summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509v3')
-rw-r--r--src/lib/libcrypto/x509v3/ext_dat.h131
-rw-r--r--src/lib/libcrypto/x509v3/pcy_cache.c287
-rw-r--r--src/lib/libcrypto/x509v3/pcy_data.c131
-rw-r--r--src/lib/libcrypto/x509v3/pcy_int.h223
-rw-r--r--src/lib/libcrypto/x509v3/pcy_lib.c167
-rw-r--r--src/lib/libcrypto/x509v3/pcy_map.c186
-rw-r--r--src/lib/libcrypto/x509v3/pcy_node.c158
-rw-r--r--src/lib/libcrypto/x509v3/pcy_tree.c694
-rw-r--r--src/lib/libcrypto/x509v3/v3_akey.c208
-rw-r--r--src/lib/libcrypto/x509v3/v3_akeya.c72
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c582
-rw-r--r--src/lib/libcrypto/x509v3/v3_bcons.c124
-rw-r--r--src/lib/libcrypto/x509v3/v3_bitst.c141
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c524
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c454
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c162
-rw-r--r--src/lib/libcrypto/x509v3/v3_enum.c94
-rw-r--r--src/lib/libcrypto/x509v3/v3_extku.c142
-rw-r--r--src/lib/libcrypto/x509v3/v3_genn.c101
-rw-r--r--src/lib/libcrypto/x509v3/v3_ia5.c116
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c193
-rw-r--r--src/lib/libcrypto/x509v3/v3_int.c89
-rw-r--r--src/lib/libcrypto/x509v3/v3_lib.c303
-rw-r--r--src/lib/libcrypto/x509v3/v3_ncons.c220
-rw-r--r--src/lib/libcrypto/x509v3/v3_ocsp.c275
-rw-r--r--src/lib/libcrypto/x509v3/v3_pci.c302
-rw-r--r--src/lib/libcrypto/x509v3/v3_pcia.c55
-rw-r--r--src/lib/libcrypto/x509v3/v3_pcons.c136
-rw-r--r--src/lib/libcrypto/x509v3/v3_pku.c108
-rw-r--r--src/lib/libcrypto/x509v3/v3_pmaps.c153
-rw-r--r--src/lib/libcrypto/x509v3/v3_prn.c234
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c663
-rw-r--r--src/lib/libcrypto/x509v3/v3_skey.c144
-rw-r--r--src/lib/libcrypto/x509v3/v3_sxnet.c262
-rw-r--r--src/lib/libcrypto/x509v3/v3_utl.c871
-rw-r--r--src/lib/libcrypto/x509v3/v3err.c219
-rw-r--r--src/lib/libcrypto/x509v3/x509v3.h922
37 files changed, 0 insertions, 9846 deletions
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
deleted file mode 100644
index 3eaec46f8a..0000000000
--- a/src/lib/libcrypto/x509v3/ext_dat.h
+++ /dev/null
@@ -1,131 +0,0 @@
1/* ext_dat.h */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* This file contains a table of "standard" extensions */
59
60extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
61extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
62extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
63extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
64extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
65extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
66extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
67extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
68extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
69extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;
70#ifndef OPENSSL_NO_RFC3779
71extern X509V3_EXT_METHOD v3_addr, v3_asid;
72#endif
73
74/* This table will be searched using OBJ_bsearch so it *must* kept in
75 * order of the ext_nid values.
76 */
77
78static X509V3_EXT_METHOD *standard_exts[] = {
79&v3_nscert,
80&v3_ns_ia5_list[0],
81&v3_ns_ia5_list[1],
82&v3_ns_ia5_list[2],
83&v3_ns_ia5_list[3],
84&v3_ns_ia5_list[4],
85&v3_ns_ia5_list[5],
86&v3_ns_ia5_list[6],
87&v3_skey_id,
88&v3_key_usage,
89&v3_pkey_usage_period,
90&v3_alt[0],
91&v3_alt[1],
92&v3_bcons,
93&v3_crl_num,
94&v3_cpols,
95&v3_akey_id,
96&v3_crld,
97&v3_ext_ku,
98&v3_delta_crl,
99&v3_crl_reason,
100#ifndef OPENSSL_NO_OCSP
101&v3_crl_invdate,
102#endif
103&v3_sxnet,
104&v3_info,
105#ifndef OPENSSL_NO_RFC3779
106&v3_addr,
107&v3_asid,
108#endif
109#ifndef OPENSSL_NO_OCSP
110&v3_ocsp_nonce,
111&v3_ocsp_crlid,
112&v3_ocsp_accresp,
113&v3_ocsp_nocheck,
114&v3_ocsp_acutoff,
115&v3_ocsp_serviceloc,
116#endif
117&v3_sinfo,
118&v3_policy_constraints,
119#ifndef OPENSSL_NO_OCSP
120&v3_crl_hold,
121#endif
122&v3_pci,
123&v3_name_constraints,
124&v3_policy_mappings,
125&v3_inhibit_anyp
126};
127
128/* Number of standard extensions */
129
130#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
131
diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c
deleted file mode 100644
index 1030931b71..0000000000
--- a/src/lib/libcrypto/x509v3/pcy_cache.c
+++ /dev/null
@@ -1,287 +0,0 @@
1/* pcy_cache.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004.
4 */
5/* ====================================================================
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include "cryptlib.h"
60#include <openssl/x509.h>
61#include <openssl/x509v3.h>
62
63#include "pcy_int.h"
64
65static int policy_data_cmp(const X509_POLICY_DATA * const *a,
66 const X509_POLICY_DATA * const *b);
67static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
68
69/* Set cache entry according to CertificatePolicies extension.
70 * Note: this destroys the passed CERTIFICATEPOLICIES structure.
71 */
72
73static int policy_cache_create(X509 *x,
74 CERTIFICATEPOLICIES *policies, int crit)
75 {
76 int i;
77 int ret = 0;
78 X509_POLICY_CACHE *cache = x->policy_cache;
79 X509_POLICY_DATA *data = NULL;
80 POLICYINFO *policy;
81 if (sk_POLICYINFO_num(policies) == 0)
82 goto bad_policy;
83 cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
84 if (!cache->data)
85 goto bad_policy;
86 for (i = 0; i < sk_POLICYINFO_num(policies); i++)
87 {
88 policy = sk_POLICYINFO_value(policies, i);
89 data = policy_data_new(policy, NULL, crit);
90 if (!data)
91 goto bad_policy;
92 /* Duplicate policy OIDs are illegal: reject if matches
93 * found.
94 */
95 if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
96 {
97 if (cache->anyPolicy)
98 {
99 ret = -1;
100 goto bad_policy;
101 }
102 cache->anyPolicy = data;
103 }
104 else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1)
105 {
106 ret = -1;
107 goto bad_policy;
108 }
109 else if (!sk_X509_POLICY_DATA_push(cache->data, data))
110 goto bad_policy;
111 data = NULL;
112 }
113 ret = 1;
114 bad_policy:
115 if (ret == -1)
116 x->ex_flags |= EXFLAG_INVALID_POLICY;
117 if (data)
118 policy_data_free(data);
119 sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
120 if (ret <= 0)
121 {
122 sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
123 cache->data = NULL;
124 }
125 return ret;
126 }
127
128
129static int policy_cache_new(X509 *x)
130 {
131 X509_POLICY_CACHE *cache;
132 ASN1_INTEGER *ext_any = NULL;
133 POLICY_CONSTRAINTS *ext_pcons = NULL;
134 CERTIFICATEPOLICIES *ext_cpols = NULL;
135 POLICY_MAPPINGS *ext_pmaps = NULL;
136 int i;
137 cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));
138 if (!cache)
139 return 0;
140 cache->anyPolicy = NULL;
141 cache->data = NULL;
142 cache->maps = NULL;
143 cache->any_skip = -1;
144 cache->explicit_skip = -1;
145 cache->map_skip = -1;
146
147 x->policy_cache = cache;
148
149 /* Handle requireExplicitPolicy *first*. Need to process this
150 * even if we don't have any policies.
151 */
152 ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
153
154 if (!ext_pcons)
155 {
156 if (i != -1)
157 goto bad_cache;
158 }
159 else
160 {
161 if (!ext_pcons->requireExplicitPolicy
162 && !ext_pcons->inhibitPolicyMapping)
163 goto bad_cache;
164 if (!policy_cache_set_int(&cache->explicit_skip,
165 ext_pcons->requireExplicitPolicy))
166 goto bad_cache;
167 if (!policy_cache_set_int(&cache->map_skip,
168 ext_pcons->inhibitPolicyMapping))
169 goto bad_cache;
170 }
171
172 /* Process CertificatePolicies */
173
174 ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
175 /* If no CertificatePolicies extension or problem decoding then
176 * there is no point continuing because the valid policies will be
177 * NULL.
178 */
179 if (!ext_cpols)
180 {
181 /* If not absent some problem with extension */
182 if (i != -1)
183 goto bad_cache;
184 return 1;
185 }
186
187 i = policy_cache_create(x, ext_cpols, i);
188
189 /* NB: ext_cpols freed by policy_cache_set_policies */
190
191 if (i <= 0)
192 return i;
193
194 ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
195
196 if (!ext_pmaps)
197 {
198 /* If not absent some problem with extension */
199 if (i != -1)
200 goto bad_cache;
201 }
202 else
203 {
204 i = policy_cache_set_mapping(x, ext_pmaps);
205 if (i <= 0)
206 goto bad_cache;
207 }
208
209 ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
210
211 if (!ext_any)
212 {
213 if (i != -1)
214 goto bad_cache;
215 }
216 else if (!policy_cache_set_int(&cache->any_skip, ext_any))
217 goto bad_cache;
218
219 if (0)
220 {
221 bad_cache:
222 x->ex_flags |= EXFLAG_INVALID_POLICY;
223 }
224
225 if(ext_pcons)
226 POLICY_CONSTRAINTS_free(ext_pcons);
227
228 if (ext_any)
229 ASN1_INTEGER_free(ext_any);
230
231 return 1;
232
233
234}
235
236void policy_cache_free(X509_POLICY_CACHE *cache)
237 {
238 if (!cache)
239 return;
240 if (cache->anyPolicy)
241 policy_data_free(cache->anyPolicy);
242 if (cache->data)
243 sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
244 OPENSSL_free(cache);
245 }
246
247const X509_POLICY_CACHE *policy_cache_set(X509 *x)
248 {
249
250 if (x->policy_cache == NULL)
251 {
252 CRYPTO_w_lock(CRYPTO_LOCK_X509);
253 policy_cache_new(x);
254 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
255 }
256
257 return x->policy_cache;
258
259 }
260
261X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
262 const ASN1_OBJECT *id)
263 {
264 int idx;
265 X509_POLICY_DATA tmp;
266 tmp.valid_policy = (ASN1_OBJECT *)id;
267 idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
268 if (idx == -1)
269 return NULL;
270 return sk_X509_POLICY_DATA_value(cache->data, idx);
271 }
272
273static int policy_data_cmp(const X509_POLICY_DATA * const *a,
274 const X509_POLICY_DATA * const *b)
275 {
276 return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
277 }
278
279static int policy_cache_set_int(long *out, ASN1_INTEGER *value)
280 {
281 if (value == NULL)
282 return 1;
283 if (value->type == V_ASN1_NEG_INTEGER)
284 return 0;
285 *out = ASN1_INTEGER_get(value);
286 return 1;
287 }
diff --git a/src/lib/libcrypto/x509v3/pcy_data.c b/src/lib/libcrypto/x509v3/pcy_data.c
deleted file mode 100644
index fb392b901f..0000000000
--- a/src/lib/libcrypto/x509v3/pcy_data.c
+++ /dev/null
@@ -1,131 +0,0 @@
1/* pcy_data.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004.
4 */
5/* ====================================================================
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include "cryptlib.h"
60#include <openssl/x509.h>
61#include <openssl/x509v3.h>
62
63#include "pcy_int.h"
64
65/* Policy Node routines */
66
67void policy_data_free(X509_POLICY_DATA *data)
68 {
69 ASN1_OBJECT_free(data->valid_policy);
70 /* Don't free qualifiers if shared */
71 if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
72 sk_POLICYQUALINFO_pop_free(data->qualifier_set,
73 POLICYQUALINFO_free);
74 sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
75 OPENSSL_free(data);
76 }
77
78/* Create a data based on an existing policy. If 'id' is NULL use the
79 * oid in the policy, otherwise use 'id'. This behaviour covers the two
80 * types of data in RFC3280: data with from a CertificatePolcies extension
81 * and additional data with just the qualifiers of anyPolicy and ID from
82 * another source.
83 */
84
85X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)
86 {
87 X509_POLICY_DATA *ret;
88 if (!policy && !id)
89 return NULL;
90 if (id)
91 {
92 id = OBJ_dup(id);
93 if (!id)
94 return NULL;
95 }
96 ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
97 if (!ret)
98 return NULL;
99 ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
100 if (!ret->expected_policy_set)
101 {
102 OPENSSL_free(ret);
103 if (id)
104 ASN1_OBJECT_free(id);
105 return NULL;
106 }
107
108 if (crit)
109 ret->flags = POLICY_DATA_FLAG_CRITICAL;
110 else
111 ret->flags = 0;
112
113 if (id)
114 ret->valid_policy = id;
115 else
116 {
117 ret->valid_policy = policy->policyid;
118 policy->policyid = NULL;
119 }
120
121 if (policy)
122 {
123 ret->qualifier_set = policy->qualifiers;
124 policy->qualifiers = NULL;
125 }
126 else
127 ret->qualifier_set = NULL;
128
129 return ret;
130 }
131
diff --git a/src/lib/libcrypto/x509v3/pcy_int.h b/src/lib/libcrypto/x509v3/pcy_int.h
deleted file mode 100644
index 3780de4fcd..0000000000
--- a/src/lib/libcrypto/x509v3/pcy_int.h
+++ /dev/null
@@ -1,223 +0,0 @@
1/* pcy_int.h */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004.
4 */
5/* ====================================================================
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59DECLARE_STACK_OF(X509_POLICY_DATA)
60DECLARE_STACK_OF(X509_POLICY_REF)
61DECLARE_STACK_OF(X509_POLICY_NODE)
62
63typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
64typedef struct X509_POLICY_REF_st X509_POLICY_REF;
65
66/* Internal structures */
67
68/* This structure and the field names correspond to the Policy 'node' of
69 * RFC3280. NB this structure contains no pointers to parent or child
70 * data: X509_POLICY_NODE contains that. This means that the main policy data
71 * can be kept static and cached with the certificate.
72 */
73
74struct X509_POLICY_DATA_st
75 {
76 unsigned int flags;
77 /* Policy OID and qualifiers for this data */
78 ASN1_OBJECT *valid_policy;
79 STACK_OF(POLICYQUALINFO) *qualifier_set;
80 STACK_OF(ASN1_OBJECT) *expected_policy_set;
81 };
82
83/* X509_POLICY_DATA flags values */
84
85/* This flag indicates the structure has been mapped using a policy mapping
86 * extension. If policy mapping is not active its references get deleted.
87 */
88
89#define POLICY_DATA_FLAG_MAPPED 0x1
90
91/* This flag indicates the data doesn't correspond to a policy in Certificate
92 * Policies: it has been mapped to any policy.
93 */
94
95#define POLICY_DATA_FLAG_MAPPED_ANY 0x2
96
97/* AND with flags to see if any mapping has occurred */
98
99#define POLICY_DATA_FLAG_MAP_MASK 0x3
100
101/* qualifiers are shared and shouldn't be freed */
102
103#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4
104
105/* Parent node is an extra node and should be freed */
106
107#define POLICY_DATA_FLAG_EXTRA_NODE 0x8
108
109/* Corresponding CertificatePolicies is critical */
110
111#define POLICY_DATA_FLAG_CRITICAL 0x10
112
113/* This structure is an entry from a table of mapped policies which
114 * cross reference the policy it refers to.
115 */
116
117struct X509_POLICY_REF_st
118 {
119 ASN1_OBJECT *subjectDomainPolicy;
120 const X509_POLICY_DATA *data;
121 };
122
123/* This structure is cached with a certificate */
124
125struct X509_POLICY_CACHE_st {
126 /* anyPolicy data or NULL if no anyPolicy */
127 X509_POLICY_DATA *anyPolicy;
128 /* other policy data */
129 STACK_OF(X509_POLICY_DATA) *data;
130 /* If policyMappings extension present a table of mapped policies */
131 STACK_OF(X509_POLICY_REF) *maps;
132 /* If InhibitAnyPolicy present this is its value or -1 if absent. */
133 long any_skip;
134 /* If policyConstraints and requireExplicitPolicy present this is its
135 * value or -1 if absent.
136 */
137 long explicit_skip;
138 /* If policyConstraints and policyMapping present this is its
139 * value or -1 if absent.
140 */
141 long map_skip;
142 };
143
144/*#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL*/
145
146/* This structure represents the relationship between nodes */
147
148struct X509_POLICY_NODE_st
149 {
150 /* node data this refers to */
151 const X509_POLICY_DATA *data;
152 /* Parent node */
153 X509_POLICY_NODE *parent;
154 /* Number of child nodes */
155 int nchild;
156 };
157
158struct X509_POLICY_LEVEL_st
159 {
160 /* Cert for this level */
161 X509 *cert;
162 /* nodes at this level */
163 STACK_OF(X509_POLICY_NODE) *nodes;
164 /* anyPolicy node */
165 X509_POLICY_NODE *anyPolicy;
166 /* Extra data */
167 /*STACK_OF(X509_POLICY_DATA) *extra_data;*/
168 unsigned int flags;
169 };
170
171struct X509_POLICY_TREE_st
172 {
173 /* This is the tree 'level' data */
174 X509_POLICY_LEVEL *levels;
175 int nlevel;
176 /* Extra policy data when additional nodes (not from the certificate)
177 * are required.
178 */
179 STACK_OF(X509_POLICY_DATA) *extra_data;
180 /* This is the authority constained policy set */
181 STACK_OF(X509_POLICY_NODE) *auth_policies;
182 STACK_OF(X509_POLICY_NODE) *user_policies;
183 unsigned int flags;
184 };
185
186/* Set if anyPolicy present in user policies */
187#define POLICY_FLAG_ANY_POLICY 0x2
188
189/* Useful macros */
190
191#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
192#define node_critical(node) node_data_critical(node->data)
193
194/* Internal functions */
195
196X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id,
197 int crit);
198void policy_data_free(X509_POLICY_DATA *data);
199
200X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
201 const ASN1_OBJECT *id);
202int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
203
204
205STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
206
207void policy_cache_init(void);
208
209void policy_cache_free(X509_POLICY_CACHE *cache);
210
211X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
212 const ASN1_OBJECT *id);
213
214X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
215 const ASN1_OBJECT *id);
216
217X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
218 X509_POLICY_DATA *data,
219 X509_POLICY_NODE *parent,
220 X509_POLICY_TREE *tree);
221void policy_node_free(X509_POLICY_NODE *node);
222
223const X509_POLICY_CACHE *policy_cache_set(X509 *x);
diff --git a/src/lib/libcrypto/x509v3/pcy_lib.c b/src/lib/libcrypto/x509v3/pcy_lib.c
deleted file mode 100644
index 93bfd92703..0000000000
--- a/src/lib/libcrypto/x509v3/pcy_lib.c
+++ /dev/null
@@ -1,167 +0,0 @@
1/* pcy_lib.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004.
4 */
5/* ====================================================================
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include "cryptlib.h"
61#include <openssl/x509.h>
62#include <openssl/x509v3.h>
63
64#include "pcy_int.h"
65
66/* accessor functions */
67
68/* X509_POLICY_TREE stuff */
69
70int X509_policy_tree_level_count(const X509_POLICY_TREE *tree)
71 {
72 if (!tree)
73 return 0;
74 return tree->nlevel;
75 }
76
77X509_POLICY_LEVEL *
78 X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i)
79 {
80 if (!tree || (i < 0) || (i >= tree->nlevel))
81 return NULL;
82 return tree->levels + i;
83 }
84
85STACK_OF(X509_POLICY_NODE) *
86 X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree)
87 {
88 if (!tree)
89 return NULL;
90 return tree->auth_policies;
91 }
92
93STACK_OF(X509_POLICY_NODE) *
94 X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree)
95 {
96 if (!tree)
97 return NULL;
98 if (tree->flags & POLICY_FLAG_ANY_POLICY)
99 return tree->auth_policies;
100 else
101 return tree->user_policies;
102 }
103
104/* X509_POLICY_LEVEL stuff */
105
106int X509_policy_level_node_count(X509_POLICY_LEVEL *level)
107 {
108 int n;
109 if (!level)
110 return 0;
111 if (level->anyPolicy)
112 n = 1;
113 else
114 n = 0;
115 if (level->nodes)
116 n += sk_X509_POLICY_NODE_num(level->nodes);
117 return n;
118 }
119
120X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i)
121 {
122 if (!level)
123 return NULL;
124 if (level->anyPolicy)
125 {
126 if (i == 0)
127 return level->anyPolicy;
128 i--;
129 }
130 return sk_X509_POLICY_NODE_value(level->nodes, i);
131 }
132
133/* X509_POLICY_NODE stuff */
134
135const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
136 {
137 if (!node)
138 return NULL;
139 return node->data->valid_policy;
140 }
141
142#if 0
143int X509_policy_node_get_critical(const X509_POLICY_NODE *node)
144 {
145 if (node_critical(node))
146 return 1;
147 return 0;
148 }
149#endif
150
151STACK_OF(POLICYQUALINFO) *
152 X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node)
153 {
154 if (!node)
155 return NULL;
156 return node->data->qualifier_set;
157 }
158
159const X509_POLICY_NODE *
160 X509_policy_node_get0_parent(const X509_POLICY_NODE *node)
161 {
162 if (!node)
163 return NULL;
164 return node->parent;
165 }
166
167
diff --git a/src/lib/libcrypto/x509v3/pcy_map.c b/src/lib/libcrypto/x509v3/pcy_map.c
deleted file mode 100644
index f28796e6d4..0000000000
--- a/src/lib/libcrypto/x509v3/pcy_map.c
+++ /dev/null
@@ -1,186 +0,0 @@
1/* pcy_map.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004.
4 */
5/* ====================================================================
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include "cryptlib.h"
60#include <openssl/x509.h>
61#include <openssl/x509v3.h>
62
63#include "pcy_int.h"
64
65static int ref_cmp(const X509_POLICY_REF * const *a,
66 const X509_POLICY_REF * const *b)
67 {
68 return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy);
69 }
70
71static void policy_map_free(X509_POLICY_REF *map)
72 {
73 if (map->subjectDomainPolicy)
74 ASN1_OBJECT_free(map->subjectDomainPolicy);
75 OPENSSL_free(map);
76 }
77
78static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id)
79 {
80 X509_POLICY_REF tmp;
81 int idx;
82 tmp.subjectDomainPolicy = id;
83
84 idx = sk_X509_POLICY_REF_find(cache->maps, &tmp);
85 if (idx == -1)
86 return NULL;
87 return sk_X509_POLICY_REF_value(cache->maps, idx);
88 }
89
90/* Set policy mapping entries in cache.
91 * Note: this modifies the passed POLICY_MAPPINGS structure
92 */
93
94int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
95 {
96 POLICY_MAPPING *map;
97 X509_POLICY_REF *ref = NULL;
98 X509_POLICY_DATA *data;
99 X509_POLICY_CACHE *cache = x->policy_cache;
100 int i;
101 int ret = 0;
102 if (sk_POLICY_MAPPING_num(maps) == 0)
103 {
104 ret = -1;
105 goto bad_mapping;
106 }
107 cache->maps = sk_X509_POLICY_REF_new(ref_cmp);
108 for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++)
109 {
110 map = sk_POLICY_MAPPING_value(maps, i);
111 /* Reject if map to or from anyPolicy */
112 if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
113 || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy))
114 {
115 ret = -1;
116 goto bad_mapping;
117 }
118
119 /* If we've already mapped from this OID bad mapping */
120 if (policy_map_find(cache, map->subjectDomainPolicy) != NULL)
121 {
122 ret = -1;
123 goto bad_mapping;
124 }
125
126 /* Attempt to find matching policy data */
127 data = policy_cache_find_data(cache, map->issuerDomainPolicy);
128 /* If we don't have anyPolicy can't map */
129 if (!data && !cache->anyPolicy)
130 continue;
131
132 /* Create a NODE from anyPolicy */
133 if (!data)
134 {
135 data = policy_data_new(NULL, map->issuerDomainPolicy,
136 cache->anyPolicy->flags
137 & POLICY_DATA_FLAG_CRITICAL);
138 if (!data)
139 goto bad_mapping;
140 data->qualifier_set = cache->anyPolicy->qualifier_set;
141 map->issuerDomainPolicy = NULL;
142 data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
143 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
144 if (!sk_X509_POLICY_DATA_push(cache->data, data))
145 {
146 policy_data_free(data);
147 goto bad_mapping;
148 }
149 }
150 else
151 data->flags |= POLICY_DATA_FLAG_MAPPED;
152
153 if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
154 map->subjectDomainPolicy))
155 goto bad_mapping;
156
157 ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
158 if (!ref)
159 goto bad_mapping;
160
161 ref->subjectDomainPolicy = map->subjectDomainPolicy;
162 map->subjectDomainPolicy = NULL;
163 ref->data = data;
164
165 if (!sk_X509_POLICY_REF_push(cache->maps, ref))
166 goto bad_mapping;
167
168 ref = NULL;
169
170 }
171
172 ret = 1;
173 bad_mapping:
174 if (ret == -1)
175 x->ex_flags |= EXFLAG_INVALID_POLICY;
176 if (ref)
177 policy_map_free(ref);
178 if (ret <= 0)
179 {
180 sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free);
181 cache->maps = NULL;
182 }
183 sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
184 return ret;
185
186 }
diff --git a/src/lib/libcrypto/x509v3/pcy_node.c b/src/lib/libcrypto/x509v3/pcy_node.c
deleted file mode 100644
index 6587cb05ab..0000000000
--- a/src/lib/libcrypto/x509v3/pcy_node.c
+++ /dev/null
@@ -1,158 +0,0 @@
1/* pcy_node.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004.
