3 files changed, 416 insertions, 0 deletions
diff --git a/src/lib/libcrypto/x509v3/format b/src/lib/libcrypto/x509v3/format
new file mode 100644
index 0000000000..3307978121
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/format
@@ -0,0 +1,92 @@
+AuthorityKeyIdentifier
+        {
+        keyIdentifier           [0] OCTET_STRING        OPTIONAL
+        authorityCertIssuer     [1] GeneralNames        OPTIONAL
+        authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
+        }
+SubjectKeyIdentifier    OCTET_STRING
+KeyUsage
+        {
+        BIT_STRING
+                digitalSignature        0
+                nonRepudiation          1
+                keyEncipherment         2
+                dataEncipherment        3
+                keyAgreement            4
+                keyCertSign             5
+                cRLSign                 6
+                encipherOnly            7
+                decipherOnly            8
+        }
+extKeyUsage
+        {
+        SEQUENCE of OBJECT_IDENTIFIER
+        }
+privateKeyUsagePeriod
+        {
+        notBefore       [0]     GeneralizedTime OPTIONAL
+        notAfter        [1]     GeneralizedTime OPTIONAL
+        }
+certificatePoliciesSyntax
+        SEQUENCE of PoliciesInformation
+PoliciesInformation     XXX
+policyMappings          XXX
+supportedAlgorithms     XXX
+subjectAltName
+        GeneralNames sequence of GeneralName
+GeneralName
+        {
+        otherName       [0] INSTANCE OF OTHER-NAME
+        rfc882Name      [1] IA5String
+        dNSName         [2] IA5String
+        x400Address     [3] ORAddress
+        directoryName   [4] Name
+        ediPartyName    [5] 
+                                {
+                                nameAssigner    [0] DirectoryString OPTIONAL
+                                partyName       [1] DirectoryString
+                                }
+        uniformResourceIdentifier [6] IA5String
+        iPAddress       [7] OCTET_STRING
+        registeredID    [8] OBJECT_IDENTIFIER
+        }
+issuerAltName
+        GeneralNames sequence of GeneralName
+subjectDirectoryAttribute SEQUENCE of Attribute
+basicConstraints
+        {
+        cA                      BOOLEAN default FALSE
+        pathLenConstraint       INTEGER OPTIONAL
+        }
+nameConstraints
+        {
+        permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
+        excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
+        }
+GeneralSubtree
+        {
+        base    GeneralName
+        minimum [0] BaseDistance DEFAULT 0
+        maximum [1] BaseDistance OPTIONAL
+        }
+PolicyConstraints
+        {
+        requiredExplicitPolicy  [0] SkipCerts OPTIONAL
+        inhibitPolicyMapping    [1] SkipCerts OPTIONAL
+        }
+SkipCerts == INTEGER
diff --git a/src/lib/libcrypto/x509v3/header b/src/lib/libcrypto/x509v3/header
new file mode 100644
index 0000000000..3d791ca3dd
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/header
@@ -0,0 +1,6 @@
+int             a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size)
+int             i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+int             i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp)
+ASN1_INTEGER *  d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,long length)
diff --git a/src/lib/libcrypto/x509v3/v3_ku.c b/src/lib/libcrypto/x509v3/v3_ku.c
new file mode 100644
index 0000000000..87c7402f43
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_ku.c
@@ -0,0 +1,318 @@
+/* crypto/x509v3/v3_ku.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <ctype.h>
+#include "stack.h"
+#include "cryptlib.h"
+#include "bio.h"
