1 files changed, 0 insertions, 431 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
deleted file mode 100644
index 867525f336..0000000000
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ /dev/null
@@ -1,431 +0,0 @@
-/* v3_cpols.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-/* Certificate policies extension support: this one is a bit complex... */
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
-static void print_notice(BIO *out, USERNOTICE *notice, int indent);
-static POLICYINFO *policy_section(X509V3_CTX *ctx,
-                                 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
-                                        STACK_OF(CONF_VALUE) *unot, int ia5org);
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
-X509V3_EXT_METHOD v3_cpols = {
-NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
-0,0,0,0,
-0,0,
-0,0,
-(X509V3_EXT_I2R)i2r_certpol,
-(X509V3_EXT_R2I)r2i_certpol,
-NULL
-};
-ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
-ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
-IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
-ASN1_SEQUENCE(POLICYINFO) = {
-        ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
-        ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
-} ASN1_SEQUENCE_END(POLICYINFO)
-IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
-ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
-ASN1_ADB(POLICYQUALINFO) = {
-        ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
-        ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
-} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
-ASN1_SEQUENCE(POLICYQUALINFO) = {
-        ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
-        ASN1_ADB_OBJECT(POLICYQUALINFO)
-} ASN1_SEQUENCE_END(POLICYQUALINFO)
-IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
-ASN1_SEQUENCE(USERNOTICE) = {
-        ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
-        ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
-} ASN1_SEQUENCE_END(USERNOTICE)
-IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
-ASN1_SEQUENCE(NOTICEREF) = {
-        ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
-        ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(NOTICEREF)
-IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
-                X509V3_CTX *ctx, char *value)
-{
-        STACK_OF(POLICYINFO) *pols = NULL;
-        char *pstr;
-        POLICYINFO *pol;
-        ASN1_OBJECT *pobj;
-        STACK_OF(CONF_VALUE) *vals;
-        CONF_VALUE *cnf;
-        int i, ia5org;
-        pols = sk_POLICYINFO_new_null();
-        if (pols == NULL) {
-                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        vals =  X509V3_parse_list(value);
-        if (vals == NULL) {
-                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
-                goto err;
-        }
-        ia5org = 0;
-        for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
-                cnf = sk_CONF_VALUE_value(vals, i);
-                if(cnf->value || !cnf->name ) {
-                        X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-                pstr = cnf->name;
-                if(!strcmp(pstr,"ia5org")) {
-                        ia5org = 1;
-                        continue;
-                } else if(*pstr == '@') {
-                        STACK_OF(CONF_VALUE) *polsect;
-                        polsect = X509V3_get_section(ctx, pstr + 1);
-                        if(!polsect) {
-                                X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        pol = policy_section(ctx, polsect, ia5org);
-                        X509V3_section_free(ctx, polsect);
-                        if(!pol) goto err;
-                } else {
-                        if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
-                                X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        pol = POLICYINFO_new();
-                        pol->policyid = pobj;
-                }
-                sk_POLICYINFO_push(pols, pol);
-        }
-        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-        return pols;
-        err:
-        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-        sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
-        return NULL;
-}
-static POLICYINFO *policy_section(X509V3_CTX *ctx,
-                                STACK_OF(CONF_VALUE) *polstrs, int ia5org)
-{
-        int i;
-        CONF_VALUE *cnf;
-        POLICYINFO *pol;
-        POLICYQUALINFO *qual;
-        if(!(pol = POLICYINFO_new())) goto merr;
-        for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
-                cnf = sk_CONF_VALUE_value(polstrs, i);
-                if(!strcmp(cnf->name, "policyIdentifier")) {
-                        ASN1_OBJECT *pobj;
-                        if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
-                                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        pol->policyid = pobj;
-                } else if(!name_cmp(cnf->name, "CPS")) {
-                        if(!pol->qualifiers) pol->qualifiers =
-                                                 sk_POLICYQUALINFO_new_null();
-                        if(!(qual = POLICYQUALINFO_new())) goto merr;
-                        if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
-                                                                 goto merr;
-                        qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
-                        qual->d.cpsuri = M_ASN1_IA5STRING_new();
-                        if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
-                                                 strlen(cnf->value))) goto merr;
-                } else if(!name_cmp(cnf->name, "userNotice")) {
-                        STACK_OF(CONF_VALUE) *unot;
-                        if(*cnf->value != '@') {
-                                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        unot = X509V3_get_section(ctx, cnf->value + 1);
-                        if(!unot) {
-                                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        qual = notice_section(ctx, unot, ia5org);
-                        X509V3_section_free(ctx, unot);
-                        if(!qual) goto err;
-                        if(!pol->qualifiers) pol->qualifiers =
-                                                 sk_POLICYQUALINFO_new_null();
-                        if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
-                                                                 goto merr;
-                } else {
-                        X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-        }
-        if(!pol->policyid) {
-                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
-                goto err;
-        }
-        return pol;
-        merr:
-        X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
-        err:
-        POLICYINFO_free(pol);
-        return NULL;
-        
-        
-}
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
-                                        STACK_OF(CONF_VALUE) *unot, int ia5org)
-{
-        int i, ret;
-        CONF_VALUE *cnf;
-        USERNOTICE *not;
-        POLICYQUALINFO *qual;
-        if(!(qual = POLICYQUALINFO_new())) goto merr;
-        qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
-        if(!(not = USERNOTICE_new())) goto merr;
-        qual->d.usernotice = not;
-        for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
-                cnf = sk_CONF_VALUE_value(unot, i);
-                if(!strcmp(cnf->name, "explicitText")) {
-                        not->exptext = M_ASN1_VISIBLESTRING_new();
-                        if(!ASN1_STRING_set(not->exptext, cnf->value,
-                                                 strlen(cnf->value))) goto merr;
-                } else if(!strcmp(cnf->name, "organization")) {
-                        NOTICEREF *nref;
-                        if(!not->noticeref) {
-                                if(!(nref = NOTICEREF_new())) goto merr;
-                                not->noticeref = nref;
-                        } else nref = not->noticeref;
-                        if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
-                        else nref->organization->type = V_ASN1_VISIBLESTRING;
-                        if(!ASN1_STRING_set(nref->organization, cnf->value,
-                                                 strlen(cnf->value))) goto merr;
-                } else if(!strcmp(cnf->name, "noticeNumbers")) {
-                        NOTICEREF *nref;
-                        STACK_OF(CONF_VALUE) *nos;
-                        if(!not->noticeref) {
-                                if(!(nref = NOTICEREF_new())) goto merr;
-                                not->noticeref = nref;
-                        } else nref = not->noticeref;
-                        nos = X509V3_parse_list(cnf->value);
-                        if(!nos || !sk_CONF_VALUE_num(nos)) {
-                                X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        ret = nref_nos(nref->noticenos, nos);
-                        sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
-                        if (!ret)
-                                goto err;
-                } else {
-                        X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-        }
-        if(not->noticeref && 
-              (!not->noticeref->noticenos || !not->noticeref->organization)) {
-                        X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
-                        goto err;
-        }
-        return qual;
-        merr:
-        X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
-        err:
-        POLICYQUALINFO_free(qual);
-        return NULL;
-}
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
-{
-        CONF_VALUE *cnf;
-        ASN1_INTEGER *aint;
-        int i;
-        for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
-                cnf = sk_CONF_VALUE_value(nos, i);
-                if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
-                        X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
-                        goto err;
-                }
-                if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
-        }
-        return 1;
-        merr:
-        X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
-        err:
-        sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
-        return 0;
-}
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
-                BIO *out, int indent)
-{
-        int i;
-        POLICYINFO *pinfo;
-        /* First print out the policy OIDs */
-        for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
-                pinfo = sk_POLICYINFO_value(pol, i);
-                BIO_printf(out, "%*sPolicy: ", indent, "");
-                i2a_ASN1_OBJECT(out, pinfo->policyid);
-                BIO_puts(out, "\n");
-                if(pinfo->qualifiers)
-                         print_qualifiers(out, pinfo->qualifiers, indent + 2);
-        }
-        return 1;
-}
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
-                int indent)
-{
-        POLICYQUALINFO *qualinfo;
-        int i;
-        for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
-                qualinfo = sk_POLICYQUALINFO_value(quals, i);
-                switch(OBJ_obj2nid(qualinfo->pqualid))
-                {
-                        case NID_id_qt_cps:
-                        BIO_printf(out, "%*sCPS: %s\n", indent, "",
-                                                qualinfo->d.cpsuri->data);
-                        break;
-                
-                        case NID_id_qt_unotice:
-                        BIO_printf(out, "%*sUser Notice:\n", indent, "");
-                        print_notice(out, qualinfo->d.usernotice, indent + 2);
-                        break;
-                        default:
-                        BIO_printf(out, "%*sUnknown Qualifier: ",
-                                                         indent + 2, "");
-                        
-                        i2a_ASN1_OBJECT(out, qualinfo->pqualid);
-                        BIO_puts(out, "\n");
-                        break;
-                }
-        }
-}
-static void print_notice(BIO *out, USERNOTICE *notice, int indent)
-{
-        int i;
-        if(notice->noticeref) {
-                NOTICEREF *ref;
-                ref = notice->noticeref;
-                BIO_printf(out, "%*sOrganization: %s\n", indent, "",
-                                                 ref->organization->data);
-                BIO_printf(out, "%*sNumber%s: ", indent, "",
-                           sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
-                for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
-                        ASN1_INTEGER *num;
-                        char *tmp;
-                        num = sk_ASN1_INTEGER_value(ref->noticenos, i);
-                        if(i) BIO_puts(out, ", ");
-                        tmp = i2s_ASN1_INTEGER(NULL, num);
-                        BIO_puts(out, tmp);
-                        OPENSSL_free(tmp);
-                }
-                BIO_puts(out, "\n");
-        }
-        if(notice->exptext)
-                BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
-                                                         notice->exptext->data);
-}

diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c deleted file mode 100644 index 867525f336..0000000000 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ /dev/null
@@ -1,431 +0,0 @@
1	/* v3_cpols.c */
2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3	* project 1999.
