summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/x509v3/ext_dat.h16
-rw-r--r--src/lib/libcrypto/x509v3/v3_akey.c83
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c129
-rw-r--r--src/lib/libcrypto/x509v3/v3_bcons.c58
-rw-r--r--src/lib/libcrypto/x509v3/v3_bitst.c11
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c387
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c355
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c181
-rw-r--r--src/lib/libcrypto/x509v3/v3_enum.c19
-rw-r--r--src/lib/libcrypto/x509v3/v3_extku.c132
-rw-r--r--src/lib/libcrypto/x509v3/v3_genn.c210
-rw-r--r--src/lib/libcrypto/x509v3/v3_ia5.c15
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c138
-rw-r--r--src/lib/libcrypto/x509v3/v3_int.c18
-rw-r--r--src/lib/libcrypto/x509v3/v3_lib.c190
-rw-r--r--src/lib/libcrypto/x509v3/v3_pku.c61
-rw-r--r--src/lib/libcrypto/x509v3/v3_prn.c112
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c271
-rw-r--r--src/lib/libcrypto/x509v3/v3_skey.c32
-rw-r--r--src/lib/libcrypto/x509v3/v3_sxnet.c132
-rw-r--r--src/lib/libcrypto/x509v3/v3_utl.c171
-rw-r--r--src/lib/libcrypto/x509v3/v3err.c16
-rw-r--r--src/lib/libcrypto/x509v3/x509v3.h730
23 files changed, 1969 insertions, 1498 deletions
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
index 801a585a52..586f116db5 100644
--- a/src/lib/libcrypto/x509v3/ext_dat.h
+++ b/src/lib/libcrypto/x509v3/ext_dat.h
@@ -58,9 +58,12 @@
58/* This file contains a table of "standard" extensions */ 58/* This file contains a table of "standard" extensions */
59 59
60extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; 60extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
61extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info; 61extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
62extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; 62extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
63extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; 63extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3_crld;
64extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
65extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
66extern X509V3_EXT_METHOD v3_crl_hold;
64 67
65/* This table will be searched using OBJ_bsearch so it *must* kept in 68/* This table will be searched using OBJ_bsearch so it *must* kept in
66 * order of the ext_nid values. 69 * order of the ext_nid values.
@@ -87,8 +90,17 @@ static X509V3_EXT_METHOD *standard_exts[] = {
87&v3_crld, 90&v3_crld,
88&v3_ext_ku, 91&v3_ext_ku,
89&v3_crl_reason, 92&v3_crl_reason,
93&v3_crl_invdate,
90&v3_sxnet, 94&v3_sxnet,
91&v3_info, 95&v3_info,
96&v3_ocsp_nonce,
97&v3_ocsp_crlid,
98&v3_ocsp_accresp,
99&v3_ocsp_nocheck,
100&v3_ocsp_acutoff,
101&v3_ocsp_serviceloc,
102&v3_crl_hold,
103&v3_sinfo
92}; 104};
93 105
94/* Number of standard extensions */ 106/* Number of standard extensions */
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
index 4099e6019e..97e686f97a 100644
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -60,7 +60,7 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/conf.h> 61#include <openssl/conf.h>
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h> 63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
@@ -69,72 +69,15 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); 69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
70 70
71X509V3_EXT_METHOD v3_akey_id = { 71X509V3_EXT_METHOD v3_akey_id = {
72NID_authority_key_identifier, X509V3_EXT_MULTILINE, 72NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
73(X509V3_EXT_NEW)AUTHORITY_KEYID_new, 730,0,0,0,
74(X509V3_EXT_FREE)AUTHORITY_KEYID_free, 740,0,
75(X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
76(X509V3_EXT_I2D)i2d_AUTHORITY_KEYID,
77NULL, NULL,
78(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, 75(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
79(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, 76(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
80NULL,NULL, 770,0,
81NULL 78NULL
82}; 79};
83 80
84
85int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp)
86{
87 M_ASN1_I2D_vars(a);
88
89 M_ASN1_I2D_len_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING);
90 M_ASN1_I2D_len_IMP_opt (a->issuer, i2d_GENERAL_NAMES);
91 M_ASN1_I2D_len_IMP_opt (a->serial, i2d_ASN1_INTEGER);
92
93 M_ASN1_I2D_seq_total();
94
95 M_ASN1_I2D_put_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING, 0);
96 M_ASN1_I2D_put_IMP_opt (a->issuer, i2d_GENERAL_NAMES, 1);
97 M_ASN1_I2D_put_IMP_opt (a->serial, i2d_ASN1_INTEGER, 2);
98
99 M_ASN1_I2D_finish();
100}
101
102AUTHORITY_KEYID *AUTHORITY_KEYID_new(void)
103{
104 AUTHORITY_KEYID *ret=NULL;
105 ASN1_CTX c;
106 M_ASN1_New_Malloc(ret, AUTHORITY_KEYID);
107 ret->keyid = NULL;
108 ret->issuer = NULL;
109 ret->serial = NULL;
110 return (ret);
111 M_ASN1_New_Error(ASN1_F_AUTHORITY_KEYID_NEW);
112}
113
114AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp,
115 long length)
116{
117 M_ASN1_D2I_vars(a,AUTHORITY_KEYID *,AUTHORITY_KEYID_new);
118 M_ASN1_D2I_Init();
119 M_ASN1_D2I_start_sequence();
120 M_ASN1_D2I_get_IMP_opt (ret->keyid, d2i_ASN1_OCTET_STRING, 0,
121 V_ASN1_OCTET_STRING);
122 M_ASN1_D2I_get_IMP_opt (ret->issuer, d2i_GENERAL_NAMES, 1,
123 V_ASN1_SEQUENCE);
124 M_ASN1_D2I_get_IMP_opt (ret->serial, d2i_ASN1_INTEGER, 2,
125 V_ASN1_INTEGER);
126 M_ASN1_D2I_Finish(a, AUTHORITY_KEYID_free, ASN1_F_D2I_AUTHORITY_KEYID);
127}
128
129void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
130{
131 if (a == NULL) return;
132 ASN1_OCTET_STRING_free(a->keyid);
133 sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free);
134 ASN1_INTEGER_free (a->serial);
135 Free ((char *)a);
136}
137
138static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, 81static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
139 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) 82 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
140{ 83{
@@ -142,7 +85,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
142 if(akeyid->keyid) { 85 if(akeyid->keyid) {
143 tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); 86 tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
144 X509V3_add_value("keyid", tmp, &extlist); 87 X509V3_add_value("keyid", tmp, &extlist);
145 Free(tmp); 88 OPENSSL_free(tmp);
146 } 89 }
147 if(akeyid->issuer) 90 if(akeyid->issuer)
148 extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); 91 extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
@@ -150,7 +93,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
150 tmp = hex_to_string(akeyid->serial->data, 93 tmp = hex_to_string(akeyid->serial->data,
151 akeyid->serial->length); 94 akeyid->serial->length);
152 X509V3_add_value("serial", tmp, &extlist); 95 X509V3_add_value("serial", tmp, &extlist);
153 Free(tmp); 96 OPENSSL_free(tmp);
154 } 97 }
155 return extlist; 98 return extlist;
156} 99}
@@ -171,7 +114,7 @@ int i;
171CONF_VALUE *cnf; 114CONF_VALUE *cnf;
172ASN1_OCTET_STRING *ikeyid = NULL; 115ASN1_OCTET_STRING *ikeyid = NULL;
173X509_NAME *isname = NULL; 116X509_NAME *isname = NULL;
174STACK_OF(GENERAL_NAME) * gens = NULL; 117GENERAL_NAMES * gens = NULL;
175GENERAL_NAME *gen = NULL; 118GENERAL_NAME *gen = NULL;
176ASN1_INTEGER *serial = NULL; 119ASN1_INTEGER *serial = NULL;
177X509_EXTENSION *ext; 120X509_EXTENSION *ext;
@@ -192,8 +135,6 @@ for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
192 } 135 }
193} 136}
194 137
195
196
197if(!ctx || !ctx->issuer_cert) { 138if(!ctx || !ctx->issuer_cert) {
198 if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); 139 if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
199 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); 140 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
@@ -214,7 +155,7 @@ if(keyid) {
214 155
215if((issuer && !ikeyid) || (issuer == 2)) { 156if((issuer && !ikeyid) || (issuer == 2)) {
216 isname = X509_NAME_dup(X509_get_issuer_name(cert)); 157 isname = X509_NAME_dup(X509_get_issuer_name(cert));
217 serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); 158 serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
218 if(!isname || !serial) { 159 if(!isname || !serial) {
219 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); 160 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
220 goto err; 161 goto err;
@@ -224,7 +165,7 @@ if((issuer && !ikeyid) || (issuer == 2)) {
224if(!(akeyid = AUTHORITY_KEYID_new())) goto err; 165if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
225 166
226if(isname) { 167if(isname) {
227 if(!(gens = sk_GENERAL_NAME_new(NULL)) || !(gen = GENERAL_NAME_new()) 168 if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
228 || !sk_GENERAL_NAME_push(gens, gen)) { 169 || !sk_GENERAL_NAME_push(gens, gen)) {
229 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); 170 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
230 goto err; 171 goto err;
@@ -241,8 +182,8 @@ return akeyid;
241 182
242err: 183err:
243X509_NAME_free(isname); 184X509_NAME_free(isname);
244ASN1_INTEGER_free(serial); 185M_ASN1_INTEGER_free(serial);
245ASN1_OCTET_STRING_free(ikeyid); 186M_ASN1_OCTET_STRING_free(ikeyid);
246return NULL; 187return NULL;
247 188
248} 189}
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index b5e1f8af96..0e9e7dcb4f 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -61,34 +61,28 @@
61#include <openssl/conf.h> 61#include <openssl/conf.h>
62#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
63 63
64static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 64static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
65static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 65static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens); 66static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
67static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens); 67static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
68X509V3_EXT_METHOD v3_alt[] = { 68X509V3_EXT_METHOD v3_alt[] = {
69{ NID_subject_alt_name, 0, 69{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
70(X509V3_EXT_NEW)GENERAL_NAMES_new, 700,0,0,0,
71(X509V3_EXT_FREE)GENERAL_NAMES_free, 710,0,
72(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
73(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
74NULL, NULL,
75(X509V3_EXT_I2V)i2v_GENERAL_NAMES, 72(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
76(X509V3_EXT_V2I)v2i_subject_alt, 73(X509V3_EXT_V2I)v2i_subject_alt,
77NULL, NULL, NULL}, 74NULL, NULL, NULL},
78{ NID_issuer_alt_name, 0, 75
79(X509V3_EXT_NEW)GENERAL_NAMES_new, 76{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
80(X509V3_EXT_FREE)GENERAL_NAMES_free, 770,0,0,0,
81(X509V3_EXT_D2I)d2i_GENERAL_NAMES, 780,0,
82(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
83NULL, NULL,
84(X509V3_EXT_I2V)i2v_GENERAL_NAMES, 79(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
85(X509V3_EXT_V2I)v2i_issuer_alt, 80(X509V3_EXT_V2I)v2i_issuer_alt,
86NULL, NULL, NULL}, 81NULL, NULL, NULL},
87EXT_END
88}; 82};
89 83
90STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, 84STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
91 STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret) 85 GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
92{ 86{
93 int i; 87 int i;
94 GENERAL_NAME *gen; 88 GENERAL_NAME *gen;
@@ -103,8 +97,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
103STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, 97STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
104 GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) 98 GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
105{ 99{
106 char oline[256];
107 unsigned char *p; 100 unsigned char *p;
101 char oline[256];
108 switch (gen->type) 102 switch (gen->type)
109 { 103 {
110 case GEN_OTHERNAME: 104 case GEN_OTHERNAME:
@@ -155,13 +149,66 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
155 return ret; 149 return ret;
156} 150}
157 151
158static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, 152int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
153{
154 unsigned char *p;
155 switch (gen->type)
156 {
157 case GEN_OTHERNAME:
158 BIO_printf(out, "othername:<unsupported>");
159 break;
160
161 case GEN_X400:
162 BIO_printf(out, "X400Name:<unsupported>");
163 break;
164
165 case GEN_EDIPARTY:
166 /* Maybe fix this: it is supported now */
167 BIO_printf(out, "EdiPartyName:<unsupported>");
168 break;
169
170 case GEN_EMAIL:
171 BIO_printf(out, "email:%s",gen->d.ia5->data);
172 break;
173
174 case GEN_DNS:
175 BIO_printf(out, "DNS:%s",gen->d.ia5->data);
176 break;
177
178 case GEN_URI:
179 BIO_printf(out, "URI:%s",gen->d.ia5->data);
180 break;
181
182 case GEN_DIRNAME:
183 BIO_printf(out, "DirName: ");
184 X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
185 break;
186
187 case GEN_IPADD:
188 p = gen->d.ip->data;
189 /* BUG: doesn't support IPV6 */
190 if(gen->d.ip->length != 4) {
191 BIO_printf(out,"IP Address:<invalid>");
192 break;
193 }
194 BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
195 break;
196
197 case GEN_RID:
198 BIO_printf(out, "Registered ID");
199 i2a_ASN1_OBJECT(out, gen->d.rid);
200 break;
201 }
202 return 1;
203}
204
205static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
159 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 206 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
160{ 207{
161 STACK_OF(GENERAL_NAME) *gens = NULL; 208 GENERAL_NAMES *gens = NULL;
162 CONF_VALUE *cnf; 209 CONF_VALUE *cnf;
163 int i; 210 int i;
164 if(!(gens = sk_GENERAL_NAME_new(NULL))) { 211 if(!(gens = sk_GENERAL_NAME_new_null())) {
165 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); 212 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
166 return NULL; 213 return NULL;
167 } 214 }
@@ -185,9 +232,9 @@ static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
185 232
186/* Append subject altname of issuer to issuer alt name of subject */ 233/* Append subject altname of issuer to issuer alt name of subject */
187 234
188static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) 235static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
189{ 236{
190 STACK_OF(GENERAL_NAME) *ialt; 237 GENERAL_NAMES *ialt;
191 GENERAL_NAME *gen; 238 GENERAL_NAME *gen;
192 X509_EXTENSION *ext; 239 X509_EXTENSION *ext;
193 int i; 240 int i;
@@ -220,13 +267,13 @@ static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
220 267
221} 268}
222 269
223static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, 270static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
224 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 271 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
225{ 272{
226 STACK_OF(GENERAL_NAME) *gens = NULL; 273 GENERAL_NAMES *gens = NULL;
227 CONF_VALUE *cnf; 274 CONF_VALUE *cnf;
228 int i; 275 int i;
229 if(!(gens = sk_GENERAL_NAME_new(NULL))) { 276 if(!(gens = sk_GENERAL_NAME_new_null())) {
230 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); 277 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
231 return NULL; 278 return NULL;
232 } 279 }
@@ -234,7 +281,10 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
234 cnf = sk_CONF_VALUE_value(nval, i); 281 cnf = sk_CONF_VALUE_value(nval, i);
235 if(!name_cmp(cnf->name, "email") && cnf->value && 282 if(!name_cmp(cnf->name, "email") && cnf->value &&
236 !strcmp(cnf->value, "copy")) { 283 !strcmp(cnf->value, "copy")) {
237 if(!copy_email(ctx, gens)) goto err; 284 if(!copy_email(ctx, gens, 0)) goto err;
285 } else if(!name_cmp(cnf->name, "email") && cnf->value &&
286 !strcmp(cnf->value, "move")) {
287 if(!copy_email(ctx, gens, 1)) goto err;
238 } else { 288 } else {
239 GENERAL_NAME *gen; 289 GENERAL_NAME *gen;
240 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) 290 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
@@ -252,7 +302,7 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
252 * GENERAL_NAMES 302 * GENERAL_NAMES
253 */ 303 */
254 304
255static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) 305static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
256{ 306{
257 X509_NAME *nm; 307 X509_NAME *nm;
258 ASN1_IA5STRING *email = NULL; 308 ASN1_IA5STRING *email = NULL;
@@ -271,9 +321,14 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
271 /* Now add any email address(es) to STACK */ 321 /* Now add any email address(es) to STACK */
272 i = -1; 322 i = -1;
273 while((i = X509_NAME_get_index_by_NID(nm, 323 while((i = X509_NAME_get_index_by_NID(nm,
274 NID_pkcs9_emailAddress, i)) > 0) { 324 NID_pkcs9_emailAddress, i)) >= 0) {
275 ne = X509_NAME_get_entry(nm, i); 325 ne = X509_NAME_get_entry(nm, i);
276 email = ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); 326 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
327 if (move_p)
328 {
329 X509_NAME_delete_entry(nm, i);
330 i--;
331 }
277 if(!email || !(gen = GENERAL_NAME_new())) { 332 if(!email || !(gen = GENERAL_NAME_new())) {
278 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); 333 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
279 goto err; 334 goto err;
@@ -293,19 +348,19 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
293 348
294 err: 349 err:
295 GENERAL_NAME_free(gen); 350 GENERAL_NAME_free(gen);
296 ASN1_IA5STRING_free(email); 351 M_ASN1_IA5STRING_free(email);
297 return 0; 352 return 0;
298 353
299} 354}
300 355
301STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, 356GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
302 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 357 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
303{ 358{
304 GENERAL_NAME *gen; 359 GENERAL_NAME *gen;
305 STACK_OF(GENERAL_NAME) *gens = NULL; 360 GENERAL_NAMES *gens = NULL;
306 CONF_VALUE *cnf; 361 CONF_VALUE *cnf;
307 int i; 362 int i;
308 if(!(gens = sk_GENERAL_NAME_new(NULL))) { 363 if(!(gens = sk_GENERAL_NAME_new_null())) {
309 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); 364 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
310 return NULL; 365 return NULL;
311 } 366 }
@@ -371,7 +426,7 @@ if(!name_cmp(name, "email")) {
371 goto err; 426 goto err;
372 } 427 }
373 ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; 428 ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
374 if(!(gen->d.ip = ASN1_OCTET_STRING_new()) || 429 if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
375 !ASN1_STRING_set(gen->d.ip, ip, 4)) { 430 !ASN1_STRING_set(gen->d.ip, ip, 4)) {
376 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); 431 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
377 goto err; 432 goto err;
@@ -384,7 +439,7 @@ if(!name_cmp(name, "email")) {
384} 439}
385 440
386if(is_string) { 441if(is_string) {
387 if(!(gen->d.ia5 = ASN1_IA5STRING_new()) || 442 if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
388 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, 443 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
389 strlen(value))) { 444 strlen(value))) {
390 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); 445 X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
index de2f855c35..cbb012715e 100644
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ b/src/lib/libcrypto/x509v3/v3_bcons.c
@@ -60,7 +60,7 @@
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h> 63#include <openssl/asn1t.h>
64#include <openssl/conf.h> 64#include <openssl/conf.h>
65#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
66 66
@@ -69,62 +69,22 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V
69 69
70X509V3_EXT_METHOD v3_bcons = { 70X509V3_EXT_METHOD v3_bcons = {
71NID_basic_constraints, 0, 71NID_basic_constraints, 0,
72(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new, 72ASN1_ITEM_ref(BASIC_CONSTRAINTS),
73(X509V3_EXT_FREE)BASIC_CONSTRAINTS_free, 730,0,0,0,
74(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS, 740,0,
75(X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS,
76NULL, NULL,
77(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, 75(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
78(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, 76(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
79NULL,NULL, 77NULL,NULL,
80NULL 78NULL
81}; 79};
82 80
81ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
82 ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
83 ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
84} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
83 85
84int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp) 86IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
85{
86 M_ASN1_I2D_vars(a);
87 if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
88 M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
89
90 M_ASN1_I2D_seq_total();
91
92 if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
93 M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
94 M_ASN1_I2D_finish();
95}
96
97BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void)
98{
99 BASIC_CONSTRAINTS *ret=NULL;
100 ASN1_CTX c;
101 M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
102 ret->ca = 0;
103 ret->pathlen = NULL;
104 return (ret);
105 M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
106}
107 87
108BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a,
109 unsigned char **pp, long length)
110{
111 M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
112 M_ASN1_D2I_Init();
113 M_ASN1_D2I_start_sequence();
114 if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
115 (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
116 M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
117 }
118 M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
119 M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
120}
121
122void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
123{
124 if (a == NULL) return;
125 ASN1_INTEGER_free (a->pathlen);
126 Free ((char *)a);
127}
128 88
129static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, 89static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
130 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) 90 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
index 9828ba15b3..16cf125562 100644
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ b/src/lib/libcrypto/x509v3/v3_bitst.c
@@ -61,12 +61,12 @@
61#include <openssl/conf.h> 61#include <openssl/conf.h>
62#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
63 63
64static ASN1_BIT_STRING *asn1_bit_string_new(void);
65static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 64static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
66 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 65 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
67static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 66static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
68 ASN1_BIT_STRING *bits, 67 ASN1_BIT_STRING *bits,
69 STACK_OF(CONF_VALUE) *extlist); 68 STACK_OF(CONF_VALUE) *extlist);
69
70static BIT_STRING_BITNAME ns_cert_type_table[] = { 70static BIT_STRING_BITNAME ns_cert_type_table[] = {
71{0, "SSL Client", "client"}, 71{0, "SSL Client", "client"},
72{1, "SSL Server", "server"}, 72{1, "SSL Server", "server"},
@@ -97,11 +97,6 @@ static BIT_STRING_BITNAME key_usage_type_table[] = {
97X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); 97X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
98X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); 98X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
99 99
100static ASN1_BIT_STRING *asn1_bit_string_new(void)
101{
102 return ASN1_BIT_STRING_new();
103}
104
105static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 100static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
106 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) 101 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
107{ 102{
@@ -120,7 +115,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
120 ASN1_BIT_STRING *bs; 115 ASN1_BIT_STRING *bs;
121 int i; 116 int i;
