1 files changed, 535 insertions, 0 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
new file mode 100644
index 0000000000..283e943e46
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -0,0 +1,535 @@
+/* v3_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+static char *strip_spaces(char *name);
+static int sk_strcmp(const char * const *a, const char * const *b);
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
+static void str_free(void *str);
+static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
+/* Add a CONF_VALUE name value pair to stack */
+int X509V3_add_value(const char *name, const char *value,
+                                                STACK_OF(CONF_VALUE) **extlist)
+{
+        CONF_VALUE *vtmp = NULL;
+        char *tname = NULL, *tvalue = NULL;
+        if(name && !(tname = BUF_strdup(name))) goto err;
+        if(value && !(tvalue = BUF_strdup(value))) goto err;;
+        if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
+        if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
+        vtmp->section = NULL;
+        vtmp->name = tname;
+        vtmp->value = tvalue;
+        if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
+        return 1;
+        err:
+        X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
+        if(vtmp) OPENSSL_free(vtmp);
+        if(tname) OPENSSL_free(tname);
+        if(tvalue) OPENSSL_free(tvalue);
+        return 0;
+}
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                           STACK_OF(CONF_VALUE) **extlist)
+    {
+    return X509V3_add_value(name,(const char *)value,extlist);
+    }
+/* Free function for STACK_OF(CONF_VALUE) */
+void X509V3_conf_free(CONF_VALUE *conf)
+{
+        if(!conf) return;
+        if(conf->name) OPENSSL_free(conf->name);
+        if(conf->value) OPENSSL_free(conf->value);
+        if(conf->section) OPENSSL_free(conf->section);
+        OPENSSL_free(conf);
+}
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                                                STACK_OF(CONF_VALUE) **extlist)
+{
+        if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+        return X509V3_add_value(name, "FALSE", extlist);
+}
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+                                                STACK_OF(CONF_VALUE) **extlist)
+{
+        if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+        return 1;
+}
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
+{
+        BIGNUM *bntmp = NULL;
+        char *strtmp = NULL;
+        if(!a) return NULL;
+        if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
+            !(strtmp = BN_bn2dec(bntmp)) )
+                X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+        BN_free(bntmp);
+        return strtmp;
+}
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
+{
+        BIGNUM *bntmp = NULL;
+        char *strtmp = NULL;
+        if(!a) return NULL;
+        if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
+            !(strtmp = BN_bn2dec(bntmp)) )
+                X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+        BN_free(bntmp);
+        return strtmp;
+}
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
+{
+        BIGNUM *bn = NULL;
+        ASN1_INTEGER *aint;
+        int isneg, ishex;
+        int ret;
+        bn = BN_new();
+        if (!value) {
+                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
+                return 0;
+        }
+        if (value[0] == '-') {
+                value++;
+                isneg = 1;
+        } else isneg = 0;
+        if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
+                value += 2;
+                ishex = 1;
+        } else ishex = 0;
+        if (ishex) ret = BN_hex2bn(&bn, value);
+        else ret = BN_dec2bn(&bn, value);
+        if (!ret) {
+                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
+                return 0;
