *a;
147
148 if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
149 return(0);
150 if ((a->buffer=BUF_MEM_new()) == NULL)
151 {
152 OPENSSL_free(a);
153 return(0);
154 }
155 a->num_dirs=0;
156 a->dirs=NULL;
157 a->dirs_type=NULL;
158 a->num_dirs_alloced=0;
159 lu->method_data=(char *)a;
160 return(1);
161 }
162
163static void free_dir(X509_LOOKUP *lu)
164 {
165 BY_DIR *a;
166 int i;
167
168 a=(BY_DIR *)lu->method_data;
169 for (i=0; i<a->num_dirs; i++)
170 if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
171 if (a->dirs != NULL) OPENSSL_free(a->dirs);
172 if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
173 if (a->buffer != NULL) BUF_MEM_free(a->buffer);
174 OPENSSL_free(a);
175 }
176
177static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
178 {
179 int j,len;
180 int *ip;
181 const char *s,*ss,*p;
182 char **pp;
183
184 if (dir == NULL || !*dir)
185 {
186 X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
187 return 0;
188 }
189
190 s=dir;
191 p=s;
192 for (;;)
193 {
194 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
195 {
196 ss=s;
197 s=p+1;
198 len=(int)(p-ss);
199 if (len == 0) continue;
200 for (j=0; j<ctx->num_dirs; j++)
201 if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
202 continue;
203 if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
204 {
205 ctx->num_dirs_alloced+=10;
206 pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
207 sizeof(char *));
208 ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
209 sizeof(int));
210 if ((pp == NULL) || (ip == NULL))
211 {
212 X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
213 return(0);
214 }
215 memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
216 sizeof(char *));
217 memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
218 sizeof(int));
219 if (ctx->dirs != NULL)
220 OPENSSL_free(ctx->dirs);
221 if (ctx->dirs_type != NULL)
222 OPENSSL_free(ctx->dirs_type);
223 ctx->dirs=pp;
224 ctx->dirs_type=ip;
225 }
226 ctx->dirs_type[ctx->num_dirs]=type;
227 ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
228 if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
229 strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
230 ctx->dirs[ctx->num_dirs][len]='\0';
231 ctx->num_dirs++;
232 }
233 if (*p == '\0') break;
234 p++;
235 }
236 return(1);
237 }
238
239static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
240 X509_OBJECT *ret)
241 {
242 BY_DIR *ctx;
243 union {
244 struct {
245 X509 st_x509;
246 X509_CINF st_x509_cinf;
247 } x509;
248 struct {
249 X509_CRL st_crl;
250 X509_CRL_INFO st_crl_info;
251 } crl;
252 } data;
253 int ok=0;
254 int i,j,k;
255 unsigned long h;
256 BUF_MEM *b=NULL;
257 struct stat st;
258 X509_OBJECT stmp,*tmp;
259 const char *postfix="";
260
261 if (name == NULL) return(0);
262
263 stmp.type=type;
264 if (type == X509_LU_X509)
265 {
266 data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
267 data.x509.st_x509_cinf.subject=name;
268 stmp.data.x509= &data.x509.st_x509;
269 postfix="";
270 }
271 else if (type == X509_LU_CRL)
272 {
273 data.crl.st_crl.crl= &data.crl.st_crl_info;
274 data.crl.st_crl_info.issuer=name;
275 stmp.data.crl= &data.crl.st_crl;
276 postfix="r";
277 }
278 else
279 {
280 X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
281 goto finish;
282 }
283
284 if ((b=BUF_MEM_new()) == NULL)
285 {
286 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
287 goto finish;
288 }
289
290 ctx=(BY_DIR *)xl->method_data;
291
292 h=X509_NAME_hash(name);
293 for (i=0; i<ctx->num_dirs; i++)
294 {
295 j=strlen(ctx->dirs[i])+1+8+6+1+1;
296 if (!BUF_MEM_grow(b,j))
297 {
298 X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
299 goto finish;
300 }
301 k=0;
302 for (;;)
303 {
304 char c = '/';
305#ifdef OPENSSL_SYS_VMS
306 c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
307 if (c != ':' && c != '>' && c != ']')
308 {
309 /* If no separator is present, we assume the
310 directory specifier is a logical name, and
311 add a colon. We really should use better
312 VMS routines for merging things like this,
313 but this will do for now...
314 -- Richard Levitte */
315 c = ':';
316 }
317 else
318 {
319 c = '\0';
320 }
321#endif
322 if (c == '\0')
323 {
324 /* This is special. When c == '\0', no
325 directory separator should be added. */
326 BIO_snprintf(b->data,b->max,
327 "%s%08lx.%s%d",ctx->dirs[i],h,
328 postfix,k);
329 }
330 else
331 {
332 BIO_snprintf(b->data,b->max,
333 "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
334 postfix,k);
335 }
336 k++;
337 if (stat(b->data,&st) < 0)
338 break;
339 /* found one. */
340 if (type == X509_LU_X509)
341 {
342 if ((X509_load_cert_file(xl,b->data,
343 ctx->dirs_type[i])) == 0)
344 break;
345 }
346 else if (type == X509_LU_CRL)
347 {
348 if ((X509_load_crl_file(xl,b->data,
349 ctx->dirs_type[i])) == 0)
350 break;
351 }
352 /* else case will caught higher up */
353 }
354
355 /* we have added it to the cache so now pull
356 * it out again */
357 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
358 j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
359 if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
360 else tmp = NULL;
361 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
362
363 if (tmp != NULL)
364 {
365 ok=1;
366 ret->type=tmp->type;
367 memcpy(&ret->data,&tmp->data,sizeof(ret->data));
368 /* If we were going to up the reference count,
369 * we would need to do it on a perl 'type'
370 * basis */
371 /* CRYPTO_add(&tmp->data.x509->references,1,
372 CRYPTO_LOCK_X509);*/
373 goto finish;
374 }
375 }
376finish:
377 if (b != NULL) BUF_MEM_free(b);
378 return(ok);
379 }
380
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
deleted file mode 100644
index a5e0d4aefa..0000000000
--- a/src/lib/libcrypto/x509/by_file.c
+++ /dev/null
@@ -1,300 +0,0 @@
1/* crypto/x509/by_file.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/lhash.h>
65#include <openssl/buffer.h>
66#include <openssl/x509.h>
67#include <openssl/pem.h>
68
69#ifndef OPENSSL_NO_STDIO
70
71static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
72 long argl, char **ret);
73X509_LOOKUP_METHOD x509_file_lookup=
74 {
75 "Load file into cache",
76 NULL, /* new */
77 NULL, /* free */
78 NULL, /* init */
79 NULL, /* shutdown */
80 by_file_ctrl, /* ctrl */
81 NULL, /* get_by_subject */
82 NULL, /* get_by_issuer_serial */
83 NULL, /* get_by_fingerprint */
84 NULL, /* get_by_alias */
85 };
86
87X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
88 {
89 return(&x509_file_lookup);
90 }
91
92static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
93 char **ret)
94 {
95 int ok=0;
96 char *file;
97
98 switch (cmd)
99 {
100 case X509_L_FILE_LOAD:
101 if (argl == X509_FILETYPE_DEFAULT)
102 {
103 file = (char *)Getenv(X509_get_default_cert_file_env());
104 if (file)
105 ok = (X509_load_cert_crl_file(ctx,file,
106 X509_FILETYPE_PEM) != 0);
107
108 else
109 ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
110 X509_FILETYPE_PEM) != 0);
111
112 if (!ok)
113 {
114 X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
115 }
116 }
117 else
118 {
119 if(argl == X509_FILETYPE_PEM)
120 ok = (X509_load_cert_crl_file(ctx,argp,
121 X509_FILETYPE_PEM) != 0);
122 else
123 ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
124 }
125 break;
126 }
127 return(ok);
128 }
129
130int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
131 {
132 int ret=0;
133 BIO *in=NULL;
134 int i,count=0;
135 X509 *x=NULL;
136
137 if (file == NULL) return(1);
138 in=BIO_new(BIO_s_file_internal());
139
140 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
141 {
142 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
143 goto err;
144 }
145
146 if (type == X509_FILETYPE_PEM)
147 {
148 for (;;)
149 {
150 x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
151 if (x == NULL)
152 {
153 if ((ERR_GET_REASON(ERR_peek_last_error()) ==
154 PEM_R_NO_START_LINE) && (count > 0))
155 {
156 ERR_clear_error();
157 break;
158 }
159 else
160 {
161 X509err(X509_F_X509_LOAD_CERT_FILE,
162 ERR_R_PEM_LIB);
163 goto err;
164 }
165 }
166 i=X509_STORE_add_cert(ctx->store_ctx,x);
167 if (!i) goto err;
168 count++;
169 X509_free(x);
170 x=NULL;
171 }
172 ret=count;
173 }
174 else if (type == X509_FILETYPE_ASN1)
175 {
176 x=d2i_X509_bio(in,NULL);
177 if (x == NULL)
178 {
179 X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
180 goto err;
181 }
182 i=X509_STORE_add_cert(ctx->store_ctx,x);
183 if (!i) goto err;
184 ret=i;
185 }
186 else
187 {
188 X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
189 goto err;
190 }
191err:
192 if (x != NULL) X509_free(x);
193 if (in != NULL) BIO_free(in);
194 return(ret);
195 }
196
197int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
198 {
199 int ret=0;
200 BIO *in=NULL;
201 int i,count=0;
202 X509_CRL *x=NULL;
203
204 if (file == NULL) return(1);
205 in=BIO_new(BIO_s_file_internal());
206
207 if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
208 {
209 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
210 goto err;
211 }
212
213 if (type == X509_FILETYPE_PEM)
214 {
215 for (;;)
216 {
217 x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
218 if (x == NULL)
219 {
220 if ((ERR_GET_REASON(ERR_peek_last_error()) ==
221 PEM_R_NO_START_LINE) && (count > 0))
222 {
223 ERR_clear_error();
224 break;
225 }
226 else
227 {
228 X509err(X509_F_X509_LOAD_CRL_FILE,
229 ERR_R_PEM_LIB);
230 goto err;
231 }
232 }
233 i=X509_STORE_add_crl(ctx->store_ctx,x);
234 if (!i) goto err;
235 count++;
236 X509_CRL_free(x);
237 x=NULL;
238 }
239 ret=count;
240 }
241 else if (type == X509_FILETYPE_ASN1)
242 {
243 x=d2i_X509_CRL_bio(in,NULL);
244 if (x == NULL)
245 {
246 X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
247 goto err;
248 }
249 i=X509_STORE_add_crl(ctx->store_ctx,x);
250 if (!i) goto err;
251 ret=i;
252 }
253 else
254 {
255 X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
256 goto err;
257 }
258err:
259 if (x != NULL) X509_CRL_free(x);
260 if (in != NULL) BIO_free(in);
261 return(ret);
262 }
263
264int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
265{
266 STACK_OF(X509_INFO) *inf;
267 X509_INFO *itmp;
268 BIO *in;
269 int i, count = 0;
270 if(type != X509_FILETYPE_PEM)
271 return X509_load_cert_file(ctx, file, type);
272 in = BIO_new_file(file, "r");
273 if(!in) {
274 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
275 return 0;
276 }
277 inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
278 BIO_free(in);
279 if(!inf) {
280 X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
281 return 0;
282 }
283 for(i = 0; i < sk_X509_INFO_num(inf); i++) {
284 itmp = sk_X509_INFO_value(inf, i);
285 if(itmp->x509) {
286 X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
287 count++;
288 }
289 if(itmp->crl) {
290 X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
291 count++;
292 }
293 }
294 sk_X509_INFO_pop_free(inf, X509_INFO_free);
295 return count;
296}
297
298
299#endif /* OPENSSL_NO_STDIO */
300
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
deleted file mode 100644
index e8c1a59cf2..0000000000
--- a/src/lib/libcrypto/x509/x509.h
+++ /dev/null
@@ -1,1259 +0,0 @@
1/* crypto/x509/x509.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#define HEADER_X509_H
61
62#include <openssl/symhacks.h>
63#ifndef OPENSSL_NO_BUFFER
64#include <openssl/buffer.h>
65#endif
66#ifndef OPENSSL_NO_EVP
67#include <openssl/evp.h>
68#endif
69#ifndef OPENSSL_NO_BIO
70#include <openssl/bio.h>
71#endif
72#include <openssl/stack.h>
73#include <openssl/asn1.h>
74#include <openssl/safestack.h>
75
76#ifndef OPENSSL_NO_RSA
77#include <openssl/rsa.h>
78#endif
79
80#ifndef OPENSSL_NO_DSA
81#include <openssl/dsa.h>
82#endif
83
84#ifndef OPENSSL_NO_DH
85#include <openssl/dh.h>
86#endif
87#ifndef OPENSSL_NO_SHA
88#include <openssl/sha.h>
89#endif
90#include <openssl/e_os2.h>
91#include <openssl/ossl_typ.h>
92
93#ifdef __cplusplus
94extern "C" {
95#endif
96
97#ifdef OPENSSL_SYS_WIN32
98/* Under Win32 this is defined in wincrypt.h */
99#undef X509_NAME
100#endif
101
102#define X509_FILETYPE_PEM 1
103#define X509_FILETYPE_ASN1 2
104#define X509_FILETYPE_DEFAULT 3
105
106#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
107#define X509v3_KU_NON_REPUDIATION 0x0040
108#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
109#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
110#define X509v3_KU_KEY_AGREEMENT 0x0008
111#define X509v3_KU_KEY_CERT_SIGN 0x0004
112#define X509v3_KU_CRL_SIGN 0x0002
113#define X509v3_KU_ENCIPHER_ONLY 0x0001
114#define X509v3_KU_DECIPHER_ONLY 0x8000
115#define X509v3_KU_UNDEF 0xffff
116
117typedef struct X509_objects_st
118 {
119 int nid;
120 int (*a2i)();
121 int (*i2a)();
122 } X509_OBJECTS;
123
124struct X509_algor_st
125 {
126 ASN1_OBJECT *algorithm;
127 ASN1_TYPE *parameter;
128 } /* X509_ALGOR */;
129
130DECLARE_STACK_OF(X509_ALGOR)
131DECLARE_ASN1_SET_OF(X509_ALGOR)
132
133typedef struct X509_val_st
134 {
135 ASN1_TIME *notBefore;
136 ASN1_TIME *notAfter;
137 } X509_VAL;
138
139typedef struct X509_pubkey_st
140 {
141 X509_ALGOR *algor;
142 ASN1_BIT_STRING *public_key;
143 EVP_PKEY *pkey;
144 } X509_PUBKEY;
145
146typedef struct X509_sig_st
147 {
148 X509_ALGOR *algor;
149 ASN1_OCTET_STRING *digest;
150 } X509_SIG;
151
152typedef struct X509_name_entry_st
153 {
154 ASN1_OBJECT *object;
155 ASN1_STRING *value;
156 int set;
157 int size; /* temp variable */
158 } X509_NAME_ENTRY;
159
160DECLARE_STACK_OF(X509_NAME_ENTRY)
161DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
162
163/* we always keep X509_NAMEs in 2 forms. */
164struct X509_name_st
165 {
166 STACK_OF(X509_NAME_ENTRY) *entries;
167 int modified; /* true if 'bytes' needs to be built */
168#ifndef OPENSSL_NO_BUFFER
169 BUF_MEM *bytes;
170#else
171 char *bytes;
172#endif
173 unsigned long hash; /* Keep the hash around for lookups */
174 } /* X509_NAME */;
175
176DECLARE_STACK_OF(X509_NAME)
177
178#define X509_EX_V_NETSCAPE_HACK 0x8000
179#define X509_EX_V_INIT 0x0001
180typedef struct X509_extension_st
181 {
182 ASN1_OBJECT *object;
183 ASN1_BOOLEAN critical;
184 ASN1_OCTET_STRING *value;
185 } X509_EXTENSION;
186
187DECLARE_STACK_OF(X509_EXTENSION)
188DECLARE_ASN1_SET_OF(X509_EXTENSION)
189
190/* a sequence of these are used */
191typedef struct x509_attributes_st
192 {
193 ASN1_OBJECT *object;
194 int single; /* 0 for a set, 1 for a single item (which is wrong) */
195 union {
196 char *ptr;
197/* 0 */ STACK_OF(ASN1_TYPE) *set;
198/* 1 */ ASN1_TYPE *single;
199 } value;
200 } X509_ATTRIBUTE;
201
202DECLARE_STACK_OF(X509_ATTRIBUTE)
203DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
204
205
206typedef struct X509_req_info_st
207 {
208 ASN1_ENCODING enc;
209 ASN1_INTEGER *version;
210 X509_NAME *subject;
211 X509_PUBKEY *pubkey;
212 /* d=2 hl=2 l= 0 cons: cont: 00 */
213 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
214 } X509_REQ_INFO;
215
216typedef struct X509_req_st
217 {
218 X509_REQ_INFO *req_info;
219 X509_ALGOR *sig_alg;
220 ASN1_BIT_STRING *signature;
221 int references;
222 } X509_REQ;
223
224typedef struct x509_cinf_st
225 {
226 ASN1_INTEGER *version; /* [ 0 ] default of v1 */
227 ASN1_INTEGER *serialNumber;
228 X509_ALGOR *signature;
229 X509_NAME *issuer;
230 X509_VAL *validity;
231 X509_NAME *subject;
232 X509_PUBKEY *key;
233 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
234 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
235 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
236 } X509_CINF;
237
238/* This stuff is certificate "auxiliary info"
239 * it contains details which are useful in certificate
240 * stores and databases. When used this is tagged onto
241 * the end of the certificate itself
242 */
243
244typedef struct x509_cert_aux_st
245 {
246 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
247 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
248 ASN1_UTF8STRING *alias; /* "friendly name" */
249 ASN1_OCTET_STRING *keyid; /* key id of private key */
250 STACK_OF(X509_ALGOR) *other; /* other unspecified info */
251 } X509_CERT_AUX;
252
253struct x509_st
254 {
255 X509_CINF *cert_info;
256 X509_ALGOR *sig_alg;
257 ASN1_BIT_STRING *signature;
258 int valid;
259 int references;
260 char *name;
261 CRYPTO_EX_DATA ex_data;
262 /* These contain copies of various extension values */
263 long ex_pathlen;
264 unsigned long ex_flags;
265 unsigned long ex_kusage;
266 unsigned long ex_xkusage;
267 unsigned long ex_nscert;
268 ASN1_OCTET_STRING *skid;
269 struct AUTHORITY_KEYID_st *akid;
270#ifndef OPENSSL_NO_SHA
271 unsigned char sha1_hash[SHA_DIGEST_LENGTH];
272#endif
273 X509_CERT_AUX *aux;
274 } /* X509 */;
275
276DECLARE_STACK_OF(X509)
277DECLARE_ASN1_SET_OF(X509)
278
279/* This is used for a table of trust checking functions */
280
281typedef struct x509_trust_st {
282 int trust;
283 int flags;
284 int (*check_trust)(struct x509_trust_st *, X509 *, int);
285 char *name;
286 int arg1;
287 void *arg2;
288} X509_TRUST;
289
290DECLARE_STACK_OF(X509_TRUST)
291
292/* standard trust ids */
293
294#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */
295
296#define X509_TRUST_COMPAT 1
297#define X509_TRUST_SSL_CLIENT 2
298#define X509_TRUST_SSL_SERVER 3
299#define X509_TRUST_EMAIL 4
300#define X509_TRUST_OBJECT_SIGN 5
301#define X509_TRUST_OCSP_SIGN 6
302#define X509_TRUST_OCSP_REQUEST 7
303
304/* Keep these up to date! */
305#define X509_TRUST_MIN 1
306#define X509_TRUST_MAX 7
307
308
309/* trust_flags values */
310#define X509_TRUST_DYNAMIC 1
311#define X509_TRUST_DYNAMIC_NAME 2
312
313/* check_trust return codes */
314
315#define X509_TRUST_TRUSTED 1
316#define X509_TRUST_REJECTED 2
317#define X509_TRUST_UNTRUSTED 3
318
319/* Flags for X509_print_ex() */
320
321#define X509_FLAG_COMPAT 0
322#define X509_FLAG_NO_HEADER 1L
323#define X509_FLAG_NO_VERSION (1L << 1)
324#define X509_FLAG_NO_SERIAL (1L << 2)
325#define X509_FLAG_NO_SIGNAME (1L << 3)
326#define X509_FLAG_NO_ISSUER (1L << 4)
327#define X509_FLAG_NO_VALIDITY (1L << 5)
328#define X509_FLAG_NO_SUBJECT (1L << 6)
329#define X509_FLAG_NO_PUBKEY (1L << 7)
330#define X509_FLAG_NO_EXTENSIONS (1L << 8)
331#define X509_FLAG_NO_SIGDUMP (1L << 9)
332#define X509_FLAG_NO_AUX (1L << 10)
333#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
334
335/* Flags specific to X509_NAME_print_ex() */
336
337/* The field separator information */
338
339#define XN_FLAG_SEP_MASK (0xf << 16)
340
341#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
342#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */
343#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */
344#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */
345#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */
346
347#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */
348
349/* How the field name is shown */
350
351#define XN_FLAG_FN_MASK (0x3 << 21)
352
353#define XN_FLAG_FN_SN 0 /* Object short name */
354#define XN_FLAG_FN_LN (1 << 21) /* Object long name */
355#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */
356#define XN_FLAG_FN_NONE (3 << 21) /* No field names */
357
358#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */
359
360/* This determines if we dump fields we don't recognise:
361 * RFC2253 requires this.
362 */
363
364#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
365
366#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */
367
368/* Complete set of RFC2253 flags */
369
370#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
371 XN_FLAG_SEP_COMMA_PLUS | \
372 XN_FLAG_DN_REV | \
373 XN_FLAG_FN_SN | \
374 XN_FLAG_DUMP_UNKNOWN_FIELDS)
375
376/* readable oneline form */
377
378#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
379 ASN1_STRFLGS_ESC_QUOTE | \
380 XN_FLAG_SEP_CPLUS_SPC | \
381 XN_FLAG_SPC_EQ | \
382 XN_FLAG_FN_SN)
383
384/* readable multiline form */
385
386#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
387 ASN1_STRFLGS_ESC_MSB | \
388 XN_FLAG_SEP_MULTILINE | \
389 XN_FLAG_SPC_EQ | \
390 XN_FLAG_FN_LN | \
391 XN_FLAG_FN_ALIGN)
392
393typedef struct X509_revoked_st
394 {
395 ASN1_INTEGER *serialNumber;
396 ASN1_TIME *revocationDate;
397 STACK_OF(X509_EXTENSION) /* optional */ *extensions;
398 int sequence; /* load sequence */
399 } X509_REVOKED;
400
401DECLARE_STACK_OF(X509_REVOKED)
402DECLARE_ASN1_SET_OF(X509_REVOKED)
403
404typedef struct X509_crl_info_st
405 {
406 ASN1_INTEGER *version;
407 X509_ALGOR *sig_alg;
408 X509_NAME *issuer;
409 ASN1_TIME *lastUpdate;
410 ASN1_TIME *nextUpdate;
411 STACK_OF(X509_REVOKED) *revoked;
412 STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
413 ASN1_ENCODING enc;
414 } X509_CRL_INFO;
415
416struct X509_crl_st
417 {
418 /* actual signature */
419 X509_CRL_INFO *crl;
420 X509_ALGOR *sig_alg;
421 ASN1_BIT_STRING *signature;
422 int references;
423 } /* X509_CRL */;
424
425DECLARE_STACK_OF(X509_CRL)
426DECLARE_ASN1_SET_OF(X509_CRL)
427
428typedef struct private_key_st
429 {
430 int version;
431 /* The PKCS#8 data types */
432 X509_ALGOR *enc_algor;
433 ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
434
435 /* When decrypted, the following will not be NULL */
436 EVP_PKEY *dec_pkey;
437
438 /* used to encrypt and decrypt */
439 int key_length;
440 char *key_data;
441 int key_free; /* true if we should auto free key_data */
442
443 /* expanded version of 'enc_algor' */
444 EVP_CIPHER_INFO cipher;
445
446 int references;
447 } X509_PKEY;
448
449#ifndef OPENSSL_NO_EVP
450typedef struct X509_info_st
451 {
452 X509 *x509;
453 X509_CRL *crl;
454 X509_PKEY *x_pkey;
455
456 EVP_CIPHER_INFO enc_cipher;
457 int enc_len;
458 char *enc_data;
459
460 int references;
461 } X509_INFO;
462
463DECLARE_STACK_OF(X509_INFO)
464#endif
465
466/* The next 2 structures and their 8 routines were sent to me by
467 * Pat Richard <patr@x509.com> and are used to manipulate
468 * Netscapes spki structures - useful if you are writing a CA web page
469 */
470typedef struct Netscape_spkac_st
471 {
472 X509_PUBKEY *pubkey;
473 ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
474 } NETSCAPE_SPKAC;
475
476typedef struct Netscape_spki_st
477 {
478 NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
479 X509_ALGOR *sig_algor;
480 ASN1_BIT_STRING *signature;
481 } NETSCAPE_SPKI;
482
483/* Netscape certificate sequence structure */
484typedef struct Netscape_certificate_sequence
485 {
486 ASN1_OBJECT *type;
487 STACK_OF(X509) *certs;
488 } NETSCAPE_CERT_SEQUENCE;
489
490/* Unused (and iv length is wrong)
491typedef struct CBCParameter_st
492 {
493 unsigned char iv[8];
494 } CBC_PARAM;
495*/
496
497/* Password based encryption structure */
498
499typedef struct PBEPARAM_st {
500ASN1_OCTET_STRING *salt;
501ASN1_INTEGER *iter;
502} PBEPARAM;
503
504/* Password based encryption V2 structures */
505
506typedef struct PBE2PARAM_st {
507X509_ALGOR *keyfunc;
508X509_ALGOR *encryption;
509} PBE2PARAM;
510
511typedef struct PBKDF2PARAM_st {
512ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
513ASN1_INTEGER *iter;
514ASN1_INTEGER *keylength;
515X509_ALGOR *prf;
516} PBKDF2PARAM;
517
518
519/* PKCS#8 private key info structure */
520
521typedef struct pkcs8_priv_key_info_st
522 {
523 int broken; /* Flag for various broken formats */
524#define PKCS8_OK 0
525#define PKCS8_NO_OCTET 1
526#define PKCS8_EMBEDDED_PARAM 2
527#define PKCS8_NS_DB 3
528 ASN1_INTEGER *version;
529 X509_ALGOR *pkeyalg;
530 ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
531 STACK_OF(X509_ATTRIBUTE) *attributes;
532 } PKCS8_PRIV_KEY_INFO;
533
534#ifdef __cplusplus
535}
536#endif
537
538#include <openssl/x509_vfy.h>
539#include <openssl/pkcs7.h>
540
541#ifdef __cplusplus
542extern "C" {
543#endif
544
545#ifdef SSLEAY_MACROS
546#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
547 a->signature,(char *)a->cert_info,r)
548#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
549 a->sig_alg,a->signature,(char *)a->req_info,r)
550#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
551 a->sig_alg, a->signature,(char *)a->crl,r)
552
553#define X509_sign(x,pkey,md) \
554 ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
555 x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
556#define X509_REQ_sign(x,pkey,md) \
557 ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
558 x->signature, (char *)x->req_info,pkey,md)
559#define X509_CRL_sign(x,pkey,md) \
560 ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
561 x->signature, (char *)x->crl,pkey,md)
562#define NETSCAPE_SPKI_sign(x,pkey,md) \
563 ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
564 x->signature, (char *)x->spkac,pkey,md)
565
566#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
567 (char *(*)())d2i_X509,(char *)x509)
568#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
569 (int (*)())i2d_X509_ATTRIBUTE, \
570 (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
571#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
572 (int (*)())i2d_X509_EXTENSION, \
573 (char *(*)())d2i_X509_EXTENSION,(char *)ex)
574#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
575 (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
576#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
577#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
578 (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
579#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
580
581#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
582 (char *(*)())d2i_X509_CRL,(char *)crl)
583#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
584 X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
585 (unsigned char **)(crl))
586#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
587 (unsigned char *)crl)
588#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
589 X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
590 (unsigned char **)(crl))
591#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
592 (unsigned char *)crl)
593
594#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
595 (char *(*)())d2i_PKCS7,(char *)p7)
596#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
597 PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
598 (unsigned char **)(p7))
599#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
600 (unsigned char *)p7)
601#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
602 PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
603 (unsigned char **)(p7))
604#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
605 (unsigned char *)p7)
606
607#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
608 (char *(*)())d2i_X509_REQ,(char *)req)
609#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
610 X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
611 (unsigned char **)(req))
612#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
613 (unsigned char *)req)
614#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
615 X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
616 (unsigned char **)(req))
617#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
618 (unsigned char *)req)
619
620#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
621 (char *(*)())d2i_RSAPublicKey,(char *)rsa)
622#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
623 (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
624
625#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
626 RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
627 (unsigned char **)(rsa))
628#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
629 (unsigned char *)rsa)
630#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
631 RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
632 (unsigned char **)(rsa))
633#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
634 (unsigned char *)rsa)
635
636#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
637 RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
638 (unsigned char **)(rsa))
639#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
640 (unsigned char *)rsa)
641#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
642 RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
643 (unsigned char **)(rsa))
644#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
645 (unsigned char *)rsa)
646
647#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
648 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
649 (unsigned char **)(dsa))
650#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
651 (unsigned char *)dsa)
652#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
653 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
654 (unsigned char **)(dsa))
655#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
656 (unsigned char *)dsa)
657
658#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
659 (char *(*)())d2i_X509_ALGOR,(char *)xn)
660
661#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
662 (char *(*)())d2i_X509_NAME,(char *)xn)
663#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
664 (int (*)())i2d_X509_NAME_ENTRY, \
665 (char *(*)())d2i_X509_NAME_ENTRY,\
666 (char *)ne)
667
668#define X509_digest(data,type,md,len) \
669 ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
670#define X509_NAME_digest(data,type,md,len) \
671 ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
672#ifndef PKCS7_ISSUER_AND_SERIAL_digest
673#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
674 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
675 (char *)data,md,len)
676#endif
677#endif
678
679#define X509_EXT_PACK_UNKNOWN 1
680#define X509_EXT_PACK_STRING 2
681
682#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
683/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
684#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
685#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
686#define X509_extract_key(x) X509_get_pubkey(x) /*****/
687#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
688#define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
689#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
690#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
691#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
692
693#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
694#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
695#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
696#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
697#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
698
699/* This one is only used so that a binary form can output, as in
700 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
701#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
702
703
704const char *X509_verify_cert_error_string(long n);
705
706#ifndef SSLEAY_MACROS
707#ifndef OPENSSL_NO_EVP
708int X509_verify(X509 *a, EVP_PKEY *r);
709
710int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
711int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
712int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
713
714NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
715char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
716EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
717int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
718
719int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
720
721int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
722
723int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
724int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
725int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
726int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
727
728int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
729 unsigned char *md, unsigned int *len);
730int X509_digest(const X509 *data,const EVP_MD *type,
731 unsigned char *md, unsigned int *len);
732int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
733 unsigned char *md, unsigned int *len);
734int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
735 unsigned char *md, unsigned int *len);
736int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
737 unsigned char *md, unsigned int *len);
738#endif
739
740#ifndef OPENSSL_NO_FP_API
741X509 *d2i_X509_fp(FILE *fp, X509 **x509);
742int i2d_X509_fp(FILE *fp,X509 *x509);
743X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
744int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
745X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
746int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
747#ifndef OPENSSL_NO_RSA
748RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
749int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
750RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
751int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
752RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
753int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
754#endif
755#ifndef OPENSSL_NO_DSA
756DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
757int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
758DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
759int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
760#endif
761X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
762int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
763PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
764 PKCS8_PRIV_KEY_INFO **p8inf);
765int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
766int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
767int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
768EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
769int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
770EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
771#endif
772
773#ifndef OPENSSL_NO_BIO
774X509 *d2i_X509_bio(BIO *bp,X509 **x509);
775int i2d_X509_bio(BIO *bp,X509 *x509);
776X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
777int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
778X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
779int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
780#ifndef OPENSSL_NO_RSA
781RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
782int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
783RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
784int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
785RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
786int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
787#endif
788#ifndef OPENSSL_NO_DSA
789DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
790int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
791DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
792int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
793#endif
794X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
795int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
796PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
797 PKCS8_PRIV_KEY_INFO **p8inf);
798int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
799int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
800int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
801EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
802int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
803EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
804#endif
805
806X509 *X509_dup(X509 *x509);
807X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
808X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
809X509_CRL *X509_CRL_dup(X509_CRL *crl);
810X509_REQ *X509_REQ_dup(X509_REQ *req);
811X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
812X509_NAME *X509_NAME_dup(X509_NAME *xn);
813X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
814
815#endif /* !SSLEAY_MACROS */
816
817int X509_cmp_time(ASN1_TIME *s, time_t *t);
818int X509_cmp_current_time(ASN1_TIME *s);
819ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
820ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
821
822const char * X509_get_default_cert_area(void );
823const char * X509_get_default_cert_dir(void );
824const char * X509_get_default_cert_file(void );
825const char * X509_get_default_cert_dir_env(void );
826const char * X509_get_default_cert_file_env(void );
827const char * X509_get_default_private_dir(void );
828
829X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
830X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
831
832DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
833DECLARE_ASN1_FUNCTIONS(X509_VAL)
834
835DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
836
837int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
838EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
839int X509_get_pubkey_parameters(EVP_PKEY *pkey,
840 STACK_OF(X509) *chain);
841int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
842EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
843 long length);
844#ifndef OPENSSL_NO_RSA
845int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
846RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
847 long length);
848#endif
849#ifndef OPENSSL_NO_DSA
850int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
851DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
852 long length);
853#endif
854
855DECLARE_ASN1_FUNCTIONS(X509_SIG)
856DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
857DECLARE_ASN1_FUNCTIONS(X509_REQ)
858
859DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
860X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
861
862DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
863
864DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
865
866DECLARE_ASN1_FUNCTIONS(X509_NAME)
867
868int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
869
870DECLARE_ASN1_FUNCTIONS(X509_CINF)
871
872DECLARE_ASN1_FUNCTIONS(X509)
873DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
874
875int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
876 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
877int X509_set_ex_data(X509 *r, int idx, void *arg);
878void *X509_get_ex_data(X509 *r, int idx);
879int i2d_X509_AUX(X509 *a,unsigned char **pp);
880X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
881
882int X509_alias_set1(X509 *x, unsigned char *name, int len);
883int X509_keyid_set1(X509 *x, unsigned char *id, int len);
884unsigned char * X509_alias_get0(X509 *x, int *len);
885int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
886int X509_TRUST_set(int *t, int trust);
887int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
888int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
889void X509_trust_clear(X509 *x);
890void X509_reject_clear(X509 *x);
891
892DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
893DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
894DECLARE_ASN1_FUNCTIONS(X509_CRL)
895
896int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
897
898X509_PKEY * X509_PKEY_new(void );
899void X509_PKEY_free(X509_PKEY *a);
900int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
901X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
902
903DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
904DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
905DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
906
907#ifndef OPENSSL_NO_EVP
908X509_INFO * X509_INFO_new(void);
909void X509_INFO_free(X509_INFO *a);
910char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
911
912int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
913 ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
914
915int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
916 unsigned char *md,unsigned int *len);
917
918int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
919 ASN1_BIT_STRING *signature,
920 char *data,EVP_PKEY *pkey, const EVP_MD *type);
921
922int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
923 unsigned char *md,unsigned int *len);
924
925int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
926 ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
927
928int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
929 ASN1_BIT_STRING *signature,
930 void *data, EVP_PKEY *pkey, const EVP_MD *type);
931#endif
932
933int X509_set_version(X509 *x,long version);
934int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
935ASN1_INTEGER * X509_get_serialNumber(X509 *x);
936int X509_set_issuer_name(X509 *x, X509_NAME *name);
937X509_NAME * X509_get_issuer_name(X509 *a);
938int X509_set_subject_name(X509 *x, X509_NAME *name);
939X509_NAME * X509_get_subject_name(X509 *a);
940int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
941int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
942int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
943EVP_PKEY * X509_get_pubkey(X509 *x);
944ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
945int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
946
947int X509_REQ_set_version(X509_REQ *x,long version);
948int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
949int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
950EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
951int X509_REQ_extension_nid(int nid);
952int * X509_REQ_get_extension_nids(void);
953void X509_REQ_set_extension_nids(int *nids);
954STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
955int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
956 int nid);
957int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
958int X509_REQ_get_attr_count(const X509_REQ *req);
959int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
960 int lastpos);
961int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
962 int lastpos);
963X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
964X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
965int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
966int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
967 const ASN1_OBJECT *obj, int type,
968 const unsigned char *bytes, int len);
969int X509_REQ_add1_attr_by_NID(X509_REQ *req,
970 int nid, int type,
971 const unsigned char *bytes, int len);
972int X509_REQ_add1_attr_by_txt(X509_REQ *req,
973 const char *attrname, int type,
974 const unsigned char *bytes, int len);
975
976int X509_CRL_set_version(X509_CRL *x, long version);
977int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
978int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
979int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
980int X509_CRL_sort(X509_CRL *crl);
981
982int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
983int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
984
985int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
986
987int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
988unsigned long X509_issuer_and_serial_hash(X509 *a);
989
990int X509_issuer_name_cmp(const X509 *a, const X509 *b);
991unsigned long X509_issuer_name_hash(X509 *a);
992
993int X509_subject_name_cmp(const X509 *a, const X509 *b);
994unsigned long X509_subject_name_hash(X509 *x);
995
996int X509_cmp(const X509 *a, const X509 *b);
997int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
998unsigned long X509_NAME_hash(X509_NAME *x);
999
1000int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
1001#ifndef OPENSSL_NO_FP_API
1002int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
1003int X509_print_fp(FILE *bp,X509 *x);
1004int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
1005int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
1006int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
1007#endif
1008
1009#ifndef OPENSSL_NO_BIO
1010int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
1011int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
1012int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
1013int X509_print(BIO *bp,X509 *x);
1014int X509_ocspid_print(BIO *bp,X509 *x);
1015int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
1016int X509_CRL_print(BIO *bp,X509_CRL *x);
1017int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
1018int X509_REQ_print(BIO *bp,X509_REQ *req);
1019#endif
1020
1021int X509_NAME_entry_count(X509_NAME *name);
1022int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
1023 char *buf,int len);
1024int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
1025 char *buf,int len);
1026
1027/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
1028 * lastpos, search after that position on. */
1029int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
1030int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
1031 int lastpos);
1032X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
1033X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
1034int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
1035 int loc, int set);
1036int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
1037 unsigned char *bytes, int len, int loc, int set);
1038int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
1039 unsigned char *bytes, int len, int loc, int set);
1040X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
1041 const char *field, int type, const unsigned char *bytes, int len);
1042X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
1043 int type,unsigned char *bytes, int len);
1044int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
1045 const unsigned char *bytes, int len, int loc, int set);
1046X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
1047 ASN1_OBJECT *obj, int type,const unsigned char *bytes,
1048 int len);
1049int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
1050 ASN1_OBJECT *obj);
1051int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
1052 const unsigned char *bytes, int len);
1053ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
1054ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
1055
1056int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
1057int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
1058 int nid, int lastpos);
1059int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
1060 ASN1_OBJECT *obj,int lastpos);
1061int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
1062 int crit, int lastpos);
1063X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
1064X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
1065STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
1066 X509_EXTENSION *ex, int loc);
1067
1068int X509_get_ext_count(X509 *x);
1069int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
1070int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
1071int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
1072X509_EXTENSION *X509_get_ext(X509 *x, int loc);
1073X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
1074int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
1075void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
1076int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
1077 unsigned long flags);
1078
1079int X509_CRL_get_ext_count(X509_CRL *x);
1080int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
1081int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
1082int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
1083X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
1084X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
1085int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1086void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
1087int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
1088 unsigned long flags);
1089
1090int X509_REVOKED_get_ext_count(X509_REVOKED *x);
1091int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
1092int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
1093int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
1094X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
1095X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
1096int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
1097void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
1098int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
1099 unsigned long flags);
1100
1101X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
1102 int nid, int crit, ASN1_OCTET_STRING *data);
1103X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
1104 ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
1105int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
1106int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
1107int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1108 ASN1_OCTET_STRING *data);
1109ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
1110ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
1111int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
1112
1113int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
1114int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
1115 int lastpos);
1116int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
1117 int lastpos);
1118X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
1119X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
1120STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
1121 X509_ATTRIBUTE *attr);
1122STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
1123 const ASN1_OBJECT *obj, int type,
1124 const unsigned char *bytes, int len);
1125STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
1126 int nid, int type,
1127 const unsigned char *bytes, int len);
1128STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
1129 const char *attrname, int type,
1130 const unsigned char *bytes, int len);
1131X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
1132 int atrtype, const void *data, int len);
1133X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
1134 const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
1135X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
1136 const char *atrname, int type, const unsigned char *bytes, int len);
1137int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
1138int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
1139void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
1140 int atrtype, void *data);
1141int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
1142ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
1143ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
1144
1145int X509_verify_cert(X509_STORE_CTX *ctx);
1146
1147/* lookup a cert from a X509 STACK */
1148X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
1149 ASN1_INTEGER *serial);
1150X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
1151
1152DECLARE_ASN1_FUNCTIONS(PBEPARAM)
1153DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
1154DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
1155
1156X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
1157X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
1158 unsigned char *salt, int saltlen);
1159
1160/* PKCS#8 utilities */
1161
1162DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
1163
1164EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
1165PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
1166PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
1167PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
1168
1169int X509_check_trust(X509 *x, int id, int flags);
1170int X509_TRUST_get_count(void);
1171X509_TRUST * X509_TRUST_get0(int idx);
1172int X509_TRUST_get_by_id(int id);
1173int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
1174 char *name, int arg1, void *arg2);
1175void X509_TRUST_cleanup(void);
1176int X509_TRUST_get_flags(X509_TRUST *xp);
1177char *X509_TRUST_get0_name(X509_TRUST *xp);
1178int X509_TRUST_get_trust(X509_TRUST *xp);
1179
1180/* BEGIN ERROR CODES */
1181/* The following lines are auto generated by the script mkerr.pl. Any changes
1182 * made after this point may be overwritten when the script is next run.