+#include "asn1.h"
+#include "objects.h"
+#include "x509.h"
+X509_EXTENSION_METHOD X509v3_key_usage_method=
+        {
+        NID_key_usage,
+        ku_clear,
+        ex_get_bool,
+        ex_set_bool,
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        ku_a2i,
+        ku_i2a,
+        };
+static void ku_clear(a)
+X509_EXTENSION *a;
+        {
+        }
+static int ku_expand(a)
+X509_EXTENSION *a;
+        {
+        ASN1_BIT_STRING *bs;
+        if (a->argp == NULL)
+                {
+                bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value);
+                if (bs == NULL) return(0);
+                a->argp=(char *)bs;
+                a->ex_free=ASN1_STRING_free;
+                }
+        return(1);
+        }
+static int ku_get_bool(a,num)
+X509_EXTENSION *a;
+int num;
+        {
+        int ret;
+        ASN1_BIT_STRING *bs;
+        if ((a->argp == NULL) && !ku_expand(a))
+                return(-1);
+        bs=(ASN1_BIT_STRING *)a->argp;
+        ret=ASN1_BIT_STRING_get_bit(bs,num);
+        return(ret);
+        }
+static int ku_set_bool(a,num,value)
+X509_EXTENSION *a;
+int num;
+int value;
+        {
+        ASN1_BIT_STRING *a;
+        if ((a->argp == NULL) && !ku_expand(a))
+                return(0);
+        bs=(ASN1_BIT_STRING *)a->argp;
+        ret=ASN1_BIT_STRING_set_bit(bs,num,value);
+        }
+static int ku_a2i(bio,a,buf,len)
+BIO *bio;
+X509_EXTENSION *a;
+char *buf;
+int len;
+        {
+        get token
+        }
+static char ku_names[X509v3_N_KU_NUM]={
+        X509v3_S_KU_digitalSignature,
+        X509v3_S_KU_nonRepudiation,
+        X509v3_S_KU_keyEncipherment,
+        X509v3_S_KU_dataEncipherment,
+        X509v3_S_KU_keyAgreement,
+        X509v3_S_KU_keyCertSign,
+        X509v3_S_KU_cRLSign,
+        X509v3_S_KU_encipherOnly,
+        X509v3_S_KU_decipherOnly,
+        };
+static int ku_i2a(bio,a);
+BIO *bio;
+X509_EXTENSION *a;
+        {
+        int i,first=1;
+        char *c;
+        for (i=0; i<X509v3_N_KU_NUM; i++)
+                {
+                if (ku_get_bool(a,i) > 0)
+                        {
+                        BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]);
+                        first=0;
+                        }
+                }
+        }
+/***********************/
+int X509v3_get_key_usage(x,ret)
+STACK *x;
+unsigned long *ret;
+        {
+        X509_EXTENSION *ext;
+        ASN1_STRING *st;
+        char *p;
+        int i;
+        i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+        if (i < 0) return(X509v3_KU_UNDEF);
+        ext=X509_get_ext(x,i);
+        st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
+                X509_EXTENSION_get_data(X509_get_ext(x,i)));
+        p=ASN1_STRING_data(st);
+        if (ASN1_STRING_length(st) == 1)
+                i=p[0];
+        else if (ASN1_STRING_length(st) == 2)
+                i=p[0]|(p[1]<<8);
+        else
+                i=0;
+        return(i);
+        }
+static struct
+        {
+        char *name;
+        unsigned int value;
+        } key_usage_data[] ={
+        {"digitalSignature",    X509v3_KU_DIGITAL_SIGNATURE},
+        {"nonRepudiation",      X509v3_KU_NON_REPUDIATION},
+        {"keyEncipherment",     X509v3_KU_KEY_ENCIPHERMENT},
+        {"dataEncipherment",    X509v3_KU_DATA_ENCIPHERMENT},
+        {"keyAgreement",        X509v3_KU_KEY_AGREEMENT},
+        {"keyCertSign",         X509v3_KU_KEY_CERT_SIGN},
+        {"cRLSign",             X509v3_KU_CRL_SIGN},
+        {"encipherOnly",        X509v3_KU_ENCIPHER_ONLY},
+        {"decipherOnly",        X509v3_KU_DECIPHER_ONLY},
+        {NULL,0},