4 */
5/* ====================================================================
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <openssl/asn1.h>
60#include <openssl/x509.h>
61#include <openssl/x509v3.h>
62
63#include "pcy_int.h"
64
65static int node_cmp(const X509_POLICY_NODE * const *a,
66 const X509_POLICY_NODE * const *b)
67 {
68 return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
69 }
70
71STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
72 {
73 return sk_X509_POLICY_NODE_new(node_cmp);
74 }
75
76X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
77 const ASN1_OBJECT *id)
78 {
79 X509_POLICY_DATA n;
80 X509_POLICY_NODE l;
81 int idx;
82
83 n.valid_policy = (ASN1_OBJECT *)id;
84 l.data = &n;
85
86 idx = sk_X509_POLICY_NODE_find(nodes, &l);
87 if (idx == -1)
88 return NULL;
89
90 return sk_X509_POLICY_NODE_value(nodes, idx);
91
92 }
93
94X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
95 const ASN1_OBJECT *id)
96 {
97 return tree_find_sk(level->nodes, id);
98 }
99
100X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
101 X509_POLICY_DATA *data,
102 X509_POLICY_NODE *parent,
103 X509_POLICY_TREE *tree)
104 {
105 X509_POLICY_NODE *node;
106 node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));
107 if (!node)
108 return NULL;
109 node->data = data;
110 node->parent = parent;
111 node->nchild = 0;
112 if (level)
113 {
114 if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
115 {
116 if (level->anyPolicy)
117 goto node_error;
118 level->anyPolicy = node;
119 }
120 else
121 {
122
123 if (!level->nodes)
124 level->nodes = policy_node_cmp_new();
125 if (!level->nodes)
126 goto node_error;
127 if (!sk_X509_POLICY_NODE_push(level->nodes, node))
128 goto node_error;
129 }
130 }
131
132 if (tree)
133 {
134 if (!tree->extra_data)
135 tree->extra_data = sk_X509_POLICY_DATA_new_null();
136 if (!tree->extra_data)
137 goto node_error;
138 if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
139 goto node_error;
140 }
141
142 if (parent)
143 parent->nchild++;
144
145 return node;
146
147 node_error:
148 policy_node_free(node);
149 return 0;
150
151 }
152
153void policy_node_free(X509_POLICY_NODE *node)
154 {
155 OPENSSL_free(node);
156 }
157
158
diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c
deleted file mode 100644
index 6c87a7f506..0000000000
--- a/src/lib/libcrypto/x509v3/pcy_tree.c
+++ /dev/null
@@ -1,694 +0,0 @@
1/* pcy_tree.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004.
4 */
5/* ====================================================================
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include "cryptlib.h"
60#include <openssl/x509.h>
61#include <openssl/x509v3.h>
62
63#include "pcy_int.h"
64
65/* Initialize policy tree. Return values:
66 * 0 Some internal error occured.
67 * -1 Inconsistent or invalid extensions in certificates.
68 * 1 Tree initialized OK.
69 * 2 Policy tree is empty.
70 * 5 Tree OK and requireExplicitPolicy true.
71 * 6 Tree empty and requireExplicitPolicy true.
72 */
73
74static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
75 unsigned int flags)
76 {
77 X509_POLICY_TREE *tree;
78 X509_POLICY_LEVEL *level;
79 const X509_POLICY_CACHE *cache;
80 X509_POLICY_DATA *data = NULL;
81 X509 *x;
82 int ret = 1;
83 int i, n;
84 int explicit_policy;
85 int any_skip;
86 int map_skip;
87 *ptree = NULL;
88 n = sk_X509_num(certs);
89
90 /* Disable policy mapping for now... */
91 flags |= X509_V_FLAG_INHIBIT_MAP;
92
93 if (flags & X509_V_FLAG_EXPLICIT_POLICY)
94 explicit_policy = 0;
95 else
96 explicit_policy = n + 1;
97
98 if (flags & X509_V_FLAG_INHIBIT_ANY)
99 any_skip = 0;
100 else
101 any_skip = n + 1;
102
103 if (flags & X509_V_FLAG_INHIBIT_MAP)
104 map_skip = 0;
105 else
106 map_skip = n + 1;
107
108 /* Can't do anything with just a trust anchor */
109 if (n == 1)
110 return 1;
111 /* First setup policy cache in all certificates apart from the
112 * trust anchor. Note any bad cache results on the way. Also can
113 * calculate explicit_policy value at this point.
114 */
115 for (i = n - 2; i >= 0; i--)
116 {
117 x = sk_X509_value(certs, i);
118 X509_check_purpose(x, -1, -1);
119 cache = policy_cache_set(x);
120 /* If cache NULL something bad happened: return immediately */
121 if (cache == NULL)
122 return 0;
123 /* If inconsistent extensions keep a note of it but continue */
124 if (x->ex_flags & EXFLAG_INVALID_POLICY)
125 ret = -1;
126 /* Otherwise if we have no data (hence no CertificatePolicies)
127 * and haven't already set an inconsistent code note it.
128 */
129 else if ((ret == 1) && !cache->data)
130 ret = 2;
131 if (explicit_policy > 0)
132 {
133 if (!(x->ex_flags & EXFLAG_SI))
134 explicit_policy--;
135 if ((cache->explicit_skip != -1)
136 && (cache->explicit_skip < explicit_policy))
137 explicit_policy = cache->explicit_skip;
138 }
139 }
140
141 if (ret != 1)
142 {
143 if (ret == 2 && !explicit_policy)
144 return 6;
145 return ret;
146 }
147
148
149 /* If we get this far initialize the tree */
150
151 tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE));
152
153 if (!tree)
154 return 0;
155
156 tree->flags = 0;
157 tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n);
158 tree->nlevel = 0;
159 tree->extra_data = NULL;
160 tree->auth_policies = NULL;
161 tree->user_policies = NULL;
162
163 if (!tree)
164 {
165 OPENSSL_free(tree);
166 return 0;
167 }
168
169 memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));
170
171 tree->nlevel = n;
172
173 level = tree->levels;
174
175 /* Root data: initialize to anyPolicy */
176
177 data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0);
178
179 if (!data || !level_add_node(level, data, NULL, tree))
180 goto bad_tree;
181
182 for (i = n - 2; i >= 0; i--)
183 {
184 level++;
185 x = sk_X509_value(certs, i);
186 cache = policy_cache_set(x);
187
188 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
189 level->cert = x;
190
191 if (!cache->anyPolicy)
192 level->flags |= X509_V_FLAG_INHIBIT_ANY;
193
194 /* Determine inhibit any and inhibit map flags */
195 if (any_skip == 0)
196 {
197 /* Any matching allowed if certificate is self
198 * issued and not the last in the chain.
199 */
200 if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
201 level->flags |= X509_V_FLAG_INHIBIT_ANY;
202 }
203 else
204 {
205 if (!(x->ex_flags & EXFLAG_SI))
206 any_skip--;
207 if ((cache->any_skip >= 0)
208 && (cache->any_skip < any_skip))
209 any_skip = cache->any_skip;
210 }
211
212 if (map_skip == 0)
213 level->flags |= X509_V_FLAG_INHIBIT_MAP;
214 else
215 {
216 map_skip--;
217 if ((cache->map_skip >= 0)
218 && (cache->map_skip < map_skip))
219 map_skip = cache->map_skip;
220 }
221
222
223 }
224
225 *ptree = tree;
226
227 if (explicit_policy)
228 return 1;
229 else
230 return 5;
231
232 bad_tree:
233
234 X509_policy_tree_free(tree);
235
236 return 0;
237
238 }
239
240/* This corresponds to RFC3280 XXXX XXXXX:
241 * link any data from CertificatePolicies onto matching parent
242 * or anyPolicy if no match.
243 */
244
245static int tree_link_nodes(X509_POLICY_LEVEL *curr,
246 const X509_POLICY_CACHE *cache)
247 {
248 int i;
249 X509_POLICY_LEVEL *last;
250 X509_POLICY_DATA *data;
251 X509_POLICY_NODE *parent;
252 last = curr - 1;
253 for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++)
254 {
255 data = sk_X509_POLICY_DATA_value(cache->data, i);
256 /* If a node is mapped any it doesn't have a corresponding
257 * CertificatePolicies entry.
258 * However such an identical node would be created
259 * if anyPolicy matching is enabled because there would be
260 * no match with the parent valid_policy_set. So we create
261 * link because then it will have the mapping flags
262 * right and we can prune it later.
263 */
264 if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
265 && !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
266 continue;
267 /* Look for matching node in parent */
268 parent = level_find_node(last, data->valid_policy);
269 /* If no match link to anyPolicy */
270 if (!parent)
271 parent = last->anyPolicy;
272 if (parent && !level_add_node(curr, data, parent, NULL))
273 return 0;
274 }
275 return 1;
276 }
277
278/* This corresponds to RFC3280 XXXX XXXXX:
279 * Create new data for any unmatched policies in the parent and link
280 * to anyPolicy.
281 */
282
283static int tree_link_any(X509_POLICY_LEVEL *curr,
284 const X509_POLICY_CACHE *cache,
285 X509_POLICY_TREE *tree)
286 {
287 int i;
288 X509_POLICY_DATA *data;
289 X509_POLICY_NODE *node;
290 X509_POLICY_LEVEL *last;
291
292 last = curr - 1;
293
294 for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++)
295 {
296 node = sk_X509_POLICY_NODE_value(last->nodes, i);
297
298 /* Skip any node with any children: we only want unmathced
299 * nodes.
300 *
301 * Note: need something better for policy mapping
302 * because each node may have multiple children
303 */
304 if (node->nchild)
305 continue;
306 /* Create a new node with qualifiers from anyPolicy and
307 * id from unmatched node.
308 */
309 data = policy_data_new(NULL, node->data->valid_policy,
310 node_critical(node));
311
312 if (data == NULL)
313 return 0;
314 /* Curr may not have anyPolicy */
315 data->qualifier_set = cache->anyPolicy->qualifier_set;
316 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
317 if (!level_add_node(curr, data, node, tree))
318 {
319 policy_data_free(data);
320 return 0;
321 }
322 }
323 /* Finally add link to anyPolicy */
324 if (last->anyPolicy)
325 {
326 if (!level_add_node(curr, cache->anyPolicy,
327 last->anyPolicy, NULL))
328 return 0;
329 }
330 return 1;
331 }
332
333/* Prune the tree: delete any child mapped child data on the current level
334 * then proceed up the tree deleting any data with no children. If we ever
335 * have no data on a level we can halt because the tree will be empty.
336 */
337
338static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
339 {
340 X509_POLICY_NODE *node;
341 int i;
342 for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--)
343 {
344 node = sk_X509_POLICY_NODE_value(curr->nodes, i);
345 /* Delete any mapped data: see RFC3280 XXXX */
346 if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK)
347 {
348 node->parent->nchild--;
349 OPENSSL_free(node);
350 (void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
351 }
352 }
353
354 for(;;) {
355 --curr;
356 for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--)
357 {
358 node = sk_X509_POLICY_NODE_value(curr->nodes, i);
359 if (node->nchild == 0)
360 {
361 node->parent->nchild--;
362 OPENSSL_free(node);
363 (void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
364 }
365 }
366 if (curr->anyPolicy && !curr->anyPolicy->nchild)
367 {
368 if (curr->anyPolicy->parent)
369 curr->anyPolicy->parent->nchild--;
370 OPENSSL_free(curr->anyPolicy);
371 curr->anyPolicy = NULL;
372 }
373 if (curr == tree->levels)
374 {
375 /* If we zapped anyPolicy at top then tree is empty */
376 if (!curr->anyPolicy)
377 return 2;
378 return 1;
379 }
380 }
381
382 return 1;
383
384 }
385
386static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
387 X509_POLICY_NODE *pcy)
388 {
389 if (!*pnodes)
390 {
391 *pnodes = policy_node_cmp_new();
392 if (!*pnodes)
393 return 0;
394 }
395 else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
396 return 1;
397
398 if (!sk_X509_POLICY_NODE_push(*pnodes, pcy))
399 return 0;
400
401 return 1;
402
403 }
404
405/* Calculate the authority set based on policy tree.
406 * The 'pnodes' parameter is used as a store for the set of policy nodes
407 * used to calculate the user set. If the authority set is not anyPolicy
408 * then pnodes will just point to the authority set. If however the authority
409 * set is anyPolicy then the set of valid policies (other than anyPolicy)
410 * is store in pnodes. The return value of '2' is used in this case to indicate
411 * that pnodes should be freed.
412 */
413
414static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
415 STACK_OF(X509_POLICY_NODE) **pnodes)
416 {
417 X509_POLICY_LEVEL *curr;
418 X509_POLICY_NODE *node, *anyptr;
419 STACK_OF(X509_POLICY_NODE) **addnodes;
420 int i, j;
421 curr = tree->levels + tree->nlevel - 1;
422
423 /* If last level contains anyPolicy set is anyPolicy */
424 if (curr->anyPolicy)
425 {
426 if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
427 return 0;
428 addnodes = pnodes;
429 }
430 else
431 /* Add policies to authority set */
432 addnodes = &tree->auth_policies;
433
434 curr = tree->levels;
435 for (i = 1; i < tree->nlevel; i++)
436 {
437 /* If no anyPolicy node on this this level it can't
438 * appear on lower levels so end search.
439 */
440 if (!(anyptr = curr->anyPolicy))
441 break;
442 curr++;
443 for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++)
444 {
445 node = sk_X509_POLICY_NODE_value(curr->nodes, j);
446 if ((node->parent == anyptr)
447 && !tree_add_auth_node(addnodes, node))
448 return 0;
449 }
450 }
451
452 if (addnodes == pnodes)
453 return 2;
454
455 *pnodes = tree->auth_policies;
456
457 return 1;
458 }
459
460static int tree_calculate_user_set(X509_POLICY_TREE *tree,
461 STACK_OF(ASN1_OBJECT) *policy_oids,
462 STACK_OF(X509_POLICY_NODE) *auth_nodes)
463 {
464 int i;
465 X509_POLICY_NODE *node;
466 ASN1_OBJECT *oid;
467
468 X509_POLICY_NODE *anyPolicy;
469 X509_POLICY_DATA *extra;
470
471 /* Check if anyPolicy present in authority constrained policy set:
472 * this will happen if it is a leaf node.
473 */
474
475 if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
476 return 1;
477
478 anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;
479
480 for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++)
481 {
482 oid = sk_ASN1_OBJECT_value(policy_oids, i);
483 if (OBJ_obj2nid(oid) == NID_any_policy)
484 {
485 tree->flags |= POLICY_FLAG_ANY_POLICY;
486 return 1;
487 }
488 }
489
490 for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++)
491 {
492 oid = sk_ASN1_OBJECT_value(policy_oids, i);
493 node = tree_find_sk(auth_nodes, oid);
494 if (!node)
495 {
496 if (!anyPolicy)
497 continue;
498 /* Create a new node with policy ID from user set
499 * and qualifiers from anyPolicy.
500 */
501 extra = policy_data_new(NULL, oid,
502 node_critical(anyPolicy));
503 if (!extra)
504 return 0;
505 extra->qualifier_set = anyPolicy->data->qualifier_set;
506 extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
507 | POLICY_DATA_FLAG_EXTRA_NODE;
508 node = level_add_node(NULL, extra, anyPolicy->parent,
509 tree);
510 }
511 if (!tree->user_policies)
512 {
513 tree->user_policies = sk_X509_POLICY_NODE_new_null();
514 if (!tree->user_policies)
515 return 1;
516 }
517 if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
518 return 0;
519 }
520 return 1;
521
522 }
523
524static int tree_evaluate(X509_POLICY_TREE *tree)
525 {
526 int ret, i;
527 X509_POLICY_LEVEL *curr = tree->levels + 1;
528 const X509_POLICY_CACHE *cache;
529
530 for(i = 1; i < tree->nlevel; i++, curr++)
531 {
532 cache = policy_cache_set(curr->cert);
533 if (!tree_link_nodes(curr, cache))
534 return 0;
535
536 if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
537 && !tree_link_any(curr, cache, tree))
538 return 0;
539 ret = tree_prune(tree, curr);
540 if (ret != 1)
541 return ret;
542 }
543
544 return 1;
545
546 }
547
548static void exnode_free(X509_POLICY_NODE *node)
549 {
550 if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))
551 OPENSSL_free(node);
552 }
553
554
555void X509_policy_tree_free(X509_POLICY_TREE *tree)
556 {
557 X509_POLICY_LEVEL *curr;
558 int i;
559
560 if (!tree)
561 return;
562
563 sk_X509_POLICY_NODE_free(tree->auth_policies);
564 sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
565
566 for(i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++)
567 {
568 if (curr->cert)
569 X509_free(curr->cert);
570 if (curr->nodes)
571 sk_X509_POLICY_NODE_pop_free(curr->nodes,
572 policy_node_free);
573 if (curr->anyPolicy)
574 policy_node_free(curr->anyPolicy);
575 }
576
577 if (tree->extra_data)
578 sk_X509_POLICY_DATA_pop_free(tree->extra_data,
579 policy_data_free);
580
581 OPENSSL_free(tree->levels);
582 OPENSSL_free(tree);
583
584 }
585
586/* Application policy checking function.
587 * Return codes:
588 * 0 Internal Error.
589 * 1 Successful.
590 * -1 One or more certificates contain invalid or inconsistent extensions
591 * -2 User constrained policy set empty and requireExplicit true.
592 */
593
594int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
595 STACK_OF(X509) *certs,
596 STACK_OF(ASN1_OBJECT) *policy_oids,
597 unsigned int flags)
598 {
599 int ret;
600 X509_POLICY_TREE *tree = NULL;
601 STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
602 *ptree = NULL;
603
604 *pexplicit_policy = 0;
605 ret = tree_init(&tree, certs, flags);
606
607
608 switch (ret)
609 {
610
611 /* Tree empty requireExplicit False: OK */
612 case 2:
613 return 1;
614
615 /* Some internal error */
616 case 0:
617 return 0;
618
619 /* Tree empty requireExplicit True: Error */
620
621 case 6:
622 *pexplicit_policy = 1;
623 return -2;
624
625 /* Tree OK requireExplicit True: OK and continue */
626 case 5:
627 *pexplicit_policy = 1;
628 break;
629
630 /* Tree OK: continue */
631
632 case 1:
633 if (!tree)
634 /*
635 * tree_init() returns success and a null tree
636 * if it's just looking at a trust anchor.
637 * I'm not sure that returning success here is
638 * correct, but I'm sure that reporting this
639 * as an internal error which our caller
640 * interprets as a malloc failure is wrong.
641 */
642 return 1;
643 break;
644 }
645
646 if (!tree) goto error;
647 ret = tree_evaluate(tree);
648
649 if (ret <= 0)
650 goto error;
651
652 /* Return value 2 means tree empty */
653 if (ret == 2)
654 {
655 X509_policy_tree_free(tree);
656 if (*pexplicit_policy)
657 return -2;
658 else
659 return 1;
660 }
661
662 /* Tree is not empty: continue */
663
664 ret = tree_calculate_authority_set(tree, &auth_nodes);
665
666 if (!ret)
667 goto error;
668
669 if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
670 goto error;
671
672 if (ret == 2)
673 sk_X509_POLICY_NODE_free(auth_nodes);
674
675 if (tree)
676 *ptree = tree;
677
678 if (*pexplicit_policy)
679 {
680 nodes = X509_policy_tree_get0_user_policies(tree);
681 if (sk_X509_POLICY_NODE_num(nodes) <= 0)
682 return -2;
683 }
684
685 return 1;
686
687 error:
688
689 X509_policy_tree_free(tree);
690
691 return 0;
692
693 }
694
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
deleted file mode 100644
index c6b68ee221..0000000000
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ /dev/null
@@ -1,208 +0,0 @@
1/* v3_akey.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
67 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
68static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
70
71const X509V3_EXT_METHOD v3_akey_id =
72 {
73 NID_authority_key_identifier,
74 X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
75 0,0,0,0,
76 0,0,
77 (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
78 (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
79 0,0,
80 NULL
81 };
82
83static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
84 AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
85{
86 char *tmp;
87 if(akeyid->keyid) {
88 tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
89 X509V3_add_value("keyid", tmp, &extlist);
90 OPENSSL_free(tmp);
91 }
92 if(akeyid->issuer)
93 extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
94 if(akeyid->serial) {
95 tmp = hex_to_string(akeyid->serial->data,
96 akeyid->serial->length);
97 X509V3_add_value("serial", tmp, &extlist);
98 OPENSSL_free(tmp);
99 }
100 return extlist;
101}
102
103/* Currently two options:
104 * keyid: use the issuers subject keyid, the value 'always' means its is
105 * an error if the issuer certificate doesn't have a key id.
106 * issuer: use the issuers cert issuer and serial number. The default is
107 * to only use this if keyid is not present. With the option 'always'
108 * this is always included.
