summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3/v3_crld.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c423
1 files changed, 198 insertions, 225 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index 790a6dd032..3195655429 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -64,67 +64,64 @@
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66static void *v2i_crld(const X509V3_EXT_METHOD *method, 66static void *v2i_crld(const X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, 68static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
69 int indent); 69 int indent);
70 70
71const X509V3_EXT_METHOD v3_crld = 71const X509V3_EXT_METHOD v3_crld = {
72 {
73 NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), 72 NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
74 0,0,0,0, 73 0, 0, 0, 0,
75 0,0, 74 0, 0,
76 0, 75 0,
77 v2i_crld, 76 v2i_crld,
78 i2r_crldp,0, 77 i2r_crldp, 0,
79 NULL 78 NULL
80 }; 79};
81 80
82const X509V3_EXT_METHOD v3_freshest_crl = 81const X509V3_EXT_METHOD v3_freshest_crl = {
83 {
84 NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), 82 NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
85 0,0,0,0, 83 0, 0, 0, 0,
86 0,0, 84 0, 0,
87 0, 85 0,
88 v2i_crld, 86 v2i_crld,
89 i2r_crldp,0, 87 i2r_crldp, 0,
90 NULL 88 NULL
91 }; 89};
92 90
93static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) 91static
94 { 92STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
93{
95 STACK_OF(CONF_VALUE) *gnsect; 94 STACK_OF(CONF_VALUE) *gnsect;
96 STACK_OF(GENERAL_NAME) *gens; 95 STACK_OF(GENERAL_NAME) *gens;
96
97 if (*sect == '@') 97 if (*sect == '@')
98 gnsect = X509V3_get_section(ctx, sect + 1); 98 gnsect = X509V3_get_section(ctx, sect + 1);
99 else 99 else
100 gnsect = X509V3_parse_list(sect); 100 gnsect = X509V3_parse_list(sect);
101 if (!gnsect) 101 if (!gnsect) {
102 {
103 X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, 102 X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
104 X509V3_R_SECTION_NOT_FOUND); 103 X509V3_R_SECTION_NOT_FOUND);
105 return NULL; 104 return NULL;
106 } 105 }
107 gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); 106 gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
108 if (*sect == '@') 107 if (*sect == '@')
109 X509V3_section_free(ctx, gnsect); 108 X509V3_section_free(ctx, gnsect);
110 else 109 else
111 sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free); 110 sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
112 return gens; 111 return gens;
113 } 112}
114 113
115static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, 114static int
116 CONF_VALUE *cnf) 115set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf)
117 { 116{
118 STACK_OF(GENERAL_NAME) *fnm = NULL; 117 STACK_OF(GENERAL_NAME) *fnm = NULL;
119 STACK_OF(X509_NAME_ENTRY) *rnm = NULL; 118 STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
120 if (!strncmp(cnf->name, "fullname", 9)) 119
121 { 120 if (!strncmp(cnf->name, "fullname", 9)) {
122 fnm = gnames_from_sectname(ctx, cnf->value); 121 fnm = gnames_from_sectname(ctx, cnf->value);
123 if (!fnm) 122 if (!fnm)
124 goto err; 123 goto err;
125 } 124 } else if (!strcmp(cnf->name, "relativename")) {
126 else if (!strcmp(cnf->name, "relativename"))
127 {
128 int ret; 125 int ret;
129 STACK_OF(CONF_VALUE) *dnsect; 126 STACK_OF(CONF_VALUE) *dnsect;
130 X509_NAME *nm; 127 X509_NAME *nm;
@@ -132,12 +129,11 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
132 if (!nm) 129 if (!nm)
133 return -1; 130 return -1;
134 dnsect = X509V3_get_section(ctx, cnf->value); 131 dnsect = X509V3_get_section(ctx, cnf->value);
135 if (!dnsect) 132 if (!dnsect) {
136 {