+        };
+#if 0
+static int a2i_key_usage(x,str,len)
+X509 *x;
+char *str;
+int len;
+        {
+        return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
+        }
+static int i2a_key_usage(bp,x)
+BIO *bp;
+X509 *x;
+        {
+        return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
+        }
+#endif
+int i2a_X509v3_key_usage(bp,use)
+BIO *bp;
+unsigned int use;
+        {
+        int i=0,first=1;
+        for (;;)
+                {
+                if (use | key_usage_data[i].value)
+                        {
+                        BIO_printf(bp,"%s%s",((first)?"":" "),
+                                key_usage_data[i].name);
+                        first=0;
+                        }
+                }
+        return(1);
+        }
+unsigned int a2i_X509v3_key_usage(p)
+char *p;
+        {
+        unsigned int ret=0;
+        char *q,*s;
+        int i,n;
+        q=p;
+        for (;;)
+                {
+                while ((*q != '\0') && isalnum(*q))
+                        q++;
+                if (*q == '\0') break;
+                s=q++;
+                while (isalnum(*q))
+                        q++;
+                n=q-s;
+                i=0;
+                for (;;)
+                        {
+                        if (strncmp(key_usage_data[i].name,s,n) == 0)
+                                {
+                                ret|=key_usage_data[i].value;
+                                break;
+                                }
+                        i++;
+                        if (key_usage_data[i].name == NULL)
+                                return(X509v3_KU_UNDEF);
+                        }
+                }
+        return(ret);
+        }
+int X509v3_set_key_usage(x,use)
+X509 *x;
+unsigned int use;
+        {
+        ASN1_OCTET_STRING *os;
+        X509_EXTENSION *ext;
+        int i;
+        unsigned char data[4];
+        i=X509_get_ext_by_NID(x,NID_key_usage,-1);
+        if (i < 0)
+                {
+                i=X509_get_ext_count(x)+1;
+                if ((ext=X509_EXTENSION_new()) == NULL) return(0);
+                if (!X509_add_ext(x,ext,i))
+                        {
+                        X509_EXTENSION_free(ext);
+                        return(0);
+                        }
+                }
+        else
+                ext=X509_get_ext(x,i);
+        /* fill in 'ext' */
+        os=X509_EXTENSION_get_data(ext);
+        i=0;
+        if (use > 0)
+                {
+                i=1;
+                data[0]=use&0xff;
+                }
+        if (use > 0xff)
+                {
+                i=2;
+                data[1]=(use>>8)&0xff;
+                }
+        return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
+        }

diff --git a/src/lib/libcrypto/x509v3/format b/src/lib/libcrypto/x509v3/format new file mode 100644 index 0000000000..3307978121 --- /dev/null +++ b/src/lib/libcrypto/x509v3/format
@@ -0,0 +1,92 @@
	1	AuthorityKeyIdentifier
	2	{
	3	keyIdentifier [0] OCTET_STRING OPTIONAL
	4	authorityCertIssuer [1] GeneralNames OPTIONAL
	5	authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
	6	}
	7
	8	SubjectKeyIdentifier OCTET_STRING
	9
	10	KeyUsage
	11	{
	12	BIT_STRING
	13	digitalSignature 0
	14	nonRepudiation 1
	15	keyEncipherment 2
	16	dataEncipherment 3
	17	keyAgreement 4
	18	keyCertSign 5
	19	cRLSign 6
	20	encipherOnly 7
	21	decipherOnly 8
	22	}
	23
	24	extKeyUsage
	25	{
	26	SEQUENCE of OBJECT_IDENTIFIER
	27	}
	28
	29	privateKeyUsagePeriod
	30	{
	31	notBefore [0] GeneralizedTime OPTIONAL
	32	notAfter [1] GeneralizedTime OPTIONAL
	33	}
	34
	35	certificatePoliciesSyntax