109 */
110
111static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
112 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
113 {
114 char keyid=0, issuer=0;
115 int i;
116 CONF_VALUE *cnf;
117 ASN1_OCTET_STRING *ikeyid = NULL;
118 X509_NAME *isname = NULL;
119 GENERAL_NAMES * gens = NULL;
120 GENERAL_NAME *gen = NULL;
121 ASN1_INTEGER *serial = NULL;
122 X509_EXTENSION *ext;
123 X509 *cert;
124 AUTHORITY_KEYID *akeyid;
125
126 for(i = 0; i < sk_CONF_VALUE_num(values); i++)
127 {
128 cnf = sk_CONF_VALUE_value(values, i);
129 if(!strcmp(cnf->name, "keyid"))
130 {
131 keyid = 1;
132 if(cnf->value && !strcmp(cnf->value, "always"))
133 keyid = 2;
134 }
135 else if(!strcmp(cnf->name, "issuer"))
136 {
137 issuer = 1;
138 if(cnf->value && !strcmp(cnf->value, "always"))
139 issuer = 2;
140 }
141 else
142 {
143 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
144 ERR_add_error_data(2, "name=", cnf->name);
145 return NULL;
146 }
147 }
148
149 if(!ctx || !ctx->issuer_cert)
150 {
151 if(ctx && (ctx->flags==CTX_TEST))
152 return AUTHORITY_KEYID_new();
153 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
154 return NULL;
155 }
156
157 cert = ctx->issuer_cert;
158
159 if(keyid)
160 {
161 i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
162 if((i >= 0) && (ext = X509_get_ext(cert, i)))
163 ikeyid = X509V3_EXT_d2i(ext);
164 if(keyid==2 && !ikeyid)
165 {
166 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
167 return NULL;
168 }
169 }
170
171 if((issuer && !ikeyid) || (issuer == 2))
172 {
173 isname = X509_NAME_dup(X509_get_issuer_name(cert));
174 serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
175 if(!isname || !serial)
176 {
177 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
178 goto err;
179 }
180 }
181
182 if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
183
184 if(isname)
185 {
186 if(!(gens = sk_GENERAL_NAME_new_null())
187 || !(gen = GENERAL_NAME_new())
188 || !sk_GENERAL_NAME_push(gens, gen))
189 {
190 X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
191 goto err;
192 }
193 gen->type = GEN_DIRNAME;
194 gen->d.dirn = isname;
195 }
196
197 akeyid->issuer = gens;
198 akeyid->serial = serial;
199 akeyid->keyid = ikeyid;
200
201 return akeyid;
202
203 err:
204 X509_NAME_free(isname);
205 M_ASN1_INTEGER_free(serial);
206 M_ASN1_OCTET_STRING_free(ikeyid);
207 return NULL;
208 }
diff --git a/src/lib/libcrypto/x509v3/v3_akeya.c b/src/lib/libcrypto/x509v3/v3_akeya.c
deleted file mode 100644
index 2c50f7360e..0000000000
--- a/src/lib/libcrypto/x509v3/v3_akeya.c
+++ /dev/null
@@ -1,72 +0,0 @@
1/* v3_akey_asn1.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66ASN1_SEQUENCE(AUTHORITY_KEYID) = {
67 ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
68 ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
69 ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
70} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
71
72IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
deleted file mode 100644
index 75fda7f268..0000000000
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ /dev/null
@@ -1,582 +0,0 @@
1/* v3_alt.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/x509v3.h>
63
64static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
65static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
67static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
68static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
69static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
70
71const X509V3_EXT_METHOD v3_alt[] = {
72{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
730,0,0,0,
740,0,
75(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
76(X509V3_EXT_V2I)v2i_subject_alt,
77NULL, NULL, NULL},
78
79{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
800,0,0,0,
810,0,
82(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
83(X509V3_EXT_V2I)v2i_issuer_alt,
84NULL, NULL, NULL},
85};
86
87STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
88 GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
89{
90 int i;
91 GENERAL_NAME *gen;
92 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
93 gen = sk_GENERAL_NAME_value(gens, i);
94 ret = i2v_GENERAL_NAME(method, gen, ret);
95 }
96 if(!ret) return sk_CONF_VALUE_new_null();
97 return ret;
98}
99
100STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
101 GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
102{
103 unsigned char *p;
104 char oline[256], htmp[5];
105 int i;
106 switch (gen->type)
107 {
108 case GEN_OTHERNAME:
109 X509V3_add_value("othername","<unsupported>", &ret);
110 break;
111
112 case GEN_X400:
113 X509V3_add_value("X400Name","<unsupported>", &ret);
114 break;
115
116 case GEN_EDIPARTY:
117 X509V3_add_value("EdiPartyName","<unsupported>", &ret);
118 break;
119
120 case GEN_EMAIL:
121 X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
122 break;
123
124 case GEN_DNS:
125 X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
126 break;
127
128 case GEN_URI:
129 X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
130 break;
131
132 case GEN_DIRNAME:
133 X509_NAME_oneline(gen->d.dirn, oline, 256);
134 X509V3_add_value("DirName",oline, &ret);
135 break;
136
137 case GEN_IPADD:
138 p = gen->d.ip->data;
139 if(gen->d.ip->length == 4)
140 BIO_snprintf(oline, sizeof oline,
141 "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
142 else if(gen->d.ip->length == 16)
143 {
144 oline[0] = 0;
145 for (i = 0; i < 8; i++)
146 {
147 BIO_snprintf(htmp, sizeof htmp,
148 "%X", p[0] << 8 | p[1]);
149 p += 2;
150 strlcat(oline, htmp, sizeof oline);
151 if (i != 7)
152 strlcat(oline, ":", sizeof oline);
153 }
154 }
155 else
156 {
157 X509V3_add_value("IP Address","<invalid>", &ret);
158 break;
159 }
160 X509V3_add_value("IP Address",oline, &ret);
161 break;
162
163 case GEN_RID:
164 i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
165 X509V3_add_value("Registered ID",oline, &ret);
166 break;
167 }
168 return ret;
169}
170
171int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
172{
173 unsigned char *p;
174 int i;
175 switch (gen->type)
176 {
177 case GEN_OTHERNAME:
178 BIO_printf(out, "othername:<unsupported>");
179 break;
180
181 case GEN_X400:
182 BIO_printf(out, "X400Name:<unsupported>");
183 break;
184
185 case GEN_EDIPARTY:
186 /* Maybe fix this: it is supported now */
187 BIO_printf(out, "EdiPartyName:<unsupported>");
188 break;
189
190 case GEN_EMAIL:
191 BIO_printf(out, "email:%s",gen->d.ia5->data);
192 break;
193
194 case GEN_DNS:
195 BIO_printf(out, "DNS:%s",gen->d.ia5->data);
196 break;
197
198 case GEN_URI:
199 BIO_printf(out, "URI:%s",gen->d.ia5->data);
200 break;
201
202 case GEN_DIRNAME:
203 BIO_printf(out, "DirName: ");
204 X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
205 break;
206
207 case GEN_IPADD:
208 p = gen->d.ip->data;
209 if(gen->d.ip->length == 4)
210 BIO_printf(out, "IP Address:%d.%d.%d.%d",
211 p[0], p[1], p[2], p[3]);
212 else if(gen->d.ip->length == 16)
213 {
214 BIO_printf(out, "IP Address");
215 for (i = 0; i < 8; i++)
216 {
217 BIO_printf(out, ":%X", p[0] << 8 | p[1]);
218 p += 2;
219 }
220 BIO_puts(out, "\n");
221 }
222 else
223 {
224 BIO_printf(out,"IP Address:<invalid>");
225 break;
226 }
227 break;
228
229 case GEN_RID:
230 BIO_printf(out, "Registered ID");
231 i2a_ASN1_OBJECT(out, gen->d.rid);
232 break;
233 }
234 return 1;
235}
236
237static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
238 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
239{
240 GENERAL_NAMES *gens = NULL;
241 CONF_VALUE *cnf;
242 int i;
243 if(!(gens = sk_GENERAL_NAME_new_null())) {
244 X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE);
245 return NULL;
246 }
247 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
248 cnf = sk_CONF_VALUE_value(nval, i);
249 if(!name_cmp(cnf->name, "issuer") && cnf->value &&
250 !strcmp(cnf->value, "copy")) {
251 if(!copy_issuer(ctx, gens)) goto err;
252 } else {
253 GENERAL_NAME *gen;
254 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
255 goto err;
256 sk_GENERAL_NAME_push(gens, gen);
257 }
258 }
259 return gens;
260 err:
261 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
262 return NULL;
263}
264
265/* Append subject altname of issuer to issuer alt name of subject */
266
267static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
268{
269 GENERAL_NAMES *ialt;
270 GENERAL_NAME *gen;
271 X509_EXTENSION *ext;
272 int i;
273 if(ctx && (ctx->flags == CTX_TEST)) return 1;
274 if(!ctx || !ctx->issuer_cert) {
275 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
276 goto err;
277 }
278 i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
279 if(i < 0) return 1;
280 if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
281 !(ialt = X509V3_EXT_d2i(ext)) ) {
282 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
283 goto err;
284 }
285
286 for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
287 gen = sk_GENERAL_NAME_value(ialt, i);
288 if(!sk_GENERAL_NAME_push(gens, gen)) {
289 X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
290 goto err;
291 }
292 }
293 sk_GENERAL_NAME_free(ialt);
294
295 return 1;
296
297 err:
298 return 0;
299
300}
301
302static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
303 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
304{
305 GENERAL_NAMES *gens = NULL;
306 CONF_VALUE *cnf;
307 int i;
308 if(!(gens = sk_GENERAL_NAME_new_null())) {
309 X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE);
310 return NULL;
311 }
312 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
313 cnf = sk_CONF_VALUE_value(nval, i);
314 if(!name_cmp(cnf->name, "email") && cnf->value &&
315 !strcmp(cnf->value, "copy")) {
316 if(!copy_email(ctx, gens, 0)) goto err;
317 } else if(!name_cmp(cnf->name, "email") && cnf->value &&
318 !strcmp(cnf->value, "move")) {
319 if(!copy_email(ctx, gens, 1)) goto err;
320 } else {
321 GENERAL_NAME *gen;
322 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
323 goto err;
324 sk_GENERAL_NAME_push(gens, gen);
325 }
326 }
327 return gens;
328 err:
329 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
330 return NULL;
331}
332
333/* Copy any email addresses in a certificate or request to
334 * GENERAL_NAMES
335 */
336
337static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
338{
339 X509_NAME *nm;
340 ASN1_IA5STRING *email = NULL;
341 X509_NAME_ENTRY *ne;
342 GENERAL_NAME *gen = NULL;
343 int i;
344 if(ctx != NULL && ctx->flags == CTX_TEST)
345 return 1;
346 if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
347 X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
348 goto err;
349 }
350 /* Find the subject name */
351 if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
352 else nm = X509_REQ_get_subject_name(ctx->subject_req);
353
354 /* Now add any email address(es) to STACK */
355 i = -1;
356 while((i = X509_NAME_get_index_by_NID(nm,
357 NID_pkcs9_emailAddress, i)) >= 0) {
358 ne = X509_NAME_get_entry(nm, i);
359 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
360 if (move_p)
361 {
362 X509_NAME_delete_entry(nm, i);
363 i--;
364 }
365 if(!email || !(gen = GENERAL_NAME_new())) {
366 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
367 goto err;
368 }
369 gen->d.ia5 = email;
370 email = NULL;
371 gen->type = GEN_EMAIL;
372 if(!sk_GENERAL_NAME_push(gens, gen)) {
373 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
374 goto err;
375 }
376 gen = NULL;
377 }
378
379
380 return 1;
381
382 err:
383 GENERAL_NAME_free(gen);
384 M_ASN1_IA5STRING_free(email);
385 return 0;
386
387}
388
389GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
390 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
391{
392 GENERAL_NAME *gen;
393 GENERAL_NAMES *gens = NULL;
394 CONF_VALUE *cnf;
395 int i;
396 if(!(gens = sk_GENERAL_NAME_new_null())) {
397 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
398 return NULL;
399 }
400 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
401 cnf = sk_CONF_VALUE_value(nval, i);
402 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
403 sk_GENERAL_NAME_push(gens, gen);
404 }
405 return gens;
406 err:
407 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
408 return NULL;
409}
410
411GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
412 CONF_VALUE *cnf)
413 {
414 return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
415 }
416
417GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
418 X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
419 CONF_VALUE *cnf, int is_nc)
420 {
421 char is_string = 0;
422 int type;
423 GENERAL_NAME *gen = NULL;
424
425 char *name, *value;
426
427 name = cnf->name;
428 value = cnf->value;
429
430 if(!value)
431 {
432 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
433 return NULL;
434 }
435
436 if (out)
437 gen = out;
438 else
439 {
440 gen = GENERAL_NAME_new();
441 if(gen == NULL)
442 {
443 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
444 return NULL;
445 }
446 }
447
448 if(!name_cmp(name, "email"))
449 {
450 is_string = 1;
451 type = GEN_EMAIL;
452 }
453 else if(!name_cmp(name, "URI"))
454 {
455 is_string = 1;
456 type = GEN_URI;
457 }
458 else if(!name_cmp(name, "DNS"))
459 {
460 is_string = 1;
461 type = GEN_DNS;
462 }
463 else if(!name_cmp(name, "RID"))
464 {
465 ASN1_OBJECT *obj;
466 if(!(obj = OBJ_txt2obj(value,0)))
467 {
468 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);
469 ERR_add_error_data(2, "value=", value);
470 goto err;
471 }
472 gen->d.rid = obj;
473 type = GEN_RID;
474 }
475 else if(!name_cmp(name, "IP"))
476 {
477 if (is_nc)
478 gen->d.ip = a2i_IPADDRESS_NC(value);
479 else
480 gen->d.ip = a2i_IPADDRESS(value);
481 if(gen->d.ip == NULL)
482 {
483 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);
484 ERR_add_error_data(2, "value=", value);
485 goto err;
486 }
487 type = GEN_IPADD;
488 }
489 else if(!name_cmp(name, "dirName"))
490 {
491 type = GEN_DIRNAME;
492 if (!do_dirname(gen, value, ctx))
493 {
494 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);
495 goto err;
496 }
497 }
498 else if(!name_cmp(name, "otherName"))
499 {
500 if (!do_othername(gen, value, ctx))
501 {
502 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);
503 goto err;
504 }
505 type = GEN_OTHERNAME;
506 }
507 else
508 {
509 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
510 ERR_add_error_data(2, "name=", name);
511 goto err;
512 }
513
514 if(is_string)
515 {
516 if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
517 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
518 strlen(value)))
519 {
520 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
521 goto err;
522 }
523 }
524
525 gen->type = type;
526
527 return gen;
528
529 err:
530 if (!out)
531 GENERAL_NAME_free(gen);
532 return NULL;
533 }
534
535static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
536 {
537 char *objtmp = NULL, *p;
538 int objlen;
539 if (!(p = strchr(value, ';')))
540 return 0;
541 if (!(gen->d.otherName = OTHERNAME_new()))
542 return 0;
543 /* Free this up because we will overwrite it.
544 * no need to free type_id because it is static
545 */
546 ASN1_TYPE_free(gen->d.otherName->value);
547 if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
548 return 0;
549 objlen = p - value;
550 objtmp = OPENSSL_malloc(objlen + 1);
551 strncpy(objtmp, value, objlen);
552 objtmp[objlen] = 0;
553 gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
554 OPENSSL_free(objtmp);
555 if (!gen->d.otherName->type_id)
556 return 0;
557 return 1;
558 }
559
560static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
561 {
562 int ret;
563 STACK_OF(CONF_VALUE) *sk;
564 X509_NAME *nm;
565 if (!(nm = X509_NAME_new()))
566 return 0;
567 sk = X509V3_get_section(ctx, value);
568 if (!sk)
569 {
570 X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
571 ERR_add_error_data(2, "section=", value);
572 X509_NAME_free(nm);
573 return 0;
574 }
575 /* FIXME: should allow other character types... */
576 ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
577 if (!ret)
578 X509_NAME_free(nm);
579 gen->d.dirn = nm;
580
581 return ret;
582 }
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
deleted file mode 100644
index 82aa488f75..0000000000
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ /dev/null
@@ -1,124 +0,0 @@
1/* v3_bcons.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
68static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
69
70const X509V3_EXT_METHOD v3_bcons = {
71NID_basic_constraints, 0,
72ASN1_ITEM_ref(BASIC_CONSTRAINTS),
730,0,0,0,
740,0,
75(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
76(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
77NULL,NULL,
78NULL
79};
80
81ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
82 ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
83 ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
84} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
85
86IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
87
88
89static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
90 BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
91{
92 X509V3_add_value_bool("CA", bcons->ca, &extlist);
93 X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
94 return extlist;
95}
96
97static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
98 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
99{
100 BASIC_CONSTRAINTS *bcons=NULL;
101 CONF_VALUE *val;
102 int i;
103 if(!(bcons = BASIC_CONSTRAINTS_new())) {
104 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
105 return NULL;
106 }
107 for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
108 val = sk_CONF_VALUE_value(values, i);
109 if(!strcmp(val->name, "CA")) {
110 if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
111 } else if(!strcmp(val->name, "pathlen")) {
112 if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
113 } else {
114 X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
115 X509V3_conf_err(val);
116 goto err;
117 }
118 }
119 return bcons;
120 err:
121 BASIC_CONSTRAINTS_free(bcons);
122 return NULL;
123}
124
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
deleted file mode 100644
index 058d0d4dce..0000000000
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ /dev/null
@@ -1,141 +0,0 @@
1/* v3_bitst.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/x509v3.h>
63
64static BIT_STRING_BITNAME ns_cert_type_table[] = {
65{0, "SSL Client", "client"},
66{1, "SSL Server", "server"},
67{2, "S/MIME", "email"},
68{3, "Object Signing", "objsign"},
69{4, "Unused", "reserved"},
70{5, "SSL CA", "sslCA"},
71{6, "S/MIME CA", "emailCA"},
72{7, "Object Signing CA", "objCA"},
73{-1, NULL, NULL}
74};
75
76static BIT_STRING_BITNAME key_usage_type_table[] = {
77{0, "Digital Signature", "digitalSignature"},
78{1, "Non Repudiation", "nonRepudiation"},
79{2, "Key Encipherment", "keyEncipherment"},
80{3, "Data Encipherment", "dataEncipherment"},
81{4, "Key Agreement", "keyAgreement"},
82{5, "Certificate Sign", "keyCertSign"},
83{6, "CRL Sign", "cRLSign"},
84{7, "Encipher Only", "encipherOnly"},
85{8, "Decipher Only", "decipherOnly"},
86{-1, NULL, NULL}
87};
88
89
90
91const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
92const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
93
94STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
95 ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
96{
97 BIT_STRING_BITNAME *bnam;
98 for(bnam =method->usr_data; bnam->lname; bnam++) {
99 if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
100 X509V3_add_value(bnam->lname, NULL, &ret);
101 }
102 return ret;
103}
104
105ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
106 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
107{
108 CONF_VALUE *val;
109 ASN1_BIT_STRING *bs;
110 int i;
111 BIT_STRING_BITNAME *bnam;
112 if(!(bs = M_ASN1_BIT_STRING_new())) {
113 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
117 val = sk_CONF_VALUE_value(nval, i);
118 for(bnam = method->usr_data; bnam->lname; bnam++) {
119 if(!strcmp(bnam->sname, val->name) ||
120 !strcmp(bnam->lname, val->name) ) {
121 if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
122 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
123 ERR_R_MALLOC_FAILURE);
124 M_ASN1_BIT_STRING_free(bs);
125 return NULL;
126 }
127 break;
128 }
129 }
130 if(!bnam->lname) {
131 X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
132 X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
133 X509V3_conf_err(val);
134 M_ASN1_BIT_STRING_free(bs);
135 return NULL;
136 }
137 }
138 return bs;
139}
140
141
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
deleted file mode 100644
index 11eb6b7fd5..0000000000
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ /dev/null
@@ -1,524 +0,0 @@
1/* v3_conf.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* extension creation utilities */
59
60
61
62#include <stdio.h>
63#include <ctype.h>
64#include "cryptlib.h"
65#include <openssl/conf.h>
66#include <openssl/x509.h>
67#include <openssl/x509v3.h>
68
69static int v3_check_critical(char **value);
70static int v3_check_generic(char **value);
71static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
72static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
73static char *conf_lhash_get_string(void *db, char *section, char *value);
74static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
75static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
76 int crit, void *ext_struc);
77static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
78/* CONF *conf: Config file */
79/* char *name: Name */
80/* char *value: Value */
81X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
82 char *value)
83 {
84 int crit;
85 int ext_type;
86 X509_EXTENSION *ret;
87 crit = v3_check_critical(&value);
88 if ((ext_type = v3_check_generic(&value)))
89 return v3_generic_extension(name, value, crit, ext_type, ctx);
90 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
91 if (!ret)
92 {
93 X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION);
94 ERR_add_error_data(4,"name=", name, ", value=", value);
95 }
96 return ret;
97 }
98
99/* CONF *conf: Config file */
100/* char *value: Value */
101X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
102 char *value)
103 {
104 int crit;
105 int ext_type;
106 crit = v3_check_critical(&value);
107 if ((ext_type = v3_check_generic(&value)))
108 return v3_generic_extension(OBJ_nid2sn(ext_nid),
109 value, crit, ext_type, ctx);
110 return do_ext_nconf(conf, ctx, ext_nid, crit, value);
111 }
112
113/* CONF *conf: Config file */
114/* char *value: Value */
115static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
116 int crit, char *value)
117 {
118 X509V3_EXT_METHOD *method;
119 X509_EXTENSION *ext;
120 STACK_OF(CONF_VALUE) *nval;
121 void *ext_struc;
122 if (ext_nid == NID_undef)
123 {
124 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
125 return NULL;
126 }
127 if (!(method = X509V3_EXT_get_nid(ext_nid)))
128 {
129 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION);
130 return NULL;
131 }
132 /* Now get internal extension representation based on type */
133 if (method->v2i)
134 {
135 if(*value == '@') nval = NCONF_get_section(conf, value + 1);
136 else nval = X509V3_parse_list(value);
137 if(sk_CONF_VALUE_num(nval) <= 0)
138 {
139 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING);
140 ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
141 return NULL;
142 }
143 ext_struc = method->v2i(method, ctx, nval);
144 if(*value != '@') sk_CONF_VALUE_pop_free(nval,
145 X509V3_conf_free);
146 if(!ext_struc) return NULL;
147 }
148 else if(method->s2i)
149 {
150 if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
151 }
152 else if(method->r2i)
153 {
154 if(!ctx->db || !ctx->db_meth)
155 {
156 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE);
157 return NULL;
158 }
159 if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
160 }
161 else
162 {
163 X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
164 ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
165 return NULL;
166 }
167
168 ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
169 if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
170 else method->ext_free(ext_struc);
171 return ext;
172
173 }
174
175static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
176 int crit, void *ext_struc)
177 {
178 unsigned char *ext_der;
179 int ext_len;
180 ASN1_OCTET_STRING *ext_oct;
181 X509_EXTENSION *ext;
182 /* Convert internal representation to DER */
183 if (method->it)
184 {
185 ext_der = NULL;
186 ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
187 if (ext_len < 0) goto merr;
188 }
189 else
190 {
191 unsigned char *p;
192 ext_len = method->i2d(ext_struc, NULL);
193 if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
194 p = ext_der;
195 method->i2d(ext_struc, &p);
196 }
197 if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
198 ext_oct->data = ext_der;
199 ext_oct->length = ext_len;
200
201 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
202 if (!ext) goto merr;
203 M_ASN1_OCTET_STRING_free(ext_oct);
204
205 return ext;
206
207 merr:
208 X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
209 return NULL;
210
211 }
212
213/* Given an internal structure, nid and critical flag create an extension */
214
215X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
216 {
217 X509V3_EXT_METHOD *method;
218 if (!(method = X509V3_EXT_get_nid(ext_nid))) {
219 X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
220 return NULL;
221 }
222 return do_ext_i2d(method, ext_nid, crit, ext_struc);
223}
224
225/* Check the extension string for critical flag */
226static int v3_check_critical(char **value)
227{
228 char *p = *value;
229 if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
230 p+=9;
231 while(isspace((unsigned char)*p)) p++;
232 *value = p;
233 return 1;
234}
235
236/* Check extension string for generic extension and return the type */
237static int v3_check_generic(char **value)
238{
239 int gen_type = 0;
240 char *p = *value;
241 if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4))
242 {
243 p+=4;
244 gen_type = 1;
245 }
246 else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5))
247 {
248 p+=5;
249 gen_type = 2;
250 }
251 else
252 return 0;
253
254 while (isspace((unsigned char)*p)) p++;
255 *value = p;
256 return gen_type;
257}
258
259/* Create a generic extension: for now just handle DER type */
260static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
261 int crit, int gen_type, X509V3_CTX *ctx)
262 {
263 unsigned char *ext_der=NULL;
264 long ext_len;
265 ASN1_OBJECT *obj=NULL;
266 ASN1_OCTET_STRING *oct=NULL;
267 X509_EXTENSION *extension=NULL;
268 if (!(obj = OBJ_txt2obj(ext, 0)))
269 {
270 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
271 ERR_add_error_data(2, "name=", ext);
272 goto err;
273 }
274
275 if (gen_type == 1)
276 ext_der = string_to_hex(value, &ext_len);
277 else if (gen_type == 2)
278 ext_der = generic_asn1(value, ctx, &ext_len);
279
280 if (ext_der == NULL)
281 {
282 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
283 ERR_add_error_data(2, "value=", value);
284 goto err;
285 }
286
287 if (!(oct = M_ASN1_OCTET_STRING_new()))
288 {
289 X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
290 goto err;
291 }
292
293 oct->data = ext_der;
294 oct->length = ext_len;
295 ext_der = NULL;
296
297 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
298
299 err:
300 ASN1_OBJECT_free(obj);
301 M_ASN1_OCTET_STRING_free(oct);
302 if(ext_der) OPENSSL_free(ext_der);
303 return extension;
304
305 }
306
307static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
308 {
309 ASN1_TYPE *typ;
310 unsigned char *ext_der = NULL;
311 typ = ASN1_generate_v3(value, ctx);
312 if (typ == NULL)
313 return NULL;
314 *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
315 ASN1_TYPE_free(typ);
316 return ext_der;
317 }
318
319/* This is the main function: add a bunch of extensions based on a config file
320 * section to an extension STACK.
