summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3/v3_utl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509v3/v3_utl.c')
-rw-r--r--src/lib/libcrypto/x509v3/v3_utl.c171
1 files changed, 144 insertions, 27 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
index 40f71c71b4..283e943e46 100644
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -65,6 +65,10 @@
65#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
66 66
67static char *strip_spaces(char *name); 67static char *strip_spaces(char *name);
68static int sk_strcmp(const char * const *a, const char * const *b);
69static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
70static void str_free(void *str);
71static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
68 72
69/* Add a CONF_VALUE name value pair to stack */ 73/* Add a CONF_VALUE name value pair to stack */
70 74
@@ -75,8 +79,8 @@ int X509V3_add_value(const char *name, const char *value,
75 char *tname = NULL, *tvalue = NULL; 79 char *tname = NULL, *tvalue = NULL;
76 if(name && !(tname = BUF_strdup(name))) goto err; 80 if(name && !(tname = BUF_strdup(name))) goto err;
77 if(value && !(tvalue = BUF_strdup(value))) goto err;; 81 if(value && !(tvalue = BUF_strdup(value))) goto err;;
78 if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err; 82 if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
79 if(!*extlist && !(*extlist = sk_CONF_VALUE_new(NULL))) goto err; 83 if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
80 vtmp->section = NULL; 84 vtmp->section = NULL;
81 vtmp->name = tname; 85 vtmp->name = tname;
82 vtmp->value = tvalue; 86 vtmp->value = tvalue;
@@ -84,9 +88,9 @@ int X509V3_add_value(const char *name, const char *value,
84 return 1; 88 return 1;
85 err: 89 err:
86 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); 90 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
87 if(vtmp) Free(vtmp); 91 if(vtmp) OPENSSL_free(vtmp);
88 if(tname) Free(tname); 92 if(tname) OPENSSL_free(tname);
89 if(tvalue) Free(tvalue); 93 if(tvalue) OPENSSL_free(tvalue);
90 return 0; 94 return 0;
91} 95}
92 96
@@ -101,10 +105,10 @@ int X509V3_add_value_uchar(const char *name, const unsigned char *value,
101void X509V3_conf_free(CONF_VALUE *conf) 105void X509V3_conf_free(CONF_VALUE *conf)
102{ 106{
103 if(!conf) return; 107 if(!conf) return;
104 if(conf->name) Free(conf->name); 108 if(conf->name) OPENSSL_free(conf->name);
105 if(conf->value) Free(conf->value); 109 if(conf->value) OPENSSL_free(conf->value);
106 if(conf->section) Free(conf->section); 110 if(conf->section) OPENSSL_free(conf->section);
107 Free((char *)conf); 111 OPENSSL_free(conf);
108} 112}
109 113
110int X509V3_add_value_bool(const char *name, int asn1_bool, 114int X509V3_add_value_bool(const char *name, int asn1_bool,
@@ -150,21 +154,40 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
150{ 154{
151 BIGNUM *bn = NULL; 155 BIGNUM *bn = NULL;
152 ASN1_INTEGER *aint; 156 ASN1_INTEGER *aint;
157 int isneg, ishex;
158 int ret;
153 bn = BN_new(); 159 bn = BN_new();
154 if(!value) { 160 if (!value) {
155 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); 161 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
156 return 0; 162 return 0;
157 } 163 }
158 if(!BN_dec2bn(&bn, value)) { 164 if (value[0] == '-') {
165 value++;
166 isneg = 1;
167 } else isneg = 0;
168
169 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
170 value += 2;
171 ishex = 1;
172 } else ishex = 0;
173
174 if (ishex) ret = BN_hex2bn(&bn, value);
175 else ret = BN_dec2bn(&bn, value);
176
177 if (!ret) {
159 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); 178 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
160 return 0; 179 return 0;
161 } 180 }
162 181
163 if(!(aint = BN_to_ASN1_INTEGER(bn, NULL))) { 182 if (isneg && BN_is_zero(bn)) isneg = 0;
183
184 aint = BN_to_ASN1_INTEGER(bn, NULL);
185 BN_free(bn);
186 if (!aint) {
164 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); 187 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
165 return 0; 188 return 0;
166 } 189 }