122 BIT_STRING_BITNAME *bnam; 117 BIT_STRING_BITNAME *bnam;
123 if(!(bs = ASN1_BIT_STRING_new())) { 118 if(!(bs = M_ASN1_BIT_STRING_new())) {
124 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); 119 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
125 return NULL; 120 return NULL;
126 } 121 }
@@ -137,7 +132,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
137 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, 132 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
138 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); 133 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
139 X509V3_conf_err(val); 134 X509V3_conf_err(val);
140 ASN1_BIT_STRING_free(bs); 135 M_ASN1_BIT_STRING_free(bs);
141 return NULL; 136 return NULL;
142 } 137 }
143 } 138 }
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index f19bb3ad84..1a3448e121 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -68,115 +68,138 @@
68 68
69static int v3_check_critical(char **value); 69static int v3_check_critical(char **value);
70static int v3_check_generic(char **value); 70static int v3_check_generic(char **value);
71static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); 71static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); 72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
73static char *conf_lhash_get_string(void *db, char *section, char *value); 73static char *conf_lhash_get_string(void *db, char *section, char *value);
74static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); 74static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
75static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, 75static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
76 int crit, void *ext_struc); 76 int crit, void *ext_struc);
77/* LHASH *conf: Config file */ 77/* CONF *conf: Config file */
78/* char *name: Name */ 78/* char *name: Name */
79/* char *value: Value */ 79/* char *value: Value */
80X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, 80X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
81 char *value) 81 char *value)
82{ 82 {
83 int crit; 83 int crit;
84 int ext_type; 84 int ext_type;
85 X509_EXTENSION *ret; 85 X509_EXTENSION *ret;
86 crit = v3_check_critical(&value); 86 crit = v3_check_critical(&value);
87 if((ext_type = v3_check_generic(&value))) 87 if ((ext_type = v3_check_generic(&value)))
88 return v3_generic_extension(name, value, crit, ext_type); 88 return v3_generic_extension(name, value, crit, ext_type);
89 ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value); 89 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
90 if(!ret) { 90 if (!ret)
91 {
91 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION); 92 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
92 ERR_add_error_data(4,"name=", name, ", value=", value); 93 ERR_add_error_data(4,"name=", name, ", value=", value);
93 } 94 }
94 return ret; 95 return ret;
95} 96 }
96 97
97/* LHASH *conf: Config file */ 98/* CONF *conf: Config file */
98/* char *value: Value */ 99/* char *value: Value */
99X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, 100X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
100 char *value) 101 char *value)
101{ 102 {
102 int crit; 103 int crit;
103 int ext_type; 104 int ext_type;
104 crit = v3_check_critical(&value); 105 crit = v3_check_critical(&value);
105 if((ext_type = v3_check_generic(&value))) 106 if ((ext_type = v3_check_generic(&value)))
106 return v3_generic_extension(OBJ_nid2sn(ext_nid), 107 return v3_generic_extension(OBJ_nid2sn(ext_nid),
107 value, crit, ext_type); 108 value, crit, ext_type);
108 return do_ext_conf(conf, ctx, ext_nid, crit, value); 109 return do_ext_nconf(conf, ctx, ext_nid, crit, value);
109} 110 }
110 111
111/* LHASH *conf: Config file */ 112/* CONF *conf: Config file */
112/* char *value: Value */ 113/* char *value: Value */
113static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, 114static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
114 int crit, char *value) 115 int crit, char *value)
115{ 116 {
116 X509V3_EXT_METHOD *method; 117 X509V3_EXT_METHOD *method;
117 X509_EXTENSION *ext; 118 X509_EXTENSION *ext;
118 STACK_OF(CONF_VALUE) *nval; 119 STACK_OF(CONF_VALUE) *nval;
119 void *ext_struc; 120 void *ext_struc;
120 if(ext_nid == NID_undef) { 121 if (ext_nid == NID_undef)
122 {
121 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); 123 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
122 return NULL; 124 return NULL;
123 } 125 }
124 if(!(method = X509V3_EXT_get_nid(ext_nid))) { 126 if (!(method = X509V3_EXT_get_nid(ext_nid)))
127 {
125 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); 128 X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
126 return NULL; 129 return NULL;
127 } 130 }
128 /* Now get internal extension representation based on type */ 131 /* Now get internal extension representation based on type */
129 if(method->v2i) { 132 if (method->v2i)
130 if(*value == '@') nval = CONF_get_section(conf, value + 1); 133 {
134 if(*value == '@') nval = NCONF_get_section(conf, value + 1);
131 else nval = X509V3_parse_list(value); 135 else nval = X509V3_parse_list(value);
132 if(!nval) { 136 if(!nval)
137 {
133 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); 138 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
134 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); 139 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
135 return NULL; 140 return NULL;
136 } 141 }
137 ext_struc = method->v2i(method, ctx, nval); 142 ext_struc = method->v2i(method, ctx, nval);
138 if(*value != '@') sk_CONF_VALUE_pop_free(nval, 143 if(*value != '@') sk_CONF_VALUE_pop_free(nval,
139 X509V3_conf_free); 144 X509V3_conf_free);
140 if(!ext_struc) return NULL; 145 if(!ext_struc) return NULL;
141 } else if(method->s2i) { 146 }
147 else if(method->s2i)
148 {
142 if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; 149 if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
143 } else if(method->r2i) { 150 }
144 if(!ctx->db) { 151 else if(method->r2i)
152 {
153 if(!ctx->db)
154 {
145 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); 155 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
146 return NULL; 156 return NULL;
147 } 157 }
148 if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; 158 if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
149 } else { 159 }
160 else
161 {
150 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); 162 X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
151 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); 163 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
152 return NULL; 164 return NULL;
153 } 165 }
154 166
155 ext = do_ext_i2d(method, ext_nid, crit, ext_struc); 167 ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
156 method->ext_free(ext_struc); 168 if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
169 else method->ext_free(ext_struc);
157 return ext; 170 return ext;
158 171
159} 172 }
160 173
161static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, 174static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
162 int crit, void *ext_struc) 175 int crit, void *ext_struc)
163{ 176 {
164 unsigned char *ext_der, *p; 177 unsigned char *ext_der;
165 int ext_len; 178 int ext_len;
166 ASN1_OCTET_STRING *ext_oct; 179 ASN1_OCTET_STRING *ext_oct;
167 X509_EXTENSION *ext; 180 X509_EXTENSION *ext;
168 /* Convert internal representation to DER */ 181 /* Convert internal representation to DER */
169 ext_len = method->i2d(ext_struc, NULL); 182 if (method->it)
170 if(!(ext_der = Malloc(ext_len))) goto merr; 183 {
171 p = ext_der; 184 ext_der = NULL;
172 method->i2d(ext_struc, &p); 185 ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
173 if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr; 186 if (ext_len < 0) goto merr;
187 }
188 else
189 {
190 unsigned char *p;
191 ext_len = method->i2d(ext_struc, NULL);
192 if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
193 p = ext_der;
194 method->i2d(ext_struc, &p);
195 }
196 if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
174 ext_oct->data = ext_der; 197 ext_oct->data = ext_der;
175 ext_oct->length = ext_len; 198 ext_oct->length = ext_len;
176 199
177 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); 200 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
178 if(!ext) goto merr; 201 if (!ext) goto merr;
179 ASN1_OCTET_STRING_free(ext_oct); 202 M_ASN1_OCTET_STRING_free(ext_oct);
180 203
181 return ext; 204 return ext;
182 205
@@ -184,14 +207,14 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
184 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); 207 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
185 return NULL; 208 return NULL;
186 209
187} 210 }
188 211
189/* Given an internal structure, nid and critical flag create an extension */ 212/* Given an internal structure, nid and critical flag create an extension */
190 213
191X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) 214X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
192{ 215 {
193 X509V3_EXT_METHOD *method; 216 X509V3_EXT_METHOD *method;
194 if(!(method = X509V3_EXT_get_nid(ext_nid))) { 217 if (!(method = X509V3_EXT_get_nid(ext_nid))) {
195 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); 218 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
196 return NULL; 219 return NULL;
197 } 220 }
@@ -202,7 +225,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
202static int v3_check_critical(char **value) 225static int v3_check_critical(char **value)
203{ 226{
204 char *p = *value; 227 char *p = *value;
205 if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; 228 if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
206 p+=9; 229 p+=9;
207 while(isspace((unsigned char)*p)) p++; 230 while(isspace((unsigned char)*p)) p++;
208 *value = p; 231 *value = p;
@@ -213,134 +236,212 @@ static int v3_check_critical(char **value)
213static int v3_check_generic(char **value) 236static int v3_check_generic(char **value)
214{ 237{
215 char *p = *value; 238 char *p = *value;
216 if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; 239 if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
217 p+=4; 240 p+=4;
218 while(isspace((unsigned char)*p)) p++; 241 while (isspace((unsigned char)*p)) p++;
219 *value = p; 242 *value = p;
220 return 1; 243 return 1;
221} 244}
222 245
223/* Create a generic extension: for now just handle RAW type */ 246/* Create a generic extension: for now just handle DER type */
224static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, 247static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
225 int crit, int type) 248 int crit, int type)
226{ 249 {
227unsigned char *ext_der=NULL; 250 unsigned char *ext_der=NULL;
228long ext_len; 251 long ext_len;
229ASN1_OBJECT *obj=NULL; 252 ASN1_OBJECT *obj=NULL;
230ASN1_OCTET_STRING *oct=NULL; 253 ASN1_OCTET_STRING *oct=NULL;
231X509_EXTENSION *extension=NULL; 254 X509_EXTENSION *extension=NULL;
232if(!(obj = OBJ_txt2obj(ext, 0))) { 255 if (!(obj = OBJ_txt2obj(ext, 0)))
233 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); 256 {
234 ERR_add_error_data(2, "name=", ext); 257 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
235 goto err; 258 ERR_add_error_data(2, "name=", ext);
236} 259 goto err;
260 }
237 261
238if(!(ext_der = string_to_hex(value, &ext_len))) { 262 if (!(ext_der = string_to_hex(value, &ext_len)))
239 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); 263 {
240 ERR_add_error_data(2, "value=", value); 264 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
241 goto err; 265 ERR_add_error_data(2, "value=", value);
242} 266 goto err;
267 }
243 268
244if(!(oct = ASN1_OCTET_STRING_new())) { 269 if (!(oct = M_ASN1_OCTET_STRING_new()))
245 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); 270 {
246 goto err; 271 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
247} 272 goto err;
273 }
248 274
249oct->data = ext_der; 275 oct->data = ext_der;
250oct->length = ext_len; 276 oct->length = ext_len;
251ext_der = NULL; 277 ext_der = NULL;
252 278
253extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); 279 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
254 280
255err: 281 err:
256ASN1_OBJECT_free(obj); 282 ASN1_OBJECT_free(obj);
257ASN1_OCTET_STRING_free(oct); 283 M_ASN1_OCTET_STRING_free(oct);
258if(ext_der) Free(ext_der); 284 if(ext_der) OPENSSL_free(ext_der);
259return extension; 285 return extension;
260} 286
287 }
261 288
262 289
263/* This is the main function: add a bunch of extensions based on a config file 290/* This is the main function: add a bunch of extensions based on a config file
264 * section 291 * section to an extension STACK.
265 */ 292 */
266 293
267int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, 294
268 X509 *cert) 295int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
269{ 296 STACK_OF(X509_EXTENSION) **sk)
297 {
270 X509_EXTENSION *ext; 298 X509_EXTENSION *ext;
271 STACK_OF(CONF_VALUE) *nval; 299 STACK_OF(CONF_VALUE) *nval;
272 CONF_VALUE *val; 300 CONF_VALUE *val;
273 int i; 301 int i;
274 if(!(nval = CONF_get_section(conf, section))) return 0; 302 if (!(nval = NCONF_get_section(conf, section))) return 0;
275 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 303 for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
304 {
276 val = sk_CONF_VALUE_value(nval, i); 305 val = sk_CONF_VALUE_value(nval, i);
277 if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) 306 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
278 return 0; 307 return 0;
279 if(cert) X509_add_ext(cert, ext, -1); 308 if (sk) X509v3_add_ext(sk, ext, -1);
280 X509_EXTENSION_free(ext); 309 X509_EXTENSION_free(ext);
281 } 310 }
282 return 1; 311 return 1;
283} 312 }
313
314/* Convenience functions to add extensions to a certificate, CRL and request */
315
316int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
317 X509 *cert)
318 {
319 STACK_OF(X509_EXTENSION) **sk = NULL;
320 if (cert)
321 sk = &cert->cert_info->extensions;
322 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
323 }
284 324
285/* Same as above but for a CRL */ 325/* Same as above but for a CRL */
286 326
287int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, 327int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
288 X509_CRL *crl) 328 X509_CRL *crl)
289{ 329 {
290 X509_EXTENSION *ext; 330 STACK_OF(X509_EXTENSION) **sk = NULL;
291 STACK_OF(CONF_VALUE) *nval; 331 if (crl)
292 CONF_VALUE *val; 332 sk = &crl->crl->extensions;
333 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
334 }
335
336/* Add extensions to certificate request */
337
338int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
339 X509_REQ *req)
340 {
341 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
293 int i; 342 int i;
294 if(!(nval = CONF_get_section(conf, section))) return 0; 343 if (req)
295 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 344 sk = &extlist;
296 val = sk_CONF_VALUE_value(nval, i); 345 i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
297 if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) 346 if (!i || !sk)
298 return 0; 347 return i;
299 if(crl) X509_CRL_add_ext(crl, ext, -1); 348 i = X509_REQ_add_extensions(req, extlist);
300 X509_EXTENSION_free(ext); 349 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
350 return i;
301 } 351 }
302 return 1;
303}
304 352
305/* Config database functions */ 353/* Config database functions */
306 354
307char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) 355char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
308{ 356 {
309 if(ctx->db_meth->get_string) 357 if (ctx->db_meth->get_string)
310 return ctx->db_meth->get_string(ctx->db, name, section); 358 return ctx->db_meth->get_string(ctx->db, name, section);
311 return NULL; 359 return NULL;
312} 360 }
313 361
314STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) 362STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
315{ 363 {
316 if(ctx->db_meth->get_section) 364 if (ctx->db_meth->get_section)
317 return ctx->db_meth->get_section(ctx->db, section); 365 return ctx->db_meth->get_section(ctx->db, section);
318 return NULL; 366 return NULL;
319} 367 }
320 368
321void X509V3_string_free(X509V3_CTX *ctx, char *str) 369void X509V3_string_free(X509V3_CTX *ctx, char *str)
322{ 370 {
323 if(!str) return; 371 if (!str) return;
324 if(ctx->db_meth->free_string) 372 if (ctx->db_meth->free_string)
325 ctx->db_meth->free_string(ctx->db, str); 373 ctx->db_meth->free_string(ctx->db, str);
326} 374 }
327 375
328void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) 376void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
329{ 377 {
330 if(!section) return; 378 if (!section) return;
331 if(ctx->db_meth->free_section) 379 if (ctx->db_meth->free_section)
332 ctx->db_meth->free_section(ctx->db, section); 380 ctx->db_meth->free_section(ctx->db, section);
333} 381 }
382
383static char *nconf_get_string(void *db, char *section, char *value)
384 {
385 return NCONF_get_string(db, section, value);
386 }
387
388static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
389 {
390 return NCONF_get_section(db, section);
391 }
392
393static X509V3_CONF_METHOD nconf_method = {
394nconf_get_string,
395nconf_get_section,
396NULL,
397NULL
398};
399
400void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
401 {
402 ctx->db_meth = &nconf_method;
403 ctx->db = conf;
404 }
405
406void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
407 X509_CRL *crl, int flags)
408 {
409 ctx->issuer_cert = issuer;
410 ctx->subject_cert = subj;
411 ctx->crl = crl;
412 ctx->subject_req = req;
413 ctx->flags = flags;
414 }
415
416/* Old conf compatibility functions */
417
418X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
419 char *value)
420 {
421 CONF ctmp;
422 CONF_set_nconf(&ctmp, conf);
423 return X509V3_EXT_nconf(&ctmp, ctx, name, value);
424 }
425
426/* LHASH *conf: Config file */
427/* char *value: Value */
428X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
429 char *value)
430 {
431 CONF ctmp;
432 CONF_set_nconf(&ctmp, conf);
433 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
434 }
334 435
335static char *conf_lhash_get_string(void *db, char *section, char *value) 436static char *conf_lhash_get_string(void *db, char *section, char *value)
336{ 437 {
337 return CONF_get_string(db, section, value); 438 return CONF_get_string(db, section, value);
338} 439 }
339 440
340static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) 441static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
341{ 442 {
342 return CONF_get_section(db, section); 443 return CONF_get_section(db, section);
343} 444 }
344 445
345static X509V3_CONF_METHOD conf_lhash_method = { 446static X509V3_CONF_METHOD conf_lhash_method = {
346conf_lhash_get_string, 447conf_lhash_get_string,
@@ -350,17 +451,35 @@ NULL
350}; 451};
351 452
352void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) 453void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
353{ 454 {
354 ctx->db_meth = &conf_lhash_method; 455 ctx->db_meth = &conf_lhash_method;
355 ctx->db = lhash; 456 ctx->db = lhash;
356} 457 }
357 458
358void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, 459int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
359 X509_CRL *crl, int flags) 460 X509 *cert)
360{ 461 {
361 ctx->issuer_cert = issuer; 462 CONF ctmp;
362 ctx->subject_cert = subj; 463 CONF_set_nconf(&ctmp, conf);
363 ctx->crl = crl; 464 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
364 ctx->subject_req = req; 465 }
365 ctx->flags = flags; 466
366} 467/* Same as above but for a CRL */
468
469int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
470 X509_CRL *crl)
471 {
472 CONF ctmp;
473 CONF_set_nconf(&ctmp, conf);
474 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
475 }
476
477/* Add extensions to certificate request */
478
479int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
480 X509_REQ *req)
481 {
482 CONF ctmp;
483 CONF_set_nconf(&ctmp, conf);
484 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
485 }
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index b4d4883545..0d4ab1f680 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -60,7 +60,7 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/conf.h> 61#include <openssl/conf.h>
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h> 63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66/* Certificate policies extension support: this one is a bit complex... */ 66/* Certificate policies extension support: this one is a bit complex... */
@@ -73,21 +73,58 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *polstrs, int ia5org); 73 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
74static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, 74static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
75 STACK_OF(CONF_VALUE) *unot, int ia5org); 75 STACK_OF(CONF_VALUE) *unot, int ia5org);
76static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos); 76static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
77 77
78X509V3_EXT_METHOD v3_cpols = { 78X509V3_EXT_METHOD v3_cpols = {
79NID_certificate_policies, 0, 79NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
80(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new, 800,0,0,0,
81(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free, 810,0,
82(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES, 820,0,
83(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES,
84NULL, NULL,
85NULL, NULL,
86(X509V3_EXT_I2R)i2r_certpol, 83(X509V3_EXT_I2R)i2r_certpol,
87(X509V3_EXT_R2I)r2i_certpol, 84(X509V3_EXT_R2I)r2i_certpol,
88NULL 85NULL
89}; 86};
90 87
88ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
89 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
90ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
91
92IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
93
94ASN1_SEQUENCE(POLICYINFO) = {
95 ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
96 ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
97} ASN1_SEQUENCE_END(POLICYINFO)
98
99IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
100
101ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
102
103ASN1_ADB(POLICYQUALINFO) = {
104 ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
105 ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
106} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
107
108ASN1_SEQUENCE(POLICYQUALINFO) = {
109 ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
110 ASN1_ADB_OBJECT(POLICYQUALINFO)
111} ASN1_SEQUENCE_END(POLICYQUALINFO)
112
113IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
114
115ASN1_SEQUENCE(USERNOTICE) = {
116 ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
117 ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
118} ASN1_SEQUENCE_END(USERNOTICE)
119
120IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
121
122ASN1_SEQUENCE(NOTICEREF) = {
123 ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
124 ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
125} ASN1_SEQUENCE_END(NOTICEREF)
126
127IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
91 128
92static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, 129static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
93 X509V3_CTX *ctx, char *value) 130 X509V3_CTX *ctx, char *value)
@@ -169,7 +206,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
169 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) 206 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
170 goto merr; 207 goto merr;
171 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); 208 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
172 qual->d.cpsuri = ASN1_IA5STRING_new(); 209 qual->d.cpsuri = M_ASN1_IA5STRING_new();
173 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, 210 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
174 strlen(cnf->value))) goto merr; 211 strlen(cnf->value))) goto merr;