137 X509V3err(X509V3_F_SET_DIST_POINT_NAME, 133 X509V3err(X509V3_F_SET_DIST_POINT_NAME,
138 X509V3_R_SECTION_NOT_FOUND); 134 X509V3_R_SECTION_NOT_FOUND);
139 return -1; 135 return -1;
140 } 136 }
141 ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); 137 ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
142 X509V3_section_free(ctx, dnsect); 138 X509V3_section_free(ctx, dnsect);
143 rnm = nm->entries; 139 rnm = nm->entries;
@@ -149,135 +145,126 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
149 * RDNSequence 145 * RDNSequence
150 */ 146 */
151 if (sk_X509_NAME_ENTRY_value(rnm, 147 if (sk_X509_NAME_ENTRY_value(rnm,
152 sk_X509_NAME_ENTRY_num(rnm) - 1)->set) 148 sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
153 {
154 X509V3err(X509V3_F_SET_DIST_POINT_NAME, 149 X509V3err(X509V3_F_SET_DIST_POINT_NAME,
155 X509V3_R_INVALID_MULTIPLE_RDNS); 150 X509V3_R_INVALID_MULTIPLE_RDNS);
156 goto err; 151 goto err;
157 }
158 } 152 }
159 else 153 } else
160 return 0; 154 return 0;
161 155
162 if (*pdp) 156 if (*pdp) {
163 {
164 X509V3err(X509V3_F_SET_DIST_POINT_NAME, 157 X509V3err(X509V3_F_SET_DIST_POINT_NAME,
165 X509V3_R_DISTPOINT_ALREADY_SET); 158 X509V3_R_DISTPOINT_ALREADY_SET);
166 goto err; 159 goto err;
167 } 160 }
168 161
169 *pdp = DIST_POINT_NAME_new(); 162 *pdp = DIST_POINT_NAME_new();
170 if (!*pdp) 163 if (!*pdp)
171 goto err; 164 goto err;
172 if (fnm) 165 if (fnm) {
173 {
174 (*pdp)->type = 0; 166 (*pdp)->type = 0;
175 (*pdp)->name.fullname = fnm; 167 (*pdp)->name.fullname = fnm;
176 } 168 } else {
177 else
178 {
179 (*pdp)->type = 1; 169 (*pdp)->type = 1;
180 (*pdp)->name.relativename = rnm; 170 (*pdp)->name.relativename = rnm;
181 } 171 }
182 172
183 return 1; 173 return 1;
184 174
185 err: 175err:
186 if (fnm) 176 if (fnm)
187 sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); 177 sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
188 if (rnm) 178 if (rnm)
189 sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); 179 sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
190 return -1; 180 return -1;
191 } 181}
192 182
193static const BIT_STRING_BITNAME reason_flags[] = { 183static const BIT_STRING_BITNAME reason_flags[] = {
194{0, "Unused", "unused"}, 184 {0, "Unused", "unused"},
195{1, "Key Compromise", "keyCompromise"}, 185 {1, "Key Compromise", "keyCompromise"},
196{2, "CA Compromise", "CACompromise"}, 186 {2, "CA Compromise", "CACompromise"},
197{3, "Affiliation Changed", "affiliationChanged"}, 187 {3, "Affiliation Changed", "affiliationChanged"},
198{4, "Superseded", "superseded"}, 188 {4, "Superseded", "superseded"},
199{5, "Cessation Of Operation", "cessationOfOperation"}, 189 {5, "Cessation Of Operation", "cessationOfOperation"},
200{6, "Certificate Hold", "certificateHold"}, 190 {6, "Certificate Hold", "certificateHold"},
201{7, "Privilege Withdrawn", "privilegeWithdrawn"}, 191 {7, "Privilege Withdrawn", "privilegeWithdrawn"},
202{8, "AA Compromise", "AACompromise"}, 192 {8, "AA Compromise", "AACompromise"},
203{-1, NULL, NULL} 193 {-1, NULL, NULL}
204}; 194};
205 195
206static int set_reasons(ASN1_BIT_STRING **preas, char *value) 196static int
207 { 197set_reasons(ASN1_BIT_STRING **preas, char *value)
198{
208 STACK_OF(CONF_VALUE) *rsk = NULL; 199 STACK_OF(CONF_VALUE) *rsk = NULL;
209 const BIT_STRING_BITNAME *pbn; 200 const BIT_STRING_BITNAME *pbn;
210 const char *bnam; 201 const char *bnam;
211 int i, ret = 0; 202 int i, ret = 0;
203
212 rsk = X509V3_parse_list(value); 204 rsk = X509V3_parse_list(value);
213 if (!rsk) 205 if (!rsk)
214 return 0; 206 return 0;
215 if (*preas) 207 if (*preas)
216 return 0; 208 return 0;