+        }
+        if (isneg && BN_is_zero(bn)) isneg = 0;
+        aint = BN_to_ASN1_INTEGER(bn, NULL);
+        BN_free(bn);
+        if (!aint) {
+                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+                return 0;
+        }
+        if (isneg) aint->type |= V_ASN1_NEG;
+        return aint;
+}
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+             STACK_OF(CONF_VALUE) **extlist)
+{
+        char *strtmp;
+        int ret;
+        if(!aint) return 1;
+        if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
+        ret = X509V3_add_value(name, strtmp, extlist);
+        OPENSSL_free(strtmp);
+        return ret;
+}
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
+{
+        char *btmp;
+        if(!(btmp = value->value)) goto err;
+        if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
+                 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
+                || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+                *asn1_bool = 0xff;
+                return 1;
+        } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
+                 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
+                || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+                *asn1_bool = 0;
+                return 1;
+        }
+        err:
+        X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
+        X509V3_conf_err(value);
+        return 0;
+}
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
+{
+        ASN1_INTEGER *itmp;
+        if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
+                X509V3_conf_err(value);
+                return 0;
+        }
+        *aint = itmp;
+        return 1;
+}
+#define HDR_NAME        1
+#define HDR_VALUE       2
+/*#define DEBUG*/
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
+{
+        char *p, *q, c;
+        char *ntmp, *vtmp;
+        STACK_OF(CONF_VALUE) *values = NULL;
+        char *linebuf;
+        int state;
+        /* We are going to modify the line so copy it first */
+        linebuf = BUF_strdup(line);
+        state = HDR_NAME;
+        ntmp = NULL;
+        /* Go through all characters */
+        for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+                switch(state) {
+                        case HDR_NAME:
+                        if(c == ':') {
+                                state = HDR_VALUE;
+                                *p = 0;
+                                ntmp = strip_spaces(q);
+                                if(!ntmp) {
+                                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+                                        goto err;
+                                }
+                                q = p + 1;
+                        } else if(c == ',') {
+                                *p = 0;
+                                ntmp = strip_spaces(q);
+                                q = p + 1;
+#if 0
+                                printf("%s\n", ntmp);
+#endif
+                                if(!ntmp) {
+                                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+                                        goto err;
+                                }
+                                X509V3_add_value(ntmp, NULL, &values);
+                        }
+                        break ;
+                        case HDR_VALUE:
+                        if(c == ',') {
+                                state = HDR_NAME;
+                                *p = 0;
+                                vtmp = strip_spaces(q);
+#if 0
+                                printf("%s\n", ntmp);
+#endif
+                                if(!vtmp) {
+                                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+                                        goto err;
+                                }