175 } else if(!name_cmp(cnf->name, "userNotice")) { 212 } else if(!name_cmp(cnf->name, "userNotice")) {
@@ -229,7 +266,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
229 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { 266 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
230 cnf = sk_CONF_VALUE_value(unot, i); 267 cnf = sk_CONF_VALUE_value(unot, i);
231 if(!strcmp(cnf->name, "explicitText")) { 268 if(!strcmp(cnf->name, "explicitText")) {
232 not->exptext = ASN1_VISIBLESTRING_new(); 269 not->exptext = M_ASN1_VISIBLESTRING_new();
233 if(!ASN1_STRING_set(not->exptext, cnf->value, 270 if(!ASN1_STRING_set(not->exptext, cnf->value,
234 strlen(cnf->value))) goto merr; 271 strlen(cnf->value))) goto merr;
235 } else if(!strcmp(cnf->name, "organization")) { 272 } else if(!strcmp(cnf->name, "organization")) {
@@ -238,8 +275,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
238 if(!(nref = NOTICEREF_new())) goto merr; 275 if(!(nref = NOTICEREF_new())) goto merr;
239 not->noticeref = nref; 276 not->noticeref = nref;
240 } else nref = not->noticeref; 277 } else nref = not->noticeref;
241 if(ia5org) nref->organization = ASN1_IA5STRING_new(); 278 if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
242 else nref->organization = ASN1_VISIBLESTRING_new(); 279 else nref->organization = M_ASN1_VISIBLESTRING_new();
243 if(!ASN1_STRING_set(nref->organization, cnf->value, 280 if(!ASN1_STRING_set(nref->organization, cnf->value,
244 strlen(cnf->value))) goto merr; 281 strlen(cnf->value))) goto merr;
245 } else if(!strcmp(cnf->name, "noticeNumbers")) { 282 } else if(!strcmp(cnf->name, "noticeNumbers")) {
@@ -282,20 +319,22 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
282 return NULL; 319 return NULL;
283} 320}
284 321
285static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos) 322static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
286{ 323{
287 STACK *nnums; 324 STACK_OF(ASN1_INTEGER) *nnums;
288 CONF_VALUE *cnf; 325 CONF_VALUE *cnf;
289 ASN1_INTEGER *aint; 326 ASN1_INTEGER *aint;
327
290 int i; 328 int i;
291 if(!(nnums = sk_new_null())) goto merr; 329
330 if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
292 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { 331 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
293 cnf = sk_CONF_VALUE_value(nos, i); 332 cnf = sk_CONF_VALUE_value(nos, i);
294 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { 333 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
295 X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); 334 X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
296 goto err; 335 goto err;
297 } 336 }
298 if(!sk_push(nnums, (char *)aint)) goto merr; 337 if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
299 } 338 }
300 return nnums; 339 return nnums;
301 340
@@ -303,7 +342,7 @@ static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos)
303 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); 342 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
304 343
305 err: 344 err:
306 sk_pop_free(nnums, ASN1_STRING_free); 345 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
307 return NULL; 346 return NULL;
308} 347}
309 348
@@ -325,83 +364,6 @@ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
325 return 1; 364 return 1;
326} 365}
327 366
328
329int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp)
330{
331
332return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
333 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
334
335STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void)
336{
337 return sk_POLICYINFO_new_null();
338}
339
340void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a)
341{
342 sk_POLICYINFO_pop_free(a, POLICYINFO_free);
343}
344
345STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a,
346 unsigned char **pp,long length)
347{
348return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
349 POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
350
351}
352
353IMPLEMENT_STACK_OF(POLICYINFO)
354IMPLEMENT_ASN1_SET_OF(POLICYINFO)
355
356int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp)
357{
358 M_ASN1_I2D_vars(a);
359
360 M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT);
361 M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
362 i2d_POLICYQUALINFO);
363
364 M_ASN1_I2D_seq_total();
365
366 M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT);
367 M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
368 i2d_POLICYQUALINFO);
369
370 M_ASN1_I2D_finish();
371}
372
373POLICYINFO *POLICYINFO_new(void)
374{
375 POLICYINFO *ret=NULL;
376 ASN1_CTX c;
377 M_ASN1_New_Malloc(ret, POLICYINFO);
378 ret->policyid = NULL;
379 ret->qualifiers = NULL;
380 return (ret);
381 M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
382}
383
384POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length)
385{
386 M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
387 M_ASN1_D2I_Init();
388 M_ASN1_D2I_start_sequence();
389 M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT);
390 if(!M_ASN1_D2I_end_sequence()) {
391 M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers,
392 d2i_POLICYQUALINFO, POLICYQUALINFO_free);
393 }
394 M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
395}
396
397void POLICYINFO_free(POLICYINFO *a)
398{
399 if (a == NULL) return;
400 ASN1_OBJECT_free(a->policyid);
401 sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
402 Free (a);
403}
404
405static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, 367static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
406 int indent) 368 int indent)
407{ 369{
@@ -441,15 +403,15 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
441 BIO_printf(out, "%*sOrganization: %s\n", indent, "", 403 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
442 ref->organization->data); 404 ref->organization->data);
443 BIO_printf(out, "%*sNumber%s: ", indent, "", 405 BIO_printf(out, "%*sNumber%s: ", indent, "",
444 (sk_num(ref->noticenos) > 1) ? "s" : ""); 406 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
445 for(i = 0; i < sk_num(ref->noticenos); i++) { 407 for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
446 ASN1_INTEGER *num; 408 ASN1_INTEGER *num;
447 char *tmp; 409 char *tmp;
448 num = (ASN1_INTEGER *)sk_value(ref->noticenos, i); 410 num = sk_ASN1_INTEGER_value(ref->noticenos, i);
449 if(i) BIO_puts(out, ", "); 411 if(i) BIO_puts(out, ", ");
450 tmp = i2s_ASN1_INTEGER(NULL, num); 412 tmp = i2s_ASN1_INTEGER(NULL, num);
451 BIO_puts(out, tmp); 413 BIO_puts(out, tmp);
452 Free(tmp); 414 OPENSSL_free(tmp);
453 } 415 }
454 BIO_puts(out, "\n"); 416 BIO_puts(out, "\n");
455 } 417 }
@@ -457,199 +419,4 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
457 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", 419 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
458 notice->exptext->data); 420 notice->exptext->data);
459} 421}
460
461
462
463int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp)
464{
465 M_ASN1_I2D_vars(a);
466
467 M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT);
468 switch(OBJ_obj2nid(a->pqualid)) {
469 case NID_id_qt_cps:
470 M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING);
471 break;
472
473 case NID_id_qt_unotice:
474 M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE);
475 break;
476
477 default:
478 M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE);
479 break;
480 }
481
482 M_ASN1_I2D_seq_total();
483
484 M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT);
485 switch(OBJ_obj2nid(a->pqualid)) {
486 case NID_id_qt_cps:
487 M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING);
488 break;
489
490 case NID_id_qt_unotice:
491 M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE);
492 break;
493
494 default:
495 M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE);
496 break;
497 }
498
499 M_ASN1_I2D_finish();
500}
501
502POLICYQUALINFO *POLICYQUALINFO_new(void)
503{
504 POLICYQUALINFO *ret=NULL;
505 ASN1_CTX c;
506 M_ASN1_New_Malloc(ret, POLICYQUALINFO);
507 ret->pqualid = NULL;
508 ret->d.other = NULL;
509 return (ret);
510 M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW);
511}
512
513POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
514 long length)
515{
516 M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new);
517 M_ASN1_D2I_Init();
518 M_ASN1_D2I_start_sequence();
519 M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT);
520 switch(OBJ_obj2nid(ret->pqualid)) {
521 case NID_id_qt_cps:
522 M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING);
523 break;
524
525 case NID_id_qt_unotice:
526 M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE);
527 break;
528
529 default:
530 M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE);
531 break;
532 }
533 M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO);
534}
535
536void POLICYQUALINFO_free(POLICYQUALINFO *a)
537{
538 if (a == NULL) return;
539 switch(OBJ_obj2nid(a->pqualid)) {
540 case NID_id_qt_cps:
541 ASN1_IA5STRING_free(a->d.cpsuri);
542 break;
543
544 case NID_id_qt_unotice:
545 USERNOTICE_free(a->d.usernotice);
546 break;
547
548 default:
549 ASN1_TYPE_free(a->d.other);
550 break;
551 }
552
553 ASN1_OBJECT_free(a->pqualid);
554 Free (a);
555}
556
557int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp)
558{
559 M_ASN1_I2D_vars(a);
560
561 M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF);
562 M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT);
563
564 M_ASN1_I2D_seq_total();
565
566 M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF);
567 M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT);
568
569 M_ASN1_I2D_finish();
570}
571
572USERNOTICE *USERNOTICE_new(void)
573{
574 USERNOTICE *ret=NULL;
575 ASN1_CTX c;
576 M_ASN1_New_Malloc(ret, USERNOTICE);
577 ret->noticeref = NULL;
578 ret->exptext = NULL;
579 return (ret);
580 M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW);
581}
582
583USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length)
584{
585 M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new);
586 M_ASN1_D2I_Init();
587 M_ASN1_D2I_start_sequence();
588 M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE);
589 if (!M_ASN1_D2I_end_sequence()) {
590 M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT);
591 }
592 M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE);
593}
594
595void USERNOTICE_free(USERNOTICE *a)
596{
597 if (a == NULL) return;
598 NOTICEREF_free(a->noticeref);
599 DISPLAYTEXT_free(a->exptext);
600 Free (a);
601}
602
603int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp)
604{
605 M_ASN1_I2D_vars(a);
606
607 M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT);
608 M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
609
610 M_ASN1_I2D_seq_total();
611
612 M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT);
613 M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
614
615 M_ASN1_I2D_finish();
616}
617
618NOTICEREF *NOTICEREF_new(void)
619{
620 NOTICEREF *ret=NULL;
621 ASN1_CTX c;
622 M_ASN1_New_Malloc(ret, NOTICEREF);
623 ret->organization = NULL;
624 ret->noticenos = NULL;
625 return (ret);
626 M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW);
627}
628
629NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
630{
631 M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new);
632 M_ASN1_D2I_Init();
633 M_ASN1_D2I_start_sequence();
634 /* This is to cope with some broken encodings that use IA5STRING for
635 * the organization field
636 */
637 M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING,
638 V_ASN1_IA5STRING);
639 if(!ret->organization) {
640 M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT);
641 }
642 M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free);
643 M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
644}
645
646void NOTICEREF_free(NOTICEREF *a)
647{
648 if (a == NULL) return;
649 DISPLAYTEXT_free(a->organization);
650 sk_pop_free(a->noticenos, ASN1_STRING_free);
651 Free (a);
652}
653 422
654IMPLEMENT_STACK_OF(POLICYQUALINFO)
655IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO)
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index 897ffb63e4..894a8b94d8 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -60,7 +60,7 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/conf.h> 61#include <openssl/conf.h>
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h> 63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, 66static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
@@ -69,15 +69,13 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
70 70
71X509V3_EXT_METHOD v3_crld = { 71X509V3_EXT_METHOD v3_crld = {
72NID_crl_distribution_points, X509V3_EXT_MULTILINE, 72NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
73(X509V3_EXT_NEW)CRL_DIST_POINTS_new, 730,0,0,0,
74(X509V3_EXT_FREE)CRL_DIST_POINTS_free, 740,0,
75(X509V3_EXT_D2I)d2i_CRL_DIST_POINTS,
76(X509V3_EXT_I2D)i2d_CRL_DIST_POINTS,
77NULL, NULL,
78(X509V3_EXT_I2V)i2v_crld, 75(X509V3_EXT_I2V)i2v_crld,
79(X509V3_EXT_V2I)v2i_crld, 76(X509V3_EXT_V2I)v2i_crld,
80NULL, NULL, NULL 770,0,
78NULL
81}; 79};
82 80
83static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, 81static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
@@ -87,16 +85,16 @@ static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
87 int i; 85 int i;
88 for(i = 0; i < sk_DIST_POINT_num(crld); i++) { 86 for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
89 point = sk_DIST_POINT_value(crld, i); 87 point = sk_DIST_POINT_value(crld, i);
90 if(point->distpoint->fullname) { 88 if(point->distpoint) {
91 exts = i2v_GENERAL_NAMES(NULL, 89 if(point->distpoint->type == 0)
92 point->distpoint->fullname, exts); 90 exts = i2v_GENERAL_NAMES(NULL,
91 point->distpoint->name.fullname, exts);
92 else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
93 } 93 }
94 if(point->reasons) 94 if(point->reasons)
95 X509V3_add_value("reasons","<UNSUPPORTED>", &exts); 95 X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
96 if(point->CRLissuer) 96 if(point->CRLissuer)
97 X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts); 97 X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
98 if(point->distpoint->relativename)
99 X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
100 } 98 }
101 return exts; 99 return exts;
102} 100}
@@ -105,11 +103,11 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
105 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 103 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
106{ 104{
107 STACK_OF(DIST_POINT) *crld = NULL; 105 STACK_OF(DIST_POINT) *crld = NULL;
108 STACK_OF(GENERAL_NAME) *gens = NULL; 106 GENERAL_NAMES *gens = NULL;
109 GENERAL_NAME *gen = NULL; 107 GENERAL_NAME *gen = NULL;
110 CONF_VALUE *cnf; 108 CONF_VALUE *cnf;
111 int i; 109 int i;
112 if(!(crld = sk_DIST_POINT_new(NULL))) goto merr; 110 if(!(crld = sk_DIST_POINT_new_null())) goto merr;
113 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 111 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
114 DIST_POINT *point; 112 DIST_POINT *point;
115 cnf = sk_CONF_VALUE_value(nval, i); 113 cnf = sk_CONF_VALUE_value(nval, i);
@@ -123,7 +121,8 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
123 goto merr; 121 goto merr;
124 } 122 }
125 if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr; 123 if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
126 point->distpoint->fullname = gens; 124 point->distpoint->name.fullname = gens;
125 point->distpoint->type = 0;
127 gens = NULL; 126 gens = NULL;
128 } 127 }
129 return crld; 128 return crld;
@@ -137,147 +136,27 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
137 return NULL; 136 return NULL;
138} 137}
139 138
140int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp)
141{
142
143return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE,
144 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
145
146STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void)
147{
148 return sk_DIST_POINT_new_null();
149}
150
151void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a)
152{
153 sk_DIST_POINT_pop_free(a, DIST_POINT_free);
154}
155
156STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
157 unsigned char **pp,long length)
158{
159return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT,
160 DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
161
162}
163
164IMPLEMENT_STACK_OF(DIST_POINT) 139IMPLEMENT_STACK_OF(DIST_POINT)
165IMPLEMENT_ASN1_SET_OF(DIST_POINT) 140IMPLEMENT_ASN1_SET_OF(DIST_POINT)
166 141
167int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp)
168{
169 int v = 0;
170 M_ASN1_I2D_vars(a);
171 /* NB: underlying type is a CHOICE so need EXPLICIT tagging */
172 M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
173 M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING);
174 M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES);
175 142
176 M_ASN1_I2D_seq_total(); 143ASN1_CHOICE(DIST_POINT_NAME) = {
144 ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
145 ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
146} ASN1_CHOICE_END(DIST_POINT_NAME)
177 147
178 M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v); 148IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
179 M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1);
180 M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2);
181 149
182 M_ASN1_I2D_finish(); 150ASN1_SEQUENCE(DIST_POINT) = {
183} 151 ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
152 ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
153 ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
154} ASN1_SEQUENCE_END(DIST_POINT)
184 155
185DIST_POINT *DIST_POINT_new(void) 156IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
186{
187 DIST_POINT *ret=NULL;
188 ASN1_CTX c;
189 M_ASN1_New_Malloc(ret, DIST_POINT);
190 ret->distpoint = NULL;
191 ret->reasons = NULL;
192 ret->CRLissuer = NULL;
193 return (ret);
194 M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW);
195}
196 157
197DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length) 158ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
198{ 159 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT)
199 M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new); 160ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
200 M_ASN1_D2I_Init();
201 M_ASN1_D2I_start_sequence();
202 M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0);
203 M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1,
204 V_ASN1_BIT_STRING);
205 M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2,
206 V_ASN1_SEQUENCE);
207 M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT);
208}
209 161
210void DIST_POINT_free(DIST_POINT *a) 162IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
211{
212 if (a == NULL) return;
213 DIST_POINT_NAME_free(a->distpoint);
214 ASN1_BIT_STRING_free(a->reasons);
215 sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
216 Free ((char *)a);
217}
218
219int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
220{
221 int v = 0;
222 M_ASN1_I2D_vars(a);
223
224 if(a->fullname) {
225 M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES);
226 } else {
227 M_ASN1_I2D_len_EXP_opt (a->relativename, i2d_X509_NAME, 1, v);
228 }
229
230 /* Don't want a SEQUENCE so... */
231 if(pp == NULL) return ret;
232 p = *pp;
233
234 if(a->fullname) {
235 M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0);
236 } else {
237 M_ASN1_I2D_put_EXP_opt (a->relativename, i2d_X509_NAME, 1, v);
238 }
239 M_ASN1_I2D_finish();
240}
241
242DIST_POINT_NAME *DIST_POINT_NAME_new(void)
243{
244 DIST_POINT_NAME *ret=NULL;
245 ASN1_CTX c;
246 M_ASN1_New_Malloc(ret, DIST_POINT_NAME);
247 ret->fullname = NULL;
248 ret->relativename = NULL;
249 return (ret);
250 M_ASN1_New_Error(ASN1_F_DIST_POINT_NAME_NEW);
251}
252
253void DIST_POINT_NAME_free(DIST_POINT_NAME *a)
254{
255 if (a == NULL) return;
256 X509_NAME_free(a->relativename);
257 sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free);
258 Free ((char *)a);
259}
260
261DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
262 long length)
263{
264 unsigned char _tmp, tag;
265 M_ASN1_D2I_vars(a,DIST_POINT_NAME *,DIST_POINT_NAME_new);
266 M_ASN1_D2I_Init();
267 c.slen = length;
268
269 _tmp = M_ASN1_next;
270 tag = _tmp & ~V_ASN1_CONSTRUCTED;
271
272 if(tag == (0|V_ASN1_CONTEXT_SPECIFIC)) {
273 M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES,
274 V_ASN1_SEQUENCE);
275 } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) {
276 M_ASN1_D2I_get_EXP_opt (ret->relativename, d2i_X509_NAME, 1);
277 } else {
278 c.error = ASN1_R_BAD_TAG;
279 goto err;
280 }
281
282 M_ASN1_D2I_Finish(a, DIST_POINT_NAME_free, ASN1_F_D2I_DIST_POINT_NAME);
283}
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
index db423548ff..010c9d6260 100644
--- a/src/lib/libcrypto/x509v3/v3_enum.c
+++ b/src/lib/libcrypto/x509v3/v3_enum.c
@@ -60,8 +60,6 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/x509v3.h> 61#include <openssl/x509v3.h>
62 62
63static ASN1_ENUMERATED *asn1_enumerated_new(void);
64
65static ENUMERATED_NAMES crl_reasons[] = { 63static ENUMERATED_NAMES crl_reasons[] = {
66{0, "Unspecified", "unspecified"}, 64{0, "Unspecified", "unspecified"},
67{1, "Key Compromise", "keyCompromise"}, 65{1, "Key Compromise", "keyCompromise"},
@@ -75,20 +73,13 @@ static ENUMERATED_NAMES crl_reasons[] = {
75}; 73};
76 74
77X509V3_EXT_METHOD v3_crl_reason = { 75X509V3_EXT_METHOD v3_crl_reason = {
78NID_crl_reason, 0, 76NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
79(X509V3_EXT_NEW)asn1_enumerated_new, 770,0,0,0,
80(X509V3_EXT_FREE)ASN1_STRING_free,
81(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
82(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
83(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, 78(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
84(X509V3_EXT_S2I)NULL, 790,
85NULL, NULL, NULL, NULL, crl_reasons}; 800,0,0,0,
86 81crl_reasons};
87 82
88static ASN1_ENUMERATED *asn1_enumerated_new(void)
89{
90 return ASN1_ENUMERATED_new();
91}
92 83
93char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, 84char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
94 ASN1_ENUMERATED *e) 85 ASN1_ENUMERATED *e)
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
index e039d21cbf..b1cfaba1aa 100644
--- a/src/lib/libcrypto/x509v3/v3_extku.c
+++ b/src/lib/libcrypto/x509v3/v3_extku.c
@@ -59,92 +59,84 @@
59 59
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/asn1.h> 62#include <openssl/asn1t.h>
63#include <openssl/conf.h> 63#include <openssl/conf.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method, 66static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method, 68static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
69 STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *extlist); 69 void *eku, STACK_OF(CONF_VALUE) *extlist);
70
70X509V3_EXT_METHOD v3_ext_ku = { 71X509V3_EXT_METHOD v3_ext_ku = {
71NID_ext_key_usage, 0, 72 NID_ext_key_usage, 0,
72(X509V3_EXT_NEW)ext_ku_new, 73 ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
73(X509V3_EXT_FREE)ext_ku_free, 74 0,0,0,0,
74(X509V3_EXT_D2I)d2i_ext_ku, 75 0,0,
75(X509V3_EXT_I2D)i2d_ext_ku, 76 i2v_EXTENDED_KEY_USAGE,
76NULL, NULL, 77 v2i_EXTENDED_KEY_USAGE,
77(X509V3_EXT_I2V)i2v_ext_ku, 78 0,0,
78(X509V3_EXT_V2I)v2i_ext_ku, 79 NULL
79NULL,NULL,
80NULL
81}; 80};
82 81
83STACK_OF(ASN1_OBJECT) *ext_ku_new(void) 82/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
84{ 83X509V3_EXT_METHOD v3_ocsp_accresp = {
85 return sk_ASN1_OBJECT_new_null(); 84 NID_id_pkix_OCSP_acceptableResponses, 0,
86} 85 ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
87 86 0,0,0,0,
88void ext_ku_free(STACK_OF(ASN1_OBJECT) *eku) 87 0,0,
89{ 88 i2v_EXTENDED_KEY_USAGE,
90 sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free); 89 v2i_EXTENDED_KEY_USAGE,
91 return; 90 0,0,
92} 91 NULL
93 92};
94int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp)
95{