1183 */
1184void ERR_load_X509_strings(void);
1185
1186/* Error codes for the X509 functions. */
1187
1188/* Function codes. */
1189#define X509_F_ADD_CERT_DIR 100
1190#define X509_F_BY_FILE_CTRL 101
1191#define X509_F_DIR_CTRL 102
1192#define X509_F_GET_CERT_BY_SUBJECT 103
1193#define X509_F_NETSCAPE_SPKI_B64_DECODE 129
1194#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
1195#define X509_F_X509V3_ADD_EXT 104
1196#define X509_F_X509_ADD_ATTR 135
1197#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
1198#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
1199#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
1200#define X509_F_X509_ATTRIBUTE_GET0_DATA 139
1201#define X509_F_X509_ATTRIBUTE_SET1_DATA 138
1202#define X509_F_X509_CHECK_PRIVATE_KEY 128
1203#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
1204#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
1205#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
1206#define X509_F_X509_LOAD_CERT_CRL_FILE 132
1207#define X509_F_X509_LOAD_CERT_FILE 111
1208#define X509_F_X509_LOAD_CRL_FILE 112
1209#define X509_F_X509_NAME_ADD_ENTRY 113
1210#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
1211#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
1212#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
1213#define X509_F_X509_NAME_ONELINE 116
1214#define X509_F_X509_NAME_PRINT 117
1215#define X509_F_X509_PRINT_FP 118
1216#define X509_F_X509_PUBKEY_GET 119
1217#define X509_F_X509_PUBKEY_SET 120
1218#define X509_F_X509_REQ_PRINT 121
1219#define X509_F_X509_REQ_PRINT_FP 122
1220#define X509_F_X509_REQ_TO_X509 123
1221#define X509_F_X509_STORE_ADD_CERT 124
1222#define X509_F_X509_STORE_ADD_CRL 125
1223#define X509_F_X509_STORE_CTX_INIT 143
1224#define X509_F_X509_STORE_CTX_NEW 142
1225#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
1226#define X509_F_X509_TO_X509_REQ 126
1227#define X509_F_X509_TRUST_ADD 133
1228#define X509_F_X509_TRUST_SET 141
1229#define X509_F_X509_VERIFY_CERT 127
1230
1231/* Reason codes. */
1232#define X509_R_BAD_X509_FILETYPE 100
1233#define X509_R_BASE64_DECODE_ERROR 118
1234#define X509_R_CANT_CHECK_DH_KEY 114
1235#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
1236#define X509_R_ERR_ASN1_LIB 102
1237#define X509_R_INVALID_DIRECTORY 113
1238#define X509_R_INVALID_FIELD_NAME 119
1239#define X509_R_INVALID_TRUST 123
1240#define X509_R_KEY_TYPE_MISMATCH 115
1241#define X509_R_KEY_VALUES_MISMATCH 116
1242#define X509_R_LOADING_CERT_DIR 103
1243#define X509_R_LOADING_DEFAULTS 104
1244#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
1245#define X509_R_SHOULD_RETRY 106
1246#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
1247#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
1248#define X509_R_UNKNOWN_KEY_TYPE 117
1249#define X509_R_UNKNOWN_NID 109
1250#define X509_R_UNKNOWN_PURPOSE_ID 121
1251#define X509_R_UNKNOWN_TRUST_ID 120
1252#define X509_R_UNSUPPORTED_ALGORITHM 111
1253#define X509_R_WRONG_LOOKUP_TYPE 112
1254#define X509_R_WRONG_TYPE 122
1255
1256#ifdef __cplusplus
1257}
1258#endif
1259#endif
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
deleted file mode 100644
index 0bae3d32a1..0000000000
--- a/src/lib/libcrypto/x509/x509_att.c
+++ /dev/null
@@ -1,326 +0,0 @@
1/* crypto/x509/x509_att.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
69{
70 if (!x) return 0;
71 return(sk_X509_ATTRIBUTE_num(x));
72}
73
74int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
75 int lastpos)
76{
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509at_get_attr_by_OBJ(x,obj,lastpos));
82}
83
84int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86{
87 int n;
88 X509_ATTRIBUTE *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_ATTRIBUTE_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102}
103
104X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
105{
106 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
107 return NULL;
108 else
109 return sk_X509_ATTRIBUTE_value(x,loc);
110}
111
112X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
113{
114 X509_ATTRIBUTE *ret;
115
116 if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
117 return(NULL);
118 ret=sk_X509_ATTRIBUTE_delete(x,loc);
119 return(ret);
120}
121
122STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
123 X509_ATTRIBUTE *attr)
124{
125 X509_ATTRIBUTE *new_attr=NULL;
126 STACK_OF(X509_ATTRIBUTE) *sk=NULL;
127
128 if ((x != NULL) && (*x == NULL))
129 {
130 if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
131 goto err;
132 }
133 else
134 sk= *x;
135
136 if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
137 goto err2;
138 if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
139 goto err;
140 if ((x != NULL) && (*x == NULL))
141 *x=sk;
142 return(sk);
143err:
144 X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
145err2:
146 if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
147 if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
148 return(NULL);
149}
150
151STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
152 const ASN1_OBJECT *obj, int type,
153 const unsigned char *bytes, int len)
154{
155 X509_ATTRIBUTE *attr;
156 STACK_OF(X509_ATTRIBUTE) *ret;
157 attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
158 if(!attr) return 0;
159 ret = X509at_add1_attr(x, attr);
160 X509_ATTRIBUTE_free(attr);
161 return ret;
162}
163
164STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
165 int nid, int type,
166 const unsigned char *bytes, int len)
167{
168 X509_ATTRIBUTE *attr;
169 STACK_OF(X509_ATTRIBUTE) *ret;
170 attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
171 if(!attr) return 0;
172 ret = X509at_add1_attr(x, attr);
173 X509_ATTRIBUTE_free(attr);
174 return ret;
175}
176
177STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
178 const char *attrname, int type,
179 const unsigned char *bytes, int len)
180{
181 X509_ATTRIBUTE *attr;
182 STACK_OF(X509_ATTRIBUTE) *ret;
183 attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
184 if(!attr) return 0;
185 ret = X509at_add1_attr(x, attr);
186 X509_ATTRIBUTE_free(attr);
187 return ret;
188}
189
190X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
191 int atrtype, const void *data, int len)
192{
193 ASN1_OBJECT *obj;
194 X509_ATTRIBUTE *ret;
195
196 obj=OBJ_nid2obj(nid);
197 if (obj == NULL)
198 {
199 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
200 return(NULL);
201 }
202 ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
203 if (ret == NULL) ASN1_OBJECT_free(obj);
204 return(ret);
205}
206
207X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
208 const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
209{
210 X509_ATTRIBUTE *ret;
211
212 if ((attr == NULL) || (*attr == NULL))
213 {
214 if ((ret=X509_ATTRIBUTE_new()) == NULL)
215 {
216 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
217 return(NULL);
218 }
219 }
220 else
221 ret= *attr;
222
223 if (!X509_ATTRIBUTE_set1_object(ret,obj))
224 goto err;
225 if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
226 goto err;
227
228 if ((attr != NULL) && (*attr == NULL)) *attr=ret;
229 return(ret);
230err:
231 if ((attr == NULL) || (ret != *attr))
232 X509_ATTRIBUTE_free(ret);
233 return(NULL);
234}
235
236X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
237 const char *atrname, int type, const unsigned char *bytes, int len)
238 {
239 ASN1_OBJECT *obj;
240 X509_ATTRIBUTE *nattr;
241
242 obj=OBJ_txt2obj(atrname, 0);
243 if (obj == NULL)
244 {
245 X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
246 X509_R_INVALID_FIELD_NAME);
247 ERR_add_error_data(2, "name=", atrname);
248 return(NULL);
249 }
250 nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
251 ASN1_OBJECT_free(obj);
252 return nattr;
253 }
254
255int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
256{
257 if ((attr == NULL) || (obj == NULL))
258 return(0);
259 ASN1_OBJECT_free(attr->object);
260 attr->object=OBJ_dup(obj);
261 return(1);
262}
263
264int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
265{
266 ASN1_TYPE *ttmp;
267 ASN1_STRING *stmp;
268 int atype;
269 if (!attr) return 0;
270 if(attrtype & MBSTRING_FLAG) {
271 stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
272 OBJ_obj2nid(attr->object));
273 if(!stmp) {
274 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
275 return 0;
276 }
277 atype = stmp->type;
278 } else {
279 if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
280 if(!ASN1_STRING_set(stmp, data, len)) goto err;
281 atype = attrtype;
282 }
283 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
284 if(!(ttmp = ASN1_TYPE_new())) goto err;
285 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
286 attr->single = 0;
287 ASN1_TYPE_set(ttmp, atype, stmp);
288 return 1;
289 err:
290 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
291 return 0;
292}
293
294int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
295{
296 if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
297 if(attr->value.single) return 1;
298 return 0;
299}
300
301ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
302{
303 if (attr == NULL) return(NULL);
304 return(attr->object);
305}
306
307void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
308 int atrtype, void *data)
309{
310 ASN1_TYPE *ttmp;
311 ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
312 if(!ttmp) return NULL;
313 if(atrtype != ASN1_TYPE_get(ttmp)){
314 X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
315 return NULL;
316 }
317 return ttmp->value.ptr;
318}
319
320ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
321{
322 if (attr == NULL) return(NULL);
323 if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
324 if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
325 else return attr->value.single;
326}
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
deleted file mode 100644
index 030d0966fc..0000000000
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ /dev/null
@@ -1,440 +0,0 @@
1/* crypto/x509/x509_cmp.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <ctype.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65#include <openssl/x509v3.h>
66
67int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
68 {
69 int i;
70 X509_CINF *ai,*bi;
71
72 ai=a->cert_info;
73 bi=b->cert_info;
74 i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
75 if (i) return(i);
76 return(X509_NAME_cmp(ai->issuer,bi->issuer));
77 }
78
79#ifndef OPENSSL_NO_MD5
80unsigned long X509_issuer_and_serial_hash(X509 *a)
81 {
82 unsigned long ret=0;
83 EVP_MD_CTX ctx;
84 unsigned char md[16];
85 char *f;
86
87 EVP_MD_CTX_init(&ctx);
88 f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
89 ret=strlen(f);
90 EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
91 EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
92 OPENSSL_free(f);
93 EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
94 (unsigned long)a->cert_info->serialNumber->length);
95 EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
96 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
97 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
98 )&0xffffffffL;
99 EVP_MD_CTX_cleanup(&ctx);
100 return(ret);
101 }
102#endif
103
104int X509_issuer_name_cmp(const X509 *a, const X509 *b)
105 {
106 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
107 }
108
109int X509_subject_name_cmp(const X509 *a, const X509 *b)
110 {
111 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
112 }
113
114int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
115 {
116 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
117 }
118
119X509_NAME *X509_get_issuer_name(X509 *a)
120 {
121 return(a->cert_info->issuer);
122 }
123
124unsigned long X509_issuer_name_hash(X509 *x)
125 {
126 return(X509_NAME_hash(x->cert_info->issuer));
127 }
128
129X509_NAME *X509_get_subject_name(X509 *a)
130 {
131 return(a->cert_info->subject);
132 }
133
134ASN1_INTEGER *X509_get_serialNumber(X509 *a)
135 {
136 return(a->cert_info->serialNumber);
137 }
138
139unsigned long X509_subject_name_hash(X509 *x)
140 {
141 return(X509_NAME_hash(x->cert_info->subject));
142 }
143
144#ifndef OPENSSL_NO_SHA
145/* Compare two certificates: they must be identical for
146 * this to work. NB: Although "cmp" operations are generally
147 * prototyped to take "const" arguments (eg. for use in
148 * STACKs), the way X509 handling is - these operations may
149 * involve ensuring the hashes are up-to-date and ensuring
150 * certain cert information is cached. So this is the point
151 * where the "depth-first" constification tree has to halt
152 * with an evil cast.
153 */
154int X509_cmp(const X509 *a, const X509 *b)
155{
156 /* ensure hash is valid */
157 X509_check_purpose((X509 *)a, -1, 0);
158 X509_check_purpose((X509 *)b, -1, 0);
159
160 return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
161}
162#endif
163
164
165/* Case insensitive string comparision */
166static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
167{
168 int i;
169
170 if (a->length != b->length)
171 return (a->length - b->length);
172
173 for (i=0; i<a->length; i++)
174 {
175 int ca, cb;
176
177 ca = tolower(a->data[i]);
178 cb = tolower(b->data[i]);
179
180 if (ca != cb)
181 return(ca-cb);
182 }
183 return 0;
184}
185
186/* Case insensitive string comparision with space normalization
187 * Space normalization - ignore leading, trailing spaces,
188 * multiple spaces between characters are replaced by single space
189 */
190static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
191{
192 unsigned char *pa = NULL, *pb = NULL;
193 int la, lb;
194
195 la = a->length;
196 lb = b->length;
197 pa = a->data;
198 pb = b->data;
199
200 /* skip leading spaces */
201 while (la > 0 && isspace(*pa))
202 {
203 la--;
204 pa++;
205 }
206 while (lb > 0 && isspace(*pb))
207 {
208 lb--;
209 pb++;
210 }
211
212 /* skip trailing spaces */
213 while (la > 0 && isspace(pa[la-1]))
214 la--;
215 while (lb > 0 && isspace(pb[lb-1]))
216 lb--;
217
218 /* compare strings with space normalization */
219 while (la > 0 && lb > 0)
220 {
221 int ca, cb;
222
223 /* compare character */
224 ca = tolower(*pa);
225 cb = tolower(*pb);
226 if (ca != cb)
227 return (ca - cb);
228
229 pa++; pb++;
230 la--; lb--;
231
232 if (la <= 0 || lb <= 0)
233 break;
234
235 /* is white space next character ? */
236 if (isspace(*pa) && isspace(*pb))
237 {
238 /* skip remaining white spaces */
239 while (la > 0 && isspace(*pa))
240 {
241 la--;
242 pa++;
243 }
244 while (lb > 0 && isspace(*pb))
245 {
246 lb--;
247 pb++;
248 }
249 }
250 }
251 if (la > 0 || lb > 0)
252 return la - lb;
253
254 return 0;
255}
256
257static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
258 {
259 int j;
260 j = a->length - b->length;
261 if (j)
262 return j;
263 return memcmp(a->data, b->data, a->length);
264 }
265
266#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
267
268int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
269 {
270 int i,j;
271 X509_NAME_ENTRY *na,*nb;
272
273 unsigned long nabit, nbbit;
274
275 j = sk_X509_NAME_ENTRY_num(a->entries)
276 - sk_X509_NAME_ENTRY_num(b->entries);
277 if (j)
278 return j;
279 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
280 {
281 na=sk_X509_NAME_ENTRY_value(a->entries,i);
282 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
283 j=na->value->type-nb->value->type;
284 if (j)
285 {
286 nabit = ASN1_tag2bit(na->value->type);
287 nbbit = ASN1_tag2bit(nb->value->type);
288 if (!(nabit & STR_TYPE_CMP) ||
289 !(nbbit & STR_TYPE_CMP))
290 return j;
291 j = asn1_string_memcmp(na->value, nb->value);
292 }
293 else if (na->value->type == V_ASN1_PRINTABLESTRING)
294 j=nocase_spacenorm_cmp(na->value, nb->value);
295 else if (na->value->type == V_ASN1_IA5STRING
296 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
297 j=nocase_cmp(na->value, nb->value);
298 else
299 j = asn1_string_memcmp(na->value, nb->value);
300 if (j) return(j);
301 j=na->set-nb->set;
302 if (j) return(j);
303 }
304
305 /* We will check the object types after checking the values
306 * since the values will more often be different than the object
307 * types. */
308 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
309 {
310 na=sk_X509_NAME_ENTRY_value(a->entries,i);
311 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
312 j=OBJ_cmp(na->object,nb->object);
313 if (j) return(j);
314 }
315 return(0);
316 }
317
318#ifndef OPENSSL_NO_MD5
319/* I now DER encode the name and hash it. Since I cache the DER encoding,
320 * this is reasonably efficient. */
321unsigned long X509_NAME_hash(X509_NAME *x)
322 {
323 unsigned long ret=0;
324 unsigned char md[16];
325 EVP_MD_CTX md_ctx;
326
327 /* Make sure X509_NAME structure contains valid cached encoding */
328 i2d_X509_NAME(x,NULL);
329 EVP_MD_CTX_init(&md_ctx);
330 EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
331 EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
332 EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
333 EVP_DigestFinal_ex(&md_ctx,md,NULL);
334 EVP_MD_CTX_cleanup(&md_ctx);
335
336 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
337 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
338 )&0xffffffffL;
339 return(ret);
340 }
341#endif
342
343/* Search a stack of X509 for a match */
344X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
345 ASN1_INTEGER *serial)
346 {
347 int i;
348 X509_CINF cinf;
349 X509 x,*x509=NULL;
350
351 if(!sk) return NULL;
352
353 x.cert_info= &cinf;
354 cinf.serialNumber=serial;
355 cinf.issuer=name;
356
357 for (i=0; i<sk_X509_num(sk); i++)
358 {
359 x509=sk_X509_value(sk,i);
360 if (X509_issuer_and_serial_cmp(x509,&x) == 0)
361 return(x509);
362 }
363 return(NULL);
364 }
365
366X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
367 {
368 X509 *x509;
369 int i;
370
371 for (i=0; i<sk_X509_num(sk); i++)
372 {
373 x509=sk_X509_value(sk,i);
374 if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
375 return(x509);
376 }
377 return(NULL);
378 }
379
380EVP_PKEY *X509_get_pubkey(X509 *x)
381 {
382 if ((x == NULL) || (x->cert_info == NULL))
383 return(NULL);
384 return(X509_PUBKEY_get(x->cert_info->key));
385 }
386
387ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
388 {
389 if(!x) return NULL;
390 return x->cert_info->key->public_key;
391 }
392
393int X509_check_private_key(X509 *x, EVP_PKEY *k)
394 {
395 EVP_PKEY *xk=NULL;
396 int ok=0;
397
398 xk=X509_get_pubkey(x);
399 if (xk->type != k->type)
400 {
401 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
402 goto err;
403 }
404 switch (k->type)
405 {
406#ifndef OPENSSL_NO_RSA
407 case EVP_PKEY_RSA:
408 if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
409 || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
410 {
411 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
412 goto err;
413 }
414 break;
415#endif
416#ifndef OPENSSL_NO_DSA
417 case EVP_PKEY_DSA:
418 if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
419 {
420 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
421 goto err;
422 }
423 break;
424#endif
425#ifndef OPENSSL_NO_DH
426 case EVP_PKEY_DH:
427 /* No idea */
428 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
429 goto err;
430#endif
431 default:
432 X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
433 goto err;
434 }
435
436 ok=1;
437err:
438 EVP_PKEY_free(xk);
439 return(ok);
440 }
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
deleted file mode 100644
index 51410cfd1a..0000000000
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* crypto/x509/x509_d2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/crypto.h>
62#include <openssl/x509.h>
63
64#ifndef OPENSSL_NO_STDIO
65int X509_STORE_set_default_paths(X509_STORE *ctx)
66 {
67 X509_LOOKUP *lookup;
68
69 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
70 if (lookup == NULL) return(0);
71 X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
72
73 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
74 if (lookup == NULL) return(0);
75 X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
76
77 /* clear any errors */
78 ERR_clear_error();
79
80 return(1);
81 }
82
83int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
84 const char *path)
85 {
86 X509_LOOKUP *lookup;
87
88 if (file != NULL)
89 {
90 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
91 if (lookup == NULL) return(0);
92 if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
93 return(0);
94 }
95 if (path != NULL)
96 {
97 lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
98 if (lookup == NULL) return(0);
99 if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
100 return(0);
101 }
102 if ((path == NULL) && (file == NULL))
103 return(0);
104 return(1);
105 }
106
107#endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
deleted file mode 100644
index e0ac151a76..0000000000
--- a/src/lib/libcrypto/x509/x509_def.c
+++ /dev/null
@@ -1,81 +0,0 @@
1/* crypto/x509/x509_def.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/crypto.h>
62#include <openssl/x509.h>
63
64const char *X509_get_default_private_dir(void)
65 { return(X509_PRIVATE_DIR); }
66
67const char *X509_get_default_cert_area(void)
68 { return(X509_CERT_AREA); }
69
70const char *X509_get_default_cert_dir(void)
71 { return(X509_CERT_DIR); }
72
73const char *X509_get_default_cert_file(void)
74 { return(X509_CERT_FILE); }
75
76const char *X509_get_default_cert_dir_env(void)
77 { return(X509_CERT_DIR_EVP); }
78
79const char *X509_get_default_cert_file_env(void)
80 { return(X509_CERT_FILE_EVP); }
81
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
deleted file mode 100644
index d44d046027..0000000000
--- a/src/lib/libcrypto/x509/x509_err.c
+++ /dev/null
@@ -1,160 +0,0 @@
1/* crypto/x509/x509_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/x509.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
70
71static ERR_STRING_DATA X509_str_functs[]=
72 {
73{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
74{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
75{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
76{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
77{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
78{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
79{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
80{ERR_FUNC(X509_F_X509_ADD_ATTR), "X509_ADD_ATTR"},
81{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
82{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
83{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
84{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
85{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
86{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
87{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
88{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
89{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
90{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
91{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
92{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
93{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
94{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
95{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
96{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
97{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
98{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
99{ERR_FUNC(X509_F_X509_PRINT_FP), "X509_print_fp"},
100{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
101{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
102{ERR_FUNC(X509_F_X509_REQ_PRINT), "X509_REQ_print"},
103{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
104{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
105{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
106{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
107{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
108{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
109{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
110{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
111{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
112{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
113{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
114{0,NULL}
115 };
116
117static ERR_STRING_DATA X509_str_reasons[]=
118 {
119{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"},
120{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"},
121{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"},
122{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
123{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"},
124{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"},
125{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"},
126{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"},
127{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"},
128{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"},
129{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"},
130{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"},
131{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
132{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"},
133{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
134{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
135{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"},
136{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"},
137{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"},
138{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"},
139{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
140{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"},
141{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"},
142{0,NULL}
143 };
144
145#endif
146
147void ERR_load_X509_strings(void)
148 {
149 static int init=1;
150
151 if (init)
152 {
153 init=0;
154#ifndef OPENSSL_NO_ERR
155 ERR_load_strings(0,X509_str_functs);
156 ERR_load_strings(0,X509_str_reasons);
157#endif
158
159 }
160 }
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
deleted file mode 100644
index e7fdacb5e4..0000000000
--- a/src/lib/libcrypto/x509/x509_ext.c
+++ /dev/null
@@ -1,210 +0,0 @@
1/* crypto/x509/x509_ext.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68
69int X509_CRL_get_ext_count(X509_CRL *x)
70 {
71 return(X509v3_get_ext_count(x->crl->extensions));
72 }
73
74int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
75 {
76 return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
77 }
78
79int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
80 {
81 return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
82 }
83
84int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
85 {
86 return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
87 }
88
89X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
90 {
91 return(X509v3_get_ext(x->crl->extensions,loc));
92 }
93
94X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
95 {
96 return(X509v3_delete_ext(x->crl->extensions,loc));
97 }
98
99void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
100{
101 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
102}
103
104int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
105 unsigned long flags)
106{
107 return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
108}
109
110int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
111 {
112 return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
113 }
114
115int X509_get_ext_count(X509 *x)
116 {
117 return(X509v3_get_ext_count(x->cert_info->extensions));
118 }
119
120int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
121 {
122 return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
123 }
124
125int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
126 {
127 return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
128 }
129
130int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
131 {
132 return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
133 }
134
135X509_EXTENSION *X509_get_ext(X509 *x, int loc)
136 {
137 return(X509v3_get_ext(x->cert_info->extensions,loc));
138 }
139
140X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
141 {
142 return(X509v3_delete_ext(x->cert_info->extensions,loc));
143 }
144
145int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
146 {
147 return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
148 }
149
150void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
151{
152 return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
153}
154
155int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
156 unsigned long flags)
157{
158 return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
159 flags);
160}
161
162int X509_REVOKED_get_ext_count(X509_REVOKED *x)
163 {
164 return(X509v3_get_ext_count(x->extensions));
165 }
166
167int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
168 {
169 return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
170 }
171
172int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
173 int lastpos)
174 {
175 return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
176 }
177
178int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
179 {
180 return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
181 }
182
183X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
184 {
185 return(X509v3_get_ext(x->extensions,loc));
186 }
187
188X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
189 {
190 return(X509v3_delete_ext(x->extensions,loc));
191 }
192
193int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
194 {
195 return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
196 }
197
198void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
199{
200 return X509V3_get_d2i(x->extensions, nid, crit, idx);
201}
202
203int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
204 unsigned long flags)
205{
206 return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
207}
208
209IMPLEMENT_STACK_OF(X509_EXTENSION)
210IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
deleted file mode 100644
index b780dae5e2..0000000000
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ /dev/null
@@ -1,557 +0,0 @@
1/* crypto/x509/x509_lu.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/x509.h>
63#include <openssl/x509v3.h>
64
65X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
66 {
67 X509_LOOKUP *ret;
68
69 ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
70 if (ret == NULL) return NULL;
71
72 ret->init=0;
73 ret->skip=0;
74 ret->method=method;
75 ret->method_data=NULL;
76 ret->store_ctx=NULL;
77 if ((method->new_item != NULL) && !method->new_item(ret))
78 {
79 OPENSSL_free(ret);
80 return NULL;
81 }
82 return ret;
83 }
84
85void X509_LOOKUP_free(X509_LOOKUP *ctx)
86 {
87 if (ctx == NULL) return;
88 if ( (ctx->method != NULL) &&
89 (ctx->method->free != NULL))
90 ctx->method->free(ctx);
91 OPENSSL_free(ctx);
92 }
93
94int X509_LOOKUP_init(X509_LOOKUP *ctx)
95 {
96 if (ctx->method == NULL) return 0;
97 if (ctx->method->init != NULL)
98 return ctx->method->init(ctx);
99 else
100 return 1;
101 }
102
103int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
104 {
105 if (ctx->method == NULL) return 0;
106 if (ctx->method->shutdown != NULL)
107 return ctx->method->shutdown(ctx);
108 else
109 return 1;
110 }
111
112int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
113 char **ret)
114 {
115 if (ctx->method == NULL) return -1;
116 if (ctx->method->ctrl != NULL)
117 return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
118 else
119 return 1;
120 }
121
122int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
123 X509_OBJECT *ret)
124 {
125 if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
126 return X509_LU_FAIL;
127 if (ctx->skip) return 0;
128 return ctx->method->get_by_subject(ctx,type,name,ret);
129 }
130
131int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
132 ASN1_INTEGER *serial, X509_OBJECT *ret)
133 {
134 if ((ctx->method == NULL) ||
135 (ctx->method->get_by_issuer_serial == NULL))
136 return X509_LU_FAIL;
137 return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
138 }
139
140int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
141 unsigned char *bytes, int len, X509_OBJECT *ret)
142 {
143 if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
144 return X509_LU_FAIL;
145 return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
146 }
147
148int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
149 X509_OBJECT *ret)
150 {
151 if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
152 return X509_LU_FAIL;
153 return ctx->method->get_by_alias(ctx,type,str,len,ret);
154 }
155
156
157static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
158 {
159 int ret;
160
161 ret=((*a)->type - (*b)->type);
162 if (ret) return ret;
163 switch ((*a)->type)
164 {
165 case X509_LU_X509:
166 ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
167 break;
168 case X509_LU_CRL:
169 ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
170 break;
171 default:
172 /* abort(); */
173 return 0;
174 }
175 return ret;
176 }
177
178X509_STORE *X509_STORE_new(void)
179 {
180 X509_STORE *ret;
181
182 if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
183 return NULL;
184 ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
185 ret->cache=1;
186 ret->get_cert_methods=sk_X509_LOOKUP_new_null();
187 ret->verify=0;
188 ret->verify_cb=0;
189
190 ret->purpose = 0;
191 ret->trust = 0;
192
193 ret->flags = 0;
194
195 ret->get_issuer = 0;
196 ret->check_issued = 0;
197 ret->check_revocation = 0;
198 ret->get_crl = 0;
199 ret->check_crl = 0;
200 ret->cert_crl = 0;
201 ret->cleanup = 0;
202
203 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
204 ret->references=1;
205 ret->depth=0;
206 return ret;
207 }
208
209static void cleanup(X509_OBJECT *a)
210 {
211 if (a->type == X509_LU_X509)
212 {
213 X509_free(a->data.x509);
214 }
215 else if (a->type == X509_LU_CRL)
216 {
217 X509_CRL_free(a->data.crl);
218 }
219 else
220 {
221 /* abort(); */
222 }
223
224 OPENSSL_free(a);
225 }
226
227void X509_STORE_free(X509_STORE *vfy)
228 {
229 int i;
230 STACK_OF(X509_LOOKUP) *sk;
231 X509_LOOKUP *lu;
232
233 if (vfy == NULL)
234 return;
235
236 sk=vfy->get_cert_methods;
237 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
238 {
239 lu=sk_X509_LOOKUP_value(sk,i);
240 X509_LOOKUP_shutdown(lu);
241 X509_LOOKUP_free(lu);
242 }
243 sk_X509_LOOKUP_free(sk);
244 sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
245
246 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
247 OPENSSL_free(vfy);
248 }
249
250X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
251 {
252 int i;
253 STACK_OF(X509_LOOKUP) *sk;
254 X509_LOOKUP *lu;
255
256 sk=v->get_cert_methods;
257 for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
258 {
259 lu=sk_X509_LOOKUP_value(sk,i);
260 if (m == lu->method)
261 {
262 return lu;
263 }
264 }
265 /* a new one */
266 lu=X509_LOOKUP_new(m);
267 if (lu == NULL)
268 return NULL;
269 else
270 {
271 lu->store_ctx=v;
272 if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
273 return lu;
274 else
275 {
276 X509_LOOKUP_free(lu);
277 return NULL;
278 }
279 }
280 }
281
282int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
283 X509_OBJECT *ret)
284 {
285 X509_STORE *ctx=vs->ctx;
286 X509_LOOKUP *lu;
287 X509_OBJECT stmp,*tmp;
288 int i,j;
289
290 tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
291
292 if (tmp == NULL)
293 {
294 for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
295 {
296 lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
297 j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
298 if (j < 0)
299 {
300 vs->current_method=j;
301 return j;
302 }
303 else if (j)
304 {
305 tmp= &stmp;
306 break;
307 }
308 }
309 vs->current_method=0;
310 if (tmp == NULL)
311 return 0;
312 }
313
314/* if (ret->data.ptr != NULL)
315 X509_OBJECT_free_contents(ret); */
316
317 ret->type=tmp->type;
318 ret->data.ptr=tmp->data.ptr;
319
320 X509_OBJECT_up_ref_count(ret);
321
322 return 1;
323 }
324
325int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
326 {
327 X509_OBJECT *obj;
328 int ret=1;
329
330 if (x == NULL) return 0;
331 obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
332 if (obj == NULL)
333 {
334 X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
335 return 0;
336 }
337 obj->type=X509_LU_X509;
338 obj->data.x509=x;
339
340 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
341
342 X509_OBJECT_up_ref_count(obj);
343
344
345 if (X509_OBJECT_retrieve_match(ctx->objs, obj))
346 {
347 X509_OBJECT_free_contents(obj);
348 OPENSSL_free(obj);
349 X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
350 ret=0;
351 }
352 else sk_X509_OBJECT_push(ctx->objs, obj);
353
354 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
355
356 return ret;
357 }
358
359int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
360 {
361 X509_OBJECT *obj;
362 int ret=1;
363
364 if (x == NULL) return 0;
365 obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
366 if (obj == NULL)
367 {
368 X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
369 return 0;
370 }
371 obj->type=X509_LU_CRL;
372 obj->data.crl=x;
373
374 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
375
376 X509_OBJECT_up_ref_count(obj);
377
378 if (X509_OBJECT_retrieve_match(ctx->objs, obj))
379 {
380 X509_OBJECT_free_contents(obj);
381 OPENSSL_free(obj);
382 X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
383 ret=0;
384 }
385 else sk_X509_OBJECT_push(ctx->objs, obj);
386
387 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
388
389 return ret;
390 }
391
392void X509_OBJECT_up_ref_count(X509_OBJECT *a)
393 {
394 switch (a->type)
395 {
396 case X509_LU_X509:
397 CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
398 break;
399 case X509_LU_CRL:
400 CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
401 break;
402 }
403 }
404
405void X509_OBJECT_free_contents(X509_OBJECT *a)
406 {
407 switch (a->type)
408 {
409 case X509_LU_X509:
410 X509_free(a->data.x509);
411 break;
412 case X509_LU_CRL:
413 X509_CRL_free(a->data.crl);
414 break;
415 }
416 }
417
418int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
419 X509_NAME *name)
420 {
421 X509_OBJECT stmp;
422 X509 x509_s;
423 X509_CINF cinf_s;
424 X509_CRL crl_s;
425 X509_CRL_INFO crl_info_s;
426
427 stmp.type=type;
428 switch (type)
429 {
430 case X509_LU_X509:
431 stmp.data.x509= &x509_s;
432 x509_s.cert_info= &cinf_s;
433 cinf_s.subject=name;
434 break;
435 case X509_LU_CRL:
436 stmp.data.crl= &crl_s;
437 crl_s.crl= &crl_info_s;
438 crl_info_s.issuer=name;
439 break;
440 default:
441 /* abort(); */
442 return -1;
443 }
444
445 return sk_X509_OBJECT_find(h,&stmp);
446 }
447
448X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
449 X509_NAME *name)
450{
451 int idx;
452 idx = X509_OBJECT_idx_by_subject(h, type, name);
453 if (idx==-1) return NULL;
454 return sk_X509_OBJECT_value(h, idx);
455}
456
457X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
458{
459 int idx, i;
460 X509_OBJECT *obj;
461 idx = sk_X509_OBJECT_find(h, x);
462 if (idx == -1) return NULL;
463 if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
464 for (i = idx; i < sk_X509_OBJECT_num(h); i++)
465 {
466 obj = sk_X509_OBJECT_value(h, i);
467 if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
468 return NULL;
469 if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
470 return obj;
471 }
472 return NULL;
473}
474
475
476/* Try to get issuer certificate from store. Due to limitations
477 * of the API this can only retrieve a single certificate matching
478 * a given subject name. However it will fill the cache with all
479 * matching certificates, so we can examine the cache for all
480 * matches.
481 *
482 * Return values are:
483 * 1 lookup successful.
484 * 0 certificate not found.
485 * -1 some other error.