+                                X509V3_add_value(ntmp, vtmp, &values);
+                                ntmp = NULL;
+                                q = p + 1;
+                        }
+                }
+        }
+        if(state == HDR_VALUE) {
+                vtmp = strip_spaces(q);
+#if 0
+                printf("%s=%s\n", ntmp, vtmp);
+#endif
+                if(!vtmp) {
+                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+                        goto err;
+                }
+                X509V3_add_value(ntmp, vtmp, &values);
+        } else {
+                ntmp = strip_spaces(q);
+#if 0
+                printf("%s\n", ntmp);
+#endif
+                if(!ntmp) {
+                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+                        goto err;
+                }
+                X509V3_add_value(ntmp, NULL, &values);
+        }
+OPENSSL_free(linebuf);
+return values;
+err:
+OPENSSL_free(linebuf);
+sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
+return NULL;
+}
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(char *name)
+{
+        char *p, *q;
+        /* Skip over leading spaces */
+        p = name;
+        while(*p && isspace((unsigned char)*p)) p++;
+        if(!*p) return NULL;
+        q = p + strlen(p) - 1;
+        while((q != p) && isspace((unsigned char)*q)) q--;
+        if(p != q) q[1] = 0;
+        if(!*p) return NULL;
+        return p;
+}
+/* hex string utilities */
+/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
+ * hex representation
+ * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
+ */
+char *hex_to_string(unsigned char *buffer, long len)
+{
+        char *tmp, *q;
+        unsigned char *p;
+        int i;
+        static char hexdig[] = "0123456789ABCDEF";
+        if(!buffer || !len) return NULL;
+        if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
+                X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        q = tmp;
+        for(i = 0, p = buffer; i < len; i++,p++) {
+                *q++ = hexdig[(*p >> 4) & 0xf];
+                *q++ = hexdig[*p & 0xf];
+                *q++ = ':';
+        }
+        q[-1] = 0;
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(tmp, tmp, q - tmp - 1);
+#endif
+        return tmp;
+}
+/* Give a string of hex digits convert to
+ * a buffer
+ */
+unsigned char *string_to_hex(char *str, long *len)
+{
+        unsigned char *hexbuf, *q;
+        unsigned char ch, cl, *p;
+        if(!str) {
+                X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
+                return NULL;
+        }
+        if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
+        for(p = (unsigned char *)str, q = hexbuf; *p;) {
+                ch = *p++;
+#ifdef CHARSET_EBCDIC
+                ch = os_toebcdic[ch];
+#endif
+                if(ch == ':') continue;
+                cl = *p++;
+#ifdef CHARSET_EBCDIC
+                cl = os_toebcdic[cl];
+#endif
+                if(!cl) {
+                        X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
+                        OPENSSL_free(hexbuf);
+                        return NULL;
+                }
+                if(isupper(ch)) ch = tolower(ch);
+                if(isupper(cl)) cl = tolower(cl);
+                if((ch >= '0') && (ch <= '9')) ch -= '0';
+                else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
+                else goto badhex;
+                if((cl >= '0') && (cl <= '9')) cl -= '0';
+                else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
+                else goto badhex;
+                *q++ = (ch << 4) | cl;
+        }
+        if(len) *len = q - hexbuf;
+        return hexbuf;
+        err:
+        if(hexbuf) OPENSSL_free(hexbuf);
+        X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
+        return NULL;
+        badhex:
+        OPENSSL_free(hexbuf);
+        X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