96 return i2d_ASN1_SET_OF_ASN1_OBJECT(a, pp, i2d_ASN1_OBJECT,
97 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
98}
99
100STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
101 unsigned char **pp, long length)
102{
103 return d2i_ASN1_SET_OF_ASN1_OBJECT(a, pp, length, d2i_ASN1_OBJECT,
104 ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
105}
106 93
94ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
95 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
96ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
107 97
98IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
108 99
109static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method, 100static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
110 STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *ext_list) 101 void *a, STACK_OF(CONF_VALUE) *ext_list)
111{ 102{
112int i; 103 EXTENDED_KEY_USAGE *eku = a;
113ASN1_OBJECT *obj; 104 int i;
114char obj_tmp[80]; 105 ASN1_OBJECT *obj;
115for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { 106 char obj_tmp[80];
116 obj = sk_ASN1_OBJECT_value(eku, i); 107 for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
117 i2t_ASN1_OBJECT(obj_tmp, 80, obj); 108 obj = sk_ASN1_OBJECT_value(eku, i);
118 X509V3_add_value(NULL, obj_tmp, &ext_list); 109 i2t_ASN1_OBJECT(obj_tmp, 80, obj);
119} 110 X509V3_add_value(NULL, obj_tmp, &ext_list);
120return ext_list; 111 }
112 return ext_list;
121} 113}
122 114
123static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method, 115static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
124 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 116 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
125{ 117{
126STACK_OF(ASN1_OBJECT) *extku; 118 EXTENDED_KEY_USAGE *extku;
127char *extval; 119 char *extval;
128ASN1_OBJECT *objtmp; 120 ASN1_OBJECT *objtmp;
129CONF_VALUE *val; 121 CONF_VALUE *val;
130int i; 122 int i;
131 123
132if(!(extku = sk_ASN1_OBJECT_new(NULL))) { 124 if(!(extku = sk_ASN1_OBJECT_new_null())) {
133 X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE); 125 X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
134 return NULL;
135}
136
137for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
138 val = sk_CONF_VALUE_value(nval, i);
139 if(val->value) extval = val->value;
140 else extval = val->name;
141 if(!(objtmp = OBJ_txt2obj(extval, 0))) {
142 sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
143 X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
144 X509V3_conf_err(val);
145 return NULL; 126 return NULL;
146 } 127 }
147 sk_ASN1_OBJECT_push(extku, objtmp); 128
148} 129 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
149return extku; 130 val = sk_CONF_VALUE_value(nval, i);
131 if(val->value) extval = val->value;
132 else extval = val->name;
133 if(!(objtmp = OBJ_txt2obj(extval, 0))) {
134 sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
135 X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
136 X509V3_conf_err(val);
137 return NULL;
138 }
139 sk_ASN1_OBJECT_push(extku, objtmp);
140 }
141 return extku;
150} 142}
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
index af716232f8..650b510980 100644
--- a/src/lib/libcrypto/x509v3/v3_genn.c
+++ b/src/lib/libcrypto/x509v3/v3_genn.c
@@ -59,179 +59,43 @@
59 59
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/asn1.h> 62#include <openssl/asn1t.h>
63#include <openssl/asn1_mac.h>
64#include <openssl/conf.h> 63#include <openssl/conf.h>
65#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
66 65
67int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp) 66ASN1_SEQUENCE(OTHERNAME) = {
68{ 67 ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
69 unsigned char *p; 68 /* Maybe have a true ANY DEFINED BY later */
70 int ret; 69 ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
71 70} ASN1_SEQUENCE_END(OTHERNAME)
72 ret = 0; 71
73 72IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
74 /* Save the location of initial TAG */ 73
75 if(pp) p = *pp; 74ASN1_SEQUENCE(EDIPARTYNAME) = {
76 else p = NULL; 75 ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
77 76 ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
78 /* GEN_DNAME needs special treatment because of EXPLICIT tag */ 77} ASN1_SEQUENCE_END(EDIPARTYNAME)
79 78
80 if(a->type == GEN_DIRNAME) { 79IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
81 int v = 0; 80
82 M_ASN1_I2D_len_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v); 81ASN1_CHOICE(GENERAL_NAME) = {
83 if(!p) return ret; 82 ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
84 M_ASN1_I2D_put_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v); 83 ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
85 *pp = p; 84 ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
86 return ret; 85 /* Don't decode this */
87 } 86 ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
88 87 /* X509_NAME is a CHOICE type so use EXPLICIT */
89 switch(a->type) { 88 ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
90 89 ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
91 case GEN_OTHERNAME: 90 ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
92 case GEN_X400: 91 ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
93 case GEN_EDIPARTY: 92 ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
94 ret = i2d_ASN1_TYPE(a->d.other, pp); 93} ASN1_CHOICE_END(GENERAL_NAME)
95 break; 94
96 95IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
97 case GEN_EMAIL: 96
98 case GEN_DNS: 97ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
99 case GEN_URI: 98 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
100 ret = i2d_ASN1_IA5STRING(a->d.ia5, pp); 99ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
101 break; 100
102 101IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
103 case GEN_IPADD:
104 ret = i2d_ASN1_OCTET_STRING(a->d.ip, pp);
105 break;
106
107 case GEN_RID:
108 ret = i2d_ASN1_OBJECT(a->d.rid, pp);
109 break;
110 }
111 /* Replace TAG with IMPLICIT value */
112 if(p) *p = (*p & V_ASN1_CONSTRUCTED) | a->type;
113 return ret;
114}
115
116GENERAL_NAME *GENERAL_NAME_new()
117{
118 GENERAL_NAME *ret=NULL;
119 ASN1_CTX c;
120 M_ASN1_New_Malloc(ret, GENERAL_NAME);
121 ret->type = -1;
122 ret->d.ptr = NULL;
123 return (ret);
124 M_ASN1_New_Error(ASN1_F_GENERAL_NAME_NEW);
125}
126
127GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp,
128 long length)
129{
130 unsigned char _tmp;
131 M_ASN1_D2I_vars(a,GENERAL_NAME *,GENERAL_NAME_new);
132 M_ASN1_D2I_Init();
133 c.slen = length;
134
135 _tmp = M_ASN1_next;
136 ret->type = _tmp & ~V_ASN1_CONSTRUCTED;
137
138 switch(ret->type) {
139 /* Just put these in a "blob" for now */
140 case GEN_OTHERNAME:
141 case GEN_X400:
142 case GEN_EDIPARTY:
143 M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE);
144 break;
145
146 case GEN_EMAIL:
147 case GEN_DNS:
148 case GEN_URI:
149 M_ASN1_D2I_get_imp(ret->d.ia5, d2i_ASN1_IA5STRING,
150 V_ASN1_IA5STRING);
151 break;
152
153 case GEN_DIRNAME:
154 M_ASN1_D2I_get_EXP_opt(ret->d.dirn, d2i_X509_NAME, 4);
155 break;
156
157 case GEN_IPADD:
158 M_ASN1_D2I_get_imp(ret->d.ip, d2i_ASN1_OCTET_STRING,
159 V_ASN1_OCTET_STRING);
160 break;
161
162 case GEN_RID:
163 M_ASN1_D2I_get_imp(ret->d.rid, d2i_ASN1_OBJECT,V_ASN1_OBJECT);
164 break;
165
166 default:
167 c.error = ASN1_R_BAD_TAG;
168 goto err;
169 }
170
171 c.slen = 0;
172 M_ASN1_D2I_Finish(a, GENERAL_NAME_free, ASN1_F_D2I_GENERAL_NAME);
173}
174
175void GENERAL_NAME_free(GENERAL_NAME *a)
176{
177 if (a == NULL) return;
178 switch(a->type) {
179 case GEN_OTHERNAME:
180 case GEN_X400:
181 case GEN_EDIPARTY:
182 ASN1_TYPE_free(a->d.other);
183 break;
184
185 case GEN_EMAIL:
186 case GEN_DNS:
187 case GEN_URI:
188
189 ASN1_IA5STRING_free(a->d.ia5);
190 break;
191
192 case GEN_DIRNAME:
193 X509_NAME_free(a->d.dirn);
194 break;
195
196 case GEN_IPADD:
197 ASN1_OCTET_STRING_free(a->d.ip);
198 break;
199
200 case GEN_RID:
201 ASN1_OBJECT_free(a->d.rid);
202 break;
203
204 }
205 Free ((char *)a);
206}
207
208/* Now the GeneralNames versions: a SEQUENCE OF GeneralName These are needed as
209 * an explicit functions.
210 */
211
212STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new()
213{
214 return sk_GENERAL_NAME_new(NULL);
215}
216
217void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a)
218{
219 sk_GENERAL_NAME_pop_free(a, GENERAL_NAME_free);
220}
221
222STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a,
223 unsigned char **pp, long length)
224{
225return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME,
226 GENERAL_NAME_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
227}
228
229int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp)
230{
231return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE,
232 V_ASN1_UNIVERSAL, IS_SEQUENCE);
233}
234
235IMPLEMENT_STACK_OF(GENERAL_NAME)
236IMPLEMENT_ASN1_SET_OF(GENERAL_NAME)
237
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
index 3446c5cd6a..f9414456de 100644
--- a/src/lib/libcrypto/x509v3/v3_ia5.c
+++ b/src/lib/libcrypto/x509v3/v3_ia5.c
@@ -63,7 +63,6 @@
63#include <openssl/conf.h> 63#include <openssl/conf.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66static ASN1_IA5STRING *ia5string_new(void);
67static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); 66static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
68static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); 67static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
69X509V3_EXT_METHOD v3_ns_ia5_list[] = { 68X509V3_EXT_METHOD v3_ns_ia5_list[] = {
@@ -78,17 +77,12 @@ EXT_END
78}; 77};
79 78
80 79
81static ASN1_IA5STRING *ia5string_new(void)
82{
83 return ASN1_IA5STRING_new();
84}
85
86static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, 80static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
87 ASN1_IA5STRING *ia5) 81 ASN1_IA5STRING *ia5)
88{ 82{
89 char *tmp; 83 char *tmp;
90 if(!ia5 || !ia5->length) return NULL; 84 if(!ia5 || !ia5->length) return NULL;
91 tmp = Malloc(ia5->length + 1); 85 if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL;
92 memcpy(tmp, ia5->data, ia5->length); 86 memcpy(tmp, ia5->data, ia5->length);
93 tmp[ia5->length] = 0; 87 tmp[ia5->length] = 0;
94 return tmp; 88 return tmp;
@@ -102,12 +96,15 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
102 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); 96 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
103 return NULL; 97 return NULL;
104 } 98 }
105 if(!(ia5 = ASN1_IA5STRING_new())) goto err; 99 if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
106 if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, 100 if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
107 strlen(str))) { 101 strlen(str))) {
108 ASN1_IA5STRING_free(ia5); 102 M_ASN1_IA5STRING_free(ia5);
109 goto err; 103 goto err;
110 } 104 }
105#ifdef CHARSET_EBCDIC
106 ebcdic2ascii(ia5->data, ia5->data, ia5->length);
107#endif /*CHARSET_EBCDIC*/
111 return ia5; 108 return ia5;
112 err: 109 err:
113 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); 110 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index 78d2135046..7f17f3231d 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -60,28 +60,48 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/conf.h> 61#include <openssl/conf.h>
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h> 63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, 66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
67 STACK_OF(ACCESS_DESCRIPTION) *ainfo, 67 AUTHORITY_INFO_ACCESS *ainfo,
68 STACK_OF(CONF_VALUE) *ret); 68 STACK_OF(CONF_VALUE) *ret);
69static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, 69static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
71 71
72X509V3_EXT_METHOD v3_info = 72X509V3_EXT_METHOD v3_info =
73{ NID_info_access, X509V3_EXT_MULTILINE, 73{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
74(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new, 740,0,0,0,
75(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free, 750,0,
76(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS,
77(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS,
78NULL, NULL,
79(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, 76(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
80(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, 77(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
81NULL, NULL, NULL}; 780,0,
79NULL};
80
81X509V3_EXT_METHOD v3_sinfo =
82{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
830,0,0,0,
840,0,
85(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
86(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
870,0,
88NULL};
89
90ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
91 ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
92 ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
93} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
94
95IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
96
97ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =
98 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
99ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
100
101IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
82 102
83static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, 103static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
84 STACK_OF(ACCESS_DESCRIPTION) *ainfo, 104 AUTHORITY_INFO_ACCESS *ainfo,
85 STACK_OF(CONF_VALUE) *ret) 105 STACK_OF(CONF_VALUE) *ret)
86{ 106{
87 ACCESS_DESCRIPTION *desc; 107 ACCESS_DESCRIPTION *desc;
@@ -94,7 +114,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
94 if(!ret) break; 114 if(!ret) break;
95 vtmp = sk_CONF_VALUE_value(ret, i); 115 vtmp = sk_CONF_VALUE_value(ret, i);
96 i2t_ASN1_OBJECT(objtmp, 80, desc->method); 116 i2t_ASN1_OBJECT(objtmp, 80, desc->method);
97 ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5); 117 ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
98 if(!ntmp) { 118 if(!ntmp) {
99 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 119 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
100 ERR_R_MALLOC_FAILURE); 120 ERR_R_MALLOC_FAILURE);
@@ -103,7 +123,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
103 strcpy(ntmp, objtmp); 123 strcpy(ntmp, objtmp);
104 strcat(ntmp, " - "); 124 strcat(ntmp, " - ");
105 strcat(ntmp, vtmp->name); 125 strcat(ntmp, vtmp->name);
106 Free(vtmp->name); 126 OPENSSL_free(vtmp->name);
107 vtmp->name = ntmp; 127 vtmp->name = ntmp;
108 128
109 } 129 }
@@ -111,15 +131,15 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
111 return ret; 131 return ret;
112} 132}
113 133
114static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, 134static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
115 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 135 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
116{ 136{
117 STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL; 137 AUTHORITY_INFO_ACCESS *ainfo = NULL;
118 CONF_VALUE *cnf, ctmp; 138 CONF_VALUE *cnf, ctmp;
119 ACCESS_DESCRIPTION *acc; 139 ACCESS_DESCRIPTION *acc;
120 int i, objlen; 140 int i, objlen;
121 char *objtmp, *ptmp; 141 char *objtmp, *ptmp;
122 if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) { 142 if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
123 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); 143 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
124 return NULL; 144 return NULL;
125 } 145 }
@@ -140,7 +160,7 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
140 ctmp.value = cnf->value; 160 ctmp.value = cnf->value;
141 if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) 161 if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
142 goto err; 162 goto err;
143 if(!(objtmp = Malloc(objlen + 1))) { 163 if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
144 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); 164 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
145 goto err; 165 goto err;
146 } 166 }
@@ -150,10 +170,10 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
150 if(!acc->method) { 170 if(!acc->method) {
151 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); 171 X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
152 ERR_add_error_data(2, "value=", objtmp); 172 ERR_add_error_data(2, "value=", objtmp);
153 Free(objtmp); 173 OPENSSL_free(objtmp);
154 goto err; 174 goto err;
155 } 175 }
156 Free(objtmp); 176 OPENSSL_free(objtmp);
157 177
158 } 178 }
159 return ainfo; 179 return ainfo;
@@ -162,75 +182,11 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
162 return NULL; 182 return NULL;
163} 183}
164 184
165int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp) 185int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
166{ 186 {
167 M_ASN1_I2D_vars(a); 187 i2a_ASN1_OBJECT(bp, a->method);
168 188#ifdef UNDEF
169 M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT); 189 i2a_GENERAL_NAME(bp, a->location);
170 M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME); 190#endif
171 191 return 2;
172 M_ASN1_I2D_seq_total(); 192 }
173
174 M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT);
175 M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME);
176
177 M_ASN1_I2D_finish();
178}
179
180ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void)
181{
182 ACCESS_DESCRIPTION *ret=NULL;
183 ASN1_CTX c;
184 M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION);
185 ret->method = OBJ_nid2obj(NID_undef);
186 ret->location = NULL;
187 return (ret);
188 M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW);
189}
190
191ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
192 long length)
193{
194 M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new);
195 M_ASN1_D2I_Init();
196 M_ASN1_D2I_start_sequence();
197 M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT);
198 M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME);
199 M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION);
200}
201
202void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
203{
204 if (a == NULL) return;
205 ASN1_OBJECT_free(a->method);
206 GENERAL_NAME_free(a->location);
207 Free (a);
208}
209
210STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
211{
212 return sk_ACCESS_DESCRIPTION_new(NULL);
213}
214
215void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)
216{
217 sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free);
218}
219
220STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
221 unsigned char **pp, long length)
222{
223return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION,
224 ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
225}
226
227int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp)
228{
229return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE,
230 V_ASN1_UNIVERSAL, IS_SEQUENCE);
231}
232
233IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION)
234IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION)
235
236
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
index 637dd5e128..f34cbfb731 100644
--- a/src/lib/libcrypto/x509v3/v3_int.c
+++ b/src/lib/libcrypto/x509v3/v3_int.c
@@ -60,20 +60,10 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/x509v3.h> 61#include <openssl/x509v3.h>
62 62
63static ASN1_INTEGER *asn1_integer_new(void);
64
65X509V3_EXT_METHOD v3_crl_num = { 63X509V3_EXT_METHOD v3_crl_num = {
66NID_crl_number, 0, 64NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
67(X509V3_EXT_NEW)asn1_integer_new, 650,0,0,0,
68(X509V3_EXT_FREE)ASN1_STRING_free,
69(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
70(X509V3_EXT_I2D)i2d_ASN1_INTEGER,
71(X509V3_EXT_I2S)i2s_ASN1_INTEGER, 66(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
72(X509V3_EXT_S2I)NULL, 670,
73NULL, NULL, NULL, NULL, NULL}; 680,0,0,0, NULL};
74
75 69
76static ASN1_INTEGER *asn1_integer_new(void)
77{
78 return ASN1_INTEGER_new();
79}
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
index a0aa5de794..482ca8ccf5 100644
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -62,38 +62,47 @@
62#include <openssl/conf.h> 62#include <openssl/conf.h>
63#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
64 64
65static STACK *ext_list = NULL; 65#include "ext_dat.h"
66 66
67static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b); 67static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
68
69static int ext_cmp(const X509V3_EXT_METHOD * const *a,
70 const X509V3_EXT_METHOD * const *b);
68static void ext_list_free(X509V3_EXT_METHOD *ext); 71static void ext_list_free(X509V3_EXT_METHOD *ext);
69 72
70int X509V3_EXT_add(X509V3_EXT_METHOD *ext) 73int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
71{ 74{
72 if(!ext_list && !(ext_list = sk_new(ext_cmp))) { 75 if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
73 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); 76 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
74 return 0; 77 return 0;
75 } 78 }
76 if(!sk_push(ext_list, (char *)ext)) { 79 if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
77 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); 80 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
78 return 0; 81 return 0;
79 } 82 }
80 return 1; 83 return 1;
81} 84}
82 85
83static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b) 86static int ext_cmp(const X509V3_EXT_METHOD * const *a,
87 const X509V3_EXT_METHOD * const *b)
84{ 88{
85 return ((*a)->ext_nid - (*b)->ext_nid); 89 return ((*a)->ext_nid - (*b)->ext_nid);
86} 90}
87 91
88X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) 92X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
89{ 93{
90 X509V3_EXT_METHOD tmp; 94 X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
91 int idx; 95 int idx;
96 if(nid < 0) return NULL;
92 tmp.ext_nid = nid; 97 tmp.ext_nid = nid;
93 if(!ext_list || (tmp.ext_nid < 0) ) return NULL; 98 ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
94 idx = sk_find(ext_list, (char *)&tmp); 99 (char *)standard_exts, STANDARD_EXTENSION_COUNT,
100 sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
101 if(ret) return *ret;
102 if(!ext_list) return NULL;
103 idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
95 if(idx == -1) return NULL; 104 if(idx == -1) return NULL;
96 return (X509V3_EXT_METHOD *)sk_value(ext_list, idx); 105 return sk_X509V3_EXT_METHOD_value(ext_list, idx);
97} 106}
98 107
99X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) 108X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
@@ -118,49 +127,33 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
118 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); 127 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
119 return 0; 128 return 0;
120 } 129 }
121 if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) { 130 if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
122 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE); 131 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
123 return 0; 132 return 0;
124 } 133 }
125 *tmpext = *ext; 134 *tmpext = *ext;
126 tmpext->ext_nid = nid_to; 135 tmpext->ext_nid = nid_to;
127 tmpext->ext_flags |= X509V3_EXT_DYNAMIC; 136 tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
128 return 1; 137 return X509V3_EXT_add(tmpext);
129} 138}
130 139
131void X509V3_EXT_cleanup(void) 140void X509V3_EXT_cleanup(void)
132{ 141{
133 sk_pop_free(ext_list, ext_list_free); 142 sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
134 ext_list = NULL; 143 ext_list = NULL;
135} 144}
136 145
137static void ext_list_free(X509V3_EXT_METHOD *ext) 146static void ext_list_free(X509V3_EXT_METHOD *ext)
138{ 147{
139 if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext); 148 if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
140} 149}
141 150
142extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; 151/* Legacy function: we don't need to add standard extensions
143extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet; 152 * any more because they are now kept in ext_dat.h.
144extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; 153 */
145
146extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
147 154
148int X509V3_add_standard_extensions(void) 155int X509V3_add_standard_extensions(void)
149{ 156{
150 X509V3_EXT_add_list(v3_ns_ia5_list);
151 X509V3_EXT_add_list(v3_alt);
152 X509V3_EXT_add(&v3_bcons);
153 X509V3_EXT_add(&v3_nscert);
154 X509V3_EXT_add(&v3_key_usage);
155 X509V3_EXT_add(&v3_ext_ku);
156 X509V3_EXT_add(&v3_skey_id);
157 X509V3_EXT_add(&v3_akey_id);
158 X509V3_EXT_add(&v3_pkey_usage_period);
159 X509V3_EXT_add(&v3_crl_num);
160 X509V3_EXT_add(&v3_sxnet);
161 X509V3_EXT_add(&v3_crl_reason);
162 X509V3_EXT_add(&v3_cpols);
163 X509V3_EXT_add(&v3_crld);
164 return 1; 157 return 1;
165} 158}
166 159
@@ -170,8 +163,139 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
170{ 163{
171 X509V3_EXT_METHOD *method; 164 X509V3_EXT_METHOD *method;
172 unsigned char *p; 165 unsigned char *p;
173 if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL; 166 if(!(method = X509V3_EXT_get(ext))) return NULL;
174 p = ext->value->data; 167 p = ext->value->data;
168 if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
175 return method->d2i(NULL, &p, ext->value->length); 169 return method->d2i(NULL, &p, ext->value->length);
176} 170}
177 171
172/* Get critical flag and decoded version of extension from a NID.
173 * The "idx" variable returns the last found extension and can
174 * be used to retrieve multiple extensions of the same NID.
175 * However multiple extensions with the same NID is usually
176 * due to a badly encoded certificate so if idx is NULL we
177 * choke if multiple extensions exist.
178 * The "crit" variable is set to the critical value.
179 * The return value is the decoded extension or NULL on
180 * error. The actual error can have several different causes,
181 * the value of *crit reflects the cause:
182 * >= 0, extension found but not decoded (reflects critical value).
183 * -1 extension not found.
184 * -2 extension occurs more than once.
185 */
186
187void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
188{
189 int lastpos, i;
190 X509_EXTENSION *ex, *found_ex = NULL;
191 if(!x) {
192 if(idx) *idx = -1;
193 if(crit) *crit = -1;
194 return NULL;
195 }
196 if(idx) lastpos = *idx + 1;
197 else lastpos = 0;
198 if(lastpos < 0) lastpos = 0;
199 for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
200 {
201 ex = sk_X509_EXTENSION_value(x, i);
202 if(OBJ_obj2nid(ex->object) == nid) {
203 if(idx) {
204 *idx = i;
205 break;
206 } else if(found_ex) {
207 /* Found more than one */
208 if(crit) *crit = -2;
209 return NULL;
210 }
211 found_ex = ex;
212 }
213 }
214 if(found_ex) {
215 /* Found it */
216 if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
217 return X509V3_EXT_d2i(found_ex);
218 }
219
220 /* Extension not found */
221 if(idx) *idx = -1;
222 if(crit) *crit = -1;
223 return NULL;
224}
225
226/* This function is a general extension append, replace and delete utility.
227 * The precise operation is governed by the 'flags' value. The 'crit' and
228 * 'value' arguments (if relevant) are the extensions internal structure.
229 */
230
231int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
232 int crit, unsigned long flags)
233{
234 int extidx = -1;
235 int errcode;
236 X509_EXTENSION *ext, *extmp;
237 unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
238
239 /* If appending we don't care if it exists, otherwise
240 * look for existing extension.
241 */
242 if(ext_op != X509V3_ADD_APPEND)
243 extidx = X509v3_get_ext_by_NID(*x, nid, -1);
244
245 /* See if extension exists */
246 if(extidx >= 0) {
247 /* If keep existing, nothing to do */
248 if(ext_op == X509V3_ADD_KEEP_EXISTING)
249 return 1;
250 /* If default then its an error */
251 if(ext_op == X509V3_ADD_DEFAULT) {
252 errcode = X509V3_R_EXTENSION_EXISTS;
253 goto err;
254 }
255 /* If delete, just delete it */
256 if(ext_op == X509V3_ADD_DELETE) {
257 if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
258 return 1;
259 }
260 } else {
261 /* If replace existing or delete, error since
262 * extension must exist
263 */
264 if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
265 (ext_op == X509V3_ADD_DELETE)) {
266 errcode = X509V3_R_EXTENSION_NOT_FOUND;
267 goto err;
268 }
269 }
270
271 /* If we get this far then we have to create an extension:
272 * could have some flags for alternative encoding schemes...
273 */
274
275 ext = X509V3_EXT_i2d(nid, crit, value);
276
277 if(!ext) {
278 X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
279 return 0;
280 }
281
282 /* If extension exists replace it.. */
283 if(extidx >= 0) {
284 extmp = sk_X509_EXTENSION_value(*x, extidx);
285 X509_EXTENSION_free(extmp);
286 if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
287 return 1;
288 }
289
290 if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
291 if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
292
293 return 1;
294
295 err:
296 if(!(flags & X509V3_ADD_SILENT))
297 X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
298 return 0;
299}
300
301IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
index c13e7d8f45..49a2e4697a 100644
--- a/src/lib/libcrypto/x509v3/v3_pku.c
+++ b/src/lib/libcrypto/x509v3/v3_pku.c
@@ -59,7 +59,7 @@
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/asn1.h> 61#include <openssl/asn1.h>
62#include <openssl/asn1_mac.h> 62#include <openssl/asn1t.h>
63#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
64 64
65static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent); 65static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
@@ -67,62 +67,19 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *u
67static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); 67static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
68*/ 68*/
69X509V3_EXT_METHOD v3_pkey_usage_period = { 69X509V3_EXT_METHOD v3_pkey_usage_period = {
70NID_private_key_usage_period, 0, 70NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
71(X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new, 710,0,0,0,
72(X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free, 720,0,0,0,
73(X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD,
74(X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD,
75NULL, NULL, NULL, NULL,
76(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, 73(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
77NULL 74NULL
78}; 75};
79 76
80int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp) 77ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
81{ 78 ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
82 M_ASN1_I2D_vars(a); 79 ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
83 80} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
84 M_ASN1_I2D_len_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME);
85 M_ASN1_I2D_len_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME);
86
87 M_ASN1_I2D_seq_total();
88
89 M_ASN1_I2D_put_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME, 0);
90 M_ASN1_I2D_put_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME, 1);
91
92 M_ASN1_I2D_finish();
93}
94
95PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void)
96{
97 PKEY_USAGE_PERIOD *ret=NULL;
98 ASN1_CTX c;
99 M_ASN1_New_Malloc(ret, PKEY_USAGE_PERIOD);
100 ret->notBefore = NULL;
101 ret->notAfter = NULL;
102 return (ret);
103 M_ASN1_New_Error(ASN1_F_PKEY_USAGE_PERIOD_NEW);
104}
105 81
106PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, 82IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
107 unsigned char **pp, long length)
108{
109 M_ASN1_D2I_vars(a,PKEY_USAGE_PERIOD *,PKEY_USAGE_PERIOD_new);
110 M_ASN1_D2I_Init();
111 M_ASN1_D2I_start_sequence();
112 M_ASN1_D2I_get_IMP_opt (ret->notBefore, d2i_ASN1_GENERALIZEDTIME, 0,
113 V_ASN1_GENERALIZEDTIME);
114 M_ASN1_D2I_get_IMP_opt (ret->notAfter, d2i_ASN1_GENERALIZEDTIME, 1,
115 V_ASN1_GENERALIZEDTIME);
116 M_ASN1_D2I_Finish(a, PKEY_USAGE_PERIOD_free, ASN1_F_D2I_PKEY_USAGE_PERIOD);
117}
118
119void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a)
120{
121 if (a == NULL) return;
122 ASN1_GENERALIZEDTIME_free(a->notBefore);
123 ASN1_GENERALIZEDTIME_free(a->notAfter);
124 Free ((char *)a);
125}
126 83
127static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, 84static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
128 PKEY_USAGE_PERIOD *usage, BIO *out, int indent) 85 PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
index dc20c6bdba..aeaf6170fe 100644
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -64,6 +64,8 @@
64 64
65/* Extension printing routines */ 65/* Extension printing routines */
66 66
67static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
68
67/* Print out a name+value stack */ 69/* Print out a name+value stack */
68 70
69void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) 71void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
@@ -81,29 +83,65 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
81 nval = sk_CONF_VALUE_value(val, i); 83 nval = sk_CONF_VALUE_value(val, i);
82 if(!nval->name) BIO_puts(out, nval->value); 84 if(!nval->name) BIO_puts(out, nval->value);
83 else if(!nval->value) BIO_puts(out, nval->name); 85 else if(!nval->value) BIO_puts(out, nval->name);
86#ifndef CHARSET_EBCDIC
84 else BIO_printf(out, "%s:%s", nval->name, nval->value); 87 else BIO_printf(out, "%s:%s", nval->name, nval->value);
88#else
89 else {
90 int len;
91 char *tmp;
92 len = strlen(nval->value)+1;
93 tmp = OPENSSL_malloc(len);
94 if (tmp)
95 {
96 ascii2ebcdic(tmp, nval->value, len);
97 BIO_printf(out, "%s:%s", nval->name, tmp);
98 OPENSSL_free(tmp);
99 }
100 }
101#endif
85 if(ml) BIO_puts(out, "\n"); 102 if(ml) BIO_puts(out, "\n");
86 } 103 }
87} 104}
88 105
89/* Main routine: print out a general extension */ 106/* Main routine: print out a general extension */
90 107
91int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent) 108int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
92{ 109{
93 char *ext_str = NULL, *value = NULL; 110 void *ext_str = NULL;
111 char *value = NULL;
94 unsigned char *p; 112 unsigned char *p;
95 X509V3_EXT_METHOD *method; 113 X509V3_EXT_METHOD *method;
96 STACK_OF(CONF_VALUE) *nval = NULL; 114 STACK_OF(CONF_VALUE) *nval = NULL;
97 int ok = 1; 115 int ok = 1;
98 if(!(method = X509V3_EXT_get(ext))) return 0; 116 if(!(method = X509V3_EXT_get(ext)))
117 return unknown_ext_print(out, ext, flag, indent, 0);
99 p = ext->value->data; 118 p = ext->value->data;
100 if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0; 119 if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
120 else ext_str = method->d2i(NULL, &p, ext->value->length);
121
122 if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
123
101 if(method->i2s) { 124 if(method->i2s) {
102 if(!(value = method->i2s(method, ext_str))) { 125 if(!(value = method->i2s(method, ext_str))) {
103 ok = 0; 126 ok = 0;
104 goto err; 127 goto err;
105 } 128 }
129#ifndef CHARSET_EBCDIC
106 BIO_printf(out, "%*s%s", indent, "", value); 130 BIO_printf(out, "%*s%s", indent, "", value);
131#else
132 {
133 int len;
134 char *tmp;
135 len = strlen(value)+1;
136 tmp = OPENSSL_malloc(len);
137 if (tmp)
138 {
139 ascii2ebcdic(tmp, value, len);
140 BIO_printf(out, "%*s%s", indent, "", tmp);
141 OPENSSL_free(tmp);
142 }
143 }
144#endif
107 } else if(method->i2v) { 145 } else if(method->i2v) {
108 if(!(nval = method->i2v(method, ext_str, NULL))) { 146 if(!(nval = method->i2v(method, ext_str, NULL))) {
109 ok = 0; 147 ok = 0;
@@ -117,12 +155,72 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
117 155
118 err: 156 err:
119 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); 157 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
120 if(value) Free(value); 158 if(value) OPENSSL_free(value);
121 method->ext_free(ext_str); 159 if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
160 else method->ext_free(ext_str);
122 return ok; 161 return ok;
123} 162}
124 163
125#ifndef NO_FP_API 164int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
165{
166 int i, j;
167
168 if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
169
170 if(title)
171 {
172 BIO_printf(bp,"%*s%s:\n",indent, "", title);
173 indent += 4;
174 }
175
176 for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
177 {
178 ASN1_OBJECT *obj;
179 X509_EXTENSION *ex;
180 ex=sk_X509_EXTENSION_value(exts, i);
181 if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
182 obj=X509_EXTENSION_get_object(ex);
183 i2a_ASN1_OBJECT(bp,obj);
184 j=X509_EXTENSION_get_critical(ex);
185 if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
186 return 0;
187 if(!X509V3_EXT_print(bp, ex, flag, 12))
188 {
189 BIO_printf(bp, "%*s", indent + 4, "");
190 M_ASN1_OCTET_STRING_print(bp,ex->value);
191 }
192 if (BIO_write(bp,"\n",1) <= 0) return 0;
193 }
194 return 1;
195}
196
197static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
198{
199 switch(flag & X509V3_EXT_UNKNOWN_MASK) {
200
201 case X509V3_EXT_DEFAULT:
202 return 0;
203
204 case X509V3_EXT_ERROR_UNKNOWN:
205 if(supported)
206 BIO_printf(out, "%*s<Parse Error>", indent, "");
207 else
208 BIO_printf(out, "%*s<Not Supported>", indent, "");
209 return 1;
210
211 case X509V3_EXT_PARSE_UNKNOWN:
212 return ASN1_parse_dump(out,
213 ext->value->data, ext->value->length, indent, -1);
214 case X509V3_EXT_DUMP_UNKNOWN:
215 return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
216
217 default:
218 return 1;
219 }
220}
221
222
223#ifndef OPENSSL_NO_FP_API
126int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) 224int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
127{ 225{
128 BIO *bio_tmp; 226 BIO *bio_tmp;
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index b7494ebcd5..b739e4fd83 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -1,9 +1,9 @@
1/* v3_purp.c */ 1/* v3_purp.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999. 3 * project 2001.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -59,20 +59,24 @@
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/x509v3.h> 61#include <openssl/x509v3.h>
62 62#include <openssl/x509_vfy.h>
63 63
64static void x509v3_cache_extensions(X509 *x); 64static void x509v3_cache_extensions(X509 *x);
65 65
66static int ca_check(X509 *x); 66static int ca_check(const X509 *x);
67static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca); 67static int check_ssl_ca(const X509 *x);
68static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); 68static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
69static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); 69static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
70static int purpose_smime(X509 *x, int ca); 70static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
71static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca); 71static int purpose_smime(const X509 *x, int ca);
72static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca); 72static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
73static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca); 73static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
74 74static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
75static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b); 75static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
76static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
77
78static int xp_cmp(const X509_PURPOSE * const *a,
79 const X509_PURPOSE * const *b);
76static void xptable_free(X509_PURPOSE *p); 80static void xptable_free(X509_PURPOSE *p);
77 81
78static X509_PURPOSE xstandard[] = { 82static X509_PURPOSE xstandard[] = {
@@ -81,7 +85,9 @@ static X509_PURPOSE xstandard[] = {
81 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, 85 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
82 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, 86 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
83 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, 87 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
84 {X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, 88 {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
89 {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
90 {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
85}; 91};
86 92
87#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) 93#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
@@ -90,15 +96,19 @@ IMPLEMENT_STACK_OF(X509_PURPOSE)
90 96
91static STACK_OF(X509_PURPOSE) *xptable = NULL; 97static STACK_OF(X509_PURPOSE) *xptable = NULL;
92 98
93static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b) 99static int xp_cmp(const X509_PURPOSE * const *a,
100 const X509_PURPOSE * const *b)
94{ 101{
95 return (*a)->purpose - (*b)->purpose; 102 return (*a)->purpose - (*b)->purpose;
96} 103}
97 104
105/* As much as I'd like to make X509_check_purpose use a "const" X509*
106 * I really can't because it does recalculate hashes and do other non-const
107 * things. */
98int X509_check_purpose(X509 *x, int id, int ca) 108int X509_check_purpose(X509 *x, int id, int ca)
99{ 109{
100 int idx; 110 int idx;
101 X509_PURPOSE *pt; 111 const X509_PURPOSE *pt;
102 if(!(x->ex_flags & EXFLAG_SET)) { 112 if(!(x->ex_flags & EXFLAG_SET)) {
103 CRYPTO_w_lock(CRYPTO_LOCK_X509); 113 CRYPTO_w_lock(CRYPTO_LOCK_X509);
104 x509v3_cache_extensions(x); 114 x509v3_cache_extensions(x);
@@ -111,6 +121,16 @@ int X509_check_purpose(X509 *x, int id, int ca)
111 return pt->check_purpose(pt, x, ca); 121 return pt->check_purpose(pt, x, ca);
112} 122}
113 123
124int X509_PURPOSE_set(int *p, int purpose)
125{
126 if(X509_PURPOSE_get_by_id(purpose) == -1) {
127 X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
128 return 0;
129 }
130 *p = purpose;
131 return 1;
132}
133
114int X509_PURPOSE_get_count(void) 134int X509_PURPOSE_get_count(void)
115{ 135{
116 if(!xptable) return X509_PURPOSE_COUNT; 136 if(!xptable) return X509_PURPOSE_COUNT;
@@ -135,7 +155,6 @@ int X509_PURPOSE_get_by_sname(char *sname)
135 return -1; 155 return -1;
136} 156}
137 157
138
139int X509_PURPOSE_get_by_id(int purpose) 158int X509_PURPOSE_get_by_id(int purpose)
140{ 159{
141 X509_PURPOSE tmp; 160 X509_PURPOSE tmp;
@@ -150,7 +169,7 @@ int X509_PURPOSE_get_by_id(int purpose)
150} 169}
151 170
152int X509_PURPOSE_add(int id, int trust, int flags, 171int X509_PURPOSE_add(int id, int trust, int flags,
153 int (*ck)(X509_PURPOSE *, X509 *, int), 172 int (*ck)(const X509_PURPOSE *, const X509 *, int),
154 char *name, char *sname, void *arg) 173 char *name, char *sname, void *arg)
155{ 174{
156 int idx; 175 int idx;
@@ -163,17 +182,17 @@ int X509_PURPOSE_add(int id, int trust, int flags,
163 idx = X509_PURPOSE_get_by_id(id); 182 idx = X509_PURPOSE_get_by_id(id);
164 /* Need a new entry */ 183 /* Need a new entry */
165 if(idx == -1) { 184 if(idx == -1) {
166 if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) { 185 if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
167 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); 186 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
168 return 0; 187 return 0;
169 } 188 }
170 ptmp->flags = X509_PURPOSE_DYNAMIC; 189 ptmp->flags = X509_PURPOSE_DYNAMIC;
171 } else ptmp = X509_PURPOSE_get0(idx); 190 } else ptmp = X509_PURPOSE_get0(idx);
172 191
173 /* Free existing name if dynamic */ 192 /* OPENSSL_free existing name if dynamic */
174 if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { 193 if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
175 Free(ptmp->name); 194 OPENSSL_free(ptmp->name);
176 Free(ptmp->sname); 195 OPENSSL_free(ptmp->sname);
177 } 196 }
178 /* dup supplied name */ 197 /* dup supplied name */
179 ptmp->name = BUF_strdup(name); 198 ptmp->name = BUF_strdup(name);
@@ -212,10 +231,10 @@ static void xptable_free(X509_PURPOSE *p)
212 if (p->flags & X509_PURPOSE_DYNAMIC) 231 if (p->flags & X509_PURPOSE_DYNAMIC)
213 { 232 {
214 if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { 233 if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
215 Free(p->name); 234 OPENSSL_free(p->name);
216 Free(p->sname); 235 OPENSSL_free(p->sname);
217 } 236 }
218 Free(p); 237 OPENSSL_free(p);
219 } 238 }
220 } 239 }
221 240
@@ -247,16 +266,57 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
247 return xp->trust; 266 return xp->trust;
248} 267}
249 268
250#ifndef NO_SHA 269static int nid_cmp(int *a, int *b)
270 {
271 return *a - *b;
272 }
273
274int X509_supported_extension(X509_EXTENSION *ex)
275 {
276 /* This table is a list of the NIDs of supported extensions:
277 * that is those which are used by the verify process. If
278 * an extension is critical and doesn't appear in this list
279 * then the verify process will normally reject the certificate.