321 */
322
323
324int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
325 STACK_OF(X509_EXTENSION) **sk)
326 {
327 X509_EXTENSION *ext;
328 STACK_OF(CONF_VALUE) *nval;
329 CONF_VALUE *val;
330 int i;
331 if (!(nval = NCONF_get_section(conf, section))) return 0;
332 for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
333 {
334 val = sk_CONF_VALUE_value(nval, i);
335 if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
336 return 0;
337 if (sk) X509v3_add_ext(sk, ext, -1);
338 X509_EXTENSION_free(ext);
339 }
340 return 1;
341 }
342
343/* Convenience functions to add extensions to a certificate, CRL and request */
344
345int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
346 X509 *cert)
347 {
348 STACK_OF(X509_EXTENSION) **sk = NULL;
349 if (cert)
350 sk = &cert->cert_info->extensions;
351 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
352 }
353
354/* Same as above but for a CRL */
355
356int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
357 X509_CRL *crl)
358 {
359 STACK_OF(X509_EXTENSION) **sk = NULL;
360 if (crl)
361 sk = &crl->crl->extensions;
362 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
363 }
364
365/* Add extensions to certificate request */
366
367int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
368 X509_REQ *req)
369 {
370 STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
371 int i;
372 if (req)
373 sk = &extlist;
374 i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
375 if (!i || !sk)
376 return i;
377 i = X509_REQ_add_extensions(req, extlist);
378 sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
379 return i;
380 }
381
382/* Config database functions */
383
384char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
385 {
386 if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string)
387 {
388 X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED);
389 return NULL;
390 }
391 if (ctx->db_meth->get_string)
392 return ctx->db_meth->get_string(ctx->db, name, section);
393 return NULL;
394 }
395
396STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
397 {
398 if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section)
399 {
400 X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED);
401 return NULL;
402 }
403 if (ctx->db_meth->get_section)
404 return ctx->db_meth->get_section(ctx->db, section);
405 return NULL;
406 }
407
408void X509V3_string_free(X509V3_CTX *ctx, char *str)
409 {
410 if (!str) return;
411 if (ctx->db_meth->free_string)
412 ctx->db_meth->free_string(ctx->db, str);
413 }
414
415void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
416 {
417 if (!section) return;
418 if (ctx->db_meth->free_section)
419 ctx->db_meth->free_section(ctx->db, section);
420 }
421
422static char *nconf_get_string(void *db, char *section, char *value)
423 {
424 return NCONF_get_string(db, section, value);
425 }
426
427static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
428 {
429 return NCONF_get_section(db, section);
430 }
431
432static X509V3_CONF_METHOD nconf_method = {
433nconf_get_string,
434nconf_get_section,
435NULL,
436NULL
437};
438
439void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
440 {
441 ctx->db_meth = &nconf_method;
442 ctx->db = conf;
443 }
444
445void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
446 X509_CRL *crl, int flags)
447 {
448 ctx->issuer_cert = issuer;
449 ctx->subject_cert = subj;
450 ctx->crl = crl;
451 ctx->subject_req = req;
452 ctx->flags = flags;
453 }
454
455/* Old conf compatibility functions */
456
457X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
458 char *value)
459 {
460 CONF ctmp;
461 CONF_set_nconf(&ctmp, conf);
462 return X509V3_EXT_nconf(&ctmp, ctx, name, value);
463 }
464
465/* LHASH *conf: Config file */
466/* char *value: Value */
467X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
468 char *value)
469 {
470 CONF ctmp;
471 CONF_set_nconf(&ctmp, conf);
472 return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
473 }
474
475static char *conf_lhash_get_string(void *db, char *section, char *value)
476 {
477 return CONF_get_string(db, section, value);
478 }
479
480static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
481 {
482 return CONF_get_section(db, section);
483 }
484
485static X509V3_CONF_METHOD conf_lhash_method = {
486conf_lhash_get_string,
487conf_lhash_get_section,
488NULL,
489NULL
490};
491
492void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
493 {
494 ctx->db_meth = &conf_lhash_method;
495 ctx->db = lhash;
496 }
497
498int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
499 X509 *cert)
500 {
501 CONF ctmp;
502 CONF_set_nconf(&ctmp, conf);
503 return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
504 }
505
506/* Same as above but for a CRL */
507
508int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
509 X509_CRL *crl)
510 {
511 CONF ctmp;
512 CONF_set_nconf(&ctmp, conf);
513 return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
514 }
515
516/* Add extensions to certificate request */
517
518int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
519 X509_REQ *req)
520 {
521 CONF ctmp;
522 CONF_set_nconf(&ctmp, conf);
523 return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
524 }
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
deleted file mode 100644
index ad0506d75c..0000000000
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ /dev/null
@@ -1,454 +0,0 @@
1/* v3_cpols.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66#include "pcy_int.h"
67
68/* Certificate policies extension support: this one is a bit complex... */
69
70static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
71static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
72static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
73static void print_notice(BIO *out, USERNOTICE *notice, int indent);
74static POLICYINFO *policy_section(X509V3_CTX *ctx,
75 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
76static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
77 STACK_OF(CONF_VALUE) *unot, int ia5org);
78static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
79
80const X509V3_EXT_METHOD v3_cpols = {
81NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
820,0,0,0,
830,0,
840,0,
85(X509V3_EXT_I2R)i2r_certpol,
86(X509V3_EXT_R2I)r2i_certpol,
87NULL
88};
89
90ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
91 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
92ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
93
94IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
95
96ASN1_SEQUENCE(POLICYINFO) = {
97 ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
98 ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
99} ASN1_SEQUENCE_END(POLICYINFO)
100
101IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
102
103ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
104
105ASN1_ADB(POLICYQUALINFO) = {
106 ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
107 ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
108} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
109
110ASN1_SEQUENCE(POLICYQUALINFO) = {
111 ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
112 ASN1_ADB_OBJECT(POLICYQUALINFO)
113} ASN1_SEQUENCE_END(POLICYQUALINFO)
114
115IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
116
117ASN1_SEQUENCE(USERNOTICE) = {
118 ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
119 ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
120} ASN1_SEQUENCE_END(USERNOTICE)
121
122IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
123
124ASN1_SEQUENCE(NOTICEREF) = {
125 ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
126 ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
127} ASN1_SEQUENCE_END(NOTICEREF)
128
129IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
130
131static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
132 X509V3_CTX *ctx, char *value)
133{
134 STACK_OF(POLICYINFO) *pols = NULL;
135 char *pstr;
136 POLICYINFO *pol;
137 ASN1_OBJECT *pobj;
138 STACK_OF(CONF_VALUE) *vals;
139 CONF_VALUE *cnf;
140 int i, ia5org;
141 pols = sk_POLICYINFO_new_null();
142 if (pols == NULL) {
143 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
144 return NULL;
145 }
146 vals = X509V3_parse_list(value);
147 if (vals == NULL) {
148 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
149 goto err;
150 }
151 ia5org = 0;
152 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
153 cnf = sk_CONF_VALUE_value(vals, i);
154 if(cnf->value || !cnf->name ) {
155 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
156 X509V3_conf_err(cnf);
157 goto err;
158 }
159 pstr = cnf->name;
160 if(!strcmp(pstr,"ia5org")) {
161 ia5org = 1;
162 continue;
163 } else if(*pstr == '@') {
164 STACK_OF(CONF_VALUE) *polsect;
165 polsect = X509V3_get_section(ctx, pstr + 1);
166 if(!polsect) {
167 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
168
169 X509V3_conf_err(cnf);
170 goto err;
171 }
172 pol = policy_section(ctx, polsect, ia5org);
173 X509V3_section_free(ctx, polsect);
174 if(!pol) goto err;
175 } else {
176 if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
177 X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
178 X509V3_conf_err(cnf);
179 goto err;
180 }
181 pol = POLICYINFO_new();
182 pol->policyid = pobj;
183 }
184 if (!sk_POLICYINFO_push(pols, pol)){
185 POLICYINFO_free(pol);
186 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
187 goto err;
188 }
189 }
190 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
191 return pols;
192 err:
193 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
194 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
195 return NULL;
196}
197
198static POLICYINFO *policy_section(X509V3_CTX *ctx,
199 STACK_OF(CONF_VALUE) *polstrs, int ia5org)
200{
201 int i;
202 CONF_VALUE *cnf;
203 POLICYINFO *pol;
204 POLICYQUALINFO *qual;
205 if(!(pol = POLICYINFO_new())) goto merr;
206 for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
207 cnf = sk_CONF_VALUE_value(polstrs, i);
208 if(!strcmp(cnf->name, "policyIdentifier")) {
209 ASN1_OBJECT *pobj;
210 if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
211 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
212 X509V3_conf_err(cnf);
213 goto err;
214 }
215 pol->policyid = pobj;
216
217 } else if(!name_cmp(cnf->name, "CPS")) {
218 if(!pol->qualifiers) pol->qualifiers =
219 sk_POLICYQUALINFO_new_null();
220 if(!(qual = POLICYQUALINFO_new())) goto merr;
221 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
222 goto merr;
223 qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
224 qual->d.cpsuri = M_ASN1_IA5STRING_new();
225 if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
226 strlen(cnf->value))) goto merr;
227 } else if(!name_cmp(cnf->name, "userNotice")) {
228 STACK_OF(CONF_VALUE) *unot;
229 if(*cnf->value != '@') {
230 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
231 X509V3_conf_err(cnf);
232 goto err;
233 }
234 unot = X509V3_get_section(ctx, cnf->value + 1);
235 if(!unot) {
236 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
237
238 X509V3_conf_err(cnf);
239 goto err;
240 }
241 qual = notice_section(ctx, unot, ia5org);
242 X509V3_section_free(ctx, unot);
243 if(!qual) goto err;
244 if(!pol->qualifiers) pol->qualifiers =
245 sk_POLICYQUALINFO_new_null();
246 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
247 goto merr;
248 } else {
249 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
250
251 X509V3_conf_err(cnf);
252 goto err;
253 }
254 }
255 if(!pol->policyid) {
256 X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
257 goto err;
258 }
259
260 return pol;
261
262 merr:
263 X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
264
265 err:
266 POLICYINFO_free(pol);
267 return NULL;
268
269
270}
271
272static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
273 STACK_OF(CONF_VALUE) *unot, int ia5org)
274{
275 int i, ret;
276 CONF_VALUE *cnf;
277 USERNOTICE *not;
278 POLICYQUALINFO *qual;
279 if(!(qual = POLICYQUALINFO_new())) goto merr;
280 qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
281 if(!(not = USERNOTICE_new())) goto merr;
282 qual->d.usernotice = not;
283 for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
284 cnf = sk_CONF_VALUE_value(unot, i);
285 if(!strcmp(cnf->name, "explicitText")) {
286 not->exptext = M_ASN1_VISIBLESTRING_new();
287 if(!ASN1_STRING_set(not->exptext, cnf->value,
288 strlen(cnf->value))) goto merr;
289 } else if(!strcmp(cnf->name, "organization")) {
290 NOTICEREF *nref;
291 if(!not->noticeref) {
292 if(!(nref = NOTICEREF_new())) goto merr;
293 not->noticeref = nref;
294 } else nref = not->noticeref;
295 if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
296 else nref->organization->type = V_ASN1_VISIBLESTRING;
297 if(!ASN1_STRING_set(nref->organization, cnf->value,
298 strlen(cnf->value))) goto merr;
299 } else if(!strcmp(cnf->name, "noticeNumbers")) {
300 NOTICEREF *nref;
301 STACK_OF(CONF_VALUE) *nos;
302 if(!not->noticeref) {
303 if(!(nref = NOTICEREF_new())) goto merr;
304 not->noticeref = nref;
305 } else nref = not->noticeref;
306 nos = X509V3_parse_list(cnf->value);
307 if(!nos || !sk_CONF_VALUE_num(nos)) {
308 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
309 X509V3_conf_err(cnf);
310 goto err;
311 }
312 ret = nref_nos(nref->noticenos, nos);
313 sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
314 if (!ret)
315 goto err;
316 } else {
317 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
318 X509V3_conf_err(cnf);
319 goto err;
320 }
321 }
322
323 if(not->noticeref &&
324 (!not->noticeref->noticenos || !not->noticeref->organization)) {
325 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
326 goto err;
327 }
328
329 return qual;
330
331 merr:
332 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
333
334 err:
335 POLICYQUALINFO_free(qual);
336 return NULL;
337}
338
339static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
340{
341 CONF_VALUE *cnf;
342 ASN1_INTEGER *aint;
343
344 int i;
345
346 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
347 cnf = sk_CONF_VALUE_value(nos, i);
348 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
349 X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
350 goto err;
351 }
352 if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
353 }
354 return 1;
355
356 merr:
357 X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE);
358
359 err:
360 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
361 return 0;
362}
363
364
365static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
366 BIO *out, int indent)
367{
368 int i;
369 POLICYINFO *pinfo;
370 /* First print out the policy OIDs */
371 for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
372 pinfo = sk_POLICYINFO_value(pol, i);
373 BIO_printf(out, "%*sPolicy: ", indent, "");
374 i2a_ASN1_OBJECT(out, pinfo->policyid);
375 BIO_puts(out, "\n");
376 if(pinfo->qualifiers)
377 print_qualifiers(out, pinfo->qualifiers, indent + 2);
378 }
379 return 1;
380}
381
382static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
383 int indent)
384{
385 POLICYQUALINFO *qualinfo;
386 int i;
387 for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
388 qualinfo = sk_POLICYQUALINFO_value(quals, i);
389 switch(OBJ_obj2nid(qualinfo->pqualid))
390 {
391 case NID_id_qt_cps:
392 BIO_printf(out, "%*sCPS: %s\n", indent, "",
393 qualinfo->d.cpsuri->data);
394 break;
395
396 case NID_id_qt_unotice:
397 BIO_printf(out, "%*sUser Notice:\n", indent, "");
398 print_notice(out, qualinfo->d.usernotice, indent + 2);
399 break;
400
401 default:
402 BIO_printf(out, "%*sUnknown Qualifier: ",
403 indent + 2, "");
404
405 i2a_ASN1_OBJECT(out, qualinfo->pqualid);
406 BIO_puts(out, "\n");
407 break;
408 }
409 }
410}
411
412static void print_notice(BIO *out, USERNOTICE *notice, int indent)
413{
414 int i;
415 if(notice->noticeref) {
416 NOTICEREF *ref;
417 ref = notice->noticeref;
418 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
419 ref->organization->data);
420 BIO_printf(out, "%*sNumber%s: ", indent, "",
421 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
422 for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
423 ASN1_INTEGER *num;
424 char *tmp;
425 num = sk_ASN1_INTEGER_value(ref->noticenos, i);
426 if(i) BIO_puts(out, ", ");
427 tmp = i2s_ASN1_INTEGER(NULL, num);
428 BIO_puts(out, tmp);
429 OPENSSL_free(tmp);
430 }
431 BIO_puts(out, "\n");
432 }
433 if(notice->exptext)
434 BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
435 notice->exptext->data);
436}
437
438void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
439 {
440 const X509_POLICY_DATA *dat = node->data;
441
442 BIO_printf(out, "%*sPolicy: ", indent, "");
443
444 i2a_ASN1_OBJECT(out, dat->valid_policy);
445 BIO_puts(out, "\n");
446 BIO_printf(out, "%*s%s\n", indent + 2, "",
447 node_data_critical(dat) ? "Critical" : "Non Critical");
448 if (dat->qualifier_set)
449 print_qualifiers(out, dat->qualifier_set, indent + 2);
450 else
451 BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
452 }
453
454IMPLEMENT_STACK_OF(X509_POLICY_NODE)
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
deleted file mode 100644
index 181a8977b1..0000000000
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ /dev/null
@@ -1,162 +0,0 @@
1/* v3_crld.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
67 STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
68static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
69 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
70
71const X509V3_EXT_METHOD v3_crld = {
72NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
730,0,0,0,
740,0,
75(X509V3_EXT_I2V)i2v_crld,
76(X509V3_EXT_V2I)v2i_crld,
770,0,
78NULL
79};
80
81static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
82 STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
83{
84 DIST_POINT *point;
85 int i;
86 for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
87 point = sk_DIST_POINT_value(crld, i);
88 if(point->distpoint) {
89 if(point->distpoint->type == 0)
90 exts = i2v_GENERAL_NAMES(NULL,
91 point->distpoint->name.fullname, exts);
92 else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
93 }
94 if(point->reasons)
95 X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
96 if(point->CRLissuer)
97 X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
98 }
99 return exts;
100}
101
102static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
103 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
104{
105 STACK_OF(DIST_POINT) *crld = NULL;
106 GENERAL_NAMES *gens = NULL;
107 GENERAL_NAME *gen = NULL;
108 CONF_VALUE *cnf;
109 int i;
110 if(!(crld = sk_DIST_POINT_new_null())) goto merr;
111 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
112 DIST_POINT *point;
113 cnf = sk_CONF_VALUE_value(nval, i);
114 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
115 if(!(gens = GENERAL_NAMES_new())) goto merr;
116 if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
117 gen = NULL;
118 if(!(point = DIST_POINT_new())) goto merr;
119 if(!sk_DIST_POINT_push(crld, point)) {
120 DIST_POINT_free(point);
121 goto merr;
122 }
123 if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
124 point->distpoint->name.fullname = gens;
125 point->distpoint->type = 0;
126 gens = NULL;
127 }
128 return crld;
129
130 merr:
131 X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
132 err:
133 GENERAL_NAME_free(gen);
134 GENERAL_NAMES_free(gens);
135 sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
136 return NULL;
137}
138
139IMPLEMENT_STACK_OF(DIST_POINT)
140IMPLEMENT_ASN1_SET_OF(DIST_POINT)
141
142
143ASN1_CHOICE(DIST_POINT_NAME) = {
144 ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
145 ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
146} ASN1_CHOICE_END(DIST_POINT_NAME)
147
148IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
149
150ASN1_SEQUENCE(DIST_POINT) = {
151 ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
152 ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
153 ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
154} ASN1_SEQUENCE_END(DIST_POINT)
155
156IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
157
158ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
159 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
160ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
161
162IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
deleted file mode 100644
index 36576eaa4d..0000000000
--- a/src/lib/libcrypto/x509v3/v3_enum.c
+++ /dev/null
@@ -1,94 +0,0 @@
1/* v3_enum.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63static ENUMERATED_NAMES crl_reasons[] = {
64{0, "Unspecified", "unspecified"},
65{1, "Key Compromise", "keyCompromise"},
66{2, "CA Compromise", "CACompromise"},
67{3, "Affiliation Changed", "affiliationChanged"},
68{4, "Superseded", "superseded"},
69{5, "Cessation Of Operation", "cessationOfOperation"},
70{6, "Certificate Hold", "certificateHold"},
71{8, "Remove From CRL", "removeFromCRL"},
72{-1, NULL, NULL}
73};
74
75const X509V3_EXT_METHOD v3_crl_reason = {
76NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
770,0,0,0,
78(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
790,
800,0,0,0,
81crl_reasons};
82
83
84char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
85 ASN1_ENUMERATED *e)
86{
87 ENUMERATED_NAMES *enam;
88 long strval;
89 strval = ASN1_ENUMERATED_get(e);
90 for(enam = method->usr_data; enam->lname; enam++) {
91 if(strval == enam->bitnum) return BUF_strdup(enam->lname);
92 }
93 return i2s_ASN1_ENUMERATED(method, e);
94}
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
deleted file mode 100644
index c0d14500ed..0000000000
--- a/src/lib/libcrypto/x509v3/v3_extku.c
+++ /dev/null
@@ -1,142 +0,0 @@
1/* v3_extku.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1t.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
69 void *eku, STACK_OF(CONF_VALUE) *extlist);
70
71const X509V3_EXT_METHOD v3_ext_ku = {
72 NID_ext_key_usage, 0,
73 ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
74 0,0,0,0,
75 0,0,
76 i2v_EXTENDED_KEY_USAGE,
77 v2i_EXTENDED_KEY_USAGE,
78 0,0,
79 NULL
80};
81
82/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
83const X509V3_EXT_METHOD v3_ocsp_accresp = {
84 NID_id_pkix_OCSP_acceptableResponses, 0,
85 ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
86 0,0,0,0,
87 0,0,
88 i2v_EXTENDED_KEY_USAGE,
89 v2i_EXTENDED_KEY_USAGE,
90 0,0,
91 NULL
92};
93
94ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
95 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
96ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
97
98IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
99
100static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
101 void *a, STACK_OF(CONF_VALUE) *ext_list)
102{
103 EXTENDED_KEY_USAGE *eku = a;
104 int i;
105 ASN1_OBJECT *obj;
106 char obj_tmp[80];
107 for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
108 obj = sk_ASN1_OBJECT_value(eku, i);
109 i2t_ASN1_OBJECT(obj_tmp, 80, obj);
110 X509V3_add_value(NULL, obj_tmp, &ext_list);
111 }
112 return ext_list;
113}
114
115static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
116 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
117{
118 EXTENDED_KEY_USAGE *extku;
119 char *extval;
120 ASN1_OBJECT *objtmp;
121 CONF_VALUE *val;
122 int i;
123
124 if(!(extku = sk_ASN1_OBJECT_new_null())) {
125 X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE);
126 return NULL;
127 }
128
129 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
130 val = sk_CONF_VALUE_value(nval, i);
131 if(val->value) extval = val->value;
132 else extval = val->name;
133 if(!(objtmp = OBJ_txt2obj(extval, 0))) {
134 sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
135 X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
136 X509V3_conf_err(val);
137 return NULL;
138 }
139 sk_ASN1_OBJECT_push(extku, objtmp);
140 }
141 return extku;
142}
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
deleted file mode 100644
index 84b4b1c881..0000000000
--- a/src/lib/libcrypto/x509v3/v3_genn.c
+++ /dev/null
@@ -1,101 +0,0 @@
1/* v3_genn.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1t.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66ASN1_SEQUENCE(OTHERNAME) = {
67 ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
68 /* Maybe have a true ANY DEFINED BY later */
69 ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
70} ASN1_SEQUENCE_END(OTHERNAME)
71
72IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
73
74ASN1_SEQUENCE(EDIPARTYNAME) = {
75 ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
76 ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
77} ASN1_SEQUENCE_END(EDIPARTYNAME)
78
79IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
80
81ASN1_CHOICE(GENERAL_NAME) = {
82 ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
83 ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
84 ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
85 /* Don't decode this */
86 ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
87 /* X509_NAME is a CHOICE type so use EXPLICIT */
88 ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
89 ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
90 ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
91 ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
92 ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
93} ASN1_CHOICE_END(GENERAL_NAME)
94
95IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
96
97ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
98 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
99ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
100
101IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
deleted file mode 100644
index 4ff12b52b5..0000000000
--- a/src/lib/libcrypto/x509v3/v3_ia5.c
+++ /dev/null
@@ -1,116 +0,0 @@
1/* v3_ia5.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
67static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
68const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
69EXT_IA5STRING(NID_netscape_base_url),
70EXT_IA5STRING(NID_netscape_revocation_url),
71EXT_IA5STRING(NID_netscape_ca_revocation_url),
72EXT_IA5STRING(NID_netscape_renewal_url),
73EXT_IA5STRING(NID_netscape_ca_policy_url),
74EXT_IA5STRING(NID_netscape_ssl_server_name),
75EXT_IA5STRING(NID_netscape_comment),
76EXT_END
77};
78
79
80static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
81 ASN1_IA5STRING *ia5)
82{
83 char *tmp;
84 if(!ia5 || !ia5->length) return NULL;
85 if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {
86 X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89 memcpy(tmp, ia5->data, ia5->length);
90 tmp[ia5->length] = 0;
91 return tmp;
92}
93
94static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
95 X509V3_CTX *ctx, char *str)
96{
97 ASN1_IA5STRING *ia5;
98 if(!str) {
99 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
100 return NULL;
101 }
102 if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
103 if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
104 strlen(str))) {
105 M_ASN1_IA5STRING_free(ia5);
106 goto err;
107 }
108#ifdef CHARSET_EBCDIC
109 ebcdic2ascii(ia5->data, ia5->data, ia5->length);
110#endif /*CHARSET_EBCDIC*/
111 return ia5;
112 err:
113 X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
114 return NULL;
115}
116
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
deleted file mode 100644
index e1b8699f92..0000000000
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ /dev/null
@@ -1,193 +0,0 @@
1/* v3_info.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
67 AUTHORITY_INFO_ACCESS *ainfo,
68 STACK_OF(CONF_VALUE) *ret);
69static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
71
72const X509V3_EXT_METHOD v3_info =
73{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
740,0,0,0,
750,0,
76(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
77(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
780,0,
79NULL};
80
81const X509V3_EXT_METHOD v3_sinfo =
82{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
830,0,0,0,
840,0,
85(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
86(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
870,0,
88NULL};
89
90ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
91 ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
92 ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
93} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
94
95IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
96
97ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =
98 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
99ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
100
101IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
102
103static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
104 AUTHORITY_INFO_ACCESS *ainfo,
105 STACK_OF(CONF_VALUE) *ret)
106{
107 ACCESS_DESCRIPTION *desc;
108 int i,nlen;
109 char objtmp[80], *ntmp;
110 CONF_VALUE *vtmp;
111 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
112 desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
113 ret = i2v_GENERAL_NAME(method, desc->location, ret);
114 if(!ret) break;
115 vtmp = sk_CONF_VALUE_value(ret, i);
116 i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
117 nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
118 ntmp = OPENSSL_malloc(nlen);
119 if(!ntmp) {
120 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
121 ERR_R_MALLOC_FAILURE);
122 return NULL;
123 }
124 BUF_strlcpy(ntmp, objtmp, nlen);
125 BUF_strlcat(ntmp, " - ", nlen);
126 BUF_strlcat(ntmp, vtmp->name, nlen);
127 OPENSSL_free(vtmp->name);
128 vtmp->name = ntmp;
129
130 }
131 if(!ret) return sk_CONF_VALUE_new_null();
132 return ret;
133}
134
135static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
136 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
137{
138 AUTHORITY_INFO_ACCESS *ainfo = NULL;
139 CONF_VALUE *cnf, ctmp;
140 ACCESS_DESCRIPTION *acc;
141 int i, objlen;
142 char *objtmp, *ptmp;
143 if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
144 X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
145 return NULL;
146 }
147 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
148 cnf = sk_CONF_VALUE_value(nval, i);
149 if(!(acc = ACCESS_DESCRIPTION_new())
150 || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
151 X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
152 goto err;
153 }
154 ptmp = strchr(cnf->name, ';');
155 if(!ptmp) {
156 X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX);
157 goto err;
158 }
159 objlen = ptmp - cnf->name;
160 ctmp.name = ptmp + 1;
161 ctmp.value = cnf->value;
162 if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
163 goto err;
164 if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
165 X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
166 goto err;
167 }
168 strncpy(objtmp, cnf->name, objlen);
169 objtmp[objlen] = 0;
170 acc->method = OBJ_txt2obj(objtmp, 0);
171 if(!acc->method) {
172 X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT);
173 ERR_add_error_data(2, "value=", objtmp);
174 OPENSSL_free(objtmp);
175 goto err;
176 }
177 OPENSSL_free(objtmp);
178
179 }
180 return ainfo;
181 err:
182 sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
183 return NULL;
184}
185
186int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
187 {
188 i2a_ASN1_OBJECT(bp, a->method);
189#ifdef UNDEF
190 i2a_GENERAL_NAME(bp, a->location);
191#endif
192 return 2;
193 }
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
deleted file mode 100644
index 4bfd14cf46..0000000000
--- a/src/lib/libcrypto/x509v3/v3_int.c
+++ /dev/null
@@ -1,89 +0,0 @@
1/* v3_int.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62
63const X509V3_EXT_METHOD v3_crl_num = {
64 NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
65 0,0,0,0,
66 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
67 0,
68 0,0,0,0, NULL};
69
70const X509V3_EXT_METHOD v3_delta_crl = {
71 NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
72 0,0,0,0,
73 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
74 0,
75 0,0,0,0, NULL};
76
77static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
78 {
79 return s2i_ASN1_INTEGER(meth, value);
80 }
81
82const X509V3_EXT_METHOD v3_inhibit_anyp = {
83 NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
84 0,0,0,0,
85 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
86 (X509V3_EXT_S2I)s2i_asn1_int,
87 0,0,0,0, NULL};
88
89
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
deleted file mode 100644
index df3a48f43e..0000000000
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ /dev/null
@@ -1,303 +0,0 @@
1/* v3_lib.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/x509v3.h>
64
65#include "ext_dat.h"
66
67static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
68
69static int ext_cmp(const X509V3_EXT_METHOD * const *a,
70 const X509V3_EXT_METHOD * const *b);
71static void ext_list_free(X509V3_EXT_METHOD *ext);
72
73int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
74{
75 if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
76 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
77 return 0;
78 }
79 if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
80 X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
81 return 0;
82 }
83 return 1;
84}
85
86static int ext_cmp(const X509V3_EXT_METHOD * const *a,
87 const X509V3_EXT_METHOD * const *b)
88{
89 return ((*a)->ext_nid - (*b)->ext_nid);
90}
91
92X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
93{
94 X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
95 int idx;
96 if(nid < 0) return NULL;
97 tmp.ext_nid = nid;
98 ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
99 (char *)standard_exts, STANDARD_EXTENSION_COUNT,
100 sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
101 if(ret) return *ret;
102 if(!ext_list) return NULL;
103 idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
104 if(idx == -1) return NULL;
105 return sk_X509V3_EXT_METHOD_value(ext_list, idx);
106}
107
108X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
109{
110 int nid;
111 if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
112 return X509V3_EXT_get_nid(nid);
113}
114
115
116int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
117{
118 for(;extlist->ext_nid!=-1;extlist++)
119 if(!X509V3_EXT_add(extlist)) return 0;
120 return 1;
121}
122
123int X509V3_EXT_add_alias(int nid_to, int nid_from)
124{
125 X509V3_EXT_METHOD *ext, *tmpext;
126 if(!(ext = X509V3_EXT_get_nid(nid_from))) {
127 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
128 return 0;
129 }
130 if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
131 X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
132 return 0;
133 }
134 *tmpext = *ext;
135 tmpext->ext_nid = nid_to;
136 tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
137 return X509V3_EXT_add(tmpext);
138}
139
140void X509V3_EXT_cleanup(void)
141{
142 sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
143 ext_list = NULL;
144}
145
146static void ext_list_free(X509V3_EXT_METHOD *ext)
147{
148 if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
149}
150
151/* Legacy function: we don't need to add standard extensions
152 * any more because they are now kept in ext_dat.h.
153 */
154
155int X509V3_add_standard_extensions(void)
156{
157 return 1;
158}
159
160/* Return an extension internal structure */
161
162void *X509V3_EXT_d2i(X509_EXTENSION *ext)
163{
164 X509V3_EXT_METHOD *method;
165 const unsigned char *p;
166
167 if(!(method = X509V3_EXT_get(ext))) return NULL;
168 p = ext->value->data;
169 if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
170 return method->d2i(NULL, &p, ext->value->length);
171}
172
173/* Get critical flag and decoded version of extension from a NID.
174 * The "idx" variable returns the last found extension and can
175 * be used to retrieve multiple extensions of the same NID.
176 * However multiple extensions with the same NID is usually
177 * due to a badly encoded certificate so if idx is NULL we
178 * choke if multiple extensions exist.
179 * The "crit" variable is set to the critical value.
180 * The return value is the decoded extension or NULL on
181 * error. The actual error can have several different causes,
182 * the value of *crit reflects the cause:
183 * >= 0, extension found but not decoded (reflects critical value).
184 * -1 extension not found.
185 * -2 extension occurs more than once.
186 */
187
188void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
189{
190 int lastpos, i;
191 X509_EXTENSION *ex, *found_ex = NULL;
192 if(!x) {
193 if(idx) *idx = -1;
194 if(crit) *crit = -1;
195 return NULL;
196 }
197 if(idx) lastpos = *idx + 1;
198 else lastpos = 0;
199 if(lastpos < 0) lastpos = 0;
200 for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
201 {
202 ex = sk_X509_EXTENSION_value(x, i);
203 if(OBJ_obj2nid(ex->object) == nid) {
204 if(idx) {
205 *idx = i;
206 found_ex = ex;
207 break;
208 } else if(found_ex) {
209 /* Found more than one */
210 if(crit) *crit = -2;
211 return NULL;
212 }
213 found_ex = ex;
214 }
215 }
216 if(found_ex) {
217 /* Found it */
218 if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
219 return X509V3_EXT_d2i(found_ex);
220 }
221
222 /* Extension not found */
223 if(idx) *idx = -1;
224 if(crit) *crit = -1;
225 return NULL;
226}
227
228/* This function is a general extension append, replace and delete utility.
229 * The precise operation is governed by the 'flags' value. The 'crit' and
230 * 'value' arguments (if relevant) are the extensions internal structure.
231 */
232
233int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
234 int crit, unsigned long flags)
235{
236 int extidx = -1;
237 int errcode;
238 X509_EXTENSION *ext, *extmp;
239 unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
240
241 /* If appending we don't care if it exists, otherwise
242 * look for existing extension.