+        return NULL;
+}
+/* V2I name comparison function: returns zero if 'name' matches
+ * cmp or cmp.*
+ */
+int name_cmp(const char *name, const char *cmp)
+{
+        int len, ret;
+        char c;
+        len = strlen(cmp);
+        if((ret = strncmp(name, cmp, len))) return ret;
+        c = name[len];
+        if(!c || (c=='.')) return 0;
+        return 1;
+}
+static int sk_strcmp(const char * const *a, const char * const *b)
+{
+        return strcmp(*a, *b);
+}
+STACK *X509_get1_email(X509 *x)
+{
+        GENERAL_NAMES *gens;
+        STACK *ret;
+        gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+        ret = get_email(X509_get_subject_name(x), gens);
+        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+        return ret;
+}
+STACK *X509_REQ_get1_email(X509_REQ *x)
+{
+        GENERAL_NAMES *gens;
+        STACK_OF(X509_EXTENSION) *exts;
+        STACK *ret;
+        exts = X509_REQ_get_extensions(x);
+        gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+        ret = get_email(X509_REQ_get_subject_name(x), gens);
+        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+        return ret;
+}
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
+{
+        STACK *ret = NULL;
+        X509_NAME_ENTRY *ne;
+        ASN1_IA5STRING *email;
+        GENERAL_NAME *gen;
+        int i;
+        /* Now add any email address(es) to STACK */
+        i = -1;
+        /* First supplied X509_NAME */
+        while((i = X509_NAME_get_index_by_NID(name,
+                                         NID_pkcs9_emailAddress, i)) > 0) {
+                ne = X509_NAME_get_entry(name, i);
+                email = X509_NAME_ENTRY_get_data(ne);
+                if(!append_ia5(&ret, email)) return NULL;
+        }
+        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+        {
+                gen = sk_GENERAL_NAME_value(gens, i);
+                if(gen->type != GEN_EMAIL) continue;
+                if(!append_ia5(&ret, gen->d.ia5)) return NULL;
+        }
+        return ret;
+}
+static void str_free(void *str)
+{
+        OPENSSL_free(str);
+}
+static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
+{
+        char *emtmp;
+        /* First some sanity checks */
+        if(email->type != V_ASN1_IA5STRING) return 1;
+        if(!email->data || !email->length) return 1;
+        if(!*sk) *sk = sk_new(sk_strcmp);
+        if(!*sk) return 0;
+        /* Don't add duplicates */
+        if(sk_find(*sk, (char *)email->data) != -1) return 1;
+        emtmp = BUF_strdup((char *)email->data);
+        if(!emtmp || !sk_push(*sk, emtmp)) {
+                X509_email_free(*sk);
+                *sk = NULL;
+                return 0;
+        }
+        return 1;
+}
+void X509_email_free(STACK *sk)
+{
+        sk_pop_free(sk, str_free);
+}

diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c new file mode 100644 index 0000000000..283e943e46 --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -0,0 +1,535 @@
	1	/* v3_utl.c */
	2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
	3	* project 1999.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58	/* X509 v3 extension utilities */
	59
	60
	61	#include <stdio.h>
	62	#include <ctype.h>
	63	#include "cryptlib.h"
	64	#include <openssl/conf.h>
	65	#include <openssl/x509v3.h>
	66
	67	static char strip_spaces(char name);
	68	static int sk_strcmp(const char * const a, const char const *b);
	69	static STACK get_email(X509_NAME name, GENERAL_NAMES *gens);
	70	static void str_free(void *str);
	71	static int append_ia5(STACK *sk, ASN1_IA5STRING email);
	72
	73	/* Add a CONF_VALUE name value pair to stack */
	74
	75	int X509V3_add_value(const char name, const char value,
	76	STACK_OF(CONF_VALUE) **extlist)
	77	{
	78	CONF_VALUE *vtmp = NULL;
	79	char tname = NULL, tvalue = NULL;
	80	if(name && !(tname = BUF_strdup(name))) goto err;
	81	if(value && !(tvalue = BUF_strdup(value))) goto err;;