486 */
487
488
489int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
490{
491 X509_NAME *xn;
492 X509_OBJECT obj, *pobj;
493 int i, ok, idx;
494 xn=X509_get_issuer_name(x);
495 ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
496 if (ok != X509_LU_X509)
497 {
498 if (ok == X509_LU_RETRY)
499 {
500 X509_OBJECT_free_contents(&obj);
501 X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
502 return -1;
503 }
504 else if (ok != X509_LU_FAIL)
505 {
506 X509_OBJECT_free_contents(&obj);
507 /* not good :-(, break anyway */
508 return -1;
509 }
510 return 0;
511 }
512 /* If certificate matches all OK */
513 if (ctx->check_issued(ctx, x, obj.data.x509))
514 {
515 *issuer = obj.data.x509;
516 return 1;
517 }
518 X509_OBJECT_free_contents(&obj);
519 /* Else find index of first matching cert */
520 idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
521 /* This shouldn't normally happen since we already have one match */
522 if (idx == -1) return 0;
523
524 /* Look through all matching certificates for a suitable issuer */
525 for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
526 {
527 pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
528 /* See if we've ran out of matches */
529 if (pobj->type != X509_LU_X509) return 0;
530 if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
531 if (ctx->check_issued(ctx, x, pobj->data.x509))
532 {
533 *issuer = pobj->data.x509;
534 X509_OBJECT_up_ref_count(pobj);
535 return 1;
536 }
537 }
538 return 0;
539}
540
541void X509_STORE_set_flags(X509_STORE *ctx, long flags)
542 {
543 ctx->flags |= flags;
544 }
545
546int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
547 {
548 return X509_PURPOSE_set(&ctx->purpose, purpose);
549 }
550
551int X509_STORE_set_trust(X509_STORE *ctx, int trust)
552 {
553 return X509_TRUST_set(&ctx->trust, trust);
554 }
555
556IMPLEMENT_STACK_OF(X509_LOOKUP)
557IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
deleted file mode 100644
index 1e718f76eb..0000000000
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ /dev/null
@@ -1,226 +0,0 @@
1/* crypto/x509/x509_obj.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/lhash.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/buffer.h>
65
66char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
67 {
68 X509_NAME_ENTRY *ne;
69int i;
70 int n,lold,l,l1,l2,num,j,type;
71 const char *s;
72 char *p;
73 unsigned char *q;
74 BUF_MEM *b=NULL;
75 static char hex[17]="0123456789ABCDEF";
76 int gs_doit[4];
77 char tmp_buf[80];
78#ifdef CHARSET_EBCDIC
79 char ebcdic_buf[1024];
80#endif
81
82 if (buf == NULL)
83 {
84 if ((b=BUF_MEM_new()) == NULL) goto err;
85 if (!BUF_MEM_grow(b,200)) goto err;
86 b->data[0]='\0';
87 len=200;
88 }
89 if (a == NULL)
90 {
91 if(b)
92 {
93 buf=b->data;
94 OPENSSL_free(b);
95 }
96 strncpy(buf,"NO X509_NAME",len);
97 buf[len-1]='\0';
98 return buf;
99 }
100
101 len--; /* space for '\0' */
102 l=0;
103 for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
104 {
105 ne=sk_X509_NAME_ENTRY_value(a->entries,i);
106 n=OBJ_obj2nid(ne->object);
107 if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
108 {
109 i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
110 s=tmp_buf;
111 }
112 l1=strlen(s);
113
114 type=ne->value->type;
115 num=ne->value->length;
116 q=ne->value->data;
117#ifdef CHARSET_EBCDIC
118 if (type == V_ASN1_GENERALSTRING ||
119 type == V_ASN1_VISIBLESTRING ||
120 type == V_ASN1_PRINTABLESTRING ||
121 type == V_ASN1_TELETEXSTRING ||
122 type == V_ASN1_VISIBLESTRING ||
123 type == V_ASN1_IA5STRING) {
124 ascii2ebcdic(ebcdic_buf, q,
125 (num > sizeof ebcdic_buf)
126 ? sizeof ebcdic_buf : num);
127 q=ebcdic_buf;
128 }
129#endif
130
131 if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
132 {
133 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
134 for (j=0; j<num; j++)
135 if (q[j] != 0) gs_doit[j&3]=1;
136
137 if (gs_doit[0]|gs_doit[1]|gs_doit[2])
138 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
139 else
140 {
141 gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
142 gs_doit[3]=1;
143 }
144 }
145 else
146 gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
147
148 for (l2=j=0; j<num; j++)
149 {
150 if (!gs_doit[j&3]) continue;
151 l2++;
152#ifndef CHARSET_EBCDIC
153 if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
154#else
155 if ((os_toascii[q[j]] < os_toascii[' ']) ||
156 (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
157#endif
158 }
159
160 lold=l;
161 l+=1+l1+1+l2;
162 if (b != NULL)
163 {
164 if (!BUF_MEM_grow(b,l+1)) goto err;
165 p= &(b->data[lold]);
166 }
167 else if (l > len)
168 {
169 break;
170 }
171 else
172 p= &(buf[lold]);
173 *(p++)='/';
174 memcpy(p,s,(unsigned int)l1); p+=l1;
175 *(p++)='=';
176
177#ifndef CHARSET_EBCDIC /* q was assigned above already. */
178 q=ne->value->data;
179#endif
180
181 for (j=0; j<num; j++)
182 {
183 if (!gs_doit[j&3]) continue;
184#ifndef CHARSET_EBCDIC
185 n=q[j];
186 if ((n < ' ') || (n > '~'))
187 {
188 *(p++)='\\';
189 *(p++)='x';
190 *(p++)=hex[(n>>4)&0x0f];
191 *(p++)=hex[n&0x0f];
192 }
193 else
194 *(p++)=n;
195#else
196 n=os_toascii[q[j]];
197 if ((n < os_toascii[' ']) ||
198 (n > os_toascii['~']))
199 {
200 *(p++)='\\';
201 *(p++)='x';
202 *(p++)=hex[(n>>4)&0x0f];
203 *(p++)=hex[n&0x0f];
204 }
205 else
206 *(p++)=q[j];
207#endif
208 }
209 *p='\0';
210 }
211 if (b != NULL)
212 {
213 p=b->data;
214 OPENSSL_free(b);
215 }
216 else
217 p=buf;
218 if (i == 0)
219 *p = '\0';
220 return(p);
221err:
222 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
223 if (b != NULL) BUF_MEM_free(b);
224 return(NULL);
225 }
226
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
deleted file mode 100644
index fb8a78dabe..0000000000
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ /dev/null
@@ -1,112 +0,0 @@
1/* crypto/x509/x509_r2x.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67
68X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
69 {
70 X509 *ret=NULL;
71 X509_CINF *xi=NULL;
72 X509_NAME *xn;
73
74 if ((ret=X509_new()) == NULL)
75 {
76 X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
77 goto err;
78 }
79
80 /* duplicate the request */
81 xi=ret->cert_info;
82
83 if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
84 {
85 if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
86 if (!ASN1_INTEGER_set(xi->version,2)) goto err;
87/* xi->extensions=ri->attributes; <- bad, should not ever be done
88 ri->attributes=NULL; */
89 }
90
91 xn=X509_REQ_get_subject_name(r);
92 X509_set_subject_name(ret,X509_NAME_dup(xn));
93 X509_set_issuer_name(ret,X509_NAME_dup(xn));
94
95 if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
96 goto err;
97 if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
98 goto err;
99
100 X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
101
102 if (!X509_sign(ret,pkey,EVP_md5()))
103 goto err;
104 if (0)
105 {
106err:
107 X509_free(ret);
108 ret=NULL;
109 }
110 return(ret);
111 }
112
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
deleted file mode 100644
index 59fc6ca548..0000000000
--- a/src/lib/libcrypto/x509/x509_req.c
+++ /dev/null
@@ -1,279 +0,0 @@
1/* crypto/x509/x509_req.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/evp.h>
63#include <openssl/asn1.h>
64#include <openssl/x509.h>
65#include <openssl/objects.h>
66#include <openssl/buffer.h>
67#include <openssl/pem.h>
68
69X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
70 {
71 X509_REQ *ret;
72 X509_REQ_INFO *ri;
73 int i;
74 EVP_PKEY *pktmp;
75
76 ret=X509_REQ_new();
77 if (ret == NULL)
78 {
79 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
80 goto err;
81 }
82
83 ri=ret->req_info;
84
85 ri->version->length=1;
86 ri->version->data=(unsigned char *)OPENSSL_malloc(1);
87 if (ri->version->data == NULL) goto err;
88 ri->version->data[0]=0; /* version == 0 */
89
90 if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
91 goto err;
92
93 pktmp = X509_get_pubkey(x);
94 i=X509_REQ_set_pubkey(ret,pktmp);
95 EVP_PKEY_free(pktmp);
96 if (!i) goto err;
97
98 if (pkey != NULL)
99 {
100 if (!X509_REQ_sign(ret,pkey,md))
101 goto err;
102 }
103 return(ret);
104err:
105 X509_REQ_free(ret);
106 return(NULL);
107 }
108
109EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
110 {
111 if ((req == NULL) || (req->req_info == NULL))
112 return(NULL);
113 return(X509_PUBKEY_get(req->req_info->pubkey));
114 }
115
116/* It seems several organisations had the same idea of including a list of
117 * extensions in a certificate request. There are at least two OIDs that are
118 * used and there may be more: so the list is configurable.
119 */
120
121static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
122
123static int *ext_nids = ext_nid_list;
124
125int X509_REQ_extension_nid(int req_nid)
126{
127 int i, nid;
128 for(i = 0; ; i++) {
129 nid = ext_nids[i];
130 if(nid == NID_undef) return 0;
131 else if (req_nid == nid) return 1;
132 }
133}
134
135int *X509_REQ_get_extension_nids(void)
136{
137 return ext_nids;
138}
139
140void X509_REQ_set_extension_nids(int *nids)
141{
142 ext_nids = nids;
143}
144
145STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
146 {
147 X509_ATTRIBUTE *attr;
148 ASN1_TYPE *ext = NULL;
149 int idx, *pnid;
150 unsigned char *p;
151
152 if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
153 return(NULL);
154 for (pnid = ext_nids; *pnid != NID_undef; pnid++)
155 {
156 idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
157 if (idx == -1)
158 continue;
159 attr = X509_REQ_get_attr(req, idx);
160 if(attr->single) ext = attr->value.single;
161 else if(sk_ASN1_TYPE_num(attr->value.set))
162 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
163 break;
164 }
165 if(!ext || (ext->type != V_ASN1_SEQUENCE))
166 return NULL;
167 p = ext->value.sequence->data;
168 return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
169 ext->value.sequence->length,
170 d2i_X509_EXTENSION, X509_EXTENSION_free,
171 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
172 }
173
174/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
175 * in case we want to create a non standard one.
176 */
177
178int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
179 int nid)
180{
181 unsigned char *p = NULL, *q;
182 long len;
183 ASN1_TYPE *at = NULL;
184 X509_ATTRIBUTE *attr = NULL;
185 if(!(at = ASN1_TYPE_new()) ||
186 !(at->value.sequence = ASN1_STRING_new())) goto err;
187
188 at->type = V_ASN1_SEQUENCE;
189 /* Generate encoding of extensions */
190 len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
191 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
192 if(!(p = OPENSSL_malloc(len))) goto err;
193 q = p;
194 i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
195 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
196 at->value.sequence->data = p;
197 p = NULL;
198 at->value.sequence->length = len;
199 if(!(attr = X509_ATTRIBUTE_new())) goto err;
200 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
201 if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
202 at = NULL;
203 attr->single = 0;
204 attr->object = OBJ_nid2obj(nid);
205 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
206 return 1;
207 err:
208 if(p) OPENSSL_free(p);
209 X509_ATTRIBUTE_free(attr);
210 ASN1_TYPE_free(at);
211 return 0;
212}
213/* This is the normal usage: use the "official" OID */
214int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
215{
216 return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
217}
218
219/* Request attribute functions */
220
221int X509_REQ_get_attr_count(const X509_REQ *req)
222{
223 return X509at_get_attr_count(req->req_info->attributes);
224}
225
226int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
227 int lastpos)
228{
229 return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
230}
231
232int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
233 int lastpos)
234{
235 return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
236}
237
238X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
239{
240 return X509at_get_attr(req->req_info->attributes, loc);
241}
242
243X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
244{
245 return X509at_delete_attr(req->req_info->attributes, loc);
246}
247
248int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
249{
250 if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
251 return 0;
252}
253
254int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
255 const ASN1_OBJECT *obj, int type,
256 const unsigned char *bytes, int len)
257{
258 if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
259 type, bytes, len)) return 1;
260 return 0;
261}
262
263int X509_REQ_add1_attr_by_NID(X509_REQ *req,
264 int nid, int type,
265 const unsigned char *bytes, int len)
266{
267 if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
268 type, bytes, len)) return 1;
269 return 0;
270}
271
272int X509_REQ_add1_attr_by_txt(X509_REQ *req,
273 const char *attrname, int type,
274 const unsigned char *bytes, int len)
275{
276 if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
277 type, bytes, len)) return 1;
278 return 0;
279}
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
deleted file mode 100644
index aaf61ca062..0000000000
--- a/src/lib/libcrypto/x509/x509_set.c
+++ /dev/null
@@ -1,150 +0,0 @@
1/* crypto/x509/x509_set.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_set_version(X509 *x, long version)
67 {
68 if (x == NULL) return(0);
69 if (x->cert_info->version == NULL)
70 {
71 if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
72 return(0);
73 }
74 return(ASN1_INTEGER_set(x->cert_info->version,version));
75 }
76
77int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
78 {
79 ASN1_INTEGER *in;
80
81 if (x == NULL) return(0);
82 in=x->cert_info->serialNumber;
83 if (in != serial)
84 {
85 in=M_ASN1_INTEGER_dup(serial);
86 if (in != NULL)
87 {
88 M_ASN1_INTEGER_free(x->cert_info->serialNumber);
89 x->cert_info->serialNumber=in;
90 }
91 }
92 return(in != NULL);
93 }
94
95int X509_set_issuer_name(X509 *x, X509_NAME *name)
96 {
97 if ((x == NULL) || (x->cert_info == NULL)) return(0);
98 return(X509_NAME_set(&x->cert_info->issuer,name));
99 }
100
101int X509_set_subject_name(X509 *x, X509_NAME *name)
102 {
103 if ((x == NULL) || (x->cert_info == NULL)) return(0);
104 return(X509_NAME_set(&x->cert_info->subject,name));
105 }
106
107int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
108 {
109 ASN1_TIME *in;
110
111 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
112 in=x->cert_info->validity->notBefore;
113 if (in != tm)
114 {
115 in=M_ASN1_TIME_dup(tm);
116 if (in != NULL)
117 {
118 M_ASN1_TIME_free(x->cert_info->validity->notBefore);
119 x->cert_info->validity->notBefore=in;
120 }
121 }
122 return(in != NULL);
123 }
124
125int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
126 {
127 ASN1_TIME *in;
128
129 if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
130 in=x->cert_info->validity->notAfter;
131 if (in != tm)
132 {
133 in=M_ASN1_TIME_dup(tm);
134 if (in != NULL)
135 {
136 M_ASN1_TIME_free(x->cert_info->validity->notAfter);
137 x->cert_info->validity->notAfter=in;
138 }
139 }
140 return(in != NULL);
141 }
142
143int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
144 {
145 if ((x == NULL) || (x->cert_info == NULL)) return(0);
146 return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
147 }
148
149
150
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
deleted file mode 100644
index 881252608d..0000000000
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ /dev/null
@@ -1,287 +0,0 @@
1/* x509_trs.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63
64static int tr_cmp(const X509_TRUST * const *a,
65 const X509_TRUST * const *b);
66static void trtable_free(X509_TRUST *p);
67
68static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
69static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
70static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
71
72static int obj_trust(int id, X509 *x, int flags);
73static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
74
75/* WARNING: the following table should be kept in order of trust
76 * and without any gaps so we can just subtract the minimum trust
77 * value to get an index into the table
78 */
79
80static X509_TRUST trstandard[] = {
81{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
82{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
83{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
84{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
85{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
86{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
87{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
88};
89
90#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
91
92IMPLEMENT_STACK_OF(X509_TRUST)
93
94static STACK_OF(X509_TRUST) *trtable = NULL;
95
96static int tr_cmp(const X509_TRUST * const *a,
97 const X509_TRUST * const *b)
98{
99 return (*a)->trust - (*b)->trust;
100}
101
102int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
103{
104 int (*oldtrust)(int , X509 *, int);
105 oldtrust = default_trust;
106 default_trust = trust;
107 return oldtrust;
108}
109
110
111int X509_check_trust(X509 *x, int id, int flags)
112{
113 X509_TRUST *pt;
114 int idx;
115 if(id == -1) return 1;
116 idx = X509_TRUST_get_by_id(id);
117 if(idx == -1) return default_trust(id, x, flags);
118 pt = X509_TRUST_get0(idx);
119 return pt->check_trust(pt, x, flags);
120}
121
122int X509_TRUST_get_count(void)
123{
124 if(!trtable) return X509_TRUST_COUNT;
125 return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
126}
127
128X509_TRUST * X509_TRUST_get0(int idx)
129{
130 if(idx < 0) return NULL;
131 if(idx < X509_TRUST_COUNT) return trstandard + idx;
132 return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
133}
134
135int X509_TRUST_get_by_id(int id)
136{
137 X509_TRUST tmp;
138 int idx;
139 if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
140 return id - X509_TRUST_MIN;
141 tmp.trust = id;
142 if(!trtable) return -1;
143 idx = sk_X509_TRUST_find(trtable, &tmp);
144 if(idx == -1) return -1;
145 return idx + X509_TRUST_COUNT;
146}
147
148int X509_TRUST_set(int *t, int trust)
149{
150 if(X509_TRUST_get_by_id(trust) == -1) {
151 X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
152 return 0;
153 }
154 *t = trust;
155 return 1;
156}
157
158int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
159 char *name, int arg1, void *arg2)
160{
161 int idx;
162 X509_TRUST *trtmp;
163 /* This is set according to what we change: application can't set it */
164 flags &= ~X509_TRUST_DYNAMIC;
165 /* This will always be set for application modified trust entries */
166 flags |= X509_TRUST_DYNAMIC_NAME;
167 /* Get existing entry if any */
168 idx = X509_TRUST_get_by_id(id);
169 /* Need a new entry */
170 if(idx == -1) {
171 if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
172 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
173 return 0;
174 }
175 trtmp->flags = X509_TRUST_DYNAMIC;
176 } else trtmp = X509_TRUST_get0(idx);
177
178 /* OPENSSL_free existing name if dynamic */
179 if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
180 /* dup supplied name */
181 if(!(trtmp->name = BUF_strdup(name))) {
182 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
183 return 0;
184 }
185 /* Keep the dynamic flag of existing entry */
186 trtmp->flags &= X509_TRUST_DYNAMIC;
187 /* Set all other flags */
188 trtmp->flags |= flags;
189
190 trtmp->trust = id;
191 trtmp->check_trust = ck;
192 trtmp->arg1 = arg1;
193 trtmp->arg2 = arg2;
194
195 /* If its a new entry manage the dynamic table */
196 if(idx == -1) {
197 if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
198 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
199 return 0;
200 }
201 if (!sk_X509_TRUST_push(trtable, trtmp)) {
202 X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
203 return 0;
204 }
205 }
206 return 1;
207}
208
209static void trtable_free(X509_TRUST *p)
210 {
211 if(!p) return;
212 if (p->flags & X509_TRUST_DYNAMIC)
213 {
214 if (p->flags & X509_TRUST_DYNAMIC_NAME)
215 OPENSSL_free(p->name);
216 OPENSSL_free(p);
217 }
218 }
219
220void X509_TRUST_cleanup(void)
221{
222 int i;
223 for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
224 sk_X509_TRUST_pop_free(trtable, trtable_free);
225 trtable = NULL;
226}
227
228int X509_TRUST_get_flags(X509_TRUST *xp)
229{
230 return xp->flags;
231}
232
233char *X509_TRUST_get0_name(X509_TRUST *xp)
234{
235 return xp->name;
236}
237
238int X509_TRUST_get_trust(X509_TRUST *xp)
239{
240 return xp->trust;
241}
242
243static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
244{
245 if(x->aux && (x->aux->trust || x->aux->reject))
246 return obj_trust(trust->arg1, x, flags);
247 /* we don't have any trust settings: for compatibility
248 * we return trusted if it is self signed
249 */
250 return trust_compat(trust, x, flags);
251}
252
253static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
254{
255 if(x->aux) return obj_trust(trust->arg1, x, flags);
256 return X509_TRUST_UNTRUSTED;
257}
258
259static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
260{
261 X509_check_purpose(x, -1, 0);
262 if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
263 else return X509_TRUST_UNTRUSTED;
264}
265
266static int obj_trust(int id, X509 *x, int flags)
267{
268 ASN1_OBJECT *obj;
269 int i;
270 X509_CERT_AUX *ax;
271 ax = x->aux;
272 if(!ax) return X509_TRUST_UNTRUSTED;
273 if(ax->reject) {
274 for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
275 obj = sk_ASN1_OBJECT_value(ax->reject, i);
276 if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
277 }
278 }
279 if(ax->trust) {
280 for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
281 obj = sk_ASN1_OBJECT_value(ax->trust, i);
282 if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
283 }
284 }
285 return X509_TRUST_UNTRUSTED;
286}
287
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
deleted file mode 100644
index f19e66a238..0000000000
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ /dev/null
@@ -1,165 +0,0 @@
1/* crypto/x509/x509_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/lhash.h>
65#include <openssl/buffer.h>
66#include <openssl/evp.h>
67#include <openssl/asn1.h>
68#include <openssl/x509.h>
69#include <openssl/objects.h>
70
71const char *X509_verify_cert_error_string(long n)
72 {
73 static char buf[100];
74
75 switch ((int)n)
76 {
77 case X509_V_OK:
78 return("ok");
79 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
80 return("unable to get issuer certificate");
81 case X509_V_ERR_UNABLE_TO_GET_CRL:
82 return("unable to get certificate CRL");
83 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
84 return("unable to decrypt certificate's signature");
85 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
86 return("unable to decrypt CRL's signature");
87 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
88 return("unable to decode issuer public key");
89 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
90 return("certificate signature failure");
91 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
92 return("CRL signature failure");
93 case X509_V_ERR_CERT_NOT_YET_VALID:
94 return("certificate is not yet valid");
95 case X509_V_ERR_CRL_NOT_YET_VALID:
96 return("CRL is not yet valid");
97 case X509_V_ERR_CERT_HAS_EXPIRED:
98 return("certificate has expired");
99 case X509_V_ERR_CRL_HAS_EXPIRED:
100 return("CRL has expired");
101 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
102 return("format error in certificate's notBefore field");
103 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
104 return("format error in certificate's notAfter field");
105 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
106 return("format error in CRL's lastUpdate field");
107 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
108 return("format error in CRL's nextUpdate field");
109 case X509_V_ERR_OUT_OF_MEM:
110 return("out of memory");
111 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
112 return("self signed certificate");
113 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
114 return("self signed certificate in certificate chain");
115 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
116 return("unable to get local issuer certificate");
117 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
118 return("unable to verify the first certificate");
119 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
120 return("certificate chain too long");
121 case X509_V_ERR_CERT_REVOKED:
122 return("certificate revoked");
123 case X509_V_ERR_INVALID_CA:
124 return ("invalid CA certificate");
125 case X509_V_ERR_INVALID_NON_CA:
126 return ("invalid non-CA certificate (has CA markings)");
127 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
128 return ("path length constraint exceeded");
129 case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
130 return("proxy path length constraint exceeded");
131 case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
132 return("proxy cerificates not allowed, please set the appropriate flag");
133 case X509_V_ERR_INVALID_PURPOSE:
134 return ("unsupported certificate purpose");
135 case X509_V_ERR_CERT_UNTRUSTED:
136 return ("certificate not trusted");
137 case X509_V_ERR_CERT_REJECTED:
138 return ("certificate rejected");
139 case X509_V_ERR_APPLICATION_VERIFICATION:
140 return("application verification failure");
141 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
142 return("subject issuer mismatch");
143 case X509_V_ERR_AKID_SKID_MISMATCH:
144 return("authority and subject key identifier mismatch");
145 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
146 return("authority and issuer serial number mismatch");
147 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
148 return("key usage does not include certificate signing");
149 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
150 return("unable to get CRL issuer certificate");
151 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
152 return("unhandled critical extension");
153 case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
154 return("key usage does not include CRL signing");
155 case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
156 return("key usage does not include digital signature");
157 case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
158 return("unhandled critical CRL extension");
159 default:
160 BIO_snprintf(buf,sizeof buf,"error number %ld",n);
161 return(buf);
162 }
163 }
164
165
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
deleted file mode 100644
index 67b1796a92..0000000000
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ /dev/null
@@ -1,268 +0,0 @@
1/* crypto/x509/x509_v3.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
69 {
70 if (x == NULL) return(0);
71 return(sk_X509_EXTENSION_num(x));
72 }
73
74int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
75 int lastpos)
76 {
77 ASN1_OBJECT *obj;
78
79 obj=OBJ_nid2obj(nid);
80 if (obj == NULL) return(-2);
81 return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
82 }
83
84int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
85 int lastpos)
86 {
87 int n;
88 X509_EXTENSION *ex;
89
90 if (sk == NULL) return(-1);
91 lastpos++;
92 if (lastpos < 0)
93 lastpos=0;
94 n=sk_X509_EXTENSION_num(sk);
95 for ( ; lastpos < n; lastpos++)
96 {
97 ex=sk_X509_EXTENSION_value(sk,lastpos);
98 if (OBJ_cmp(ex->object,obj) == 0)
99 return(lastpos);
100 }
101 return(-1);
102 }
103
104int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
105 int lastpos)
106 {
107 int n;
108 X509_EXTENSION *ex;
109
110 if (sk == NULL) return(-1);
111 lastpos++;
112 if (lastpos < 0)
113 lastpos=0;
114 n=sk_X509_EXTENSION_num(sk);
115 for ( ; lastpos < n; lastpos++)
116 {
117 ex=sk_X509_EXTENSION_value(sk,lastpos);
118 if ( ((ex->critical > 0) && crit) ||
119 ((ex->critical <= 0) && !crit))
120 return(lastpos);
121 }
122 return(-1);
123 }
124
125X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
126 {
127 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
128 return NULL;
129 else
130 return sk_X509_EXTENSION_value(x,loc);
131 }
132
133X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
134 {
135 X509_EXTENSION *ret;
136
137 if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
138 return(NULL);
139 ret=sk_X509_EXTENSION_delete(x,loc);
140 return(ret);
141 }
142
143STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
144 X509_EXTENSION *ex, int loc)
145 {
146 X509_EXTENSION *new_ex=NULL;
147 int n;
148 STACK_OF(X509_EXTENSION) *sk=NULL;
149
150 if ((x != NULL) && (*x == NULL))
151 {
152 if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
153 goto err;
154 }
155 else
156 sk= *x;
157
158 n=sk_X509_EXTENSION_num(sk);
159 if (loc > n) loc=n;
160 else if (loc < 0) loc=n;
161
162 if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
163 goto err2;
164 if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
165 goto err;
166 if ((x != NULL) && (*x == NULL))
167 *x=sk;
168 return(sk);
169err:
170 X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
171err2:
172 if (new_ex != NULL) X509_EXTENSION_free(new_ex);
173 if (sk != NULL) sk_X509_EXTENSION_free(sk);
174 return(NULL);
175 }
176
177X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
178 int crit, ASN1_OCTET_STRING *data)
179 {
180 ASN1_OBJECT *obj;
181 X509_EXTENSION *ret;
182
183 obj=OBJ_nid2obj(nid);
184 if (obj == NULL)
185 {
186 X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
187 return(NULL);
188 }
189 ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
190 if (ret == NULL) ASN1_OBJECT_free(obj);
191 return(ret);
192 }
193
194X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
195 ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
196 {
197 X509_EXTENSION *ret;
198
199 if ((ex == NULL) || (*ex == NULL))
200 {
201 if ((ret=X509_EXTENSION_new()) == NULL)
202 {
203 X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
204 return(NULL);
205 }
206 }
207 else
208 ret= *ex;
209
210 if (!X509_EXTENSION_set_object(ret,obj))
211 goto err;
212 if (!X509_EXTENSION_set_critical(ret,crit))
213 goto err;
214 if (!X509_EXTENSION_set_data(ret,data))
215 goto err;
216
217 if ((ex != NULL) && (*ex == NULL)) *ex=ret;
218 return(ret);
219err:
220 if ((ex == NULL) || (ret != *ex))
221 X509_EXTENSION_free(ret);
222 return(NULL);
223 }
224
225int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
226 {
227 if ((ex == NULL) || (obj == NULL))
228 return(0);
229 ASN1_OBJECT_free(ex->object);
230 ex->object=OBJ_dup(obj);
231 return(1);
232 }
233
234int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
235 {
236 if (ex == NULL) return(0);
237 ex->critical=(crit)?0xFF:-1;
238 return(1);
239 }
240
241int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
242 {
243 int i;
244
245 if (ex == NULL) return(0);
246 i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
247 if (!i) return(0);
248 return(1);
249 }
250
251ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
252 {
253 if (ex == NULL) return(NULL);
254 return(ex->object);
255 }
256
257ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
258 {
259 if (ex == NULL) return(NULL);
260 return(ex->value);
261 }
262
263int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
264 {
265 if (ex == NULL) return(0);
266 if(ex->critical > 0) return 1;
267 return 0;
268 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
deleted file mode 100644
index 383e082aba..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ /dev/null
@@ -1,1333 +0,0 @@
1/* crypto/x509/x509_vfy.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
62
63#include "cryptlib.h"
64#include <openssl/crypto.h>
65#include <openssl/lhash.h>
66#include <openssl/buffer.h>
67#include <openssl/evp.h>
68#include <openssl/asn1.h>
69#include <openssl/x509.h>
70#include <openssl/x509v3.h>
71#include <openssl/objects.h>
72
73static int null_callback(int ok,X509_STORE_CTX *e);
74static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
75static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
76static int check_chain_extensions(X509_STORE_CTX *ctx);
77static int check_trust(X509_STORE_CTX *ctx);
78static int check_revocation(X509_STORE_CTX *ctx);
79static int check_cert(X509_STORE_CTX *ctx);
80static int internal_verify(X509_STORE_CTX *ctx);
81const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
82
83
84static int null_callback(int ok, X509_STORE_CTX *e)
85 {
86 return ok;
87 }
88
89#if 0
90static int x509_subject_cmp(X509 **a, X509 **b)
91 {
92 return X509_subject_name_cmp(*a,*b);
93 }
94#endif
95
96int X509_verify_cert(X509_STORE_CTX *ctx)
97 {
98 X509 *x,*xtmp,*chain_ss=NULL;
99 X509_NAME *xn;
100 int depth,i,ok=0;
101 int num;
102 int (*cb)();
103 STACK_OF(X509) *sktmp=NULL;
104
105 if (ctx->cert == NULL)
106 {
107 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
108 return -1;
109 }
110
111 cb=ctx->verify_cb;
112
113 /* first we make sure the chain we are going to build is
114 * present and that the first entry is in place */
115 if (ctx->chain == NULL)
116 {
117 if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
118 (!sk_X509_push(ctx->chain,ctx->cert)))
119 {
120 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
121 goto end;
122 }
123 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
124 ctx->last_untrusted=1;
125 }
126
127 /* We use a temporary STACK so we can chop and hack at it */
128 if (ctx->untrusted != NULL
129 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
130 {
131 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
132 goto end;
133 }
134
135 num=sk_X509_num(ctx->chain);
136 x=sk_X509_value(ctx->chain,num-1);
137 depth=ctx->depth;
138
139
140 for (;;)
141 {
142 /* If we have enough, we break */
143 if (depth < num) break; /* FIXME: If this happens, we should take
144 * note of it and, if appropriate, use the
145 * X509_V_ERR_CERT_CHAIN_TOO_LONG error
146 * code later.
147 */
148
149 /* If we are self signed, we break */
150 xn=X509_get_issuer_name(x);
151 if (ctx->check_issued(ctx, x,x)) break;
152
153 /* If we were passed a cert chain, use it first */
154 if (ctx->untrusted != NULL)
155 {
156 xtmp=find_issuer(ctx, sktmp,x);
157 if (xtmp != NULL)
158 {
159 if (!sk_X509_push(ctx->chain,xtmp))
160 {
161 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
162 goto end;
163 }
164 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
165 sk_X509_delete_ptr(sktmp,xtmp);
166 ctx->last_untrusted++;
167 x=xtmp;
168 num++;
169 /* reparse the full chain for
170 * the next one */
171 continue;
172 }
173 }
174 break;
175 }
176
177 /* at this point, chain should contain a list of untrusted
178 * certificates. We now need to add at least one trusted one,
179 * if possible, otherwise we complain. */
180
181 /* Examine last certificate in chain and see if it
182 * is self signed.
183 */
184
185 i=sk_X509_num(ctx->chain);
186 x=sk_X509_value(ctx->chain,i-1);
187 xn = X509_get_subject_name(x);
188 if (ctx->check_issued(ctx, x, x))
189 {
190 /* we have a self signed certificate */
191 if (sk_X509_num(ctx->chain) == 1)
192 {
193 /* We have a single self signed certificate: see if
194 * we can find it in the store. We must have an exact
195 * match to avoid possible impersonation.
196 */
197 ok = ctx->get_issuer(&xtmp, ctx, x);
198 if ((ok <= 0) || X509_cmp(x, xtmp))
199 {
200 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
201 ctx->current_cert=x;
202 ctx->error_depth=i-1;
203 if (ok == 1) X509_free(xtmp);
204 ok=cb(0,ctx);
205 if (!ok) goto end;
206 }
207 else
208 {
209 /* We have a match: replace certificate with store version
210 * so we get any trust settings.
211 */
212 X509_free(x);
213 x = xtmp;
214 sk_X509_set(ctx->chain, i - 1, x);
215 ctx->last_untrusted=0;
216 }
217 }
218 else
219 {
220 /* extract and save self signed certificate for later use */
221 chain_ss=sk_X509_pop(ctx->chain);
222 ctx->last_untrusted--;
223 num--;
224 x=sk_X509_value(ctx->chain,num-1);
225 }
226 }
227
228 /* We now lookup certs from the certificate store */
229 for (;;)
230 {
231 /* If we have enough, we break */
232 if (depth < num) break;
233
234 /* If we are self signed, we break */
235 xn=X509_get_issuer_name(x);
236 if (ctx->check_issued(ctx,x,x)) break;
237
238 ok = ctx->get_issuer(&xtmp, ctx, x);
239
240 if (ok < 0) return ok;
241 if (ok == 0) break;
242
243 x = xtmp;
244 if (!sk_X509_push(ctx->chain,x))
245 {
246 X509_free(xtmp);
247 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
248 return 0;
249 }
250 num++;
251 }
252
253 /* we now have our chain, lets check it... */
254 xn=X509_get_issuer_name(x);
255
256 /* Is last certificate looked up self signed? */
257 if (!ctx->check_issued(ctx,x,x))
258 {
259 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
260 {
261 if (ctx->last_untrusted >= num)
262 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
263 else
264 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
265 ctx->current_cert=x;
266 }
267 else
268 {
269
270 sk_X509_push(ctx->chain,chain_ss);
271 num++;
272 ctx->last_untrusted=num;
273 ctx->current_cert=chain_ss;
274 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
275 chain_ss=NULL;
276 }
277
278 ctx->error_depth=num-1;
279 ok=cb(0,ctx);
280 if (!ok) goto end;
281 }
282
283 /* We have the chain complete: now we need to check its purpose */
284 ok = check_chain_extensions(ctx);
285
286 if (!ok) goto end;
287
288 /* The chain extensions are OK: check trust */
289
290 if (ctx->trust > 0) ok = check_trust(ctx);
291
292 if (!ok) goto end;
293
294 /* We may as well copy down any DSA parameters that are required */
295 X509_get_pubkey_parameters(NULL,ctx->chain);
296
297 /* Check revocation status: we do this after copying parameters
298 * because they may be needed for CRL signature verification.
299 */
300
301 ok = ctx->check_revocation(ctx);
302 if(!ok) goto end;
303
304 /* At this point, we have a chain and just need to verify it */
305 if (ctx->verify != NULL)
306 ok=ctx->verify(ctx);
307 else
308 ok=internal_verify(ctx);
309 if (0)
310 {
311end:
312 X509_get_pubkey_parameters(NULL,ctx->chain);
313 }
314 if (sktmp != NULL) sk_X509_free(sktmp);
315 if (chain_ss != NULL) X509_free(chain_ss);
316 return ok;
317 }
318
319
320/* Given a STACK_OF(X509) find the issuer of cert (if any)
321 */
322
323static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
324{
325 int i;
326 X509 *issuer;
327 for (i = 0; i < sk_X509_num(sk); i++)
328 {
329 issuer = sk_X509_value(sk, i);
330 if (ctx->check_issued(ctx, x, issuer))
331 return issuer;
332 }
333 return NULL;
334}
335
336/* Given a possible certificate and issuer check them */
337
338static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
339{
340 int ret;
341 ret = X509_check_issued(issuer, x);
342 if (ret == X509_V_OK)
343 return 1;
344 /* If we haven't asked for issuer errors don't set ctx */
345 if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
346 return 0;
347
348 ctx->error = ret;
349 ctx->current_cert = x;
350 ctx->current_issuer = issuer;
351 return ctx->verify_cb(0, ctx);
352 return 0;
353}
354
355/* Alternative lookup method: look from a STACK stored in other_ctx */
356
357static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
358{
359 *issuer = find_issuer(ctx, ctx->other_ctx, x);
360 if (*issuer)
361 {
362 CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
363 return 1;
364 }
365 else
366 return 0;
367}
368
369
370/* Check a certificate chains extensions for consistency
371 * with the supplied purpose
372 */
373
374static int check_chain_extensions(X509_STORE_CTX *ctx)
375{
376#ifdef OPENSSL_NO_CHAIN_VERIFY
377 return 1;
378#else
379 int i, ok=0, must_be_ca;
380 X509 *x;
381 int (*cb)();
382 int proxy_path_length = 0;
383 int allow_proxy_certs = !!(ctx->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
384 cb=ctx->verify_cb;
385
386 /* must_be_ca can have 1 of 3 values:
387 -1: we accept both CA and non-CA certificates, to allow direct
388 use of self-signed certificates (which are marked as CA).
389 0: we only accept non-CA certificates. This is currently not
390 used, but the possibility is present for future extensions.
391 1: we only accept CA certificates. This is currently used for
392 all certificates in the chain except the leaf certificate.