280 * The list must be kept in numerical order because it will be
281 * searched using bsearch.
282 */
283
284 static int supported_nids[] = {
285 NID_netscape_cert_type, /* 71 */
286 NID_key_usage, /* 83 */
287 NID_subject_alt_name, /* 85 */
288 NID_basic_constraints, /* 87 */
289 NID_ext_key_usage /* 126 */
290 };
291
292 int ex_nid;
293
294 ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
295
296 if (ex_nid == NID_undef)
297 return 0;
298
299 if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
300 sizeof(supported_nids)/sizeof(int), sizeof(int),
301 (int (*)(const void *, const void *))nid_cmp))
302 return 1;
303 return 0;
304 }
305
306
251static void x509v3_cache_extensions(X509 *x) 307static void x509v3_cache_extensions(X509 *x)
252{ 308{
253 BASIC_CONSTRAINTS *bs; 309 BASIC_CONSTRAINTS *bs;
254 ASN1_BIT_STRING *usage; 310 ASN1_BIT_STRING *usage;
255 ASN1_BIT_STRING *ns; 311 ASN1_BIT_STRING *ns;
256 STACK_OF(ASN1_OBJECT) *extusage; 312 EXTENDED_KEY_USAGE *extusage;
313 X509_EXTENSION *ex;
314
257 int i; 315 int i;
258 if(x->ex_flags & EXFLAG_SET) return; 316 if(x->ex_flags & EXFLAG_SET) return;
317#ifndef OPENSSL_NO_SHA
259 X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); 318 X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
319#endif
260 /* Does subject name match issuer ? */ 320 /* Does subject name match issuer ? */
261 if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) 321 if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
262 x->ex_flags |= EXFLAG_SS; 322 x->ex_flags |= EXFLAG_SS;
@@ -309,6 +369,15 @@ static void x509v3_cache_extensions(X509 *x)
309 case NID_ms_sgc: 369 case NID_ms_sgc:
310 case NID_ns_sgc: 370 case NID_ns_sgc:
311 x->ex_xkusage |= XKU_SGC; 371 x->ex_xkusage |= XKU_SGC;
372 break;
373
374 case NID_OCSP_sign:
375 x->ex_xkusage |= XKU_OCSP_SIGN;
376 break;
377
378 case NID_time_stamp:
379 x->ex_xkusage |= XKU_TIMESTAMP;
380 break;
312 } 381 }
313 } 382 }
314 sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); 383 sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
@@ -320,9 +389,21 @@ static void x509v3_cache_extensions(X509 *x)
320 x->ex_flags |= EXFLAG_NSCERT; 389 x->ex_flags |= EXFLAG_NSCERT;
321 ASN1_BIT_STRING_free(ns); 390 ASN1_BIT_STRING_free(ns);
322 } 391 }
392 x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
393 x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
394 for (i = 0; i < X509_get_ext_count(x); i++)
395 {
396 ex = X509_get_ext(x, i);
397 if (!X509_EXTENSION_get_critical(ex))
398 continue;
399 if (!X509_supported_extension(ex))
400 {
401 x->ex_flags |= EXFLAG_CRITICAL;
402 break;
403 }
404 }
323 x->ex_flags |= EXFLAG_SET; 405 x->ex_flags |= EXFLAG_SET;
324} 406}
325#endif
326 407
327/* CA checks common to all purposes 408/* CA checks common to all purposes
328 * return codes: 409 * return codes:
@@ -340,7 +421,7 @@ static void x509v3_cache_extensions(X509 *x)
340#define ns_reject(x, usage) \ 421#define ns_reject(x, usage) \
341 (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) 422 (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
342 423
343static int ca_check(X509 *x) 424static int ca_check(const X509 *x)
344{ 425{
345 /* keyUsage if present should allow cert signing */ 426 /* keyUsage if present should allow cert signing */
346 if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; 427 if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
@@ -350,26 +431,32 @@ static int ca_check(X509 *x)
350 else return 0; 431 else return 0;
351 } else { 432 } else {
352 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; 433 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
434 /* If key usage present it must have certSign so tolerate it */
435 else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
353 else return 2; 436 else return 2;
354 } 437 }
355} 438}
356 439
440/* Check SSL CA: common checks for SSL client and server */
441static int check_ssl_ca(const X509 *x)
442{
443 int ca_ret;
444 ca_ret = ca_check(x);
445 if(!ca_ret) return 0;
446 /* check nsCertType if present */
447 if(x->ex_flags & EXFLAG_NSCERT) {
448 if(x->ex_nscert & NS_SSL_CA) return ca_ret;
449 return 0;
450 }
451 if(ca_ret != 2) return ca_ret;
452 else return 0;
453}
357 454
358static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) 455
456static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
359{ 457{
360 if(xku_reject(x,XKU_SSL_CLIENT)) return 0; 458 if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
361 if(ca) { 459 if(ca) return check_ssl_ca(x);
362 int ca_ret;
363 ca_ret = ca_check(x);
364 if(!ca_ret) return 0;
365 /* check nsCertType if present */
366 if(x->ex_flags & EXFLAG_NSCERT) {
367 if(x->ex_nscert & NS_SSL_CA) return ca_ret;
368 return 0;
369 }
370 if(ca_ret != 2) return ca_ret;
371 else return 0;
372 }
373 /* We need to do digital signatures with it */ 460 /* We need to do digital signatures with it */
374 if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; 461 if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
375 /* nsCertType if present should allow SSL client use */ 462 /* nsCertType if present should allow SSL client use */
@@ -377,11 +464,10 @@ static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca)
377 return 1; 464 return 1;
378} 465}
379 466
380static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) 467static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
381{ 468{
382 if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; 469 if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
383 /* Otherwise same as SSL client for a CA */ 470 if(ca) return check_ssl_ca(x);
384 if(ca) return check_purpose_ssl_client(xp, x, 1);
385 471
386 if(ns_reject(x, NS_SSL_SERVER)) return 0; 472 if(ns_reject(x, NS_SSL_SERVER)) return 0;
387 /* Now as for keyUsage: we'll at least need to sign OR encipher */ 473 /* Now as for keyUsage: we'll at least need to sign OR encipher */
@@ -391,7 +477,7 @@ static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
391 477
392} 478}
393 479
394static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) 480static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
395{ 481{
396 int ret; 482 int ret;
397 ret = check_purpose_ssl_server(xp, x, ca); 483 ret = check_purpose_ssl_server(xp, x, ca);
@@ -402,7 +488,7 @@ static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca)
402} 488}
403 489
404/* common S/MIME checks */ 490/* common S/MIME checks */
405static int purpose_smime(X509 *x, int ca) 491static int purpose_smime(const X509 *x, int ca)
406{ 492{
407 if(xku_reject(x,XKU_SMIME)) return 0; 493 if(xku_reject(x,XKU_SMIME)) return 0;
408 if(ca) { 494 if(ca) {
@@ -426,16 +512,16 @@ static int purpose_smime(X509 *x, int ca)
426 return 1; 512 return 1;
427} 513}
428 514
429static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca) 515static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
430{ 516{
431 int ret; 517 int ret;
432 ret = purpose_smime(x, ca); 518 ret = purpose_smime(x, ca);
433 if(!ret || ca) return ret; 519 if(!ret || ca) return ret;
434 if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; 520 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
435 return ret; 521 return ret;
436} 522}
437 523
438static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) 524static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
439{ 525{
440 int ret; 526 int ret;
441 ret = purpose_smime(x, ca); 527 ret = purpose_smime(x, ca);
@@ -444,7 +530,7 @@ static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca)
444 return ret; 530 return ret;
445} 531}
446 532
447static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) 533static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
448{ 534{
449 if(ca) { 535 if(ca) {
450 int ca_ret; 536 int ca_ret;
@@ -454,3 +540,86 @@ static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca)
454 if(ku_reject(x, KU_CRL_SIGN)) return 0; 540 if(ku_reject(x, KU_CRL_SIGN)) return 0;
455 return 1; 541 return 1;
456} 542}
543
544/* OCSP helper: this is *not* a full OCSP check. It just checks that
545 * each CA is valid. Additional checks must be made on the chain.
546 */
547
548static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
549{
550 /* Must be a valid CA */
551 if(ca) {
552 int ca_ret;
553 ca_ret = ca_check(x);
554 if(ca_ret != 2) return ca_ret;
555 if(x->ex_flags & EXFLAG_NSCERT) {
556 if(x->ex_nscert & NS_ANY_CA) return ca_ret;
557 return 0;
558 }
559 return 0;
560 }
561 /* leaf certificate is checked in OCSP_verify() */
562 return 1;
563}
564
565static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
566{
567 return 1;
568}
569
570/* Various checks to see if one certificate issued the second.
571 * This can be used to prune a set of possible issuer certificates
572 * which have been looked up using some simple method such as by
573 * subject name.
574 * These are:
575 * 1. Check issuer_name(subject) == subject_name(issuer)
576 * 2. If akid(subject) exists check it matches issuer
577 * 3. If key_usage(issuer) exists check it supports certificate signing
578 * returns 0 for OK, positive for reason for mismatch, reasons match
579 * codes for X509_verify_cert()
580 */
581
582int X509_check_issued(X509 *issuer, X509 *subject)
583{
584 if(X509_NAME_cmp(X509_get_subject_name(issuer),
585 X509_get_issuer_name(subject)))
586 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
587 x509v3_cache_extensions(issuer);
588 x509v3_cache_extensions(subject);
589 if(subject->akid) {
590 /* Check key ids (if present) */
591 if(subject->akid->keyid && issuer->skid &&
592 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
593 return X509_V_ERR_AKID_SKID_MISMATCH;
594 /* Check serial number */
595 if(subject->akid->serial &&
596 ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
597 subject->akid->serial))
598 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
599 /* Check issuer name */
600 if(subject->akid->issuer) {
601 /* Ugh, for some peculiar reason AKID includes
602 * SEQUENCE OF GeneralName. So look for a DirName.
603 * There may be more than one but we only take any
604 * notice of the first.
605 */
606 GENERAL_NAMES *gens;
607 GENERAL_NAME *gen;
608 X509_NAME *nm = NULL;
609 int i;
610 gens = subject->akid->issuer;
611 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
612 gen = sk_GENERAL_NAME_value(gens, i);
613 if(gen->type == GEN_DIRNAME) {
614 nm = gen->d.dirn;
615 break;
616 }
617 }
618 if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
619 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
620 }
621 }
622 if(ku_reject(issuer, KU_KEY_CERT_SIGN)) return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
623 return X509_V_OK;
624}
625
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
index fb3e36014d..c0f044ac1b 100644
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ b/src/lib/libcrypto/x509v3/v3_skey.c
@@ -61,23 +61,14 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
63 63
64static ASN1_OCTET_STRING *octet_string_new(void);
65static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); 64static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
66X509V3_EXT_METHOD v3_skey_id = { 65X509V3_EXT_METHOD v3_skey_id = {
67NID_subject_key_identifier, 0, 66NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
68(X509V3_EXT_NEW)octet_string_new, 670,0,0,0,
69(X509V3_EXT_FREE)ASN1_STRING_free,
70(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
71(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
72(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, 68(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
73(X509V3_EXT_S2I)s2i_skey_id, 69(X509V3_EXT_S2I)s2i_skey_id,
74NULL, NULL, NULL, NULL, NULL}; 700,0,0,0,
75 71NULL};
76
77static ASN1_OCTET_STRING *octet_string_new(void)
78{
79 return ASN1_OCTET_STRING_new();
80}
81 72
82char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, 73char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
83 ASN1_OCTET_STRING *oct) 74 ASN1_OCTET_STRING *oct)
@@ -91,13 +82,13 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
91 ASN1_OCTET_STRING *oct; 82 ASN1_OCTET_STRING *oct;
92 long length; 83 long length;
93 84
94 if(!(oct = ASN1_OCTET_STRING_new())) { 85 if(!(oct = M_ASN1_OCTET_STRING_new())) {
95 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); 86 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
96 return NULL; 87 return NULL;
97 } 88 }
98 89
99 if(!(oct->data = string_to_hex(str, &length))) { 90 if(!(oct->data = string_to_hex(str, &length))) {
100 ASN1_OCTET_STRING_free(oct); 91 M_ASN1_OCTET_STRING_free(oct);
101 return NULL; 92 return NULL;
102 } 93 }
103 94
@@ -113,12 +104,11 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
113 ASN1_OCTET_STRING *oct; 104 ASN1_OCTET_STRING *oct;
114 ASN1_BIT_STRING *pk; 105 ASN1_BIT_STRING *pk;
115 unsigned char pkey_dig[EVP_MAX_MD_SIZE]; 106 unsigned char pkey_dig[EVP_MAX_MD_SIZE];
116 EVP_MD_CTX md;
117 unsigned int diglen; 107 unsigned int diglen;
118 108
119 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); 109 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
120 110
121 if(!(oct = ASN1_OCTET_STRING_new())) { 111 if(!(oct = M_ASN1_OCTET_STRING_new())) {
122 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); 112 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
123 return NULL; 113 return NULL;
124 } 114 }
@@ -139,11 +129,9 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
139 goto err; 129 goto err;
140 } 130 }
141 131
142 EVP_DigestInit(&md, EVP_sha1()); 132 EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
143 EVP_DigestUpdate(&md, pk->data, pk->length);
144 EVP_DigestFinal(&md, pkey_dig, &diglen);
145 133
146 if(!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { 134 if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
147 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); 135 X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
148 goto err; 136 goto err;
149 } 137 }
@@ -151,6 +139,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
151 return oct; 139 return oct;
152 140
153 err: 141 err:
154 ASN1_OCTET_STRING_free(oct); 142 M_ASN1_OCTET_STRING_free(oct);
155 return NULL; 143 return NULL;
156} 144}
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
index 0687bb4e3d..d3f4ba3a72 100644
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ b/src/lib/libcrypto/x509v3/v3_sxnet.c
@@ -60,7 +60,7 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/conf.h> 61#include <openssl/conf.h>
62#include <openssl/asn1.h> 62#include <openssl/asn1.h>
63#include <openssl/asn1_mac.h> 63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66/* Support for Thawte strong extranet extension */ 66/* Support for Thawte strong extranet extension */
@@ -73,111 +73,33 @@ static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *nval); 73 STACK_OF(CONF_VALUE) *nval);
74#endif 74#endif
75X509V3_EXT_METHOD v3_sxnet = { 75X509V3_EXT_METHOD v3_sxnet = {
76NID_sxnet, X509V3_EXT_MULTILINE, 76NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
77(X509V3_EXT_NEW)SXNET_new, 770,0,0,0,
78(X509V3_EXT_FREE)SXNET_free, 780,0,
79(X509V3_EXT_D2I)d2i_SXNET, 790,
80(X509V3_EXT_I2D)i2d_SXNET,
81NULL, NULL,
82NULL,
83#ifdef SXNET_TEST 80#ifdef SXNET_TEST
84(X509V3_EXT_V2I)sxnet_v2i, 81(X509V3_EXT_V2I)sxnet_v2i,
85#else 82#else
86NULL, 830,
87#endif 84#endif
88(X509V3_EXT_I2R)sxnet_i2r, 85(X509V3_EXT_I2R)sxnet_i2r,
89NULL, 860,
90NULL 87NULL
91}; 88};
92 89
90ASN1_SEQUENCE(SXNETID) = {
91 ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
92 ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
93} ASN1_SEQUENCE_END(SXNETID)
93 94
94int i2d_SXNET(SXNET *a, unsigned char **pp) 95IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
95{
96 M_ASN1_I2D_vars(a);
97
98 M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
99 M_ASN1_I2D_len_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
100
101 M_ASN1_I2D_seq_total();
102
103 M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
104 M_ASN1_I2D_put_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
105 96
106 M_ASN1_I2D_finish(); 97ASN1_SEQUENCE(SXNET) = {
107} 98 ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
108 99 ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
109SXNET *SXNET_new(void) 100} ASN1_SEQUENCE_END(SXNET)
110{
111 SXNET *ret=NULL;
112 ASN1_CTX c;
113 M_ASN1_New_Malloc(ret, SXNET);
114 M_ASN1_New(ret->version,ASN1_INTEGER_new);
115 M_ASN1_New(ret->ids,sk_SXNETID_new_null);
116 return (ret);
117 M_ASN1_New_Error(ASN1_F_SXNET_NEW);
118}
119 101
120SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length) 102IMPLEMENT_ASN1_FUNCTIONS(SXNET)
121{
122 M_ASN1_D2I_vars(a,SXNET *,SXNET_new);
123 M_ASN1_D2I_Init();
124 M_ASN1_D2I_start_sequence();
125 M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
126 M_ASN1_D2I_get_seq_type (SXNETID, ret->ids, d2i_SXNETID, SXNETID_free);
127 M_ASN1_D2I_Finish(a, SXNET_free, ASN1_F_D2I_SXNET);
128}
129
130void SXNET_free(SXNET *a)
131{
132 if (a == NULL) return;
133 ASN1_INTEGER_free(a->version);
134 sk_SXNETID_pop_free(a->ids, SXNETID_free);
135 Free (a);
136}
137
138int i2d_SXNETID(SXNETID *a, unsigned char **pp)
139{
140 M_ASN1_I2D_vars(a);
141
142 M_ASN1_I2D_len (a->zone, i2d_ASN1_INTEGER);
143 M_ASN1_I2D_len (a->user, i2d_ASN1_OCTET_STRING);
144
145 M_ASN1_I2D_seq_total();
146
147 M_ASN1_I2D_put (a->zone, i2d_ASN1_INTEGER);
148 M_ASN1_I2D_put (a->user, i2d_ASN1_OCTET_STRING);
149
150 M_ASN1_I2D_finish();
151}
152
153SXNETID *SXNETID_new(void)
154{
155 SXNETID *ret=NULL;
156 ASN1_CTX c;
157 M_ASN1_New_Malloc(ret, SXNETID);
158 ret->zone = NULL;
159 M_ASN1_New(ret->user,ASN1_OCTET_STRING_new);
160 return (ret);
161 M_ASN1_New_Error(ASN1_F_SXNETID_NEW);
162}
163
164SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length)
165{
166 M_ASN1_D2I_vars(a,SXNETID *,SXNETID_new);
167 M_ASN1_D2I_Init();
168 M_ASN1_D2I_start_sequence();
169 M_ASN1_D2I_get(ret->zone, d2i_ASN1_INTEGER);
170 M_ASN1_D2I_get(ret->user, d2i_ASN1_OCTET_STRING);
171 M_ASN1_D2I_Finish(a, SXNETID_free, ASN1_F_D2I_SXNETID);
172}
173
174void SXNETID_free(SXNETID *a)
175{
176 if (a == NULL) return;
177 ASN1_INTEGER_free(a->zone);
178 ASN1_OCTET_STRING_free(a->user);
179 Free (a);
180}
181 103
182static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, 104static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
183 int indent) 105 int indent)
@@ -192,8 +114,8 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
192 id = sk_SXNETID_value(sx->ids, i); 114 id = sk_SXNETID_value(sx->ids, i);
193 tmp = i2s_ASN1_INTEGER(NULL, id->zone); 115 tmp = i2s_ASN1_INTEGER(NULL, id->zone);
194 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); 116 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
195 Free(tmp); 117 OPENSSL_free(tmp);
196 ASN1_OCTET_STRING_print(out, id->user); 118 M_ASN1_OCTET_STRING_print(out, id->user);
197 } 119 }
198 return 1; 120 return 1;
199} 121}
@@ -244,9 +166,9 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
244 int userlen) 166 int userlen)
245{ 167{
246 ASN1_INTEGER *izone = NULL; 168 ASN1_INTEGER *izone = NULL;
247 if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { 169 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
248 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); 170 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
249 ASN1_INTEGER_free(izone); 171 M_ASN1_INTEGER_free(izone);
250 return 0; 172 return 0;
251 } 173 }
252 return SXNET_add_id_INTEGER(psx, izone, user, userlen); 174 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
@@ -285,7 +207,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
285 if(!(id = SXNETID_new())) goto err; 207 if(!(id = SXNETID_new())) goto err;
286 if(userlen == -1) userlen = strlen(user); 208 if(userlen == -1) userlen = strlen(user);
287 209
288 if(!ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; 210 if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
289 if(!sk_SXNETID_push(sx->ids, id)) goto err; 211 if(!sk_SXNETID_push(sx->ids, id)) goto err;
290 id->zone = zone; 212 id->zone = zone;
291 return 1; 213 return 1;
@@ -307,7 +229,7 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
307 return NULL; 229 return NULL;
308 } 230 }
309 oct = SXNET_get_id_INTEGER(sx, izone); 231 oct = SXNET_get_id_INTEGER(sx, izone);
310 ASN1_INTEGER_free(izone); 232 M_ASN1_INTEGER_free(izone);
311 return oct; 233 return oct;
312} 234}
313 235
@@ -315,13 +237,13 @@ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
315{ 237{
316 ASN1_INTEGER *izone = NULL; 238 ASN1_INTEGER *izone = NULL;
317 ASN1_OCTET_STRING *oct; 239 ASN1_OCTET_STRING *oct;
318 if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { 240 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
319 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); 241 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
320 ASN1_INTEGER_free(izone); 242 M_ASN1_INTEGER_free(izone);
321 return NULL; 243 return NULL;
322 } 244 }
323 oct = SXNET_get_id_INTEGER(sx, izone); 245 oct = SXNET_get_id_INTEGER(sx, izone);
324 ASN1_INTEGER_free(izone); 246 M_ASN1_INTEGER_free(izone);
325 return oct; 247 return oct;
326} 248}