217 for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) 209 for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
218 {
219 bnam = sk_CONF_VALUE_value(rsk, i)->name; 210 bnam = sk_CONF_VALUE_value(rsk, i)->name;
220 if (!*preas) 211 if (!*preas) {
221 {
222 *preas = ASN1_BIT_STRING_new(); 212 *preas = ASN1_BIT_STRING_new();
223 if (!*preas) 213 if (!*preas)
224 goto err; 214 goto err;
225 } 215 }
226 for (pbn = reason_flags; pbn->lname; pbn++) 216 for (pbn = reason_flags; pbn->lname; pbn++) {
227 { 217 if (!strcmp(pbn->sname, bnam)) {
228 if (!strcmp(pbn->sname, bnam))
229 {
230 if (!ASN1_BIT_STRING_set_bit(*preas, 218 if (!ASN1_BIT_STRING_set_bit(*preas,
231 pbn->bitnum, 1)) 219 pbn->bitnum, 1))
232 goto err; 220 goto err;
233 break; 221 break;
234 }
235 } 222 }
223 }
236 if (!pbn->lname) 224 if (!pbn->lname)
237 goto err; 225 goto err;
238 } 226 }
239 ret = 1; 227 ret = 1;
240 228
241 err: 229err:
242 sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); 230 sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
243 return ret; 231 return ret;
244 } 232}
245 233
246static int print_reasons(BIO *out, const char *rname, 234static int
247 ASN1_BIT_STRING *rflags, int indent) 235print_reasons(BIO *out, const char *rname, ASN1_BIT_STRING *rflags, int indent)
248 { 236{
249 int first = 1; 237 int first = 1;
250 const BIT_STRING_BITNAME *pbn; 238 const BIT_STRING_BITNAME *pbn;
239
251 BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); 240 BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
252 for (pbn = reason_flags; pbn->lname; pbn++) 241 for (pbn = reason_flags; pbn->lname; pbn++) {
253 { 242 if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
254 if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum))
255 {
256 if (first) 243 if (first)
257 first = 0; 244 first = 0;
258 else 245 else
259 BIO_puts(out, ", "); 246 BIO_puts(out, ", ");
260 BIO_puts(out, pbn->lname); 247 BIO_puts(out, pbn->lname);
261 }
262 } 248 }
249 }
263 if (first) 250 if (first)
264 BIO_puts(out, "<EMPTY>\n"); 251 BIO_puts(out, "<EMPTY>\n");
265 else 252 else
266 BIO_puts(out, "\n"); 253 BIO_puts(out, "\n");
267 return 1; 254 return 1;
268 } 255}
269 256
270static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, 257static DIST_POINT *
271 STACK_OF(CONF_VALUE) *nval) 258crldp_from_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
272 { 259{
273 int i; 260 int i;
274 CONF_VALUE *cnf; 261 CONF_VALUE *cnf;
275 DIST_POINT *point = NULL; 262 DIST_POINT *point = NULL;
263
276 point = DIST_POINT_new(); 264 point = DIST_POINT_new();
277 if (!point) 265 if (!point)
278 goto err; 266 goto err;
279 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) 267 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
280 {
281 int ret; 268 int ret;
282 cnf = sk_CONF_VALUE_value(nval, i); 269 cnf = sk_CONF_VALUE_value(nval, i);
283 ret = set_dist_point_name(&point->distpoint, ctx, cnf); 270 ret = set_dist_point_name(&point->distpoint, ctx, cnf);
@@ -285,43 +272,42 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
285 continue; 272 continue;
286 if (ret < 0) 273 if (ret < 0)
287 goto err; 274 goto err;
288 if (!strcmp(cnf->name, "reasons")) 275 if (!strcmp(cnf->name, "reasons")) {
289 {
290 if (!set_reasons(&point->reasons, cnf->value)) 276 if (!set_reasons(&point->reasons, cnf->value))
291 goto err; 277 goto err;
292 } 278 }
293 else if (!strcmp(cnf->name, "CRLissuer")) 279 else if (!strcmp(cnf->name, "CRLissuer")) {
294 {
295 point->CRLissuer = 280 point->CRLissuer =
296 gnames_from_sectname(ctx, cnf->value); 281 gnames_from_sectname(ctx, cnf->value);
297 if (!point->CRLissuer) 282 if (!point->CRLissuer)
298 goto err; 283 goto err;
299 }
300 } 284 }