4	*/
5	/* ====================================================================
6	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <stdio.h>
60	#include "cryptlib.h"
61	#include <openssl/conf.h>
62	#include <openssl/asn1.h>
63	#include <openssl/asn1t.h>
64	#include <openssl/x509v3.h>
65
66	/* Certificate policies extension support: this one is a bit complex... */
67
68	static int i2r_certpol(X509V3_EXT_METHOD method, STACK_OF(POLICYINFO) pol, BIO *out, int indent);
69	static STACK_OF(POLICYINFO) r2i_certpol(X509V3_EXT_METHOD method, X509V3_CTX ctx, char value);
70	static void print_qualifiers(BIO out, STACK_OF(POLICYQUALINFO) quals, int indent);
71	static void print_notice(BIO out, USERNOTICE notice, int indent);
72	static POLICYINFO policy_section(X509V3_CTX ctx,
73	STACK_OF(CONF_VALUE) *polstrs, int ia5org);
74	static POLICYQUALINFO notice_section(X509V3_CTX ctx,
75	STACK_OF(CONF_VALUE) *unot, int ia5org);
76	static int nref_nos(STACK_OF(ASN1_INTEGER) nnums, STACK_OF(CONF_VALUE) nos);
77
78	X509V3_EXT_METHOD v3_cpols = {
79	NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
80	0,0,0,0,
81	0,0,
82	0,0,
83	(X509V3_EXT_I2R)i2r_certpol,
84	(X509V3_EXT_R2I)r2i_certpol,
85	NULL
86	};
87
88	ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
89	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
90	ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
91
92	IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
93
94	ASN1_SEQUENCE(POLICYINFO) = {
95	ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
96	ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
97	} ASN1_SEQUENCE_END(POLICYINFO)
98
99	IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
100
101	ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
102
103	ASN1_ADB(POLICYQUALINFO) = {
104	ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
105	ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
106	} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
107
108	ASN1_SEQUENCE(POLICYQUALINFO) = {
109	ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
110	ASN1_ADB_OBJECT(POLICYQUALINFO)
111	} ASN1_SEQUENCE_END(POLICYQUALINFO)
112
113	IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
114
115	ASN1_SEQUENCE(USERNOTICE) = {
116	ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
117	ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
118	} ASN1_SEQUENCE_END(USERNOTICE)
119
120	IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
121
122	ASN1_SEQUENCE(NOTICEREF) = {
123	ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
124	ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
125	} ASN1_SEQUENCE_END(NOTICEREF)
126
127	IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
128
129	static STACK_OF(POLICYINFO) r2i_certpol(X509V3_EXT_METHOD method,
130	X509V3_CTX ctx, char value)
131	{
132	STACK_OF(POLICYINFO) *pols = NULL;
133	char *pstr;
134	POLICYINFO *pol;
135	ASN1_OBJECT *pobj;
136	STACK_OF(CONF_VALUE) *vals;
137	CONF_VALUE *cnf;
138	int i, ia5org;
139	pols = sk_POLICYINFO_new_null();
140	if (pols == NULL) {
141	X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
142	return NULL;
143	}
144	vals = X509V3_parse_list(value);
145	if (vals == NULL) {
146	X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
147	goto err;
148	}
149	ia5org = 0;
150	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
151	cnf = sk_CONF_VALUE_value(vals, i);
152	if(cnf->value \|\| !cnf->name ) {
153	X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
154	X509V3_conf_err(cnf);
155	goto err;
156	}
157	pstr = cnf->name;
158	if(!strcmp(pstr,"ia5org")) {
159	ia5org = 1;
160	continue;
161	} else if(*pstr == '@') {
162	STACK_OF(CONF_VALUE) *polsect;
163	polsect = X509V3_get_section(ctx, pstr + 1);
164	if(!polsect) {
165	X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