167 BN_free(bn); 190 if (isneg) aint->type |= V_ASN1_NEG;
168 return aint; 191 return aint;
169} 192}
170 193
@@ -176,7 +199,7 @@ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
176 if(!aint) return 1; 199 if(!aint) return 1;
177 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; 200 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
178 ret = X509V3_add_value(name, strtmp, extlist); 201 ret = X509V3_add_value(name, strtmp, extlist);
179 Free(strtmp); 202 OPENSSL_free(strtmp);
180 return ret; 203 return ret;
181} 204}
182 205
@@ -217,7 +240,7 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
217 240
218/*#define DEBUG*/ 241/*#define DEBUG*/
219 242
220STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line) 243STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
221{ 244{
222 char *p, *q, c; 245 char *p, *q, c;
223 char *ntmp, *vtmp; 246 char *ntmp, *vtmp;
@@ -246,7 +269,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
246 *p = 0; 269 *p = 0;
247 ntmp = strip_spaces(q); 270 ntmp = strip_spaces(q);
248 q = p + 1; 271 q = p + 1;
249#ifdef DEBUG 272#if 0
250 printf("%s\n", ntmp); 273 printf("%s\n", ntmp);
251#endif 274#endif
252 if(!ntmp) { 275 if(!ntmp) {
@@ -262,7 +285,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
262 state = HDR_NAME; 285 state = HDR_NAME;
263 *p = 0; 286 *p = 0;
264 vtmp = strip_spaces(q); 287 vtmp = strip_spaces(q);
265#ifdef DEBUG 288#if 0
266 printf("%s\n", ntmp); 289 printf("%s\n", ntmp);
267#endif 290#endif
268 if(!vtmp) { 291 if(!vtmp) {
@@ -279,7 +302,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
279 302
280 if(state == HDR_VALUE) { 303 if(state == HDR_VALUE) {
281 vtmp = strip_spaces(q); 304 vtmp = strip_spaces(q);
282#ifdef DEBUG 305#if 0
283 printf("%s=%s\n", ntmp, vtmp); 306 printf("%s=%s\n", ntmp, vtmp);
284#endif 307#endif
285 if(!vtmp) { 308 if(!vtmp) {
@@ -289,7 +312,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
289 X509V3_add_value(ntmp, vtmp, &values); 312 X509V3_add_value(ntmp, vtmp, &values);
290 } else { 313 } else {
291 ntmp = strip_spaces(q); 314 ntmp = strip_spaces(q);
292#ifdef DEBUG 315#if 0
293 printf("%s\n", ntmp); 316 printf("%s\n", ntmp);
294#endif 317#endif
295 if(!ntmp) { 318 if(!ntmp) {
@@ -298,11 +321,11 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
298 } 321 }
299 X509V3_add_value(ntmp, NULL, &values); 322 X509V3_add_value(ntmp, NULL, &values);
300 } 323 }
301Free(linebuf); 324OPENSSL_free(linebuf);
302return values; 325return values;
303 326
304err: 327err:
305Free(linebuf); 328OPENSSL_free(linebuf);
306sk_CONF_VALUE_pop_free(values, X509V3_conf_free); 329sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
307return NULL; 330return NULL;
308 331
@@ -325,8 +348,9 @@ static char *strip_spaces(char *name)
325 348
326/* hex string utilities */ 349/* hex string utilities */
327 350
328/* Given a buffer of length 'len' return a Malloc'ed string with its 351/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
329 * hex representation 352 * hex representation
353 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
330 */ 354 */
331 355
332char *hex_to_string(unsigned char *buffer, long len) 356char *hex_to_string(unsigned char *buffer, long len)
@@ -336,7 +360,7 @@ char *hex_to_string(unsigned char *buffer, long len)
336 int i; 360 int i;
337 static char hexdig[] = "0123456789ABCDEF"; 361 static char hexdig[] = "0123456789ABCDEF";
338 if(!buffer || !len) return NULL; 362 if(!buffer || !len) return NULL;
339 if(!(tmp = Malloc(len * 3 + 1))) { 363 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
340 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); 364 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
341 return NULL; 365 return NULL;
342 } 366 }
@@ -347,6 +371,10 @@ char *hex_to_string(unsigned char *buffer, long len)
347 *q++ = ':'; 371 *q++ = ':';
348 } 372 }
349 q[-1] = 0; 373 q[-1] = 0;
374#ifdef CHARSET_EBCDIC
375 ebcdic2ascii(tmp, tmp, q - tmp - 1);
376#endif
377
350 return tmp; 378 return tmp;
351} 379}
352 380