285 }
301 286
302 return point; 287 return point;
303
304 288
305 err: 289err:
306 if (point) 290 if (point)
307 DIST_POINT_free(point); 291 DIST_POINT_free(point);
308 return NULL; 292 return NULL;
309 } 293}
310 294
311static void *v2i_crld(const X509V3_EXT_METHOD *method, 295static void *
312 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 296v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
313 { 297 STACK_OF(CONF_VALUE) *nval)
298{
314 STACK_OF(DIST_POINT) *crld = NULL; 299 STACK_OF(DIST_POINT) *crld = NULL;
315 GENERAL_NAMES *gens = NULL; 300 GENERAL_NAMES *gens = NULL;
316 GENERAL_NAME *gen = NULL; 301 GENERAL_NAME *gen = NULL;
317 CONF_VALUE *cnf; 302 CONF_VALUE *cnf;
318 int i; 303 int i;
319 if(!(crld = sk_DIST_POINT_new_null())) goto merr; 304
320 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 305 if (!(crld = sk_DIST_POINT_new_null()))
306 goto merr;
307 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
321 DIST_POINT *point; 308 DIST_POINT *point;
322 cnf = sk_CONF_VALUE_value(nval, i); 309 cnf = sk_CONF_VALUE_value(nval, i);
323 if (!cnf->value) 310 if (!cnf->value) {
324 {
325 STACK_OF(CONF_VALUE) *dpsect; 311 STACK_OF(CONF_VALUE) *dpsect;
326 dpsect = X509V3_get_section(ctx, cnf->name); 312 dpsect = X509V3_get_section(ctx, cnf->name);
327 if (!dpsect) 313 if (!dpsect)
@@ -330,40 +316,36 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
330 X509V3_section_free(ctx, dpsect); 316 X509V3_section_free(ctx, dpsect);
331 if (!point) 317 if (!point)
332 goto err; 318 goto err;
333 if(!sk_DIST_POINT_push(crld, point)) 319 if (!sk_DIST_POINT_push(crld, point)) {
334 {
335 DIST_POINT_free(point); 320 DIST_POINT_free(point);
336 goto merr; 321 goto merr;
337 }
338 } 322 }
339 else 323 } else {
340 { 324 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
341 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) 325 goto err;
342 goto err; 326 if (!(gens = GENERAL_NAMES_new()))
343 if(!(gens = GENERAL_NAMES_new()))
344 goto merr; 327 goto merr;
345 if(!sk_GENERAL_NAME_push(gens, gen)) 328 if (!sk_GENERAL_NAME_push(gens, gen))
346 goto merr; 329 goto merr;
347 gen = NULL; 330 gen = NULL;
348 if(!(point = DIST_POINT_new())) 331 if (!(point = DIST_POINT_new()))
349 goto merr; 332 goto merr;
350 if(!sk_DIST_POINT_push(crld, point)) 333 if (!sk_DIST_POINT_push(crld, point)) {
351 {
352 DIST_POINT_free(point); 334 DIST_POINT_free(point);
353 goto merr; 335 goto merr;
354 } 336 }
355 if(!(point->distpoint = DIST_POINT_NAME_new())) 337 if (!(point->distpoint = DIST_POINT_NAME_new()))
356 goto merr; 338 goto merr;
357 point->distpoint->name.fullname = gens; 339 point->distpoint->name.fullname = gens;
358 point->distpoint->type = 0; 340 point->distpoint->type = 0;
359 gens = NULL; 341 gens = NULL;
360 } 342 }
361 } 343 }
362 return crld; 344 return crld;
363 345
364 merr: 346merr:
365 X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); 347 X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
366 err: 348err:
367 GENERAL_NAME_free(gen); 349 GENERAL_NAME_free(gen);
368 GENERAL_NAMES_free(gens); 350 GENERAL_NAMES_free(gens);
369 sk_DIST_POINT_pop_free(crld, DIST_POINT_free); 351 sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
@@ -373,24 +355,23 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
373IMPLEMENT_STACK_OF(DIST_POINT) 355IMPLEMENT_STACK_OF(DIST_POINT)
374IMPLEMENT_ASN1_SET_OF(DIST_POINT) 356IMPLEMENT_ASN1_SET_OF(DIST_POINT)
375 357
376static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 358static int
377 void *exarg) 359dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
378 { 360{