	82	if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
	83	if(!extlist && !(extlist = sk_CONF_VALUE_new_null())) goto err;
	84	vtmp->section = NULL;
	85	vtmp->name = tname;
	86	vtmp->value = tvalue;
	87	if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
	88	return 1;
	89	err:
	90	X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
	91	if(vtmp) OPENSSL_free(vtmp);
	92	if(tname) OPENSSL_free(tname);
	93	if(tvalue) OPENSSL_free(tvalue);
	94	return 0;
	95	}
	96
	97	int X509V3_add_value_uchar(const char name, const unsigned char value,
	98	STACK_OF(CONF_VALUE) **extlist)
	99	{
	100	return X509V3_add_value(name,(const char *)value,extlist);
	101	}
	102
	103	/* Free function for STACK_OF(CONF_VALUE) */
	104
	105	void X509V3_conf_free(CONF_VALUE *conf)
	106	{
	107	if(!conf) return;
	108	if(conf->name) OPENSSL_free(conf->name);
	109	if(conf->value) OPENSSL_free(conf->value);
	110	if(conf->section) OPENSSL_free(conf->section);
	111	OPENSSL_free(conf);
	112	}
	113
	114	int X509V3_add_value_bool(const char *name, int asn1_bool,
	115	STACK_OF(CONF_VALUE) **extlist)
	116	{
	117	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
	118	return X509V3_add_value(name, "FALSE", extlist);
	119	}
	120
	121	int X509V3_add_value_bool_nf(char *name, int asn1_bool,
	122	STACK_OF(CONF_VALUE) **extlist)
	123	{
	124	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
	125	return 1;
	126	}
	127
	128
	129	char i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD method, ASN1_ENUMERATED *a)
	130	{
	131	BIGNUM *bntmp = NULL;
	132	char *strtmp = NULL;
	133	if(!a) return NULL;
	134	if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) \|\|
	135	!(strtmp = BN_bn2dec(bntmp)) )
	136	X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
	137	BN_free(bntmp);
	138	return strtmp;
	139	}
	140
	141	char i2s_ASN1_INTEGER(X509V3_EXT_METHOD method, ASN1_INTEGER *a)
	142	{
	143	BIGNUM *bntmp = NULL;
	144	char *strtmp = NULL;
	145	if(!a) return NULL;
	146	if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) \|\|
	147	!(strtmp = BN_bn2dec(bntmp)) )
	148	X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
	149	BN_free(bntmp);
	150	return strtmp;
	151	}
	152
	153	ASN1_INTEGER s2i_ASN1_INTEGER(X509V3_EXT_METHOD method, char *value)
	154	{
	155	BIGNUM *bn = NULL;
	156	ASN1_INTEGER *aint;
	157	int isneg, ishex;
	158	int ret;
	159	bn = BN_new();
	160	if (!value) {
	161	X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
	162	return 0;
	163	}
	164	if (value[0] == '-') {
	165	value++;
	166	isneg = 1;
	167	} else isneg = 0;
	168
	169	if (value[0] == '0' && ((value[1] == 'x') \|\| (value[1] == 'X'))) {
	170	value += 2;
	171	ishex = 1;
	172	} else ishex = 0;
	173
	174	if (ishex) ret = BN_hex2bn(&bn, value);
	175	else ret = BN_dec2bn(&bn, value);
	176
	177	if (!ret) {
	178	X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
	179	return 0;
	180	}
	181
	182	if (isneg && BN_is_zero(bn)) isneg = 0;
	183
	184	aint = BN_to_ASN1_INTEGER(bn, NULL);
	185	BN_free(bn);
	186	if (!aint) {
	187	X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
	188	return 0;
	189	}
	190	if (isneg) aint->type \|= V_ASN1_NEG;
	191	return aint;
	192	}
	193
	194	int X509V3_add_value_int(const char name, ASN1_INTEGER aint,
	195	STACK_OF(CONF_VALUE) **extlist)
	196	{
	197	char *strtmp;
	198	int ret;
	199	if(!aint) return 1;
	200	if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
	201	ret = X509V3_add_value(name, strtmp, extlist);
	202	OPENSSL_free(strtmp);
	203	return ret;
	204	}
	205
	206	int X509V3_get_value_bool(CONF_VALUE value, int asn1_bool)
	207	{
	208	char *btmp;
	209	if(!(btmp = value->value)) goto err;
	210	if(!strcmp(btmp, "TRUE") \|\| !strcmp(btmp, "true")
	211	\|\| !strcmp(btmp, "Y") \|\| !strcmp(btmp, "y")
	212	\|\| !strcmp(btmp, "YES") \|\| !strcmp(btmp, "yes")) {
	213	*asn1_bool = 0xff;
	214	return 1;
	215	} else if(!strcmp(btmp, "FALSE") \|\| !strcmp(btmp, "false")
	216	\|\| !strcmp(btmp, "N") \|\| !strcmp(btmp, "n")