393 */
394 must_be_ca = -1;
395
396 /* A hack to keep people who don't want to modify their software
397 happy */
398 if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
399 allow_proxy_certs = 1;
400
401 /* Check all untrusted certificates */
402 for (i = 0; i < ctx->last_untrusted; i++)
403 {
404 int ret;
405 x = sk_X509_value(ctx->chain, i);
406 if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
407 && (x->ex_flags & EXFLAG_CRITICAL))
408 {
409 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
410 ctx->error_depth = i;
411 ctx->current_cert = x;
412 ok=cb(0,ctx);
413 if (!ok) goto end;
414 }
415 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY))
416 {
417 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
418 ctx->error_depth = i;
419 ctx->current_cert = x;
420 ok=cb(0,ctx);
421 if (!ok) goto end;
422 }
423 ret = X509_check_ca(x);
424 switch(must_be_ca)
425 {
426 case -1:
427 if ((ctx->flags & X509_V_FLAG_X509_STRICT)
428 && (ret != 1) && (ret != 0))
429 {
430 ret = 0;
431 ctx->error = X509_V_ERR_INVALID_CA;
432 }
433 else
434 ret = 1;
435 break;
436 case 0:
437 if (ret != 0)
438 {
439 ret = 0;
440 ctx->error = X509_V_ERR_INVALID_NON_CA;
441 }
442 else
443 ret = 1;
444 break;
445 default:
446 if ((ret == 0)
447 || ((ctx->flags & X509_V_FLAG_X509_STRICT)
448 && (ret != 1)))
449 {
450 ret = 0;
451 ctx->error = X509_V_ERR_INVALID_CA;
452 }
453 else
454 ret = 1;
455 break;
456 }
457 if (ret == 0)
458 {
459 ctx->error_depth = i;
460 ctx->current_cert = x;
461 ok=cb(0,ctx);
462 if (!ok) goto end;
463 }
464 if (ctx->purpose > 0)
465 {
466 ret = X509_check_purpose(x, ctx->purpose,
467 must_be_ca > 0);
468 if ((ret == 0)
469 || ((ctx->flags & X509_V_FLAG_X509_STRICT)
470 && (ret != 1)))
471 {
472 ctx->error = X509_V_ERR_INVALID_PURPOSE;
473 ctx->error_depth = i;
474 ctx->current_cert = x;
475 ok=cb(0,ctx);
476 if (!ok) goto end;
477 }
478 }
479 /* Check pathlen */
480 if ((i > 1) && (x->ex_pathlen != -1)
481 && (i > (x->ex_pathlen + proxy_path_length + 1)))
482 {
483 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
484 ctx->error_depth = i;
485 ctx->current_cert = x;
486 ok=cb(0,ctx);
487 if (!ok) goto end;
488 }
489 /* If this certificate is a proxy certificate, the next
490 certificate must be another proxy certificate or a EE
491 certificate. If not, the next certificate must be a
492 CA certificate. */
493 if (x->ex_flags & EXFLAG_PROXY)
494 {
495 PROXY_CERT_INFO_EXTENSION *pci =
496 X509_get_ext_d2i(x, NID_proxyCertInfo,
497 NULL, NULL);
498 if (pci->pcPathLengthConstraint &&
499 ASN1_INTEGER_get(pci->pcPathLengthConstraint)
500 < i)
501 {
502 PROXY_CERT_INFO_EXTENSION_free(pci);
503 ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
504 ctx->error_depth = i;
505 ctx->current_cert = x;
506 ok=cb(0,ctx);
507 if (!ok) goto end;
508 }
509 PROXY_CERT_INFO_EXTENSION_free(pci);
510 proxy_path_length++;
511 must_be_ca = 0;
512 }
513 else
514 must_be_ca = 1;
515 }
516 ok = 1;
517 end:
518 return ok;
519#endif
520}
521
522static int check_trust(X509_STORE_CTX *ctx)
523{
524#ifdef OPENSSL_NO_CHAIN_VERIFY
525 return 1;
526#else
527 int i, ok;
528 X509 *x;
529 int (*cb)();
530 cb=ctx->verify_cb;
531/* For now just check the last certificate in the chain */
532 i = sk_X509_num(ctx->chain) - 1;
533 x = sk_X509_value(ctx->chain, i);
534 ok = X509_check_trust(x, ctx->trust, 0);
535 if (ok == X509_TRUST_TRUSTED)
536 return 1;
537 ctx->error_depth = i;
538 ctx->current_cert = x;
539 if (ok == X509_TRUST_REJECTED)
540 ctx->error = X509_V_ERR_CERT_REJECTED;
541 else
542 ctx->error = X509_V_ERR_CERT_UNTRUSTED;
543 ok = cb(0, ctx);
544 return ok;
545#endif
546}
547
548static int check_revocation(X509_STORE_CTX *ctx)
549 {
550 int i, last, ok;
551 if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
552 return 1;
553 if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
554 last = sk_X509_num(ctx->chain) - 1;
555 else
556 last = 0;
557 for(i = 0; i <= last; i++)
558 {
559 ctx->error_depth = i;
560 ok = check_cert(ctx);
561 if (!ok) return ok;
562 }
563 return 1;
564 }
565
566static int check_cert(X509_STORE_CTX *ctx)
567 {
568 X509_CRL *crl = NULL;
569 X509 *x;
570 int ok, cnum;
571 cnum = ctx->error_depth;
572 x = sk_X509_value(ctx->chain, cnum);
573 ctx->current_cert = x;
574 /* Try to retrieve relevant CRL */
575 ok = ctx->get_crl(ctx, &crl, x);
576 /* If error looking up CRL, nothing we can do except
577 * notify callback
578 */
579 if(!ok)
580 {
581 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
582 ok = ctx->verify_cb(0, ctx);
583 goto err;
584 }
585 ctx->current_crl = crl;
586 ok = ctx->check_crl(ctx, crl);
587 if (!ok) goto err;
588 ok = ctx->cert_crl(ctx, crl, x);
589 err:
590 ctx->current_crl = NULL;
591 X509_CRL_free(crl);
592 return ok;
593
594 }
595
596/* Retrieve CRL corresponding to certificate: currently just a
597 * subject lookup: maybe use AKID later...
598 * Also might look up any included CRLs too (e.g PKCS#7 signedData).
599 */
600static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
601 {
602 int ok;
603 X509_OBJECT xobj;
604 ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
605 if (!ok) return 0;
606 *crl = xobj.data.crl;
607 return 1;
608 }
609
610/* Check CRL validity */
611static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
612 {
613 X509 *issuer = NULL;
614 EVP_PKEY *ikey = NULL;
615 int ok = 0, chnum, cnum, i;
616 time_t *ptime;
617 cnum = ctx->error_depth;
618 chnum = sk_X509_num(ctx->chain) - 1;
619 /* Find CRL issuer: if not last certificate then issuer
620 * is next certificate in chain.
621 */
622 if(cnum < chnum)
623 issuer = sk_X509_value(ctx->chain, cnum + 1);
624 else
625 {
626 issuer = sk_X509_value(ctx->chain, chnum);
627 /* If not self signed, can't check signature */
628 if(!ctx->check_issued(ctx, issuer, issuer))
629 {
630 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
631 ok = ctx->verify_cb(0, ctx);
632 if(!ok) goto err;
633 }
634 }
635
636 if(issuer)
637 {
638 /* Check for cRLSign bit if keyUsage present */
639 if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
640 !(issuer->ex_kusage & KU_CRL_SIGN))
641 {
642 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
643 ok = ctx->verify_cb(0, ctx);
644 if(!ok) goto err;
645 }
646
647 /* Attempt to get issuer certificate public key */
648 ikey = X509_get_pubkey(issuer);
649
650 if(!ikey)
651 {
652 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
653 ok = ctx->verify_cb(0, ctx);
654 if (!ok) goto err;
655 }
656 else
657 {
658 /* Verify CRL signature */
659 if(X509_CRL_verify(crl, ikey) <= 0)
660 {
661 ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
662 ok = ctx->verify_cb(0, ctx);
663 if (!ok) goto err;
664 }
665 }
666 }
667
668 /* OK, CRL signature valid check times */
669 if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
670 ptime = &ctx->check_time;
671 else
672 ptime = NULL;
673
674 i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
675 if (i == 0)
676 {
677 ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
678 ok = ctx->verify_cb(0, ctx);
679 if (!ok) goto err;
680 }
681
682 if (i > 0)
683 {
684 ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
685 ok = ctx->verify_cb(0, ctx);
686 if (!ok) goto err;
687 }
688
689 if(X509_CRL_get_nextUpdate(crl))
690 {
691 i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
692
693 if (i == 0)
694 {
695 ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
696 ok = ctx->verify_cb(0, ctx);
697 if (!ok) goto err;
698 }
699
700 if (i < 0)
701 {
702 ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
703 ok = ctx->verify_cb(0, ctx);
704 if (!ok) goto err;
705 }
706 }
707
708 ok = 1;
709
710 err:
711 EVP_PKEY_free(ikey);
712 return ok;
713 }
714
715/* Check certificate against CRL */
716static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
717 {
718 int idx, ok;
719 X509_REVOKED rtmp;
720 STACK_OF(X509_EXTENSION) *exts;
721 X509_EXTENSION *ext;
722 /* Look for serial number of certificate in CRL */
723 rtmp.serialNumber = X509_get_serialNumber(x);
724 /* Sort revoked into serial number order if not already sorted.
725 * Do this under a lock to avoid race condition.
726 */
727 if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
728 {
729 CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
730 sk_X509_REVOKED_sort(crl->crl->revoked);
731 CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
732 }
733 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
734 /* If found assume revoked: want something cleverer than
735 * this to handle entry extensions in V2 CRLs.
736 */
737 if(idx >= 0)
738 {
739 ctx->error = X509_V_ERR_CERT_REVOKED;
740 ok = ctx->verify_cb(0, ctx);
741 if (!ok) return 0;
742 }
743
744 if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
745 return 1;
746
747 /* See if we have any critical CRL extensions: since we
748 * currently don't handle any CRL extensions the CRL must be
749 * rejected.
750 * This code accesses the X509_CRL structure directly: applications
751 * shouldn't do this.
752 */
753
754 exts = crl->crl->extensions;
755
756 for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
757 {
758 ext = sk_X509_EXTENSION_value(exts, idx);
759 if (ext->critical > 0)
760 {
761 ctx->error =
762 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
763 ok = ctx->verify_cb(0, ctx);
764 if(!ok) return 0;
765 break;
766 }
767 }
768 return 1;
769 }
770
771static int internal_verify(X509_STORE_CTX *ctx)
772 {
773 int i,ok=0,n;
774 X509 *xs,*xi;
775 EVP_PKEY *pkey=NULL;
776 time_t *ptime;
777 int (*cb)();
778
779 cb=ctx->verify_cb;
780
781 n=sk_X509_num(ctx->chain);
782 ctx->error_depth=n-1;
783 n--;
784 xi=sk_X509_value(ctx->chain,n);
785 if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
786 ptime = &ctx->check_time;
787 else
788 ptime = NULL;
789 if (ctx->check_issued(ctx, xi, xi))
790 xs=xi;
791 else
792 {
793 if (n <= 0)
794 {
795 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
796 ctx->current_cert=xi;
797 ok=cb(0,ctx);
798 goto end;
799 }
800 else
801 {
802 n--;
803 ctx->error_depth=n;
804 xs=sk_X509_value(ctx->chain,n);
805 }
806 }
807
808/* ctx->error=0; not needed */
809 while (n >= 0)
810 {
811 ctx->error_depth=n;
812 if (!xs->valid)
813 {
814 if ((pkey=X509_get_pubkey(xi)) == NULL)
815 {
816 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
817 ctx->current_cert=xi;
818 ok=(*cb)(0,ctx);
819 if (!ok) goto end;
820 }
821 else if (X509_verify(xs,pkey) <= 0)
822 /* XXX For the final trusted self-signed cert,
823 * this is a waste of time. That check should
824 * optional so that e.g. 'openssl x509' can be
825 * used to detect invalid self-signatures, but
826 * we don't verify again and again in SSL
827 * handshakes and the like once the cert has
828 * been declared trusted. */
829 {
830 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
831 ctx->current_cert=xs;
832 ok=(*cb)(0,ctx);
833 if (!ok)
834 {
835 EVP_PKEY_free(pkey);
836 goto end;
837 }
838 }
839 EVP_PKEY_free(pkey);
840 pkey=NULL;
841
842 i=X509_cmp_time(X509_get_notBefore(xs), ptime);
843 if (i == 0)
844 {
845 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
846 ctx->current_cert=xs;
847 ok=(*cb)(0,ctx);
848 if (!ok) goto end;
849 }
850 if (i > 0)
851 {
852 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
853 ctx->current_cert=xs;
854 ok=(*cb)(0,ctx);
855 if (!ok) goto end;
856 }
857 xs->valid=1;
858 }
859
860 i=X509_cmp_time(X509_get_notAfter(xs), ptime);
861 if (i == 0)
862 {
863 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
864 ctx->current_cert=xs;
865 ok=(*cb)(0,ctx);
866 if (!ok) goto end;
867 }
868
869 if (i < 0)
870 {
871 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
872 ctx->current_cert=xs;
873 ok=(*cb)(0,ctx);
874 if (!ok) goto end;
875 }
876
877 /* The last error (if any) is still in the error value */
878 ctx->current_issuer=xi;
879 ctx->current_cert=xs;
880 ok=(*cb)(1,ctx);
881 if (!ok) goto end;
882
883 n--;
884 if (n >= 0)
885 {
886 xi=xs;
887 xs=sk_X509_value(ctx->chain,n);
888 }
889 }
890 ok=1;
891end:
892 return ok;
893 }
894
895int X509_cmp_current_time(ASN1_TIME *ctm)
896{
897 return X509_cmp_time(ctm, NULL);
898}
899
900int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
901 {
902 char *str;
903 ASN1_TIME atm;
904 long offset;
905 char buff1[24],buff2[24],*p;
906 int i,j;
907
908 p=buff1;
909 i=ctm->length;
910 str=(char *)ctm->data;
911 if (ctm->type == V_ASN1_UTCTIME)
912 {
913 if ((i < 11) || (i > 17)) return 0;
914 memcpy(p,str,10);
915 p+=10;
916 str+=10;
917 }
918 else
919 {
920 if (i < 13) return 0;
921 memcpy(p,str,12);
922 p+=12;
923 str+=12;
924 }
925
926 if ((*str == 'Z') || (*str == '-') || (*str == '+'))
927 { *(p++)='0'; *(p++)='0'; }
928 else
929 {
930 *(p++)= *(str++);
931 *(p++)= *(str++);
932 /* Skip any fractional seconds... */
933 if (*str == '.')
934 {
935 str++;
936 while ((*str >= '0') && (*str <= '9')) str++;
937 }
938
939 }
940 *(p++)='Z';
941 *(p++)='\0';
942
943 if (*str == 'Z')
944 offset=0;
945 else
946 {
947 if ((*str != '+') && (*str != '-'))
948 return 0;
949 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
950 offset+=(str[3]-'0')*10+(str[4]-'0');
951 if (*str == '-')
952 offset= -offset;
953 }
954 atm.type=ctm->type;
955 atm.length=sizeof(buff2);
956 atm.data=(unsigned char *)buff2;
957
958 if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
959 return 0;
960
961 if (ctm->type == V_ASN1_UTCTIME)
962 {
963 i=(buff1[0]-'0')*10+(buff1[1]-'0');
964 if (i < 50) i+=100; /* cf. RFC 2459 */
965 j=(buff2[0]-'0')*10+(buff2[1]-'0');
966 if (j < 50) j+=100;
967
968 if (i < j) return -1;
969 if (i > j) return 1;
970 }
971 i=strcmp(buff1,buff2);
972 if (i == 0) /* wait a second then return younger :-) */
973 return -1;
974 else
975 return i;
976 }
977
978ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
979{
980 return X509_time_adj(s, adj, NULL);
981}
982
983ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
984 {
985 time_t t;
986 int type = -1;
987
988 if (in_tm) t = *in_tm;
989 else time(&t);
990
991 t+=adj;
992 if (s) type = s->type;
993 if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
994 if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
995 return ASN1_TIME_set(s, t);
996 }
997
998int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
999 {
1000 EVP_PKEY *ktmp=NULL,*ktmp2;
1001 int i,j;
1002
1003 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
1004
1005 for (i=0; i<sk_X509_num(chain); i++)
1006 {
1007 ktmp=X509_get_pubkey(sk_X509_value(chain,i));
1008 if (ktmp == NULL)
1009 {
1010 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
1011 return 0;
1012 }
1013 if (!EVP_PKEY_missing_parameters(ktmp))
1014 break;
1015 else
1016 {
1017 EVP_PKEY_free(ktmp);
1018 ktmp=NULL;
1019 }
1020 }
1021 if (ktmp == NULL)
1022 {
1023 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
1024 return 0;
1025 }
1026
1027 /* first, populate the other certs */
1028 for (j=i-1; j >= 0; j--)
1029 {
1030 ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
1031 EVP_PKEY_copy_parameters(ktmp2,ktmp);
1032 EVP_PKEY_free(ktmp2);
1033 }
1034
1035 if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
1036 EVP_PKEY_free(ktmp);
1037 return 1;
1038 }
1039
1040int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1041 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
1042 {
1043 /* This function is (usually) called only once, by
1044 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
1045 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
1046 new_func, dup_func, free_func);
1047 }
1048
1049int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
1050 {
1051 return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
1052 }
1053
1054void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
1055 {
1056 return CRYPTO_get_ex_data(&ctx->ex_data,idx);
1057 }
1058
1059int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
1060 {
1061 return ctx->error;
1062 }
1063
1064void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
1065 {
1066 ctx->error=err;
1067 }
1068
1069int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
1070 {
1071 return ctx->error_depth;
1072 }
1073
1074X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
1075 {
1076 return ctx->current_cert;
1077 }
1078
1079STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
1080 {
1081 return ctx->chain;
1082 }
1083
1084STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
1085 {
1086 int i;
1087 X509 *x;
1088 STACK_OF(X509) *chain;
1089 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
1090 for (i = 0; i < sk_X509_num(chain); i++)
1091 {
1092 x = sk_X509_value(chain, i);
1093 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1094 }
1095 return chain;
1096 }
1097
1098void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
1099 {
1100 ctx->cert=x;
1101 }
1102
1103void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
1104 {
1105 ctx->untrusted=sk;
1106 }
1107
1108int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
1109 {
1110 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
1111 }
1112
1113int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
1114 {
1115 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
1116 }
1117
1118/* This function is used to set the X509_STORE_CTX purpose and trust
1119 * values. This is intended to be used when another structure has its
1120 * own trust and purpose values which (if set) will be inherited by
1121 * the ctx. If they aren't set then we will usually have a default
1122 * purpose in mind which should then be used to set the trust value.
1123 * An example of this is SSL use: an SSL structure will have its own
1124 * purpose and trust settings which the application can set: if they
1125 * aren't set then we use the default of SSL client/server.
1126 */
1127
1128int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
1129 int purpose, int trust)
1130{
1131 int idx;
1132 /* If purpose not set use default */
1133 if (!purpose) purpose = def_purpose;
1134 /* If we have a purpose then check it is valid */
1135 if (purpose)
1136 {
1137 X509_PURPOSE *ptmp;
1138 idx = X509_PURPOSE_get_by_id(purpose);
1139 if (idx == -1)
1140 {
1141 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1142 X509_R_UNKNOWN_PURPOSE_ID);
1143 return 0;
1144 }
1145 ptmp = X509_PURPOSE_get0(idx);
1146 if (ptmp->trust == X509_TRUST_DEFAULT)
1147 {
1148 idx = X509_PURPOSE_get_by_id(def_purpose);
1149 if (idx == -1)
1150 {
1151 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1152 X509_R_UNKNOWN_PURPOSE_ID);
1153 return 0;
1154 }
1155 ptmp = X509_PURPOSE_get0(idx);
1156 }
1157 /* If trust not set then get from purpose default */
1158 if (!trust) trust = ptmp->trust;
1159 }
1160 if (trust)
1161 {
1162 idx = X509_TRUST_get_by_id(trust);
1163 if (idx == -1)
1164 {
1165 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
1166 X509_R_UNKNOWN_TRUST_ID);
1167 return 0;
1168 }
1169 }
1170
1171 if (purpose && !ctx->purpose) ctx->purpose = purpose;
1172 if (trust && !ctx->trust) ctx->trust = trust;
1173 return 1;
1174}
1175
1176X509_STORE_CTX *X509_STORE_CTX_new(void)
1177{
1178 X509_STORE_CTX *ctx;
1179 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
1180 if (!ctx)
1181 {
1182 X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
1183 return NULL;
1184 }
1185 memset(ctx, 0, sizeof(X509_STORE_CTX));
1186 return ctx;
1187}
1188
1189void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
1190{
1191 X509_STORE_CTX_cleanup(ctx);
1192 OPENSSL_free(ctx);
1193}
1194
1195int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
1196 STACK_OF(X509) *chain)
1197 {
1198 ctx->ctx=store;
1199 ctx->current_method=0;
1200 ctx->cert=x509;
1201 ctx->untrusted=chain;
1202 ctx->last_untrusted=0;
1203 ctx->check_time=0;
1204 ctx->other_ctx=NULL;
1205 ctx->valid=0;
1206 ctx->chain=NULL;
1207 ctx->depth=9;
1208 ctx->error=0;
1209 ctx->error_depth=0;
1210 ctx->current_cert=NULL;
1211 ctx->current_issuer=NULL;
1212
1213 /* Inherit callbacks and flags from X509_STORE if not set
1214 * use defaults.
1215 */
1216
1217
1218 if (store)
1219 {
1220 ctx->purpose=store->purpose;
1221 ctx->trust=store->trust;
1222 ctx->flags = store->flags;
1223 ctx->cleanup = store->cleanup;
1224 }
1225 else
1226 {
1227 ctx->purpose = 0;
1228 ctx->trust = 0;
1229 ctx->flags = 0;
1230 ctx->cleanup = 0;
1231 }
1232
1233 if (store && store->check_issued)
1234 ctx->check_issued = store->check_issued;
1235 else
1236 ctx->check_issued = check_issued;
1237
1238 if (store && store->get_issuer)
1239 ctx->get_issuer = store->get_issuer;
1240 else
1241 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
1242
1243 if (store && store->verify_cb)
1244 ctx->verify_cb = store->verify_cb;
1245 else
1246 ctx->verify_cb = null_callback;
1247
1248 if (store && store->verify)
1249 ctx->verify = store->verify;
1250 else
1251 ctx->verify = internal_verify;
1252
1253 if (store && store->check_revocation)
1254 ctx->check_revocation = store->check_revocation;
1255 else
1256 ctx->check_revocation = check_revocation;
1257
1258 if (store && store->get_crl)
1259 ctx->get_crl = store->get_crl;
1260 else
1261 ctx->get_crl = get_crl;
1262
1263 if (store && store->check_crl)
1264 ctx->check_crl = store->check_crl;
1265 else
1266 ctx->check_crl = check_crl;
1267
1268 if (store && store->cert_crl)
1269 ctx->cert_crl = store->cert_crl;
1270 else
1271 ctx->cert_crl = cert_crl;
1272
1273
1274 /* This memset() can't make any sense anyway, so it's removed. As
1275 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
1276 * corresponding "new" here and remove this bogus initialisation. */
1277 /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
1278 if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
1279 &(ctx->ex_data)))
1280 {
1281 OPENSSL_free(ctx);
1282 X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
1283 return 0;
1284 }
1285 return 1;
1286 }
1287
1288/* Set alternative lookup method: just a STACK of trusted certificates.
1289 * This avoids X509_STORE nastiness where it isn't needed.
1290 */
1291
1292void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
1293{
1294 ctx->other_ctx = sk;
1295 ctx->get_issuer = get_issuer_sk;
1296}
1297
1298void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
1299 {
1300 if (ctx->cleanup) ctx->cleanup(ctx);
1301 if (ctx->chain != NULL)
1302 {
1303 sk_X509_pop_free(ctx->chain,X509_free);
1304 ctx->chain=NULL;
1305 }
1306 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
1307 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
1308 }
1309
1310void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
1311 {
1312 ctx->flags |= flags;
1313 }
1314
1315void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
1316 {
1317 ctx->check_time = t;
1318 ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
1319 }
1320
1321void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
1322 int (*verify_cb)(int, X509_STORE_CTX *))
1323 {
1324 ctx->verify_cb=verify_cb;
1325 }
1326
1327IMPLEMENT_STACK_OF(X509)
1328IMPLEMENT_ASN1_SET_OF(X509)
1329
1330IMPLEMENT_STACK_OF(X509_NAME)
1331
1332IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
1333IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
deleted file mode 100644
index 7fd1f0bc4d..0000000000
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ /dev/null
@@ -1,422 +0,0 @@
1/* crypto/x509/x509_vfy.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_X509_H
60#include <openssl/x509.h>
61/* openssl/x509.h ends up #include-ing this file at about the only
62 * appropriate moment. */
63#endif
64
65#ifndef HEADER_X509_VFY_H
66#define HEADER_X509_VFY_H
67
68#ifndef OPENSSL_NO_LHASH
69#include <openssl/lhash.h>
70#endif
71#include <openssl/bio.h>
72#include <openssl/crypto.h>
73#include <openssl/symhacks.h>
74
75#ifdef __cplusplus
76extern "C" {
77#endif
78
79/* Outer object */
80typedef struct x509_hash_dir_st
81 {
82 int num_dirs;
83 char **dirs;
84 int *dirs_type;
85 int num_dirs_alloced;
86 } X509_HASH_DIR_CTX;
87
88typedef struct x509_file_st
89 {
90 int num_paths; /* number of paths to files or directories */
91 int num_alloced;
92 char **paths; /* the list of paths or directories */
93 int *path_type;
94 } X509_CERT_FILE_CTX;
95
96/*******************************/
97/*
98SSL_CTX -> X509_STORE
99 -> X509_LOOKUP
100 ->X509_LOOKUP_METHOD
101 -> X509_LOOKUP
102 ->X509_LOOKUP_METHOD
103
104SSL -> X509_STORE_CTX
105 ->X509_STORE
106
107The X509_STORE holds the tables etc for verification stuff.
108A X509_STORE_CTX is used while validating a single certificate.
109The X509_STORE has X509_LOOKUPs for looking up certs.
110The X509_STORE then calls a function to actually verify the
111certificate chain.
112*/
113
114#define X509_LU_RETRY -1
115#define X509_LU_FAIL 0
116#define X509_LU_X509 1
117#define X509_LU_CRL 2
118#define X509_LU_PKEY 3
119
120typedef struct x509_object_st
121 {
122 /* one of the above types */
123 int type;
124 union {
125 char *ptr;
126 X509 *x509;
127 X509_CRL *crl;
128 EVP_PKEY *pkey;
129 } data;
130 } X509_OBJECT;
131
132typedef struct x509_lookup_st X509_LOOKUP;
133
134DECLARE_STACK_OF(X509_LOOKUP)
135DECLARE_STACK_OF(X509_OBJECT)
136
137/* This is a static that defines the function interface */
138typedef struct x509_lookup_method_st
139 {
140 const char *name;
141 int (*new_item)(X509_LOOKUP *ctx);
142 void (*free)(X509_LOOKUP *ctx);
143 int (*init)(X509_LOOKUP *ctx);
144 int (*shutdown)(X509_LOOKUP *ctx);
145 int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
146 char **ret);
147 int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
148 X509_OBJECT *ret);
149 int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
150 ASN1_INTEGER *serial,X509_OBJECT *ret);
151 int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
152 unsigned char *bytes,int len,
153 X509_OBJECT *ret);
154 int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
155 X509_OBJECT *ret);
156 } X509_LOOKUP_METHOD;
157
158/* This is used to hold everything. It is used for all certificate
159 * validation. Once we have a certificate chain, the 'verify'
160 * function is then called to actually check the cert chain. */
161struct x509_store_st
162 {
163 /* The following is a cache of trusted certs */
164 int cache; /* if true, stash any hits */
165 STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
166
167 /* These are external lookup methods */
168 STACK_OF(X509_LOOKUP) *get_cert_methods;
169
170 /* The following fields are not used by X509_STORE but are
171 * inherited by X509_STORE_CTX when it is initialised.