	36	SEQUENCE of PoliciesInformation
	37
	38	PoliciesInformation XXX
	39	policyMappings XXX
	40	supportedAlgorithms XXX
	41
	42	subjectAltName
	43	GeneralNames sequence of GeneralName
	44
	45	GeneralName
	46	{
	47	otherName [0] INSTANCE OF OTHER-NAME
	48	rfc882Name [1] IA5String
	49	dNSName [2] IA5String
	50	x400Address [3] ORAddress
	51	directoryName [4] Name
	52	ediPartyName [5]
	53	{
	54	nameAssigner [0] DirectoryString OPTIONAL
	55	partyName [1] DirectoryString
	56	}
	57	uniformResourceIdentifier [6] IA5String
	58	iPAddress [7] OCTET_STRING
	59	registeredID [8] OBJECT_IDENTIFIER
	60	}
	61
	62	issuerAltName
	63	GeneralNames sequence of GeneralName
	64
	65	subjectDirectoryAttribute SEQUENCE of Attribute
	66
	67	basicConstraints
	68	{
	69	cA BOOLEAN default FALSE
	70	pathLenConstraint INTEGER OPTIONAL
	71	}
	72
	73	nameConstraints
	74	{
	75	permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
	76	excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
	77	}
	78
	79	GeneralSubtree
	80	{
	81	base GeneralName
	82	minimum [0] BaseDistance DEFAULT 0
	83	maximum [1] BaseDistance OPTIONAL
	84	}
	85
	86	PolicyConstraints
	87	{
	88	requiredExplicitPolicy [0] SkipCerts OPTIONAL
	89	inhibitPolicyMapping [1] SkipCerts OPTIONAL
	90	}
	91	SkipCerts == INTEGER
	92


diff --git a/src/lib/libcrypto/x509v3/header b/src/lib/libcrypto/x509v3/header new file mode 100644 index 0000000000..3d791ca3dd --- /dev/null +++ b/src/lib/libcrypto/x509v3/header
@@ -0,0 +1,6 @@
	1	int a2i_ASN1_INTEGER(BIO bp,ASN1_INTEGER bs,char *buf,int size)
	2	int i2a_ASN1_INTEGER(BIO bp, ASN1_INTEGER a)
	3	int i2d_ASN1_INTEGER(ASN1_INTEGER a,unsigned char *pp)
	4	ASN1_INTEGER * d2i_ASN1_INTEGER(ASN1_INTEGER a,unsigned char pp,long length)
	5
	6


diff --git a/src/lib/libcrypto/x509v3/v3_ku.c b/src/lib/libcrypto/x509v3/v3_ku.c new file mode 100644 index 0000000000..87c7402f43 --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_ku.c
@@ -0,0 +1,318 @@
	1	/* crypto/x509v3/v3_ku.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include <ctype.h>
	61	#include "stack.h"
	62	#include "cryptlib.h"
	63	#include "bio.h"
	64	#include "asn1.h"
	65	#include "objects.h"
	66	#include "x509.h"
	67
	68	X509_EXTENSION_METHOD X509v3_key_usage_method=
	69	{
	70	NID_key_usage,
	71	ku_clear,
	72	ex_get_bool,
	73	ex_set_bool,
	74	NULL,
	75	NULL,
	76	NULL,
	77	NULL,
	78	ku_a2i,
	79	ku_i2a,
	80	};
	81
	82	static void ku_clear(a)
	83	X509_EXTENSION *a;
	84	{
	85	}
	86
	87	static int ku_expand(a)
	88	X509_EXTENSION *a;
	89	{
	90	ASN1_BIT_STRING *bs;
	91
	92	if (a->argp == NULL)
	93	{
	94	bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value);
	95	if (bs == NULL) return(0);
	96	a->argp=(char *)bs;
	97	a->ex_free=ASN1_STRING_free;
	98	}
	99	return(1);
	100	}
	101
	102	static int ku_get_bool(a,num)
	103	X509_EXTENSION *a;
	104	int num;
	105	{
	106	int ret;
	107	ASN1_BIT_STRING *bs;
	108
	109	if ((a->argp == NULL) && !ku_expand(a))
	110	return(-1);
	111	bs=(ASN1_BIT_STRING *)a->argp;
	112	ret=ASN1_BIT_STRING_get_bit(bs,num);
	113	return(ret);
	114	}
	115
	116	static int ku_set_bool(a,num,value)
	117	X509_EXTENSION *a;
	118	int num;
	119	int value;
	120	{
	121	ASN1_BIT_STRING *a;
	122
	123	if ((a->argp == NULL) && !ku_expand(a))
	124	return(0);
	125	bs=(ASN1_BIT_STRING *)a->argp;
	126	ret=ASN1_BIT_STRING_set_bit(bs,num,value);
	127	}
	128
	129	static int ku_a2i(bio,a,buf,len)
	130	BIO *bio;
	131	X509_EXTENSION *a;
	132	char *buf;
	133	int len;
	134	{
	135	get token
	136	}
	137
	138	static char ku_names[X509v3_N_KU_NUM]={
	139	X509v3_S_KU_digitalSignature,
	140	X509v3_S_KU_nonRepudiation,
	141	X509v3_S_KU_keyEncipherment,
	142	X509v3_S_KU_dataEncipherment,