327 249
@@ -331,7 +253,7 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
331 int i; 253 int i;
332 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { 254 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
333 id = sk_SXNETID_value(sx->ids, i); 255 id = sk_SXNETID_value(sx->ids, i);
334 if(!ASN1_INTEGER_cmp(id->zone, zone)) return id->user; 256 if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
335 } 257 }
336 return NULL; 258 return NULL;
337} 259}
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
index 40f71c71b4..283e943e46 100644
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -65,6 +65,10 @@
65#include <openssl/x509v3.h> 65#include <openssl/x509v3.h>
66 66
67static char *strip_spaces(char *name); 67static char *strip_spaces(char *name);
68static int sk_strcmp(const char * const *a, const char * const *b);
69static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
70static void str_free(void *str);
71static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
68 72
69/* Add a CONF_VALUE name value pair to stack */ 73/* Add a CONF_VALUE name value pair to stack */
70 74
@@ -75,8 +79,8 @@ int X509V3_add_value(const char *name, const char *value,
75 char *tname = NULL, *tvalue = NULL; 79 char *tname = NULL, *tvalue = NULL;
76 if(name && !(tname = BUF_strdup(name))) goto err; 80 if(name && !(tname = BUF_strdup(name))) goto err;
77 if(value && !(tvalue = BUF_strdup(value))) goto err;; 81 if(value && !(tvalue = BUF_strdup(value))) goto err;;
78 if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err; 82 if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
79 if(!*extlist && !(*extlist = sk_CONF_VALUE_new(NULL))) goto err; 83 if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
80 vtmp->section = NULL; 84 vtmp->section = NULL;
81 vtmp->name = tname; 85 vtmp->name = tname;
82 vtmp->value = tvalue; 86 vtmp->value = tvalue;
@@ -84,9 +88,9 @@ int X509V3_add_value(const char *name, const char *value,
84 return 1; 88 return 1;
85 err: 89 err:
86 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); 90 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
87 if(vtmp) Free(vtmp); 91 if(vtmp) OPENSSL_free(vtmp);
88 if(tname) Free(tname); 92 if(tname) OPENSSL_free(tname);
89 if(tvalue) Free(tvalue); 93 if(tvalue) OPENSSL_free(tvalue);
90 return 0; 94 return 0;
91} 95}
92 96
@@ -101,10 +105,10 @@ int X509V3_add_value_uchar(const char *name, const unsigned char *value,
101void X509V3_conf_free(CONF_VALUE *conf) 105void X509V3_conf_free(CONF_VALUE *conf)
102{ 106{
103 if(!conf) return; 107 if(!conf) return;
104 if(conf->name) Free(conf->name); 108 if(conf->name) OPENSSL_free(conf->name);
105 if(conf->value) Free(conf->value); 109 if(conf->value) OPENSSL_free(conf->value);
106 if(conf->section) Free(conf->section); 110 if(conf->section) OPENSSL_free(conf->section);
107 Free((char *)conf); 111 OPENSSL_free(conf);
108} 112}
109 113
110int X509V3_add_value_bool(const char *name, int asn1_bool, 114int X509V3_add_value_bool(const char *name, int asn1_bool,
@@ -150,21 +154,40 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
150{ 154{
151 BIGNUM *bn = NULL; 155 BIGNUM *bn = NULL;
152 ASN1_INTEGER *aint; 156 ASN1_INTEGER *aint;
157 int isneg, ishex;
158 int ret;
153 bn = BN_new(); 159 bn = BN_new();
154 if(!value) { 160 if (!value) {
155 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); 161 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
156 return 0; 162 return 0;
157 } 163 }
158 if(!BN_dec2bn(&bn, value)) { 164 if (value[0] == '-') {
165 value++;
166 isneg = 1;
167 } else isneg = 0;
168
169 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
170 value += 2;
171 ishex = 1;
172 } else ishex = 0;
173
174 if (ishex) ret = BN_hex2bn(&bn, value);
175 else ret = BN_dec2bn(&bn, value);
176
177 if (!ret) {
159 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); 178 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
160 return 0; 179 return 0;
161 } 180 }
162 181
163 if(!(aint = BN_to_ASN1_INTEGER(bn, NULL))) { 182 if (isneg && BN_is_zero(bn)) isneg = 0;
183
184 aint = BN_to_ASN1_INTEGER(bn, NULL);
185 BN_free(bn);
186 if (!aint) {
164 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); 187 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
165 return 0; 188 return 0;
166 } 189 }
167 BN_free(bn); 190 if (isneg) aint->type |= V_ASN1_NEG;
168 return aint; 191 return aint;
169} 192}
170 193
@@ -176,7 +199,7 @@ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
176 if(!aint) return 1; 199 if(!aint) return 1;
177 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; 200 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
178 ret = X509V3_add_value(name, strtmp, extlist); 201 ret = X509V3_add_value(name, strtmp, extlist);
179 Free(strtmp); 202 OPENSSL_free(strtmp);
180 return ret; 203 return ret;
181} 204}
182 205
@@ -217,7 +240,7 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
217 240
218/*#define DEBUG*/ 241/*#define DEBUG*/
219 242
220STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line) 243STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
221{ 244{
222 char *p, *q, c; 245 char *p, *q, c;
223 char *ntmp, *vtmp; 246 char *ntmp, *vtmp;
@@ -246,7 +269,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
246 *p = 0; 269 *p = 0;
247 ntmp = strip_spaces(q); 270 ntmp = strip_spaces(q);
248 q = p + 1; 271 q = p + 1;
249#ifdef DEBUG 272#if 0
250 printf("%s\n", ntmp); 273 printf("%s\n", ntmp);
251#endif 274#endif
252 if(!ntmp) { 275 if(!ntmp) {
@@ -262,7 +285,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
262 state = HDR_NAME; 285 state = HDR_NAME;
263 *p = 0; 286 *p = 0;
264 vtmp = strip_spaces(q); 287 vtmp = strip_spaces(q);
265#ifdef DEBUG 288#if 0
266 printf("%s\n", ntmp); 289 printf("%s\n", ntmp);
267#endif 290#endif
268 if(!vtmp) { 291 if(!vtmp) {
@@ -279,7 +302,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
279 302
280 if(state == HDR_VALUE) { 303 if(state == HDR_VALUE) {
281 vtmp = strip_spaces(q); 304 vtmp = strip_spaces(q);
282#ifdef DEBUG 305#if 0
283 printf("%s=%s\n", ntmp, vtmp); 306 printf("%s=%s\n", ntmp, vtmp);
284#endif 307#endif
285 if(!vtmp) { 308 if(!vtmp) {
@@ -289,7 +312,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
289 X509V3_add_value(ntmp, vtmp, &values); 312 X509V3_add_value(ntmp, vtmp, &values);
290 } else { 313 } else {
291 ntmp = strip_spaces(q); 314 ntmp = strip_spaces(q);
292#ifdef DEBUG 315#if 0
293 printf("%s\n", ntmp); 316 printf("%s\n", ntmp);
294#endif 317#endif
295 if(!ntmp) { 318 if(!ntmp) {
@@ -298,11 +321,11 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
298 } 321 }
299 X509V3_add_value(ntmp, NULL, &values); 322 X509V3_add_value(ntmp, NULL, &values);
300 } 323 }
301Free(linebuf); 324OPENSSL_free(linebuf);
302return values; 325return values;
303 326
304err: 327err:
305Free(linebuf); 328OPENSSL_free(linebuf);
306sk_CONF_VALUE_pop_free(values, X509V3_conf_free); 329sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
307return NULL; 330return NULL;
308 331
@@ -325,8 +348,9 @@ static char *strip_spaces(char *name)
325 348
326/* hex string utilities */ 349/* hex string utilities */
327 350
328/* Given a buffer of length 'len' return a Malloc'ed string with its 351/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
329 * hex representation 352 * hex representation
353 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
330 */ 354 */
331 355
332char *hex_to_string(unsigned char *buffer, long len) 356char *hex_to_string(unsigned char *buffer, long len)
@@ -336,7 +360,7 @@ char *hex_to_string(unsigned char *buffer, long len)
336 int i; 360 int i;
337 static char hexdig[] = "0123456789ABCDEF"; 361 static char hexdig[] = "0123456789ABCDEF";
338 if(!buffer || !len) return NULL; 362 if(!buffer || !len) return NULL;
339 if(!(tmp = Malloc(len * 3 + 1))) { 363 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
340 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); 364 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
341 return NULL; 365 return NULL;
342 } 366 }
@@ -347,6 +371,10 @@ char *hex_to_string(unsigned char *buffer, long len)
347 *q++ = ':'; 371 *q++ = ':';
348 } 372 }
349 q[-1] = 0; 373 q[-1] = 0;
374#ifdef CHARSET_EBCDIC
375 ebcdic2ascii(tmp, tmp, q - tmp - 1);
376#endif
377
350 return tmp; 378 return tmp;
351} 379}
352 380
@@ -362,14 +390,20 @@ unsigned char *string_to_hex(char *str, long *len)
362 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); 390 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
363 return NULL; 391 return NULL;
364 } 392 }
365 if(!(hexbuf = Malloc(strlen(str) >> 1))) goto err; 393 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
366 for(p = (unsigned char *)str, q = hexbuf; *p;) { 394 for(p = (unsigned char *)str, q = hexbuf; *p;) {
367 ch = *p++; 395 ch = *p++;
396#ifdef CHARSET_EBCDIC
397 ch = os_toebcdic[ch];
398#endif
368 if(ch == ':') continue; 399 if(ch == ':') continue;
369 cl = *p++; 400 cl = *p++;
401#ifdef CHARSET_EBCDIC
402 cl = os_toebcdic[cl];
403#endif
370 if(!cl) { 404 if(!cl) {
371 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); 405 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
372 Free(hexbuf); 406 OPENSSL_free(hexbuf);
373 return NULL; 407 return NULL;
374 } 408 }
375 if(isupper(ch)) ch = tolower(ch); 409 if(isupper(ch)) ch = tolower(ch);
@@ -391,12 +425,12 @@ unsigned char *string_to_hex(char *str, long *len)
391 return hexbuf; 425 return hexbuf;
392 426
393 err: 427 err:
394 if(hexbuf) Free(hexbuf); 428 if(hexbuf) OPENSSL_free(hexbuf);
395 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); 429 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
396 return NULL; 430 return NULL;
397 431
398 badhex: 432 badhex:
399 Free(hexbuf); 433 OPENSSL_free(hexbuf);
400 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); 434 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
401 return NULL; 435 return NULL;
402 436
@@ -416,3 +450,86 @@ int name_cmp(const char *name, const char *cmp)
416 if(!c || (c=='.')) return 0; 450 if(!c || (c=='.')) return 0;
417 return 1; 451 return 1;
418} 452}
453
454static int sk_strcmp(const char * const *a, const char * const *b)
455{
456 return strcmp(*a, *b);
457}
458
459STACK *X509_get1_email(X509 *x)
460{
461 GENERAL_NAMES *gens;
462 STACK *ret;
463 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
464 ret = get_email(X509_get_subject_name(x), gens);
465 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
466 return ret;
467}
468
469STACK *X509_REQ_get1_email(X509_REQ *x)
470{
471 GENERAL_NAMES *gens;
472 STACK_OF(X509_EXTENSION) *exts;
473 STACK *ret;
474 exts = X509_REQ_get_extensions(x);
475 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
476 ret = get_email(X509_REQ_get_subject_name(x), gens);
477 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
478 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
479 return ret;
480}
481
482
483static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
484{
485 STACK *ret = NULL;
486 X509_NAME_ENTRY *ne;
487 ASN1_IA5STRING *email;
488 GENERAL_NAME *gen;
489 int i;
490 /* Now add any email address(es) to STACK */
491 i = -1;
492 /* First supplied X509_NAME */
493 while((i = X509_NAME_get_index_by_NID(name,
494 NID_pkcs9_emailAddress, i)) > 0) {
495 ne = X509_NAME_get_entry(name, i);
496 email = X509_NAME_ENTRY_get_data(ne);
497 if(!append_ia5(&ret, email)) return NULL;
498 }
499 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
500 {
501 gen = sk_GENERAL_NAME_value(gens, i);
502 if(gen->type != GEN_EMAIL) continue;
503 if(!append_ia5(&ret, gen->d.ia5)) return NULL;
504 }
505 return ret;
506}
507
508static void str_free(void *str)
509{
510 OPENSSL_free(str);
511}
512
513static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
514{
515 char *emtmp;
516 /* First some sanity checks */
517 if(email->type != V_ASN1_IA5STRING) return 1;
518 if(!email->data || !email->length) return 1;
519 if(!*sk) *sk = sk_new(sk_strcmp);
520 if(!*sk) return 0;
521 /* Don't add duplicates */
522 if(sk_find(*sk, (char *)email->data) != -1) return 1;
523 emtmp = BUF_strdup((char *)email->data);
524 if(!emtmp || !sk_push(*sk, emtmp)) {
525 X509_email_free(*sk);
526 *sk = NULL;
527 return 0;
528 }
529 return 1;
530}
531
532void X509_email_free(STACK *sk)
533{
534 sk_pop_free(sk, str_free);
535}
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
index 50efa8d99d..6458e95bb9 100644
--- a/src/lib/libcrypto/x509v3/v3err.c
+++ b/src/lib/libcrypto/x509v3/v3err.c
@@ -54,7 +54,8 @@
54 */ 54 */
55 55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes 56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file. 57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
58 */ 59 */
59 60
60#include <stdio.h> 61#include <stdio.h>
@@ -62,7 +63,7 @@
62#include <openssl/x509v3.h> 63#include <openssl/x509v3.h>
63 64
64/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
65#ifndef NO_ERR 66#ifndef OPENSSL_NO_ERR
66static ERR_STRING_DATA X509V3_str_functs[]= 67static ERR_STRING_DATA X509V3_str_functs[]=
67 { 68 {
68{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, 69{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"},
@@ -72,6 +73,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
72{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, 73{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
73{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, 74{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
74{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, 75{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
76{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"},
75{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, 77{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"},
76{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, 78{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"},
77{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, 79{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"},
@@ -87,6 +89,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
87{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, 89{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"},
88{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, 90{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"},
89{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, 91{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"},
92{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"},
90{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, 93{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"},
91{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, 94{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"},
92{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, 95{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
@@ -95,6 +98,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
95{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, 98{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"},
96{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, 99{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"},
97{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, 100{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"},
101{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"},
98{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, 102{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"},
99{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, 103{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
100{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, 104{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
@@ -102,6 +106,8 @@ static ERR_STRING_DATA X509V3_str_functs[]=
102{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, 106{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"},
103{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, 107{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
104{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, 108{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
109{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"},
110{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0), "X509_PURPOSE_set"},
105{0,NULL} 111{0,NULL}
106 }; 112 };
107 113
@@ -113,8 +119,10 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
113{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, 119{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"},
114{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, 120{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"},
115{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, 121{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"},
122{X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"},
116{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"}, 123{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"},
117{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"}, 124{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"},
125{X509V3_R_EXTENSION_EXISTS ,"extension exists"},
118{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"}, 126{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"},
119{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, 127{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"},
120{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, 128{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
@@ -131,7 +139,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
131{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, 139{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"},
132{X509V3_R_INVALID_OPTION ,"invalid option"}, 140{X509V3_R_INVALID_OPTION ,"invalid option"},
133{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, 141{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"},
142{X509V3_R_INVALID_PURPOSE ,"invalid purpose"},
134{X509V3_R_INVALID_SECTION ,"invalid section"}, 143{X509V3_R_INVALID_SECTION ,"invalid section"},
144{X509V3_R_INVALID_SYNTAX ,"invalid syntax"},
135{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, 145{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"},
136{X509V3_R_MISSING_VALUE ,"missing value"}, 146{X509V3_R_MISSING_VALUE ,"missing value"},
137{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, 147{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"},
@@ -162,7 +172,7 @@ void ERR_load_X509V3_strings(void)
162 if (init) 172 if (init)
163 { 173 {
164 init=0; 174 init=0;
165#ifndef NO_ERR 175#ifndef OPENSSL_NO_ERR
166 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs); 176 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
167 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons); 177 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
168#endif 178#endif
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
index d7945bc9cd..daecc55271 100644
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ b/src/lib/libcrypto/x509v3/x509v3.h
@@ -1,87 +1,655 @@
1/* crypto/x509v3/x509v3.h */ 1/* x509v3.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * All rights reserved. 3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 * 7 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
25 * are met: 10 * are met:
26 * 1. Redistributions of source code must retain the copyright 11 *
27 * notice, this list of conditions and the following disclaimer. 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
28 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the 16 * notice, this list of conditions and the following disclaimer in
30 * documentation and/or other materials provided with the distribution. 17 * the documentation and/or other materials provided with the
31 * 3. All advertising materials mentioning features or use of this software 18 * distribution.
32 * must display the following acknowledgement: 19 *
33 * "This product includes cryptographic software written by 20 * 3. All advertising materials mentioning features or use of this
34 * Eric Young (eay@cryptsoft.com)" 21 * software must display the following acknowledgment:
35 * The word 'cryptographic' can be left out if the rouines from the library 22 * "This product includes software developed by the OpenSSL Project
36 * being used are not cryptographic related :-). 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
37 * 4. If you include any Windows specific code (or a derivative thereof) from 24 *
38 * the apps directory (application code) you must include an acknowledgement: 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 26 * endorse or promote products derived from this software without
40 * 27 * prior written permission. For written permission, please contact
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 28 * licensing@OpenSSL.org.
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 *
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * 5. Products derived from this software may not be called "OpenSSL"
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 31 * nor may "OpenSSL" appear in their names without prior written
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * permission of the OpenSSL Project.