172 */
173
174 unsigned long flags; /* Various verify flags */
175 int purpose;
176 int trust;
177 /* Callbacks for various operations */
178 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
179 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
180 int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
181 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
182 int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
183 int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
184 int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
185 int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
186 int (*cleanup)(X509_STORE_CTX *ctx);
187
188 CRYPTO_EX_DATA ex_data;
189 int references;
190 int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
191 } /* X509_STORE */;
192
193#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d))
194
195#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
196#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
197
198/* This is the functions plus an instance of the local variables. */
199struct x509_lookup_st
200 {
201 int init; /* have we been started */
202 int skip; /* don't use us. */
203 X509_LOOKUP_METHOD *method; /* the functions */
204 char *method_data; /* method data */
205
206 X509_STORE *store_ctx; /* who owns us */
207 } /* X509_LOOKUP */;
208
209/* This is a used when verifying cert chains. Since the
210 * gathering of the cert chain can take some time (and have to be
211 * 'retried', this needs to be kept and passed around. */
212struct x509_store_ctx_st /* X509_STORE_CTX */
213 {
214 X509_STORE *ctx;
215 int current_method; /* used when looking up certs */
216
217 /* The following are set by the caller */
218 X509 *cert; /* The cert to check */
219 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
220 int purpose; /* purpose to check untrusted certificates */
221 int trust; /* trust setting to check */
222 time_t check_time; /* time to make verify at */
223 unsigned long flags; /* Various verify flags */
224 void *other_ctx; /* Other info for use with get_issuer() */
225
226 /* Callbacks for various operations */
227 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
228 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
229 int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
230 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
231 int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
232 int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
233 int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
234 int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
235 int (*cleanup)(X509_STORE_CTX *ctx);
236
237 /* The following is built up */
238 int depth; /* how far to go looking up certs */
239 int valid; /* if 0, rebuild chain */
240 int last_untrusted; /* index of last untrusted cert */
241 STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
242
243 /* When something goes wrong, this is why */
244 int error_depth;
245 int error;
246 X509 *current_cert;
247 X509 *current_issuer; /* cert currently being tested as valid issuer */
248 X509_CRL *current_crl; /* current CRL */
249
250 CRYPTO_EX_DATA ex_data;
251 } /* X509_STORE_CTX */;
252
253#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d))
254
255#define X509_STORE_CTX_set_app_data(ctx,data) \
256 X509_STORE_CTX_set_ex_data(ctx,0,data)
257#define X509_STORE_CTX_get_app_data(ctx) \
258 X509_STORE_CTX_get_ex_data(ctx,0)
259
260#define X509_L_FILE_LOAD 1
261#define X509_L_ADD_DIR 2
262
263#define X509_LOOKUP_load_file(x,name,type) \
264 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
265
266#define X509_LOOKUP_add_dir(x,name,type) \
267 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
268
269#define X509_V_OK 0
270/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
271
272#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
273#define X509_V_ERR_UNABLE_TO_GET_CRL 3
274#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
275#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
276#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
277#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
278#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
279#define X509_V_ERR_CERT_NOT_YET_VALID 9
280#define X509_V_ERR_CERT_HAS_EXPIRED 10
281#define X509_V_ERR_CRL_NOT_YET_VALID 11
282#define X509_V_ERR_CRL_HAS_EXPIRED 12
283#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
284#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
285#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
286#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
287#define X509_V_ERR_OUT_OF_MEM 17
288#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
289#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
290#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
291#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
292#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
293#define X509_V_ERR_CERT_REVOKED 23
294#define X509_V_ERR_INVALID_CA 24
295#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
296#define X509_V_ERR_INVALID_PURPOSE 26
297#define X509_V_ERR_CERT_UNTRUSTED 27
298#define X509_V_ERR_CERT_REJECTED 28
299/* These are 'informational' when looking for issuer cert */
300#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
301#define X509_V_ERR_AKID_SKID_MISMATCH 30
302#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
303#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
304
305#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
306#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
307#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
308#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
309#define X509_V_ERR_INVALID_NON_CA 37
310#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
311#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
312#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
313
314/* The application is not happy */
315#define X509_V_ERR_APPLICATION_VERIFICATION 50
316
317/* Certificate verify flags */
318
319/* Send issuer+subject checks to verify_cb */
320#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
321/* Use check time instead of current time */
322#define X509_V_FLAG_USE_CHECK_TIME 0x2
323/* Lookup CRLs */
324#define X509_V_FLAG_CRL_CHECK 0x4
325/* Lookup CRLs for whole chain */
326#define X509_V_FLAG_CRL_CHECK_ALL 0x8
327/* Ignore unhandled critical extensions */
328#define X509_V_FLAG_IGNORE_CRITICAL 0x10
329/* Disable workarounds for broken certificates */
330#define X509_V_FLAG_X509_STRICT 0x20
331/* Enable proxy certificate validation */
332#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
333
334int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
335 X509_NAME *name);
336X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
337X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
338void X509_OBJECT_up_ref_count(X509_OBJECT *a);
339void X509_OBJECT_free_contents(X509_OBJECT *a);
340X509_STORE *X509_STORE_new(void );
341void X509_STORE_free(X509_STORE *v);
342
343void X509_STORE_set_flags(X509_STORE *ctx, long flags);
344int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
345int X509_STORE_set_trust(X509_STORE *ctx, int trust);
346
347X509_STORE_CTX *X509_STORE_CTX_new(void);
348
349int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
350
351void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
352int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
353 X509 *x509, STACK_OF(X509) *chain);
354void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
355void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
356
357X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
358
359X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
360X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
361
362int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
363int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
364
365int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
366 X509_OBJECT *ret);
367
368int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
369 long argl, char **ret);
370
371#ifndef OPENSSL_NO_STDIO
372int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
373int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
374int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
375#endif
376
377
378X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
379void X509_LOOKUP_free(X509_LOOKUP *ctx);
380int X509_LOOKUP_init(X509_LOOKUP *ctx);
381int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
382 X509_OBJECT *ret);
383int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
384 ASN1_INTEGER *serial, X509_OBJECT *ret);
385int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
386 unsigned char *bytes, int len, X509_OBJECT *ret);
387int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
388 int len, X509_OBJECT *ret);
389int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
390
391#ifndef OPENSSL_NO_STDIO
392int X509_STORE_load_locations (X509_STORE *ctx,
393 const char *file, const char *dir);
394int X509_STORE_set_default_paths(X509_STORE *ctx);
395#endif
396
397int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
398 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
399int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
400void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
401int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
402void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
403int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
404X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
405STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
406STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
407void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
408void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
409int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
410int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
411int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
412 int purpose, int trust);
413void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
414void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
415void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
416 int (*verify_cb)(int, X509_STORE_CTX *));
417
418#ifdef __cplusplus
419}
420#endif
421#endif
422
diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c
deleted file mode 100644
index 9d1646d5c8..0000000000
--- a/src/lib/libcrypto/x509/x509cset.c
+++ /dev/null
@@ -1,170 +0,0 @@
1/* crypto/x509/x509cset.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_CRL_set_version(X509_CRL *x, long version)
67 {
68 if (x == NULL) return(0);
69 if (x->crl->version == NULL)
70 {
71 if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
72 return(0);
73 }
74 return(ASN1_INTEGER_set(x->crl->version,version));
75 }
76
77int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
78 {
79 if ((x == NULL) || (x->crl == NULL)) return(0);
80 return(X509_NAME_set(&x->crl->issuer,name));
81 }
82
83
84int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
85 {
86 ASN1_TIME *in;
87
88 if (x == NULL) return(0);
89 in=x->crl->lastUpdate;
90 if (in != tm)
91 {
92 in=M_ASN1_TIME_dup(tm);
93 if (in != NULL)
94 {
95 M_ASN1_TIME_free(x->crl->lastUpdate);
96 x->crl->lastUpdate=in;
97 }
98 }
99 return(in != NULL);
100 }
101
102int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
103 {
104 ASN1_TIME *in;
105
106 if (x == NULL) return(0);
107 in=x->crl->nextUpdate;
108 if (in != tm)
109 {
110 in=M_ASN1_TIME_dup(tm);
111 if (in != NULL)
112 {
113 M_ASN1_TIME_free(x->crl->nextUpdate);
114 x->crl->nextUpdate=in;
115 }
116 }
117 return(in != NULL);
118 }
119
120int X509_CRL_sort(X509_CRL *c)
121 {
122 int i;
123 X509_REVOKED *r;
124 /* sort the data so it will be written in serial
125 * number order */
126 sk_X509_REVOKED_sort(c->crl->revoked);
127 for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
128 {
129 r=sk_X509_REVOKED_value(c->crl->revoked,i);
130 r->sequence=i;
131 }
132 c->crl->enc.modified = 1;
133 return 1;
134 }
135
136int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
137 {
138 ASN1_TIME *in;
139
140 if (x == NULL) return(0);
141 in=x->revocationDate;
142 if (in != tm)
143 {
144 in=M_ASN1_TIME_dup(tm);
145 if (in != NULL)
146 {
147 M_ASN1_TIME_free(x->revocationDate);
148 x->revocationDate=in;
149 }
150 }
151 return(in != NULL);
152 }
153
154int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
155 {
156 ASN1_INTEGER *in;
157
158 if (x == NULL) return(0);
159 in=x->serialNumber;
160 if (in != serial)
161 {
162 in=M_ASN1_INTEGER_dup(serial);
163 if (in != NULL)
164 {
165 M_ASN1_INTEGER_free(x->serialNumber);
166 x->serialNumber=in;
167 }
168 }
169 return(in != NULL);
170 }
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
deleted file mode 100644
index 068abfe5f0..0000000000
--- a/src/lib/libcrypto/x509/x509name.c
+++ /dev/null
@@ -1,383 +0,0 @@
1/* crypto/x509/x509name.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/stack.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
68 {
69 ASN1_OBJECT *obj;
70
71 obj=OBJ_nid2obj(nid);
72 if (obj == NULL) return(-1);
73 return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
74 }
75
76int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
77 int len)
78 {
79 int i;
80 ASN1_STRING *data;
81
82 i=X509_NAME_get_index_by_OBJ(name,obj,-1);
83 if (i < 0) return(-1);
84 data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
85 i=(data->length > (len-1))?(len-1):data->length;
86 if (buf == NULL) return(data->length);
87 memcpy(buf,data->data,i);
88 buf[i]='\0';
89 return(i);
90 }
91
92int X509_NAME_entry_count(X509_NAME *name)
93 {
94 if (name == NULL) return(0);
95 return(sk_X509_NAME_ENTRY_num(name->entries));
96 }
97
98int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
99 {
100 ASN1_OBJECT *obj;
101
102 obj=OBJ_nid2obj(nid);
103 if (obj == NULL) return(-2);
104 return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
105 }
106
107/* NOTE: you should be passsing -1, not 0 as lastpos */
108int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
109 int lastpos)
110 {
111 int n;
112 X509_NAME_ENTRY *ne;
113 STACK_OF(X509_NAME_ENTRY) *sk;
114
115 if (name == NULL) return(-1);
116 if (lastpos < 0)
117 lastpos= -1;
118 sk=name->entries;
119 n=sk_X509_NAME_ENTRY_num(sk);
120 for (lastpos++; lastpos < n; lastpos++)
121 {
122 ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
123 if (OBJ_cmp(ne->object,obj) == 0)
124 return(lastpos);
125 }
126 return(-1);
127 }
128
129X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
130 {
131 if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
132 || loc < 0)
133 return(NULL);
134 else
135 return(sk_X509_NAME_ENTRY_value(name->entries,loc));
136 }
137
138X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
139 {
140 X509_NAME_ENTRY *ret;
141 int i,n,set_prev,set_next;
142 STACK_OF(X509_NAME_ENTRY) *sk;
143
144 if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
145 || loc < 0)
146 return(NULL);
147 sk=name->entries;
148 ret=sk_X509_NAME_ENTRY_delete(sk,loc);
149 n=sk_X509_NAME_ENTRY_num(sk);
150 name->modified=1;
151 if (loc == n) return(ret);
152
153 /* else we need to fixup the set field */
154 if (loc != 0)
155 set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
156 else
157 set_prev=ret->set-1;
158 set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
159
160 /* set_prev is the previous set
161 * set is the current set
162 * set_next is the following
163 * prev 1 1 1 1 1 1 1 1
164 * set 1 1 2 2
165 * next 1 1 2 2 2 2 3 2
166 * so basically only if prev and next differ by 2, then
167 * re-number down by 1 */
168 if (set_prev+1 < set_next)
169 for (i=loc; i<n; i++)
170 sk_X509_NAME_ENTRY_value(sk,i)->set--;
171 return(ret);
172 }
173
174int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
175 unsigned char *bytes, int len, int loc, int set)
176{
177 X509_NAME_ENTRY *ne;
178 int ret;
179 ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
180 if(!ne) return 0;
181 ret = X509_NAME_add_entry(name, ne, loc, set);
182 X509_NAME_ENTRY_free(ne);
183 return ret;
184}
185
186int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
187 unsigned char *bytes, int len, int loc, int set)
188{
189 X509_NAME_ENTRY *ne;
190 int ret;
191 ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
192 if(!ne) return 0;
193 ret = X509_NAME_add_entry(name, ne, loc, set);
194 X509_NAME_ENTRY_free(ne);
195 return ret;
196}
197
198int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
199 const unsigned char *bytes, int len, int loc, int set)
200{
201 X509_NAME_ENTRY *ne;
202 int ret;
203 ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
204 if(!ne) return 0;
205 ret = X509_NAME_add_entry(name, ne, loc, set);
206 X509_NAME_ENTRY_free(ne);
207 return ret;
208}
209
210/* if set is -1, append to previous set, 0 'a new one', and 1,
211 * prepend to the guy we are about to stomp on. */
212int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
213 int set)
214 {
215 X509_NAME_ENTRY *new_name=NULL;
216 int n,i,inc;
217 STACK_OF(X509_NAME_ENTRY) *sk;
218
219 if (name == NULL) return(0);
220 sk=name->entries;
221 n=sk_X509_NAME_ENTRY_num(sk);
222 if (loc > n) loc=n;
223 else if (loc < 0) loc=n;
224
225 name->modified=1;
226
227 if (set == -1)
228 {
229 if (loc == 0)
230 {
231 set=0;
232 inc=1;
233 }
234 else
235 {
236 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
237 inc=0;
238 }
239 }
240 else /* if (set >= 0) */
241 {
242 if (loc >= n)
243 {
244 if (loc != 0)
245 set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
246 else
247 set=0;
248 }
249 else
250 set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
251 inc=(set == 0)?1:0;
252 }
253
254 if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
255 goto err;
256 new_name->set=set;
257 if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
258 {
259 X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
260 goto err;
261 }
262 if (inc)
263 {
264 n=sk_X509_NAME_ENTRY_num(sk);
265 for (i=loc+1; i<n; i++)
266 sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
267 }
268 return(1);
269err:
270 if (new_name != NULL)
271 X509_NAME_ENTRY_free(new_name);
272 return(0);
273 }
274
275X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
276 const char *field, int type, const unsigned char *bytes, int len)
277 {
278 ASN1_OBJECT *obj;
279 X509_NAME_ENTRY *nentry;
280
281 obj=OBJ_txt2obj(field, 0);
282 if (obj == NULL)
283 {
284 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
285 X509_R_INVALID_FIELD_NAME);
286 ERR_add_error_data(2, "name=", field);
287 return(NULL);
288 }
289 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
290 ASN1_OBJECT_free(obj);
291 return nentry;
292 }
293
294X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
295 int type, unsigned char *bytes, int len)
296 {
297 ASN1_OBJECT *obj;
298 X509_NAME_ENTRY *nentry;
299
300 obj=OBJ_nid2obj(nid);
301 if (obj == NULL)
302 {
303 X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
304 return(NULL);
305 }
306 nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
307 ASN1_OBJECT_free(obj);
308 return nentry;
309 }
310
311X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
312 ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len)
313 {
314 X509_NAME_ENTRY *ret;
315
316 if ((ne == NULL) || (*ne == NULL))
317 {
318 if ((ret=X509_NAME_ENTRY_new()) == NULL)
319 return(NULL);
320 }
321 else
322 ret= *ne;
323
324 if (!X509_NAME_ENTRY_set_object(ret,obj))
325 goto err;
326 if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
327 goto err;
328
329 if ((ne != NULL) && (*ne == NULL)) *ne=ret;
330 return(ret);
331err:
332 if ((ne == NULL) || (ret != *ne))
333 X509_NAME_ENTRY_free(ret);
334 return(NULL);
335 }
336
337int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
338 {
339 if ((ne == NULL) || (obj == NULL))
340 {
341 X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
342 return(0);
343 }
344 ASN1_OBJECT_free(ne->object);
345 ne->object=OBJ_dup(obj);
346 return((ne->object == NULL)?0:1);
347 }
348
349int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
350 const unsigned char *bytes, int len)
351 {
352 int i;
353
354 if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
355 if((type > 0) && (type & MBSTRING_FLAG))
356 return ASN1_STRING_set_by_NID(&ne->value, bytes,
357 len, type,
358 OBJ_obj2nid(ne->object)) ? 1 : 0;
359 if (len < 0) len=strlen((char *)bytes);
360 i=ASN1_STRING_set(ne->value,bytes,len);
361 if (!i) return(0);
362 if (type != V_ASN1_UNDEF)
363 {
364 if (type == V_ASN1_APP_CHOOSE)
365 ne->value->type=ASN1_PRINTABLE_type(bytes,len);
366 else
367 ne->value->type=type;
368 }
369 return(1);
370 }
371
372ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
373 {
374 if (ne == NULL) return(NULL);
375 return(ne->object);
376 }
377
378ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
379 {
380 if (ne == NULL) return(NULL);
381 return(ne->value);
382 }
383
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
deleted file mode 100644
index d9f6b57372..0000000000
--- a/src/lib/libcrypto/x509/x509rset.c
+++ /dev/null
@@ -1,83 +0,0 @@
1/* crypto/x509/x509rset.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65
66int X509_REQ_set_version(X509_REQ *x, long version)
67 {
68 if (x == NULL) return(0);
69 return(ASN1_INTEGER_set(x->req_info->version,version));
70 }
71
72int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
73 {
74 if ((x == NULL) || (x->req_info == NULL)) return(0);
75 return(X509_NAME_set(&x->req_info->subject,name));
76 }
77
78int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
79 {
80 if ((x == NULL) || (x->req_info == NULL)) return(0);
81 return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
82 }
83
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
deleted file mode 100644
index 4c3af946ec..0000000000
--- a/src/lib/libcrypto/x509/x509spki.c
+++ /dev/null
@@ -1,120 +0,0 @@
1/* x509spki.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509.h>
62
63int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
64{
65 if ((x == NULL) || (x->spkac == NULL)) return(0);
66 return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
67}
68
69EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
70{
71 if ((x == NULL) || (x->spkac == NULL))
72 return(NULL);
73 return(X509_PUBKEY_get(x->spkac->pubkey));
74}
75
76/* Load a Netscape SPKI from a base64 encoded string */
77
78NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
79{
80 unsigned char *spki_der, *p;
81 int spki_len;
82 NETSCAPE_SPKI *spki;
83 if(len <= 0) len = strlen(str);
84 if (!(spki_der = OPENSSL_malloc(len + 1))) {
85 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
86 return NULL;
87 }
88 spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
89 if(spki_len < 0) {
90 X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
91 X509_R_BASE64_DECODE_ERROR);
92 OPENSSL_free(spki_der);
93 return NULL;
94 }
95 p = spki_der;
96 spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
97 OPENSSL_free(spki_der);
98 return spki;
99}
100
101/* Generate a base64 encoded string from an SPKI */
102
103char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
104{
105 unsigned char *der_spki, *p;
106 char *b64_str;
107 int der_len;
108 der_len = i2d_NETSCAPE_SPKI(spki, NULL);
109 der_spki = OPENSSL_malloc(der_len);
110 b64_str = OPENSSL_malloc(der_len * 2);
111 if(!der_spki || !b64_str) {
112 X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
113 return NULL;
114 }
115 p = der_spki;
116 i2d_NETSCAPE_SPKI(spki, &p);
117 EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
118 OPENSSL_free(der_spki);
119 return b64_str;
120}
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
deleted file mode 100644
index c25959a742..0000000000
--- a/src/lib/libcrypto/x509/x509type.c
+++ /dev/null
@@ -1,115 +0,0 @@
1/* crypto/x509/x509type.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/evp.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64
65int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
66 {
67 EVP_PKEY *pk;
68 int ret=0,i;
69
70 if (x == NULL) return(0);
71
72 if (pkey == NULL)
73 pk=X509_get_pubkey(x);
74 else
75 pk=pkey;
76
77 if (pk == NULL) return(0);
78
79 switch (pk->type)
80 {
81 case EVP_PKEY_RSA:
82 ret=EVP_PK_RSA|EVP_PKT_SIGN;
83/* if (!sign only extension) */
84 ret|=EVP_PKT_ENC;
85 break;
86 case EVP_PKEY_DSA:
87 ret=EVP_PK_DSA|EVP_PKT_SIGN;
88 break;
89 case EVP_PKEY_DH:
90 ret=EVP_PK_DH|EVP_PKT_EXCH;
91 break;
92 default:
93 break;
94 }
95
96 i=X509_get_signature_type(x);
97 switch (i)
98 {
99 case EVP_PKEY_RSA:
100 ret|=EVP_PKS_RSA;
101 break;
102 case EVP_PKEY_DSA:
103 ret|=EVP_PKS_DSA;
104 break;
105 default:
106 break;
107 }
108
109 if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
110 for, not bytes */
111 ret|=EVP_PKT_EXP;
112 if(pkey==NULL) EVP_PKEY_free(pk);
113 return(ret);
114 }
115
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
deleted file mode 100644
index ac6dea493a..0000000000
--- a/src/lib/libcrypto/x509/x_all.c
+++ /dev/null
@@ -1,489 +0,0 @@
1/* crypto/x509/x_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include <openssl/stack.h>
62#include "cryptlib.h"
63#include <openssl/buffer.h>
64#include <openssl/asn1.h>
65#include <openssl/evp.h>
66#include <openssl/x509.h>
67
68int X509_verify(X509 *a, EVP_PKEY *r)
69 {
70 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
71 a->signature,a->cert_info,r));
72 }
73
74int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
75 {
76 return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
77 a->sig_alg,a->signature,a->req_info,r));
78 }
79
80int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
81 {
82 return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
83 a->sig_alg, a->signature,a->crl,r));
84 }
85
86int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
87 {
88 return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
89 a->sig_algor,a->signature,a->spkac,r));
90 }
91
92int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
93 {
94 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
95 x->sig_alg, x->signature, x->cert_info,pkey,md));
96 }
97
98int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
99 {
100 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
101 x->signature, x->req_info,pkey,md));
102 }
103
104int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
105 {
106 x->crl->enc.modified = 1;
107 return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
108 x->sig_alg, x->signature, x->crl,pkey,md));
109 }
110
111int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
112 {
113 return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
114 x->signature, x->spkac,pkey,md));
115 }
116
117#ifndef OPENSSL_NO_FP_API
118X509 *d2i_X509_fp(FILE *fp, X509 **x509)
119 {
120 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
121 }
122
123int i2d_X509_fp(FILE *fp, X509 *x509)
124 {
125 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
126 }
127#endif
128
129X509 *d2i_X509_bio(BIO *bp, X509 **x509)
130 {
131 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
132 }
133
134int i2d_X509_bio(BIO *bp, X509 *x509)
135 {
136 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
137 }
138
139#ifndef OPENSSL_NO_FP_API
140X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
141 {
142 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
143 }
144
145int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
146 {
147 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
148 }
149#endif
150
151X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
152 {
153 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
154 }
155
156int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
157 {
158 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
159 }
160
161#ifndef OPENSSL_NO_FP_API
162PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
163 {
164 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
165 }
166
167int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
168 {
169 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
170 }
171#endif
172
173PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
174 {
175 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
176 }
177
178int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
179 {
180 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
181 }
182
183#ifndef OPENSSL_NO_FP_API
184X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
185 {
186 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
187 }
188
189int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
190 {
191 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
192 }
193#endif
194
195X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
196 {
197 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
198 }
199
200int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
201 {
202 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
203 }
204
205#ifndef OPENSSL_NO_RSA
206
207#ifndef OPENSSL_NO_FP_API
208RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
209 {
210 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
211 }
212
213int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
214 {
215 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
216 }
217
218RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
219 {
220 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
221 }
222
223
224RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
225 {
226 return((RSA *)ASN1_d2i_fp((char *(*)())
227 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
228 (unsigned char **)(rsa)));
229 }
230
231int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
232 {
233 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
234 }
235
236int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
237 {
238 return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
239 }
240#endif
241
242RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
243 {
244 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
245 }
246
247int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
248 {
249 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
250 }
251
252RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
253 {
254 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
255 }
256
257
258RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
259 {
260 return((RSA *)ASN1_d2i_bio((char *(*)())
261 RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
262 (unsigned char **)(rsa)));
263 }
264
265int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
266 {
267 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
268 }
269
270int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
271 {
272 return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
273 }
274#endif
275
276#ifndef OPENSSL_NO_DSA
277#ifndef OPENSSL_NO_FP_API
278DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
279 {
280 return((DSA *)ASN1_d2i_fp((char *(*)())
281 DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
282 (unsigned char **)(dsa)));
283 }
284
285int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
286 {
287 return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
288 }
289
290DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
291 {
292 return((DSA *)ASN1_d2i_fp((char *(*)())
293 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
294 (unsigned char **)(dsa)));
295 }
296
297int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
298 {
299 return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
300 }
301#endif
302
303DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
304 {
305 return((DSA *)ASN1_d2i_bio((char *(*)())
306 DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
307 (unsigned char **)(dsa)));
308 }
309
310int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
311 {
312 return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
313 }
314
315DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
316 {
317 return((DSA *)ASN1_d2i_bio((char *(*)())
318 DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
319 (unsigned char **)(dsa)));
320 }
321
322int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
323 {
324 return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
325 }
326
327#endif
328
329int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
330 unsigned int *len)
331 {
332 ASN1_BIT_STRING *key;
333 key = X509_get0_pubkey_bitstr(data);
334 if(!key) return 0;
335 return EVP_Digest(key->data, key->length, md, len, type, NULL);
336 }
337
338int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
339 unsigned int *len)
340 {
341 return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
342 }
343
344int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
345 unsigned int *len)
346 {
347 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
348 }
349
350int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
351 unsigned int *len)
352 {
353 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
354 }
355
356int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
357 unsigned int *len)
358 {
359 return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
360 }
361
362int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
363 unsigned char *md, unsigned int *len)
364 {
365 return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
366 (char *)data,md,len));
367 }
368
369
370#ifndef OPENSSL_NO_FP_API
371X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
372 {
373 return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
374 (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
375 }
376
377int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
378 {
379 return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
380 }
381#endif
382
383X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
384 {
385 return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
386 (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
387 }
388
389int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
390 {
391 return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
392 }
393
394#ifndef OPENSSL_NO_FP_API
395PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
396 PKCS8_PRIV_KEY_INFO **p8inf)
397 {
398 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
399 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
400 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
401 (unsigned char **)(p8inf)));
402 }
403
404int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
405 {
406 return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
407 }
408
409int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
410 {
411 PKCS8_PRIV_KEY_INFO *p8inf;
412 int ret;
413 p8inf = EVP_PKEY2PKCS8(key);
414 if(!p8inf) return 0;
415 ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
416 PKCS8_PRIV_KEY_INFO_free(p8inf);
417 return ret;
418 }
419
420int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
421 {
422 return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
423 }
424
425EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
426{
427 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
428 (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
429}
430
431int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
432 {
433 return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey));
434 }
435
436EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
437{
438 return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
439 (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a)));
440}
441
442#endif
443
444PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
445 PKCS8_PRIV_KEY_INFO **p8inf)
446 {
447 return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
448 (char *(*)())PKCS8_PRIV_KEY_INFO_new,
449 (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
450 (unsigned char **)(p8inf)));
451 }
452
453int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
454 {
455 return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
456 }
457
458int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
459 {
460 PKCS8_PRIV_KEY_INFO *p8inf;
461 int ret;
462 p8inf = EVP_PKEY2PKCS8(key);
463 if(!p8inf) return 0;
464 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
465 PKCS8_PRIV_KEY_INFO_free(p8inf);
466 return ret;
467 }
468
469int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
470 {
471 return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
472 }
473
474EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
475 {
476 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
477 (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
478 }
479
480int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
481 {
482 return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey));
483 }
484
485EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
486 {
487 return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
488 (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a)));
489 }
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
deleted file mode 100644
index d8328ac468..0000000000
--- a/src/lib/libcrypto/x509v3/ext_dat.h
+++ /dev/null
@@ -1,118 +0,0 @@
1/* ext_dat.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* This file contains a table of "standard" extensions */
59
60extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
61extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
62extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
63extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
64extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
65extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
66extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
67extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
68
69/* This table will be searched using OBJ_bsearch so it *must* kept in
70 * order of the ext_nid values.
71 */
72
73static X509V3_EXT_METHOD *standard_exts[] = {
74&v3_nscert,
75&v3_ns_ia5_list[0],
76&v3_ns_ia5_list[1],
77&v3_ns_ia5_list[2],
78&v3_ns_ia5_list[3],
79&v3_ns_ia5_list[4],
80&v3_ns_ia5_list[5],
81&v3_ns_ia5_list[6],
82&v3_skey_id,
83&v3_key_usage,
84&v3_pkey_usage_period,
85&v3_alt[0],
86&v3_alt[1],
87&v3_bcons,
88&v3_crl_num,
89&v3_cpols,
90&v3_akey_id,
91&v3_crld,
92&v3_ext_ku,
93&v3_delta_crl,
94&v3_crl_reason,
95#ifndef OPENSSL_NO_OCSP
96&v3_crl_invdate,
97#endif
98&v3_sxnet,
99&v3_info,
100#ifndef OPENSSL_NO_OCSP
101&v3_ocsp_nonce,
102&v3_ocsp_crlid,
103&v3_ocsp_accresp,
104&v3_ocsp_nocheck,
105&v3_ocsp_acutoff,
106&v3_ocsp_serviceloc,
107#endif
108&v3_sinfo,
109#ifndef OPENSSL_NO_OCSP
110&v3_crl_hold,
111#endif
112&v3_pci,
113};
114
115/* Number of standard extensions */
116
117#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
118
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
deleted file mode 100644
index 97e686f97a..0000000000
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ /dev/null
@@ -1,190 +0,0 @@
1/* v3_akey.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
67 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
68static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
70
71X509V3_EXT_METHOD v3_akey_id = {
72NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
730,0,0,0,
740,0,
75(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
76(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
770,0,
78NULL
79};
80
81static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
82 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
83{
84 char *tmp;
85 if(akeyid->keyid) {
86 tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
87 X509V3_add_value("keyid", tmp, &extlist);
88 OPENSSL_free(tmp);
89 }
90 if(akeyid->issuer)
91 extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
92 if(akeyid->serial) {
93 tmp = hex_to_string(akeyid->serial->data,
94 akeyid->serial->length);
95 X509V3_add_value("serial", tmp, &extlist);
96 OPENSSL_free(tmp);
97 }
98 return extlist;
99}
100
101/* Currently two options:
102 * keyid: use the issuers subject keyid, the value 'always' means its is
103 * an error if the issuer certificate doesn't have a key id.
104 * issuer: use the issuers cert issuer and serial number. The default is
105 * to only use this if keyid is not present. With the option 'always'
106 * this is always included.
107 */
108
109static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
110 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
111{
112char keyid=0, issuer=0;
113int i;
114CONF_VALUE *cnf;
115ASN1_OCTET_STRING *ikeyid = NULL;
116X509_NAME *isname = NULL;
117GENERAL_NAMES * gens = NULL;
118GENERAL_NAME *gen = NULL;
119ASN1_INTEGER *serial = NULL;
120X509_EXTENSION *ext;
121X509 *cert;
122AUTHORITY_KEYID *akeyid;
123for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
124 cnf = sk_CONF_VALUE_value(values, i);
125 if(!strcmp(cnf->name, "keyid")) {
126 keyid = 1;
127 if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
128 } else if(!strcmp(cnf->name, "issuer")) {
129 issuer = 1;
130 if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
131 } else {
132 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
133 ERR_add_error_data(2, "name=", cnf->name);
134 return NULL;
135 }
136}
137
138if(!ctx || !ctx->issuer_cert) {
139 if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
140 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
141 return NULL;
142}
143
144cert = ctx->issuer_cert;
145
146if(keyid) {
147 i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
148 if((i >= 0) && (ext = X509_get_ext(cert, i)))
149 ikeyid = X509V3_EXT_d2i(ext);
150 if(keyid==2 && !ikeyid) {
151 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
152 return NULL;
153 }
154}
155
156if((issuer && !ikeyid) || (issuer == 2)) {
157 isname = X509_NAME_dup(X509_get_issuer_name(cert));
158 serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
159 if(!isname || !serial) {
160 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
161 goto err;
162 }
163}
164
165if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
166
167if(isname) {
168 if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
169 || !sk_GENERAL_NAME_push(gens, gen)) {
170 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
171 goto err;
172 }
173 gen->type = GEN_DIRNAME;
174 gen->d.dirn = isname;
175}
176
177akeyid->issuer = gens;
178akeyid->serial = serial;
179akeyid->keyid = ikeyid;
180
181return akeyid;
182
183err:
184X509_NAME_free(isname);
185M_ASN1_INTEGER_free(serial);
186M_ASN1_OCTET_STRING_free(ikeyid);
187return NULL;
188
189}
190
diff --git a/src/lib/libcrypto/x509v3/v3_akeya.c b/src/lib/libcrypto/x509v3/v3_akeya.c
deleted file mode 100644
index 2aafa26ba7..0000000000
--- a/src/lib/libcrypto/x509v3/v3_akeya.c
+++ /dev/null
@@ -1,72 +0,0 @@
1/* v3_akey_asn1.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66ASN1_SEQUENCE(AUTHORITY_KEYID) = {
67 ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
68 ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
69 ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
70} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
71
72IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
deleted file mode 100644
index 58b935a3b6..0000000000
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ /dev/null
@@ -1,458 +0,0 @@
1/* v3_alt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/x509v3.h>
63
64static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
65static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
67static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
68X509V3_EXT_METHOD v3_alt[] = {
69{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
700,0,0,0,
710,0,
72(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
73(X509V3_EXT_V2I)v2i_subject_alt,
74NULL, NULL, NULL},
75
76{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
770,0,0,0,
780,0,
79(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
80(X509V3_EXT_V2I)v2i_issuer_alt,
81NULL, NULL, NULL},
82};
83
84STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
85 GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
86{
87 int i;
88 GENERAL_NAME *gen;
89 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
90 gen = sk_GENERAL_NAME_value(gens, i);
91 ret = i2v_GENERAL_NAME(method, gen, ret);
92 }
93 if(!ret) return sk_CONF_VALUE_new_null();
94 return ret;
95}
96
97STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
98 GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
99{
100 unsigned char *p;
101 char oline[256];
102 switch (gen->type)
103 {
104 case GEN_OTHERNAME:
105 X509V3_add_value("othername","<unsupported>", &ret);
106 break;
107
108 case GEN_X400:
109 X509V3_add_value("X400Name","<unsupported>", &ret);
110 break;
111
112 case GEN_EDIPARTY:
113 X509V3_add_value("EdiPartyName","<unsupported>", &ret);
114 break;
115
116 case GEN_EMAIL:
117 X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
118 break;
119
120 case GEN_DNS:
121 X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
122 break;
123
124 case GEN_URI:
125 X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
126 break;
127
128 case GEN_DIRNAME:
129 X509_NAME_oneline(gen->d.dirn, oline, 256);
130 X509V3_add_value("DirName",oline, &ret);
131 break;
132
133 case GEN_IPADD:
134 p = gen->d.ip->data;
135 /* BUG: doesn't support IPV6 */
136 if(gen->d.ip->length != 4) {
137 X509V3_add_value("IP Address","<invalid>", &ret);
138 break;
139 }
140 BIO_snprintf(oline, sizeof oline,
141 "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
142 X509V3_add_value("IP Address",oline, &ret);
143 break;
144
145 case GEN_RID:
146 i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
147 X509V3_add_value("Registered ID",oline, &ret);
148 break;
149 }
150 return ret;
151}
152
153int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
154{
155 unsigned char *p;
156 switch (gen->type)
157 {
158 case GEN_OTHERNAME:
159 BIO_printf(out, "othername:<unsupported>");
160 break;
161
162 case GEN_X400:
163 BIO_printf(out, "X400Name:<unsupported>");
164 break;
165
166 case GEN_EDIPARTY:
167 /* Maybe fix this: it is supported now */
168 BIO_printf(out, "EdiPartyName:<unsupported>");
169 break;
170
171 case GEN_EMAIL:
172 BIO_printf(out, "email:%s",gen->d.ia5->data);
173 break;
174
175 case GEN_DNS:
176 BIO_printf(out, "DNS:%s",gen->d.ia5->data);
177 break;
178
179 case GEN_URI:
180 BIO_printf(out, "URI:%s",gen->d.ia5->data);
181 break;
182
183 case GEN_DIRNAME:
184 BIO_printf(out, "DirName: ");
185 X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
186 break;
187
188 case GEN_IPADD:
189 p = gen->d.ip->data;
190 /* BUG: doesn't support IPV6 */
191 if(gen->d.ip->length != 4) {
192 BIO_printf(out,"IP Address:<invalid>");
193 break;
194 }
195 BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
196 break;
197
198 case GEN_RID:
199 BIO_printf(out, "Registered ID");
200 i2a_ASN1_OBJECT(out, gen->d.rid);
201 break;
202 }
203 return 1;
204}
205
206static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
207 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
208{
209 GENERAL_NAMES *gens = NULL;
210 CONF_VALUE *cnf;
211 int i;
212 if(!(gens = sk_GENERAL_NAME_new_null())) {
213 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
214 return NULL;
215 }
216 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
217 cnf = sk_CONF_VALUE_value(nval, i);
218 if(!name_cmp(cnf->name, "issuer") && cnf->value &&
219 !strcmp(cnf->value, "copy")) {
220 if(!copy_issuer(ctx, gens)) goto err;
221 } else {
222 GENERAL_NAME *gen;
223 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
224 goto err;
225 sk_GENERAL_NAME_push(gens, gen);
226 }
227 }
228 return gens;
229 err:
230 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
231 return NULL;
232}
233
234/* Append subject altname of issuer to issuer alt name of subject */
235
236static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
237{
238 GENERAL_NAMES *ialt;
239 GENERAL_NAME *gen;
240 X509_EXTENSION *ext;
241 int i;
242 if(ctx && (ctx->flags == CTX_TEST)) return 1;
243 if(!ctx || !ctx->issuer_cert) {
244 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
245 goto err;
246 }
247 i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
248 if(i < 0) return 1;
249 if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
250 !(ialt = X509V3_EXT_d2i(ext)) ) {
251 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
252 goto err;
253 }
254
255 for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
256 gen = sk_GENERAL_NAME_value(ialt, i);
257 if(!sk_GENERAL_NAME_push(gens, gen)) {
258 X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
259 goto err;
260 }
261 }
262 sk_GENERAL_NAME_free(ialt);
263
264 return 1;
265
266 err:
267 return 0;
268
269}
270
271static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
272 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
273{
274 GENERAL_NAMES *gens = NULL;
275 CONF_VALUE *cnf;
276 int i;
277 if(!(gens = sk_GENERAL_NAME_new_null())) {
278 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
279 return NULL;
280 }
281 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
282 cnf = sk_CONF_VALUE_value(nval, i);
283 if(!name_cmp(cnf->name, "email") && cnf->value &&
284 !strcmp(cnf->value, "copy")) {
285 if(!copy_email(ctx, gens, 0)) goto err;
286 } else if(!name_cmp(cnf->name, "email") && cnf->value &&
287 !strcmp(cnf->value, "move")) {
288 if(!copy_email(ctx, gens, 1)) goto err;
289 } else {
290 GENERAL_NAME *gen;
291 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
292 goto err;
293 sk_GENERAL_NAME_push(gens, gen);
294 }
295 }
296 return gens;
297 err:
298 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
299 return NULL;
300}
301
302/* Copy any email addresses in a certificate or request to
303 * GENERAL_NAMES
304 */
305
306static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
307{
308 X509_NAME *nm;
309 ASN1_IA5STRING *email = NULL;
310 X509_NAME_ENTRY *ne;
311 GENERAL_NAME *gen = NULL;
312 int i;
313 if(ctx->flags == CTX_TEST) return 1;
314 if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
315 X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
316 goto err;
317 }
318 /* Find the subject name */
319 if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
320 else nm = X509_REQ_get_subject_name(ctx->subject_req);
321
322 /* Now add any email address(es) to STACK */
323 i = -1;
324 while((i = X509_NAME_get_index_by_NID(nm,
325 NID_pkcs9_emailAddress, i)) >= 0) {
326 ne = X509_NAME_get_entry(nm, i);
327 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
328 if (move_p)
329 {
330 X509_NAME_delete_entry(nm, i);
331 i--;
332 }
333 if(!email || !(gen = GENERAL_NAME_new())) {
334 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
335 goto err;
336 }
337 gen->d.ia5 = email;
338 email = NULL;
339 gen->type = GEN_EMAIL;
340 if(!sk_GENERAL_NAME_push(gens, gen)) {
341 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
342 goto err;
343 }
344 gen = NULL;
345 }
346
347
348 return 1;
349
350 err:
351 GENERAL_NAME_free(gen);
352 M_ASN1_IA5STRING_free(email);
353 return 0;
354
355}
356
357GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
358 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
359{
360 GENERAL_NAME *gen;
361 GENERAL_NAMES *gens = NULL;
362 CONF_VALUE *cnf;
363 int i;
364 if(!(gens = sk_GENERAL_NAME_new_null())) {
365 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
366 return NULL;
367 }
368 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
369 cnf = sk_CONF_VALUE_value(nval, i);
370 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
371 sk_GENERAL_NAME_push(gens, gen);
372 }
373 return gens;
374 err:
375 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
376 return NULL;
377}
378
379GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
380 CONF_VALUE *cnf)
381{
382char is_string = 0;
383int type;
384GENERAL_NAME *gen = NULL;
385
386char *name, *value;
387
388name = cnf->name;
389value = cnf->value;
390
391if(!value) {
392 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
393 return NULL;
394}
395
396if(!(gen = GENERAL_NAME_new())) {
397 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
398 return NULL;
399}
400
401if(!name_cmp(name, "email")) {
402 is_string = 1;
403 type = GEN_EMAIL;
404} else if(!name_cmp(name, "URI")) {
405 is_string = 1;
406 type = GEN_URI;
407} else if(!name_cmp(name, "DNS")) {
408 is_string = 1;
409 type = GEN_DNS;
410} else if(!name_cmp(name, "RID")) {
411 ASN1_OBJECT *obj;
412 if(!(obj = OBJ_txt2obj(value,0))) {
413 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
414 ERR_add_error_data(2, "value=", value);
415 goto err;
416 }
417 gen->d.rid = obj;
418 type = GEN_RID;
419} else if(!name_cmp(name, "IP")) {
420 int i1,i2,i3,i4;
421 unsigned char ip[4];
422 if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
423 (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
424 (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
425 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
426 ERR_add_error_data(2, "value=", value);
427 goto err;
428 }
429 ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
430 if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
431 !ASN1_STRING_set(gen->d.ip, ip, 4)) {
432 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
433 goto err;
434 }
435 type = GEN_IPADD;
436} else {
437 X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
438 ERR_add_error_data(2, "name=", name);
439 goto err;
440}
441
442if(is_string) {
443 if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
444 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
445 strlen(value))) {
446 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
447 goto err;
448 }
449}
450
451gen->type = type;
452
453return gen;
454
455err:
456GENERAL_NAME_free(gen);
457return NULL;
458}
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
deleted file mode 100644
index cbb012715e..0000000000
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ /dev/null
@@ -1,124 +0,0 @@
1/* v3_bcons.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
68static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
69
70X509V3_EXT_METHOD v3_bcons = {
71NID_basic_constraints, 0,
72ASN1_ITEM_ref(BASIC_CONSTRAINTS),
730,0,0,0,
740,0,
75(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
76(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
77NULL,NULL,
78NULL
79};
80
81ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
82 ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
83 ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
84} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
85
86IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
87
88
89static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
90 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
91{
92 X509V3_add_value_bool("CA", bcons->ca, &extlist);
93 X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
94 return extlist;
95}
96
97static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
98 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
99{
100 BASIC_CONSTRAINTS *bcons=NULL;
101 CONF_VALUE *val;
102 int i;
103 if(!(bcons = BASIC_CONSTRAINTS_new())) {
104 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
105 return NULL;
106 }
107 for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
108 val = sk_CONF_VALUE_value(values, i);
109 if(!strcmp(val->name, "CA")) {
110 if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
111 } else if(!strcmp(val->name, "pathlen")) {
112 if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
113 } else {
114 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
115 X509V3_conf_err(val);
116 goto err;
117 }
118 }
119 return bcons;
120 err:
121 BASIC_CONSTRAINTS_free(bcons);
122 return NULL;
123}
124
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
deleted file mode 100644
index 274965306d..0000000000
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ /dev/null
@@ -1,147 +0,0 @@
1/* v3_bitst.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/x509v3.h>
63
64static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
65 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
67 ASN1_BIT_STRING *bits,
68 STACK_OF(CONF_VALUE) *extlist);
69
70static BIT_STRING_BITNAME ns_cert_type_table[] = {
71{0, "SSL Client", "client"},
72{1, "SSL Server", "server"},
73{2, "S/MIME", "email"},
74{3, "Object Signing", "objsign"},
75{4, "Unused", "reserved"},
76{5, "SSL CA", "sslCA"},
77{6, "S/MIME CA", "emailCA"},
78{7, "Object Signing CA", "objCA"},
79{-1, NULL, NULL}
80};
81
82static BIT_STRING_BITNAME key_usage_type_table[] = {
83{0, "Digital Signature", "digitalSignature"},
84{1, "Non Repudiation", "nonRepudiation"},
85{2, "Key Encipherment", "keyEncipherment"},
86{3, "Data Encipherment", "dataEncipherment"},
87{4, "Key Agreement", "keyAgreement"},
88{5, "Certificate Sign", "keyCertSign"},
89{6, "CRL Sign", "cRLSign"},
90{7, "Encipher Only", "encipherOnly"},
91{8, "Decipher Only", "decipherOnly"},
92{-1, NULL, NULL}
93};
94
95
96
97X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
98X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
99
100static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
101 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
102{
103 BIT_STRING_BITNAME *bnam;
104 for(bnam =method->usr_data; bnam->lname; bnam++) {
105 if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
106 X509V3_add_value(bnam->lname, NULL, &ret);
107 }
108 return ret;
109}
110
111static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
112 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
113{
114 CONF_VALUE *val;
115 ASN1_BIT_STRING *bs;
116 int i;
117 BIT_STRING_BITNAME *bnam;
118 if(!(bs = M_ASN1_BIT_STRING_new())) {
119 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
120 return NULL;
121 }
122 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
123 val = sk_CONF_VALUE_value(nval, i);
124 for(bnam = method->usr_data; bnam->lname; bnam++) {
125 if(!strcmp(bnam->sname, val->name) ||
126 !strcmp(bnam->lname, val->name) ) {
127 if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
128 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
129 ERR_R_MALLOC_FAILURE);
130 M_ASN1_BIT_STRING_free(bs);
131 return NULL;
132 }
133 break;
134 }
135 }
136 if(!bnam->lname) {
137 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
138 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
139 X509V3_conf_err(val);
140 M_ASN1_BIT_STRING_free(bs);
141 return NULL;
142 }
143 }
144 return bs;
145}
146
147
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
deleted file mode 100644
index 1284d5aaa5..0000000000
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ /dev/null
@@ -1,485 +0,0 @@
1/* v3_conf.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* extension creation utilities */
59
60
61
62#include <stdio.h>
63#include <ctype.h>
64#include "cryptlib.h"
65#include <openssl/conf.h>
66#include <openssl/x509.h>
67#include <openssl/x509v3.h>
68
69static int v3_check_critical(char **value);
70static int v3_check_generic(char **value);
71static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
73static char *conf_lhash_get_string(void *db, char *section, char *value);
74static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
75static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
76 int crit, void *ext_struc);
77/* CONF *conf: Config file */
78/* char *name: Name */
79/* char *value: Value */
80X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
81 char *value)
82 {
83 int crit;
84 int ext_type;
85 X509_EXTENSION *ret;
86 crit = v3_check_critical(&value);
87 if ((ext_type = v3_check_generic(&value)))
88 return v3_generic_extension(name, value, crit, ext_type);
89 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
90 if (!ret)
91 {
92 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
93 ERR_add_error_data(4,"name=", name, ", value=", value);
94 }
95 return ret;
96 }
97
98/* CONF *conf: Config file */
99/* char *value: Value */
100X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
101 char *value)
102 {
103 int crit;
104 int ext_type;
105 crit = v3_check_critical(&value);
106 if ((ext_type = v3_check_generic(&value)))
107 return v3_generic_extension(OBJ_nid2sn(ext_nid),
108 value, crit, ext_type);
109 return do_ext_nconf(conf, ctx, ext_nid, crit, value);
110 }
111
112/* CONF *conf: Config file */
113/* char *value: Value */
114static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
115 int crit, char *value)
116 {
117 X509V3_EXT_METHOD *method;
118 X509_EXTENSION *ext;
119 STACK_OF(CONF_VALUE) *nval;
120 void *ext_struc;
121 if (ext_nid == NID_undef)
122 {
123 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
124 return NULL;
125 }
126 if (!(method = X509V3_EXT_get_nid(ext_nid)))
127 {
128 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
129 return NULL;
130 }
131 /* Now get internal extension representation based on type */
132 if (method->v2i)
133 {
134 if(*value == '@') nval = NCONF_get_section(conf, value + 1);
135 else nval = X509V3_parse_list(value);
136 if(!nval)
137 {
138 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
139 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
140 return NULL;
141 }
142 ext_struc = method->v2i(method, ctx, nval);
143 if(*value != '@') sk_CONF_VALUE_pop_free(nval,
144 X509V3_conf_free);
145 if(!ext_struc) return NULL;
146 }
147 else if(method->s2i)
148 {
149 if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
150 }
151 else if(method->r2i)
152 {
153 if(!ctx->db)
154 {
155 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
156 return NULL;
157 }
158 if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
159 }
160 else
161 {
162 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
163 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
164 return NULL;
165 }
166
167 ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
168 if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
169 else method->ext_free(ext_struc);
170 return ext;
171
172 }
173
174static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
175 int crit, void *ext_struc)
176 {
177 unsigned char *ext_der;
178 int ext_len;
179 ASN1_OCTET_STRING *ext_oct;
180 X509_EXTENSION *ext;
181 /* Convert internal representation to DER */
182 if (method->it)
183 {
184 ext_der = NULL;
185 ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
186 if (ext_len < 0) goto merr;
187 }
188 else
189 {
190 unsigned char *p;
191 ext_len = method->i2d(ext_struc, NULL);
192 if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
193 p = ext_der;
194 method->i2d(ext_struc, &p);
195 }
196 if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
197 ext_oct->data = ext_der;
198 ext_oct->length = ext_len;
199
200 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
201 if (!ext) goto merr;
202 M_ASN1_OCTET_STRING_free(ext_oct);
203
204 return ext;
205
206 merr:
207 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
208 return NULL;
209
210 }
211
212/* Given an internal structure, nid and critical flag create an extension */
213
214X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
215 {
216 X509V3_EXT_METHOD *method;
217 if (!(method = X509V3_EXT_get_nid(ext_nid))) {
218 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
219 return NULL;
220 }
221 return do_ext_i2d(method, ext_nid, crit, ext_struc);
222}
223
224/* Check the extension string for critical flag */
225static int v3_check_critical(char **value)
226{
227 char *p = *value;
228 if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
229 p+=9;
230 while(isspace((unsigned char)*p)) p++;
231 *value = p;
232 return 1;
233}
234
235/* Check extension string for generic extension and return the type */
236static int v3_check_generic(char **value)
237{
238 char *p = *value;
239 if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
240 p+=4;
241 while (isspace((unsigned char)*p)) p++;
242 *value = p;
243 return 1;
244}
245
246/* Create a generic extension: for now just handle DER type */
247static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
248 int crit, int type)
249 {
250 unsigned char *ext_der=NULL;
251 long ext_len;
252 ASN1_OBJECT *obj=NULL;
253 ASN1_OCTET_STRING *oct=NULL;
254 X509_EXTENSION *extension=NULL;
255 if (!(obj = OBJ_txt2obj(ext, 0)))
256 {
257 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
258 ERR_add_error_data(2, "name=", ext);
259 goto err;
260 }
261
262 if (!(ext_der = string_to_hex(value, &ext_len)))
263 {
264 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
265 ERR_add_error_data(2, "value=", value);
266 goto err;
267 }
268
269 if (!(oct = M_ASN1_OCTET_STRING_new()))
270 {
271 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
272 goto err;
273 }
274
275 oct->data = ext_der;
276 oct->length = ext_len;
277 ext_der = NULL;
278
279 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
280
281 err:
282 ASN1_OBJECT_free(obj);
283 M_ASN1_OCTET_STRING_free(oct);
284 if(ext_der) OPENSSL_free(ext_der);
285 return extension;
286
287 }
288
289
290/* This is the main function: add a bunch of extensions based on a config file
291 * section to an extension STACK.