166
167	X509V3_conf_err(cnf);
168	goto err;
169	}
170	pol = policy_section(ctx, polsect, ia5org);
171	X509V3_section_free(ctx, polsect);
172	if(!pol) goto err;
173	} else {
174	if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
175	X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
176	X509V3_conf_err(cnf);
177	goto err;
178	}
179	pol = POLICYINFO_new();
180	pol->policyid = pobj;
181	}
182	sk_POLICYINFO_push(pols, pol);
183	}
184	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
185	return pols;
186	err:
187	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
188	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
189	return NULL;
190	}
191
192	static POLICYINFO policy_section(X509V3_CTX ctx,
193	STACK_OF(CONF_VALUE) *polstrs, int ia5org)
194	{
195	int i;
196	CONF_VALUE *cnf;
197	POLICYINFO *pol;
198	POLICYQUALINFO *qual;
199	if(!(pol = POLICYINFO_new())) goto merr;
200	for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
201	cnf = sk_CONF_VALUE_value(polstrs, i);
202	if(!strcmp(cnf->name, "policyIdentifier")) {
203	ASN1_OBJECT *pobj;
204	if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
205	X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
206	X509V3_conf_err(cnf);
207	goto err;
208	}
209	pol->policyid = pobj;
210
211	} else if(!name_cmp(cnf->name, "CPS")) {
212	if(!pol->qualifiers) pol->qualifiers =
213	sk_POLICYQUALINFO_new_null();
214	if(!(qual = POLICYQUALINFO_new())) goto merr;
215	if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
216	goto merr;
217	qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
218	qual->d.cpsuri = M_ASN1_IA5STRING_new();
219	if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
220	strlen(cnf->value))) goto merr;
221	} else if(!name_cmp(cnf->name, "userNotice")) {
222	STACK_OF(CONF_VALUE) *unot;
223	if(*cnf->value != '@') {
224	X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
225	X509V3_conf_err(cnf);
226	goto err;
227	}
228	unot = X509V3_get_section(ctx, cnf->value + 1);
229	if(!unot) {
230	X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
231
232	X509V3_conf_err(cnf);
233	goto err;
234	}
235	qual = notice_section(ctx, unot, ia5org);
236	X509V3_section_free(ctx, unot);
237	if(!qual) goto err;
238	if(!pol->qualifiers) pol->qualifiers =
239	sk_POLICYQUALINFO_new_null();
240	if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
241	goto merr;
242	} else {
243	X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
244
245	X509V3_conf_err(cnf);
246	goto err;
247	}
248	}
249	if(!pol->policyid) {
250	X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
251	goto err;
252	}
253
254	return pol;
255
256	merr:
257	X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
258
259	err:
260	POLICYINFO_free(pol);
261	return NULL;
262
263
264	}
265
266	static POLICYQUALINFO notice_section(X509V3_CTX ctx,
267	STACK_OF(CONF_VALUE) *unot, int ia5org)
268	{
269	int i, ret;
270	CONF_VALUE *cnf;
271	USERNOTICE *not;
272	POLICYQUALINFO *qual;
273	if(!(qual = POLICYQUALINFO_new())) goto merr;
274	qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
275	if(!(not = USERNOTICE_new())) goto merr;
276	qual->d.usernotice = not;
277	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
278	cnf = sk_CONF_VALUE_value(unot, i);
279	if(!strcmp(cnf->name, "explicitText")) {
280	not->exptext = M_ASN1_VISIBLESTRING_new();
281	if(!ASN1_STRING_set(not->exptext, cnf->value,
282	strlen(cnf->value))) goto merr;
283	} else if(!strcmp(cnf->name, "organization")) {
284	NOTICEREF *nref;
285	if(!not->noticeref) {
286	if(!(nref = NOTICEREF_new())) goto merr;
287	not->noticeref = nref;
288	} else nref = not->noticeref;
289	if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
290	else nref->organization->type = V_ASN1_VISIBLESTRING;
291	if(!ASN1_STRING_set(nref->organization, cnf->value,