	217	\|\| !strcmp(btmp, "NO") \|\| !strcmp(btmp, "no")) {
	218	*asn1_bool = 0;
	219	return 1;
	220	}
	221	err:
	222	X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
	223	X509V3_conf_err(value);
	224	return 0;
	225	}
	226
	227	int X509V3_get_value_int(CONF_VALUE value, ASN1_INTEGER *aint)
	228	{
	229	ASN1_INTEGER *itmp;
	230	if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
	231	X509V3_conf_err(value);
	232	return 0;
	233	}
	234	*aint = itmp;
	235	return 1;
	236	}
	237
	238	#define HDR_NAME 1
	239	#define HDR_VALUE 2
	240
	241	/#define DEBUG/
	242
	243	STACK_OF(CONF_VALUE) X509V3_parse_list(const char line)
	244	{
	245	char p, q, c;
	246	char ntmp, vtmp;
	247	STACK_OF(CONF_VALUE) *values = NULL;
	248	char *linebuf;
	249	int state;
	250	/* We are going to modify the line so copy it first */
	251	linebuf = BUF_strdup(line);
	252	state = HDR_NAME;
	253	ntmp = NULL;
	254	/* Go through all characters */
	255	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
	256
	257	switch(state) {
	258	case HDR_NAME:
	259	if(c == ':') {
	260	state = HDR_VALUE;
	261	*p = 0;
	262	ntmp = strip_spaces(q);
	263	if(!ntmp) {
	264	X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
	265	goto err;
	266	}
	267	q = p + 1;
	268	} else if(c == ',') {
	269	*p = 0;
	270	ntmp = strip_spaces(q);
	271	q = p + 1;
	272	#if 0
	273	printf("%s\n", ntmp);
	274	#endif
	275	if(!ntmp) {
	276	X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
	277	goto err;
	278	}
	279	X509V3_add_value(ntmp, NULL, &values);
	280	}
	281	break ;
	282
	283	case HDR_VALUE:
	284	if(c == ',') {
	285	state = HDR_NAME;
	286	*p = 0;
	287	vtmp = strip_spaces(q);
	288	#if 0
	289	printf("%s\n", ntmp);
	290	#endif
	291	if(!vtmp) {
	292	X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
	293	goto err;
	294	}
	295	X509V3_add_value(ntmp, vtmp, &values);
	296	ntmp = NULL;
	297	q = p + 1;
	298	}
	299
	300	}
	301	}
	302
	303	if(state == HDR_VALUE) {
	304	vtmp = strip_spaces(q);
	305	#if 0
	306	printf("%s=%s\n", ntmp, vtmp);
	307	#endif
	308	if(!vtmp) {
	309	X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
	310	goto err;
	311	}
	312	X509V3_add_value(ntmp, vtmp, &values);
	313	} else {
	314	ntmp = strip_spaces(q);
	315	#if 0
	316	printf("%s\n", ntmp);
	317	#endif
	318	if(!ntmp) {
	319	X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
	320	goto err;
	321	}
	322	X509V3_add_value(ntmp, NULL, &values);
	323	}
	324	OPENSSL_free(linebuf);
	325	return values;
	326
	327	err:
	328	OPENSSL_free(linebuf);
	329	sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
	330	return NULL;
	331
	332	}
	333
	334	/* Delete leading and trailing spaces from a string */
	335	static char strip_spaces(char name)
	336	{
	337	char p, q;
	338	/* Skip over leading spaces */
	339	p = name;
	340	while(p && isspace((unsigned char)p)) p++;
	341	if(!*p) return NULL;
	342	q = p + strlen(p) - 1;
	343	while((q != p) && isspace((unsigned char)*q)) q--;
	344	if(p != q) q[1] = 0;
	345	if(!*p) return NULL;
	346	return p;
	347	}
	348
	349	/* hex string utilities */
	350
	351	/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
	352	* hex representation
	353	* @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
	354	*/
	355
	356	char hex_to_string(unsigned char buffer, long len)
	357	{
	358	char tmp, q;
	359	unsigned char *p;
	360	int i;
	361	static char hexdig[] = "0123456789ABCDEF";
	362	if(!buffer \|\| !len) return NULL;
	363	if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
	364	X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
	365	return NULL;
	366	}
	367	q = tmp;
	368	for(i = 0, p = buffer; i < len; i++,p++) {
	369	q++ = hexdig[(p >> 4) & 0xf];
	370	q++ = hexdig[p & 0xf];
	371	*q++ = ':';
	372	}
	373	q[-1] = 0;
	374	#ifdef CHARSET_EBCDIC
	375	ebcdic2ascii(tmp, tmp, q - tmp - 1);
	376	#endif
	377
	378	return tmp;
	379	}
	380
	381	/* Give a string of hex digits convert to
	382	* a buffer
	383	*/
	384
	385	unsigned char string_to_hex(char str, long *len)
	386	{
	387	unsigned char hexbuf, q;