379 DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; 361 DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
380 362
381 switch(operation) 363 switch (operation) {
382 { 364 case ASN1_OP_NEW_POST:
383 case ASN1_OP_NEW_POST:
384 dpn->dpname = NULL; 365 dpn->dpname = NULL;
385 break; 366 break;
386 367
387 case ASN1_OP_FREE_POST: 368 case ASN1_OP_FREE_POST:
388 if (dpn->dpname) 369 if (dpn->dpname)
389 X509_NAME_free(dpn->dpname); 370 X509_NAME_free(dpn->dpname);
390 break; 371 break;
391 }
392 return 1;
393 } 372 }
373 return 1;
374}
394 375
395 376
396ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = { 377ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
@@ -409,8 +390,9 @@ ASN1_SEQUENCE(DIST_POINT) = {
409 390
410IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) 391IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
411 392
412ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 393ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
413 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) 394 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints,
395 DIST_POINT)
414ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) 396ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
415 397
416IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) 398IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
@@ -427,34 +409,34 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
427IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) 409IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
428 410
429static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, 411static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
430 int indent); 412 int indent);
431static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 413static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
432 STACK_OF(CONF_VALUE) *nval); 414 STACK_OF(CONF_VALUE) *nval);
433 415
434const X509V3_EXT_METHOD v3_idp = 416const X509V3_EXT_METHOD v3_idp = {
435 {
436 NID_issuing_distribution_point, X509V3_EXT_MULTILINE, 417 NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
437 ASN1_ITEM_ref(ISSUING_DIST_POINT), 418 ASN1_ITEM_ref(ISSUING_DIST_POINT),
438 0,0,0,0, 419 0, 0, 0, 0,
439 0,0, 420 0, 0,
440 0, 421 0,
441 v2i_idp, 422 v2i_idp,
442 i2r_idp,0, 423 i2r_idp, 0,
443 NULL 424 NULL
444 }; 425};
445 426
446static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 427static void *
447 STACK_OF(CONF_VALUE) *nval) 428v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
448 { 429 STACK_OF(CONF_VALUE) *nval)
430{
449 ISSUING_DIST_POINT *idp = NULL; 431 ISSUING_DIST_POINT *idp = NULL;
450 CONF_VALUE *cnf; 432 CONF_VALUE *cnf;
451 char *name, *val; 433 char *name, *val;
452 int i, ret; 434 int i, ret;
435
453 idp = ISSUING_DIST_POINT_new(); 436 idp = ISSUING_DIST_POINT_new();
454 if (!idp) 437 if (!idp)
455 goto merr; 438 goto merr;
456 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) 439 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
457 {
458 cnf = sk_CONF_VALUE_value(nval, i); 440 cnf = sk_CONF_VALUE_value(nval, i);
459 name = cnf->name; 441 name = cnf->name;
460 val = cnf->value; 442 val = cnf->value;
@@ -463,82 +445,75 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
463 continue; 445 continue;
464 if (ret < 0) 446 if (ret < 0)
465 goto err; 447 goto err;
466 if (!strcmp(name, "onlyuser")) 448 if (!strcmp(name, "onlyuser")) {
467 {
468 if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) 449 if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
469 goto err; 450 goto err;
470 } 451 }
471 else if (!strcmp(name, "onlyCA")) 452 else if (!strcmp(name, "onlyCA")) {
472 {