292 */
293
294
295int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
296 STACK_OF(X509_EXTENSION) **sk)
297 {
298 X509_EXTENSION *ext;
299 STACK_OF(CONF_VALUE) *nval;
300 CONF_VALUE *val;
301 int i;
302 if (!(nval = NCONF_get_section(conf, section))) return 0;
303 for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
304 {
305 val = sk_CONF_VALUE_value(nval, i);
306 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
307 return 0;
308 if (sk) X509v3_add_ext(sk, ext, -1);
309 X509_EXTENSION_free(ext);
310 }
311 return 1;
312 }
313
314/* Convenience functions to add extensions to a certificate, CRL and request */
315
316int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
317 X509 *cert)
318 {
319 STACK_OF(X509_EXTENSION) **sk = NULL;
320 if (cert)
321 sk = &cert->cert_info->extensions;
322 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
323 }
324
325/* Same as above but for a CRL */
326
327int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
328 X509_CRL *crl)
329 {
330 STACK_OF(X509_EXTENSION) **sk = NULL;
331 if (crl)
332 sk = &crl->crl->extensions;
333 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
334 }
335
336/* Add extensions to certificate request */
337
338int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
339 X509_REQ *req)
340 {
341 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
342 int i;
343 if (req)
344 sk = &extlist;
345 i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
346 if (!i || !sk)
347 return i;
348 i = X509_REQ_add_extensions(req, extlist);
349 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
350 return i;
351 }
352
353/* Config database functions */
354
355char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
356 {
357 if (ctx->db_meth->get_string)
358 return ctx->db_meth->get_string(ctx->db, name, section);
359 return NULL;
360 }
361
362STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
363 {
364 if (ctx->db_meth->get_section)
365 return ctx->db_meth->get_section(ctx->db, section);
366 return NULL;
367 }
368
369void X509V3_string_free(X509V3_CTX *ctx, char *str)
370 {
371 if (!str) return;
372 if (ctx->db_meth->free_string)
373 ctx->db_meth->free_string(ctx->db, str);
374 }
375
376void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
377 {
378 if (!section) return;
379 if (ctx->db_meth->free_section)
380 ctx->db_meth->free_section(ctx->db, section);
381 }
382
383static char *nconf_get_string(void *db, char *section, char *value)
384 {
385 return NCONF_get_string(db, section, value);
386 }
387
388static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
389 {
390 return NCONF_get_section(db, section);
391 }
392
393static X509V3_CONF_METHOD nconf_method = {
394nconf_get_string,
395nconf_get_section,
396NULL,
397NULL
398};
399
400void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
401 {
402 ctx->db_meth = &nconf_method;
403 ctx->db = conf;
404 }
405
406void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
407 X509_CRL *crl, int flags)
408 {
409 ctx->issuer_cert = issuer;
410 ctx->subject_cert = subj;
411 ctx->crl = crl;
412 ctx->subject_req = req;
413 ctx->flags = flags;
414 }
415
416/* Old conf compatibility functions */
417
418X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
419 char *value)
420 {
421 CONF ctmp;
422 CONF_set_nconf(&ctmp, conf);
423 return X509V3_EXT_nconf(&ctmp, ctx, name, value);
424 }
425
426/* LHASH *conf: Config file */
427/* char *value: Value */
428X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
429 char *value)
430 {
431 CONF ctmp;
432 CONF_set_nconf(&ctmp, conf);
433 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
434 }
435
436static char *conf_lhash_get_string(void *db, char *section, char *value)
437 {
438 return CONF_get_string(db, section, value);
439 }
440
441static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
442 {
443 return CONF_get_section(db, section);
444 }
445
446static X509V3_CONF_METHOD conf_lhash_method = {
447conf_lhash_get_string,
448conf_lhash_get_section,
449NULL,
450NULL
451};
452
453void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
454 {
455 ctx->db_meth = &conf_lhash_method;
456 ctx->db = lhash;
457 }
458
459int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
460 X509 *cert)
461 {
462 CONF ctmp;
463 CONF_set_nconf(&ctmp, conf);
464 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
465 }
466
467/* Same as above but for a CRL */
468
469int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
470 X509_CRL *crl)
471 {
472 CONF ctmp;
473 CONF_set_nconf(&ctmp, conf);
474 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
475 }
476
477/* Add extensions to certificate request */
478
479int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
480 X509_REQ *req)
481 {
482 CONF ctmp;
483 CONF_set_nconf(&ctmp, conf);
484 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
485 }
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
deleted file mode 100644
index 867525f336..0000000000
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ /dev/null
@@ -1,431 +0,0 @@
1/* v3_cpols.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66/* Certificate policies extension support: this one is a bit complex... */
67
68static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
69static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
70static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
71static void print_notice(BIO *out, USERNOTICE *notice, int indent);
72static POLICYINFO *policy_section(X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
74static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
75 STACK_OF(CONF_VALUE) *unot, int ia5org);
76static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
77
78X509V3_EXT_METHOD v3_cpols = {
79NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
800,0,0,0,
810,0,
820,0,
83(X509V3_EXT_I2R)i2r_certpol,
84(X509V3_EXT_R2I)r2i_certpol,
85NULL
86};
87
88ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
89 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
90ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
91
92IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
93
94ASN1_SEQUENCE(POLICYINFO) = {
95 ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
96 ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
97} ASN1_SEQUENCE_END(POLICYINFO)
98
99IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
100
101ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
102
103ASN1_ADB(POLICYQUALINFO) = {
104 ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
105 ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
106} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
107
108ASN1_SEQUENCE(POLICYQUALINFO) = {
109 ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
110 ASN1_ADB_OBJECT(POLICYQUALINFO)
111} ASN1_SEQUENCE_END(POLICYQUALINFO)
112
113IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
114
115ASN1_SEQUENCE(USERNOTICE) = {
116 ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
117 ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
118} ASN1_SEQUENCE_END(USERNOTICE)
119
120IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
121
122ASN1_SEQUENCE(NOTICEREF) = {
123 ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
124 ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
125} ASN1_SEQUENCE_END(NOTICEREF)
126
127IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
128
129static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
130 X509V3_CTX *ctx, char *value)
131{
132 STACK_OF(POLICYINFO) *pols = NULL;
133 char *pstr;
134 POLICYINFO *pol;
135 ASN1_OBJECT *pobj;
136 STACK_OF(CONF_VALUE) *vals;
137 CONF_VALUE *cnf;
138 int i, ia5org;
139 pols = sk_POLICYINFO_new_null();
140 if (pols == NULL) {
141 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
142 return NULL;
143 }
144 vals = X509V3_parse_list(value);
145 if (vals == NULL) {
146 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
147 goto err;
148 }
149 ia5org = 0;
150 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
151 cnf = sk_CONF_VALUE_value(vals, i);
152 if(cnf->value || !cnf->name ) {
153 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
154 X509V3_conf_err(cnf);
155 goto err;
156 }
157 pstr = cnf->name;
158 if(!strcmp(pstr,"ia5org")) {
159 ia5org = 1;
160 continue;
161 } else if(*pstr == '@') {
162 STACK_OF(CONF_VALUE) *polsect;
163 polsect = X509V3_get_section(ctx, pstr + 1);
164 if(!polsect) {
165 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
166
167 X509V3_conf_err(cnf);
168 goto err;
169 }
170 pol = policy_section(ctx, polsect, ia5org);
171 X509V3_section_free(ctx, polsect);
172 if(!pol) goto err;
173 } else {
174 if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
175 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
176 X509V3_conf_err(cnf);
177 goto err;
178 }
179 pol = POLICYINFO_new();
180 pol->policyid = pobj;
181 }
182 sk_POLICYINFO_push(pols, pol);
183 }
184 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
185 return pols;
186 err:
187 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
188 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
189 return NULL;
190}
191
192static POLICYINFO *policy_section(X509V3_CTX *ctx,
193 STACK_OF(CONF_VALUE) *polstrs, int ia5org)
194{
195 int i;
196 CONF_VALUE *cnf;
197 POLICYINFO *pol;
198 POLICYQUALINFO *qual;
199 if(!(pol = POLICYINFO_new())) goto merr;
200 for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
201 cnf = sk_CONF_VALUE_value(polstrs, i);
202 if(!strcmp(cnf->name, "policyIdentifier")) {
203 ASN1_OBJECT *pobj;
204 if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
205 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
206 X509V3_conf_err(cnf);
207 goto err;
208 }
209 pol->policyid = pobj;
210
211 } else if(!name_cmp(cnf->name, "CPS")) {
212 if(!pol->qualifiers) pol->qualifiers =
213 sk_POLICYQUALINFO_new_null();
214 if(!(qual = POLICYQUALINFO_new())) goto merr;
215 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
216 goto merr;
217 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
218 qual->d.cpsuri = M_ASN1_IA5STRING_new();
219 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
220 strlen(cnf->value))) goto merr;
221 } else if(!name_cmp(cnf->name, "userNotice")) {
222 STACK_OF(CONF_VALUE) *unot;
223 if(*cnf->value != '@') {
224 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
225 X509V3_conf_err(cnf);
226 goto err;
227 }
228 unot = X509V3_get_section(ctx, cnf->value + 1);
229 if(!unot) {
230 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
231
232 X509V3_conf_err(cnf);
233 goto err;
234 }
235 qual = notice_section(ctx, unot, ia5org);
236 X509V3_section_free(ctx, unot);
237 if(!qual) goto err;
238 if(!pol->qualifiers) pol->qualifiers =
239 sk_POLICYQUALINFO_new_null();
240 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
241 goto merr;
242 } else {
243 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
244
245 X509V3_conf_err(cnf);
246 goto err;
247 }
248 }
249 if(!pol->policyid) {
250 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
251 goto err;
252 }
253
254 return pol;
255
256 merr:
257 X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
258
259 err:
260 POLICYINFO_free(pol);
261 return NULL;
262
263
264}
265
266static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
267 STACK_OF(CONF_VALUE) *unot, int ia5org)
268{
269 int i, ret;
270 CONF_VALUE *cnf;
271 USERNOTICE *not;
272 POLICYQUALINFO *qual;
273 if(!(qual = POLICYQUALINFO_new())) goto merr;
274 qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
275 if(!(not = USERNOTICE_new())) goto merr;
276 qual->d.usernotice = not;
277 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
278 cnf = sk_CONF_VALUE_value(unot, i);
279 if(!strcmp(cnf->name, "explicitText")) {
280 not->exptext = M_ASN1_VISIBLESTRING_new();
281 if(!ASN1_STRING_set(not->exptext, cnf->value,
282 strlen(cnf->value))) goto merr;
283 } else if(!strcmp(cnf->name, "organization")) {
284 NOTICEREF *nref;
285 if(!not->noticeref) {
286 if(!(nref = NOTICEREF_new())) goto merr;
287 not->noticeref = nref;
288 } else nref = not->noticeref;
289 if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
290 else nref->organization->type = V_ASN1_VISIBLESTRING;
291 if(!ASN1_STRING_set(nref->organization, cnf->value,
292 strlen(cnf->value))) goto merr;
293 } else if(!strcmp(cnf->name, "noticeNumbers")) {
294 NOTICEREF *nref;
295 STACK_OF(CONF_VALUE) *nos;
296 if(!not->noticeref) {
297 if(!(nref = NOTICEREF_new())) goto merr;
298 not->noticeref = nref;
299 } else nref = not->noticeref;
300 nos = X509V3_parse_list(cnf->value);
301 if(!nos || !sk_CONF_VALUE_num(nos)) {
302 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
303 X509V3_conf_err(cnf);
304 goto err;
305 }
306 ret = nref_nos(nref->noticenos, nos);
307 sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
308 if (!ret)
309 goto err;
310 } else {
311 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
312 X509V3_conf_err(cnf);
313 goto err;
314 }
315 }
316
317 if(not->noticeref &&
318 (!not->noticeref->noticenos || !not->noticeref->organization)) {
319 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
320 goto err;
321 }
322
323 return qual;
324
325 merr:
326 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
327
328 err:
329 POLICYQUALINFO_free(qual);
330 return NULL;
331}
332
333static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
334{
335 CONF_VALUE *cnf;
336 ASN1_INTEGER *aint;
337
338 int i;
339
340 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
341 cnf = sk_CONF_VALUE_value(nos, i);
342 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
343 X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
344 goto err;
345 }
346 if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
347 }
348 return 1;
349
350 merr:
351 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
352
353 err:
354 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
355 return 0;
356}
357
358
359static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
360 BIO *out, int indent)
361{
362 int i;
363 POLICYINFO *pinfo;
364 /* First print out the policy OIDs */
365 for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
366 pinfo = sk_POLICYINFO_value(pol, i);
367 BIO_printf(out, "%*sPolicy: ", indent, "");
368 i2a_ASN1_OBJECT(out, pinfo->policyid);
369 BIO_puts(out, "\n");
370 if(pinfo->qualifiers)
371 print_qualifiers(out, pinfo->qualifiers, indent + 2);
372 }
373 return 1;
374}
375
376static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
377 int indent)
378{
379 POLICYQUALINFO *qualinfo;
380 int i;
381 for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
382 qualinfo = sk_POLICYQUALINFO_value(quals, i);
383 switch(OBJ_obj2nid(qualinfo->pqualid))
384 {
385 case NID_id_qt_cps:
386 BIO_printf(out, "%*sCPS: %s\n", indent, "",
387 qualinfo->d.cpsuri->data);
388 break;
389
390 case NID_id_qt_unotice:
391 BIO_printf(out, "%*sUser Notice:\n", indent, "");
392 print_notice(out, qualinfo->d.usernotice, indent + 2);
393 break;
394
395 default:
396 BIO_printf(out, "%*sUnknown Qualifier: ",
397 indent + 2, "");
398
399 i2a_ASN1_OBJECT(out, qualinfo->pqualid);
400 BIO_puts(out, "\n");
401 break;
402 }
403 }
404}
405
406static void print_notice(BIO *out, USERNOTICE *notice, int indent)
407{
408 int i;
409 if(notice->noticeref) {
410 NOTICEREF *ref;
411 ref = notice->noticeref;
412 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
413 ref->organization->data);
414 BIO_printf(out, "%*sNumber%s: ", indent, "",
415 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
416 for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
417 ASN1_INTEGER *num;
418 char *tmp;
419 num = sk_ASN1_INTEGER_value(ref->noticenos, i);
420 if(i) BIO_puts(out, ", ");
421 tmp = i2s_ASN1_INTEGER(NULL, num);
422 BIO_puts(out, tmp);
423 OPENSSL_free(tmp);
424 }
425 BIO_puts(out, "\n");
426 }
427 if(notice->exptext)
428 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
429 notice->exptext->data);
430}
431
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
deleted file mode 100644
index f90829c574..0000000000
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ /dev/null
@@ -1,162 +0,0 @@
1/* v3_crld.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
67 STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
68static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
70
71X509V3_EXT_METHOD v3_crld = {
72NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
730,0,0,0,
740,0,
75(X509V3_EXT_I2V)i2v_crld,
76(X509V3_EXT_V2I)v2i_crld,
770,0,
78NULL
79};
80
81static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
82 STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
83{
84 DIST_POINT *point;
85 int i;
86 for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
87 point = sk_DIST_POINT_value(crld, i);
88 if(point->distpoint) {
89 if(point->distpoint->type == 0)
90 exts = i2v_GENERAL_NAMES(NULL,
91 point->distpoint->name.fullname, exts);
92 else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
93 }
94 if(point->reasons)
95 X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
96 if(point->CRLissuer)
97 X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
98 }
99 return exts;
100}
101
102static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
103 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
104{
105 STACK_OF(DIST_POINT) *crld = NULL;
106 GENERAL_NAMES *gens = NULL;
107 GENERAL_NAME *gen = NULL;
108 CONF_VALUE *cnf;
109 int i;
110 if(!(crld = sk_DIST_POINT_new_null())) goto merr;
111 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
112 DIST_POINT *point;
113 cnf = sk_CONF_VALUE_value(nval, i);
114 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
115 if(!(gens = GENERAL_NAMES_new())) goto merr;
116 if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
117 gen = NULL;
118 if(!(point = DIST_POINT_new())) goto merr;
119 if(!sk_DIST_POINT_push(crld, point)) {
120 DIST_POINT_free(point);
121 goto merr;
122 }
123 if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
124 point->distpoint->name.fullname = gens;
125 point->distpoint->type = 0;
126 gens = NULL;
127 }
128 return crld;
129
130 merr:
131 X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
132 err:
133 GENERAL_NAME_free(gen);
134 GENERAL_NAMES_free(gens);
135 sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
136 return NULL;
137}
138
139IMPLEMENT_STACK_OF(DIST_POINT)
140IMPLEMENT_ASN1_SET_OF(DIST_POINT)
141
142
143ASN1_CHOICE(DIST_POINT_NAME) = {
144 ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
145 ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
146} ASN1_CHOICE_END(DIST_POINT_NAME)
147
148IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
149
150ASN1_SEQUENCE(DIST_POINT) = {
151 ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
152 ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
153 ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
154} ASN1_SEQUENCE_END(DIST_POINT)
155
156IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
157
158ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
159 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
160ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
161
162IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
deleted file mode 100644
index 010c9d6260..0000000000
--- a/src/lib/libcrypto/x509v3/v3_enum.c
+++ /dev/null
@@ -1,94 +0,0 @@
1/* v3_enum.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63static ENUMERATED_NAMES crl_reasons[] = {
64{0, "Unspecified", "unspecified"},
65{1, "Key Compromise", "keyCompromise"},
66{2, "CA Compromise", "CACompromise"},
67{3, "Affiliation Changed", "affiliationChanged"},
68{4, "Superseded", "superseded"},
69{5, "Cessation Of Operation", "cessationOfOperation"},
70{6, "Certificate Hold", "certificateHold"},
71{8, "Remove From CRL", "removeFromCRL"},
72{-1, NULL, NULL}
73};
74
75X509V3_EXT_METHOD v3_crl_reason = {
76NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
770,0,0,0,
78(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
790,
800,0,0,0,
81crl_reasons};
82
83
84char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
85 ASN1_ENUMERATED *e)
86{
87 ENUMERATED_NAMES *enam;
88 long strval;
89 strval = ASN1_ENUMERATED_get(e);
90 for(enam = method->usr_data; enam->lname; enam++) {
91 if(strval == enam->bitnum) return BUF_strdup(enam->lname);
92 }
93 return i2s_ASN1_ENUMERATED(method, e);
94}
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
deleted file mode 100644
index b1cfaba1aa..0000000000
--- a/src/lib/libcrypto/x509v3/v3_extku.c
+++ /dev/null
@@ -1,142 +0,0 @@
1/* v3_extku.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1t.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
69 void *eku, STACK_OF(CONF_VALUE) *extlist);
70
71X509V3_EXT_METHOD v3_ext_ku = {
72 NID_ext_key_usage, 0,
73 ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
74 0,0,0,0,
75 0,0,
76 i2v_EXTENDED_KEY_USAGE,
77 v2i_EXTENDED_KEY_USAGE,
78 0,0,
79 NULL
80};
81
82/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
83X509V3_EXT_METHOD v3_ocsp_accresp = {
84 NID_id_pkix_OCSP_acceptableResponses, 0,
85 ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
86 0,0,0,0,
87 0,0,
88 i2v_EXTENDED_KEY_USAGE,
89 v2i_EXTENDED_KEY_USAGE,
90 0,0,
91 NULL
92};
93
94ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
95 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
96ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
97
98IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
99
100static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
101 void *a, STACK_OF(CONF_VALUE) *ext_list)
102{
103 EXTENDED_KEY_USAGE *eku = a;
104 int i;
105 ASN1_OBJECT *obj;
106 char obj_tmp[80];
107 for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
108 obj = sk_ASN1_OBJECT_value(eku, i);
109 i2t_ASN1_OBJECT(obj_tmp, 80, obj);
110 X509V3_add_value(NULL, obj_tmp, &ext_list);
111 }
112 return ext_list;
113}
114
115static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
116 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
117{
118 EXTENDED_KEY_USAGE *extku;
119 char *extval;
120 ASN1_OBJECT *objtmp;
121 CONF_VALUE *val;
122 int i;
123
124 if(!(extku = sk_ASN1_OBJECT_new_null())) {
125 X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
126 return NULL;
127 }
128
129 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
130 val = sk_CONF_VALUE_value(nval, i);
131 if(val->value) extval = val->value;
132 else extval = val->name;
133 if(!(objtmp = OBJ_txt2obj(extval, 0))) {
134 sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
135 X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
136 X509V3_conf_err(val);
137 return NULL;
138 }
139 sk_ASN1_OBJECT_push(extku, objtmp);
140 }
141 return extku;
142}
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
deleted file mode 100644
index 650b510980..0000000000
--- a/src/lib/libcrypto/x509v3/v3_genn.c
+++ /dev/null
@@ -1,101 +0,0 @@
1/* v3_genn.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1t.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66ASN1_SEQUENCE(OTHERNAME) = {
67 ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
68 /* Maybe have a true ANY DEFINED BY later */
69 ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
70} ASN1_SEQUENCE_END(OTHERNAME)
71
72IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
73
74ASN1_SEQUENCE(EDIPARTYNAME) = {
75 ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
76 ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
77} ASN1_SEQUENCE_END(EDIPARTYNAME)
78
79IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
80
81ASN1_CHOICE(GENERAL_NAME) = {
82 ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
83 ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
84 ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
85 /* Don't decode this */
86 ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
87 /* X509_NAME is a CHOICE type so use EXPLICIT */
88 ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
89 ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
90 ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
91 ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
92 ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
93} ASN1_CHOICE_END(GENERAL_NAME)
94
95IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
96
97ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
98 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
99ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
100
101IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
deleted file mode 100644
index 9683afa47c..0000000000
--- a/src/lib/libcrypto/x509v3/v3_ia5.c
+++ /dev/null
@@ -1,116 +0,0 @@
1/* v3_ia5.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
67static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
68X509V3_EXT_METHOD v3_ns_ia5_list[] = {
69EXT_IA5STRING(NID_netscape_base_url),
70EXT_IA5STRING(NID_netscape_revocation_url),
71EXT_IA5STRING(NID_netscape_ca_revocation_url),
72EXT_IA5STRING(NID_netscape_renewal_url),
73EXT_IA5STRING(NID_netscape_ca_policy_url),
74EXT_IA5STRING(NID_netscape_ssl_server_name),
75EXT_IA5STRING(NID_netscape_comment),
76EXT_END
77};
78
79
80static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
81 ASN1_IA5STRING *ia5)
82{
83 char *tmp;
84 if(!ia5 || !ia5->length) return NULL;
85 if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {
86 X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 memcpy(tmp, ia5->data, ia5->length);
90 tmp[ia5->length] = 0;
91 return tmp;
92}
93
94static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
95 X509V3_CTX *ctx, char *str)
96{
97 ASN1_IA5STRING *ia5;
98 if(!str) {
99 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
100 return NULL;
101 }
102 if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
103 if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
104 strlen(str))) {
105 M_ASN1_IA5STRING_free(ia5);
106 goto err;
107 }
108#ifdef CHARSET_EBCDIC
109 ebcdic2ascii(ia5->data, ia5->data, ia5->length);
110#endif /*CHARSET_EBCDIC*/
111 return ia5;
112 err:
113 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
114 return NULL;
115}
116
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
deleted file mode 100644
index 53e3f48859..0000000000
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ /dev/null
@@ -1,194 +0,0 @@
1/* v3_info.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
67 AUTHORITY_INFO_ACCESS *ainfo,
68 STACK_OF(CONF_VALUE) *ret);
69static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
71
72X509V3_EXT_METHOD v3_info =
73{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
740,0,0,0,
750,0,
76(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
77(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
780,0,
79NULL};
80
81X509V3_EXT_METHOD v3_sinfo =
82{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
830,0,0,0,
840,0,
85(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
86(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
870,0,
88NULL};
89
90ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
91 ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
92 ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
93} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
94
95IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
96
97ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =
98 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
99ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
100
101IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
102
103static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
104 AUTHORITY_INFO_ACCESS *ainfo,
105 STACK_OF(CONF_VALUE) *ret)
106{
107 ACCESS_DESCRIPTION *desc;
108 int i,nlen;
109 char objtmp[80], *ntmp;
110 CONF_VALUE *vtmp;
111 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
112 desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
113 ret = i2v_GENERAL_NAME(method, desc->location, ret);
114 if(!ret) break;
115 vtmp = sk_CONF_VALUE_value(ret, i);
116 i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
117 nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
118 ntmp = OPENSSL_malloc(nlen);
119 if(!ntmp) {
120 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
121 ERR_R_MALLOC_FAILURE);
122 return NULL;
123 }
124 BUF_strlcpy(ntmp, objtmp, nlen);
125 BUF_strlcat(ntmp, " - ", nlen);
126 BUF_strlcat(ntmp, vtmp->name, nlen);
127 OPENSSL_free(vtmp->name);
128 vtmp->name = ntmp;
129
130 }
131 if(!ret) return sk_CONF_VALUE_new_null();
132 return ret;
133}
134
135static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
136 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
137{
138 AUTHORITY_INFO_ACCESS *ainfo = NULL;
139 CONF_VALUE *cnf, ctmp;
140 ACCESS_DESCRIPTION *acc;
141 int i, objlen;
142 char *objtmp, *ptmp;
143 if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
144 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
145 return NULL;
146 }
147 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
148 cnf = sk_CONF_VALUE_value(nval, i);
149 if(!(acc = ACCESS_DESCRIPTION_new())
150 || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
151 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
152 goto err;
153 }
154 ptmp = strchr(cnf->name, ';');
155 if(!ptmp) {
156 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
157 goto err;
158 }
159 objlen = ptmp - cnf->name;
160 ctmp.name = ptmp + 1;
161 ctmp.value = cnf->value;
162 GENERAL_NAME_free(acc->location);
163 if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
164 goto err;
165 if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
166 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
167 goto err;
168 }
169 strncpy(objtmp, cnf->name, objlen);
170 objtmp[objlen] = 0;
171 acc->method = OBJ_txt2obj(objtmp, 0);
172 if(!acc->method) {
173 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
174 ERR_add_error_data(2, "value=", objtmp);
175 OPENSSL_free(objtmp);
176 goto err;
177 }
178 OPENSSL_free(objtmp);
179
180 }
181 return ainfo;
182 err:
183 sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
184 return NULL;
185}
186
187int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
188 {
189 i2a_ASN1_OBJECT(bp, a->method);
190#ifdef UNDEF
191 i2a_GENERAL_NAME(bp, a->location);
192#endif
193 return 2;
194 }
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
deleted file mode 100644
index 7a43b4717b..0000000000
--- a/src/lib/libcrypto/x509v3/v3_int.c
+++ /dev/null
@@ -1,76 +0,0 @@
1/* v3_int.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63X509V3_EXT_METHOD v3_crl_num = {
64 NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
65 0,0,0,0,
66 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
67 0,
68 0,0,0,0, NULL};
69
70X509V3_EXT_METHOD v3_delta_crl = {
71 NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
72 0,0,0,0,
73 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
74 0,
75 0,0,0,0, NULL};
76
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
deleted file mode 100644
index ca5a4a4a57..0000000000
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ /dev/null
@@ -1,302 +0,0 @@
1/* v3_lib.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/x509v3.h>
64
65#include "ext_dat.h"
66
67static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
68
69static int ext_cmp(const X509V3_EXT_METHOD * const *a,
70 const X509V3_EXT_METHOD * const *b);
71static void ext_list_free(X509V3_EXT_METHOD *ext);
72
73int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
74{
75 if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
76 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
77 return 0;
78 }
79 if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
80 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
81 return 0;
82 }
83 return 1;
84}
85
86static int ext_cmp(const X509V3_EXT_METHOD * const *a,
87 const X509V3_EXT_METHOD * const *b)
88{
89 return ((*a)->ext_nid - (*b)->ext_nid);
90}
91
92X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
93{
94 X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
95 int idx;
96 if(nid < 0) return NULL;
97 tmp.ext_nid = nid;
98 ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
99 (char *)standard_exts, STANDARD_EXTENSION_COUNT,
100 sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
101 if(ret) return *ret;
102 if(!ext_list) return NULL;
103 idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
104 if(idx == -1) return NULL;
105 return sk_X509V3_EXT_METHOD_value(ext_list, idx);
106}
107
108X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
109{
110 int nid;
111 if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
112 return X509V3_EXT_get_nid(nid);
113}
114
115
116int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
117{
118 for(;extlist->ext_nid!=-1;extlist++)
119 if(!X509V3_EXT_add(extlist)) return 0;
120 return 1;
121}
122
123int X509V3_EXT_add_alias(int nid_to, int nid_from)
124{
125 X509V3_EXT_METHOD *ext, *tmpext;
126 if(!(ext = X509V3_EXT_get_nid(nid_from))) {
127 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
128 return 0;
129 }
130 if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
131 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
132 return 0;
133 }
134 *tmpext = *ext;
135 tmpext->ext_nid = nid_to;
136 tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
137 return X509V3_EXT_add(tmpext);
138}
139
140void X509V3_EXT_cleanup(void)
141{
142 sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
143 ext_list = NULL;
144}
145
146static void ext_list_free(X509V3_EXT_METHOD *ext)
147{
148 if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
149}
150
151/* Legacy function: we don't need to add standard extensions
152 * any more because they are now kept in ext_dat.h.
153 */
154
155int X509V3_add_standard_extensions(void)
156{
157 return 1;
158}
159
160/* Return an extension internal structure */
161
162void *X509V3_EXT_d2i(X509_EXTENSION *ext)
163{
164 X509V3_EXT_METHOD *method;
165 unsigned char *p;
166 if(!(method = X509V3_EXT_get(ext))) return NULL;
167 p = ext->value->data;
168 if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
169 return method->d2i(NULL, &p, ext->value->length);
170}
171
172/* Get critical flag and decoded version of extension from a NID.
173 * The "idx" variable returns the last found extension and can
174 * be used to retrieve multiple extensions of the same NID.
175 * However multiple extensions with the same NID is usually
176 * due to a badly encoded certificate so if idx is NULL we
177 * choke if multiple extensions exist.
178 * The "crit" variable is set to the critical value.
179 * The return value is the decoded extension or NULL on
180 * error. The actual error can have several different causes,
181 * the value of *crit reflects the cause:
182 * >= 0, extension found but not decoded (reflects critical value).
183 * -1 extension not found.
184 * -2 extension occurs more than once.
185 */
186
187void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
188{
189 int lastpos, i;
190 X509_EXTENSION *ex, *found_ex = NULL;
191 if(!x) {
192 if(idx) *idx = -1;
193 if(crit) *crit = -1;
194 return NULL;
195 }
196 if(idx) lastpos = *idx + 1;
197 else lastpos = 0;
198 if(lastpos < 0) lastpos = 0;
199 for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
200 {
201 ex = sk_X509_EXTENSION_value(x, i);
202 if(OBJ_obj2nid(ex->object) == nid) {
203 if(idx) {
204 *idx = i;
205 found_ex = ex;
206 break;
207 } else if(found_ex) {
208 /* Found more than one */
209 if(crit) *crit = -2;
210 return NULL;
211 }
212 found_ex = ex;
213 }
214 }
215 if(found_ex) {
216 /* Found it */
217 if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
218 return X509V3_EXT_d2i(found_ex);
219 }
220
221 /* Extension not found */
222 if(idx) *idx = -1;
223 if(crit) *crit = -1;
224 return NULL;
225}
226
227/* This function is a general extension append, replace and delete utility.
228 * The precise operation is governed by the 'flags' value. The 'crit' and
229 * 'value' arguments (if relevant) are the extensions internal structure.
230 */
231
232int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
233 int crit, unsigned long flags)
234{
235 int extidx = -1;
236 int errcode;
237 X509_EXTENSION *ext, *extmp;
238 unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
239
240 /* If appending we don't care if it exists, otherwise
241 * look for existing extension.
242 */
243 if(ext_op != X509V3_ADD_APPEND)
244 extidx = X509v3_get_ext_by_NID(*x, nid, -1);
245
246 /* See if extension exists */
247 if(extidx >= 0) {
248 /* If keep existing, nothing to do */
249 if(ext_op == X509V3_ADD_KEEP_EXISTING)
250 return 1;
251 /* If default then its an error */
252 if(ext_op == X509V3_ADD_DEFAULT) {
253 errcode = X509V3_R_EXTENSION_EXISTS;
254 goto err;
255 }
256 /* If delete, just delete it */
257 if(ext_op == X509V3_ADD_DELETE) {
258 if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
259 return 1;
260 }
261 } else {
262 /* If replace existing or delete, error since
263 * extension must exist
264 */
265 if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
266 (ext_op == X509V3_ADD_DELETE)) {
267 errcode = X509V3_R_EXTENSION_NOT_FOUND;
268 goto err;
269 }
270 }
271
272 /* If we get this far then we have to create an extension:
273 * could have some flags for alternative encoding schemes...