243 */
244 if(ext_op != X509V3_ADD_APPEND)
245 extidx = X509v3_get_ext_by_NID(*x, nid, -1);
246
247 /* See if extension exists */
248 if(extidx >= 0) {
249 /* If keep existing, nothing to do */
250 if(ext_op == X509V3_ADD_KEEP_EXISTING)
251 return 1;
252 /* If default then its an error */
253 if(ext_op == X509V3_ADD_DEFAULT) {
254 errcode = X509V3_R_EXTENSION_EXISTS;
255 goto err;
256 }
257 /* If delete, just delete it */
258 if(ext_op == X509V3_ADD_DELETE) {
259 if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
260 return 1;
261 }
262 } else {
263 /* If replace existing or delete, error since
264 * extension must exist
265 */
266 if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
267 (ext_op == X509V3_ADD_DELETE)) {
268 errcode = X509V3_R_EXTENSION_NOT_FOUND;
269 goto err;
270 }
271 }
272
273 /* If we get this far then we have to create an extension:
274 * could have some flags for alternative encoding schemes...
275 */
276
277 ext = X509V3_EXT_i2d(nid, crit, value);
278
279 if(!ext) {
280 X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
281 return 0;
282 }
283
284 /* If extension exists replace it.. */
285 if(extidx >= 0) {
286 extmp = sk_X509_EXTENSION_value(*x, extidx);
287 X509_EXTENSION_free(extmp);
288 if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
289 return 1;
290 }
291
292 if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
293 if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
294
295 return 1;
296
297 err:
298 if(!(flags & X509V3_ADD_SILENT))
299 X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
300 return 0;
301}
302
303IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/src/lib/libcrypto/x509v3/v3_ncons.c b/src/lib/libcrypto/x509v3/v3_ncons.c
deleted file mode 100644
index 4e706be3e1..0000000000
--- a/src/lib/libcrypto/x509v3/v3_ncons.c
+++ /dev/null
@@ -1,220 +0,0 @@
1/* v3_ncons.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1t.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
69 void *a, BIO *bp, int ind);
70static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
71 STACK_OF(GENERAL_SUBTREE) *trees,
72 BIO *bp, int ind, char *name);
73static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
74
75const X509V3_EXT_METHOD v3_name_constraints = {
76 NID_name_constraints, 0,
77 ASN1_ITEM_ref(NAME_CONSTRAINTS),
78 0,0,0,0,
79 0,0,
80 0, v2i_NAME_CONSTRAINTS,
81 i2r_NAME_CONSTRAINTS,0,
82 NULL
83};
84
85ASN1_SEQUENCE(GENERAL_SUBTREE) = {
86 ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
87 ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
88 ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
89} ASN1_SEQUENCE_END(GENERAL_SUBTREE)
90
91ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
92 ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
93 GENERAL_SUBTREE, 0),
94 ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
95 GENERAL_SUBTREE, 1),
96} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
97
98
99IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
100IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
101
102static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
103 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
104 {
105 int i;
106 CONF_VALUE tval, *val;
107 STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
108 NAME_CONSTRAINTS *ncons = NULL;
109 GENERAL_SUBTREE *sub = NULL;
110 ncons = NAME_CONSTRAINTS_new();
111 if (!ncons)
112 goto memerr;
113 for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
114 {
115 val = sk_CONF_VALUE_value(nval, i);
116 if (!strncmp(val->name, "permitted", 9) && val->name[9])
117 {
118 ptree = &ncons->permittedSubtrees;
119 tval.name = val->name + 10;
120 }
121 else if (!strncmp(val->name, "excluded", 8) && val->name[8])
122 {
123 ptree = &ncons->excludedSubtrees;
124 tval.name = val->name + 9;
125 }
126 else
127 {
128 X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
129 goto err;
130 }
131 tval.value = val->value;
132 sub = GENERAL_SUBTREE_new();
133 if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
134 goto err;
135 if (!*ptree)
136 *ptree = sk_GENERAL_SUBTREE_new_null();
137 if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
138 goto memerr;
139 sub = NULL;
140 }
141
142 return ncons;
143
144 memerr:
145 X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
146 err:
147 if (ncons)
148 NAME_CONSTRAINTS_free(ncons);
149 if (sub)
150 GENERAL_SUBTREE_free(sub);
151
152 return NULL;
153 }
154
155
156
157
158static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
159 void *a, BIO *bp, int ind)
160 {
161 NAME_CONSTRAINTS *ncons = a;
162 do_i2r_name_constraints(method, ncons->permittedSubtrees,
163 bp, ind, "Permitted");
164 do_i2r_name_constraints(method, ncons->excludedSubtrees,
165 bp, ind, "Excluded");
166 return 1;
167 }
168
169static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
170 STACK_OF(GENERAL_SUBTREE) *trees,
171 BIO *bp, int ind, char *name)
172 {
173 GENERAL_SUBTREE *tree;
174 int i;
175 if (sk_GENERAL_SUBTREE_num(trees) > 0)
176 BIO_printf(bp, "%*s%s:\n", ind, "", name);
177 for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++)
178 {
179 tree = sk_GENERAL_SUBTREE_value(trees, i);
180 BIO_printf(bp, "%*s", ind + 2, "");
181 if (tree->base->type == GEN_IPADD)
182 print_nc_ipadd(bp, tree->base->d.ip);
183 else
184 GENERAL_NAME_print(bp, tree->base);
185 tree = sk_GENERAL_SUBTREE_value(trees, i);
186 BIO_puts(bp, "\n");
187 }
188 return 1;
189 }
190
191static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
192 {
193 int i, len;
194 unsigned char *p;
195 p = ip->data;
196 len = ip->length;
197 BIO_puts(bp, "IP:");
198 if(len == 8)
199 {
200 BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
201 p[0], p[1], p[2], p[3],
202 p[4], p[5], p[6], p[7]);
203 }
204 else if(len == 32)
205 {
206 for (i = 0; i < 16; i++)
207 {
208 BIO_printf(bp, "%X", p[0] << 8 | p[1]);
209 p += 2;
210 if (i == 7)
211 BIO_puts(bp, "/");
212 else if (i != 15)
213 BIO_puts(bp, ":");
214 }
215 }
216 else
217 BIO_printf(bp, "IP Address:<invalid>");
218 return 1;
219 }
220
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
deleted file mode 100644
index e426ea930c..0000000000
--- a/src/lib/libcrypto/x509v3/v3_ocsp.c
+++ /dev/null
@@ -1,275 +0,0 @@
1/* v3_ocsp.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef OPENSSL_NO_OCSP
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/conf.h>
64#include <openssl/asn1.h>
65#include <openssl/ocsp.h>
66#include <openssl/x509v3.h>
67
68/* OCSP extensions and a couple of CRL entry extensions
69 */
70
71static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
72static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
73static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
74
75static void *ocsp_nonce_new(void);
76static int i2d_ocsp_nonce(void *a, unsigned char **pp);
77static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
78static void ocsp_nonce_free(void *a);
79static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
80
81static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
82static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
83static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
84
85const X509V3_EXT_METHOD v3_ocsp_crlid = {
86 NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
87 0,0,0,0,
88 0,0,
89 0,0,
90 i2r_ocsp_crlid,0,
91 NULL
92};
93
94const X509V3_EXT_METHOD v3_ocsp_acutoff = {
95 NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
96 0,0,0,0,
97 0,0,
98 0,0,
99 i2r_ocsp_acutoff,0,
100 NULL
101};
102
103const X509V3_EXT_METHOD v3_crl_invdate = {
104 NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
105 0,0,0,0,
106 0,0,
107 0,0,
108 i2r_ocsp_acutoff,0,
109 NULL
110};
111
112const X509V3_EXT_METHOD v3_crl_hold = {
113 NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
114 0,0,0,0,
115 0,0,
116 0,0,
117 i2r_object,0,
118 NULL
119};
120
121const X509V3_EXT_METHOD v3_ocsp_nonce = {
122 NID_id_pkix_OCSP_Nonce, 0, NULL,
123 ocsp_nonce_new,
124 ocsp_nonce_free,
125 d2i_ocsp_nonce,
126 i2d_ocsp_nonce,
127 0,0,
128 0,0,
129 i2r_ocsp_nonce,0,
130 NULL
131};
132
133const X509V3_EXT_METHOD v3_ocsp_nocheck = {
134 NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
135 0,0,0,0,
136 0,s2i_ocsp_nocheck,
137 0,0,
138 i2r_ocsp_nocheck,0,
139 NULL
140};
141
142const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
143 NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
144 0,0,0,0,
145 0,0,
146 0,0,
147 i2r_ocsp_serviceloc,0,
148 NULL
149};
150
151static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
152{
153 OCSP_CRLID *a = in;
154 if (a->crlUrl)
155 {
156 if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
157 if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
158 if (!BIO_write(bp, "\n", 1)) goto err;
159 }
160 if (a->crlNum)
161 {
162 if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
163 if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
164 if (!BIO_write(bp, "\n", 1)) goto err;
165 }
166 if (a->crlTime)
167 {
168 if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
169 if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
170 if (!BIO_write(bp, "\n", 1)) goto err;
171 }
172 return 1;
173 err:
174 return 0;
175}
176
177static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
178{
179 if (!BIO_printf(bp, "%*s", ind, "")) return 0;
180 if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
181 return 1;
182}
183
184
185static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
186{
187 if (!BIO_printf(bp, "%*s", ind, "")) return 0;
188 if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
189 return 1;
190}
191
192/* OCSP nonce. This is needs special treatment because it doesn't have
193 * an ASN1 encoding at all: it just contains arbitrary data.
194 */
195
196static void *ocsp_nonce_new(void)
197{
198 return ASN1_OCTET_STRING_new();
199}
200
201static int i2d_ocsp_nonce(void *a, unsigned char **pp)
202{
203 ASN1_OCTET_STRING *os = a;
204 if(pp) {
205 memcpy(*pp, os->data, os->length);
206 *pp += os->length;
207 }
208 return os->length;
209}
210
211static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
212{
213 ASN1_OCTET_STRING *os, **pos;
214 pos = a;
215 if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
216 else os = *pos;
217 if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
218
219 *pp += length;
220
221 if(pos) *pos = os;
222 return os;
223
224 err:
225 if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
226 OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
227 return NULL;
228}
229
230static void ocsp_nonce_free(void *a)
231{
232 M_ASN1_OCTET_STRING_free(a);
233}
234
235static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
236{
237 if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
238 if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
239 return 1;
240}
241
242/* Nocheck is just a single NULL. Don't print anything and always set it */
243
244static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
245{
246 return 1;
247}
248
249static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
250{
251 return ASN1_NULL_new();
252}
253
254static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
255 {
256 int i;
257 OCSP_SERVICELOC *a = in;
258 ACCESS_DESCRIPTION *ad;
259
260 if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
261 if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
262 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
263 {
264 ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
265 if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0)
266 goto err;
267 if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
268 if(BIO_puts(bp, " - ") <= 0) goto err;
269 if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
270 }
271 return 1;
272err:
273 return 0;
274 }
275#endif
diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c
deleted file mode 100644
index 601211f416..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pci.c
+++ /dev/null
@@ -1,302 +0,0 @@
1/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
2/* Contributed to the OpenSSL Project 2004
3 * by Richard Levitte (richard@levitte.org)
4 */
5/* Copyright (c) 2004 Kungliga Tekniska Högskolan
6 * (Royal Institute of Technology, Stockholm, Sweden).
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * 3. Neither the name of the Institute nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37#include <stdio.h>
38#include "cryptlib.h"
39#include <openssl/conf.h>
40#include <openssl/x509v3.h>
41
42static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
43 BIO *out, int indent);
44static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
45 X509V3_CTX *ctx, char *str);
46
47const X509V3_EXT_METHOD v3_pci =
48 { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
49 0,0,0,0,
50 0,0,
51 NULL, NULL,
52 (X509V3_EXT_I2R)i2r_pci,
53 (X509V3_EXT_R2I)r2i_pci,
54 NULL,
55 };
56
57static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
58 BIO *out, int indent)
59 {
60 BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
61 if (pci->pcPathLengthConstraint)
62 i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
63 else
64 BIO_printf(out, "infinite");
65 BIO_puts(out, "\n");
66 BIO_printf(out, "%*sPolicy Language: ", indent, "");
67 i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
68 BIO_puts(out, "\n");
69 if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
70 BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
71 pci->proxyPolicy->policy->data);
72 return 1;
73 }
74
75static int process_pci_value(CONF_VALUE *val,
76 ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
77 ASN1_OCTET_STRING **policy)
78 {
79 int free_policy = 0;
80
81 if (strcmp(val->name, "language") == 0)
82 {
83 if (*language)
84 {
85 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
86 X509V3_conf_err(val);
87 return 0;
88 }
89 if (!(*language = OBJ_txt2obj(val->value, 0)))
90 {
91 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
92 X509V3_conf_err(val);
93 return 0;
94 }
95 }
96 else if (strcmp(val->name, "pathlen") == 0)
97 {
98 if (*pathlen)
99 {
100 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
101 X509V3_conf_err(val);
102 return 0;
103 }
104 if (!X509V3_get_value_int(val, pathlen))
105 {
106 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);
107 X509V3_conf_err(val);
108 return 0;
109 }
110 }
111 else if (strcmp(val->name, "policy") == 0)
112 {
113 unsigned char *tmp_data = NULL;
114 long val_len;
115 if (!*policy)
116 {
117 *policy = ASN1_OCTET_STRING_new();
118 if (!*policy)
119 {
120 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
121 X509V3_conf_err(val);
122 return 0;
123 }
124 free_policy = 1;
125 }
126 if (strncmp(val->value, "hex:", 4) == 0)
127 {
128 unsigned char *tmp_data2 =
129 string_to_hex(val->value + 4, &val_len);
130
131 if (!tmp_data2) goto err;
132
133 tmp_data = OPENSSL_realloc((*policy)->data,
134 (*policy)->length + val_len + 1);
135 if (tmp_data)
136 {
137 (*policy)->data = tmp_data;
138 memcpy(&(*policy)->data[(*policy)->length],
139 tmp_data2, val_len);
140 (*policy)->length += val_len;
141 (*policy)->data[(*policy)->length] = '\0';
142 }
143 }
144 else if (strncmp(val->value, "file:", 5) == 0)
145 {
146 unsigned char buf[2048];
147 int n;
148 BIO *b = BIO_new_file(val->value + 5, "r");
149 if (!b)
150 {
151 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
152 X509V3_conf_err(val);
153 goto err;
154 }
155 while((n = BIO_read(b, buf, sizeof(buf))) > 0
156 || (n == 0 && BIO_should_retry(b)))
157 {
158 if (!n) continue;
159
160 tmp_data = OPENSSL_realloc((*policy)->data,
161 (*policy)->length + n + 1);
162
163 if (!tmp_data)
164 break;
165
166 (*policy)->data = tmp_data;
167 memcpy(&(*policy)->data[(*policy)->length],
168 buf, n);
169 (*policy)->length += n;
170 (*policy)->data[(*policy)->length] = '\0';
171 }
172
173 if (n < 0)
174 {
175 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
176 X509V3_conf_err(val);
177 goto err;
178 }
179 }
180 else if (strncmp(val->value, "text:", 5) == 0)
181 {
182 val_len = strlen(val->value + 5);
183 tmp_data = OPENSSL_realloc((*policy)->data,
184 (*policy)->length + val_len + 1);
185 if (tmp_data)
186 {
187 (*policy)->data = tmp_data;
188 memcpy(&(*policy)->data[(*policy)->length],
189 val->value + 5, val_len);
190 (*policy)->length += val_len;
191 (*policy)->data[(*policy)->length] = '\0';
192 }
193 }
194 else
195 {
196 X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
197 X509V3_conf_err(val);
198 goto err;
199 }
200 if (!tmp_data)
201 {
202 X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
203 X509V3_conf_err(val);
204 goto err;
205 }
206 }
207 return 1;
208err:
209 if (free_policy)
210 {
211 ASN1_OCTET_STRING_free(*policy);
212 *policy = NULL;
213 }
214 return 0;
215 }
216
217static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
218 X509V3_CTX *ctx, char *value)
219 {
220 PROXY_CERT_INFO_EXTENSION *pci = NULL;
221 STACK_OF(CONF_VALUE) *vals;
222 ASN1_OBJECT *language = NULL;
223 ASN1_INTEGER *pathlen = NULL;
224 ASN1_OCTET_STRING *policy = NULL;
225 int i, j;
226
227 vals = X509V3_parse_list(value);
228 for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
229 {
230 CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
231 if (!cnf->name || (*cnf->name != '@' && !cnf->value))
232 {
233 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
234 X509V3_conf_err(cnf);
235 goto err;
236 }
237 if (*cnf->name == '@')
238 {
239 STACK_OF(CONF_VALUE) *sect;
240 int success_p = 1;
241
242 sect = X509V3_get_section(ctx, cnf->name + 1);
243 if (!sect)
244 {
245 X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
246 X509V3_conf_err(cnf);
247 goto err;
248 }
249 for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
250 {
251 success_p =
252 process_pci_value(sk_CONF_VALUE_value(sect, j),
253 &language, &pathlen, &policy);
254 }
255 X509V3_section_free(ctx, sect);
256 if (!success_p)
257 goto err;
258 }
259 else
260 {
261 if (!process_pci_value(cnf,
262 &language, &pathlen, &policy))
263 {
264 X509V3_conf_err(cnf);
265 goto err;
266 }
267 }
268 }
269
270 /* Language is mandatory */
271 if (!language)
272 {
273 X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
274 goto err;
275 }
276 i = OBJ_obj2nid(language);
277 if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
278 {
279 X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
280 goto err;
281 }
282
283 pci = PROXY_CERT_INFO_EXTENSION_new();
284 if (!pci)
285 {
286 X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
287 goto err;
288 }
289
290 pci->proxyPolicy->policyLanguage = language; language = NULL;
291 pci->proxyPolicy->policy = policy; policy = NULL;
292 pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
293 goto end;
294err:
295 if (language) { ASN1_OBJECT_free(language); language = NULL; }
296 if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
297 if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
298 if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
299end:
300 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
301 return pci;
302 }
diff --git a/src/lib/libcrypto/x509v3/v3_pcia.c b/src/lib/libcrypto/x509v3/v3_pcia.c
deleted file mode 100644
index bb362e0e5a..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pcia.c
+++ /dev/null
@@ -1,55 +0,0 @@
1/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
2/* Contributed to the OpenSSL Project 2004
3 * by Richard Levitte (richard@levitte.org)
4 */
5/* Copyright (c) 2004 Kungliga Tekniska Högskolan
6 * (Royal Institute of Technology, Stockholm, Sweden).
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * 3. Neither the name of the Institute nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37#include <openssl/asn1.h>
38#include <openssl/asn1t.h>
39#include <openssl/x509v3.h>
40
41ASN1_SEQUENCE(PROXY_POLICY) =
42 {
43 ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
44 ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
45} ASN1_SEQUENCE_END(PROXY_POLICY)
46
47IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
48
49ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
50 {
51 ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
52 ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
53} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
54
55IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
diff --git a/src/lib/libcrypto/x509v3/v3_pcons.c b/src/lib/libcrypto/x509v3/v3_pcons.c
deleted file mode 100644
index 86c0ff70e6..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pcons.c
+++ /dev/null
@@ -1,136 +0,0 @@
1/* v3_pcons.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
68 void *bcons, STACK_OF(CONF_VALUE) *extlist);
69static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
70 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
71
72const X509V3_EXT_METHOD v3_policy_constraints = {
73NID_policy_constraints, 0,
74ASN1_ITEM_ref(POLICY_CONSTRAINTS),
750,0,0,0,
760,0,
77i2v_POLICY_CONSTRAINTS,
78v2i_POLICY_CONSTRAINTS,
79NULL,NULL,
80NULL
81};
82
83ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
84 ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
85 ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
86} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
87
88IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
89
90
91static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
92 void *a, STACK_OF(CONF_VALUE) *extlist)
93{
94 POLICY_CONSTRAINTS *pcons = a;
95 X509V3_add_value_int("Require Explicit Policy",
96 pcons->requireExplicitPolicy, &extlist);
97 X509V3_add_value_int("Inhibit Policy Mapping",
98 pcons->inhibitPolicyMapping, &extlist);
99 return extlist;
100}
101
102static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
103 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
104{
105 POLICY_CONSTRAINTS *pcons=NULL;
106 CONF_VALUE *val;
107 int i;
108 if(!(pcons = POLICY_CONSTRAINTS_new())) {
109 X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
110 return NULL;
111 }
112 for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
113 val = sk_CONF_VALUE_value(values, i);
114 if(!strcmp(val->name, "requireExplicitPolicy")) {
115 if(!X509V3_get_value_int(val,
116 &pcons->requireExplicitPolicy)) goto err;
117 } else if(!strcmp(val->name, "inhibitPolicyMapping")) {
118 if(!X509V3_get_value_int(val,
119 &pcons->inhibitPolicyMapping)) goto err;
120 } else {
121 X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
122 X509V3_conf_err(val);
123 goto err;
124 }
125 }
126 if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
127 X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION);
128 goto err;
129 }
130
131 return pcons;
132 err:
133 POLICY_CONSTRAINTS_free(pcons);
134 return NULL;
135}
136
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
deleted file mode 100644
index 076f3ff48e..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pku.c
+++ /dev/null
@@ -1,108 +0,0 @@
1/* v3_pku.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1.h>
62#include <openssl/asn1t.h>
63#include <openssl/x509v3.h>
64
65static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
66/*
67static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
68*/
69const X509V3_EXT_METHOD v3_pkey_usage_period = {
70NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
710,0,0,0,
720,0,0,0,
73(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
74NULL
75};
76
77ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
78 ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
79 ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
80} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
81
82IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
83
84static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
85 PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
86{
87 BIO_printf(out, "%*s", indent, "");
88 if(usage->notBefore) {
89 BIO_write(out, "Not Before: ", 12);
90 ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
91 if(usage->notAfter) BIO_write(out, ", ", 2);
92 }
93 if(usage->notAfter) {
94 BIO_write(out, "Not After: ", 11);
95 ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
96 }
97 return 1;
98}
99
100/*
101static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
102X509V3_EXT_METHOD *method;
103X509V3_CTX *ctx;
104STACK_OF(CONF_VALUE) *values;
105{
106return NULL;
107}
108*/
diff --git a/src/lib/libcrypto/x509v3/v3_pmaps.c b/src/lib/libcrypto/x509v3/v3_pmaps.c
deleted file mode 100644
index da03bbc35d..0000000000
--- a/src/lib/libcrypto/x509v3/v3_pmaps.c
+++ /dev/null
@@ -1,153 +0,0 @@
1/* v3_pmaps.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1t.h>
63#include <openssl/conf.h>
64#include <openssl/x509v3.h>
65
66static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
69 void *pmps, STACK_OF(CONF_VALUE) *extlist);
70
71const X509V3_EXT_METHOD v3_policy_mappings = {
72 NID_policy_mappings, 0,
73 ASN1_ITEM_ref(POLICY_MAPPINGS),
74 0,0,0,0,
75 0,0,
76 i2v_POLICY_MAPPINGS,
77 v2i_POLICY_MAPPINGS,
78 0,0,
79 NULL
80};
81
82ASN1_SEQUENCE(POLICY_MAPPING) = {
83 ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),
84 ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)
85} ASN1_SEQUENCE_END(POLICY_MAPPING)
86
87ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) =
88 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,
89 POLICY_MAPPING)
90ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
91
92IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
93
94
95static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
96 void *a, STACK_OF(CONF_VALUE) *ext_list)
97{
98 POLICY_MAPPINGS *pmaps = a;
99 POLICY_MAPPING *pmap;
100 int i;
101 char obj_tmp1[80];
102 char obj_tmp2[80];
103 for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
104 pmap = sk_POLICY_MAPPING_value(pmaps, i);
105 i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
106 i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);
107 X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);
108 }
109 return ext_list;
110}
111
112static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
113 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
114{
115 POLICY_MAPPINGS *pmaps;
116 POLICY_MAPPING *pmap;
117 ASN1_OBJECT *obj1, *obj2;
118 CONF_VALUE *val;
119 int i;
120
121 if(!(pmaps = sk_POLICY_MAPPING_new_null())) {
122 X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);
123 return NULL;
124 }
125
126 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
127 val = sk_CONF_VALUE_value(nval, i);
128 if(!val->value || !val->name) {
129 sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
130 X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);
131 X509V3_conf_err(val);
132 return NULL;
133 }
134 obj1 = OBJ_txt2obj(val->name, 0);
135 obj2 = OBJ_txt2obj(val->value, 0);
136 if(!obj1 || !obj2) {
137 sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
138 X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);
139 X509V3_conf_err(val);
140 return NULL;
141 }
142 pmap = POLICY_MAPPING_new();
143 if (!pmap) {
144 sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
145 X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);
146 return NULL;
147 }
148 pmap->issuerDomainPolicy = obj1;
149 pmap->subjectDomainPolicy = obj2;
150 sk_POLICY_MAPPING_push(pmaps, pmap);
151 }
152 return pmaps;
153}
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
deleted file mode 100644
index c1bb17f105..0000000000
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ /dev/null
@@ -1,234 +0,0 @@
1/* v3_prn.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/conf.h>
63#include <openssl/x509v3.h>
64
65/* Extension printing routines */
66
67static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
68
69/* Print out a name+value stack */
70
71void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
72{
73 int i;
74 CONF_VALUE *nval;
75 if(!val) return;
76 if(!ml || !sk_CONF_VALUE_num(val)) {
77 BIO_printf(out, "%*s", indent, "");
78 if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
79 }
80 for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