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 *
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * 6. Redistributions of any form whatsoever must retain the following
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * acknowledgment:
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * "This product includes software developed by the OpenSSL Project
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
51 * SUCH DAMAGE. 38 *
52 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
53 * The licence and distribution terms for any publically available version or 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
55 * copied and put under another distribution licence 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
56 * [including the GNU Public Licence.] 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58#ifndef HEADER_X509V3_H
59#define HEADER_X509V3_H
60
61#include <openssl/bio.h>
62#include <openssl/x509.h>
63#include <openssl/conf.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69/* Forward reference */
70struct v3_ext_method;
71struct v3_ext_ctx;
72
73/* Useful typedefs */
74
75typedef void * (*X509V3_EXT_NEW)(void);
76typedef void (*X509V3_EXT_FREE)(void *);
77typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
78typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
79typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
80typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
81typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
82typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
83typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
84typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
85
86/* V3 extension structure */
87
88struct v3_ext_method {
89int ext_nid;
90int ext_flags;
91/* If this is set the following four fields are ignored */
92ASN1_ITEM_EXP *it;
93/* Old style ASN1 calls */
94X509V3_EXT_NEW ext_new;
95X509V3_EXT_FREE ext_free;
96X509V3_EXT_D2I d2i;
97X509V3_EXT_I2D i2d;
98
99/* The following pair is used for string extensions */
100X509V3_EXT_I2S i2s;
101X509V3_EXT_S2I s2i;
102
103/* The following pair is used for multi-valued extensions */
104X509V3_EXT_I2V i2v;
105X509V3_EXT_V2I v2i;
106
107/* The following are used for raw extensions */
108X509V3_EXT_I2R i2r;
109X509V3_EXT_R2I r2i;
110
111void *usr_data; /* Any extension specific data */
112};
113
114typedef struct X509V3_CONF_METHOD_st {
115char * (*get_string)(void *db, char *section, char *value);
116STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
117void (*free_string)(void *db, char * string);
118void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
119} X509V3_CONF_METHOD;
120
121/* Context specific info */
122struct v3_ext_ctx {
123#define CTX_TEST 0x1
124int flags;
125X509 *issuer_cert;
126X509 *subject_cert;
127X509_REQ *subject_req;
128X509_CRL *crl;
129X509V3_CONF_METHOD *db_meth;
130void *db;
131/* Maybe more here */
132};
133
134typedef struct v3_ext_method X509V3_EXT_METHOD;
135typedef struct v3_ext_ctx X509V3_CTX;
136
137DECLARE_STACK_OF(X509V3_EXT_METHOD)
138
139/* ext_flags values */
140#define X509V3_EXT_DYNAMIC 0x1
141#define X509V3_EXT_CTX_DEP 0x2
142#define X509V3_EXT_MULTILINE 0x4
143
144typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
145
146typedef struct BASIC_CONSTRAINTS_st {
147int ca;
148ASN1_INTEGER *pathlen;
149} BASIC_CONSTRAINTS;
150
151
152typedef struct PKEY_USAGE_PERIOD_st {
153ASN1_GENERALIZEDTIME *notBefore;
154ASN1_GENERALIZEDTIME *notAfter;
155} PKEY_USAGE_PERIOD;
156
157typedef struct otherName_st {
158ASN1_OBJECT *type_id;
159ASN1_TYPE *value;
160} OTHERNAME;
161
162typedef struct EDIPartyName_st {
163 ASN1_STRING *nameAssigner;
164 ASN1_STRING *partyName;
165} EDIPARTYNAME;
166
167typedef struct GENERAL_NAME_st {
168
169#define GEN_OTHERNAME 0
170#define GEN_EMAIL 1
171#define GEN_DNS 2
172#define GEN_X400 3
173#define GEN_DIRNAME 4
174#define GEN_EDIPARTY 5
175#define GEN_URI 6
176#define GEN_IPADD 7
177#define GEN_RID 8
178
179int type;
180union {
181 char *ptr;
182 OTHERNAME *otherName; /* otherName */
183 ASN1_IA5STRING *rfc822Name;
184 ASN1_IA5STRING *dNSName;
185 ASN1_TYPE *x400Address;
186 X509_NAME *directoryName;
187 EDIPARTYNAME *ediPartyName;
188 ASN1_IA5STRING *uniformResourceIdentifier;
189 ASN1_OCTET_STRING *iPAddress;
190 ASN1_OBJECT *registeredID;
191
192 /* Old names */
193 ASN1_OCTET_STRING *ip; /* iPAddress */
194 X509_NAME *dirn; /* dirn */
195 ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
196 ASN1_OBJECT *rid; /* registeredID */
197 ASN1_TYPE *other; /* x400Address */
198} d;
199} GENERAL_NAME;
200
201typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
202
203typedef struct ACCESS_DESCRIPTION_st {
204 ASN1_OBJECT *method;
205 GENERAL_NAME *location;
206} ACCESS_DESCRIPTION;
207
208typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
209
210typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
211
212DECLARE_STACK_OF(GENERAL_NAME)
213DECLARE_ASN1_SET_OF(GENERAL_NAME)
214
215DECLARE_STACK_OF(ACCESS_DESCRIPTION)
216DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
217
218typedef struct DIST_POINT_NAME_st {
219int type;
220union {
221 GENERAL_NAMES *fullname;
222 STACK_OF(X509_NAME_ENTRY) *relativename;
223} name;
224} DIST_POINT_NAME;
225
226typedef struct DIST_POINT_st {
227DIST_POINT_NAME *distpoint;
228ASN1_BIT_STRING *reasons;
229GENERAL_NAMES *CRLissuer;
230} DIST_POINT;
231
232typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
233
234DECLARE_STACK_OF(DIST_POINT)
235DECLARE_ASN1_SET_OF(DIST_POINT)
236
237typedef struct AUTHORITY_KEYID_st {
238ASN1_OCTET_STRING *keyid;
239GENERAL_NAMES *issuer;
240ASN1_INTEGER *serial;
241} AUTHORITY_KEYID;
242
243/* Strong extranet structures */
244
245typedef struct SXNET_ID_st {
246 ASN1_INTEGER *zone;
247 ASN1_OCTET_STRING *user;
248} SXNETID;
249
250DECLARE_STACK_OF(SXNETID)
251DECLARE_ASN1_SET_OF(SXNETID)
252
253typedef struct SXNET_st {
254 ASN1_INTEGER *version;
255 STACK_OF(SXNETID) *ids;
256} SXNET;
257
258typedef struct NOTICEREF_st {
259 ASN1_STRING *organization;
260 STACK_OF(ASN1_INTEGER) *noticenos;
261} NOTICEREF;
262
263typedef struct USERNOTICE_st {
264 NOTICEREF *noticeref;
265 ASN1_STRING *exptext;
266} USERNOTICE;
267
268typedef struct POLICYQUALINFO_st {
269 ASN1_OBJECT *pqualid;
270 union {
271 ASN1_IA5STRING *cpsuri;
272 USERNOTICE *usernotice;
273 ASN1_TYPE *other;
274 } d;
275} POLICYQUALINFO;
276
277DECLARE_STACK_OF(POLICYQUALINFO)
278DECLARE_ASN1_SET_OF(POLICYQUALINFO)
279
280typedef struct POLICYINFO_st {
281 ASN1_OBJECT *policyid;
282 STACK_OF(POLICYQUALINFO) *qualifiers;
283} POLICYINFO;
284
285typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
286
287DECLARE_STACK_OF(POLICYINFO)
288DECLARE_ASN1_SET_OF(POLICYINFO)
289
290#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
291",name:", val->name, ",value:", val->value);
292
293#define X509V3_set_ctx_test(ctx) \
294 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
295#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
296
297#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
298 0,0,0,0, \
299 0,0, \
300 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
301 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
302 NULL, NULL, \
303 table}
304
305#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
306 0,0,0,0, \
307 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
308 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
309 0,0,0,0, \
310 NULL}
311
312#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
313
314
315/* X509_PURPOSE stuff */
316
317#define EXFLAG_BCONS 0x1
318#define EXFLAG_KUSAGE 0x2
319#define EXFLAG_XKUSAGE 0x4
320#define EXFLAG_NSCERT 0x8
321
322#define EXFLAG_CA 0x10
323#define EXFLAG_SS 0x20
324#define EXFLAG_V1 0x40
325#define EXFLAG_INVALID 0x80
326#define EXFLAG_SET 0x100
327#define EXFLAG_CRITICAL 0x200
328
329#define KU_DIGITAL_SIGNATURE 0x0080
330#define KU_NON_REPUDIATION 0x0040
331#define KU_KEY_ENCIPHERMENT 0x0020
332#define KU_DATA_ENCIPHERMENT 0x0010
333#define KU_KEY_AGREEMENT 0x0008
334#define KU_KEY_CERT_SIGN 0x0004
335#define KU_CRL_SIGN 0x0002
336#define KU_ENCIPHER_ONLY 0x0001
337#define KU_DECIPHER_ONLY 0x8000
338
339#define NS_SSL_CLIENT 0x80
340#define NS_SSL_SERVER 0x40
341#define NS_SMIME 0x20
342#define NS_OBJSIGN 0x10
343#define NS_SSL_CA 0x04
344#define NS_SMIME_CA 0x02
345#define NS_OBJSIGN_CA 0x01
346#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
347
348#define XKU_SSL_SERVER 0x1
349#define XKU_SSL_CLIENT 0x2
350#define XKU_SMIME 0x4
351#define XKU_CODE_SIGN 0x8
352#define XKU_SGC 0x10
353#define XKU_OCSP_SIGN 0x20
354#define XKU_TIMESTAMP 0x40
355
356#define X509_PURPOSE_DYNAMIC 0x1
357#define X509_PURPOSE_DYNAMIC_NAME 0x2
358
359typedef struct x509_purpose_st {
360 int purpose;
361 int trust; /* Default trust ID */
362 int flags;
363 int (*check_purpose)(const struct x509_purpose_st *,
364 const X509 *, int);
365 char *name;
366 char *sname;
367 void *usr_data;
368} X509_PURPOSE;
369
370#define X509_PURPOSE_SSL_CLIENT 1
371#define X509_PURPOSE_SSL_SERVER 2
372#define X509_PURPOSE_NS_SSL_SERVER 3
373#define X509_PURPOSE_SMIME_SIGN 4
374#define X509_PURPOSE_SMIME_ENCRYPT 5
375#define X509_PURPOSE_CRL_SIGN 6
376#define X509_PURPOSE_ANY 7
377#define X509_PURPOSE_OCSP_HELPER 8
378
379#define X509_PURPOSE_MIN 1
380#define X509_PURPOSE_MAX 8
381
382/* Flags for X509V3_EXT_print() */
383
384#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
385/* Return error for unknown extensions */
386#define X509V3_EXT_DEFAULT 0
387/* Print error for unknown extensions */
388#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
389/* ASN1 parse unknown extensions */
390#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
391/* BIO_dump unknown extensions */
392#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
393
394/* Flags for X509V3_add1_i2d */
395
396#define X509V3_ADD_OP_MASK 0xfL
397#define X509V3_ADD_DEFAULT 0L
398#define X509V3_ADD_APPEND 1L
399#define X509V3_ADD_REPLACE 2L
400#define X509V3_ADD_REPLACE_EXISTING 3L
401#define X509V3_ADD_KEEP_EXISTING 4L
402#define X509V3_ADD_DELETE 5L
403#define X509V3_ADD_SILENT 0x10
404
405DECLARE_STACK_OF(X509_PURPOSE)
406
407DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
408
409DECLARE_ASN1_FUNCTIONS(SXNET)
410DECLARE_ASN1_FUNCTIONS(SXNETID)
411
412int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
413int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);
414int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);
415
416ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
417ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
418ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
419
420DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
421
422DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
423
424DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
425
426STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
427int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
428
429DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
430
431STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
432 GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
433GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
434 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
435
436DECLARE_ASN1_FUNCTIONS(OTHERNAME)
437DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
438
439char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
440ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
441
442DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
443int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
444
445DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
446DECLARE_ASN1_FUNCTIONS(POLICYINFO)
447DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
448DECLARE_ASN1_FUNCTIONS(USERNOTICE)
449DECLARE_ASN1_FUNCTIONS(NOTICEREF)
450
451DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
452DECLARE_ASN1_FUNCTIONS(DIST_POINT)
453DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
454
455DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
456DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
457
458#ifdef HEADER_CONF_H
459GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
460void X509V3_conf_free(CONF_VALUE *val);
461
462X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
463X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
464int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
465int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
466int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
467int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
468
469X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
470X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
471int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
472int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
473int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
474
475int X509V3_add_value_bool_nf(char *name, int asn1_bool,
476 STACK_OF(CONF_VALUE) **extlist);
477int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
478int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
479void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
480void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
481#endif
482
483char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
484STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
485void X509V3_string_free(X509V3_CTX *ctx, char *str);
486void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
487void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
488 X509_REQ *req, X509_CRL *crl, int flags);
489
490int X509V3_add_value(const char *name, const char *value,
491 STACK_OF(CONF_VALUE) **extlist);
492int X509V3_add_value_uchar(const char *name, const unsigned char *value,
493 STACK_OF(CONF_VALUE) **extlist);
494int X509V3_add_value_bool(const char *name, int asn1_bool,
495 STACK_OF(CONF_VALUE) **extlist);
496int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
497 STACK_OF(CONF_VALUE) **extlist);
498char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
499ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
500char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
501char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
502int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
503int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
504int X509V3_EXT_add_alias(int nid_to, int nid_from);
505void X509V3_EXT_cleanup(void);
506
507X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
508X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
509int X509V3_add_standard_extensions(void);
510STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
511void *X509V3_EXT_d2i(X509_EXTENSION *ext);
512void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
513
514
515X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
516int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
517
518char *hex_to_string(unsigned char *buffer, long len);
519unsigned char *string_to_hex(char *str, long *len);
520int name_cmp(const char *name, const char *cmp);
521
522void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
523 int ml);
524int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
525int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
526
527int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
528
529int X509_check_purpose(X509 *x, int id, int ca);
530int X509_supported_extension(X509_EXTENSION *ex);
531int X509_PURPOSE_set(int *p, int purpose);
532int X509_check_issued(X509 *issuer, X509 *subject);
533int X509_PURPOSE_get_count(void);
534X509_PURPOSE * X509_PURPOSE_get0(int idx);
535int X509_PURPOSE_get_by_sname(char *sname);
536int X509_PURPOSE_get_by_id(int id);
537int X509_PURPOSE_add(int id, int trust, int flags,
538 int (*ck)(const X509_PURPOSE *, const X509 *, int),
539 char *name, char *sname, void *arg);
540char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
541char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
542int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
543void X509_PURPOSE_cleanup(void);
544int X509_PURPOSE_get_id(X509_PURPOSE *);
545
546STACK *X509_get1_email(X509 *x);
547STACK *X509_REQ_get1_email(X509_REQ *x);
548void X509_email_free(STACK *sk);
549
550
551/* BEGIN ERROR CODES */
552/* The following lines are auto generated by the script mkerr.pl. Any changes
553 * made after this point may be overwritten when the script is next run.
57 */ 554 */
58#define X509v3_N_KU_digitalSignature 0 555void ERR_load_X509V3_strings(void);
59#define X509v3_N_KU_nonRepudiation 1 556
60#define X509v3_N_KU_keyEncipherment 2 557/* Error codes for the X509V3 functions. */
61#define X509v3_N_KU_dataEncipherment 3 558
62#define X509v3_N_KU_keyAgreement 4 559/* Function codes. */
63#define X509v3_N_KU_keyCertSign 5 560#define X509V3_F_COPY_EMAIL 122
64#define X509v3_N_KU_cRLSign 6 561#define X509V3_F_COPY_ISSUER 123
65#define X509v3_N_KU_encipherOnly 7 562#define X509V3_F_DO_EXT_CONF 124
66#define X509v3_N_KU_decipherOnly 8 563#define X509V3_F_DO_EXT_I2D 135
67#define X509v3_N_KU_NUM 9 564#define X509V3_F_HEX_TO_STRING 111
68#define X509v3_S_KU_digitalSignature "digitalSignature" 565#define X509V3_F_I2S_ASN1_ENUMERATED 121
69#define X509v3_S_KU_nonRepudiation "nonRepudiation" 566#define X509V3_F_I2S_ASN1_INTEGER 120
70#define X509v3_S_KU_keyEncipherment "keyEncipherment" 567#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
71#define X509v3_S_KU_dataEncipherment "dataEncipherment" 568#define X509V3_F_NOTICE_SECTION 132
72#define X509v3_S_KU_keyAgreement "keyAgreement" 569#define X509V3_F_NREF_NOS 133
73#define X509v3_S_KU_keyCertSign "keyCertSign" 570#define X509V3_F_POLICY_SECTION 131
74#define X509v3_S_KU_cRLSign "cRLSign" 571#define X509V3_F_R2I_CERTPOL 130
75#define X509v3_S_KU_encipherOnly "encipherOnly" 572#define X509V3_F_S2I_ASN1_IA5STRING 100
76#define X509v3_S_KU_decipherOnly "decipherOnly" 573#define X509V3_F_S2I_ASN1_INTEGER 108
77 574#define X509V3_F_S2I_ASN1_OCTET_STRING 112
78 575#define X509V3_F_S2I_ASN1_SKEY_ID 114
79void X509_ex_clear(X509_EXTENSION *a); 576#define X509V3_F_S2I_S2I_SKEY_ID 115
80int X509_ex_get_bool(X509_EXTENSION *a,int num); 577#define X509V3_F_STRING_TO_HEX 113
81int X509_ex_set_bool(X509_EXTENSION *a,int num,int value); 578#define X509V3_F_SXNET_ADD_ASC 125
82int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len); 579#define X509V3_F_SXNET_ADD_ID_INTEGER 126
83int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len); 580#define X509V3_F_SXNET_ADD_ID_ULONG 127
84char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p); 581#define X509V3_F_SXNET_GET_ID_ASC 128
85int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p); 582#define X509V3_F_SXNET_GET_ID_ULONG 129
86int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len); 583#define X509V3_F_V2I_ACCESS_DESCRIPTION 139
87int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a); 584#define X509V3_F_V2I_ASN1_BIT_STRING 101
585#define X509V3_F_V2I_AUTHORITY_KEYID 119
586#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
587#define X509V3_F_V2I_CRLD 134
588#define X509V3_F_V2I_EXT_KU 103
589#define X509V3_F_V2I_GENERAL_NAME 117
590#define X509V3_F_V2I_GENERAL_NAMES 118
591#define X509V3_F_V3_GENERIC_EXTENSION 116
592#define X509V3_F_X509V3_ADD_I2D 140
593#define X509V3_F_X509V3_ADD_VALUE 105
594#define X509V3_F_X509V3_EXT_ADD 104
595#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
596#define X509V3_F_X509V3_EXT_CONF 107
597#define X509V3_F_X509V3_EXT_I2D 136
598#define X509V3_F_X509V3_GET_VALUE_BOOL 110
599#define X509V3_F_X509V3_PARSE_LIST 109
600#define X509V3_F_X509_PURPOSE_ADD 137
601#define X509V3_F_X509_PURPOSE_SET 141
602
603/* Reason codes. */
604#define X509V3_R_BAD_IP_ADDRESS 118
605#define X509V3_R_BAD_OBJECT 119
606#define X509V3_R_BN_DEC2BN_ERROR 100
607#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
608#define X509V3_R_DUPLICATE_ZONE_ID 133
609#define X509V3_R_ERROR_CONVERTING_ZONE 131
610#define X509V3_R_ERROR_CREATING_EXTENSION 144
611#define X509V3_R_ERROR_IN_EXTENSION 128
612#define X509V3_R_EXPECTED_A_SECTION_NAME 137
613#define X509V3_R_EXTENSION_EXISTS 145
614#define X509V3_R_EXTENSION_NAME_ERROR 115
615#define X509V3_R_EXTENSION_NOT_FOUND 102
616#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
617#define X509V3_R_EXTENSION_VALUE_ERROR 116
618#define X509V3_R_ILLEGAL_HEX_DIGIT 113
619#define X509V3_R_INVALID_BOOLEAN_STRING 104
620#define X509V3_R_INVALID_EXTENSION_STRING 105
621#define X509V3_R_INVALID_NAME 106
622#define X509V3_R_INVALID_NULL_ARGUMENT 107
623#define X509V3_R_INVALID_NULL_NAME 108
624#define X509V3_R_INVALID_NULL_VALUE 109
625#define X509V3_R_INVALID_NUMBER 140
626#define X509V3_R_INVALID_NUMBERS 141
627#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
628#define X509V3_R_INVALID_OPTION 138
629#define X509V3_R_INVALID_POLICY_IDENTIFIER 134
630#define X509V3_R_INVALID_PURPOSE 146
631#define X509V3_R_INVALID_SECTION 135
632#define X509V3_R_INVALID_SYNTAX 143
633#define X509V3_R_ISSUER_DECODE_ERROR 126
634#define X509V3_R_MISSING_VALUE 124
635#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142
636#define X509V3_R_NO_CONFIG_DATABASE 136
637#define X509V3_R_NO_ISSUER_CERTIFICATE 121
638#define X509V3_R_NO_ISSUER_DETAILS 127
639#define X509V3_R_NO_POLICY_IDENTIFIER 139
640#define X509V3_R_NO_PUBLIC_KEY 114
641#define X509V3_R_NO_SUBJECT_DETAILS 125
642#define X509V3_R_ODD_NUMBER_OF_DIGITS 112
643#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
644#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123
645#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
646#define X509V3_R_UNKNOWN_EXTENSION 129
647#define X509V3_R_UNKNOWN_EXTENSION_NAME 130
648#define X509V3_R_UNKNOWN_OPTION 120
649#define X509V3_R_UNSUPPORTED_OPTION 117
650#define X509V3_R_USER_TOO_LONG 132
651
652#ifdef __cplusplus
653}
654#endif
655#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 20:52:57 +0000