	143	X509v3_S_KU_keyAgreement,
	144	X509v3_S_KU_keyCertSign,
	145	X509v3_S_KU_cRLSign,
	146	X509v3_S_KU_encipherOnly,
	147	X509v3_S_KU_decipherOnly,
	148	};
	149
	150	static int ku_i2a(bio,a);
	151	BIO *bio;
	152	X509_EXTENSION *a;
	153	{
	154	int i,first=1;
	155	char *c;
	156
	157	for (i=0; i<X509v3_N_KU_NUM; i++)
	158	{
	159	if (ku_get_bool(a,i) > 0)
	160	{
	161	BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]);
	162	first=0;
	163	}
	164	}
	165	}
	166
	167	/***********************/
	168
	169	int X509v3_get_key_usage(x,ret)
	170	STACK *x;
	171	unsigned long *ret;
	172	{
	173	X509_EXTENSION *ext;
	174	ASN1_STRING *st;
	175	char *p;
	176	int i;
	177
	178	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
	179	if (i < 0) return(X509v3_KU_UNDEF);
	180	ext=X509_get_ext(x,i);
	181	st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
	182	X509_EXTENSION_get_data(X509_get_ext(x,i)));
	183
	184	p=ASN1_STRING_data(st);
	185	if (ASN1_STRING_length(st) == 1)
	186	i=p[0];
	187	else if (ASN1_STRING_length(st) == 2)
	188	i=p[0]\|(p[1]<<8);
	189	else
	190	i=0;
	191	return(i);
	192	}
	193
	194	static struct
	195	{
	196	char *name;
	197	unsigned int value;
	198	} key_usage_data[] ={
	199	{"digitalSignature", X509v3_KU_DIGITAL_SIGNATURE},
	200	{"nonRepudiation", X509v3_KU_NON_REPUDIATION},
	201	{"keyEncipherment", X509v3_KU_KEY_ENCIPHERMENT},
	202	{"dataEncipherment", X509v3_KU_DATA_ENCIPHERMENT},
	203	{"keyAgreement", X509v3_KU_KEY_AGREEMENT},
	204	{"keyCertSign", X509v3_KU_KEY_CERT_SIGN},
	205	{"cRLSign", X509v3_KU_CRL_SIGN},
	206	{"encipherOnly", X509v3_KU_ENCIPHER_ONLY},
	207	{"decipherOnly", X509v3_KU_DECIPHER_ONLY},
	208	{NULL,0},
	209	};
	210
	211	#if 0
	212	static int a2i_key_usage(x,str,len)
	213	X509 *x;
	214	char *str;
	215	int len;
	216	{
	217	return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
	218	}
	219
	220	static int i2a_key_usage(bp,x)
	221	BIO *bp;
	222	X509 *x;
	223	{
	224	return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
	225	}
	226	#endif
	227
	228	int i2a_X509v3_key_usage(bp,use)
	229	BIO *bp;
	230	unsigned int use;
	231	{
	232	int i=0,first=1;
	233
	234	for (;;)
	235	{
	236	if (use \| key_usage_data[i].value)
	237	{
	238	BIO_printf(bp,"%s%s",((first)?"":" "),
	239	key_usage_data[i].name);
	240	first=0;
	241	}
	242	}
	243	return(1);
	244	}
	245
	246	unsigned int a2i_X509v3_key_usage(p)
	247	char *p;
	248	{
	249	unsigned int ret=0;
	250	char q,s;
	251	int i,n;
	252
	253	q=p;
	254	for (;;)
	255	{
	256	while ((q != '\0') && isalnum(q))
	257	q++;
	258	if (*q == '\0') break;
	259	s=q++;
	260	while (isalnum(*q))
	261	q++;
	262	n=q-s;
	263	i=0;
	264	for (;;)
	265	{
	266	if (strncmp(key_usage_data[i].name,s,n) == 0)
	267	{
	268	ret\|=key_usage_data[i].value;
	269	break;
	270	}
	271	i++;
	272	if (key_usage_data[i].name == NULL)
	273	return(X509v3_KU_UNDEF);
	274	}
	275	}
	276	return(ret);
	277	}
	278
	279	int X509v3_set_key_usage(x,use)
	280	X509 *x;
	281	unsigned int use;
	282	{
	283	ASN1_OCTET_STRING *os;
	284	X509_EXTENSION *ext;
	285	int i;
	286	unsigned char data[4];
	287
	288	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
	289	if (i < 0)
	290	{
	291	i=X509_get_ext_count(x)+1;
	292	if ((ext=X509_EXTENSION_new()) == NULL) return(0);
	293	if (!X509_add_ext(x,ext,i))
	294	{
	295	X509_EXTENSION_free(ext);
	296	return(0);
	297	}
	298	}
	299	else
	300	ext=X509_get_ext(x,i);
	301
	302	/* fill in 'ext' */
	303	os=X509_EXTENSION_get_data(ext);
	304
	305	i=0;
	306	if (use > 0)
	307	{
	308	i=1;
	309	data[0]=use&0xff;
	310	}
	311	if (use > 0xff)
	312	{
	313	i=2;
	314	data[1]=(use>>8)&0xff;
	315	}
	316	return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
	317	}
	318