473 if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) 453 if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
474 goto err; 454 goto err;
475 } 455 }
476 else if (!strcmp(name, "onlyAA")) 456 else if (!strcmp(name, "onlyAA")) {
477 {
478 if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) 457 if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
479 goto err; 458 goto err;
480 } 459 }
481 else if (!strcmp(name, "indirectCRL")) 460 else if (!strcmp(name, "indirectCRL")) {
482 {
483 if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) 461 if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
484 goto err; 462 goto err;
485 } 463 }
486 else if (!strcmp(name, "onlysomereasons")) 464 else if (!strcmp(name, "onlysomereasons")) {
487 {
488 if (!set_reasons(&idp->onlysomereasons, val)) 465 if (!set_reasons(&idp->onlysomereasons, val))
489 goto err; 466 goto err;
490 } 467 } else {
491 else 468 X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
492 { 469 X509V3_conf_err(cnf);
493 X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); 470 goto err;
494 X509V3_conf_err(cnf);
495 goto err;
496 }
497 } 471 }
472 }
498 return idp; 473 return idp;
499 474
500 merr: 475merr:
501 X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE); 476 X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE);
502 err: 477err:
503 ISSUING_DIST_POINT_free(idp); 478 ISSUING_DIST_POINT_free(idp);
504 return NULL; 479 return NULL;
505 } 480}
506 481
507static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) 482static int
508 { 483print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
484{
509 int i; 485 int i;
510 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) 486
511 { 487 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
512 BIO_printf(out, "%*s", indent + 2, ""); 488 BIO_printf(out, "%*s", indent + 2, "");
513 GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i)); 489 GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
514 BIO_puts(out, "\n"); 490 BIO_puts(out, "\n");
515 }
516 return 1;
517 } 491 }
492 return 1;
493}
518 494
519static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) 495static int
520 { 496print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
521 if (dpn->type == 0) 497{
522 { 498 if (dpn->type == 0) {
523 BIO_printf(out, "%*sFull Name:\n", indent, ""); 499 BIO_printf(out, "%*sFull Name:\n", indent, "");
524 print_gens(out, dpn->name.fullname, indent); 500 print_gens(out, dpn->name.fullname, indent);
525 } 501 } else {
526 else
527 {
528 X509_NAME ntmp; 502 X509_NAME ntmp;
529 ntmp.entries = dpn->name.relativename; 503 ntmp.entries = dpn->name.relativename;
530 BIO_printf(out, "%*sRelative Name:\n%*s", 504 BIO_printf(out, "%*sRelative Name:\n%*s",
531 indent, "", indent + 2, ""); 505 indent, "", indent + 2, "");
532 X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE); 506 X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
533 BIO_puts(out, "\n"); 507 BIO_puts(out, "\n");
534 }
535 return 1;
536 } 508 }
509 return 1;
510}
537 511
538static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, 512static int
539 int indent) 513i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
540 { 514{
541 ISSUING_DIST_POINT *idp = pidp; 515 ISSUING_DIST_POINT *idp = pidp;
516
542 if (idp->distpoint) 517 if (idp->distpoint)
543 print_distpoint(out, idp->distpoint, indent); 518 print_distpoint(out, idp->distpoint, indent);
544 if (idp->onlyuser > 0) 519 if (idp->onlyuser > 0)
@@ -548,69 +523,67 @@ static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
548 if (idp->indirectCRL > 0) 523 if (idp->indirectCRL > 0)
549 BIO_printf(out, "%*sIndirect CRL\n", indent, ""); 524 BIO_printf(out, "%*sIndirect CRL\n", indent, "");