	388	unsigned char ch, cl, *p;
	389	if(!str) {
	390	X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
	391	return NULL;
	392	}
	393	if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
	394	for(p = (unsigned char )str, q = hexbuf; p;) {
	395	ch = *p++;
	396	#ifdef CHARSET_EBCDIC
	397	ch = os_toebcdic[ch];
	398	#endif
	399	if(ch == ':') continue;
	400	cl = *p++;
	401	#ifdef CHARSET_EBCDIC
	402	cl = os_toebcdic[cl];
	403	#endif
	404	if(!cl) {
	405	X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
	406	OPENSSL_free(hexbuf);
	407	return NULL;
	408	}
	409	if(isupper(ch)) ch = tolower(ch);
	410	if(isupper(cl)) cl = tolower(cl);
	411
	412	if((ch >= '0') && (ch <= '9')) ch -= '0';
	413	else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
	414	else goto badhex;
	415
	416	if((cl >= '0') && (cl <= '9')) cl -= '0';
	417	else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
	418	else goto badhex;
	419
	420	*q++ = (ch << 4) \| cl;
	421	}
	422
	423	if(len) *len = q - hexbuf;
	424
	425	return hexbuf;
	426
	427	err:
	428	if(hexbuf) OPENSSL_free(hexbuf);
	429	X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
	430	return NULL;
	431
	432	badhex:
	433	OPENSSL_free(hexbuf);
	434	X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
	435	return NULL;
	436
	437	}
	438
	439	/* V2I name comparison function: returns zero if 'name' matches
	440	* cmp or cmp.*
	441	*/
	442
	443	int name_cmp(const char name, const char cmp)
	444	{
	445	int len, ret;
	446	char c;
	447	len = strlen(cmp);
	448	if((ret = strncmp(name, cmp, len))) return ret;
	449	c = name[len];
	450	if(!c \|\| (c=='.')) return 0;
	451	return 1;
	452	}
	453
	454	static int sk_strcmp(const char * const a, const char const *b)
	455	{
	456	return strcmp(a, b);
	457	}
	458
	459	STACK X509_get1_email(X509 x)
	460	{
	461	GENERAL_NAMES *gens;
	462	STACK *ret;
	463	gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
	464	ret = get_email(X509_get_subject_name(x), gens);
	465	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
	466	return ret;
	467	}
	468
	469	STACK X509_REQ_get1_email(X509_REQ x)
	470	{
	471	GENERAL_NAMES *gens;
	472	STACK_OF(X509_EXTENSION) *exts;
	473	STACK *ret;
	474	exts = X509_REQ_get_extensions(x);
	475	gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
	476	ret = get_email(X509_REQ_get_subject_name(x), gens);
	477	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
	478	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
	479	return ret;
	480	}
	481
	482
	483	static STACK get_email(X509_NAME name, GENERAL_NAMES *gens)
	484	{
	485	STACK *ret = NULL;
	486	X509_NAME_ENTRY *ne;
	487	ASN1_IA5STRING *email;
	488	GENERAL_NAME *gen;
	489	int i;
	490	/* Now add any email address(es) to STACK */
	491	i = -1;
	492	/* First supplied X509_NAME */
	493	while((i = X509_NAME_get_index_by_NID(name,
	494	NID_pkcs9_emailAddress, i)) > 0) {
	495	ne = X509_NAME_get_entry(name, i);
	496	email = X509_NAME_ENTRY_get_data(ne);
	497	if(!append_ia5(&ret, email)) return NULL;
	498	}
	499	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
	500	{
	501	gen = sk_GENERAL_NAME_value(gens, i);
	502	if(gen->type != GEN_EMAIL) continue;
	503	if(!append_ia5(&ret, gen->d.ia5)) return NULL;
	504	}
	505	return ret;
	506	}
	507
	508	static void str_free(void *str)
	509	{
	510	OPENSSL_free(str);
	511	}
	512
	513	static int append_ia5(STACK *sk, ASN1_IA5STRING email)
	514	{
	515	char *emtmp;
	516	/* First some sanity checks */
	517	if(email->type != V_ASN1_IA5STRING) return 1;
	518	if(!email->data \|\| !email->length) return 1;
	519	if(!sk) sk = sk_new(sk_strcmp);
	520	if(!*sk) return 0;
	521	/* Don't add duplicates */
	522	if(sk_find(sk, (char )email->data) != -1) return 1;
	523	emtmp = BUF_strdup((char *)email->data);
	524	if(!emtmp \|\| !sk_push(*sk, emtmp)) {
	525	X509_email_free(*sk);
	526	*sk = NULL;
	527	return 0;
	528	}
	529	return 1;
	530	}
	531
	532	void X509_email_free(STACK *sk)
	533	{
	534	sk_pop_free(sk, str_free);
	535	}