81 if(ml) BIO_printf(out, "%*s", indent, "");
82 else if(i > 0) BIO_printf(out, ", ");
83 nval = sk_CONF_VALUE_value(val, i);
84 if(!nval->name) BIO_puts(out, nval->value);
85 else if(!nval->value) BIO_puts(out, nval->name);
86#ifndef CHARSET_EBCDIC
87 else BIO_printf(out, "%s:%s", nval->name, nval->value);
88#else
89 else {
90 int len;
91 char *tmp;
92 len = strlen(nval->value)+1;
93 tmp = OPENSSL_malloc(len);
94 if (tmp)
95 {
96 ascii2ebcdic(tmp, nval->value, len);
97 BIO_printf(out, "%s:%s", nval->name, tmp);
98 OPENSSL_free(tmp);
99 }
100 }
101#endif
102 if(ml) BIO_puts(out, "\n");
103 }
104}
105
106/* Main routine: print out a general extension */
107
108int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
109{
110 void *ext_str = NULL;
111 char *value = NULL;
112 const unsigned char *p;
113 X509V3_EXT_METHOD *method;
114 STACK_OF(CONF_VALUE) *nval = NULL;
115 int ok = 1;
116
117 if(!(method = X509V3_EXT_get(ext)))
118 return unknown_ext_print(out, ext, flag, indent, 0);
119 p = ext->value->data;
120 if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
121 else ext_str = method->d2i(NULL, &p, ext->value->length);
122
123 if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
124
125 if(method->i2s) {
126 if(!(value = method->i2s(method, ext_str))) {
127 ok = 0;
128 goto err;
129 }
130#ifndef CHARSET_EBCDIC
131 BIO_printf(out, "%*s%s", indent, "", value);
132#else
133 {
134 int len;
135 char *tmp;
136 len = strlen(value)+1;
137 tmp = OPENSSL_malloc(len);
138 if (tmp)
139 {
140 ascii2ebcdic(tmp, value, len);
141 BIO_printf(out, "%*s%s", indent, "", tmp);
142 OPENSSL_free(tmp);
143 }
144 }
145#endif
146 } else if(method->i2v) {
147 if(!(nval = method->i2v(method, ext_str, NULL))) {
148 ok = 0;
149 goto err;
150 }
151 X509V3_EXT_val_prn(out, nval, indent,
152 method->ext_flags & X509V3_EXT_MULTILINE);
153 } else if(method->i2r) {
154 if(!method->i2r(method, ext_str, out, indent)) ok = 0;
155 } else ok = 0;
156
157 err:
158 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
159 if(value) OPENSSL_free(value);
160 if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
161 else method->ext_free(ext_str);
162 return ok;
163}
164
165int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
166{
167 int i, j;
168
169 if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
170
171 if(title)
172 {
173 BIO_printf(bp,"%*s%s:\n",indent, "", title);
174 indent += 4;
175 }
176
177 for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
178 {
179 ASN1_OBJECT *obj;
180 X509_EXTENSION *ex;
181 ex=sk_X509_EXTENSION_value(exts, i);
182 if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
183 obj=X509_EXTENSION_get_object(ex);
184 i2a_ASN1_OBJECT(bp,obj);
185 j=X509_EXTENSION_get_critical(ex);
186 if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
187 return 0;
188 if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
189 {
190 BIO_printf(bp, "%*s", indent + 4, "");
191 M_ASN1_OCTET_STRING_print(bp,ex->value);
192 }
193 if (BIO_write(bp,"\n",1) <= 0) return 0;
194 }
195 return 1;
196}
197
198static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
199{
200 switch(flag & X509V3_EXT_UNKNOWN_MASK) {
201
202 case X509V3_EXT_DEFAULT:
203 return 0;
204
205 case X509V3_EXT_ERROR_UNKNOWN:
206 if(supported)
207 BIO_printf(out, "%*s<Parse Error>", indent, "");
208 else
209 BIO_printf(out, "%*s<Not Supported>", indent, "");
210 return 1;
211
212 case X509V3_EXT_PARSE_UNKNOWN:
213 return ASN1_parse_dump(out,
214 ext->value->data, ext->value->length, indent, -1);
215 case X509V3_EXT_DUMP_UNKNOWN:
216 return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
217
218 default:
219 return 1;
220 }
221}
222
223
224#ifndef OPENSSL_NO_FP_API
225int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
226{
227 BIO *bio_tmp;
228 int ret;
229 if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
230 ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
231 BIO_free(bio_tmp);
232 return ret;
233}
234#endif
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
deleted file mode 100644
index e18751e01c..0000000000
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ /dev/null
@@ -1,663 +0,0 @@
1/* v3_purp.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/x509v3.h>
62#include <openssl/x509_vfy.h>
63
64static void x509v3_cache_extensions(X509 *x);
65
66static int check_ssl_ca(const X509 *x);
67static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
68static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
69static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
70static int purpose_smime(const X509 *x, int ca);
71static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
72static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
73static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
74static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
75static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
76
77static int xp_cmp(const X509_PURPOSE * const *a,
78 const X509_PURPOSE * const *b);
79static void xptable_free(X509_PURPOSE *p);
80
81static X509_PURPOSE xstandard[] = {
82 {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
83 {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
84 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
85 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
86 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
87 {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
88 {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
89 {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
90};
91
92#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
93
94IMPLEMENT_STACK_OF(X509_PURPOSE)
95
96static STACK_OF(X509_PURPOSE) *xptable = NULL;
97
98static int xp_cmp(const X509_PURPOSE * const *a,
99 const X509_PURPOSE * const *b)
100{
101 return (*a)->purpose - (*b)->purpose;
102}
103
104/* As much as I'd like to make X509_check_purpose use a "const" X509*
105 * I really can't because it does recalculate hashes and do other non-const
106 * things. */
107int X509_check_purpose(X509 *x, int id, int ca)
108{
109 int idx;
110 const X509_PURPOSE *pt;
111 if(!(x->ex_flags & EXFLAG_SET)) {
112 CRYPTO_w_lock(CRYPTO_LOCK_X509);
113 x509v3_cache_extensions(x);
114 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
115 }
116 if(id == -1) return 1;
117 idx = X509_PURPOSE_get_by_id(id);
118 if(idx == -1) return -1;
119 pt = X509_PURPOSE_get0(idx);
120 return pt->check_purpose(pt, x, ca);
121}
122
123int X509_PURPOSE_set(int *p, int purpose)
124{
125 if(X509_PURPOSE_get_by_id(purpose) == -1) {
126 X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
127 return 0;
128 }
129 *p = purpose;
130 return 1;
131}
132
133int X509_PURPOSE_get_count(void)
134{
135 if(!xptable) return X509_PURPOSE_COUNT;
136 return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
137}
138
139X509_PURPOSE * X509_PURPOSE_get0(int idx)
140{
141 if(idx < 0) return NULL;
142 if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx;
143 return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
144}
145
146int X509_PURPOSE_get_by_sname(char *sname)
147{
148 int i;
149 X509_PURPOSE *xptmp;
150 for(i = 0; i < X509_PURPOSE_get_count(); i++) {
151 xptmp = X509_PURPOSE_get0(i);
152 if(!strcmp(xptmp->sname, sname)) return i;
153 }
154 return -1;
155}
156
157int X509_PURPOSE_get_by_id(int purpose)
158{
159 X509_PURPOSE tmp;
160 int idx;
161 if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
162 return purpose - X509_PURPOSE_MIN;
163 tmp.purpose = purpose;
164 if(!xptable) return -1;
165 idx = sk_X509_PURPOSE_find(xptable, &tmp);
166 if(idx == -1) return -1;
167 return idx + X509_PURPOSE_COUNT;
168}
169
170int X509_PURPOSE_add(int id, int trust, int flags,
171 int (*ck)(const X509_PURPOSE *, const X509 *, int),
172 char *name, char *sname, void *arg)
173{
174 int idx;
175 X509_PURPOSE *ptmp;
176 /* This is set according to what we change: application can't set it */
177 flags &= ~X509_PURPOSE_DYNAMIC;
178 /* This will always be set for application modified trust entries */
179 flags |= X509_PURPOSE_DYNAMIC_NAME;
180 /* Get existing entry if any */
181 idx = X509_PURPOSE_get_by_id(id);
182 /* Need a new entry */
183 if(idx == -1) {
184 if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
185 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
186 return 0;
187 }
188 ptmp->flags = X509_PURPOSE_DYNAMIC;
189 } else ptmp = X509_PURPOSE_get0(idx);
190
191 /* OPENSSL_free existing name if dynamic */
192 if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
193 OPENSSL_free(ptmp->name);
194 OPENSSL_free(ptmp->sname);
195 }
196 /* dup supplied name */
197 ptmp->name = BUF_strdup(name);
198 ptmp->sname = BUF_strdup(sname);
199 if(!ptmp->name || !ptmp->sname) {
200 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
201 return 0;
202 }
203 /* Keep the dynamic flag of existing entry */
204 ptmp->flags &= X509_PURPOSE_DYNAMIC;
205 /* Set all other flags */
206 ptmp->flags |= flags;
207
208 ptmp->purpose = id;
209 ptmp->trust = trust;
210 ptmp->check_purpose = ck;
211 ptmp->usr_data = arg;
212
213 /* If its a new entry manage the dynamic table */
214 if(idx == -1) {
215 if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
216 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
217 return 0;
218 }
219 if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
220 X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
221 return 0;
222 }
223 }
224 return 1;
225}
226
227static void xptable_free(X509_PURPOSE *p)
228 {
229 if(!p) return;
230 if (p->flags & X509_PURPOSE_DYNAMIC)
231 {
232 if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
233 OPENSSL_free(p->name);
234 OPENSSL_free(p->sname);
235 }
236 OPENSSL_free(p);
237 }
238 }
239
240void X509_PURPOSE_cleanup(void)
241{
242 unsigned int i;
243 sk_X509_PURPOSE_pop_free(xptable, xptable_free);
244 for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
245 xptable = NULL;
246}
247
248int X509_PURPOSE_get_id(X509_PURPOSE *xp)
249{
250 return xp->purpose;
251}
252
253char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
254{
255 return xp->name;
256}
257
258char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
259{
260 return xp->sname;
261}
262
263int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
264{
265 return xp->trust;
266}
267
268static int nid_cmp(int *a, int *b)
269 {
270 return *a - *b;
271 }
272
273int X509_supported_extension(X509_EXTENSION *ex)
274 {
275 /* This table is a list of the NIDs of supported extensions:
276 * that is those which are used by the verify process. If
277 * an extension is critical and doesn't appear in this list
278 * then the verify process will normally reject the certificate.
279 * The list must be kept in numerical order because it will be
280 * searched using bsearch.
281 */
282
283 static int supported_nids[] = {
284 NID_netscape_cert_type, /* 71 */
285 NID_key_usage, /* 83 */
286 NID_subject_alt_name, /* 85 */
287 NID_basic_constraints, /* 87 */
288 NID_certificate_policies, /* 89 */
289 NID_ext_key_usage, /* 126 */
290#ifndef OPENSSL_NO_RFC3779
291 NID_sbgp_ipAddrBlock, /* 290 */
292 NID_sbgp_autonomousSysNum, /* 291 */
293#endif
294 NID_policy_constraints, /* 401 */
295 NID_proxyCertInfo, /* 661 */
296 NID_inhibit_any_policy /* 748 */
297 };
298
299 int ex_nid;
300
301 ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
302
303 if (ex_nid == NID_undef)
304 return 0;
305
306 if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
307 sizeof(supported_nids)/sizeof(int), sizeof(int),
308 (int (*)(const void *, const void *))nid_cmp))
309 return 1;
310 return 0;
311 }
312
313
314static void x509v3_cache_extensions(X509 *x)
315{
316 BASIC_CONSTRAINTS *bs;
317 PROXY_CERT_INFO_EXTENSION *pci;
318 ASN1_BIT_STRING *usage;
319 ASN1_BIT_STRING *ns;
320 EXTENDED_KEY_USAGE *extusage;
321 X509_EXTENSION *ex;
322
323 int i;
324 if(x->ex_flags & EXFLAG_SET) return;
325#ifndef OPENSSL_NO_SHA
326 X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
327#endif
328 /* Does subject name match issuer ? */
329 if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
330 x->ex_flags |= EXFLAG_SI;
331 /* V1 should mean no extensions ... */
332 if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
333 /* Handle basic constraints */
334 if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
335 if(bs->ca) x->ex_flags |= EXFLAG_CA;
336 if(bs->pathlen) {
337 if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
338 || !bs->ca) {
339 x->ex_flags |= EXFLAG_INVALID;
340 x->ex_pathlen = 0;
341 } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
342 } else x->ex_pathlen = -1;
343 BASIC_CONSTRAINTS_free(bs);
344 x->ex_flags |= EXFLAG_BCONS;
345 }
346 /* Handle proxy certificates */
347 if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
348 if (x->ex_flags & EXFLAG_CA
349 || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
350 || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
351 x->ex_flags |= EXFLAG_INVALID;
352 }
353 if (pci->pcPathLengthConstraint) {
354 x->ex_pcpathlen =
355 ASN1_INTEGER_get(pci->pcPathLengthConstraint);
356 } else x->ex_pcpathlen = -1;
357 PROXY_CERT_INFO_EXTENSION_free(pci);
358 x->ex_flags |= EXFLAG_PROXY;
359 }
360 /* Handle key usage */
361 if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
362 if(usage->length > 0) {
363 x->ex_kusage = usage->data[0];
364 if(usage->length > 1)
365 x->ex_kusage |= usage->data[1] << 8;
366 } else x->ex_kusage = 0;
367 x->ex_flags |= EXFLAG_KUSAGE;
368 ASN1_BIT_STRING_free(usage);
369 }
370 x->ex_xkusage = 0;
371 if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
372 x->ex_flags |= EXFLAG_XKUSAGE;
373 for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
374 switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
375 case NID_server_auth:
376 x->ex_xkusage |= XKU_SSL_SERVER;
377 break;
378
379 case NID_client_auth:
380 x->ex_xkusage |= XKU_SSL_CLIENT;
381 break;
382
383 case NID_email_protect:
384 x->ex_xkusage |= XKU_SMIME;
385 break;
386
387 case NID_code_sign:
388 x->ex_xkusage |= XKU_CODE_SIGN;
389 break;
390
391 case NID_ms_sgc:
392 case NID_ns_sgc:
393 x->ex_xkusage |= XKU_SGC;
394 break;
395
396 case NID_OCSP_sign:
397 x->ex_xkusage |= XKU_OCSP_SIGN;
398 break;
399
400 case NID_time_stamp:
401 x->ex_xkusage |= XKU_TIMESTAMP;
402 break;
403
404 case NID_dvcs:
405 x->ex_xkusage |= XKU_DVCS;
406 break;
407 }
408 }
409 sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
410 }
411
412 if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
413 if(ns->length > 0) x->ex_nscert = ns->data[0];
414 else x->ex_nscert = 0;
415 x->ex_flags |= EXFLAG_NSCERT;
416 ASN1_BIT_STRING_free(ns);
417 }
418 x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
419 x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
420#ifndef OPENSSL_NO_RFC3779
421 x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
422 x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
423 NULL, NULL);
424#endif
425 for (i = 0; i < X509_get_ext_count(x); i++)
426 {
427 ex = X509_get_ext(x, i);
428 if (!X509_EXTENSION_get_critical(ex))
429 continue;
430 if (!X509_supported_extension(ex))
431 {
432 x->ex_flags |= EXFLAG_CRITICAL;
433 break;
434 }
435 }
436 x->ex_flags |= EXFLAG_SET;
437}
438
439/* CA checks common to all purposes
440 * return codes:
441 * 0 not a CA
442 * 1 is a CA
443 * 2 basicConstraints absent so "maybe" a CA
444 * 3 basicConstraints absent but self signed V1.
445 * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
446 */
447
448#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
449#define ku_reject(x, usage) \
450 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
451#define xku_reject(x, usage) \
452 (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
453#define ns_reject(x, usage) \
454 (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
455
456static int check_ca(const X509 *x)
457{
458 /* keyUsage if present should allow cert signing */
459 if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
460 if(x->ex_flags & EXFLAG_BCONS) {
461 if(x->ex_flags & EXFLAG_CA) return 1;
462 /* If basicConstraints says not a CA then say so */
463 else return 0;
464 } else {
465 /* we support V1 roots for... uh, I don't really know why. */
466 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
467 /* If key usage present it must have certSign so tolerate it */
468 else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
469 /* Older certificates could have Netscape-specific CA types */
470 else if (x->ex_flags & EXFLAG_NSCERT
471 && x->ex_nscert & NS_ANY_CA) return 5;
472 /* can this still be regarded a CA certificate? I doubt it */
473 return 0;
474 }
475}
476
477int X509_check_ca(X509 *x)
478{
479 if(!(x->ex_flags & EXFLAG_SET)) {
480 CRYPTO_w_lock(CRYPTO_LOCK_X509);
481 x509v3_cache_extensions(x);
482 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
483 }
484
485 return check_ca(x);
486}
487
488/* Check SSL CA: common checks for SSL client and server */
489static int check_ssl_ca(const X509 *x)
490{
491 int ca_ret;
492 ca_ret = check_ca(x);
493 if(!ca_ret) return 0;
494 /* check nsCertType if present */
495 if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret;
496 else return 0;
497}
498
499
500static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
501{
502 if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
503 if(ca) return check_ssl_ca(x);
504 /* We need to do digital signatures with it */
505 if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
506 /* nsCertType if present should allow SSL client use */
507 if(ns_reject(x, NS_SSL_CLIENT)) return 0;
508 return 1;
509}
510
511static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
512{
513 if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
514 if(ca) return check_ssl_ca(x);
515
516 if(ns_reject(x, NS_SSL_SERVER)) return 0;
517 /* Now as for keyUsage: we'll at least need to sign OR encipher */
518 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
519
520 return 1;
521
522}
523
524static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
525{
526 int ret;
527 ret = check_purpose_ssl_server(xp, x, ca);
528 if(!ret || ca) return ret;
529 /* We need to encipher or Netscape complains */
530 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
531 return ret;
532}
533
534/* common S/MIME checks */
535static int purpose_smime(const X509 *x, int ca)
536{
537 if(xku_reject(x,XKU_SMIME)) return 0;
538 if(ca) {
539 int ca_ret;
540 ca_ret = check_ca(x);
541 if(!ca_ret) return 0;
542 /* check nsCertType if present */
543 if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret;
544 else return 0;
545 }
546 if(x->ex_flags & EXFLAG_NSCERT) {
547 if(x->ex_nscert & NS_SMIME) return 1;
548 /* Workaround for some buggy certificates */
549 if(x->ex_nscert & NS_SSL_CLIENT) return 2;
550 return 0;
551 }
552 return 1;
553}
554
555static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
556{
557 int ret;
558 ret = purpose_smime(x, ca);
559 if(!ret || ca) return ret;
560 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
561 return ret;
562}
563
564static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
565{
566 int ret;
567 ret = purpose_smime(x, ca);
568 if(!ret || ca) return ret;
569 if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
570 return ret;
571}
572
573static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
574{
575 if(ca) {
576 int ca_ret;
577 if((ca_ret = check_ca(x)) != 2) return ca_ret;
578 else return 0;
579 }
580 if(ku_reject(x, KU_CRL_SIGN)) return 0;
581 return 1;
582}
583
584/* OCSP helper: this is *not* a full OCSP check. It just checks that
585 * each CA is valid. Additional checks must be made on the chain.
586 */
587
588static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
589{
590 /* Must be a valid CA. Should we really support the "I don't know"
591 value (2)? */
592 if(ca) return check_ca(x);
593 /* leaf certificate is checked in OCSP_verify() */
594 return 1;
595}
596
597static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
598{
599 return 1;
600}
601
602/* Various checks to see if one certificate issued the second.
603 * This can be used to prune a set of possible issuer certificates
604 * which have been looked up using some simple method such as by
605 * subject name.
606 * These are:
607 * 1. Check issuer_name(subject) == subject_name(issuer)
608 * 2. If akid(subject) exists check it matches issuer
609 * 3. If key_usage(issuer) exists check it supports certificate signing
610 * returns 0 for OK, positive for reason for mismatch, reasons match
611 * codes for X509_verify_cert()
612 */
613
614int X509_check_issued(X509 *issuer, X509 *subject)
615{
616 if(X509_NAME_cmp(X509_get_subject_name(issuer),
617 X509_get_issuer_name(subject)))
618 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
619 x509v3_cache_extensions(issuer);
620 x509v3_cache_extensions(subject);
621 if(subject->akid) {
622 /* Check key ids (if present) */
623 if(subject->akid->keyid && issuer->skid &&
624 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
625 return X509_V_ERR_AKID_SKID_MISMATCH;
626 /* Check serial number */
627 if(subject->akid->serial &&
628 ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
629 subject->akid->serial))
630 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
631 /* Check issuer name */
632 if(subject->akid->issuer) {
633 /* Ugh, for some peculiar reason AKID includes
634 * SEQUENCE OF GeneralName. So look for a DirName.
635 * There may be more than one but we only take any
636 * notice of the first.
637 */
638 GENERAL_NAMES *gens;
639 GENERAL_NAME *gen;
640 X509_NAME *nm = NULL;
641 int i;
642 gens = subject->akid->issuer;
643 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
644 gen = sk_GENERAL_NAME_value(gens, i);
645 if(gen->type == GEN_DIRNAME) {
646 nm = gen->d.dirn;
647 break;
648 }
649 }
650 if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
651 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
652 }
653 }
654 if(subject->ex_flags & EXFLAG_PROXY)
655 {
656 if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
657 return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
658 }
659 else if(ku_reject(issuer, KU_KEY_CERT_SIGN))
660 return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
661 return X509_V_OK;
662}
663
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
deleted file mode 100644
index 202c9e4896..0000000000
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ /dev/null
@@ -1,144 +0,0 @@
1/* v3_skey.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/x509v3.h>
63
64static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
65const X509V3_EXT_METHOD v3_skey_id = {
66NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
670,0,0,0,
68(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
69(X509V3_EXT_S2I)s2i_skey_id,
700,0,0,0,
71NULL};
72
73char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
74 ASN1_OCTET_STRING *oct)
75{
76 return hex_to_string(oct->data, oct->length);
77}
78
79ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
80 X509V3_CTX *ctx, char *str)
81{
82 ASN1_OCTET_STRING *oct;
83 long length;
84
85 if(!(oct = M_ASN1_OCTET_STRING_new())) {
86 X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89
90 if(!(oct->data = string_to_hex(str, &length))) {
91 M_ASN1_OCTET_STRING_free(oct);
92 return NULL;
93 }
94
95 oct->length = length;
96
97 return oct;
98
99}
100
101static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
102 X509V3_CTX *ctx, char *str)
103{
104 ASN1_OCTET_STRING *oct;
105 ASN1_BIT_STRING *pk;
106 unsigned char pkey_dig[EVP_MAX_MD_SIZE];
107 unsigned int diglen;
108
109 if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
110
111 if(!(oct = M_ASN1_OCTET_STRING_new())) {
112 X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
113 return NULL;
114 }
115
116 if(ctx && (ctx->flags == CTX_TEST)) return oct;
117
118 if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
119 X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
120 goto err;
121 }
122
123 if(ctx->subject_req)
124 pk = ctx->subject_req->req_info->pubkey->public_key;
125 else pk = ctx->subject_cert->cert_info->key->public_key;
126
127 if(!pk) {
128 X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
129 goto err;
130 }
131
132 EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
133
134 if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
135 X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
136 goto err;
137 }
138
139 return oct;
140
141 err:
142 M_ASN1_OCTET_STRING_free(oct);
143 return NULL;
144}
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
deleted file mode 100644
index 2a6bf11b65..0000000000
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ /dev/null
@@ -1,262 +0,0 @@
1/* v3_sxnet.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/conf.h>
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/x509v3.h>
65
66/* Support for Thawte strong extranet extension */
67
68#define SXNET_TEST
69
70static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
71#ifdef SXNET_TEST
72static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *nval);
74#endif
75const X509V3_EXT_METHOD v3_sxnet = {
76NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
770,0,0,0,
780,0,
790,
80#ifdef SXNET_TEST
81(X509V3_EXT_V2I)sxnet_v2i,
82#else
830,
84#endif
85(X509V3_EXT_I2R)sxnet_i2r,
860,
87NULL
88};
89
90ASN1_SEQUENCE(SXNETID) = {
91 ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
92 ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
93} ASN1_SEQUENCE_END(SXNETID)
94
95IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
96
97ASN1_SEQUENCE(SXNET) = {
98 ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
99 ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
100} ASN1_SEQUENCE_END(SXNET)
101
102IMPLEMENT_ASN1_FUNCTIONS(SXNET)
103
104static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
105 int indent)
106{
107 long v;
108 char *tmp;
109 SXNETID *id;
110 int i;
111 v = ASN1_INTEGER_get(sx->version);
112 BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
113 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
114 id = sk_SXNETID_value(sx->ids, i);
115 tmp = i2s_ASN1_INTEGER(NULL, id->zone);
116 BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
117 OPENSSL_free(tmp);
118 M_ASN1_OCTET_STRING_print(out, id->user);
119 }
120 return 1;
121}
122
123#ifdef SXNET_TEST
124
125/* NBB: this is used for testing only. It should *not* be used for anything
126 * else because it will just take static IDs from the configuration file and
127 * they should really be separate values for each user.
128 */
129
130
131static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
132 STACK_OF(CONF_VALUE) *nval)
133{
134 CONF_VALUE *cnf;
135 SXNET *sx = NULL;
136 int i;
137 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
138 cnf = sk_CONF_VALUE_value(nval, i);
139 if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
140 return NULL;
141 }
142 return sx;
143}
144
145
146#endif
147
148/* Strong Extranet utility functions */
149
150/* Add an id given the zone as an ASCII number */
151
152int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
153 int userlen)
154{
155 ASN1_INTEGER *izone = NULL;
156 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
157 X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
158 return 0;
159 }
160 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
161}
162
163/* Add an id given the zone as an unsigned long */
164
165int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
166 int userlen)
167{
168 ASN1_INTEGER *izone = NULL;
169 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
170 X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
171 M_ASN1_INTEGER_free(izone);
172 return 0;
173 }
174 return SXNET_add_id_INTEGER(psx, izone, user, userlen);
175
176}
177
178/* Add an id given the zone as an ASN1_INTEGER.
179 * Note this version uses the passed integer and doesn't make a copy so don't
180 * free it up afterwards.