@@ -362,14 +390,20 @@ unsigned char *string_to_hex(char *str, long *len)
362 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); 390 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
363 return NULL; 391 return NULL;
364 } 392 }
365 if(!(hexbuf = Malloc(strlen(str) >> 1))) goto err; 393 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
366 for(p = (unsigned char *)str, q = hexbuf; *p;) { 394 for(p = (unsigned char *)str, q = hexbuf; *p;) {
367 ch = *p++; 395 ch = *p++;
396#ifdef CHARSET_EBCDIC
397 ch = os_toebcdic[ch];
398#endif
368 if(ch == ':') continue; 399 if(ch == ':') continue;
369 cl = *p++; 400 cl = *p++;
401#ifdef CHARSET_EBCDIC
402 cl = os_toebcdic[cl];
403#endif
370 if(!cl) { 404 if(!cl) {
371 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); 405 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
372 Free(hexbuf); 406 OPENSSL_free(hexbuf);
373 return NULL; 407 return NULL;
374 } 408 }
375 if(isupper(ch)) ch = tolower(ch); 409 if(isupper(ch)) ch = tolower(ch);
@@ -391,12 +425,12 @@ unsigned char *string_to_hex(char *str, long *len)
391 return hexbuf; 425 return hexbuf;
392 426
393 err: 427 err:
394 if(hexbuf) Free(hexbuf); 428 if(hexbuf) OPENSSL_free(hexbuf);
395 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); 429 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
396 return NULL; 430 return NULL;
397 431
398 badhex: 432 badhex:
399 Free(hexbuf); 433 OPENSSL_free(hexbuf);
400 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); 434 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
401 return NULL; 435 return NULL;
402 436
@@ -416,3 +450,86 @@ int name_cmp(const char *name, const char *cmp)
416 if(!c || (c=='.')) return 0; 450 if(!c || (c=='.')) return 0;
417 return 1; 451 return 1;
418} 452}
453
454static int sk_strcmp(const char * const *a, const char * const *b)
455{
456 return strcmp(*a, *b);
457}
458
459STACK *X509_get1_email(X509 *x)
460{
461 GENERAL_NAMES *gens;
462 STACK *ret;
463 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
464 ret = get_email(X509_get_subject_name(x), gens);
465 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
466 return ret;
467}
468
469STACK *X509_REQ_get1_email(X509_REQ *x)
470{
471 GENERAL_NAMES *gens;
472 STACK_OF(X509_EXTENSION) *exts;
473 STACK *ret;
474 exts = X509_REQ_get_extensions(x);
475 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
476 ret = get_email(X509_REQ_get_subject_name(x), gens);
477 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
478 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
479 return ret;
480}
481
482
483static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
484{
485 STACK *ret = NULL;
486 X509_NAME_ENTRY *ne;
487 ASN1_IA5STRING *email;
488 GENERAL_NAME *gen;
489 int i;
490 /* Now add any email address(es) to STACK */
491 i = -1;
492 /* First supplied X509_NAME */
493 while((i = X509_NAME_get_index_by_NID(name,
494 NID_pkcs9_emailAddress, i)) > 0) {
495 ne = X509_NAME_get_entry(name, i);
496 email = X509_NAME_ENTRY_get_data(ne);
497 if(!append_ia5(&ret, email)) return NULL;
498 }
499 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
500 {
501 gen = sk_GENERAL_NAME_value(gens, i);
502 if(gen->type != GEN_EMAIL) continue;
503 if(!append_ia5(&ret, gen->d.ia5)) return NULL;
504 }
505 return ret;
506}
507
508static void str_free(void *str)
509{
510 OPENSSL_free(str);
511}
512
513static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
514{
515 char *emtmp;
516 /* First some sanity checks */
517 if(email->type != V_ASN1_IA5STRING) return 1;
518 if(!email->data || !email->length) return 1;
519 if(!*sk) *sk = sk_new(sk_strcmp);
520 if(!*sk) return 0;
521 /* Don't add duplicates */
522 if(sk_find(*sk, (char *)email->data) != -1) return 1;
523 emtmp = BUF_strdup((char *)email->data);
524 if(!emtmp || !sk_push(*sk, emtmp)) {
525 X509_email_free(*sk);
526 *sk = NULL;
527 return 0;
528 }
529 return 1;
530}
531
532void X509_email_free(STACK *sk)
533{
534 sk_pop_free(sk, str_free);
535}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-30 08:18:07 +0000