292	strlen(cnf->value))) goto merr;
293	} else if(!strcmp(cnf->name, "noticeNumbers")) {
294	NOTICEREF *nref;
295	STACK_OF(CONF_VALUE) *nos;
296	if(!not->noticeref) {
297	if(!(nref = NOTICEREF_new())) goto merr;
298	not->noticeref = nref;
299	} else nref = not->noticeref;
300	nos = X509V3_parse_list(cnf->value);
301	if(!nos \|\| !sk_CONF_VALUE_num(nos)) {
302	X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
303	X509V3_conf_err(cnf);
304	goto err;
305	}
306	ret = nref_nos(nref->noticenos, nos);
307	sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
308	if (!ret)
309	goto err;
310	} else {
311	X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
312	X509V3_conf_err(cnf);
313	goto err;
314	}
315	}
316
317	if(not->noticeref &&
318	(!not->noticeref->noticenos \|\| !not->noticeref->organization)) {
319	X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
320	goto err;
321	}
322
323	return qual;
324
325	merr:
326	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
327
328	err:
329	POLICYQUALINFO_free(qual);
330	return NULL;
331	}
332
333	static int nref_nos(STACK_OF(ASN1_INTEGER) nnums, STACK_OF(CONF_VALUE) nos)
334	{
335	CONF_VALUE *cnf;
336	ASN1_INTEGER *aint;
337
338	int i;
339
340	for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
341	cnf = sk_CONF_VALUE_value(nos, i);
342	if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
343	X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
344	goto err;
345	}
346	if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
347	}
348	return 1;
349
350	merr:
351	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
352
353	err:
354	sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
355	return 0;
356	}
357
358
359	static int i2r_certpol(X509V3_EXT_METHOD method, STACK_OF(POLICYINFO) pol,
360	BIO *out, int indent)
361	{
362	int i;
363	POLICYINFO *pinfo;
364	/* First print out the policy OIDs */
365	for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
366	pinfo = sk_POLICYINFO_value(pol, i);
367	BIO_printf(out, "%*sPolicy: ", indent, "");
368	i2a_ASN1_OBJECT(out, pinfo->policyid);
369	BIO_puts(out, "\n");
370	if(pinfo->qualifiers)
371	print_qualifiers(out, pinfo->qualifiers, indent + 2);
372	}
373	return 1;
374	}
375
376	static void print_qualifiers(BIO out, STACK_OF(POLICYQUALINFO) quals,
377	int indent)
378	{
379	POLICYQUALINFO *qualinfo;
380	int i;
381	for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
382	qualinfo = sk_POLICYQUALINFO_value(quals, i);
383	switch(OBJ_obj2nid(qualinfo->pqualid))
384	{
385	case NID_id_qt_cps:
386	BIO_printf(out, "%*sCPS: %s\n", indent, "",
387	qualinfo->d.cpsuri->data);
388	break;
389
390	case NID_id_qt_unotice:
391	BIO_printf(out, "%*sUser Notice:\n", indent, "");
392	print_notice(out, qualinfo->d.usernotice, indent + 2);
393	break;
394
395	default:
396	BIO_printf(out, "%*sUnknown Qualifier: ",
397	indent + 2, "");
398
399	i2a_ASN1_OBJECT(out, qualinfo->pqualid);
400	BIO_puts(out, "\n");
401	break;
402	}
403	}
404	}
405
406	static void print_notice(BIO out, USERNOTICE notice, int indent)
407	{
408	int i;
409	if(notice->noticeref) {
410	NOTICEREF *ref;
411	ref = notice->noticeref;
412	BIO_printf(out, "%*sOrganization: %s\n", indent, "",
413	ref->organization->data);
414	BIO_printf(out, "%*sNumber%s: ", indent, "",
415	sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
416	for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
417	ASN1_INTEGER *num;
418	char *tmp;
419	num = sk_ASN1_INTEGER_value(ref->noticenos, i);
420	if(i) BIO_puts(out, ", ");
421	tmp = i2s_ASN1_INTEGER(NULL, num);
422	BIO_puts(out, tmp);
423	OPENSSL_free(tmp);
424	}
425	BIO_puts(out, "\n");
426	}
427	if(notice->exptext)
428	BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
429	notice->exptext->data);
430	}
431