181 */
182
183int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
184 int userlen)
185{
186 SXNET *sx = NULL;
187 SXNETID *id = NULL;
188 if(!psx || !zone || !user) {
189 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
190 return 0;
191 }
192 if(userlen == -1) userlen = strlen(user);
193 if(userlen > 64) {
194 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
195 return 0;
196 }
197 if(!*psx) {
198 if(!(sx = SXNET_new())) goto err;
199 if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
200 *psx = sx;
201 } else sx = *psx;
202 if(SXNET_get_id_INTEGER(sx, zone)) {
203 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
204 return 0;
205 }
206
207 if(!(id = SXNETID_new())) goto err;
208 if(userlen == -1) userlen = strlen(user);
209
210 if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
211 if(!sk_SXNETID_push(sx->ids, id)) goto err;
212 id->zone = zone;
213 return 1;
214
215 err:
216 X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
217 SXNETID_free(id);
218 SXNET_free(sx);
219 *psx = NULL;
220 return 0;
221}
222
223ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
224{
225 ASN1_INTEGER *izone = NULL;
226 ASN1_OCTET_STRING *oct;
227 if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
228 X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
229 return NULL;
230 }
231 oct = SXNET_get_id_INTEGER(sx, izone);
232 M_ASN1_INTEGER_free(izone);
233 return oct;
234}
235
236ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
237{
238 ASN1_INTEGER *izone = NULL;
239 ASN1_OCTET_STRING *oct;
240 if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
241 X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
242 M_ASN1_INTEGER_free(izone);
243 return NULL;
244 }
245 oct = SXNET_get_id_INTEGER(sx, izone);
246 M_ASN1_INTEGER_free(izone);
247 return oct;
248}
249
250ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
251{
252 SXNETID *id;
253 int i;
254 for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
255 id = sk_SXNETID_value(sx->ids, i);
256 if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
257 }
258 return NULL;
259}
260
261IMPLEMENT_STACK_OF(SXNETID)
262IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
deleted file mode 100644
index 2cb53008e3..0000000000
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ /dev/null
@@ -1,871 +0,0 @@
1/* v3_utl.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* X509 v3 extension utilities */
59
60
61#include <stdio.h>
62#include <ctype.h>
63#include "cryptlib.h"
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66#include <openssl/bn.h>
67
68static char *strip_spaces(char *name);
69static int sk_strcmp(const char * const *a, const char * const *b);
70static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
71static void str_free(void *str);
72static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
73
74static int ipv4_from_asc(unsigned char *v4, const char *in);
75static int ipv6_from_asc(unsigned char *v6, const char *in);
76static int ipv6_cb(const char *elem, int len, void *usr);
77static int ipv6_hex(unsigned char *out, const char *in, int inlen);
78
79/* Add a CONF_VALUE name value pair to stack */
80
81int X509V3_add_value(const char *name, const char *value,
82 STACK_OF(CONF_VALUE) **extlist)
83{
84 CONF_VALUE *vtmp = NULL;
85 char *tname = NULL, *tvalue = NULL;
86 if(name && !(tname = BUF_strdup(name))) goto err;
87 if(value && !(tvalue = BUF_strdup(value))) goto err;
88 if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
89 if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
90 vtmp->section = NULL;
91 vtmp->name = tname;
92 vtmp->value = tvalue;
93 if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
94 return 1;
95 err:
96 X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
97 if(vtmp) OPENSSL_free(vtmp);
98 if(tname) OPENSSL_free(tname);
99 if(tvalue) OPENSSL_free(tvalue);
100 return 0;
101}
102
103int X509V3_add_value_uchar(const char *name, const unsigned char *value,
104 STACK_OF(CONF_VALUE) **extlist)
105 {
106 return X509V3_add_value(name,(const char *)value,extlist);
107 }
108
109/* Free function for STACK_OF(CONF_VALUE) */
110
111void X509V3_conf_free(CONF_VALUE *conf)
112{
113 if(!conf) return;
114 if(conf->name) OPENSSL_free(conf->name);
115 if(conf->value) OPENSSL_free(conf->value);
116 if(conf->section) OPENSSL_free(conf->section);
117 OPENSSL_free(conf);
118}
119
120int X509V3_add_value_bool(const char *name, int asn1_bool,
121 STACK_OF(CONF_VALUE) **extlist)
122{
123 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
124 return X509V3_add_value(name, "FALSE", extlist);
125}
126
127int X509V3_add_value_bool_nf(char *name, int asn1_bool,
128 STACK_OF(CONF_VALUE) **extlist)
129{
130 if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
131 return 1;
132}
133
134
135char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
136{
137 BIGNUM *bntmp = NULL;
138 char *strtmp = NULL;
139 if(!a) return NULL;
140 if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
141 !(strtmp = BN_bn2dec(bntmp)) )
142 X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
143 BN_free(bntmp);
144 return strtmp;
145}
146
147char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
148{
149 BIGNUM *bntmp = NULL;
150 char *strtmp = NULL;
151 if(!a) return NULL;
152 if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
153 !(strtmp = BN_bn2dec(bntmp)) )
154 X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
155 BN_free(bntmp);
156 return strtmp;
157}
158
159ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
160{
161 BIGNUM *bn = NULL;
162 ASN1_INTEGER *aint;
163 int isneg, ishex;
164 int ret;
165 if (!value) {
166 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
167 return 0;
168 }
169 bn = BN_new();
170 if (value[0] == '-') {
171 value++;
172 isneg = 1;
173 } else isneg = 0;
174
175 if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
176 value += 2;
177 ishex = 1;
178 } else ishex = 0;
179
180 if (ishex) ret = BN_hex2bn(&bn, value);
181 else ret = BN_dec2bn(&bn, value);
182
183 if (!ret || value[ret]) {
184 BN_free(bn);
185 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
186 return 0;
187 }
188
189 if (isneg && BN_is_zero(bn)) isneg = 0;
190
191 aint = BN_to_ASN1_INTEGER(bn, NULL);
192 BN_free(bn);
193 if (!aint) {
194 X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
195 return 0;
196 }
197 if (isneg) aint->type |= V_ASN1_NEG;
198 return aint;
199}
200
201int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
202 STACK_OF(CONF_VALUE) **extlist)
203{
204 char *strtmp;
205 int ret;
206 if(!aint) return 1;
207 if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
208 ret = X509V3_add_value(name, strtmp, extlist);
209 OPENSSL_free(strtmp);
210 return ret;
211}
212
213int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
214{
215 char *btmp;
216 if(!(btmp = value->value)) goto err;
217 if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
218 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
219 || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
220 *asn1_bool = 0xff;
221 return 1;
222 } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
223 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
224 || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
225 *asn1_bool = 0;
226 return 1;
227 }
228 err:
229 X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
230 X509V3_conf_err(value);
231 return 0;
232}
233
234int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
235{
236 ASN1_INTEGER *itmp;
237 if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
238 X509V3_conf_err(value);
239 return 0;
240 }
241 *aint = itmp;
242 return 1;
243}
244
245#define HDR_NAME 1
246#define HDR_VALUE 2
247
248/*#define DEBUG*/
249
250STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
251{
252 char *p, *q, c;
253 char *ntmp, *vtmp;
254 STACK_OF(CONF_VALUE) *values = NULL;
255 char *linebuf;
256 int state;
257 /* We are going to modify the line so copy it first */
258 linebuf = BUF_strdup(line);
259 state = HDR_NAME;
260 ntmp = NULL;
261 /* Go through all characters */
262 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
263
264 switch(state) {
265 case HDR_NAME:
266 if(c == ':') {
267 state = HDR_VALUE;
268 *p = 0;
269 ntmp = strip_spaces(q);
270 if(!ntmp) {
271 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
272 goto err;
273 }
274 q = p + 1;
275 } else if(c == ',') {
276 *p = 0;
277 ntmp = strip_spaces(q);
278 q = p + 1;
279#if 0
280 printf("%s\n", ntmp);
281#endif
282 if(!ntmp) {
283 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
284 goto err;
285 }
286 X509V3_add_value(ntmp, NULL, &values);
287 }
288 break ;
289
290 case HDR_VALUE:
291 if(c == ',') {
292 state = HDR_NAME;
293 *p = 0;
294 vtmp = strip_spaces(q);
295#if 0
296 printf("%s\n", ntmp);
297#endif
298 if(!vtmp) {
299 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
300 goto err;
301 }
302 X509V3_add_value(ntmp, vtmp, &values);
303 ntmp = NULL;
304 q = p + 1;
305 }
306
307 }
308 }
309
310 if(state == HDR_VALUE) {
311 vtmp = strip_spaces(q);
312#if 0
313 printf("%s=%s\n", ntmp, vtmp);
314#endif
315 if(!vtmp) {
316 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
317 goto err;
318 }
319 X509V3_add_value(ntmp, vtmp, &values);
320 } else {
321 ntmp = strip_spaces(q);
322#if 0
323 printf("%s\n", ntmp);
324#endif
325 if(!ntmp) {
326 X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
327 goto err;
328 }
329 X509V3_add_value(ntmp, NULL, &values);
330 }
331OPENSSL_free(linebuf);
332return values;
333
334err:
335OPENSSL_free(linebuf);
336sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
337return NULL;
338
339}
340
341/* Delete leading and trailing spaces from a string */
342static char *strip_spaces(char *name)
343{
344 char *p, *q;
345 /* Skip over leading spaces */
346 p = name;
347 while(isspace((unsigned char)*p)) p++;
348 if(!*p) return NULL;
349 q = p + strlen(p) - 1;
350 while((q != p) && isspace((unsigned char)*q)) q--;
351 if(p != q) q[1] = 0;
352 if(!*p) return NULL;
353 return p;
354}
355
356/* hex string utilities */
357
358/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
359 * hex representation
360 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
361 */
362
363char *hex_to_string(unsigned char *buffer, long len)
364{
365 char *tmp, *q;
366 unsigned char *p;
367 int i;
368 const static char hexdig[] = "0123456789ABCDEF";
369 if(!buffer || !len) return NULL;
370 if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
371 X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
372 return NULL;
373 }
374 q = tmp;
375 for(i = 0, p = buffer; i < len; i++,p++) {
376 *q++ = hexdig[(*p >> 4) & 0xf];
377 *q++ = hexdig[*p & 0xf];
378 *q++ = ':';
379 }
380 q[-1] = 0;
381#ifdef CHARSET_EBCDIC
382 ebcdic2ascii(tmp, tmp, q - tmp - 1);
383#endif
384
385 return tmp;
386}
387
388/* Give a string of hex digits convert to
389 * a buffer
390 */
391
392unsigned char *string_to_hex(char *str, long *len)
393{
394 unsigned char *hexbuf, *q;
395 unsigned char ch, cl, *p;
396 if(!str) {
397 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
398 return NULL;
399 }
400 if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
401 for(p = (unsigned char *)str, q = hexbuf; *p;) {
402 ch = *p++;
403#ifdef CHARSET_EBCDIC
404 ch = os_toebcdic[ch];
405#endif
406 if(ch == ':') continue;
407 cl = *p++;
408#ifdef CHARSET_EBCDIC
409 cl = os_toebcdic[cl];
410#endif
411 if(!cl) {
412 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
413 OPENSSL_free(hexbuf);
414 return NULL;
415 }
416 if(isupper(ch)) ch = tolower(ch);
417 if(isupper(cl)) cl = tolower(cl);
418
419 if((ch >= '0') && (ch <= '9')) ch -= '0';
420 else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
421 else goto badhex;
422
423 if((cl >= '0') && (cl <= '9')) cl -= '0';
424 else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
425 else goto badhex;
426
427 *q++ = (ch << 4) | cl;
428 }
429
430 if(len) *len = q - hexbuf;
431
432 return hexbuf;
433
434 err:
435 if(hexbuf) OPENSSL_free(hexbuf);
436 X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
437 return NULL;
438
439 badhex:
440 OPENSSL_free(hexbuf);
441 X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
442 return NULL;
443
444}
445
446/* V2I name comparison function: returns zero if 'name' matches
447 * cmp or cmp.*
448 */
449
450int name_cmp(const char *name, const char *cmp)
451{
452 int len, ret;
453 char c;
454 len = strlen(cmp);
455 if((ret = strncmp(name, cmp, len))) return ret;
456 c = name[len];
457 if(!c || (c=='.')) return 0;
458 return 1;
459}
460
461static int sk_strcmp(const char * const *a, const char * const *b)
462{
463 return strcmp(*a, *b);
464}
465
466STACK *X509_get1_email(X509 *x)
467{
468 GENERAL_NAMES *gens;
469 STACK *ret;
470 gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
471 ret = get_email(X509_get_subject_name(x), gens);
472 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
473 return ret;
474}
475
476STACK *X509_get1_ocsp(X509 *x)
477{
478 AUTHORITY_INFO_ACCESS *info;
479 STACK *ret = NULL;
480 int i;
481 info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
482 if (!info)
483 return NULL;
484 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++)
485 {
486 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
487 if (OBJ_obj2nid(ad->method) == NID_ad_OCSP)
488 {
489 if (ad->location->type == GEN_URI)
490 {
491 if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
492 break;
493 }
494 }
495 }
496 AUTHORITY_INFO_ACCESS_free(info);
497 return ret;
498}
499
500STACK *X509_REQ_get1_email(X509_REQ *x)
501{
502 GENERAL_NAMES *gens;
503 STACK_OF(X509_EXTENSION) *exts;
504 STACK *ret;
505 exts = X509_REQ_get_extensions(x);
506 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
507 ret = get_email(X509_REQ_get_subject_name(x), gens);
508 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
509 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
510 return ret;
511}
512
513
514static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
515{
516 STACK *ret = NULL;
517 X509_NAME_ENTRY *ne;
518 ASN1_IA5STRING *email;
519 GENERAL_NAME *gen;
520 int i;
521 /* Now add any email address(es) to STACK */
522 i = -1;
523 /* First supplied X509_NAME */
524 while((i = X509_NAME_get_index_by_NID(name,
525 NID_pkcs9_emailAddress, i)) >= 0) {
526 ne = X509_NAME_get_entry(name, i);
527 email = X509_NAME_ENTRY_get_data(ne);
528 if(!append_ia5(&ret, email)) return NULL;
529 }
530 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
531 {
532 gen = sk_GENERAL_NAME_value(gens, i);
533 if(gen->type != GEN_EMAIL) continue;
534 if(!append_ia5(&ret, gen->d.ia5)) return NULL;
535 }
536 return ret;
537}
538
539static void str_free(void *str)
540{
541 OPENSSL_free(str);
542}
543
544static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
545{
546 char *emtmp;
547 /* First some sanity checks */
548 if(email->type != V_ASN1_IA5STRING) return 1;
549 if(!email->data || !email->length) return 1;
550 if(!*sk) *sk = sk_new(sk_strcmp);
551 if(!*sk) return 0;
552 /* Don't add duplicates */
553 if(sk_find(*sk, (char *)email->data) != -1) return 1;
554 emtmp = BUF_strdup((char *)email->data);
555 if(!emtmp || !sk_push(*sk, emtmp)) {
556 X509_email_free(*sk);
557 *sk = NULL;
558 return 0;
559 }
560 return 1;
561}
562
563void X509_email_free(STACK *sk)
564{
565 sk_pop_free(sk, str_free);
566}
567
568/* Convert IP addresses both IPv4 and IPv6 into an
569 * OCTET STRING compatible with RFC3280.
570 */
571
572ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
573 {
574 unsigned char ipout[16];
575 ASN1_OCTET_STRING *ret;
576 int iplen;
577
578 /* If string contains a ':' assume IPv6 */
579
580 iplen = a2i_ipadd(ipout, ipasc);
581
582 if (!iplen)
583 return NULL;
584
585 ret = ASN1_OCTET_STRING_new();
586 if (!ret)
587 return NULL;
588 if (!ASN1_OCTET_STRING_set(ret, ipout, iplen))
589 {
590 ASN1_OCTET_STRING_free(ret);
591 return NULL;
592 }
593 return ret;
594 }
595
596ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
597 {
598 ASN1_OCTET_STRING *ret = NULL;
599 unsigned char ipout[32];
600 char *iptmp = NULL, *p;
601 int iplen1, iplen2;
602 p = strchr(ipasc,'/');
603 if (!p)
604 return NULL;
605 iptmp = BUF_strdup(ipasc);
606 if (!iptmp)
607 return NULL;
608 p = iptmp + (p - ipasc);
609 *p++ = 0;
610
611 iplen1 = a2i_ipadd(ipout, iptmp);
612
613 if (!iplen1)
614 goto err;
615
616 iplen2 = a2i_ipadd(ipout + iplen1, p);
617
618 OPENSSL_free(iptmp);
619 iptmp = NULL;
620
621 if (!iplen2 || (iplen1 != iplen2))
622 goto err;
623
624 ret = ASN1_OCTET_STRING_new();
625 if (!ret)
626 goto err;
627 if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
628 goto err;
629
630 return ret;
631
632 err:
633 if (iptmp)
634 OPENSSL_free(iptmp);
635 if (ret)
636 ASN1_OCTET_STRING_free(ret);
637 return NULL;
638 }
639
640
641int a2i_ipadd(unsigned char *ipout, const char *ipasc)
642 {
643 /* If string contains a ':' assume IPv6 */
644
645 if (strchr(ipasc, ':'))
646 {
647 if (!ipv6_from_asc(ipout, ipasc))
648 return 0;
649 return 16;
650 }
651 else
652 {
653 if (!ipv4_from_asc(ipout, ipasc))
654 return 0;
655 return 4;
656 }
657 }
658
659static int ipv4_from_asc(unsigned char *v4, const char *in)
660 {
661 int a0, a1, a2, a3;
662 if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
663 return 0;
664 if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
665 || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
666 return 0;
667 v4[0] = a0;
668 v4[1] = a1;
669 v4[2] = a2;
670 v4[3] = a3;
671 return 1;
672 }
673
674typedef struct {
675 /* Temporary store for IPV6 output */
676 unsigned char tmp[16];
677 /* Total number of bytes in tmp */
678 int total;
679 /* The position of a zero (corresponding to '::') */
680 int zero_pos;
681 /* Number of zeroes */
682 int zero_cnt;
683 } IPV6_STAT;
684
685
686static int ipv6_from_asc(unsigned char *v6, const char *in)
687 {
688 IPV6_STAT v6stat;
689 v6stat.total = 0;
690 v6stat.zero_pos = -1;
691 v6stat.zero_cnt = 0;
692 /* Treat the IPv6 representation as a list of values
693 * separated by ':'. The presence of a '::' will parse
694 * as one, two or three zero length elements.
695 */
696 if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
697 return 0;
698
699 /* Now for some sanity checks */
700
701 if (v6stat.zero_pos == -1)
702 {
703 /* If no '::' must have exactly 16 bytes */
704 if (v6stat.total != 16)
705 return 0;
706 }
707 else
708 {
709 /* If '::' must have less than 16 bytes */
710 if (v6stat.total == 16)
711 return 0;
712 /* More than three zeroes is an error */
713 if (v6stat.zero_cnt > 3)
714 return 0;
715 /* Can only have three zeroes if nothing else present */
716 else if (v6stat.zero_cnt == 3)
717 {
718 if (v6stat.total > 0)
719 return 0;
720 }
721 /* Can only have two zeroes if at start or end */
722 else if (v6stat.zero_cnt == 2)
723 {
724 if ((v6stat.zero_pos != 0)
725 && (v6stat.zero_pos != v6stat.total))
726 return 0;
727 }
728 else
729 /* Can only have one zero if *not* start or end */
730 {
731 if ((v6stat.zero_pos == 0)
732 || (v6stat.zero_pos == v6stat.total))
733 return 0;
734 }
735 }
736
737 /* Format result */
738
739 if (v6stat.zero_pos >= 0)
740 {
741 /* Copy initial part */
742 memcpy(v6, v6stat.tmp, v6stat.zero_pos);
743 /* Zero middle */
744 memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
745 /* Copy final part */
746 if (v6stat.total != v6stat.zero_pos)
747 memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
748 v6stat.tmp + v6stat.zero_pos,
749 v6stat.total - v6stat.zero_pos);
750 }
751 else
752 memcpy(v6, v6stat.tmp, 16);
753
754 return 1;
755 }
756
757static int ipv6_cb(const char *elem, int len, void *usr)
758 {
759 IPV6_STAT *s = usr;
760 /* Error if 16 bytes written */
761 if (s->total == 16)
762 return 0;
763 if (len == 0)
764 {
765 /* Zero length element, corresponds to '::' */
766 if (s->zero_pos == -1)
767 s->zero_pos = s->total;
768 /* If we've already got a :: its an error */
769 else if (s->zero_pos != s->total)
770 return 0;
771 s->zero_cnt++;
772 }
773 else
774 {
775 /* If more than 4 characters could be final a.b.c.d form */
776 if (len > 4)
777 {
778 /* Need at least 4 bytes left */
779 if (s->total > 12)
780 return 0;
781 /* Must be end of string */
782 if (elem[len])
783 return 0;
784 if (!ipv4_from_asc(s->tmp + s->total, elem))
785 return 0;
786 s->total += 4;
787 }
788 else
789 {
790 if (!ipv6_hex(s->tmp + s->total, elem, len))
791 return 0;
792 s->total += 2;
793 }
794 }
795 return 1;
796 }
797
798/* Convert a string of up to 4 hex digits into the corresponding
799 * IPv6 form.
800 */
801
802static int ipv6_hex(unsigned char *out, const char *in, int inlen)
803 {
804 unsigned char c;
805 unsigned int num = 0;
806 if (inlen > 4)
807 return 0;
808 while(inlen--)
809 {
810 c = *in++;
811 num <<= 4;
812 if ((c >= '0') && (c <= '9'))
813 num |= c - '0';
814 else if ((c >= 'A') && (c <= 'F'))
815 num |= c - 'A' + 10;
816 else if ((c >= 'a') && (c <= 'f'))
817 num |= c - 'a' + 10;
818 else
819 return 0;
820 }
821 out[0] = num >> 8;
822 out[1] = num & 0xff;
823 return 1;
824 }
825
826
827int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
828 unsigned long chtype)
829 {
830 CONF_VALUE *v;
831 int i, mval;
832 char *p, *type;
833 if (!nm)
834 return 0;
835
836 for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
837 {
838 v=sk_CONF_VALUE_value(dn_sk,i);
839 type=v->name;
840 /* Skip past any leading X. X: X, etc to allow for
841 * multiple instances
842 */
843 for(p = type; *p ; p++)
844#ifndef CHARSET_EBCDIC
845 if ((*p == ':') || (*p == ',') || (*p == '.'))
846#else
847 if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.']))