274 */
275
276 ext = X509V3_EXT_i2d(nid, crit, value);
277
278 if(!ext) {
279 X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
280 return 0;
281 }
282
283 /* If extension exists replace it.. */
284 if(extidx >= 0) {
285 extmp = sk_X509_EXTENSION_value(*x, extidx);
286 X509_EXTENSION_free(extmp);
287 if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
288 return 1;
289 }
290
291 if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
292 if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
293
294 return 1;
295
296 err:
297 if(!(flags & X509V3_ADD_SILENT))
298 X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
299 return 0;
300}
301
302IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
deleted file mode 100644
index 21badc13f9..0000000000
--- a/src/lib/libcrypto/x509v3/v3_ocsp.c
+++ /dev/null
@@ -1,275 +0,0 @@
1/* v3_ocsp.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef OPENSSL_NO_OCSP
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/conf.h>
64#include <openssl/asn1.h>
65#include <openssl/ocsp.h>
66#include <openssl/x509v3.h>
67
68/* OCSP extensions and a couple of CRL entry extensions
69 */
70
71static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
72static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
73static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
74
75static void *ocsp_nonce_new(void);
76static int i2d_ocsp_nonce(void *a, unsigned char **pp);
77static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
78static void ocsp_nonce_free(void *a);
79static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
80
81static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
82static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
83static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
84
85X509V3_EXT_METHOD v3_ocsp_crlid = {
86 NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
87 0,0,0,0,
88 0,0,
89 0,0,
90 i2r_ocsp_crlid,0,
91 NULL
92};
93
94X509V3_EXT_METHOD v3_ocsp_acutoff = {
95 NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
96 0,0,0,0,
97 0,0,
98 0,0,
99 i2r_ocsp_acutoff,0,
100 NULL
101};
102
103X509V3_EXT_METHOD v3_crl_invdate = {
104 NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
105 0,0,0,0,
106 0,0,
107 0,0,
108 i2r_ocsp_acutoff,0,
109 NULL
110};
111
112X509V3_EXT_METHOD v3_crl_hold = {
113 NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
114 0,0,0,0,
115 0,0,
116 0,0,
117 i2r_object,0,
118 NULL
119};
120
121X509V3_EXT_METHOD v3_ocsp_nonce = {
122 NID_id_pkix_OCSP_Nonce, 0, NULL,
123 ocsp_nonce_new,
124 ocsp_nonce_free,
125 d2i_ocsp_nonce,
126 i2d_ocsp_nonce,
127 0,0,
128 0,0,
129 i2r_ocsp_nonce,0,
130 NULL
131};
132
133X509V3_EXT_METHOD v3_ocsp_nocheck = {
134 NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
135 0,0,0,0,
136 0,s2i_ocsp_nocheck,
137 0,0,
138 i2r_ocsp_nocheck,0,
139 NULL
140};
141
142X509V3_EXT_METHOD v3_ocsp_serviceloc = {
143 NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
144 0,0,0,0,
145 0,0,
146 0,0,
147 i2r_ocsp_serviceloc,0,
148 NULL
149};
150
151static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
152{
153 OCSP_CRLID *a = in;
154 if (a->crlUrl)
155 {
156 if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
157 if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
158 if (!BIO_write(bp, "\n", 1)) goto err;
159 }
160 if (a->crlNum)
161 {
162 if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
163 if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
164 if (!BIO_write(bp, "\n", 1)) goto err;
165 }
166 if (a->crlTime)
167 {
168 if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
169 if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
170 if (!BIO_write(bp, "\n", 1)) goto err;
171 }
172 return 1;
173 err:
174 return 0;
175}
176
177static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
178{
179 if (!BIO_printf(bp, "%*s", ind, "")) return 0;
180 if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
181 return 1;
182}
183
184
185static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
186{
187 if (!BIO_printf(bp, "%*s", ind, "")) return 0;
188 if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
189 return 1;
190}
191
192/* OCSP nonce. This is needs special treatment because it doesn't have
193 * an ASN1 encoding at all: it just contains arbitrary data.
194 */
195
196static void *ocsp_nonce_new(void)
197{
198 return ASN1_OCTET_STRING_new();
199}
200
201static int i2d_ocsp_nonce(void *a, unsigned char **pp)
202{
203 ASN1_OCTET_STRING *os = a;
204 if(pp) {
205 memcpy(*pp, os->data, os->length);
206 *pp += os->length;
207 }
208 return os->length;
209}
210
211static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
212{
213 ASN1_OCTET_STRING *os, **pos;
214 pos = a;
215 if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
216 else os = *pos;
217 if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
218
219 *pp += length;
220
221 if(pos) *pos = os;
222 return os;
223
224 err:
225 if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
226 OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
227 return NULL;
228}
229
230static void ocsp_nonce_free(void *a)
231{
232 M_ASN1_OCTET_STRING_free(a);
233}
234
235static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
236{
237 if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
238 if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
239 return 1;
240}
241
242/* Nocheck is just a single NULL. Don't print anything and always set it */
243
244static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
245{
246 return 1;
247}
248
249static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
250{
251 return ASN1_NULL_new();
252}
253
254static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
255 {
256 int i;
257 OCSP_SERVICELOC *a = in;
258 ACCESS_DESCRIPTION *ad;
259
260 if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
261 if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
262 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
263 {
264 ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
265 if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0)
266 goto err;
267 if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
268 if(BIO_puts(bp, " - ") <= 0) goto err;
269 if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
270 }
271 return 1;
272err:
273 return 0;
274 }
275#endif
diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c
deleted file mode 100644
index b32d968619..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pci.c
+++ /dev/null
@@ -1,313 +0,0 @@
1/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
2/* Contributed to the OpenSSL Project 2004
3 * by Richard Levitte (richard@levitte.org)
4 */
5/* Copyright (c) 2004 Kungliga Tekniska Högskolan
6 * (Royal Institute of Technology, Stockholm, Sweden).
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * 3. Neither the name of the Institute nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37#include <stdio.h>
38#include "cryptlib.h"
39#include <openssl/conf.h>
40#include <openssl/x509v3.h>
41
42static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
43 BIO *out, int indent);
44static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
45 X509V3_CTX *ctx, char *str);
46
47X509V3_EXT_METHOD v3_pci =
48 { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
49 0,0,0,0,
50 0,0,
51 NULL, NULL,
52 (X509V3_EXT_I2R)i2r_pci,
53 (X509V3_EXT_R2I)r2i_pci,
54 NULL,
55 };
56
57static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
58 BIO *out, int indent)
59 {
60 BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
61 if (pci->pcPathLengthConstraint)
62 i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
63 else
64 BIO_printf(out, "infinite");
65 BIO_puts(out, "\n");
66 BIO_printf(out, "%*sPolicy Language: ", indent, "");
67 i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
68 BIO_puts(out, "\n");
69 if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
70 BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
71 pci->proxyPolicy->policy->data);
72 return 1;
73 }
74
75static int process_pci_value(CONF_VALUE *val,
76 ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
77 ASN1_OCTET_STRING **policy)
78 {
79 int free_policy = 0;
80
81 if (strcmp(val->name, "language") == 0)
82 {
83 if (*language)
84 {
85 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
86 X509V3_conf_err(val);
87 return 0;
88 }
89 if (!(*language = OBJ_txt2obj(val->value, 0)))
90 {
91 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_OBJECT_IDENTIFIER);
92 X509V3_conf_err(val);
93 return 0;
94 }
95 }
96 else if (strcmp(val->name, "pathlen") == 0)
97 {
98 if (*pathlen)
99 {
100 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
101 X509V3_conf_err(val);
102 return 0;
103 }
104 if (!X509V3_get_value_int(val, pathlen))
105 {
106 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH);
107 X509V3_conf_err(val);
108 return 0;
109 }
110 }
111 else if (strcmp(val->name, "policy") == 0)
112 {
113 unsigned char *tmp_data = NULL;
114 long val_len;
115 if (!*policy)
116 {
117 *policy = ASN1_OCTET_STRING_new();
118 if (!*policy)
119 {
120 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
121 X509V3_conf_err(val);
122 return 0;
123 }
124 free_policy = 1;
125 }
126 if (strncmp(val->value, "hex:", 4) == 0)
127 {
128 unsigned char *tmp_data2 =
129 string_to_hex(val->value + 4, &val_len);
130
131 if (!tmp_data2) goto err;
132
133 tmp_data = OPENSSL_realloc((*policy)->data,
134 (*policy)->length + val_len + 1);
135 if (tmp_data)
136 {
137 (*policy)->data = tmp_data;
138 memcpy(&(*policy)->data[(*policy)->length],
139 tmp_data2, val_len);
140 (*policy)->length += val_len;
141 (*policy)->data[(*policy)->length] = '\0';
142 }
143 }
144 else if (strncmp(val->value, "file:", 5) == 0)
145 {
146 unsigned char buf[2048];
147 int n;
148 BIO *b = BIO_new_file(val->value + 5, "r");
149 if (!b)
150 {
151 X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB);
152 X509V3_conf_err(val);
153 goto err;
154 }
155 while((n = BIO_read(b, buf, sizeof(buf))) > 0
156 || (n == 0 && BIO_should_retry(b)))
157 {
158 if (!n) continue;
159
160 tmp_data = OPENSSL_realloc((*policy)->data,
161 (*policy)->length + n + 1);
162
163 if (!tmp_data)
164 break;
165
166 (*policy)->data = tmp_data;
167 memcpy(&(*policy)->data[(*policy)->length],
168 buf, n);
169 (*policy)->length += n;
170 (*policy)->data[(*policy)->length] = '\0';
171 }
172
173 if (n < 0)
174 {
175 X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB);
176 X509V3_conf_err(val);
177 goto err;
178 }
179 }
180 else if (strncmp(val->value, "text:", 5) == 0)
181 {
182 val_len = strlen(val->value + 5);
183 tmp_data = OPENSSL_realloc((*policy)->data,
184 (*policy)->length + val_len + 1);
185 if (tmp_data)
186 {
187 (*policy)->data = tmp_data;
188 memcpy(&(*policy)->data[(*policy)->length],
189 val->value + 5, val_len);
190 (*policy)->length += val_len;
191 (*policy)->data[(*policy)->length] = '\0';
192 }
193 }
194 else
195 {
196 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
197 X509V3_conf_err(val);
198 goto err;
199 }
200 if (!tmp_data)
201 {
202 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
203 X509V3_conf_err(val);
204 goto err;
205 }
206 }
207 return 1;
208err:
209 if (free_policy)
210 {
211 ASN1_OCTET_STRING_free(*policy);
212 *policy = NULL;
213 }
214 return 0;
215 }
216
217static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
218 X509V3_CTX *ctx, char *value)
219 {
220 PROXY_CERT_INFO_EXTENSION *pci = NULL;
221 STACK_OF(CONF_VALUE) *vals;
222 ASN1_OBJECT *language = NULL;
223 ASN1_INTEGER *pathlen = NULL;
224 ASN1_OCTET_STRING *policy = NULL;
225 int i, j;
226
227 vals = X509V3_parse_list(value);
228 for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
229 {
230 CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
231 if (!cnf->name || (*cnf->name != '@' && !cnf->value))
232 {
233 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
234 X509V3_conf_err(cnf);
235 goto err;
236 }
237 if (*cnf->name == '@')
238 {
239 STACK_OF(CONF_VALUE) *sect;
240 int success_p = 1;
241
242 sect = X509V3_get_section(ctx, cnf->name + 1);
243 if (!sect)
244 {
245 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
246 X509V3_conf_err(cnf);
247 goto err;
248 }
249 for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
250 {
251 success_p =
252 process_pci_value(sk_CONF_VALUE_value(sect, j),
253 &language, &pathlen, &policy);
254 }
255 X509V3_section_free(ctx, sect);
256 if (!success_p)
257 goto err;
258 }
259 else
260 {
261 if (!process_pci_value(cnf,
262 &language, &pathlen, &policy))
263 {
264 X509V3_conf_err(cnf);
265 goto err;
266 }
267 }
268 }
269
270 /* Language is mandatory */
271 if (!language)
272 {
273 X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
274 goto err;
275 }
276 i = OBJ_obj2nid(language);
277 if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
278 {
279 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
280 goto err;
281 }
282
283 pci = PROXY_CERT_INFO_EXTENSION_new();
284 if (!pci)
285 {
286 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
287 goto err;
288 }
289 pci->proxyPolicy = PROXY_POLICY_new();
290 if (!pci->proxyPolicy)
291 {
292 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
293 goto err;
294 }
295
296 pci->proxyPolicy->policyLanguage = language; language = NULL;
297 pci->proxyPolicy->policy = policy; policy = NULL;
298 pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
299 goto end;
300err:
301 if (language) { ASN1_OBJECT_free(language); language = NULL; }
302 if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
303 if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
304 if (pci && pci->proxyPolicy)
305 {
306 PROXY_POLICY_free(pci->proxyPolicy);
307 pci->proxyPolicy = NULL;
308 }
309 if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
310end:
311 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
312 return pci;
313 }
diff --git a/src/lib/libcrypto/x509v3/v3_pcia.c b/src/lib/libcrypto/x509v3/v3_pcia.c
deleted file mode 100644
index bb362e0e5a..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pcia.c
+++ /dev/null
@@ -1,55 +0,0 @@
1/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
2/* Contributed to the OpenSSL Project 2004
3 * by Richard Levitte (richard@levitte.org)
4 */
5/* Copyright (c) 2004 Kungliga Tekniska Högskolan
6 * (Royal Institute of Technology, Stockholm, Sweden).
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * 3. Neither the name of the Institute nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37#include <openssl/asn1.h>
38#include <openssl/asn1t.h>
39#include <openssl/x509v3.h>
40
41ASN1_SEQUENCE(PROXY_POLICY) =
42 {
43 ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
44 ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
45} ASN1_SEQUENCE_END(PROXY_POLICY)
46
47IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
48
49ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
50 {
51 ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
52 ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
53} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
54
55IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
deleted file mode 100644
index 49a2e4697a..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pku.c
+++ /dev/null
@@ -1,108 +0,0 @@
1/* v3_pku.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/asn1t.h>
63#include <openssl/x509v3.h>
64
65static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
66/*
67static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
68*/
69X509V3_EXT_METHOD v3_pkey_usage_period = {
70NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
710,0,0,0,
720,0,0,0,
73(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
74NULL
75};
76
77ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
78 ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
79 ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
80} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
81
82IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
83
84static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
85 PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
86{
87 BIO_printf(out, "%*s", indent, "");
88 if(usage->notBefore) {
89 BIO_write(out, "Not Before: ", 12);
90 ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
91 if(usage->notAfter) BIO_write(out, ", ", 2);
92 }
93 if(usage->notAfter) {
94 BIO_write(out, "Not After: ", 11);
95 ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
96 }
97 return 1;
98}
99
100/*
101static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
102X509V3_EXT_METHOD *method;
103X509V3_CTX *ctx;
104STACK_OF(CONF_VALUE) *values;
105{
106return NULL;
107}
108*/
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
deleted file mode 100644
index 5d268eb768..0000000000
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ /dev/null
@@ -1,233 +0,0 @@
1/* v3_prn.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/x509v3.h>
64
65/* Extension printing routines */
66
67static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
68
69/* Print out a name+value stack */
70
71void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
72{
73 int i;
74 CONF_VALUE *nval;
75 if(!val) return;
76 if(!ml || !sk_CONF_VALUE_num(val)) {
77 BIO_printf(out, "%*s", indent, "");
78 if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
79 }
80 for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
81 if(ml) BIO_printf(out, "%*s", indent, "");
82 else if(i > 0) BIO_printf(out, ", ");
83 nval = sk_CONF_VALUE_value(val, i);
84 if(!nval->name) BIO_puts(out, nval->value);
85 else if(!nval->value) BIO_puts(out, nval->name);
86#ifndef CHARSET_EBCDIC
87 else BIO_printf(out, "%s:%s", nval->name, nval->value);
88#else
89 else {
90 int len;
91 char *tmp;
92 len = strlen(nval->value)+1;
93 tmp = OPENSSL_malloc(len);
94 if (tmp)
95 {
96 ascii2ebcdic(tmp, nval->value, len);
97 BIO_printf(out, "%s:%s", nval->name, tmp);
98 OPENSSL_free(tmp);
99 }
100 }
101#endif
102 if(ml) BIO_puts(out, "\n");
103 }
104}
105
106/* Main routine: print out a general extension */
107
108int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
109{
110 void *ext_str = NULL;
111 char *value = NULL;
112 unsigned char *p;
113 X509V3_EXT_METHOD *method;
114 STACK_OF(CONF_VALUE) *nval = NULL;
115 int ok = 1;
116 if(!(method = X509V3_EXT_get(ext)))
117 return unknown_ext_print(out, ext, flag, indent, 0);
118 p = ext->value->data;
119 if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
120 else ext_str = method->d2i(NULL, &p, ext->value->length);
121
122 if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
123
124 if(method->i2s) {
125 if(!(value = method->i2s(method, ext_str))) {
126 ok = 0;
127 goto err;
128 }
129#ifndef CHARSET_EBCDIC
130 BIO_printf(out, "%*s%s", indent, "", value);
131#else
132 {
133 int len;
134 char *tmp;
135 len = strlen(value)+1;
136 tmp = OPENSSL_malloc(len);
137 if (tmp)
138 {
139 ascii2ebcdic(tmp, value, len);
140 BIO_printf(out, "%*s%s", indent, "", tmp);
141 OPENSSL_free(tmp);
142 }
143 }
144#endif
145 } else if(method->i2v) {
146 if(!(nval = method->i2v(method, ext_str, NULL))) {
147 ok = 0;
148 goto err;
149 }
150 X509V3_EXT_val_prn(out, nval, indent,
151 method->ext_flags & X509V3_EXT_MULTILINE);
152 } else if(method->i2r) {
153 if(!method->i2r(method, ext_str, out, indent)) ok = 0;
154 } else ok = 0;
155
156 err:
157 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
158 if(value) OPENSSL_free(value);
159 if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
160 else method->ext_free(ext_str);
161 return ok;
162}
163
164int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
165{
166 int i, j;
167
168 if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
169
170 if(title)
171 {
172 BIO_printf(bp,"%*s%s:\n",indent, "", title);
173 indent += 4;
174 }
175
176 for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
177 {
178 ASN1_OBJECT *obj;
179 X509_EXTENSION *ex;
180 ex=sk_X509_EXTENSION_value(exts, i);
181 if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
182 obj=X509_EXTENSION_get_object(ex);
183 i2a_ASN1_OBJECT(bp,obj);
184 j=X509_EXTENSION_get_critical(ex);
185 if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
186 return 0;
187 if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
188 {
189 BIO_printf(bp, "%*s", indent + 4, "");
190 M_ASN1_OCTET_STRING_print(bp,ex->value);
191 }
192 if (BIO_write(bp,"\n",1) <= 0) return 0;
193 }
194 return 1;
195}
196
197static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
198{
199 switch(flag & X509V3_EXT_UNKNOWN_MASK) {
200
201 case X509V3_EXT_DEFAULT:
202 return 0;
203
204 case X509V3_EXT_ERROR_UNKNOWN:
205 if(supported)
206 BIO_printf(out, "%*s<Parse Error>", indent, "");
207 else
208 BIO_printf(out, "%*s<Not Supported>", indent, "");
209 return 1;
210
211 case X509V3_EXT_PARSE_UNKNOWN:
212 return ASN1_parse_dump(out,
213 ext->value->data, ext->value->length, indent, -1);
214 case X509V3_EXT_DUMP_UNKNOWN:
215 return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
216
217 default:
218 return 1;
219 }
220}
221
222
223#ifndef OPENSSL_NO_FP_API
224int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
225{
226 BIO *bio_tmp;
227 int ret;
228 if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
229 ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
230 BIO_free(bio_tmp);
231 return ret;
232}
233#endif
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
deleted file mode 100644
index bbdf6da493..0000000000
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ /dev/null
@@ -1,647 +0,0 @@
1/* v3_purp.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62#include <openssl/x509_vfy.h>
63
64static void x509v3_cache_extensions(X509 *x);
65
66static int check_ssl_ca(const X509 *x);
67static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
68static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
69static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
70static int purpose_smime(const X509 *x, int ca);
71static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
72static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
73static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
74static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
75static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
76
77static int xp_cmp(const X509_PURPOSE * const *a,
78 const X509_PURPOSE * const *b);
79static void xptable_free(X509_PURPOSE *p);
80
81static X509_PURPOSE xstandard[] = {
82 {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
83 {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
84 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
85 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
86 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
87 {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
88 {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
89 {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
90};
91
92#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
93
94IMPLEMENT_STACK_OF(X509_PURPOSE)
95
96static STACK_OF(X509_PURPOSE) *xptable = NULL;
97
98static int xp_cmp(const X509_PURPOSE * const *a,
99 const X509_PURPOSE * const *b)
100{
101 return (*a)->purpose - (*b)->purpose;
102}
103
104/* As much as I'd like to make X509_check_purpose use a "const" X509*
105 * I really can't because it does recalculate hashes and do other non-const
106 * things. */
107int X509_check_purpose(X509 *x, int id, int ca)
108{
109 int idx;
110 const X509_PURPOSE *pt;
111 if(!(x->ex_flags & EXFLAG_SET)) {
112 CRYPTO_w_lock(CRYPTO_LOCK_X509);
113 x509v3_cache_extensions(x);
114 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
115 }
116 if(id == -1) return 1;
117 idx = X509_PURPOSE_get_by_id(id);
118 if(idx == -1) return -1;
119 pt = X509_PURPOSE_get0(idx);
120 return pt->check_purpose(pt, x, ca);
121}
122
123int X509_PURPOSE_set(int *p, int purpose)
124{
125 if(X509_PURPOSE_get_by_id(purpose) == -1) {
126 X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
127 return 0;
128 }
129 *p = purpose;
130 return 1;
131}
132
133int X509_PURPOSE_get_count(void)
134{
135 if(!xptable) return X509_PURPOSE_COUNT;
136 return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
137}
138
139X509_PURPOSE * X509_PURPOSE_get0(int idx)
140{
141 if(idx < 0) return NULL;
142 if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
143 return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
144}
145
146int X509_PURPOSE_get_by_sname(char *sname)
147{
148 int i;
149 X509_PURPOSE *xptmp;
150 for(i = 0; i < X509_PURPOSE_get_count(); i++) {
151 xptmp = X509_PURPOSE_get0(i);
152 if(!strcmp(xptmp->sname, sname)) return i;
153 }
154 return -1;
155}
156
157int X509_PURPOSE_get_by_id(int purpose)
158{
159 X509_PURPOSE tmp;
160 int idx;
161 if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
162 return purpose - X509_PURPOSE_MIN;
163 tmp.purpose = purpose;
164 if(!xptable) return -1;
165 idx = sk_X509_PURPOSE_find(xptable, &tmp);
166 if(idx == -1) return -1;
167 return idx + X509_PURPOSE_COUNT;
168}
169
170int X509_PURPOSE_add(int id, int trust, int flags,
171 int (*ck)(const X509_PURPOSE *, const X509 *, int),
172 char *name, char *sname, void *arg)
173{
174 int idx;
175 X509_PURPOSE *ptmp;
176 /* This is set according to what we change: application can't set it */
177 flags &= ~X509_PURPOSE_DYNAMIC;
178 /* This will always be set for application modified trust entries */
179 flags |= X509_PURPOSE_DYNAMIC_NAME;
180 /* Get existing entry if any */
181 idx = X509_PURPOSE_get_by_id(id);
182 /* Need a new entry */
183 if(idx == -1) {
184 if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
185 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
186 return 0;
187 }
188 ptmp->flags = X509_PURPOSE_DYNAMIC;
189 } else ptmp = X509_PURPOSE_get0(idx);
190
191 /* OPENSSL_free existing name if dynamic */
192 if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
193 OPENSSL_free(ptmp->name);
194 OPENSSL_free(ptmp->sname);
195 }
196 /* dup supplied name */
197 ptmp->name = BUF_strdup(name);
198 ptmp->sname = BUF_strdup(sname);
199 if(!ptmp->name || !ptmp->sname) {
200 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
201 return 0;
202 }
203 /* Keep the dynamic flag of existing entry */
204 ptmp->flags &= X509_PURPOSE_DYNAMIC;
205 /* Set all other flags */
206 ptmp->flags |= flags;
207
208 ptmp->purpose = id;
209 ptmp->trust = trust;
210 ptmp->check_purpose = ck;
211 ptmp->usr_data = arg;
212
213 /* If its a new entry manage the dynamic table */
214 if(idx == -1) {
215 if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
216 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
217 return 0;
218 }
219 if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
220 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
221 return 0;
222 }
223 }
224 return 1;
225}
226
227static void xptable_free(X509_PURPOSE *p)
228 {
229 if(!p) return;
230 if (p->flags & X509_PURPOSE_DYNAMIC)
231 {
232 if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
233 OPENSSL_free(p->name);
234 OPENSSL_free(p->sname);
235 }
236 OPENSSL_free(p);
237 }
238 }
239
240void X509_PURPOSE_cleanup(void)
241{
242 int i;
243 sk_X509_PURPOSE_pop_free(xptable, xptable_free);
244 for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
245 xptable = NULL;
246}
247
248int X509_PURPOSE_get_id(X509_PURPOSE *xp)
249{
250 return xp->purpose;
251}
252
253char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
254{
255 return xp->name;
256}
257
258char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
259{
260 return xp->sname;
261}
262
263int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
264{
265 return xp->trust;
266}
267
268static int nid_cmp(int *a, int *b)
269 {
270 return *a - *b;
271 }
272
273int X509_supported_extension(X509_EXTENSION *ex)
274 {
275 /* This table is a list of the NIDs of supported extensions:
276 * that is those which are used by the verify process. If
277 * an extension is critical and doesn't appear in this list
278 * then the verify process will normally reject the certificate.
279 * The list must be kept in numerical order because it will be
280 * searched using bsearch.
281 */
282
283 static int supported_nids[] = {
284 NID_netscape_cert_type, /* 71 */
285 NID_key_usage, /* 83 */
286 NID_subject_alt_name, /* 85 */
287 NID_basic_constraints, /* 87 */
288 NID_ext_key_usage, /* 126 */
289 NID_proxyCertInfo /* 661 */
290 };
291
292 int ex_nid;
293
294 ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
295
296 if (ex_nid == NID_undef)
297 return 0;
298
299 if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
300 sizeof(supported_nids)/sizeof(int), sizeof(int),
301 (int (*)(const void *, const void *))nid_cmp))
302 return 1;
303 return 0;
304 }
305
306
307static void x509v3_cache_extensions(X509 *x)
308{
309 BASIC_CONSTRAINTS *bs;
310 PROXY_CERT_INFO_EXTENSION *pci;
311 ASN1_BIT_STRING *usage;
312 ASN1_BIT_STRING *ns;
313 EXTENDED_KEY_USAGE *extusage;
314 X509_EXTENSION *ex;
315
316 int i;
317 if(x->ex_flags & EXFLAG_SET) return;
318#ifndef OPENSSL_NO_SHA
319 X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
320#endif
321 /* Does subject name match issuer ? */
322 if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
323 x->ex_flags |= EXFLAG_SS;
324 /* V1 should mean no extensions ... */
325 if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
326 /* Handle basic constraints */
327 if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
328 if(bs->ca) x->ex_flags |= EXFLAG_CA;
329 if(bs->pathlen) {
330 if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
331 || !bs->ca) {
332 x->ex_flags |= EXFLAG_INVALID;
333 x->ex_pathlen = 0;
334 } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
335 } else x->ex_pathlen = -1;
336 BASIC_CONSTRAINTS_free(bs);
337 x->ex_flags |= EXFLAG_BCONS;
338 }
339 /* Handle proxy certificates */
340 if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
341 if (x->ex_flags & EXFLAG_CA
342 || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
343 || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
344 x->ex_flags |= EXFLAG_INVALID;
345 }
346 PROXY_CERT_INFO_EXTENSION_free(pci);
347 x->ex_flags |= EXFLAG_PROXY;
348 }
349 /* Handle key usage */
350 if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
351 if(usage->length > 0) {
352 x->ex_kusage = usage->data[0];
353 if(usage->length > 1)
354 x->ex_kusage |= usage->data[1] << 8;
355 } else x->ex_kusage = 0;
356 x->ex_flags |= EXFLAG_KUSAGE;
357 ASN1_BIT_STRING_free(usage);
358 }
359 x->ex_xkusage = 0;
360 if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
361 x->ex_flags |= EXFLAG_XKUSAGE;
362 for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
363 switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
364 case NID_server_auth:
365 x->ex_xkusage |= XKU_SSL_SERVER;
366 break;
367
368 case NID_client_auth:
369 x->ex_xkusage |= XKU_SSL_CLIENT;
370 break;
371
372 case NID_email_protect:
373 x->ex_xkusage |= XKU_SMIME;
374 break;
375
376 case NID_code_sign:
377 x->ex_xkusage |= XKU_CODE_SIGN;
378 break;
379
380 case NID_ms_sgc:
381 case NID_ns_sgc:
382 x->ex_xkusage |= XKU_SGC;
383 break;
384
385 case NID_OCSP_sign:
386 x->ex_xkusage |= XKU_OCSP_SIGN;
387 break;
388
389 case NID_time_stamp:
390 x->ex_xkusage |= XKU_TIMESTAMP;
391 break;
392
393 case NID_dvcs:
394 x->ex_xkusage |= XKU_DVCS;
395 break;
396 }
397 }
398 sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
399 }
400
401 if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
402 if(ns->length > 0) x->ex_nscert = ns->data[0];
403 else x->ex_nscert = 0;
404 x->ex_flags |= EXFLAG_NSCERT;
405 ASN1_BIT_STRING_free(ns);
406 }
407 x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
408 x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
409 for (i = 0; i < X509_get_ext_count(x); i++)
410 {
411 ex = X509_get_ext(x, i);
412 if (!X509_EXTENSION_get_critical(ex))
413 continue;
414 if (!X509_supported_extension(ex))
415 {
416 x->ex_flags |= EXFLAG_CRITICAL;
417 break;
418 }
419 }
420 x->ex_flags |= EXFLAG_SET;
421}
422
423/* CA checks common to all purposes
424 * return codes:
425 * 0 not a CA
426 * 1 is a CA
427 * 2 basicConstraints absent so "maybe" a CA
428 * 3 basicConstraints absent but self signed V1.
429 * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
430 */
431
432#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
433#define ku_reject(x, usage) \
434 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
435#define xku_reject(x, usage) \
436 (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
437#define ns_reject(x, usage) \
438 (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
439
440static int check_ca(const X509 *x)
441{
442 /* keyUsage if present should allow cert signing */
443 if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
444 if(x->ex_flags & EXFLAG_BCONS) {
445 if(x->ex_flags & EXFLAG_CA) return 1;
446 /* If basicConstraints says not a CA then say so */
447 else return 0;
448 } else {
449 /* we support V1 roots for... uh, I don't really know why. */
450 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
451 /* If key usage present it must have certSign so tolerate it */
452 else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
453 /* Older certificates could have Netscape-specific CA types */
454 else if (x->ex_flags & EXFLAG_NSCERT
455 && x->ex_nscert & NS_ANY_CA) return 5;
456 /* can this still be regarded a CA certificate? I doubt it */
457 return 0;
458 }
459}
460
461int X509_check_ca(X509 *x)
462{
463 if(!(x->ex_flags & EXFLAG_SET)) {
464 CRYPTO_w_lock(CRYPTO_LOCK_X509);
465 x509v3_cache_extensions(x);
466 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
467 }
468
469 return check_ca(x);
470}
471
472/* Check SSL CA: common checks for SSL client and server */
473static int check_ssl_ca(const X509 *x)
474{
475 int ca_ret;
476 ca_ret = check_ca(x);
477 if(!ca_ret) return 0;
478 /* check nsCertType if present */
479 if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret;
480 else return 0;
481}
482
483
484static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
485{
486 if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
487 if(ca) return check_ssl_ca(x);
488 /* We need to do digital signatures with it */
489 if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
490 /* nsCertType if present should allow SSL client use */
491 if(ns_reject(x, NS_SSL_CLIENT)) return 0;
492 return 1;
493}
494
495static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
496{
497 if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
498 if(ca) return check_ssl_ca(x);
499
500 if(ns_reject(x, NS_SSL_SERVER)) return 0;
501 /* Now as for keyUsage: we'll at least need to sign OR encipher */
502 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
503
504 return 1;
505
506}
507
508static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
509{
510 int ret;
511 ret = check_purpose_ssl_server(xp, x, ca);
512 if(!ret || ca) return ret;
513 /* We need to encipher or Netscape complains */
514 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
515 return ret;
516}
517
518/* common S/MIME checks */
519static int purpose_smime(const X509 *x, int ca)
520{
521 if(xku_reject(x,XKU_SMIME)) return 0;
522 if(ca) {
523 int ca_ret;
524 ca_ret = check_ca(x);
525 if(!ca_ret) return 0;
526 /* check nsCertType if present */
527 if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret;
528 else return 0;
529 }
530 if(x->ex_flags & EXFLAG_NSCERT) {
531 if(x->ex_nscert & NS_SMIME) return 1;
532 /* Workaround for some buggy certificates */
533 if(x->ex_nscert & NS_SSL_CLIENT) return 2;
534 return 0;
535 }
536 return 1;
537}
538
539static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
540{
541 int ret;
542 ret = purpose_smime(x, ca);
543 if(!ret || ca) return ret;
544 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
545 return ret;
546}
547
548static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
549{
550 int ret;
551 ret = purpose_smime(x, ca);
552 if(!ret || ca) return ret;
553 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
554 return ret;
555}
556
557static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
558{
559 if(ca) {
560 int ca_ret;
561 if((ca_ret = check_ca(x)) != 2) return ca_ret;
562 else return 0;
563 }
564 if(ku_reject(x, KU_CRL_SIGN)) return 0;
565 return 1;
566}
567
568/* OCSP helper: this is *not* a full OCSP check. It just checks that
569 * each CA is valid. Additional checks must be made on the chain.
570 */
571
572static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
573{
574 /* Must be a valid CA. Should we really support the "I don't know"
575 value (2)? */
576 if(ca) return check_ca(x);
577 /* leaf certificate is checked in OCSP_verify() */
578 return 1;
579}
580
581static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
582{
583 return 1;
584}
585
586/* Various checks to see if one certificate issued the second.
587 * This can be used to prune a set of possible issuer certificates
588 * which have been looked up using some simple method such as by
589 * subject name.
590 * These are:
591 * 1. Check issuer_name(subject) == subject_name(issuer)
592 * 2. If akid(subject) exists check it matches issuer
593 * 3. If key_usage(issuer) exists check it supports certificate signing
594 * returns 0 for OK, positive for reason for mismatch, reasons match
595 * codes for X509_verify_cert()
596 */
597
598int X509_check_issued(X509 *issuer, X509 *subject)
599{
600 if(X509_NAME_cmp(X509_get_subject_name(issuer),
601 X509_get_issuer_name(subject)))
602 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
603 x509v3_cache_extensions(issuer);
604 x509v3_cache_extensions(subject);
605 if(subject->akid) {
606 /* Check key ids (if present) */
607 if(subject->akid->keyid && issuer->skid &&
608 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
609 return X509_V_ERR_AKID_SKID_MISMATCH;
610 /* Check serial number */
611 if(subject->akid->serial &&
612 ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
613 subject->akid->serial))
614 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
615 /* Check issuer name */
616 if(subject->akid->issuer) {
617 /* Ugh, for some peculiar reason AKID includes
618 * SEQUENCE OF GeneralName. So look for a DirName.
619 * There may be more than one but we only take any
620 * notice of the first.
621 */
622 GENERAL_NAMES *gens;
623 GENERAL_NAME *gen;
624 X509_NAME *nm = NULL;
625 int i;
626 gens = subject->akid->issuer;
627 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
628 gen = sk_GENERAL_NAME_value(gens, i);
629 if(gen->type == GEN_DIRNAME) {
630 nm = gen->d.dirn;
631 break;
632 }
633 }
634 if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
635 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
636 }
637 }
638 if(subject->ex_flags & EXFLAG_PROXY)
639 {
640 if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
641 return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
642 }
643 else if(ku_reject(issuer, KU_KEY_CERT_SIGN))
644 return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
645 return X509_V_OK;
646}
647
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
deleted file mode 100644
index c0f044ac1b..0000000000
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ /dev/null
@@ -1,144 +0,0 @@
1/* v3_skey.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/x509v3.h>
63
64static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
65X509V3_EXT_METHOD v3_skey_id = {
66NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
670,0,0,0,
68(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
69(X509V3_EXT_S2I)s2i_skey_id,
700,0,0,0,
71NULL};
72
73char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
74 ASN1_OCTET_STRING *oct)
75{
76 return hex_to_string(oct->data, oct->length);
77}
78
79ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
80 X509V3_CTX *ctx, char *str)
81{
82 ASN1_OCTET_STRING *oct;
83 long length;
84
85 if(!(oct = M_ASN1_OCTET_STRING_new())) {
86 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89
90 if(!(oct->data = string_to_hex(str, &length))) {
91 M_ASN1_OCTET_STRING_free(oct);
92 return NULL;
93 }
94
95 oct->length = length;
96
97 return oct;
98
99}
100
101static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
102 X509V3_CTX *ctx, char *str)
103{
104 ASN1_OCTET_STRING *oct;
105 ASN1_BIT_STRING *pk;
106 unsigned char pkey_dig[EVP_MAX_MD_SIZE];
107 unsigned int diglen;
108
109 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
110
111 if(!(oct = M_ASN1_OCTET_STRING_new())) {
112 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
113 return NULL;
114 }
115
116 if(ctx && (ctx->flags == CTX_TEST)) return oct;
117
118 if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
119 X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
120 goto err;
121 }
122
123 if(ctx->subject_req)
124 pk = ctx->subject_req->req_info->pubkey->public_key;
125 else pk = ctx->subject_cert->cert_info->key->public_key;
126
127 if(!pk) {
128 X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
129 goto err;
130 }
131
132 EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
133
134 if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
135 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
136 goto err;
137 }
138
139 return oct;
140
141 err:
142 M_ASN1_OCTET_STRING_free(oct);
143 return NULL;
144}
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
deleted file mode 100644
index d3f4ba3a72..0000000000
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ /dev/null
@@ -1,262 +0,0 @@
1/* v3_sxnet.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66/* Support for Thawte strong extranet extension */
67
68#define SXNET_TEST
69
70static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
71#ifdef SXNET_TEST
72static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *nval);
74#endif
75X509V3_EXT_METHOD v3_sxnet = {
76NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
770,0,0,0,
780,0,
790,
80#ifdef SXNET_TEST
81(X509V3_EXT_V2I)sxnet_v2i,
82#else
830,
84#endif
85(X509V3_EXT_I2R)sxnet_i2r,
860,
87NULL
88};
89
90ASN1_SEQUENCE(SXNETID) = {
91 ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
92 ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
93} ASN1_SEQUENCE_END(SXNETID)
94
95IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
96
97ASN1_SEQUENCE(SXNET) = {
98 ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
99 ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
100} ASN1_SEQUENCE_END(SXNET)
101
102IMPLEMENT_ASN1_FUNCTIONS(SXNET)
103
104static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
105 int indent)
106{
107 long v;
108 char *tmp;
109 SXNETID *id;
110 int i;
111 v = ASN1_INTEGER_get(sx->version);
112 BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v);
113 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
114 id = sk_SXNETID_value(sx->ids, i);
115 tmp = i2s_ASN1_INTEGER(NULL, id->zone);
116 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
117 OPENSSL_free(tmp);
118 M_ASN1_OCTET_STRING_print(out, id->user);
119 }
120 return 1;
121}
122
123#ifdef SXNET_TEST
124
125/* NBB: this is used for testing only. It should *not* be used for anything
126 * else because it will just take static IDs from the configuration file and
127 * they should really be separate values for each user.