550 if (idp->onlysomereasons) 525 if (idp->onlysomereasons)
551 print_reasons(out, "Only Some Reasons", 526 print_reasons(out, "Only Some Reasons",
552 idp->onlysomereasons, indent); 527 idp->onlysomereasons, indent);
553 if (idp->onlyattr > 0) 528 if (idp->onlyattr > 0)
554 BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, ""); 529 BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
555 if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) 530 if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) &&
556 && (idp->indirectCRL <= 0) && !idp->onlysomereasons 531 (idp->indirectCRL <= 0) && !idp->onlysomereasons &&
557 && (idp->onlyattr <= 0)) 532 (idp->onlyattr <= 0))
558 BIO_printf(out, "%*s<EMPTY>\n", indent, ""); 533 BIO_printf(out, "%*s<EMPTY>\n", indent, "");
559 534
560 return 1; 535 return 1;
561 } 536}
562 537
563static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, 538static int
564 int indent) 539i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent)
565 { 540{
566 STACK_OF(DIST_POINT) *crld = pcrldp; 541 STACK_OF(DIST_POINT) *crld = pcrldp;
567 DIST_POINT *point; 542 DIST_POINT *point;
568 int i; 543 int i;
569 for(i = 0; i < sk_DIST_POINT_num(crld); i++) 544
570 { 545 for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
571 BIO_puts(out, "\n"); 546 BIO_puts(out, "\n");
572 point = sk_DIST_POINT_value(crld, i); 547 point = sk_DIST_POINT_value(crld, i);
573 if(point->distpoint) 548 if (point->distpoint)
574 print_distpoint(out, point->distpoint, indent); 549 print_distpoint(out, point->distpoint, indent);
575 if(point->reasons) 550 if (point->reasons)
576 print_reasons(out, "Reasons", point->reasons, 551 print_reasons(out, "Reasons", point->reasons,
577 indent); 552 indent);
578 if(point->CRLissuer) 553 if (point->CRLissuer) {
579 {
580 BIO_printf(out, "%*sCRL Issuer:\n", indent, ""); 554 BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
581 print_gens(out, point->CRLissuer, indent); 555 print_gens(out, point->CRLissuer, indent);
582 }
583 } 556 }
584 return 1;
585 } 557 }
558 return 1;
559}
586 560
587int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) 561int
588 { 562DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
563{
589 int i; 564 int i;
590 STACK_OF(X509_NAME_ENTRY) *frag; 565 STACK_OF(X509_NAME_ENTRY) *frag;
591 X509_NAME_ENTRY *ne; 566 X509_NAME_ENTRY *ne;
567
592 if (!dpn || (dpn->type != 1)) 568 if (!dpn || (dpn->type != 1))
593 return 1; 569 return 1;
594 frag = dpn->name.relativename; 570 frag = dpn->name.relativename;
595 dpn->dpname = X509_NAME_dup(iname); 571 dpn->dpname = X509_NAME_dup(iname);
596 if (!dpn->dpname) 572 if (!dpn->dpname)
597 return 0; 573 return 0;
598 for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) 574 for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) {
599 {
600 ne = sk_X509_NAME_ENTRY_value(frag, i); 575 ne = sk_X509_NAME_ENTRY_value(frag, i);
601 if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) 576 if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) {
602 {
603 X509_NAME_free(dpn->dpname); 577 X509_NAME_free(dpn->dpname);
604 dpn->dpname = NULL; 578 dpn->dpname = NULL;
605 return 0; 579 return 0;
606 }
607 } 580 }
581 }
608 /* generate cached encoding of name */ 582 /* generate cached encoding of name */
609 if (i2d_X509_NAME(dpn->dpname, NULL) < 0) 583 if (i2d_X509_NAME(dpn->dpname, NULL) < 0) {
610 {
611 X509_NAME_free(dpn->dpname); 584 X509_NAME_free(dpn->dpname);
612 dpn->dpname = NULL; 585 dpn->dpname = NULL;
613 return 0; 586 return 0;
614 }
615 return 1;
616 } 587 }
588 return 1;
589}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 13:39:22 +0000