848#endif
849 {
850 p++;
851 if(*p) type = p;
852 break;
853 }
854#ifndef CHARSET_EBCDIC
855 if (*type == '+')
856#else
857 if (*type == os_toascii['+'])
858#endif
859 {
860 mval = -1;
861 type++;
862 }
863 else
864 mval = 0;
865 if (!X509_NAME_add_entry_by_txt(nm,type, chtype,
866 (unsigned char *) v->value,-1,-1,mval))
867 return 0;
868
869 }
870 return 1;
871 }
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
deleted file mode 100644
index d538ad8b80..0000000000
--- a/src/lib/libcrypto/x509v3/v3err.c
+++ /dev/null
@@ -1,219 +0,0 @@
1/* crypto/x509v3/v3err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/x509v3.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
70
71static ERR_STRING_DATA X509V3_str_functs[]=
72 {
73{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), "ASIDENTIFIERCHOICE_CANONIZE"},
74{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), "ASIDENTIFIERCHOICE_IS_CANONICAL"},
75{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
76{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
77{ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"},
78{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
79{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
80{ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"},
81{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"},
82{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
83{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
84{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
85{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
86{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"},
87{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
88{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
89{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
90{ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"},
91{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
92{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
93{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
94{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
95{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
96{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
97{ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"},
98{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
99{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
100{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
101{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
102{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
103{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
104{ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"},
105{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"},
106{ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), "V2I_AUTHORITY_INFO_ACCESS"},
107{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
108{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
109{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
110{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"},
111{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
112{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"},
113{ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"},
114{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"},
115{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"},
116{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"},
117{ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"},
118{ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"},
119{ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), "V3_ADDR_VALIDATE_PATH_INTERNAL"},
120{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
121{ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"},
122{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
123{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
124{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
125{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
126{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
127{ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"},
128{ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"},
129{ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"},
130{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
131{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
132{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
133{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
134{0,NULL}
135 };
136
137static ERR_STRING_DATA X509V3_str_reasons[]=
138 {
139{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"},
140{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"},
141{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"},
142{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
143{ERR_REASON(X509V3_R_DIRNAME_ERROR) ,"dirname error"},
144{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"},
145{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
146{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
147{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
148{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
149{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"},
150{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
151{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
152{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
153{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
154{ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"},
155{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"},
156{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
157{ERR_REASON(X509V3_R_INVALID_ASNUMBER) ,"invalid asnumber"},
158{ERR_REASON(X509V3_R_INVALID_ASRANGE) ,"invalid asrange"},
159{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
160{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
161{ERR_REASON(X509V3_R_INVALID_INHERITANCE),"invalid inheritance"},
162{ERR_REASON(X509V3_R_INVALID_IPADDRESS) ,"invalid ipaddress"},
163{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"},
164{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
165{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"},
166{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
167{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"},
168{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"},
169{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
170{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"},
171{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
172{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
173{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"},
174{ERR_REASON(X509V3_R_INVALID_SAFI) ,"invalid safi"},
175{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"},
176{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"},
177{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
178{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"},
179{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
180{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
181{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
182{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"},
183{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
184{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
185{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"},
186{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
187{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
188{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"},
189{ERR_REASON(X509V3_R_OTHERNAME_ERROR) ,"othername error"},
190{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
191{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
192{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
193{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
194{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
195{ERR_REASON(X509V3_R_SECTION_NOT_FOUND) ,"section not found"},
196{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
197{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
198{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
199{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"},
200{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
201{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"},
202{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
203{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"},
204{0,NULL}
205 };
206
207#endif
208
209void ERR_load_X509V3_strings(void)
210 {
211#ifndef OPENSSL_NO_ERR
212
213 if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL)
214 {
215 ERR_load_strings(0,X509V3_str_functs);
216 ERR_load_strings(0,X509V3_str_reasons);
217 }
218#endif
219 }
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
deleted file mode 100644
index 9ef83da755..0000000000
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ /dev/null
@@ -1,922 +0,0 @@
1/* x509v3.h */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58#ifndef HEADER_X509V3_H
59#define HEADER_X509V3_H
60
61#include <openssl/bio.h>
62#include <openssl/x509.h>
63#include <openssl/conf.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69/* Forward reference */
70struct v3_ext_method;
71struct v3_ext_ctx;
72
73/* Useful typedefs */
74
75typedef void * (*X509V3_EXT_NEW)(void);
76typedef void (*X509V3_EXT_FREE)(void *);
77typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
78typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
79typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
80typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
81typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
82typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
83typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
84typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
85
86/* V3 extension structure */
87
88struct v3_ext_method {
89int ext_nid;
90int ext_flags;
91/* If this is set the following four fields are ignored */
92ASN1_ITEM_EXP *it;
93/* Old style ASN1 calls */
94X509V3_EXT_NEW ext_new;
95X509V3_EXT_FREE ext_free;
96X509V3_EXT_D2I d2i;
97X509V3_EXT_I2D i2d;
98
99/* The following pair is used for string extensions */
100X509V3_EXT_I2S i2s;
101X509V3_EXT_S2I s2i;
102
103/* The following pair is used for multi-valued extensions */
104X509V3_EXT_I2V i2v;
105X509V3_EXT_V2I v2i;
106
107/* The following are used for raw extensions */
108X509V3_EXT_I2R i2r;
109X509V3_EXT_R2I r2i;
110
111void *usr_data; /* Any extension specific data */
112};
113
114typedef struct X509V3_CONF_METHOD_st {
115char * (*get_string)(void *db, char *section, char *value);
116STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
117void (*free_string)(void *db, char * string);
118void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
119} X509V3_CONF_METHOD;
120
121/* Context specific info */
122struct v3_ext_ctx {
123#define CTX_TEST 0x1
124int flags;
125X509 *issuer_cert;
126X509 *subject_cert;
127X509_REQ *subject_req;
128X509_CRL *crl;
129X509V3_CONF_METHOD *db_meth;
130void *db;
131/* Maybe more here */
132};
133
134typedef struct v3_ext_method X509V3_EXT_METHOD;
135
136DECLARE_STACK_OF(X509V3_EXT_METHOD)
137
138/* ext_flags values */
139#define X509V3_EXT_DYNAMIC 0x1
140#define X509V3_EXT_CTX_DEP 0x2
141#define X509V3_EXT_MULTILINE 0x4
142
143typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
144
145typedef struct BASIC_CONSTRAINTS_st {
146int ca;
147ASN1_INTEGER *pathlen;
148} BASIC_CONSTRAINTS;
149
150
151typedef struct PKEY_USAGE_PERIOD_st {
152ASN1_GENERALIZEDTIME *notBefore;
153ASN1_GENERALIZEDTIME *notAfter;
154} PKEY_USAGE_PERIOD;
155
156typedef struct otherName_st {
157ASN1_OBJECT *type_id;
158ASN1_TYPE *value;
159} OTHERNAME;
160
161typedef struct EDIPartyName_st {
162 ASN1_STRING *nameAssigner;
163 ASN1_STRING *partyName;
164} EDIPARTYNAME;
165
166typedef struct GENERAL_NAME_st {
167
168#define GEN_OTHERNAME 0
169#define GEN_EMAIL 1
170#define GEN_DNS 2
171#define GEN_X400 3
172#define GEN_DIRNAME 4
173#define GEN_EDIPARTY 5
174#define GEN_URI 6
175#define GEN_IPADD 7
176#define GEN_RID 8
177
178int type;
179union {
180 char *ptr;
181 OTHERNAME *otherName; /* otherName */
182 ASN1_IA5STRING *rfc822Name;
183 ASN1_IA5STRING *dNSName;
184 ASN1_TYPE *x400Address;
185 X509_NAME *directoryName;
186 EDIPARTYNAME *ediPartyName;
187 ASN1_IA5STRING *uniformResourceIdentifier;
188 ASN1_OCTET_STRING *iPAddress;
189 ASN1_OBJECT *registeredID;
190
191 /* Old names */
192 ASN1_OCTET_STRING *ip; /* iPAddress */
193 X509_NAME *dirn; /* dirn */
194 ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
195 ASN1_OBJECT *rid; /* registeredID */
196 ASN1_TYPE *other; /* x400Address */
197} d;
198} GENERAL_NAME;
199
200typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
201
202typedef struct ACCESS_DESCRIPTION_st {
203 ASN1_OBJECT *method;
204 GENERAL_NAME *location;
205} ACCESS_DESCRIPTION;
206
207typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
208
209typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
210
211DECLARE_STACK_OF(GENERAL_NAME)
212DECLARE_ASN1_SET_OF(GENERAL_NAME)
213
214DECLARE_STACK_OF(ACCESS_DESCRIPTION)
215DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
216
217typedef struct DIST_POINT_NAME_st {
218int type;
219union {
220 GENERAL_NAMES *fullname;
221 STACK_OF(X509_NAME_ENTRY) *relativename;
222} name;
223} DIST_POINT_NAME;
224
225typedef struct DIST_POINT_st {
226DIST_POINT_NAME *distpoint;
227ASN1_BIT_STRING *reasons;
228GENERAL_NAMES *CRLissuer;
229} DIST_POINT;
230
231typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
232
233DECLARE_STACK_OF(DIST_POINT)
234DECLARE_ASN1_SET_OF(DIST_POINT)
235
236typedef struct AUTHORITY_KEYID_st {
237ASN1_OCTET_STRING *keyid;
238GENERAL_NAMES *issuer;
239ASN1_INTEGER *serial;
240} AUTHORITY_KEYID;
241
242/* Strong extranet structures */
243
244typedef struct SXNET_ID_st {
245 ASN1_INTEGER *zone;
246 ASN1_OCTET_STRING *user;
247} SXNETID;
248
249DECLARE_STACK_OF(SXNETID)
250DECLARE_ASN1_SET_OF(SXNETID)
251
252typedef struct SXNET_st {
253 ASN1_INTEGER *version;
254 STACK_OF(SXNETID) *ids;
255} SXNET;
256
257typedef struct NOTICEREF_st {
258 ASN1_STRING *organization;
259 STACK_OF(ASN1_INTEGER) *noticenos;
260} NOTICEREF;
261
262typedef struct USERNOTICE_st {
263 NOTICEREF *noticeref;
264 ASN1_STRING *exptext;
265} USERNOTICE;
266
267typedef struct POLICYQUALINFO_st {
268 ASN1_OBJECT *pqualid;
269 union {
270 ASN1_IA5STRING *cpsuri;
271 USERNOTICE *usernotice;
272 ASN1_TYPE *other;
273 } d;
274} POLICYQUALINFO;
275
276DECLARE_STACK_OF(POLICYQUALINFO)
277DECLARE_ASN1_SET_OF(POLICYQUALINFO)
278
279typedef struct POLICYINFO_st {
280 ASN1_OBJECT *policyid;
281 STACK_OF(POLICYQUALINFO) *qualifiers;
282} POLICYINFO;
283
284typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
285
286DECLARE_STACK_OF(POLICYINFO)
287DECLARE_ASN1_SET_OF(POLICYINFO)
288
289typedef struct POLICY_MAPPING_st {
290 ASN1_OBJECT *issuerDomainPolicy;
291 ASN1_OBJECT *subjectDomainPolicy;
292} POLICY_MAPPING;
293
294DECLARE_STACK_OF(POLICY_MAPPING)
295
296typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
297
298typedef struct GENERAL_SUBTREE_st {
299 GENERAL_NAME *base;
300 ASN1_INTEGER *minimum;
301 ASN1_INTEGER *maximum;
302} GENERAL_SUBTREE;
303
304DECLARE_STACK_OF(GENERAL_SUBTREE)
305
306typedef struct NAME_CONSTRAINTS_st {
307 STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
308 STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
309} NAME_CONSTRAINTS;
310
311typedef struct POLICY_CONSTRAINTS_st {
312 ASN1_INTEGER *requireExplicitPolicy;
313 ASN1_INTEGER *inhibitPolicyMapping;
314} POLICY_CONSTRAINTS;
315
316/* Proxy certificate structures, see RFC 3820 */
317typedef struct PROXY_POLICY_st
318 {
319 ASN1_OBJECT *policyLanguage;
320 ASN1_OCTET_STRING *policy;
321 } PROXY_POLICY;
322
323typedef struct PROXY_CERT_INFO_EXTENSION_st
324 {
325 ASN1_INTEGER *pcPathLengthConstraint;
326 PROXY_POLICY *proxyPolicy;
327 } PROXY_CERT_INFO_EXTENSION;
328
329DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
330DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
331
332
333#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
334",name:", val->name, ",value:", val->value);
335
336#define X509V3_set_ctx_test(ctx) \
337 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
338#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
339
340#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
341 0,0,0,0, \
342 0,0, \
343 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
344 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
345 NULL, NULL, \
346 table}
347
348#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
349 0,0,0,0, \
350 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
351 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
352 0,0,0,0, \
353 NULL}
354
355#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
356
357
358/* X509_PURPOSE stuff */
359
360#define EXFLAG_BCONS 0x1
361#define EXFLAG_KUSAGE 0x2
362#define EXFLAG_XKUSAGE 0x4
363#define EXFLAG_NSCERT 0x8
364
365#define EXFLAG_CA 0x10
366/* Really self issued not necessarily self signed */
367#define EXFLAG_SI 0x20
368#define EXFLAG_SS 0x20
369#define EXFLAG_V1 0x40
370#define EXFLAG_INVALID 0x80
371#define EXFLAG_SET 0x100
372#define EXFLAG_CRITICAL 0x200
373#define EXFLAG_PROXY 0x400
374
375#define EXFLAG_INVALID_POLICY 0x800
376
377#define KU_DIGITAL_SIGNATURE 0x0080
378#define KU_NON_REPUDIATION 0x0040
379#define KU_KEY_ENCIPHERMENT 0x0020
380#define KU_DATA_ENCIPHERMENT 0x0010
381#define KU_KEY_AGREEMENT 0x0008
382#define KU_KEY_CERT_SIGN 0x0004
383#define KU_CRL_SIGN 0x0002
384#define KU_ENCIPHER_ONLY 0x0001
385#define KU_DECIPHER_ONLY 0x8000
386
387#define NS_SSL_CLIENT 0x80
388#define NS_SSL_SERVER 0x40
389#define NS_SMIME 0x20
390#define NS_OBJSIGN 0x10
391#define NS_SSL_CA 0x04
392#define NS_SMIME_CA 0x02
393#define NS_OBJSIGN_CA 0x01
394#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
395
396#define XKU_SSL_SERVER 0x1
397#define XKU_SSL_CLIENT 0x2
398#define XKU_SMIME 0x4
399#define XKU_CODE_SIGN 0x8
400#define XKU_SGC 0x10
401#define XKU_OCSP_SIGN 0x20
402#define XKU_TIMESTAMP 0x40
403#define XKU_DVCS 0x80
404
405#define X509_PURPOSE_DYNAMIC 0x1
406#define X509_PURPOSE_DYNAMIC_NAME 0x2
407
408typedef struct x509_purpose_st {
409 int purpose;
410 int trust; /* Default trust ID */
411 int flags;
412 int (*check_purpose)(const struct x509_purpose_st *,
413 const X509 *, int);
414 char *name;
415 char *sname;
416 void *usr_data;
417} X509_PURPOSE;
418
419#define X509_PURPOSE_SSL_CLIENT 1
420#define X509_PURPOSE_SSL_SERVER 2
421#define X509_PURPOSE_NS_SSL_SERVER 3
422#define X509_PURPOSE_SMIME_SIGN 4
423#define X509_PURPOSE_SMIME_ENCRYPT 5
424#define X509_PURPOSE_CRL_SIGN 6
425#define X509_PURPOSE_ANY 7
426#define X509_PURPOSE_OCSP_HELPER 8
427
428#define X509_PURPOSE_MIN 1
429#define X509_PURPOSE_MAX 8
430
431/* Flags for X509V3_EXT_print() */
432
433#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
434/* Return error for unknown extensions */
435#define X509V3_EXT_DEFAULT 0
436/* Print error for unknown extensions */
437#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
438/* ASN1 parse unknown extensions */
439#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
440/* BIO_dump unknown extensions */
441#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
442
443/* Flags for X509V3_add1_i2d */
444
445#define X509V3_ADD_OP_MASK 0xfL
446#define X509V3_ADD_DEFAULT 0L
447#define X509V3_ADD_APPEND 1L
448#define X509V3_ADD_REPLACE 2L
449#define X509V3_ADD_REPLACE_EXISTING 3L
450#define X509V3_ADD_KEEP_EXISTING 4L
451#define X509V3_ADD_DELETE 5L
452#define X509V3_ADD_SILENT 0x10
453
454DECLARE_STACK_OF(X509_PURPOSE)
455
456DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
457
458DECLARE_ASN1_FUNCTIONS(SXNET)
459DECLARE_ASN1_FUNCTIONS(SXNETID)
460
461int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
462int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);
463int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);
464
465ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
466ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
467ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
468
469DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
470
471DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
472
473DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
474
475
476ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
477 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
478STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
479 ASN1_BIT_STRING *bits,
480 STACK_OF(CONF_VALUE) *extlist);
481
482STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
483int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
484
485DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
486
487STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
488 GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
489GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
490 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
491
492DECLARE_ASN1_FUNCTIONS(OTHERNAME)
493DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
494
495char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
496ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
497
498DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
499int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
500
501DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
502DECLARE_ASN1_FUNCTIONS(POLICYINFO)
503DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
504DECLARE_ASN1_FUNCTIONS(USERNOTICE)
505DECLARE_ASN1_FUNCTIONS(NOTICEREF)
506
507DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
508DECLARE_ASN1_FUNCTIONS(DIST_POINT)
509DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
510
511DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
512DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
513
514DECLARE_ASN1_ITEM(POLICY_MAPPING)
515DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
516DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
517
518DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
519DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
520
521DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
522DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
523
524DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
525DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
526
527#ifdef HEADER_CONF_H
528GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
529 CONF_VALUE *cnf);
530GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
531 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
532void X509V3_conf_free(CONF_VALUE *val);
533
534X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
535X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
536int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
537int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
538int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
539int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
540
541X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
542X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
543int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
544int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
545int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
546
547int X509V3_add_value_bool_nf(char *name, int asn1_bool,
548 STACK_OF(CONF_VALUE) **extlist);
549int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
550int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
551void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
552void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
553#endif
554
555char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
556STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
557void X509V3_string_free(X509V3_CTX *ctx, char *str);
558void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
559void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
560 X509_REQ *req, X509_CRL *crl, int flags);
561
562int X509V3_add_value(const char *name, const char *value,
563 STACK_OF(CONF_VALUE) **extlist);
564int X509V3_add_value_uchar(const char *name, const unsigned char *value,
565 STACK_OF(CONF_VALUE) **extlist);
566int X509V3_add_value_bool(const char *name, int asn1_bool,
567 STACK_OF(CONF_VALUE) **extlist);
568int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
569 STACK_OF(CONF_VALUE) **extlist);
570char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
571ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
572char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
573char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
574int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
575int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
576int X509V3_EXT_add_alias(int nid_to, int nid_from);
577void X509V3_EXT_cleanup(void);
578
579X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
580X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
581int X509V3_add_standard_extensions(void);
582STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
583void *X509V3_EXT_d2i(X509_EXTENSION *ext);
584void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
585
586
587X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
588int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
589
590char *hex_to_string(unsigned char *buffer, long len);
591unsigned char *string_to_hex(char *str, long *len);
592int name_cmp(const char *name, const char *cmp);
593
594void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
595 int ml);
596int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
597int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
598
599int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
600
601int X509_check_ca(X509 *x);
602int X509_check_purpose(X509 *x, int id, int ca);
603int X509_supported_extension(X509_EXTENSION *ex);
604int X509_PURPOSE_set(int *p, int purpose);
605int X509_check_issued(X509 *issuer, X509 *subject);
606int X509_PURPOSE_get_count(void);
607X509_PURPOSE * X509_PURPOSE_get0(int idx);
608int X509_PURPOSE_get_by_sname(char *sname);
609int X509_PURPOSE_get_by_id(int id);
610int X509_PURPOSE_add(int id, int trust, int flags,
611 int (*ck)(const X509_PURPOSE *, const X509 *, int),
612 char *name, char *sname, void *arg);
613char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
614char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
615int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
616void X509_PURPOSE_cleanup(void);
617int X509_PURPOSE_get_id(X509_PURPOSE *);
618
619STACK *X509_get1_email(X509 *x);
620STACK *X509_REQ_get1_email(X509_REQ *x);
621void X509_email_free(STACK *sk);
622STACK *X509_get1_ocsp(X509 *x);
623
624ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
625ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
626int a2i_ipadd(unsigned char *ipout, const char *ipasc);
627int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
628 unsigned long chtype);
629
630void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
631
632#ifndef OPENSSL_NO_RFC3779
633
634typedef struct ASRange_st {
635 ASN1_INTEGER *min, *max;
636} ASRange;
637
638#define ASIdOrRange_id 0
639#define ASIdOrRange_range 1
640
641typedef struct ASIdOrRange_st {
642 int type;
643 union {
644 ASN1_INTEGER *id;
645 ASRange *range;
646 } u;
647} ASIdOrRange;
648
649typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
650DECLARE_STACK_OF(ASIdOrRange)
651
652#define ASIdentifierChoice_inherit 0
653#define ASIdentifierChoice_asIdsOrRanges 1
654
655typedef struct ASIdentifierChoice_st {
656 int type;
657 union {
658 ASN1_NULL *inherit;
659 ASIdOrRanges *asIdsOrRanges;
660 } u;
661} ASIdentifierChoice;
662
663typedef struct ASIdentifiers_st {
664 ASIdentifierChoice *asnum, *rdi;
665} ASIdentifiers;
666
667DECLARE_ASN1_FUNCTIONS(ASRange)
668DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
669DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
670DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
671
672
673typedef struct IPAddressRange_st {
674 ASN1_BIT_STRING *min, *max;
675} IPAddressRange;
676
677#define IPAddressOrRange_addressPrefix 0
678#define IPAddressOrRange_addressRange 1
679
680typedef struct IPAddressOrRange_st {
681 int type;
682 union {
683 ASN1_BIT_STRING *addressPrefix;
684 IPAddressRange *addressRange;
685 } u;
686} IPAddressOrRange;
687
688typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
689DECLARE_STACK_OF(IPAddressOrRange)
690
691#define IPAddressChoice_inherit 0
692#define IPAddressChoice_addressesOrRanges 1
693
694typedef struct IPAddressChoice_st {
695 int type;
696 union {
697 ASN1_NULL *inherit;
698 IPAddressOrRanges *addressesOrRanges;
699 } u;
700} IPAddressChoice;
701
702typedef struct IPAddressFamily_st {
703 ASN1_OCTET_STRING *addressFamily;
704 IPAddressChoice *ipAddressChoice;
705} IPAddressFamily;
706
707typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
708DECLARE_STACK_OF(IPAddressFamily)
709
710DECLARE_ASN1_FUNCTIONS(IPAddressRange)
711DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
712DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
713DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
714
715/*
716 * API tag for elements of the ASIdentifer SEQUENCE.
717 */
718#define V3_ASID_ASNUM 0
719#define V3_ASID_RDI 1
720
721/*
722 * AFI values, assigned by IANA. It'd be nice to make the AFI
723 * handling code totally generic, but there are too many little things
724 * that would need to be defined for other address families for it to
725 * be worth the trouble.
726 */
727#define IANA_AFI_IPV4 1
728#define IANA_AFI_IPV6 2
729
730/*
731 * Utilities to construct and extract values from RFC3779 extensions,
732 * since some of the encodings (particularly for IP address prefixes
733 * and ranges) are a bit tedious to work with directly.
734 */
735int v3_asid_add_inherit(ASIdentifiers *asid, int which);
736int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
737 ASN1_INTEGER *min, ASN1_INTEGER *max);
738int v3_addr_add_inherit(IPAddrBlocks *addr,
739 const unsigned afi, const unsigned *safi);
740int v3_addr_add_prefix(IPAddrBlocks *addr,
741 const unsigned afi, const unsigned *safi,
742 unsigned char *a, const int prefixlen);
743int v3_addr_add_range(IPAddrBlocks *addr,
744 const unsigned afi, const unsigned *safi,
745 unsigned char *min, unsigned char *max);
746unsigned v3_addr_get_afi(const IPAddressFamily *f);
747int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
748 unsigned char *min, unsigned char *max,
749 const int length);
750
751/*
752 * Canonical forms.
753 */
754int v3_asid_is_canonical(ASIdentifiers *asid);
755int v3_addr_is_canonical(IPAddrBlocks *addr);
756int v3_asid_canonize(ASIdentifiers *asid);
757int v3_addr_canonize(IPAddrBlocks *addr);
758
759/*
760 * Tests for inheritance and containment.
761 */
762int v3_asid_inherits(ASIdentifiers *asid);
763int v3_addr_inherits(IPAddrBlocks *addr);
764int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
765int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
766
767/*
768 * Check whether RFC 3779 extensions nest properly in chains.
769 */
770int v3_asid_validate_path(X509_STORE_CTX *);
771int v3_addr_validate_path(X509_STORE_CTX *);
772int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
773 ASIdentifiers *ext,
774 int allow_inheritance);
775int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
776 IPAddrBlocks *ext,
777 int allow_inheritance);
778
779#endif /* OPENSSL_NO_RFC3779 */
780
781/* BEGIN ERROR CODES */
782/* The following lines are auto generated by the script mkerr.pl. Any changes
783 * made after this point may be overwritten when the script is next run.
784 */
785void ERR_load_X509V3_strings(void);
786
787/* Error codes for the X509V3 functions. */
788
789/* Function codes. */
790#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156
791#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157
792#define X509V3_F_COPY_EMAIL 122
793#define X509V3_F_COPY_ISSUER 123
794#define X509V3_F_DO_DIRNAME 144
795#define X509V3_F_DO_EXT_CONF 124
796#define X509V3_F_DO_EXT_I2D 135
797#define X509V3_F_DO_EXT_NCONF 151
798#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
799#define X509V3_F_HEX_TO_STRING 111
800#define X509V3_F_I2S_ASN1_ENUMERATED 121
801#define X509V3_F_I2S_ASN1_IA5STRING 149
802#define X509V3_F_I2S_ASN1_INTEGER 120
803#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
804#define X509V3_F_NOTICE_SECTION 132
805#define X509V3_F_NREF_NOS 133
806#define X509V3_F_POLICY_SECTION 131
807#define X509V3_F_PROCESS_PCI_VALUE 150
808#define X509V3_F_R2I_CERTPOL 130
809#define X509V3_F_R2I_PCI 155
810#define X509V3_F_S2I_ASN1_IA5STRING 100
811#define X509V3_F_S2I_ASN1_INTEGER 108
812#define X509V3_F_S2I_ASN1_OCTET_STRING 112
813#define X509V3_F_S2I_ASN1_SKEY_ID 114
814#define X509V3_F_S2I_SKEY_ID 115
815#define X509V3_F_STRING_TO_HEX 113
816#define X509V3_F_SXNET_ADD_ID_ASC 125
817#define X509V3_F_SXNET_ADD_ID_INTEGER 126
818#define X509V3_F_SXNET_ADD_ID_ULONG 127
819#define X509V3_F_SXNET_GET_ID_ASC 128
820#define X509V3_F_SXNET_GET_ID_ULONG 129
821#define X509V3_F_V2I_ASIDENTIFIERS 158
822#define X509V3_F_V2I_ASN1_BIT_STRING 101
823#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139
824#define X509V3_F_V2I_AUTHORITY_KEYID 119
825#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
826#define X509V3_F_V2I_CRLD 134
827#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103
828#define X509V3_F_V2I_GENERAL_NAMES 118
829#define X509V3_F_V2I_GENERAL_NAME_EX 117
830#define X509V3_F_V2I_IPADDRBLOCKS 159
831#define X509V3_F_V2I_ISSUER_ALT 153
832#define X509V3_F_V2I_NAME_CONSTRAINTS 147
833#define X509V3_F_V2I_POLICY_CONSTRAINTS 146
834#define X509V3_F_V2I_POLICY_MAPPINGS 145
835#define X509V3_F_V2I_SUBJECT_ALT 154
836#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160
837#define X509V3_F_V3_GENERIC_EXTENSION 116
838#define X509V3_F_X509V3_ADD1_I2D 140
839#define X509V3_F_X509V3_ADD_VALUE 105
840#define X509V3_F_X509V3_EXT_ADD 104
841#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
842#define X509V3_F_X509V3_EXT_CONF 107
843#define X509V3_F_X509V3_EXT_I2D 136
844#define X509V3_F_X509V3_EXT_NCONF 152
845#define X509V3_F_X509V3_GET_SECTION 142
846#define X509V3_F_X509V3_GET_STRING 143
847#define X509V3_F_X509V3_GET_VALUE_BOOL 110
848#define X509V3_F_X509V3_PARSE_LIST 109
849#define X509V3_F_X509_PURPOSE_ADD 137
850#define X509V3_F_X509_PURPOSE_SET 141
851
852/* Reason codes. */
853#define X509V3_R_BAD_IP_ADDRESS 118
854#define X509V3_R_BAD_OBJECT 119
855#define X509V3_R_BN_DEC2BN_ERROR 100
856#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
857#define X509V3_R_DIRNAME_ERROR 149
858#define X509V3_R_DUPLICATE_ZONE_ID 133
859#define X509V3_R_ERROR_CONVERTING_ZONE 131
860#define X509V3_R_ERROR_CREATING_EXTENSION 144
861#define X509V3_R_ERROR_IN_EXTENSION 128
862#define X509V3_R_EXPECTED_A_SECTION_NAME 137
863#define X509V3_R_EXTENSION_EXISTS 145
864#define X509V3_R_EXTENSION_NAME_ERROR 115
865#define X509V3_R_EXTENSION_NOT_FOUND 102
866#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
867#define X509V3_R_EXTENSION_VALUE_ERROR 116
868#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151
869#define X509V3_R_ILLEGAL_HEX_DIGIT 113
870#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152
871#define X509V3_R_INVALID_ASNUMBER 160
872#define X509V3_R_INVALID_ASRANGE 161
873#define X509V3_R_INVALID_BOOLEAN_STRING 104
874#define X509V3_R_INVALID_EXTENSION_STRING 105
875#define X509V3_R_INVALID_INHERITANCE 162
876#define X509V3_R_INVALID_IPADDRESS 163
877#define X509V3_R_INVALID_NAME 106
878#define X509V3_R_INVALID_NULL_ARGUMENT 107
879#define X509V3_R_INVALID_NULL_NAME 108
880#define X509V3_R_INVALID_NULL_VALUE 109
881#define X509V3_R_INVALID_NUMBER 140
882#define X509V3_R_INVALID_NUMBERS 141
883#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
884#define X509V3_R_INVALID_OPTION 138
885#define X509V3_R_INVALID_POLICY_IDENTIFIER 134
886#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153
887#define X509V3_R_INVALID_PURPOSE 146
888#define X509V3_R_INVALID_SAFI 164
889#define X509V3_R_INVALID_SECTION 135
890#define X509V3_R_INVALID_SYNTAX 143
891#define X509V3_R_ISSUER_DECODE_ERROR 126
892#define X509V3_R_MISSING_VALUE 124
893#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142
894#define X509V3_R_NO_CONFIG_DATABASE 136
895#define X509V3_R_NO_ISSUER_CERTIFICATE 121
896#define X509V3_R_NO_ISSUER_DETAILS 127
897#define X509V3_R_NO_POLICY_IDENTIFIER 139
898#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154
899#define X509V3_R_NO_PUBLIC_KEY 114
900#define X509V3_R_NO_SUBJECT_DETAILS 125
901#define X509V3_R_ODD_NUMBER_OF_DIGITS 112
902#define X509V3_R_OPERATION_NOT_DEFINED 148
903#define X509V3_R_OTHERNAME_ERROR 147
904#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155
905#define X509V3_R_POLICY_PATH_LENGTH 156
906#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157
907#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158
908#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
909#define X509V3_R_SECTION_NOT_FOUND 150
910#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
911#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123
912#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
913#define X509V3_R_UNKNOWN_EXTENSION 129
914#define X509V3_R_UNKNOWN_EXTENSION_NAME 130
915#define X509V3_R_UNKNOWN_OPTION 120
916#define X509V3_R_UNSUPPORTED_OPTION 117
917#define X509V3_R_USER_TOO_LONG 132
918
919#ifdef __cplusplus
920}
921#endif
922#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-03 23:08:17 +0000