128 */
129
130
131static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
132 STACK_OF(CONF_VALUE) *nval)
133{
134 CONF_VALUE *cnf;
135 SXNET *sx = NULL;
136 int i;
137 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
138 cnf = sk_CONF_VALUE_value(nval, i);
139 if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
140 return NULL;
141 }
142 return sx;
143}
144
145
146#endif
147
148/* Strong Extranet utility functions */
149
150/* Add an id given the zone as an ASCII number */
151
152int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
153 int userlen)
154{
155 ASN1_INTEGER *izone = NULL;
156 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
157 X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
158 return 0;
159 }
160 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
161}
162
163/* Add an id given the zone as an unsigned long */
164
165int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
166 int userlen)
167{
168 ASN1_INTEGER *izone = NULL;
169 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
170 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
171 M_ASN1_INTEGER_free(izone);
172 return 0;
173 }
174 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
175
176}
177
178/* Add an id given the zone as an ASN1_INTEGER.
179 * Note this version uses the passed integer and doesn't make a copy so don't
180 * free it up afterwards.
181 */
182
183int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
184 int userlen)
185{
186 SXNET *sx = NULL;
187 SXNETID *id = NULL;
188 if(!psx || !zone || !user) {
189 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
190 return 0;
191 }
192 if(userlen == -1) userlen = strlen(user);
193 if(userlen > 64) {
194 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
195 return 0;
196 }
197 if(!*psx) {
198 if(!(sx = SXNET_new())) goto err;
199 if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
200 *psx = sx;
201 } else sx = *psx;
202 if(SXNET_get_id_INTEGER(sx, zone)) {
203 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
204 return 0;
205 }
206
207 if(!(id = SXNETID_new())) goto err;
208 if(userlen == -1) userlen = strlen(user);
209
210 if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
211 if(!sk_SXNETID_push(sx->ids, id)) goto err;
212 id->zone = zone;
213 return 1;
214
215 err:
216 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
217 SXNETID_free(id);
218 SXNET_free(sx);
219 *psx = NULL;
220 return 0;
221}
222
223ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
224{
225 ASN1_INTEGER *izone = NULL;
226 ASN1_OCTET_STRING *oct;
227 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
228 X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
229 return NULL;
230 }
231 oct = SXNET_get_id_INTEGER(sx, izone);
232 M_ASN1_INTEGER_free(izone);
233 return oct;
234}
235
236ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
237{
238 ASN1_INTEGER *izone = NULL;
239 ASN1_OCTET_STRING *oct;
240 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
241 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
242 M_ASN1_INTEGER_free(izone);
243 return NULL;
244 }
245 oct = SXNET_get_id_INTEGER(sx, izone);
246 M_ASN1_INTEGER_free(izone);
247 return oct;
248}
249
250ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
251{
252 SXNETID *id;
253 int i;
254 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
255 id = sk_SXNETID_value(sx->ids, i);
256 if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
257 }
258 return NULL;
259}
260
261IMPLEMENT_STACK_OF(SXNETID)
262IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
deleted file mode 100644
index f23a8d29a0..0000000000
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ /dev/null
@@ -1,535 +0,0 @@
1/* v3_utl.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60
61#include <stdio.h>
62#include <ctype.h>
63#include "cryptlib.h"
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static char *strip_spaces(char *name);
68static int sk_strcmp(const char * const *a, const char * const *b);
69static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
70static void str_free(void *str);
71static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
72
73/* Add a CONF_VALUE name value pair to stack */
74
75int X509V3_add_value(const char *name, const char *value,
76 STACK_OF(CONF_VALUE) **extlist)
77{
78 CONF_VALUE *vtmp = NULL;
79 char *tname = NULL, *tvalue = NULL;
80 if(name && !(tname = BUF_strdup(name))) goto err;
81 if(value && !(tvalue = BUF_strdup(value))) goto err;
82 if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
83 if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
84 vtmp->section = NULL;
85 vtmp->name = tname;
86 vtmp->value = tvalue;
87 if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
88 return 1;
89 err:
90 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
91 if(vtmp) OPENSSL_free(vtmp);
92 if(tname) OPENSSL_free(tname);
93 if(tvalue) OPENSSL_free(tvalue);
94 return 0;
95}
96
97int X509V3_add_value_uchar(const char *name, const unsigned char *value,
98 STACK_OF(CONF_VALUE) **extlist)
99 {
100 return X509V3_add_value(name,(const char *)value,extlist);
101 }
102
103/* Free function for STACK_OF(CONF_VALUE) */
104
105void X509V3_conf_free(CONF_VALUE *conf)
106{
107 if(!conf) return;
108 if(conf->name) OPENSSL_free(conf->name);
109 if(conf->value) OPENSSL_free(conf->value);
110 if(conf->section) OPENSSL_free(conf->section);
111 OPENSSL_free(conf);
112}
113
114int X509V3_add_value_bool(const char *name, int asn1_bool,
115 STACK_OF(CONF_VALUE) **extlist)
116{
117 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
118 return X509V3_add_value(name, "FALSE", extlist);
119}
120
121int X509V3_add_value_bool_nf(char *name, int asn1_bool,
122 STACK_OF(CONF_VALUE) **extlist)
123{
124 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
125 return 1;
126}
127
128
129char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
130{
131 BIGNUM *bntmp = NULL;
132 char *strtmp = NULL;
133 if(!a) return NULL;
134 if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
135 !(strtmp = BN_bn2dec(bntmp)) )
136 X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
137 BN_free(bntmp);
138 return strtmp;
139}
140
141char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
142{
143 BIGNUM *bntmp = NULL;
144 char *strtmp = NULL;
145 if(!a) return NULL;
146 if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
147 !(strtmp = BN_bn2dec(bntmp)) )
148 X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
149 BN_free(bntmp);
150 return strtmp;
151}
152
153ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
154{
155 BIGNUM *bn = NULL;
156 ASN1_INTEGER *aint;
157 int isneg, ishex;
158 int ret;
159 bn = BN_new();
160 if (!value) {
161 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
162 return 0;
163 }
164 if (value[0] == '-') {
165 value++;
166 isneg = 1;
167 } else isneg = 0;
168
169 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
170 value += 2;
171 ishex = 1;
172 } else ishex = 0;
173
174 if (ishex) ret = BN_hex2bn(&bn, value);
175 else ret = BN_dec2bn(&bn, value);
176
177 if (!ret) {
178 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
179 return 0;
180 }
181
182 if (isneg && BN_is_zero(bn)) isneg = 0;
183
184 aint = BN_to_ASN1_INTEGER(bn, NULL);
185 BN_free(bn);
186 if (!aint) {
187 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
188 return 0;
189 }
190 if (isneg) aint->type |= V_ASN1_NEG;
191 return aint;
192}
193
194int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
195 STACK_OF(CONF_VALUE) **extlist)
196{
197 char *strtmp;
198 int ret;
199 if(!aint) return 1;
200 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
201 ret = X509V3_add_value(name, strtmp, extlist);
202 OPENSSL_free(strtmp);
203 return ret;
204}
205
206int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
207{
208 char *btmp;
209 if(!(btmp = value->value)) goto err;
210 if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
211 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
212 || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
213 *asn1_bool = 0xff;
214 return 1;
215 } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
216 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
217 || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
218 *asn1_bool = 0;
219 return 1;
220 }
221 err:
222 X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
223 X509V3_conf_err(value);
224 return 0;
225}
226
227int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
228{
229 ASN1_INTEGER *itmp;
230 if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
231 X509V3_conf_err(value);
232 return 0;
233 }
234 *aint = itmp;
235 return 1;
236}
237
238#define HDR_NAME 1
239#define HDR_VALUE 2
240
241/*#define DEBUG*/
242
243STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
244{
245 char *p, *q, c;
246 char *ntmp, *vtmp;
247 STACK_OF(CONF_VALUE) *values = NULL;
248 char *linebuf;
249 int state;
250 /* We are going to modify the line so copy it first */
251 linebuf = BUF_strdup(line);
252 state = HDR_NAME;
253 ntmp = NULL;
254 /* Go through all characters */
255 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
256
257 switch(state) {
258 case HDR_NAME:
259 if(c == ':') {
260 state = HDR_VALUE;
261 *p = 0;
262 ntmp = strip_spaces(q);
263 if(!ntmp) {
264 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
265 goto err;
266 }
267 q = p + 1;
268 } else if(c == ',') {
269 *p = 0;
270 ntmp = strip_spaces(q);
271 q = p + 1;
272#if 0
273 printf("%s\n", ntmp);
274#endif
275 if(!ntmp) {
276 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
277 goto err;
278 }
279 X509V3_add_value(ntmp, NULL, &values);
280 }
281 break ;
282
283 case HDR_VALUE:
284 if(c == ',') {
285 state = HDR_NAME;
286 *p = 0;
287 vtmp = strip_spaces(q);
288#if 0
289 printf("%s\n", ntmp);
290#endif
291 if(!vtmp) {
292 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
293 goto err;
294 }
295 X509V3_add_value(ntmp, vtmp, &values);
296 ntmp = NULL;
297 q = p + 1;
298 }
299
300 }
301 }
302
303 if(state == HDR_VALUE) {
304 vtmp = strip_spaces(q);
305#if 0
306 printf("%s=%s\n", ntmp, vtmp);
307#endif
308 if(!vtmp) {
309 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
310 goto err;
311 }
312 X509V3_add_value(ntmp, vtmp, &values);
313 } else {
314 ntmp = strip_spaces(q);
315#if 0
316 printf("%s\n", ntmp);
317#endif
318 if(!ntmp) {
319 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
320 goto err;
321 }
322 X509V3_add_value(ntmp, NULL, &values);
323 }
324OPENSSL_free(linebuf);
325return values;
326
327err:
328OPENSSL_free(linebuf);
329sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
330return NULL;
331
332}
333
334/* Delete leading and trailing spaces from a string */
335static char *strip_spaces(char *name)
336{
337 char *p, *q;
338 /* Skip over leading spaces */
339 p = name;
340 while(isspace((unsigned char)*p)) p++;
341 if(!*p) return NULL;
342 q = p + strlen(p) - 1;
343 while((q != p) && isspace((unsigned char)*q)) q--;
344 if(p != q) q[1] = 0;
345 if(!*p) return NULL;
346 return p;
347}
348
349/* hex string utilities */
350
351/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
352 * hex representation
353 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
354 */
355
356char *hex_to_string(unsigned char *buffer, long len)
357{
358 char *tmp, *q;
359 unsigned char *p;
360 int i;
361 static char hexdig[] = "0123456789ABCDEF";
362 if(!buffer || !len) return NULL;
363 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
364 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
365 return NULL;
366 }
367 q = tmp;
368 for(i = 0, p = buffer; i < len; i++,p++) {
369 *q++ = hexdig[(*p >> 4) & 0xf];
370 *q++ = hexdig[*p & 0xf];
371 *q++ = ':';
372 }
373 q[-1] = 0;
374#ifdef CHARSET_EBCDIC
375 ebcdic2ascii(tmp, tmp, q - tmp - 1);
376#endif
377
378 return tmp;
379}
380
381/* Give a string of hex digits convert to
382 * a buffer
383 */
384
385unsigned char *string_to_hex(char *str, long *len)
386{
387 unsigned char *hexbuf, *q;
388 unsigned char ch, cl, *p;
389 if(!str) {
390 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
391 return NULL;
392 }
393 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
394 for(p = (unsigned char *)str, q = hexbuf; *p;) {
395 ch = *p++;
396#ifdef CHARSET_EBCDIC
397 ch = os_toebcdic[ch];
398#endif
399 if(ch == ':') continue;
400 cl = *p++;
401#ifdef CHARSET_EBCDIC
402 cl = os_toebcdic[cl];
403#endif
404 if(!cl) {
405 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
406 OPENSSL_free(hexbuf);
407 return NULL;
408 }
409 if(isupper(ch)) ch = tolower(ch);
410 if(isupper(cl)) cl = tolower(cl);
411
412 if((ch >= '0') && (ch <= '9')) ch -= '0';
413 else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
414 else goto badhex;
415
416 if((cl >= '0') && (cl <= '9')) cl -= '0';
417 else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
418 else goto badhex;
419
420 *q++ = (ch << 4) | cl;
421 }
422
423 if(len) *len = q - hexbuf;
424
425 return hexbuf;
426
427 err:
428 if(hexbuf) OPENSSL_free(hexbuf);
429 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
430 return NULL;
431
432 badhex:
433 OPENSSL_free(hexbuf);
434 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
435 return NULL;
436
437}
438
439/* V2I name comparison function: returns zero if 'name' matches
440 * cmp or cmp.*
441 */
442
443int name_cmp(const char *name, const char *cmp)
444{
445 int len, ret;
446 char c;
447 len = strlen(cmp);
448 if((ret = strncmp(name, cmp, len))) return ret;
449 c = name[len];
450 if(!c || (c=='.')) return 0;
451 return 1;
452}
453
454static int sk_strcmp(const char * const *a, const char * const *b)
455{
456 return strcmp(*a, *b);
457}
458
459STACK *X509_get1_email(X509 *x)
460{
461 GENERAL_NAMES *gens;
462 STACK *ret;
463 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
464 ret = get_email(X509_get_subject_name(x), gens);
465 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
466 return ret;
467}
468
469STACK *X509_REQ_get1_email(X509_REQ *x)
470{
471 GENERAL_NAMES *gens;
472 STACK_OF(X509_EXTENSION) *exts;
473 STACK *ret;
474 exts = X509_REQ_get_extensions(x);
475 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
476 ret = get_email(X509_REQ_get_subject_name(x), gens);
477 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
478 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
479 return ret;
480}
481
482
483static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
484{
485 STACK *ret = NULL;
486 X509_NAME_ENTRY *ne;
487 ASN1_IA5STRING *email;
488 GENERAL_NAME *gen;
489 int i;
490 /* Now add any email address(es) to STACK */
491 i = -1;
492 /* First supplied X509_NAME */
493 while((i = X509_NAME_get_index_by_NID(name,
494 NID_pkcs9_emailAddress, i)) >= 0) {
495 ne = X509_NAME_get_entry(name, i);
496 email = X509_NAME_ENTRY_get_data(ne);
497 if(!append_ia5(&ret, email)) return NULL;
498 }
499 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
500 {
501 gen = sk_GENERAL_NAME_value(gens, i);
502 if(gen->type != GEN_EMAIL) continue;
503 if(!append_ia5(&ret, gen->d.ia5)) return NULL;
504 }
505 return ret;
506}
507
508static void str_free(void *str)
509{
510 OPENSSL_free(str);
511}
512
513static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
514{
515 char *emtmp;
516 /* First some sanity checks */
517 if(email->type != V_ASN1_IA5STRING) return 1;
518 if(!email->data || !email->length) return 1;
519 if(!*sk) *sk = sk_new(sk_strcmp);
520 if(!*sk) return 0;
521 /* Don't add duplicates */
522 if(sk_find(*sk, (char *)email->data) != -1) return 1;
523 emtmp = BUF_strdup((char *)email->data);
524 if(!emtmp || !sk_push(*sk, emtmp)) {
525 X509_email_free(*sk);
526 *sk = NULL;
527 return 0;
528 }
529 return 1;
530}
531
532void X509_email_free(STACK *sk)
533{
534 sk_pop_free(sk, str_free);
535}
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
deleted file mode 100644
index e1edaf5248..0000000000
--- a/src/lib/libcrypto/x509v3/v3err.c
+++ /dev/null
@@ -1,197 +0,0 @@
1/* crypto/x509v3/v3err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/x509v3.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
70
71static ERR_STRING_DATA X509V3_str_functs[]=
72 {
73{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
74{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
75{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
76{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
77{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
78{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
79{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
80{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
81{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"},
82{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
83{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
84{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
85{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
86{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
87{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
88{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
89{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
90{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
91{ERR_FUNC(X509V3_F_S2I_S2I_SKEY_ID), "S2I_S2I_SKEY_ID"},
92{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
93{ERR_FUNC(X509V3_F_SXNET_ADD_ASC), "SXNET_ADD_ASC"},
94{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
95{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
96{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
97{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
98{ERR_FUNC(X509V3_F_V2I_ACCESS_DESCRIPTION), "V2I_ACCESS_DESCRIPTION"},
99{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "V2I_ASN1_BIT_STRING"},
100{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
101{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
102{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
103{ERR_FUNC(X509V3_F_V2I_EXT_KU), "V2I_EXT_KU"},
104{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME), "v2i_GENERAL_NAME"},
105{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
106{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
107{ERR_FUNC(X509V3_F_X509V3_ADD_I2D), "X509V3_ADD_I2D"},
108{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
109{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
110{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
111{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
112{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
113{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
114{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
115{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
116{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
117{0,NULL}
118 };
119
120static ERR_STRING_DATA X509V3_str_reasons[]=
121 {
122{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"},
123{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"},
124{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"},
125{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
126{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"},
127{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
128{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
129{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
130{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
131{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"},
132{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
133{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
134{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
135{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
136{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"},
137{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
138{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
139{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
140{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"},
141{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
142{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"},
143{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
144{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"},
145{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"},
146{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
147{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"},
148{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
149{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER),"invalid proxy policy identifier"},
150{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
151{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"},
152{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"},
153{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"},
154{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
155{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"},
156{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
157{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
158{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
159{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"},
160{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
161{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
162{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"},
163{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
164{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
165{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
166{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
167{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
168{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT) ,"policy syntax not"},
169{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
170{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
171{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
172{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
173{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
174{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"},
175{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
176{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"},
177{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
178{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"},
179{0,NULL}
180 };
181
182#endif
183
184void ERR_load_X509V3_strings(void)
185 {
186 static int init=1;
187
188 if (init)
189 {
190 init=0;
191#ifndef OPENSSL_NO_ERR
192 ERR_load_strings(0,X509V3_str_functs);
193 ERR_load_strings(0,X509V3_str_reasons);
194#endif
195
196 }
197 }
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
deleted file mode 100644
index e6d91251c2..0000000000
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ /dev/null
@@ -1,687 +0,0 @@
1/* x509v3.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58#ifndef HEADER_X509V3_H
59#define HEADER_X509V3_H
60
61#include <openssl/bio.h>
62#include <openssl/x509.h>
63#include <openssl/conf.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69/* Forward reference */
70struct v3_ext_method;
71struct v3_ext_ctx;
72
73/* Useful typedefs */
74
75typedef void * (*X509V3_EXT_NEW)(void);
76typedef void (*X509V3_EXT_FREE)(void *);
77typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
78typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
79typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
80typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
81typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
82typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
83typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
84typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
85
86/* V3 extension structure */
87
88struct v3_ext_method {
89int ext_nid;
90int ext_flags;
91/* If this is set the following four fields are ignored */
92ASN1_ITEM_EXP *it;
93/* Old style ASN1 calls */
94X509V3_EXT_NEW ext_new;
95X509V3_EXT_FREE ext_free;
96X509V3_EXT_D2I d2i;
97X509V3_EXT_I2D i2d;
98
99/* The following pair is used for string extensions */
100X509V3_EXT_I2S i2s;
101X509V3_EXT_S2I s2i;
102
103/* The following pair is used for multi-valued extensions */
104X509V3_EXT_I2V i2v;
105X509V3_EXT_V2I v2i;
106
107/* The following are used for raw extensions */
108X509V3_EXT_I2R i2r;
109X509V3_EXT_R2I r2i;
110
111void *usr_data; /* Any extension specific data */
112};
113
114typedef struct X509V3_CONF_METHOD_st {
115char * (*get_string)(void *db, char *section, char *value);
116STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
117void (*free_string)(void *db, char * string);
118void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
119} X509V3_CONF_METHOD;
120
121/* Context specific info */
122struct v3_ext_ctx {
123#define CTX_TEST 0x1
124int flags;
125X509 *issuer_cert;
126X509 *subject_cert;
127X509_REQ *subject_req;
128X509_CRL *crl;
129X509V3_CONF_METHOD *db_meth;
130void *db;
131/* Maybe more here */
132};
133
134typedef struct v3_ext_method X509V3_EXT_METHOD;
135typedef struct v3_ext_ctx X509V3_CTX;
136
137DECLARE_STACK_OF(X509V3_EXT_METHOD)
138
139/* ext_flags values */
140#define X509V3_EXT_DYNAMIC 0x1
141#define X509V3_EXT_CTX_DEP 0x2
142#define X509V3_EXT_MULTILINE 0x4
143
144typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
145
146typedef struct BASIC_CONSTRAINTS_st {
147int ca;
148ASN1_INTEGER *pathlen;
149} BASIC_CONSTRAINTS;
150
151
152typedef struct PKEY_USAGE_PERIOD_st {
153ASN1_GENERALIZEDTIME *notBefore;
154ASN1_GENERALIZEDTIME *notAfter;
155} PKEY_USAGE_PERIOD;
156
157typedef struct otherName_st {
158ASN1_OBJECT *type_id;
159ASN1_TYPE *value;
160} OTHERNAME;
161
162typedef struct EDIPartyName_st {
163 ASN1_STRING *nameAssigner;
164 ASN1_STRING *partyName;
165} EDIPARTYNAME;
166
167typedef struct GENERAL_NAME_st {
168
169#define GEN_OTHERNAME 0
170#define GEN_EMAIL 1
171#define GEN_DNS 2
172#define GEN_X400 3
173#define GEN_DIRNAME 4
174#define GEN_EDIPARTY 5
175#define GEN_URI 6
176#define GEN_IPADD 7
177#define GEN_RID 8
178
179int type;
180union {
181 char *ptr;
182 OTHERNAME *otherName; /* otherName */
183 ASN1_IA5STRING *rfc822Name;
184 ASN1_IA5STRING *dNSName;
185 ASN1_TYPE *x400Address;
186 X509_NAME *directoryName;
187 EDIPARTYNAME *ediPartyName;
188 ASN1_IA5STRING *uniformResourceIdentifier;
189 ASN1_OCTET_STRING *iPAddress;
190 ASN1_OBJECT *registeredID;
191
192 /* Old names */
193 ASN1_OCTET_STRING *ip; /* iPAddress */
194 X509_NAME *dirn; /* dirn */
195 ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
196 ASN1_OBJECT *rid; /* registeredID */
197 ASN1_TYPE *other; /* x400Address */
198} d;
199} GENERAL_NAME;
200
201typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
202
203typedef struct ACCESS_DESCRIPTION_st {
204 ASN1_OBJECT *method;
205 GENERAL_NAME *location;
206} ACCESS_DESCRIPTION;
207
208typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
209
210typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
211
212DECLARE_STACK_OF(GENERAL_NAME)
213DECLARE_ASN1_SET_OF(GENERAL_NAME)
214
215DECLARE_STACK_OF(ACCESS_DESCRIPTION)
216DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
217
218typedef struct DIST_POINT_NAME_st {
219int type;
220union {
221 GENERAL_NAMES *fullname;
222 STACK_OF(X509_NAME_ENTRY) *relativename;
223} name;
224} DIST_POINT_NAME;
225
226typedef struct DIST_POINT_st {
227DIST_POINT_NAME *distpoint;
228ASN1_BIT_STRING *reasons;
229GENERAL_NAMES *CRLissuer;
230} DIST_POINT;
231
232typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
233
234DECLARE_STACK_OF(DIST_POINT)
235DECLARE_ASN1_SET_OF(DIST_POINT)
236
237typedef struct AUTHORITY_KEYID_st {
238ASN1_OCTET_STRING *keyid;
239GENERAL_NAMES *issuer;
240ASN1_INTEGER *serial;
241} AUTHORITY_KEYID;
242
243/* Strong extranet structures */
244
245typedef struct SXNET_ID_st {
246 ASN1_INTEGER *zone;
247 ASN1_OCTET_STRING *user;
248} SXNETID;
249
250DECLARE_STACK_OF(SXNETID)
251DECLARE_ASN1_SET_OF(SXNETID)
252
253typedef struct SXNET_st {
254 ASN1_INTEGER *version;
255 STACK_OF(SXNETID) *ids;
256} SXNET;
257
258typedef struct NOTICEREF_st {
259 ASN1_STRING *organization;
260 STACK_OF(ASN1_INTEGER) *noticenos;
261} NOTICEREF;
262
263typedef struct USERNOTICE_st {
264 NOTICEREF *noticeref;
265 ASN1_STRING *exptext;
266} USERNOTICE;
267
268typedef struct POLICYQUALINFO_st {
269 ASN1_OBJECT *pqualid;
270 union {
271 ASN1_IA5STRING *cpsuri;
272 USERNOTICE *usernotice;
273 ASN1_TYPE *other;
274 } d;
275} POLICYQUALINFO;
276
277DECLARE_STACK_OF(POLICYQUALINFO)
278DECLARE_ASN1_SET_OF(POLICYQUALINFO)
279
280typedef struct POLICYINFO_st {
281 ASN1_OBJECT *policyid;
282 STACK_OF(POLICYQUALINFO) *qualifiers;
283} POLICYINFO;
284
285typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
286
287DECLARE_STACK_OF(POLICYINFO)
288DECLARE_ASN1_SET_OF(POLICYINFO)
289
290/* Proxy certificate structures, see RFC 3820 */
291typedef struct PROXY_POLICY_st
292 {
293 ASN1_OBJECT *policyLanguage;
294 ASN1_OCTET_STRING *policy;
295 } PROXY_POLICY;
296
297typedef struct PROXY_CERT_INFO_EXTENSION_st
298 {
299 ASN1_INTEGER *pcPathLengthConstraint;
300 PROXY_POLICY *proxyPolicy;
301 } PROXY_CERT_INFO_EXTENSION;
302
303DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
304DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
305
306
307#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
308",name:", val->name, ",value:", val->value);
309
310#define X509V3_set_ctx_test(ctx) \
311 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
312#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
313
314#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
315 0,0,0,0, \
316 0,0, \
317 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
318 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
319 NULL, NULL, \
320 table}
321
322#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
323 0,0,0,0, \
324 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
325 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
326 0,0,0,0, \
327 NULL}
328
329#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
330
331
332/* X509_PURPOSE stuff */
333
334#define EXFLAG_BCONS 0x1
335#define EXFLAG_KUSAGE 0x2
336#define EXFLAG_XKUSAGE 0x4
337#define EXFLAG_NSCERT 0x8
338
339#define EXFLAG_CA 0x10
340#define EXFLAG_SS 0x20
341#define EXFLAG_V1 0x40
342#define EXFLAG_INVALID 0x80
343#define EXFLAG_SET 0x100
344#define EXFLAG_CRITICAL 0x200
345#define EXFLAG_PROXY 0x400
346
347#define KU_DIGITAL_SIGNATURE 0x0080
348#define KU_NON_REPUDIATION 0x0040
349#define KU_KEY_ENCIPHERMENT 0x0020
350#define KU_DATA_ENCIPHERMENT 0x0010
351#define KU_KEY_AGREEMENT 0x0008
352#define KU_KEY_CERT_SIGN 0x0004
353#define KU_CRL_SIGN 0x0002
354#define KU_ENCIPHER_ONLY 0x0001
355#define KU_DECIPHER_ONLY 0x8000
356
357#define NS_SSL_CLIENT 0x80
358#define NS_SSL_SERVER 0x40
359#define NS_SMIME 0x20
360#define NS_OBJSIGN 0x10
361#define NS_SSL_CA 0x04
362#define NS_SMIME_CA 0x02
363#define NS_OBJSIGN_CA 0x01
364#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
365
366#define XKU_SSL_SERVER 0x1
367#define XKU_SSL_CLIENT 0x2
368#define XKU_SMIME 0x4
369#define XKU_CODE_SIGN 0x8
370#define XKU_SGC 0x10
371#define XKU_OCSP_SIGN 0x20
372#define XKU_TIMESTAMP 0x40
373#define XKU_DVCS 0x80
374
375#define X509_PURPOSE_DYNAMIC 0x1
376#define X509_PURPOSE_DYNAMIC_NAME 0x2
377
378typedef struct x509_purpose_st {
379 int purpose;
380 int trust; /* Default trust ID */
381 int flags;
382 int (*check_purpose)(const struct x509_purpose_st *,
383 const X509 *, int);
384 char *name;
385 char *sname;
386 void *usr_data;
387} X509_PURPOSE;
388
389#define X509_PURPOSE_SSL_CLIENT 1
390#define X509_PURPOSE_SSL_SERVER 2
391#define X509_PURPOSE_NS_SSL_SERVER 3
392#define X509_PURPOSE_SMIME_SIGN 4
393#define X509_PURPOSE_SMIME_ENCRYPT 5
394#define X509_PURPOSE_CRL_SIGN 6
395#define X509_PURPOSE_ANY 7
396#define X509_PURPOSE_OCSP_HELPER 8
397
398#define X509_PURPOSE_MIN 1
399#define X509_PURPOSE_MAX 8
400
401/* Flags for X509V3_EXT_print() */
402
403#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
404/* Return error for unknown extensions */
405#define X509V3_EXT_DEFAULT 0
406/* Print error for unknown extensions */
407#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
408/* ASN1 parse unknown extensions */
409#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
410/* BIO_dump unknown extensions */
411#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
412
413/* Flags for X509V3_add1_i2d */
414
415#define X509V3_ADD_OP_MASK 0xfL
416#define X509V3_ADD_DEFAULT 0L
417#define X509V3_ADD_APPEND 1L
418#define X509V3_ADD_REPLACE 2L
419#define X509V3_ADD_REPLACE_EXISTING 3L
420#define X509V3_ADD_KEEP_EXISTING 4L
421#define X509V3_ADD_DELETE 5L
422#define X509V3_ADD_SILENT 0x10
423
424DECLARE_STACK_OF(X509_PURPOSE)
425
426DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
427
428DECLARE_ASN1_FUNCTIONS(SXNET)
429DECLARE_ASN1_FUNCTIONS(SXNETID)
430
431int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
432int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);
433int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);
434
435ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
436ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
437ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
438
439DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
440
441DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
442
443DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
444
445STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
446int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
447
448DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
449
450STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
451 GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
452GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
453 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
454
455DECLARE_ASN1_FUNCTIONS(OTHERNAME)
456DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
457
458char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
459ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
460
461DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
462int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
463
464DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
465DECLARE_ASN1_FUNCTIONS(POLICYINFO)
466DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
467DECLARE_ASN1_FUNCTIONS(USERNOTICE)
468DECLARE_ASN1_FUNCTIONS(NOTICEREF)
469
470DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
471DECLARE_ASN1_FUNCTIONS(DIST_POINT)
472DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
473
474DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
475DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
476
477#ifdef HEADER_CONF_H
478GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
479void X509V3_conf_free(CONF_VALUE *val);
480
481X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
482X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
483int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
484int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
485int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
486int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
487
488X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
489X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
490int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
491int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
492int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
493
494int X509V3_add_value_bool_nf(char *name, int asn1_bool,
495 STACK_OF(CONF_VALUE) **extlist);
496int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
497int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
498void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
499void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
500#endif
501
502char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
503STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
504void X509V3_string_free(X509V3_CTX *ctx, char *str);
505void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
506void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
507 X509_REQ *req, X509_CRL *crl, int flags);
508
509int X509V3_add_value(const char *name, const char *value,
510 STACK_OF(CONF_VALUE) **extlist);
511int X509V3_add_value_uchar(const char *name, const unsigned char *value,
512 STACK_OF(CONF_VALUE) **extlist);
513int X509V3_add_value_bool(const char *name, int asn1_bool,
514 STACK_OF(CONF_VALUE) **extlist);
515int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
516 STACK_OF(CONF_VALUE) **extlist);
517char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
518ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
519char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
520char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
521int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
522int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
523int X509V3_EXT_add_alias(int nid_to, int nid_from);
524void X509V3_EXT_cleanup(void);
525
526X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
527X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
528int X509V3_add_standard_extensions(void);
529STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
530void *X509V3_EXT_d2i(X509_EXTENSION *ext);
531void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
532
533
534X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
535int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
536
537char *hex_to_string(unsigned char *buffer, long len);
538unsigned char *string_to_hex(char *str, long *len);
539int name_cmp(const char *name, const char *cmp);
540
541void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
542 int ml);
543int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
544int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
545
546int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
547
548int X509_check_ca(X509 *x);
549int X509_check_purpose(X509 *x, int id, int ca);
550int X509_supported_extension(X509_EXTENSION *ex);
551int X509_PURPOSE_set(int *p, int purpose);
552int X509_check_issued(X509 *issuer, X509 *subject);
553int X509_PURPOSE_get_count(void);
554X509_PURPOSE * X509_PURPOSE_get0(int idx);
555int X509_PURPOSE_get_by_sname(char *sname);
556int X509_PURPOSE_get_by_id(int id);
557int X509_PURPOSE_add(int id, int trust, int flags,
558 int (*ck)(const X509_PURPOSE *, const X509 *, int),
559 char *name, char *sname, void *arg);
560char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
561char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
562int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
563void X509_PURPOSE_cleanup(void);
564int X509_PURPOSE_get_id(X509_PURPOSE *);
565
566STACK *X509_get1_email(X509 *x);
567STACK *X509_REQ_get1_email(X509_REQ *x);
568void X509_email_free(STACK *sk);
569
570
571/* BEGIN ERROR CODES */
572/* The following lines are auto generated by the script mkerr.pl. Any changes
573 * made after this point may be overwritten when the script is next run.
574 */
575void ERR_load_X509V3_strings(void);
576
577/* Error codes for the X509V3 functions. */
578
579/* Function codes. */
580#define X509V3_F_COPY_EMAIL 122
581#define X509V3_F_COPY_ISSUER 123
582#define X509V3_F_DO_EXT_CONF 124
583#define X509V3_F_DO_EXT_I2D 135
584#define X509V3_F_HEX_TO_STRING 111
585#define X509V3_F_I2S_ASN1_ENUMERATED 121
586#define X509V3_F_I2S_ASN1_IA5STRING 142
587#define X509V3_F_I2S_ASN1_INTEGER 120
588#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
589#define X509V3_F_NOTICE_SECTION 132
590#define X509V3_F_NREF_NOS 133
591#define X509V3_F_POLICY_SECTION 131
592#define X509V3_F_R2I_CERTPOL 130
593#define X509V3_F_R2I_PCI 142
594#define X509V3_F_S2I_ASN1_IA5STRING 100
595#define X509V3_F_S2I_ASN1_INTEGER 108
596#define X509V3_F_S2I_ASN1_OCTET_STRING 112
597#define X509V3_F_S2I_ASN1_SKEY_ID 114
598#define X509V3_F_S2I_S2I_SKEY_ID 115
599#define X509V3_F_STRING_TO_HEX 113
600#define X509V3_F_SXNET_ADD_ASC 125
601#define X509V3_F_SXNET_ADD_ID_INTEGER 126
602#define X509V3_F_SXNET_ADD_ID_ULONG 127
603#define X509V3_F_SXNET_GET_ID_ASC 128
604#define X509V3_F_SXNET_GET_ID_ULONG 129
605#define X509V3_F_V2I_ACCESS_DESCRIPTION 139
606#define X509V3_F_V2I_ASN1_BIT_STRING 101
607#define X509V3_F_V2I_AUTHORITY_KEYID 119
608#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
609#define X509V3_F_V2I_CRLD 134
610#define X509V3_F_V2I_EXT_KU 103
611#define X509V3_F_V2I_GENERAL_NAME 117
612#define X509V3_F_V2I_GENERAL_NAMES 118
613#define X509V3_F_V3_GENERIC_EXTENSION 116
614#define X509V3_F_X509V3_ADD_I2D 140
615#define X509V3_F_X509V3_ADD_VALUE 105
616#define X509V3_F_X509V3_EXT_ADD 104
617#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
618#define X509V3_F_X509V3_EXT_CONF 107
619#define X509V3_F_X509V3_EXT_I2D 136
620#define X509V3_F_X509V3_GET_VALUE_BOOL 110
621#define X509V3_F_X509V3_PARSE_LIST 109
622#define X509V3_F_X509_PURPOSE_ADD 137
623#define X509V3_F_X509_PURPOSE_SET 141
624
625/* Reason codes. */
626#define X509V3_R_BAD_IP_ADDRESS 118
627#define X509V3_R_BAD_OBJECT 119
628#define X509V3_R_BN_DEC2BN_ERROR 100
629#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
630#define X509V3_R_DUPLICATE_ZONE_ID 133
631#define X509V3_R_ERROR_CONVERTING_ZONE 131
632#define X509V3_R_ERROR_CREATING_EXTENSION 144
633#define X509V3_R_ERROR_IN_EXTENSION 128
634#define X509V3_R_EXPECTED_A_SECTION_NAME 137
635#define X509V3_R_EXTENSION_EXISTS 145
636#define X509V3_R_EXTENSION_NAME_ERROR 115
637#define X509V3_R_EXTENSION_NOT_FOUND 102
638#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
639#define X509V3_R_EXTENSION_VALUE_ERROR 116
640#define X509V3_R_ILLEGAL_HEX_DIGIT 113
641#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 153
642#define X509V3_R_INVALID_BOOLEAN_STRING 104
643#define X509V3_R_INVALID_EXTENSION_STRING 105
644#define X509V3_R_INVALID_NAME 106
645#define X509V3_R_INVALID_NULL_ARGUMENT 107
646#define X509V3_R_INVALID_NULL_NAME 108
647#define X509V3_R_INVALID_NULL_VALUE 109
648#define X509V3_R_INVALID_NUMBER 140
649#define X509V3_R_INVALID_NUMBERS 141
650#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
651#define X509V3_R_INVALID_OPTION 138
652#define X509V3_R_INVALID_POLICY_IDENTIFIER 134
653#define X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER 147
654#define X509V3_R_INVALID_PROXY_POLICY_SETTING 151
655#define X509V3_R_INVALID_PURPOSE 146
656#define X509V3_R_INVALID_SECTION 135
657#define X509V3_R_INVALID_SYNTAX 143
658#define X509V3_R_ISSUER_DECODE_ERROR 126
659#define X509V3_R_MISSING_VALUE 124
660#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142
661#define X509V3_R_NO_CONFIG_DATABASE 136
662#define X509V3_R_NO_ISSUER_CERTIFICATE 121
663#define X509V3_R_NO_ISSUER_DETAILS 127
664#define X509V3_R_NO_POLICY_IDENTIFIER 139
665#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 148
666#define X509V3_R_NO_PUBLIC_KEY 114
667#define X509V3_R_NO_SUBJECT_DETAILS 125
668#define X509V3_R_ODD_NUMBER_OF_DIGITS 112
669#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 149
670#define X509V3_R_POLICY_PATH_LENGTH 152
671#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 150
672#define X509V3_R_POLICY_SYNTAX_NOT 154
673#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 155
674#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 156
675#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
676#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123
677#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
678#define X509V3_R_UNKNOWN_EXTENSION 129
679#define X509V3_R_UNKNOWN_EXTENSION_NAME 130
680#define X509V3_R_UNKNOWN_OPTION 120
681#define X509V3_R_UNSUPPORTED_OPTION 117
682#define X509V3_R_USER_TOO_LONG 132
683
684#ifdef __cplusplus
685}
686#endif
687#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 19:25:03 +0000